libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-08 11:12:01 +01:00
Code Issues Projects Releases Wiki Activity
7104 commits 208 branches 105 tags 125 MiB
Commit graph

401 commits

Author SHA1 Message Date
Richard Hansen
329d037431 Simplify read-only pad ID checks 2021-04-12 22:51:06 -04:00
pcworld
3c71e8983b Fix read only pad access with authentication 
Before this commit, webaccess.checkAccess saved the authorization in
user.padAuthorizations[padId] with padId being the read-only pad ID,
however later stages, e.g. in PadMessageHandler, use the real pad ID for
access checks. This led to authorization being denied.

This commit fixes it by only storing and comparing the real pad IDs and
not read-only pad IDs.

This fixes test case "authn user readonly pad -> 200, ok" in
src/tests/backend/specs/socketio.js.
 2021-04-12 22:51:06 -04:00
webzwo0i
e483b91916 Don't make browsers fail on sync-xhr until require-kernel is dropped 2021-04-05 04:34:29 -04:00
Richard Hansen
83f39289aa import/export: On export error return 500 instead of crashing 2021-03-18 09:02:28 +00:00
webzwo0i
4ca989a255
sessions: add more endpoints that do not need a session (#4921) 
* add more endpoints that do not need a session

* Update src/node/hooks/express/webaccess.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

* Update src/node/hooks/express/webaccess.js

Co-authored-by: Richard Hansen <rhansen@rhansen.org>

Co-authored-by: John McLear <john@mclear.co.uk>
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-03-05 07:48:33 +00:00
Richard Hansen
0aad3b74da pluginfw: Improve rendering of hook list 
There are two main benefits:
  * HTML is no longer printed in the startup debug logs.
  * `require()` is no longer called on client-side files. This
    eliminates "Failed to load <file> for <plugin>: ReferenceError:
    window is not defined" errors when users visit
    `/admin/plugins/info`.
 2021-03-03 11:19:37 +00:00
webzwo0i
377883db98
fix pads with spaces (#4884) 2021-02-27 22:34:43 -05:00
Richard Hansen
f86df5322e CachingMiddleware: Asyncify 2021-02-27 14:03:09 +01:00
John McLear
0f16e518ff
api: drop JSONP (#4835) 
* api: drop JSONP

* docs: drop JSONP

* tests: drop JSONP

* api: remove isValidJSONPName require
 2021-02-22 09:10:02 +00:00
John McLear
b1614f0592 lint: i18n.js 
Partial, still 3 more to do that are slightly higher hanging that can get done.
 2021-02-21 21:09:02 -05:00
John McLear
586af5e16e lint: padurlsanitize.js 2021-02-21 21:06:38 -05:00
John McLear
86c938cae2 lint: openapi.js 2021-02-21 21:06:38 -05:00
John McLear
bb14775820 drop apiRoot object from build 2021-02-21 11:08:07 +00:00
Richard Hansen
a45e85a730 Use settings.root to anchor pathnames 2021-02-18 19:18:59 +00:00
Richard Hansen
f868788417 Remove unnecessary path.normalize() calls 
`path.join()` already normalizes.
 2021-02-18 19:18:59 +00:00
Richard Hansen
00d45e3229 Defer rate limiter creation to a hook call 
This makes it possible to change the rate limiter settings via
`/admin/settings` or by modifying the appropriate settings object and
reinvoking the hook.
 2021-02-16 21:13:35 -05:00
John McLear
b7e88cb904 security: New setting for Socket.IO maxHttpBufferSize 2021-02-15 12:45:31 -05:00
Richard Hansen
ed93ef5636 /admin/settings: Reload plugins, call loadSettings hook on restart 
This should match the normal startup procedure a bit more closely.
 2021-02-15 08:43:14 +00:00
John McLear
615e47114b Revert "socketio: increase socketio limit to 1MiB" 
This reverts commit 55c96e5577.
 2021-02-14 16:53:48 +00:00
Richard Hansen
48205c1ddb import/export: Make sure Express sees async errors 
Express v4.x does not check to see if a Promise returned from a
middleware function will be rejected, so explicitly pass the Promise
rejection reason to `next()`.

We can revert this change after we upgrade to Express v5.0.

See https://expressjs.com/en/guide/error-handling.html for details.
 2021-02-14 08:35:38 +00:00
Richard Hansen
e674d9789e
express: Change httpUptime to httpStartTime (#4777) 
It's better to provide a primitive value and let the consumer of the
metric do math if desired.

