Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extracting function event validator to its own class. #6219

Merged
merged 2 commits into from
Sep 13, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions app/controllers/api/functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
use Appwrite\Event\Event;
use Appwrite\Event\Func;
use Appwrite\Event\Usage;
use Appwrite\Event\Validator\Event as ValidatorEvent;
use Appwrite\Event\Validator\FunctionEvent;
use Appwrite\Utopia\Response\Model\Rule;
use Appwrite\Extend\Exception;
use Appwrite\Utopia\Database\Validator\CustomId;
Expand Down Expand Up @@ -136,7 +136,7 @@
->param('name', '', new Text(128), 'Function name. Max length: 128 chars.')
->param('runtime', '', new WhiteList(array_keys(Config::getParam('runtimes')), true), 'Execution runtime.')
->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of role strings with execution permissions. By default no user is granted with any execute permissions. [learn more about roles](https://appwrite.io/docs/permissions#permission-roles). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 64 characters long.', true)
->param('events', [], new ArrayList(new ValidatorEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true)
->param('events', [], new ArrayList(new FunctionEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true)
->param('schedule', '', new Cron(), 'Schedule CRON syntax.', true)
->param('timeout', 15, new Range(1, (int) App::getEnv('_APP_FUNCTIONS_TIMEOUT', 900)), 'Function maximum execution time in seconds.', true)
->param('enabled', true, new Boolean(), 'Is function enabled? When set to \'disabled\', users cannot access the function but Server SDKs with and API key can still access the function. No data is lost when this is toggled.', true)
Expand Down Expand Up @@ -662,7 +662,7 @@
->param('name', '', new Text(128), 'Function name. Max length: 128 chars.')
->param('runtime', '', new WhiteList(array_keys(Config::getParam('runtimes')), true), 'Execution runtime.', true)
->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of role strings with execution permissions. By default no user is granted with any execute permissions. [learn more about roles](https://appwrite.io/docs/permissions#permission-roles). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 64 characters long.', true)
->param('events', [], new ArrayList(new ValidatorEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true)
->param('events', [], new ArrayList(new FunctionEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true)
->param('schedule', '', new Cron(), 'Schedule CRON syntax.', true)
->param('timeout', 15, new Range(1, (int) App::getEnv('_APP_FUNCTIONS_TIMEOUT', 900)), 'Maximum execution time in seconds.', true)
->param('enabled', true, new Boolean(), 'Is function enabled? When set to \'disabled\', users cannot access the function but Server SDKs with and API key can still access the function. No data is lost when this is toggled.', true)
Expand Down
6 changes: 0 additions & 6 deletions src/Appwrite/Event/Validator/Event.php
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,6 @@ public function isValid($value): bool
* Identify all sections of the pattern.
*/
$type = $parts[0] ?? false;

if ($type == 'functions') {
$this->message = 'Triggering a function on a function event is not allowed.';
return false;
}

$resource = $parts[1] ?? false;
$hasSubResource = $count > 3 && ($events[$type]['$resource'] ?? false) && ($events[$type][$parts[2]]['$resource'] ?? false);
$hasSubSubResource = $count > 5 && $hasSubResource && ($events[$type][$parts[2]][$parts[4]]['$resource'] ?? false);
Expand Down
25 changes: 25 additions & 0 deletions src/Appwrite/Event/Validator/FunctionEvent.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?php

namespace Appwrite\Event\Validator;

use Utopia\Config\Config;

class FunctionEvent extends Event
{
/**
* Is valid.
*
* @param mixed $value
*
* @return bool
*/
public function isValid($value): bool
{
if (str_starts_with($value, 'functions.')) {
$this->message = 'Triggering a function on a function event is not allowed.';
return false;
}

