Commit graph

293 commits

Author SHA1 Message Date
Richard Hansen
3365e944bf async-ify more functions, and await completion
Where feasible I put the await at the end of the function to
minimize the impact on latency.

My motivation for this change: Eliminate a race condition in tests I
am writing.
2020-09-22 14:10:44 +01:00
Richard Hansen
6c2a361935 import: Use the correct author ID when using sessions
There are two different ways an author ID becomes associated with a
user: either bound to a token or bound to a session ID. (The token and
session ID come from the `token` and `sessionID` cookies, or, in the
case of socket.io messages, from the `token` and `sessionID` message
properties.) When `settings.requireSession` is true or the user is
accessing a group pad, the session ID should be used. Otherwise the
token should be used.

Before this change, the `/p/:pad/import` handler was always using the
token, even when `settings.requireSession` was true. This caused the
following error because a different author ID was bound to the token
versus the session ID:

> Unable to import file into ${pad}. Author ${authorID} exists but he
> never contributed to this pad

This bug was reported in issue #4006. PR #4012 worked around the
problem by binding the same author ID to the token as well as the
session ID.

This change does the following:
  * Modifies the import handler to use the session ID to obtain the
    author ID (when appropriate).
  * Expands the documentation for the SecurityManager checkAccess
    function.
  * Removes the workaround from PR #4012.
  * Cleans up the `bin/createUserSession.js` test script.
2020-09-08 15:04:17 +01:00
John McLear
7a076d1f3a
housekeeping: v3 of automatic plugin fixing tool.
Make sure plugins do npm install before being tested.
2020-08-22 15:50:55 +01:00
John McLear
91c0848ede
Plugin Developer Tools: Plugin check & fix tool
Automated tool to discover and fix common plugin faults.

https://mclear.co.uk/2020/07/18/suggestions-for-improving-etherpad-plugins/

- [x] Adds CI and updates existing travis configs.
- [x] Adds a LICENSE
- [x] Adds a .gitignore
- [x] Adds a README and checks it includes a reference to the license
- [x] Recommends translations
- [x] Checks for files that shouldn't exist and removes them (.ep_initialized, npm-debug.log)

still to do in the distant future depending on usage.
- [ ] Check packages.json includes link to github repo
- [ ] Checks Etherpad is referred to as Etherpad Lite
- [ ] Checks README includes animated gif.
2020-07-26 13:18:02 +01:00
John McLear
78c97d811c
Script to create session and store token <> author more throughly (dont create ghosts) (#4012) 2020-07-16 10:51:02 +01:00
Benson Muite
b361e6e7ed
Fix for better user color selection. (#4142)
Colorpallet has 64 colors, not 32, see line 26 in [src/node/db/AuthorManager.js](4c45ac3cb1/src/node/db/AuthorManager.js) 
By expanding to full range, get better contrasts when there are more than 15 users. It may be helpful to examine color choices a little more and find a better algorithm for automatically assigning colors to users.
2020-06-30 09:40:14 +01:00
Richard Hansen
17a1b96736 bin: Fix 'for' loop style 2020-06-03 23:11:44 -04:00
Richard Hansen
4f0b1fa7ec bin: Improve the run-as-root confirmation prompt
* Send the prompt to stderr
  * Print "> " without a newline so the user knows it is a prompt
  * Wrap long lines
  * Use a here-document
2020-06-03 23:11:44 -04:00
Richard Hansen
18fb75968a bin: Use ISO 8601 date format 2020-06-03 23:11:44 -04:00
Richard Hansen
edfe59e84f bin: Improve restart notification email 2020-06-03 23:11:44 -04:00
Richard Hansen
98e6ec3517 bin: Log the date in the restart message 2020-06-03 23:11:44 -04:00
Richard Hansen
e4fec3883b bin: Improve readability of email body 2020-06-03 23:11:44 -04:00
Richard Hansen
ab408ce653 bin: Put log parameter handling logic together 2020-06-03 23:11:44 -04:00
Richard Hansen
335705e03d bin: Simplify cd to install dir 2020-06-03 23:11:44 -04:00
Richard Hansen
2f76066d95 bin: Simplify while loop condition 2020-06-03 23:11:44 -04:00
Richard Hansen
57237b8568 bin: Quote expansions that are subject to field splitting 2020-06-03 23:11:44 -04:00
Richard Hansen
a28b7c7595 bin: Use assertion-style condition checks 2020-06-03 23:11:44 -04:00
Richard Hansen
5462d2109c bin: Create and use new logging functions
These write errors to stderr and avoid unintentional backslash escape
processing in their arguments.
2020-06-03 23:11:44 -04:00
Richard Hansen
a87a9bb63b bin: Use command to check for commands
`command` is more idiomatic than `hash`. (Also, `hash` has side
effects.)
2020-06-03 23:11:44 -04:00
Richard Hansen
8e8b75be6c bin: Use consistent comment formatting 2020-06-03 23:11:44 -04:00
Richard Hansen
be1f2152fc bin: Use single equals sign for string comparison
Double equals is a non-POSIX bashism.
2020-06-03 23:11:44 -04:00
Richard Hansen
9ffb2ccfb0 Revert "scripts: Various shell script cleanups (#4008)"
This reverts commit fba4fd5314.

