mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-24 17:36:14 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 33
7729 commits 214 branches 107 tags 73 MiB
Commit graph

1792 commits

Author SHA1 Message Date
Richard Hansen
1b52c9f0c4 PadMessageHandler: Deprecate client context property 2021-12-21 17:23:56 -05:00
Richard Hansen
696f9c3367 specialpages: New /health endpoint for health checking 
This endpoint is intended to conform with:
https://www.ietf.org/archive/id/draft-inadarei-api-health-check-06.html
 2021-12-21 17:19:56 -05:00
Dirk Jagdmann
2e4c546c7f Pad: Add new .spliceText() method 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-21 17:00:18 -05:00
Richard Hansen
30544b564e express: Skip express-session middleware if pre-authorized 2021-12-20 20:08:19 -05:00
Richard Hansen
649fbdccf5 express: Move static handlers to expressPreSession 
This avoids the need to exempt the paths from authentication checks,
and it eliminates unnecessary express-session state.
 2021-12-20 20:08:19 -05:00
Richard Hansen
72f4ae444d express: New expressPreSession server-side hook 2021-12-20 20:08:19 -05:00
Richard Hansen
0b1ec20c5c express: Move preAuthorize middleware before express-session 2021-12-20 20:08:19 -05:00
Richard Hansen
bf35dcfc50 webaccess: Move preAuthorize to its own middleware 2021-12-20 20:08:19 -05:00
Richard Hansen
7f3d0e71f7 express: Check access before expressConfigure middleware 
There are no guarantees about the order of execution of hook
functions, which means that a plugin's `expressConfigure` hook
function could theoretically register a handler/middleware before the
access check middleware is registered. If that happens, the plugin's
handler would run before the access check, which would be bad. Avoid
the problem by explicitly installing the `webaccess.checkAccess`
middleware before running the `expressConfigure` hook.
 2021-12-20 20:08:18 -05:00
Richard Hansen
472eddc821 webaccess: Skip checks if next is called in preAuthenticate 2021-12-20 20:08:18 -05:00
webzwo0i
8b73f2ee70 padurlsanitize: Don't crash if sanitizePadId() throws 
Let Express send a 500 status code to the user instead.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-18 18:47:01 -05:00
Richard Hansen
4733c7d8d3 SessionStore: Promisify to the extent permitted by express-session 2021-12-18 18:29:04 -05:00
webzwo0i
694d3f630e SessionStore: Propagate database errors to express-session 
Send a 500 HTTP status code to the client if the session entry could
not be fetched from the database. This is useful in case the database
is busy and can't respond to the query in time. In this case we want
to abort the client connection as soon as possible.

Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-18 18:29:04 -05:00
Richard Hansen
7572040836 Pad: Simplify Pad.copy() logic 2021-12-18 18:28:58 -05:00
webzwo0i
0040f5984e db: await more database operations 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-18 18:23:27 -05:00
Richard Hansen
b1d0848701 Pad: Improve readability of appendText 2021-12-16 00:48:07 -05:00
Richard Hansen
a6bf7816ce Pad: Simplify setText 2021-12-16 00:48:07 -05:00
Richard Hansen
d94f380141 API: Fix race conditions in setText, appendText, restoreRevision 2021-12-14 01:02:00 -05:00
Richard Hansen
cff089e54e PadMessageHandler: Accept retransmissions of USER_CHANGES 2021-12-14 01:02:00 -05:00
Richard Hansen
a370cfa5c6 Pad: Don't create no-op revisions 2021-12-14 01:02:00 -05:00
Richard Hansen
56b7671422 Pad: Return new rev number from appendRevision() 2021-12-14 01:02:00 -05:00
Richard Hansen
c05ee7ce72 PadMessageHandler: Move ACCEPT_COMMIT after changeset save 2021-12-14 01:02:00 -05:00
Richard Hansen
4d457f6296 ImportHandler: Pass ImportError to import hook 2021-12-10 02:34:13 -05:00
John McLear
6cca27dea6 API: getText with old revision should only return text, not atext 
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
 2021-12-05 18:50:39 -05:00
Richard Hansen
8c857a85ac pad: Use null as default for userName, userColor options 
These options are used as strings, so it doesn't make sense to default
them to a boolean value.

