overleaf/services/real-time/app/coffee/Router.coffee

metrics = require "metrics-sharelatex"
logger = require "logger-sharelatex"
settings = require "settings-sharelatex"
WebsocketController = require "./WebsocketController"
HttpController = require "./HttpController"
HttpApiController = require "./HttpApiController"
bodyParser = require "body-parser"
base64id = require("base64id")

basicAuth = require('basic-auth-connect')
httpAuth = basicAuth (user, pass)->
	isValid = user == settings.internal.realTime.user and pass == settings.internal.realTime.pass
	if !isValid
		logger.err user:user, pass:pass, "invalid login details"
	return isValid

module.exports = Router =
	_handleError: (callback = ((error) ->), error, client, method, attrs = {}) ->
			for key in ["project_id", "doc_id", "user_id"]
				attrs[key] = client.ol_context[key]
			attrs.client_id = client.id
			attrs.err = error
			if error.name == "CodedError"
				logger.warn attrs, error.message, code: error.code
				return callback {message: error.message, code: error.code}
			if error.message == 'unexpected arguments'
				# the payload might be very large, put it on level info
				logger.log attrs, 'unexpected arguments'
				metrics.inc 'unexpected-arguments', 1, { status: method }
				return callback { message: error.message }
			if error.message in ["not authorized", "doc updater could not load requested ops", "no project_id found on client"]
				logger.warn attrs, error.message
				return callback {message: error.message}
			else
				logger.error attrs, "server side error in #{method}"
				# Don't return raw error to prevent leaking server side info
				return callback {message: "Something went wrong in real-time service"}

	_handleInvalidArguments: (client, method, args) ->
		error = new Error("unexpected arguments")
		callback = args[args.length - 1]
		if typeof callback != 'function'
			callback = (() ->)
		attrs = {arguments: args}
		Router._handleError(callback, error, client, method, attrs)

	configure: (app, io, session) ->
		app.set("io", io)
		app.get "/clients", HttpController.getConnectedClients
		app.get "/clients/:client_id", HttpController.getConnectedClient

		app.post "/project/:project_id/message/:message", httpAuth, bodyParser.json(limit: "5mb"), HttpApiController.sendMessage
		
		app.post "/drain", httpAuth, HttpApiController.startDrain
		app.post "/client/:client_id/disconnect", httpAuth, HttpApiController.disconnectClient

		session.on 'connection', (error, client, session) ->
			client.ol_context = {} unless client.ol_context

			client?.on "error", (err) ->
				logger.err { clientErr: err }, "socket.io client error"
				if client.connected
					client.emit("reconnectGracefully")
					client.disconnect()

			if settings.shutDownInProgress
				client.emit("connectionRejected", {message: "retry"})
				client.disconnect()
				return

			if client? and error?.message?.match(/could not look up session by key/)
				logger.warn err: error, client: client?, session: session?, "invalid session"
				# tell the client to reauthenticate if it has an invalid session key
				client.emit("connectionRejected", {message: "invalid session"})
				client.disconnect()
				return

			if error?
				logger.err err: error, client: client?, session: session?, "error when client connected"
				client?.emit("connectionRejected", {message: "error"})
				client?.disconnect()
				return

			# send positive confirmation that the client has a valid connection
			client.publicId = 'P.' + base64id.generateId()
			client.emit("connectionAccepted", null, client.publicId)

			metrics.inc('socket-io.connection')
			metrics.gauge('socket-io.clients', io.sockets.clients()?.length)

			logger.log session: session, client_id: client.id, "client connected"

			if session?.passport?.user?
				user = session.passport.user
			else if session?.user?
				user = session.user
			else
				user = {_id: "anonymous-user"}

			client.on "joinProject", (data = {}, callback) ->
				if typeof callback != 'function'
					return Router._handleInvalidArguments(client, 'joinProject', arguments)

				if data.anonymousAccessToken
					user.anonymousAccessToken = data.anonymousAccessToken
				WebsocketController.joinProject client, user, data.project_id, (err, args...) ->
					if err?
						Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}
					else
						callback(null, args...)

			client.on "disconnect", () ->
				metrics.inc('socket-io.disconnect')
				metrics.gauge('socket-io.clients', io.sockets.clients()?.length - 1)

				WebsocketController.leaveProject io, client, (err) ->
					if err?
						Router._handleError (() ->), err, client, "leaveProject"