The series of commits I made for PR #4008 were squashed into a single
commit and rebased. Somewhere along the way a mistake was made in a
merge conflict resolution, resulting in some bad code in
`bin/buildForWindows.sh`. This commit reverts the bad squashed commit.
2020-06-03 23:11:44 -04:00
Richard Hansen
fba4fd5314
scripts: Various shell script cleanups (#4008) 2020-06-01 21:02:44 +01:00
John McLear
930e80d363
script: Delete group sessions script and fix issue where loadSettings has been moved breaking deletePad (#3973) 2020-06-01 19:36:40 +01:00
Stefan
9fdb9e224c
Windows: Always use latest erbium node version for windows build 2020-06-01 18:14:39 +01:00
muxator
2087a2e564 startup: use "npm ci" instead of "npm install" in startup scripts
Advantages:
- reproducible install: every user will have the same, exact install, instead of
  a slightly different one
- speed: installation of dependencies is measurably faster
- explicit: if a user setup is broken, from now on he'll have a clear error
  message

Fixes #3778
2020-05-15 02:20:46 +02:00
brunob
edfc7a4916 bin: use correct ueberdb module path "ueberDB" -> "ueberdb2" in tools in /bin
This change is analogous to #2998 (e11decc6f8).
2020-05-15 01:22:41 +02:00
John McLear
94921b53fd migrateDirtyDBtoRealDB: fix the script not trusting length, and directly iterating on dirtyDB tuples
Fixes #2214.
2020-05-13 23:04:01 +02:00
John McLear
d155b792e9 migrateDirtyDBtoRealDB: formatting
No functional changes.
2020-05-13 23:04:01 +02:00
muxator
ed46bd9bfe windows: bump the node version included in the prebuilt package: 10.18.0 -> 10.20.1
This is the latest version as of today.
2020-04-26 23:06:38 +02:00
muxator
db77302883 doc: remove old vendorized marked module and replace with 0.8.2
This change is needed because in 1.8.3 we are going to introduce Markdown tables
in the documentation (#3873 and #3921), and the old marked version did not
support generating them.

Instead of committing the marked source code here, we live install from npm if
needed via the Makefile.

n.b.: at the time of this change, marked latest version is 1.0.0, released a few
      days ago. I am updating to the version immediately before that (0.8.2),
      because in 1.0.0 the hyperlinks in the Table of Contents do not work
      (probably a bug in that version).
2020-04-24 02:24:53 +02:00
Sebastian Castro
8956efc4ae bin: add fastRun.sh script for developers
Useful for developers, or users that know what they are doing. If you just
upgraded Etherpad version, installed a new dependency, or are simply unsure of
what to do, then before running this script, please execute bin/installDeps.sh
once.

Fixes #3711 (partially)
2020-04-17 18:36:24 +02:00
muxator
684f374ece runtime: require node >= 10.13.0 LTS
At the moment, NodeJS 10.x is the lowest supported LTS version. NodeJS 8.x is no
longer supported upstream.

Implements #3835.
Planned in #3650.
2020-04-09 04:43:37 +02:00
John McLear
cdf5b63f26 use a deletePad approach that works when server is running and works with MySQL 2020-04-03 03:31:18 +02:00
muxator
a181ea8fbe bin: replace double backticks (``) with $()
This has been the recommended way of launching subshells for ages, and is easier
to type and on the eye.

For a quick reference, see:
https://unix.stackexchange.com/questions/5778/whats-the-difference-between-stuff-and-stuff#5782
2020-03-29 00:53:17 +01:00
John McLear
14ae2ee950 checkPadDeltas: version by JohnMcLear
From https://github.com/ether/etherpad-lite/pull/3717#issuecomment-602179127

> Afaik I used async / await that's pretty much all, I think I had to do some
> polish because something was broken, remember stuff like pad.getPadAuthors was
> b0rked in 1.7 or so
2020-03-27 01:50:56 +01:00
Marcel Klehr
90f9b8a3bd checkPadDeltas: original version from marcelklehr (2014-05-14)
Committed by muxator on 2020-03-22, taking the raw version from:
c65b496402/checkPadDeltas.js
2020-03-27 01:50:56 +01:00
muxator
5bcc5a3be0 windows: bump the node version included in the prebuilt package: 10.16.3 -> 10.18.0
This is the latest version as of today.
2019-12-18 02:00:08 +01:00
muxator
0a86024797 startup scripts: get rid of $* and replace it with properly quoted "$@"
In shell scripts an unquoted $* is rarely useful, for example because it breaks
in presence of file names with spaces.

References:
- https://google.github.io/styleguide/shell.xml
  Use "$@" unless you have a specific reason to use $*.

