Commit graph

2903 commits

Author SHA1 Message Date
David Mehren
faa10da86b Set all cookies with sameSite: strict
Modern browsers do not support (or will stop supporting) sameSite: none (or no sameSite attribute) without the Secure flag. As we don't want everyone to be able to make requests with our cookies anyway, this commit sets sameSite to strict. See https://developer.mozilla.org/de/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-07-10 18:40:56 +08:00
David Mehren
370916e951
Merge pull request #436 from dalcde/parsedqs
Fix typescript error
2020-07-10 12:19:58 +02:00
Dexter Chua
5829611def Fix typescript error
c.f. (slightly outdated, but same spirit)
https://github.com/DefinitelyTyped/DefinitelyTyped/pull/43434#issuecomment-607181516

Signed-off-by: Dexter Chua <dec41@srcf.net>
2020-07-03 23:32:48 +08:00
David Mehren
c3a79fee9d
Merge pull request #425 from dalcde/sequelize
Improve handling of termination signals
2020-06-28 14:20:10 +02:00
Sheogorath
2230f7fa93
Upgrade LDAP-auth to fix RCE in ldapauth dependency
Synk reported an Remote Code Execution vulnerability for the
passport-ldapauth dependency `bunyan`. This RCE is due to wrong command
sanitizing but doesn't only affects the executable the libary provides.
It has no impact on CodiMD.

This patch just updates passport-ldapauth since it's long overdue anyway
and to silence annoying security scanners that pretend this is rather
critical for us.

Reference:
ea21d75f54
https://app.snyk.io/vuln/SNYK-JS-BUNYAN-573166
2020-06-28 02:49:07 +02:00
Dexter Chua
c8033f9a3a Improve handling of termination signals
Previously, upon receiving a termination signal, the process tries to
flush all changes to the database, retrying every 0.1s until it
succeeds. However, if the database is not set up properly, this always
fails, and spams the terminal/logging with the error message 10 times a
second.

If the user sends another termination signal, the handleTermSignal
function is called once again, and we get twice the number of error
messages.

This commit changes the behaviour in various ways.

(1) It lowers the retry rate to 0.5s, and aborts after 30 seconds.

(2) If the write to the database errored, the error message explains
    that this is due to us flushing the final changes.

(3) We replace realtime.maintenance with realtime.state, which is an
    Enum with three possible states --- Starting, Running, and Stopping.
    If a termination signal is received in the starting state, the
    process simply aborts because there is nothing to clean up. This is
    the case when the database is misconfigured, since the application
    starts up only after connecting to the databse. If it is in the
    Stopping state, the handleTermSignal function returns because
    another instance of handleTermSignal is already running.

Fixes #408

Signed-off-by: Dexter Chua <dec41@srcf.net>
2020-06-27 19:40:31 +08:00
Sheogorath
f22a2ad15d
Merge pull request #421 from dalcde/perm
Centralize permission checking
2020-06-26 12:58:13 +02:00
Sheogorath
a96e9fd8be
Merge pull request #407 from dalcde/oauth2
Generic OAuth2: Set state: true
2020-06-26 12:06:03 +02:00
Sheogorath
9c5378894a
Merge pull request #424 from codimd/SuperSandro2000-patch-2
Fix browser logo links
2020-06-26 10:54:24 +02:00
Sandro
b122bca7f8
Fix browser logo links
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
2020-06-26 09:47:38 +02:00
Dexter Chua
c47520b09e Centralize permission checking
This makes it more convenient to modify the permission model, both for
future modifications and for custom installations.

This changes the `owner` property of NoteSession to `ownerId`, which is
a more accurate description anyway.

Signed-off-by: Dexter Chua <dec41@srcf.net>
2020-06-23 20:32:07 +08:00
Sheogorath
04a652c3a6
Merge pull request #411 from dalcde/oauth3
Allow for undefined email and displayName
2020-06-22 19:35:32 +02:00
Dexter Chua
e45327df5d Allow for undefined email and displayName
OAuth2 allows the user to only consent to a subset of the scopes
requested. Previously, the Generic Oauth2 implementation assumes that
the `username`, `email` and `displayName` attributes are supplied, and
may crash if they are not defined.