			# Variadic. The possible arguments:
			# doc_id, callback
			# doc_id, fromVersion, callback
			# doc_id, options, callback
			# doc_id, fromVersion, options, callback
			client.on "joinDoc", (doc_id, fromVersion, options, callback) ->
				if typeof fromVersion == "function" and !options
					callback = fromVersion
					fromVersion = -1
					options = {}
				else if typeof fromVersion == "number" and typeof options == "function"
					callback = options
					options = {}
				else if typeof fromVersion == "object" and typeof options == "function"
					callback = options
					options = fromVersion
					fromVersion = -1
				else if typeof fromVersion == "number" and typeof options == "object" and typeof callback == 'function'
					# Called with 4 args, things are as expected
				else
					return Router._handleInvalidArguments(client, 'joinDoc', arguments)

				WebsocketController.joinDoc client, doc_id, fromVersion, options, (err, args...) ->
					if err?
						Router._handleError callback, err, client, "joinDoc", {doc_id, fromVersion}
					else
						callback(null, args...)

			client.on "leaveDoc", (doc_id, callback) ->
				if typeof callback != 'function'
					return Router._handleInvalidArguments(client, 'leaveDoc', arguments)

				WebsocketController.leaveDoc client, doc_id, (err, args...) ->
					if err?
						Router._handleError callback, err, client, "leaveDoc"
					else
						callback(null, args...)

			client.on "clientTracking.getConnectedUsers", (callback = (error, users) ->) ->
				if typeof callback != 'function'
					return Router._handleInvalidArguments(client, 'clientTracking.getConnectedUsers', arguments)

				WebsocketController.getConnectedUsers client, (err, users) ->
					if err?
						Router._handleError callback, err, client, "clientTracking.getConnectedUsers"
					else
						callback(null, users)

			client.on "clientTracking.updatePosition", (cursorData, callback = (error) ->) ->
				if typeof callback != 'function'
					return Router._handleInvalidArguments(client, 'clientTracking.updatePosition', arguments)

				WebsocketController.updateClientPosition client, cursorData, (err) ->
					if err?
						Router._handleError callback, err, client, "clientTracking.updatePosition"
					else
						callback()

			client.on "applyOtUpdate", (doc_id, update, callback = (error) ->) ->
				if typeof callback != 'function'
					return Router._handleInvalidArguments(client, 'applyOtUpdate', arguments)

				WebsocketController.applyOtUpdate client, doc_id, update, (err) ->
					if err?
						Router._handleError callback, err, client, "applyOtUpdate", {doc_id, update}
					else
						callback()
Add metrics into all end points 2014-11-17 08:12:49 -05:00			`metrics = require "metrics-sharelatex"`
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`logger = require "logger-sharelatex"`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00			`settings = require "settings-sharelatex"`
Create joinProject socket.io endpoint 2014-11-10 06:27:08 -05:00			`WebsocketController = require "./WebsocketController"`
Add in /clients and /client/:client_id status end points 2014-11-13 06:48:49 -05:00			`HttpController = require "./HttpController"`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00			`HttpApiController = require "./HttpApiController"`
			`bodyParser = require "body-parser"`
[misc] socket.io: use a secondary publicId for public facing usages 2020-06-04 10:52:13 -04:00			`base64id = require("base64id")`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00
			`basicAuth = require('basic-auth-connect')`
			`httpAuth = basicAuth (user, pass)->`
			`isValid = user == settings.internal.realTime.user and pass == settings.internal.realTime.pass`
			`if !isValid`
			`logger.err user:user, pass:pass, "invalid login details"`
			`return isValid`
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00
			`module.exports = Router =`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00			`_handleError: (callback = ((error) ->), error, client, method, attrs = {}) ->`
			`for key in ["project_id", "doc_id", "user_id"]`
			`attrs[key] = client.ol_context[key]`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`attrs.client_id = client.id`
			`attrs.err = error`
Generate retryable error when hitting rate limits in web 2019-08-31 09:04:36 -04:00			`if error.name == "CodedError"`
			`logger.warn attrs, error.message, code: error.code`
			`return callback {message: error.message, code: error.code}`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`if error.message == 'unexpected arguments'`
[misc] add test cases for the validation of the callback argument When the user provides a function as last argument for socket.emit, socket.io will flag this as an RPC and add a cb as the last argument to the client.on('event', ...) handler on the server side. Without a function as last argument for socket.emit, the callback argument on the server side is undefined, leading to invalid function calls (`undefined()`) and an unhandled exception. The user can also provide lots of other arguments, so the 2nd/3rd ... argument is of arbitrary type, again leading to invalid function calls -- e.g. `1()`. 2020-06-09 11:30:03 -04:00			`# the payload might be very large, put it on level info`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`logger.log attrs, 'unexpected arguments'`
			`metrics.inc 'unexpected-arguments', 1, { status: method }`
			`return callback { message: error.message }`
convert errors to warnings 2017-11-10 10:01:23 -05:00			`if error.message in ["not authorized", "doc updater could not load requested ops", "no project_id found on client"]`
Return semantic error if doc ops range is not loaded 2016-05-31 09:21:23 -04:00			`logger.warn attrs, error.message`
Return a 'not authorized' error if the user is not logged in/authorized 2016-05-31 06:49:51 -04:00			`return callback {message: error.message}`
			`else`
			`logger.error attrs, "server side error in #{method}"`
			`# Don't return raw error to prevent leaking server side info`
			`return callback {message: "Something went wrong in real-time service"}`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`_handleInvalidArguments: (client, method, args) ->`
			`error = new Error("unexpected arguments")`
			`callback = args[args.length - 1]`
			`if typeof callback != 'function'`
			`callback = (() ->)`
			`attrs = {arguments: args}`
			`Router._handleError(callback, error, client, method, attrs)`

Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`configure: (app, io, session) ->`
Refactor client attribute fetching and logging 2014-11-13 07:03:43 -05:00			`app.set("io", io)`
			`app.get "/clients", HttpController.getConnectedClients`
			`app.get "/clients/:client_id", HttpController.getConnectedClient`
Relay messages received via HTTP into the project 2015-03-03 12:15:19 -05:00
			`app.post "/project/:project_id/message/:message", httpAuth, bodyParser.json(limit: "5mb"), HttpApiController.sendMessage`
Add end point to start draining clients 2016-10-24 11:36:09 -04:00
			`app.post "/drain", httpAuth, HttpApiController.startDrain`
[HttpApiController] implement the disconnection of a single client The http route returns as soon as the client has fully disconnected. 2020-02-24 07:28:22 -05:00			`app.post "/client/:client_id/disconnect", httpAuth, HttpApiController.disconnectClient`
Update session code 2016-09-07 03:58:35 -04:00
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`session.on 'connection', (error, client, session) ->`
[Router] gracefully set and do not reset the ol_context 2020-04-21 07:45:23 -04:00			`client.ol_context = {} unless client.ol_context`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00
Catch errors from socket.io and attempt graceful cleanup 2019-10-17 07:45:56 -04:00			`client?.on "error", (err) ->`
use a separate field for client errors 2020-02-03 09:47:45 -05:00			`logger.err { clientErr: err }, "socket.io client error"`
Catch errors from socket.io and attempt graceful cleanup 2019-10-17 07:45:56 -04:00			`if client.connected`
Revert "Merge pull request #91 from overleaf/spd-trycatch-all-the-things" This reverts commit 2bf7f14f9d050c58f141f465633bb6e274b903dd, reversing changes made to 989240812532ca43a52513339f4dda8f44a80a64. 2020-02-05 05:05:36 -05:00			`client.emit("reconnectGracefully")`
			`client.disconnect()`
Catch errors from socket.io and attempt graceful cleanup 2019-10-17 07:45:56 -04:00
reject connections when shutdown in progress send a message to the client to reconnect immediately 2019-08-13 11:59:15 -04:00			`if settings.shutDownInProgress`
Revert "Merge pull request #91 from overleaf/spd-trycatch-all-the-things" This reverts commit 2bf7f14f9d050c58f141f465633bb6e274b903dd, reversing changes made to 989240812532ca43a52513339f4dda8f44a80a64. 2020-02-05 05:05:36 -05:00			`client.emit("connectionRejected", {message: "retry"})`
			`client.disconnect()`
reject connections when shutdown in progress send a message to the client to reconnect immediately 2019-08-13 11:59:15 -04:00			`return`

send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`if client? and error?.message?.match(/could not look up session by key/)`
convert errors to warnings 2017-11-10 10:01:23 -05:00			`logger.warn err: error, client: client?, session: session?, "invalid session"`
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`# tell the client to reauthenticate if it has an invalid session key`
Revert "Merge pull request #91 from overleaf/spd-trycatch-all-the-things" This reverts commit 2bf7f14f9d050c58f141f465633bb6e274b903dd, reversing changes made to 989240812532ca43a52513339f4dda8f44a80a64. 2020-02-05 05:05:36 -05:00			`client.emit("connectionRejected", {message: "invalid session"})`
			`client.disconnect()`
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`return`

Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`if error?`
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`logger.err err: error, client: client?, session: session?, "error when client connected"`
Revert "Merge pull request #91 from overleaf/spd-trycatch-all-the-things" This reverts commit 2bf7f14f9d050c58f141f465633bb6e274b903dd, reversing changes made to 989240812532ca43a52513339f4dda8f44a80a64. 2020-02-05 05:05:36 -05:00			`client?.emit("connectionRejected", {message: "error"})`
			`client?.disconnect()`
Create framework for real-time API with session authentication 2014-11-07 12:38:12 -05:00			`return`
Update session code 2016-09-07 03:58:35 -04:00
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00			`# send positive confirmation that the client has a valid connection`
[misc] Router: prefix the publicId with 'P.' for easy differentiation 2020-06-08 06:29:40 -04:00			`client.publicId = 'P.' + base64id.generateId()`
[misc] socket.io: use a secondary publicId for public facing usages 2020-06-04 10:52:13 -04:00			`client.emit("connectionAccepted", null, client.publicId)`
send connectionAccepted/Rejected events on connect let the client know whether it has successfully authenticated 2016-10-28 10:40:03 -04:00
Add metrics into all end points 2014-11-17 08:12:49 -05:00			`metrics.inc('socket-io.connection')`
add connected client count metric 2019-08-14 10:22:03 -04:00			`metrics.gauge('socket-io.clients', io.sockets.clients()?.length)`
Update session code 2016-09-07 03:58:35 -04:00
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`logger.log session: session, client_id: client.id, "client connected"`
Update session code 2016-09-07 03:58:35 -04:00
			`if session?.passport?.user?`
			`user = session.passport.user`
			`else if session?.user?`
Support anonymous access 2014-11-21 06:48:59 -05:00			`user = session.user`
Update session code 2016-09-07 03:58:35 -04:00			`else`
			`user = {_id: "anonymous-user"}`

Create joinProject socket.io endpoint 2014-11-10 06:27:08 -05:00			`client.on "joinProject", (data = {}, callback) ->`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`if typeof callback != 'function'`
			`return Router._handleInvalidArguments(client, 'joinProject', arguments)`

