Commit graph

7873 commits

Author SHA1 Message Date
Dirk Jagdmann
2e4c546c7f Pad: Add new .spliceText() method
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-21 17:00:18 -05:00
Richard Hansen
30544b564e express: Skip express-session middleware if pre-authorized 2021-12-20 20:08:19 -05:00
Richard Hansen
649fbdccf5 express: Move static handlers to expressPreSession
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
2021-12-20 20:08:19 -05:00
Richard Hansen
72f4ae444d express: New expressPreSession server-side hook 2021-12-20 20:08:19 -05:00
Richard Hansen
0b1ec20c5c express: Move preAuthorize middleware before express-session 2021-12-20 20:08:19 -05:00
Richard Hansen
bf35dcfc50 webaccess: Move preAuthorize to its own middleware 2021-12-20 20:08:19 -05:00
Richard Hansen
7f3d0e71f7 express: Check access before expressConfigure middleware
There are no guarantees about the order of execution of hook
functions, which means that a plugin's `expressConfigure` hook
function could theoretically register a handler/middleware before the
access check middleware is registered. If that happens, the plugin's
handler would run before the access check, which would be bad. Avoid
the problem by explicitly installing the `webaccess.checkAccess`
middleware before running the `expressConfigure` hook.
2021-12-20 20:08:18 -05:00
Richard Hansen
472eddc821 webaccess: Skip checks if next is called in preAuthenticate 2021-12-20 20:08:18 -05:00
Richard Hansen
fc498f0ae6 tests: Delete test pad before attempting import 2021-12-20 20:08:18 -05:00
Richard Hansen
c4b25388ae docs: Server-side hook documentation improvements 2021-12-20 20:08:18 -05:00
Richard Hansen
02d1b90d30 tests: Factor out USER_CHANGES/ACCEPT_COMMIT helpers
This will make it possible for other tests to reuse the code.
2021-12-19 16:53:24 -05:00
snyk-bot
674a0ccedc fix: upgrade openapi-backend from 5.0.0 to 5.0.1
Snyk has created this PR to upgrade openapi-backend from 5.0.0 to 5.0.1.

See this package in npm:
https://www.npmjs.com/package/openapi-backend

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-12-19 00:54:20 -05:00
webzwo0i
8b73f2ee70 padurlsanitize: Don't crash if sanitizePadId() throws
Let Express send a 500 status code to the user instead.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:47:01 -05:00
Richard Hansen
4733c7d8d3 SessionStore: Promisify to the extent permitted by express-session 2021-12-18 18:29:04 -05:00
webzwo0i
694d3f630e SessionStore: Propagate database errors to express-session
Send a 500 HTTP status code to the client if the session entry could
not be fetched from the database. This is useful in case the database
is busy and can't respond to the query in time. In this case we want
to abort the client connection as soon as possible.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:29:04 -05:00
Richard Hansen
7572040836 Pad: Simplify Pad.copy() logic 2021-12-18 18:28:58 -05:00
webzwo0i
0040f5984e db: await more database operations
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:23:27 -05:00
translatewiki.net
e64462323b Localisation updates from https://translatewiki.net. 2021-12-16 13:03:26 +01:00
Richard Hansen
748d661495 Changeset: Fix off-by-one bug in makeSplice 2021-12-16 00:48:07 -05:00
Richard Hansen
30d68df396 Changeset: Add range checks to makeSplice 2021-12-16 00:48:07 -05:00
Richard Hansen
fdf1fdbc23 Changeset: Improve readability of makeSplice() 2021-12-16 00:48:07 -05:00
Richard Hansen
b1d0848701 Pad: Improve readability of appendText 2021-12-16 00:48:07 -05:00
Richard Hansen
a6bf7816ce Pad: Simplify setText 2021-12-16 00:48:07 -05:00
Robert Geislinger
10e2b09b96 Update http_api.md
The current version is 1.2.15 or bigger if you look at e.g. copyPadWithoutHistory
2021-12-14 01:16:38 -05:00
snyk-bot
3693a0574f fix: upgrade jsdom from 18.1.0 to 18.1.1
Snyk has created this PR to upgrade jsdom from 18.1.0 to 18.1.1.