This commit allows for `email` and `displayName` to not be defined,
either through the user refusing consent or the OAuth2 configuration
not asking for them in the first place (by not setting
`userProfile*Attr`).

If `email` is not provided, the `emails` property is simply left empty.
If `displayName` is not provided, it is left undefined, and CodiMD uses
the `username` whenever the `displayName` is expected.

This does not deal with the case where `username` is not provided. Since
usernames are not unique in CodiMD, it is possible to deal with this by
setting a dummy username. This can be added in a future commit if
desired.

Fixes #406

Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-22 23:09:35 +08:00
Sheogorath
389bbc46f7
Merge pull request #418 from dalcde/socket
Add option for socket permissions
2020-06-22 16:56:57 +02:00
Dexter Chua
f2aba67374 Add option for socket permissions
This allows configuring the group and mode of the unix socket after it
has been created to allow reverse proxies to access it. Fixes #317.

I decided to call `chown` and `chgrp` directly to change the owner and
group (the former will almost definitely not be called; only root can
chown a file to another user, and you are not running codimd as root. It
is included for consistency).

The nodejs chown/chgrp functions only accepts uid and gid, not the names
of the user or group. The standard way to convert a group name into a gid
is the `uid-number` package. The way this package works is that

1. It spawns a new nodejs process
2. The new nodejs process calls nodejs' setgid function, which *does*
   accept both the group name and gid
3. It then calls getuid to retrieve the uid of the process, and returns
   it to the parent process via stdout.

While this *works*, it is hacky, and if we are spawning a process
anyway, might as well call `chgrp` directly.

This does not update the documentation because we are merging into
release/2.0.x but master reworks the configuration section of the
documentation, so there will be a conflict when we merge anyway.

Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-20 23:04:38 +08:00
Sheogorath
77fbfa33a1
Merge pull request #412 from dalcde/perm
Fix default permission
2020-06-20 14:57:33 +02:00
Dexter Chua
87be26c57e Fix default permission
The code intends to check if the note is anonymous by checking if it has
an owner. If it is anonymous, the default permission must be `freely`.
However, at this point in the code, `owner` is never populated; only
`ownerId` is. The property `owner` is automatically filled in *after*
the Note is created, but this call happens before that.

Thus, the default note permission is always `freely`, regardless of the
`defaultPermission` setting. By checking `ownerId` instead of `owner`,
the anonymity and hence default permission is correctly determined,

This is especially an issue when `allowAnonymous` is `false`, since this
would allow the user to create a note with `freely` permission when it
should not be allowed.

Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-20 20:37:05 +08:00
Sheogorath
4aa4d01d91
Merge pull request #413 from dalcde/soul
Fully dedicate our soul to yarn
2020-06-20 13:48:52 +02:00
Dexter Chua
c112a15171 Fully dedicate our soul to yarn
Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-18 16:18:37 +08:00
Dexter Chua
852868419d Generic OAuth2: Set state: true
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.

Signed-off-by: Dexter Chua <dalcde@yahoo.com.hk>
2020-06-16 16:45:57 +08:00
Sheogorath
1945a73c11
Merge pull request #388 from codimd/refactor_user
Refactor User model & profile-parsing
2020-06-13 11:24:05 +02:00
David Mehren
e05191eeed
Move src/lib/utils.ts to src/lib/utils/functions.ts
We probably don't want a utils directory and a utils file.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-06-12 22:15:04 +02:00
David Mehren
20fbb39b3e
Separate User and PhotoProfile classes into their own files
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-06-12 22:10:57 +02:00
David Mehren
5852b45bdd
Move ProviderEnum and PassportProfile to web/auth/utils.ts
These two are directly related with auth stuff and seem to fit much better there.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-06-06 20:16:48 +02:00
David Mehren
4e7c82dc3b
Move profile-related functions into PhotoProfile
The previous Profile type was renamed to PassportProfile, as it is only used for profile-information from Passport plugins.
All functions relating to profile-parsing are now encapsulated in the PhotoProfile class (naming still debatable).

