Add 14 new blogs

[adityaoberai]

What does this PR do?

(Provide a description of what this PR does.)

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work.)

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

(Write your answer here.)

Summary by CodeRabbit

• Documentation
  • Added 14 new comprehensive blog posts/guides covering authentication, custom domains, Functions, indexes, magic links, messaging, OAuth, permissions, Query API, Realtime, SDK comparisons, storage file manager, teams & roles, and webhooks.
  • Updated blog cover images and fixed a broken link in the webhooks guide.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a343b3b4-8adf-4900-acfd-bf06a597ea93

📥 Commits

Reviewing files that changed from the base of the PR and between 845cf81 and 78160ab.

⛔ Files ignored due to path filters (13)

• static/images/blog/appwrite-auth-methods/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-custom-domains/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-indexes/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-magic-link/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-messaging-push-email/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-oauth/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-permissions/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-query-api/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-realtime/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-server-sdk-vs-client-sdk/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-storage-file-manager/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-teams-roles/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-webhooks/cover.png is excluded by !**/*.png

📒 Files selected for processing (5)

• .optimize-cache.json
• src/routes/blog/post/appwrite-permissions/+page.markdoc
• src/routes/blog/post/appwrite-server-sdk-vs-client-sdk/+page.markdoc
• src/routes/blog/post/appwrite-storage-file-manager/+page.markdoc
• src/routes/blog/post/appwrite-teams-roles/+page.markdoc

✅ Files skipped from review due to trivial changes (4)

• src/routes/blog/post/appwrite-teams-roles/+page.markdoc
• src/routes/blog/post/appwrite-server-sdk-vs-client-sdk/+page.markdoc
• src/routes/blog/post/appwrite-permissions/+page.markdoc
• src/routes/blog/post/appwrite-storage-file-manager/+page.markdoc

---

Walkthrough

This pull request adds 14 new Markdoc blog post pages covering Appwrite features (authentication methods, custom domains, Functions, indexes, magic links, messaging, OAuth, permissions, Query API, Realtime, SDK differences, storage file manager, teams/roles, and webhooks), updates the image-hash cache file (.optimize-cache.json) with new cover image entries, and corrects a single documentation link target in an existing webhooks docs page.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'Add 14 new blogs' directly and clearly summarizes the main change: adding 14 new blog post pages to the repository, which aligns with the raw summary showing 14 new Markdoc blog pages added.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-new-seo-blogs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR adds 14 new blog posts covering Appwrite's core features (Auth, Storage, Databases, Functions, Realtime, Webhooks, Messaging, Permissions, Teams, and SDK usage) along with their cover images, and fixes a broken "Learn more about events" link in the webhooks docs page.\n\nThe content is well-written and accurate overall, but three blog posts contain a consistent SDK import bug — Databases is imported instead of TablesDB in code examples, leaving TablesDB undeclared and causing a ReferenceError for anyone who copies the snippet:\n\n- appwrite-permissions/+page.markdoc (line 85)\n- appwrite-server-sdk-vs-client-sdk/+page.markdoc (line 46)\n- appwrite-teams-roles/+page.markdoc (line 98)\n\nTwo additional minor issues were found:\n- An unused Databases import in the SSR section of appwrite-server-sdk-vs-client-sdk\n- The webhook signature verification example uses === instead of crypto.timingSafeEqual(), which is the recommended constant-time comparison for HMAC validation

Confidence Score: 3/5

Safe to merge after fixing three Databases → TablesDB import errors in code examples; all posts are marked unlisted: true so no reader impact until they are published.

Three independent code snippets use new TablesDB(client) without importing TablesDB (importing the old Databases class instead), which will produce a ReferenceError for every reader who copies the examples. This affects appwrite-permissions, appwrite-server-sdk-vs-client-sdk, and appwrite-teams-roles. The posts are currently marked unlisted: true, which limits immediate exposure, but the issues should be fixed before the posts are made public.

src/routes/blog/post/appwrite-permissions/+page.markdoc, src/routes/blog/post/appwrite-server-sdk-vs-client-sdk/+page.markdoc, src/routes/blog/post/appwrite-teams-roles/+page.markdoc