Note that this change has no effect due to a bug in how pad options
are processed; that bug will be fixed in a future commit.
 2021-12-04 23:06:16 -05:00
Richard Hansen
61b608e264 pad: Use null as default for lang option 
It doesn't make sense to override the browser's language with `en-gb`
by default.

Note that this change has no effect due to a bug in how pad options
are processed; that bug will be fixed in a future commit.
 2021-12-04 23:06:16 -05:00
Richard Hansen
a02e45499d Use the new AttributeMap and Changeset APIs 2021-11-28 23:47:27 -05:00
Richard Hansen
f00b1ae89b Merge branch 'master' into develop 2021-11-28 23:10:45 -05:00
Richard Hansen
77bcb507b3 ImportEtherpad: Limit in-flight DB queries 2021-11-28 22:28:55 -05:00
Richard Hansen
5b3575acf0 ImportEtherpad: Use AttributePool to check attributes 2021-11-28 22:28:55 -05:00
Richard Hansen
19909eae53 ImportEtherpad: Rigorously check imported data 2021-11-28 22:28:55 -05:00
Richard Hansen
885ff3bcde Pad: Move padLoad hook invocation to PadManager.js 
This puts global state change logic with the rest of the global state
management logic. This also makes it possible to create temporary Pad
objects without triggering plugin actions.
 2021-11-28 22:28:55 -05:00
Richard Hansen
f7d4abdabe Pad: Inject the database dependency 2021-11-28 22:28:55 -05:00
Richard Hansen
7c870f8a58 Pad: Add strict validation checks 2021-11-28 22:28:55 -05:00
Richard Hansen
ad78b24113 ImportEtherpad: Warn about unsupported attrib at encounter 2021-11-28 22:28:55 -05:00
Richard Hansen
23f8a12922 ImportEtherpad: Don't make any changes if data is bad 2021-11-28 22:28:55 -05:00
Richard Hansen
a2e77a7128 ImportEtherpad: Enforce single-pad records 2021-11-28 22:28:54 -05:00
Richard Hansen
33778281b9 ImportEtherpad: Simplify attribute key iteration 2021-11-28 22:28:54 -05:00
Richard Hansen
00fc7c8e86 ImportEtherpad: Reject unknown DB records 2021-11-28 22:27:44 -05:00
Richard Hansen
8e9bc8d325 ImportEtherpad: Avoid false positives when checking apool 2021-11-28 19:00:44 -05:00
Richard Hansen
003e5cbd4b ImportEtherpad: Fix DB key pad ID transformation 2021-11-28 19:00:44 -05:00
Richard Hansen
fea7948b05 ImportEtherpad: Fix author info processing 2021-11-28 19:00:44 -05:00
Richard Hansen
777d045246 GroupManager: Clean up any mappings when deleting a group 2021-11-28 14:06:47 +00:00
Richard Hansen
5b37a56197 GroupManager: Use .setSub() and parallel queries to avoid races 
This also simplfies the code.
 2021-11-27 22:20:03 -05:00
Richard Hansen
9d63700da0 SessionManager: Use .setSub() and parallel queries to avoid races 
This also simplfies the code.
 2021-11-27 22:20:03 -05:00
Timon Engelke
3070cee9ca Delete group after removing it from the group list 2021-11-27 22:20:03 -05:00
Timon Engelke
09c9e32d72 Delete session after corresponding group2session and author2session 2021-11-27 22:20:03 -05:00
Richard Hansen
2f0561abc0 ImportEtherpad: Remove unnecessary variable 2021-11-25 18:39:07 -05:00
Richard Hansen
9bc90128cb ImportEtherpad: Fix async logic 2021-11-25 18:39:07 -05:00
Richard Hansen
d3427240c6 tests: Serve all of src/tests/frontend/, not just specs 2021-11-23 21:07:07 -05:00