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-06-06 20:16:48 +02:00
Sheogorath
4552085ae0
Merge pull request #290 from SISheogorath/feature/build-commands
Split frontend and backend build
2020-06-04 17:14:42 +02:00
Sheogorath
5ced1f3cdd
Split frontend and backend build
It should be possible to run a backend build without the need to start
the application and without the need to fiddle around with PATH or
fiddling with `node_modules`. Therefore this patch splits the build
command into `build-frontend` and `build-backend`, which will allow
those builds to be done independent and have a separate command `build`
which will provide the combination of both of them.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-06-03 11:59:03 +02:00
David Mehren
d8265e4085
Merge pull request #369 from davidmehren/make-eslint-happy-again 2020-06-01 20:19:37 +02:00
David Mehren
908bf36fa0
Make authorships show up again
It turns out our shiny new typed ES2015 `Map`s are not serializable to JSON. :(
Luckily, we only use strings as keys and can write a function that converts them to serializable objects!

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-06-01 20:14:27 +02:00
David Mehren
17f3dc1877
realtime.ts: Minor cleanups
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-31 21:40:35 +02:00
David Mehren
d2963eedc6
realtime.ts: Fix bug in user-color setup
The code was incorrectly migrated from JavaScript set colors in the wrong way.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-31 21:40:05 +02:00
David Mehren
5c4820483c
realtime.ts: Fix bug in emitOnlineUsers()
We incorrectly iterated over Map.keys() instead of Map.values()

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-31 21:38:42 +02:00
David Mehren
cb0f5c1bed
Update yarn.lock
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:34:16 +02:00
David Mehren
9c894633a8
Many types (and corresponding changes to keek tsc happy) in realtime.ts
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:34:16 +02:00
David Mehren
591096ce8b
Add @types/codemirror
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:47 +02:00
Yannick Bungers
e8a34e7ced
More Types for realtime.ts
Signed-off-by: Yannick Bungers <git@innay.de>
2020-05-25 23:33:20 +02:00
David Mehren
ed9a89efb5
Type fix in User model
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:20 +02:00
David Mehren
2fc2219bb4
Type fix in dmpWorker
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:20 +02:00
David Mehren
5a6ec56a7e
Cleanups lib/web/note
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:20 +02:00
David Mehren
280fda1d6c
Fix note history updating 🐛
a7aaded6 started to use a Map for a users note history in various places, but didn't update the code to actually use the Map operations. This broke updating the note history.

Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-25 23:33:20 +02:00
Yannick Bungers
f208f3eeef
Types for realtime.ts
Signed-off-by: Yannick Bungers <git@innay.de>
2020-05-25 23:33:19 +02:00
David Mehren
d925b0cc5f
Types and lint fixes in lib/web/auth
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-24 18:38:24 +02:00
David Mehren
762e58b0d4
Do not lint migration code
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-24 18:11:47 +02:00
David Mehren
8b6d5a64f0
Types and lint fixes in lib/web/note
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-24 18:10:37 +02:00
David Mehren
b01bb93813
More types for Note
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-24 17:49:32 +02:00
David Mehren
1f517bfb99
More types for history, config/interfaces and Request.flash
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-24 17:07:13 +02:00
David Mehren
fa301ab450
Re-exclude OT code from eslint
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-23 23:24:01 +02:00
Sheogorath
7fe44cb867
Merge pull request #355 from davidmehren/tests-in-typescript
Migrate tests to typescript
2020-05-23 16:45:39 +02:00
David Mehren
1e79ef8a4e
Fix relative path in web/note/util
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-23 14:45:51 +02:00
David Mehren
a148e4d799
Add @types for sinon
Signed-off-by: David Mehren <dmehren1@gmail.com>
2020-05-22 21:48:15 +02:00