Important Files Changed

Filename	Overview
src/routes/blog/post/appwrite-permissions/+page.markdoc	New blog post on permissions; imports Databases on line 85 but uses undeclared TablesDB on line 87, causing a ReferenceError in any copy-pasted code.
src/routes/blog/post/appwrite-server-sdk-vs-client-sdk/+page.markdoc	New blog post on SDK usage; two import inconsistencies: line 46 imports Databases but uses TablesDB on line 53, and line 139 imports Databases that is never used in the snippet.
src/routes/blog/post/appwrite-teams-roles/+page.markdoc	New blog post on teams/roles; imports Databases on line 98 but uses undeclared TablesDB on line 100, causing a ReferenceError in any copy-pasted code.
src/routes/blog/post/appwrite-storage-file-manager/+page.markdoc	New blog post on Storage; the createBucket comment on line 49 labels MIME types as allowedFileExtensions, which is misleading.
src/routes/blog/post/appwrite-webhooks/+page.markdoc	New blog post on Webhooks; signature verification uses === string comparison instead of constant-time comparison.
src/routes/blog/post/appwrite-auth-methods/+page.markdoc	New blog post covering all 10 Appwrite auth methods; content and links look correct.
src/routes/blog/post/appwrite-custom-domains/+page.markdoc	New blog post on custom domains setup; content and code examples look correct.
src/routes/blog/post/appwrite-functions-guide/+page.markdoc	New blog post on Appwrite Functions; covers triggers, execution modes, deployment, and permissions with accurate examples.
src/routes/blog/post/appwrite-indexes/+page.markdoc	New blog post on database indexes; consistently uses TablesDB (imported correctly) with accurate content.
src/routes/blog/post/appwrite-magic-link/+page.markdoc	New blog post on Magic Link auth; two-step flow and code examples are accurate.
src/routes/blog/post/appwrite-messaging-push-email/+page.markdoc	New blog post on Appwrite Messaging for push and email; content and code examples look correct.
src/routes/blog/post/appwrite-oauth/+page.markdoc	New blog post on OAuth2 handling; the createOAuth2Token flow, identity API usage, and token refresh pattern are accurate.
src/routes/blog/post/appwrite-query-api/+page.markdoc	New blog post on Query API; correctly imports and uses TablesDB, with accurate query examples.
src/routes/blog/post/appwrite-realtime/+page.markdoc	New blog post on Realtime; WebSocket subscription examples and channel descriptions are accurate.
src/routes/docs/advanced/platform/webhooks/+page.markdoc	Fixes a broken link — 'Learn more about events' now correctly points to /docs/advanced/platform/events instead of /docs/advanced/platform/api-keys.

Comments Outside Diff (1)

1. src/routes/blog/post/appwrite-webhooks/+page.markdoc, line 1196 (link)

   Webhook signature comparison is not constant-time

   The === comparison of the two base64 strings is not constant-time and is theoretically susceptible to timing attacks. The security recommendation for any HMAC verification is to use crypto.timingSafeEqual(). Readers who follow this example for a production endpoint should use the safer version.

_{Reviews (1): Last reviewed commit: "fix dates + optimize images" | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/routes/blog/post/appwrite-messaging-push-email/`+page.markdoc:
- Around line 84-92: The example calls users.createTarget with providerType set
to sdk.MessagingProviderType.Email, but sdk is undefined; fix by importing or
referencing the messaging enum used by createTarget (e.g., bring in the
MessagingProviderType enum or the SDK namespace) and update the snippet so
providerType uses the imported symbol instead of
sdk.MessagingProviderType.Email; check the surrounding snippet for ID.unique()
and providerId usage and ensure the new import matches those symbols (e.g.,
import MessagingProviderType or import * as sdk) so users.createTarget compiles.

In `@src/routes/blog/post/appwrite-teams-roles/`+page.markdoc:
- Around line 98-102: The file imports Databases from 'appwrite' but then
instantiates an undefined TablesDB, causing a ReferenceError; update the imports
and/or instantiation so they match: either import TablesDB from its module (or
the correct class name) and keep const tablesDB = new TablesDB(client), or
replace new TablesDB(client) with new Databases(client) (and adjust subsequent
calls like tablesDB.createRow to use the correct API), ensuring the identifiers
Databases, TablesDB, client, and createRow are consistent.
- Line 100: The code incorrectly instantiates a non-existent TablesDB class;
replace uses of TablesDB with the correct Appwrite SDK class Databases (e.g.,
change the import/export and the instantiation from new TablesDB(client) to new
Databases(client)) so the variable tablesDB becomes a Databases instance,
keeping the same client argument and leaving other symbols (ID, Permission,
Role) unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 985d705d-150c-4e25-a02a-750a378373a5

📥 Commits

Reviewing files that changed from the base of the PR and between 94418f2 and 845cf81.

⛔ Files ignored due to path filters (14)

• static/images/blog/appwrite-auth-methods/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-custom-domains/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-functions-guide/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-indexes/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-magic-link/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-messaging-push-email/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-oauth/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-permissions/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-query-api/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-realtime/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-server-sdk-vs-client-sdk/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-storage-file-manager/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-teams-roles/cover.png is excluded by !**/*.png
• static/images/blog/appwrite-webhooks/cover.png is excluded by !**/*.png

📒 Files selected for processing (16)

