etherpad-lite/src/node/hooks/express/importexport.js

'use strict';

const hasPadAccess = require('../../padaccess');
const settings = require('../../utils/Settings');
const exportHandler = require('../../handler/ExportHandler');
const importHandler = require('../../handler/ImportHandler');
const padManager = require('../../db/PadManager');
const readOnlyManager = require('../../db/ReadOnlyManager');
const rateLimit = require('express-rate-limit');
const securityManager = require('../../db/SecurityManager');
const webaccess = require('./webaccess');

exports.expressCreateServer = (hookName, args, cb) => {
  settings.importExportRateLimiting.onLimitReached = (req, res, options) => {
    // when the rate limiter triggers, write a warning in the logs
    console.warn('Import/Export rate limiter triggered on ' +
                 `"${req.originalUrl}" for IP address ${req.ip}`);
  };
  // The rate limiter is created in this hook so that restarting the server resets the limiter.
  const limiter = rateLimit(settings.importExportRateLimiting);

  // handle export requests
  args.app.use('/p/:pad/:rev?/export/:type', limiter);
  args.app.get('/p/:pad/:rev?/export/:type', (req, res, next) => {
    (async () => {
      const types = ['pdf', 'doc', 'txt', 'html', 'odt', 'etherpad'];
      // send a 404 if we don't support this filetype
      if (types.indexOf(req.params.type) === -1) {
        return next();
      }

      // if abiword is disabled, and this is a format we only support with abiword, output a message
      if (settings.exportAvailable() === 'no' &&
          ['odt', 'pdf', 'doc'].indexOf(req.params.type) !== -1) {
        console.error(`Impossible to export pad "${req.params.pad}" in ${req.params.type} format.` +
                      ' There is no converter configured');

        // ACHTUNG: do not include req.params.type in res.send() because there is
        // no HTML escaping and it would lead to an XSS
        res.send('This export is not enabled at this Etherpad instance. Set the path to Abiword' +
                 ' or soffice (LibreOffice) in settings.json to enable this feature');
        return;
      }

      res.header('Access-Control-Allow-Origin', '*');

      if (await hasPadAccess(req, res)) {
        let padId = req.params.pad;

        let readOnlyId = null;
        if (readOnlyManager.isReadOnlyId(padId)) {
          readOnlyId = padId;
          padId = await readOnlyManager.getPadId(readOnlyId);
        }

        const exists = await padManager.doesPadExists(padId);
        if (!exists) {
          console.warn(`Someone tried to export a pad that doesn't exist (${padId})`);
          return next();
        }

        console.log(`Exporting pad "${req.params.pad}" in ${req.params.type} format`);
        await exportHandler.doExport(req, res, padId, readOnlyId, req.params.type);
      }
    })().catch((err) => next(err || new Error(err)));
  });

  // handle import requests
  args.app.use('/p/:pad/import', limiter);
  args.app.post('/p/:pad/import', (req, res, next) => {
    (async () => {
      const {session: {user} = {}} = req;
      const {accessStatus} = await securityManager.checkAccess(
          req.params.pad, req.cookies.sessionID, req.cookies.token, user);
      if (accessStatus !== 'grant' || !webaccess.userCanModify(req.params.pad, req)) {
        return res.status(403).send('Forbidden');
      }
      await importHandler.doImport(req, res, req.params.pad);
    })().catch((err) => next(err || new Error(err)));
  });

  return cb();
};
lint: src/node/hooks/express/importexport.js 2021-01-21 21:06:52 +00:00			`'use strict';`

lint: Run `eslint --fix` on `src/` 2020-11-23 13:24:19 -05:00			`const hasPadAccess = require('../../padaccess');`
			`const settings = require('../../utils/Settings');`
			`const exportHandler = require('../../handler/ExportHandler');`
			`const importHandler = require('../../handler/ImportHandler');`
			`const padManager = require('../../db/PadManager');`
			`const readOnlyManager = require('../../db/ReadOnlyManager');`
			`const rateLimit = require('express-rate-limit');`
			`const securityManager = require('../../db/SecurityManager');`
			`const webaccess = require('./webaccess');`
import/export: always rate limit import and exports This is a departure from previous versions, which did not limit import/export requests. Now such requests are ALWAYS rate limited. The default is 10 requests per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3. Administrators can tune the parameters via settings.importExportRateLimiting. 2020-04-04 20:39:33 +00:00
lint: src/node/hooks/express/importexport.js 2021-01-21 21:06:52 +00:00			`exports.expressCreateServer = (hookName, args, cb) => {`
Defer rate limiter creation to a hook call This makes it possible to change the rate limiter settings via `/admin/settings` or by modifying the appropriate settings object and reinvoking the hook. 2021-02-16 20:53:42 -05:00			`settings.importExportRateLimiting.onLimitReached = (req, res, options) => {`
			`// when the rate limiter triggers, write a warning in the logs`
			`console.warn('Import/Export rate limiter triggered on ' +`
			`"${req.originalUrl}" for IP address ${req.ip}`);
			`};`
			`// The rate limiter is created in this hook so that restarting the server resets the limiter.`
			`const limiter = rateLimit(settings.importExportRateLimiting);`