- https://unix.stackexchange.com/questions/41571/what-is-the-difference-between-and#94200
  Short answer: use "$@" (note the double quotes). The other forms are very
  rarely useful.
2019-12-01 01:52:32 +01:00
muxator
9ee131ca1f installDeps.sh: create a package-lock.json on startup. Track it in the repo.
This change reverts c4918efc1b, and basically negates what was done for #3396,
but aligns better with current practices in the nodejs ecosystem.

Pragmatically speaking, this will allow users, if they want, to use
npm-force-resolutions (https://github.com/rogeriochaves/npm-force-resolutions)
to manually fix security vulnerabilities.
We had a problem for that (see #3598), and - given the fragmented nature of
the nodejs ecosystem - it is reasonable to expect more issues like that one,
so it's better to be prepared.

Closes #3659.
2019-10-31 19:20:28 +01:00
muxator
529c4a314e windows: bump the node version included in the prebuilt package: 8.15.0 -> 10.16.3
Nodejs 8.x is going to be EOLed in a few months, and newer nodejs runtimes are
typically faster, a much needed benefit under Windows.

Closes #3652.
2019-10-20 03:16:01 +02:00
muxator
ce666f19bd windows: do not include dev dependencies in the prebuilt package
This makes the package smaller.

Before this change:
    added 981 packages from 1497 contributors [...]
    53M etherpad-lite-win.zip

After this change:
    added 734 packages from 1043 contributors [...]
    43M etherpad-lite-win.zip

Closes #3651.
2019-10-20 03:12:39 +02:00
muxator
312c72c364 formatting: bulk remove trailing whitespaces
Do not touch vendorized files (e.g. libraries that were imported from external
projects).

No functional changes.

Command:
    find . -name '*.<EXTENSION>' -type f -print0 | xargs -0 sed -i 's/[[:space:]]*$//'
2019-10-20 02:09:22 +02:00
muxator
4f753809fe runtime: decrease minimum command-line npm version from 6.4 to 5.5
When nodejs 8.9.0 was released, its bundled npm version was 5.5.1 (see
https://nodejs.org/en/download/releases). It makes sense that we lover our
requirement to that version.

Please note that the npm version mentioned here does not refer to the npm
library installed as Etherpad dependency in node_modules via package.json
(which indeed is higher) but is merely the npm version used to bootstrap the
installation when running installDeps.sh.

This change amends 9d35d15ae3 and its planning issue - #3424 - which were too
strict.
2019-10-19 22:38:32 +02:00
Ray Bellis
c499a08030 bin/repairPad.js: conversion to promise/async
- but see also github issue #3545
2019-01-30 10:47:50 +00:00
Ray Bellis
7709fd46e5 utility scripts: converted to use the Promise interface 2019-01-26 23:52:02 +00:00
muxator
9497ee734f prepare to async: trivial reformatting
This change is only cosmetic. Its aim is do make it easier to understand the
async changes that are going to be merged later on. It was extracted from the
original work from Ray Bellis.

To verify that nothing has changed, you can run the following command on each
file touched by this commit:
  npm install uglify-es
  diff --unified <(uglify-js --beautify bracketize <BEFORE.js>) <(uglify-js --beautify bracketize <AFTER.js>)



This is a complete script that does the same automatically (works from a
mercurial clone):

```bash
#!/usr/bin/env bash

set -eu

REVISION=<THIS_REVISION>

PARENT_REV=$(hg identify --rev "${REVISION}" --template '{p1rev}')
FILE_LIST=$(hg status --no-status --change ${REVISION})
UGLIFYJS="node_modules/uglify-es/bin/uglifyjs"

for FILE_NAME in ${FILE_LIST[@]}; do
  echo "Checking ${FILE_NAME}"
  diff --unified \
    <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${PARENT_REV}" "${FILE_NAME}")) \
    <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${REVISION}"   "${FILE_NAME}"))
done
```
2019-02-08 23:20:57 +01:00
muxator
b34fc2de2b use Date.now() instead of new Date().getTime()
This is documented to be more performant.

The substitution was made on frontend code, too (i.e., the one in /static),
because Date.now() is supported since IE 9, and we are life supporting only
IE 11.

Commands:
  find . -name *.js | xargs sed --in-place "s/new Date().getTime()/Date.now()/g"
  find . -name *.js | xargs sed --in-place "s/(new Date()).getTime()/Date.now()/g"

Not done on jQuery.
2019-02-26 23:25:15 +01:00
muxator
9d35d15ae3 node8: require nodejs >= 8.9.0, npm >= 6.4
Next version will be Etherpad 1.8. As planned in #3424, we are going to require
NodeJS >=8.9.0 and npm >= 6.4.

This commit implements that change and updates documentation and scripts.
Subsequent changes will get rid of old idioms, dating back to node < 0.7, that
still survive in the code.
Once migrated to NodeJS 8, we will be able to start working on migrating the
code base from callbacks to async/await, greatly simplifying legibility (see
#3540).

Closes #3557
2019-02-19 22:01:12 +01:00
muxator
acc0b05702 windows: 1.7.5 was released with node 8.15.0. Document it here. 2019-01-27 13:48:24 +01:00