• .optimize-cache.json
• src/routes/blog/post/appwrite-auth-methods/+page.markdoc
• src/routes/blog/post/appwrite-custom-domains/+page.markdoc
• src/routes/blog/post/appwrite-functions-guide/+page.markdoc
• src/routes/blog/post/appwrite-indexes/+page.markdoc
• src/routes/blog/post/appwrite-magic-link/+page.markdoc
• src/routes/blog/post/appwrite-messaging-push-email/+page.markdoc
• src/routes/blog/post/appwrite-oauth/+page.markdoc
• src/routes/blog/post/appwrite-permissions/+page.markdoc
• src/routes/blog/post/appwrite-query-api/+page.markdoc
• src/routes/blog/post/appwrite-realtime/+page.markdoc
• src/routes/blog/post/appwrite-server-sdk-vs-client-sdk/+page.markdoc
• src/routes/blog/post/appwrite-storage-file-manager/+page.markdoc
• src/routes/blog/post/appwrite-teams-roles/+page.markdoc
• src/routes/blog/post/appwrite-webhooks/+page.markdoc
• src/routes/docs/advanced/platform/webhooks/+page.markdoc

👮 Files not reviewed due to content moderation or server errors (8)

• src/routes/blog/post/appwrite-indexes/+page.markdoc
• src/routes/blog/post/appwrite-query-api/+page.markdoc
• .optimize-cache.json
• src/routes/blog/post/appwrite-storage-file-manager/+page.markdoc
• src/routes/blog/post/appwrite-functions-guide/+page.markdoc
• src/routes/blog/post/appwrite-permissions/+page.markdoc
• src/routes/blog/post/appwrite-server-sdk-vs-client-sdk/+page.markdoc
• src/routes/blog/post/appwrite-oauth/+page.markdoc

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Undefined reference to sdk in code example.

Line 88 uses sdk.MessagingProviderType.Email, but sdk is not imported or defined in the code snippet:

const target = await users.createTarget({
    userId,
    targetId: ID.unique(),
    providerType: sdk.MessagingProviderType.Email,  // ← sdk is undefined
    identifier: 'user@example.com',
    providerId
});

🔧 Proposed fix

Either import the enum directly:

+import { Users, ID, MessagingProviderType } from 'appwrite';
+
 const target = await users.createTarget({
     userId,
     targetId: ID.unique(),
-    providerType: sdk.MessagingProviderType.Email,
+    providerType: MessagingProviderType.Email,
     identifier: 'user@example.com',
     providerId
 });

Or import as namespace:

+import * as sdk from 'appwrite';
+
 const target = await users.createTarget({
     // ... sdk.MessagingProviderType.Email works here
 });

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/blog/post/appwrite-messaging-push-email/`+page.markdoc around
lines 84 - 92, The example calls users.createTarget with providerType set to
sdk.MessagingProviderType.Email, but sdk is undefined; fix by importing or
referencing the messaging enum used by createTarget (e.g., bring in the
MessagingProviderType enum or the SDK namespace) and update the snippet so
providerType uses the imported symbol instead of
sdk.MessagingProviderType.Email; check the surrounding snippet for ID.unique()
and providerId usage and ensure the new import matches those symbols (e.g.,
import MessagingProviderType or import * as sdk) so users.createTarget compiles.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the correct database class name in Appwrite SDK

# Search for Databases or TablesDB class exports
rg -n "export.*class (Databases|TablesDB)" --type=ts --type=js

# Search for usage patterns
rg -n "new (Databases|TablesDB)" --type=js --type=ts -C2

# Check SDK documentation
fd -e md -e markdoc . -x rg -l "new Databases" {}

Repository: appwrite/website

Length of output: 2238

---

🏁 Script executed:

#!/bin/bash
# Read the blog post file to see context around line 100
sed -n '90,115p' "src/routes/blog/post/appwrite-teams-roles/+page.markdoc"

Repository: appwrite/website

Length of output: 952

---

🏁 Script executed:

#!/bin/bash
# Check if the blog post imports anything and how it imports
head -30 "src/routes/blog/post/appwrite-teams-roles/+page.markdoc"

Repository: appwrite/website

Length of output: 1724

---

🏁 Script executed:

#!/bin/bash
# Find how other blog posts handle database initialization
rg -n "new Databases|import.*databases" "src/routes/blog/" -A2 -B2

Repository: appwrite/website

Length of output: 13433

---

Fix incorrect class name in database initialization.

Line 100 uses TablesDB, which doesn't exist in the Appwrite SDK:

import { TablesDB, ID, Permission, Role } from 'appwrite';
const tablesDB = new TablesDB(client);

Change TablesDB to Databases, which is the correct class exported by the SDK. All other blog posts in the repository consistently use this class name.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/blog/post/appwrite-teams-roles/`+page.markdoc at line 100, The
code incorrectly instantiates a non-existent TablesDB class; replace uses of
TablesDB with the correct Appwrite SDK class Databases (e.g., change the
import/export and the instantiation from new TablesDB(client) to new
Databases(client)) so the variable tablesDB becomes a Databases instance,
keeping the same client argument and leaving other symbols (ID, Permission,
Role) unchanged.

[atharvadeosthale]

Not sure about this, but do we cover rate limiting after a few failed attempts?