Co-authored-by: John McLear <john@mclear.co.uk>
 2021-02-14 07:50:10 +00:00
Richard Hansen
ac52fb8a9d express: New httpUptime metric 2021-02-13 10:02:28 +00:00
John McLear
483f4344c2
performance: maxAge for favicon and plugin definitions (#4761) 2021-02-13 08:13:48 +00:00
Richard Hansen
d56a02c85a express: Forcibly terminate HTTP connections when restarting 
This should make restarts via `/admin` actions (e.g., plugin
installation) more reliable.
 2021-02-13 07:37:22 +00:00
John McLear
4c4c7b526d
performance: i18n maxage (#4759) 2021-02-13 02:35:25 -05:00
Richard Hansen
01c83917d1 socket.io: Manually track client connections/disconnections 
This change is required for socket.io 3.x because in 3.x
`io.sockets.clients()` no longer returns all client Socket objects.
 2021-02-13 07:13:37 +00:00
John McLear
55c96e5577 socketio: increase socketio limit to 1MiB 2021-02-12 17:56:50 -05:00
Richard Hansen
d9607f7c66 static: Asyncify 2021-02-12 07:08:51 +00:00
Richard Hansen
7f4a7156e2 Minify: Move getTar() to static.js 
`static.js` is the only file that uses it.
 2021-02-12 07:08:51 +00:00
Richard Hansen
996dc81825 Minify: Move tar processing into a function 
This reduces the overhead of `require()`ing the module, and it will
make it easier for a future commit to asyncify everything in
`Minify.js`.
 2021-02-12 07:08:51 +00:00
Richard Hansen
50929fe7f7 express: Call expressConfigure, expressCreateServer hooks asynchronously 2021-02-12 07:08:51 +00:00
Richard Hansen
8919f63c98 lint: Replace use of underscore.js with plain ECMAScript 2021-02-12 07:08:51 +00:00
John McLear
ab127289c4 security: limit socketio to 1M chars 2021-02-11 21:01:47 -05:00
Richard Hansen
83a519941b /admin/plugins: Fix logging of error messages 2021-02-09 22:18:35 +00:00
Richard Hansen
1e3f352281 openapi: Turn down logging verbosity 2021-02-09 07:24:31 +00:00
John McLear
2b112ac851
tests: Admin Frontend Test Coverage(#4717) 
Covers all frontend admin operations, runs separated in CI.
 2021-02-07 11:32:57 +00:00
Richard Hansen
8b28e00784 restructure: Prefix bin/ and tests/ with src/ 
This is a follow-up to commit
2ea8ea1275.
 2021-02-05 21:52:08 +00:00
Richard Hansen
cd1d322af4 /admin/plugins/info: Move logic to .js file 2021-02-04 08:41:00 +00:00
freddii
ea202e41f6 docs: fixed typos 2021-02-03 00:30:07 +01:00
Richard Hansen
42c25b2536 openapi: Fix error logging 2021-01-27 04:59:36 +00:00
Richard Hansen
54a3dbb9a0 lint: Fix some straightforward ESLint errors 2021-01-27 04:59:36 +00:00
John McLear
6054f6d93f lint: src/node/hooks/i18n.js 2021-01-25 22:53:11 -05:00
John McLear
2dec36bfd7 lint: src/node/hooks/express/tests.js 2021-01-25 22:53:11 -05:00
John McLear
6df3eadecd lint: src/node/hooks/express/static.js 2021-01-25 22:53:11 -05:00
John McLear
09fc7438ea lint: src/node/hooks/express/specialpages.js 2021-01-25 22:53:11 -05:00
John McLear
72ddf35426 lint: src/node/hooks/express/padurlsanitize.js 2021-01-25 22:53:10 -05:00
John McLear
43ce0f839b lint: src/node/hooks/express/padreadonly.js 2021-01-25 22:53:10 -05:00
John McLear
2f9a3ec655 lint: src/node/hooks/express/openapi.js 2021-01-25 22:53:10 -05:00
John McLear
18ebf7b69a lint: src/node/hooks/express/isValidJSONPName.js 2021-01-25 22:53:10 -05:00
John McLear
3571eb7c32 lint: src/node/hooks/express/importexport.js 2021-01-25 22:53:10 -05:00