Change `anonToken` to `anonymousAccessToken` 2017-10-20 05:10:58 -04:00			`if data.anonymousAccessToken`
			`user.anonymousAccessToken = data.anonymousAccessToken`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`WebsocketController.joinProject client, user, data.project_id, (err, args...) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "joinProject", {project_id: data.project_id, user_id: user?.id}`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`else`
			`callback(null, args...)`
Update session code 2016-09-07 03:58:35 -04:00
Add acceptence tests for leaving(disconnecting) from a project 2014-11-17 07:23:30 -05:00			`client.on "disconnect", () ->`
Add metrics into all end points 2014-11-17 08:12:49 -05:00			`metrics.inc('socket-io.disconnect')`
fix client count so that result is zero when all clients have left 2019-08-14 10:34:23 -04:00			`metrics.gauge('socket-io.clients', io.sockets.clients()?.length - 1)`
[misc] synchronous client store using an Object at .ol_context 2020-02-24 08:32:20 -05:00
Add acceptence tests for leaving(disconnecting) from a project 2014-11-17 07:23:30 -05:00			`WebsocketController.leaveProject io, client, (err) ->`
			`if err?`
[Router] gracefully set and do not reset the ol_context 2020-04-21 07:45:23 -04:00			`Router._handleError (() ->), err, client, "leaveProject"`
Update session code 2016-09-07 03:58:35 -04:00
Switch order of args 2017-09-21 10:19:19 -04:00			`# Variadic. The possible arguments:`
Handle options not being passed 2017-09-21 09:58:49 -04:00			`# doc_id, callback`
			`# doc_id, fromVersion, callback`
			`# doc_id, options, callback`
Switch order of args 2017-09-21 10:19:19 -04:00			`# doc_id, fromVersion, options, callback`
			`client.on "joinDoc", (doc_id, fromVersion, options, callback) ->`
Make variadic options more explicit 2017-09-21 11:55:49 -04:00			`if typeof fromVersion == "function" and !options`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`callback = fromVersion`
			`fromVersion = -1`
Make variadic options more explicit 2017-09-21 11:55:49 -04:00			`options = {}`
			`else if typeof fromVersion == "number" and typeof options == "function"`
Switch order of args 2017-09-21 10:19:19 -04:00			`callback = options`
			`options = {}`
Make variadic options more explicit 2017-09-21 11:55:49 -04:00			`else if typeof fromVersion == "object" and typeof options == "function"`
Switch order of args 2017-09-21 10:19:19 -04:00			`callback = options`
Make variadic options more explicit 2017-09-21 11:55:49 -04:00			`options = fromVersion`
			`fromVersion = -1`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`else if typeof fromVersion == "number" and typeof options == "object" and typeof callback == 'function'`
Make variadic options more explicit 2017-09-21 11:55:49 -04:00			`# Called with 4 args, things are as expected`
			`else`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`return Router._handleInvalidArguments(client, 'joinDoc', arguments)`
Update session code 2016-09-07 03:58:35 -04:00
Make args order consistent 2017-09-21 11:56:09 -04:00			`WebsocketController.joinDoc client, doc_id, fromVersion, options, (err, args...) ->`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "joinDoc", {doc_id, fromVersion}`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`else`
			`callback(null, args...)`
Update session code 2016-09-07 03:58:35 -04:00
Add in leaveDoc end point 2014-11-12 11:51:48 -05:00			`client.on "leaveDoc", (doc_id, callback) ->`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`if typeof callback != 'function'`
			`return Router._handleInvalidArguments(client, 'leaveDoc', arguments)`

Add in leaveDoc end point 2014-11-12 11:51:48 -05:00			`WebsocketController.leaveDoc client, doc_id, (err, args...) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "leaveDoc"`
Add in leaveDoc end point 2014-11-12 11:51:48 -05:00			`else`
Add in /clients and /client/:client_id status end points 2014-11-13 06:48:49 -05:00			`callback(null, args...)`
Update session code 2016-09-07 03:58:35 -04:00
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`client.on "clientTracking.getConnectedUsers", (callback = (error, users) ->) ->`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`if typeof callback != 'function'`
			`return Router._handleInvalidArguments(client, 'clientTracking.getConnectedUsers', arguments)`

Mark user as connected for cursor updates when joining project 2014-11-13 08:05:49 -05:00			`WebsocketController.getConnectedUsers client, (err, users) ->`
			`if err?`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`Router._handleError callback, err, client, "clientTracking.getConnectedUsers"`
Mark user as connected for cursor updates when joining project 2014-11-13 08:05:49 -05:00			`else`
			`callback(null, users)`
Update session code 2016-09-07 03:58:35 -04:00
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`client.on "clientTracking.updatePosition", (cursorData, callback = (error) ->) ->`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`if typeof callback != 'function'`
			`return Router._handleInvalidArguments(client, 'clientTracking.updatePosition', arguments)`

Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`WebsocketController.updateClientPosition client, cursorData, (err) ->`
			`if err?`
			`Router._handleError callback, err, client, "clientTracking.updatePosition"`
Add acceptance tests for applyOtUpdate 2014-11-14 05:12:35 -05:00			`else`
			`callback()`
Update session code 2016-09-07 03:58:35 -04:00
Add acceptance tests for applyOtUpdate 2014-11-14 05:12:35 -05:00			`client.on "applyOtUpdate", (doc_id, update, callback = (error) ->) ->`
[Router] validate the callback argument 2020-05-22 04:17:50 -04:00			`if typeof callback != 'function'`
			`return Router._handleInvalidArguments(client, 'applyOtUpdate', arguments)`

Add acceptance tests for applyOtUpdate 2014-11-14 05:12:35 -05:00			`WebsocketController.applyOtUpdate client, doc_id, update, (err) ->`
			`if err?`
			`Router._handleError callback, err, client, "applyOtUpdate", {doc_id, update}`
Add in clientTracking.updatePosition end point 2014-11-13 10:27:18 -05:00			`else`
Return a 'not authorized' error if the user is not logged in/authorized 2016-05-31 06:49:51 -04:00			`callback()`