Skip to content

Commit

Permalink
Merge pull request #7934 from appwrite/fix-custom-domain
Browse files Browse the repository at this point in the history 
Prevent functions domain to be used as custom domain
  • Loading branch information
@eldadfux
eldadfux committed May 5, 2024
2 parents b402ac5 + 7426458 commit b2c57e2
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 2 deletions.
6 changes: 6 additions & 0 deletions app/controllers/api/proxy.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,12 @@
if ($domain === $mainDomain) {
throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your main domain to specific resource. Please use subdomain or a different domain.');
}

$functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS', '');
if (str_ends_with($domain, $functionsDomain)) {
throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'You cannot assign your functions domain or it\'s subdomain to specific resource. Please use different domain.');
}

if ($domain === 'localhost' || $domain === APP_HOSTNAME_INTERNAL) {
throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, 'This domain name is not allowed. Please pick another one.');
}
Expand Down
30 changes: 28 additions & 2 deletions tests/e2e/Services/Projects/ProjectsCustomServerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,43 @@

namespace Tests\E2E\Services\Projects;

use Tests\E2E\Client;
use Tests\E2E\Scopes\ProjectCustom;
use Tests\E2E\Scopes\Scope;
use Tests\E2E\Scopes\SideServer;
use Utopia\System\System;

class ProjectsCustomServerTest extends Scope
{
use ProjectCustom;
use SideServer;

public function testMock()
// Domains

public function testCreateProjectRule()
{
$this->assertEquals(true, true);
$headers = array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-mode' => 'admin',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]);

$response = $this->client->call(Client::METHOD_POST, '/proxy/rules', $headers, [
'resourceType' => 'api',
'domain' => 'api.appwrite.test',
]);

$this->assertEquals(201, $response['headers']['status-code']);

// prevent functions domain
$functionsDomain = System::getEnv('_APP_DOMAIN_FUNCTIONS', '');

$response = $this->client->call(Client::METHOD_POST, '/proxy/rules', $headers, [
'resourceType' => 'api',
'domain' => $functionsDomain,
]);

$this->assertEquals(400, $response['headers']['status-code']);
}
}

0 comments on commit b2c57e2

Please sign in to comment.