See this package in npm:
https://www.npmjs.com/package/jsdom

See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-12-14 01:05:47 -05:00
Richard Hansen
d94f380141 API: Fix race conditions in setText, appendText, restoreRevision 2021-12-14 01:02:00 -05:00
Richard Hansen
cff089e54e PadMessageHandler: Accept retransmissions of USER_CHANGES 2021-12-14 01:02:00 -05:00
Richard Hansen
a370cfa5c6 Pad: Don't create no-op revisions 2021-12-14 01:02:00 -05:00
Richard Hansen
56b7671422 Pad: Return new rev number from appendRevision() 2021-12-14 01:02:00 -05:00
Richard Hansen
c05ee7ce72 PadMessageHandler: Move ACCEPT_COMMIT after changeset save 2021-12-14 01:02:00 -05:00
Richard Hansen
dbacc73c36 tests: Basic USER_CHANGES backend tests 2021-12-14 01:02:00 -05:00
translatewiki.net
2cae414473 Localisation updates from https://translatewiki.net. 2021-12-13 13:03:50 +01:00
Richard Hansen
1fe01c66fd getCorePlugins.sh: Various improvements
* Factor out plugin query.
  * Make idempotent.
  * Improve logging.
  * Install by symlinking to a parallel directory rather than cloning
    into `etherpad-lite/node_modules`.
2021-12-11 02:01:35 -05:00
Richard Hansen
5915c2243d checkPlugin: Redo README.md and LICENSE 2021-12-11 02:01:35 -05:00
Richard Hansen
d81546ad7b checkPlugin: Delete Travis badge from README.md template 2021-12-11 02:01:35 -05:00
Richard Hansen
2c05de7033 checkPlugin: Update ESLint dependencies 2021-12-11 02:01:35 -05:00
Richard Hansen
3563fc1df9 checkPlugin: Relax repo checks 2021-12-11 02:01:35 -05:00
Richard Hansen
4716975c37 checkPlugin: Do case-sensitive filename checks 2021-12-11 02:01:35 -05:00
Richard Hansen
9a85bce212 checkPlugin: Only consider README{,.md} (case-insensitive)
This avoids false positives such as `README-foo.md`.
2021-12-11 02:01:35 -05:00
Richard Hansen
753d16af8a checkPlugin: Promisify file system accesses 2021-12-11 02:01:35 -05:00
Richard Hansen
b50c6d07d4 checkPlugin: Improve readability of files assignment 2021-12-11 02:01:35 -05:00
Richard Hansen
b546867adb checkPlugin: Replace .indexOf() with .includes() 2021-12-11 02:01:35 -05:00
Richard Hansen
34a4a74634 checkPlugin: Change autocommit to not push 2021-12-11 02:01:35 -05:00
Richard Hansen
48222449b5 checkPlugin: Add frontend-tests.yml GitHub workflow 2021-12-11 02:01:35 -05:00
Richard Hansen
51c530a3a0 checkPlugin: Compare entire file 2021-12-11 02:01:34 -05:00
Richard Hansen
f0669a8d31 checkPlugin: Automatically determine plugin name in backend-tests.yml 2021-12-11 02:01:34 -05:00
Richard Hansen
314b67b7fe checkPlugin: Improve eslintConfig, funding, scripts checking 2021-12-11 02:01:34 -05:00
Richard Hansen
b7dce95802 checkPlugin: Use updateDeps to manage engine 2021-12-10 14:44:02 -05:00
Richard Hansen
f0ab112c2d checkPlugin: Factor out duplicate file update logic and simplify 2021-12-10 14:44:02 -05:00
Richard Hansen
b7de4faf42 checkPlugin: Don't bump version if there are no changes 2021-12-10 14:44:01 -05:00