importexport: improved logging This is in preparation to the next activities about import/export securization. 2020-04-13 01:33:43 +02:00			`// handle export requests`
import/export: always rate limit import and exports This is a departure from previous versions, which did not limit import/export requests. Now such requests are ALWAYS rate limited. The default is 10 requests per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3. Administrators can tune the parameters via settings.importExportRateLimiting. 2020-04-04 20:39:33 +00:00			`args.app.use('/p/:pad/:rev?/export/:type', limiter);`
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`args.app.get('/p/:pad/:rev?/export/:type', (req, res, next) => {`
			`(async () => {`
			`const types = ['pdf', 'doc', 'txt', 'html', 'odt', 'etherpad'];`
			`// send a 404 if we don't support this filetype`
			`if (types.indexOf(req.params.type) === -1) {`
			`return next();`
			`}`
Moved importexport 2012-02-25 16:06:08 +01:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`// if abiword is disabled, and this is a format we only support with abiword, output a message`
			`if (settings.exportAvailable() === 'no' &&`
			`['odt', 'pdf', 'doc'].indexOf(req.params.type) !== -1) {`
			console.error(`Impossible to export pad "${req.params.pad}" in ${req.params.type} format.` +
			`' There is no converter configured');`
importexport: improved logging This is in preparation to the next activities about import/export securization. 2020-04-13 01:33:43 +02:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`// ACHTUNG: do not include req.params.type in res.send() because there is`
			`// no HTML escaping and it would lead to an XSS`
			`res.send('This export is not enabled at this Etherpad instance. Set the path to Abiword' +`
			`' or soffice (LibreOffice) in settings.json to enable this feature');`
			`return;`
			`}`
Moved importexport 2012-02-25 16:06:08 +01:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`res.header('Access-Control-Allow-Origin', '*');`
Moved importexport 2012-02-25 16:06:08 +01:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`if (await hasPadAccess(req, res)) {`
			`let padId = req.params.pad;`
Fix readOnly pad export The export request hook wasn't testing if the pad's id was from a read-only pad before validating with the pad manager. This includes an extra step that makes the read-only id verification and also avoids setting the original pad's id as the file's name. 2020-09-16 14:57:27 -03:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`let readOnlyId = null;`
			`if (readOnlyManager.isReadOnlyId(padId)) {`
			`readOnlyId = padId;`
			`padId = await readOnlyManager.getPadId(readOnlyId);`
			`}`
Fix readOnly pad export The export request hook wasn't testing if the pad's id was from a read-only pad before validating with the pad manager. This includes an extra step that makes the read-only id verification and also avoids setting the original pad's id as the file's name. 2020-09-16 14:57:27 -03:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`const exists = await padManager.doesPadExists(padId);`
			`if (!exists) {`
			console.warn(`Someone tried to export a pad that doesn't exist (${padId})`);
			`return next();`
			`}`
check pad exists before importing / exporting 2018-04-04 21:48:32 +01:00
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			console.log(`Exporting pad "${req.params.pad}" in ${req.params.type} format`);
import/export: On export error return 500 instead of crashing 2021-03-17 18:54:57 -04:00			`await exportHandler.doExport(req, res, padId, readOnlyId, req.params.type);`
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`}`
			`})().catch((err) => next(err \|\| new Error(err)));`
Moved importexport 2012-02-25 16:06:08 +01:00			`});`

prepare to async: trivial reformatting This change is only cosmetic. Its aim is do make it easier to understand the async changes that are going to be merged later on. It was extracted from the original work from Ray Bellis. To verify that nothing has changed, you can run the following command on each file touched by this commit: npm install uglify-es diff --unified <(uglify-js --beautify bracketize <BEFORE.js>) <(uglify-js --beautify bracketize <AFTER.js>) This is a complete script that does the same automatically (works from a mercurial clone): ```bash #!/usr/bin/env bash set -eu REVISION=<THIS_REVISION> PARENT_REV=$(hg identify --rev "${REVISION}" --template '{p1rev}') FILE_LIST=$(hg status --no-status --change ${REVISION}) UGLIFYJS="node_modules/uglify-es/bin/uglifyjs" for FILE_NAME in ${FILE_LIST[@]}; do echo "Checking ${FILE_NAME}" diff --unified \ <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${PARENT_REV}" "${FILE_NAME}")) \ <("${UGLIFYJS}" --beautify bracketize <(hg cat --rev "${REVISION}" "${FILE_NAME}")) done ``` 2019-02-08 23:20:57 +01:00			`// handle import requests`
import/export: always rate limit import and exports This is a departure from previous versions, which did not limit import/export requests. Now such requests are ALWAYS rate limited. The default is 10 requests per IP each 90 seconds, and also applies to old instances upgraded to 1.8.3. Administrators can tune the parameters via settings.importExportRateLimiting. 2020-04-04 20:39:33 +00:00			`args.app.use('/p/:pad/import', limiter);`
import/export: Make sure Express sees async errors Express v4.x does not check to see if a Promise returned from a middleware function will be rejected, so explicitly pass the Promise rejection reason to `next()`. We can revert this change after we upgrade to Express v5.0. See https://expressjs.com/en/guide/error-handling.html for details. 2021-02-07 19:56:07 -05:00			`args.app.post('/p/:pad/import', (req, res, next) => {`
			`(async () => {`
			`const {session: {user} = {}} = req;`
			`const {accessStatus} = await securityManager.checkAccess(`
			`req.params.pad, req.cookies.sessionID, req.cookies.token, user);`
			`if (accessStatus !== 'grant' \|\| !webaccess.userCanModify(req.params.pad, req)) {`
			`return res.status(403).send('Forbidden');`
			`}`
			`await importHandler.doImport(req, res, req.params.pad);`
			`})().catch((err) => next(err \|\| new Error(err)));`
Moved importexport 2012-02-25 16:06:08 +01:00			`});`
hooks: Call the callback when done If a hook function neither calls the callback nor returns a (non-undefined) value then there's no way for the hook system to know if/when the hook function has finished. 2020-10-10 22:51:26 -04:00
			`return cb();`
lint: Run `eslint --fix` on `src/` 2020-11-23 13:24:19 -05:00			`};`