return parent::isValid($value);
}
}
1 change: 1 addition & 0 deletions src/Appwrite/GraphQL/Types/Mapper.php
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,7 @@ public static function param(
case 'Utopia\Validator\Domain':
case 'Appwrite\Network\Validator\Email':
case 'Appwrite\Event\Validator\Event':
case 'Appwrite\Event\Validator\FunctionEvent':
case 'Utopia\Validator\HexColor':
case 'Utopia\Validator\Host':
case 'Utopia\Validator\IP':
Expand Down
73 changes: 73 additions & 0 deletions tests/unit/Event/Validator/FunctionEventValidatorTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
<?php

namespace Tests\Unit\Event\Validator;

use Appwrite\Event\Validator\FunctionEvent;
use PHPUnit\Framework\TestCase;

class FunctionEventValidatorTest extends TestCase
{
protected ?FunctionEvent $object = null;

public function setUp(): void
{
$this->object = new FunctionEvent();
}

public function tearDown(): void
{
}

public function testValues(): void
{
/**
* Test for SUCCESS
*/
$this->assertTrue($this->object->isValid('users.*.create'));
$this->assertTrue($this->object->isValid('users.torsten.update'));
$this->assertTrue($this->object->isValid('users.torsten'));
$this->assertTrue($this->object->isValid('users.*.update.email'));
$this->assertTrue($this->object->isValid('users.*.update'));
$this->assertTrue($this->object->isValid('users.*'));
$this->assertTrue($this->object->isValid('databases.books.collections.chapters.documents.prolog.create'));
$this->assertTrue($this->object->isValid('databases.books.collections.chapters.documents.prolog'));
$this->assertTrue($this->object->isValid('databases.books.collections.chapters.documents.*.create'));
$this->assertTrue($this->object->isValid('databases.books.collections.chapters.documents.*'));
$this->assertTrue($this->object->isValid('databases.books.collections.*.documents.prolog.create'));
$this->assertTrue($this->object->isValid('databases.books.collections.*.documents.prolog'));
$this->assertTrue($this->object->isValid('databases.books.collections.*.documents.*.create'));
$this->assertTrue($this->object->isValid('databases.books.collections.*.documents.*'));
$this->assertTrue($this->object->isValid('databases.*.collections.chapters.documents.prolog.create'));
$this->assertTrue($this->object->isValid('databases.*.collections.chapters.documents.prolog'));
$this->assertTrue($this->object->isValid('databases.*.collections.chapters.documents.*.create'));
$this->assertTrue($this->object->isValid('databases.*.collections.chapters.documents.*'));
$this->assertTrue($this->object->isValid('databases.*.collections.*.documents.prolog.create'));
$this->assertTrue($this->object->isValid('databases.*.collections.*.documents.prolog'));
$this->assertTrue($this->object->isValid('databases.*.collections.*.documents.*.create'));
$this->assertTrue($this->object->isValid('databases.*.collections.*.documents.*'));
$this->assertTrue($this->object->isValid('databases.*.collections.*'));
$this->assertTrue($this->object->isValid('databases.*'));
$this->assertTrue($this->object->isValid('databases.books'));
$this->assertTrue($this->object->isValid('databases.books.collections.chapters'));
$this->assertTrue($this->object->isValid('databases.books.collections.*'));
$this->assertTrue($this->object->isValid('buckets.*'));
$this->assertTrue($this->object->isValid('teams.*'));
$this->assertTrue($this->object->isValid('users.*'));
$this->assertTrue($this->object->isValid('teams.*.memberships.*.update.status'));

/**
* Test for FAILURE
*/
$this->assertFalse($this->object->isValid(false));
$this->assertFalse($this->object->isValid(null));
$this->assertFalse($this->object->isValid(''));
$this->assertFalse($this->object->isValid('unknown.*'));
$this->assertFalse($this->object->isValid('collections'));
$this->assertFalse($this->object->isValid('collections.*.unknown'));
$this->assertFalse($this->object->isValid('collections.*.documents.*.unknown'));
$this->assertFalse($this->object->isValid('users.torsten.unknown'));
$this->assertFalse($this->object->isValid('users.torsten.delete.email'));
$this->assertFalse($this->object->isValid('teams.*.memberships.*.update.unknown'));
$this->assertFalse($this->object->isValid('functions.*'));
}
}