Merge pull request #147 from overleaf/jpa-backport-141

[backport] 141: Router: validate the callback argument
This commit is contained in:
Jakob Ackermann 2020-06-09 14:41:24 +02:00 committed by GitHub
commit 1c9eaf574a

View file

@ -25,6 +25,10 @@ module.exports = Router =
if error.name == "CodedError"
logger.warn attrs, error.message, code: error.code
return callback {message: error.message, code: error.code}
if error.message == 'unexpected arguments'
logger.log attrs, 'unexpected arguments'
metrics.inc 'unexpected-arguments', 1, { status: method }
return callback { message: error.message }
if error.message in ["not authorized", "doc updater could not load requested ops", "no project_id found on client"]
logger.warn attrs, error.message
return callback {message: error.message}
@ -33,6 +37,14 @@ module.exports = Router =
# Don't return raw error to prevent leaking server side info
return callback {message: "Something went wrong in real-time service"}
_handleInvalidArguments: (client, method, args) ->
error = new Error("unexpected arguments")
callback = args[args.length - 1]
if typeof callback != 'function'
callback = (() ->)
attrs = {arguments: args}
Router._handleError(callback, error, client, method, attrs)
configure: (app, io, session) ->
app.set("io", io)
app.get "/clients", HttpController.getConnectedClients
@ -84,6 +96,9 @@ module.exports = Router =
user = {_id: "anonymous-user"}
client.on "joinProject", (data = {}, callback) ->
if typeof callback != 'function'
return Router._handleInvalidArguments(client, 'joinProject', arguments)
if data.anonymousAccessToken
user.anonymousAccessToken = data.anonymousAccessToken
WebsocketController.joinProject client, user, data.project_id, (err, args...) ->
@ -116,11 +131,10 @@ module.exports = Router =
callback = options
options = fromVersion
fromVersion = -1
else if typeof fromVersion == "number" and typeof options == "object"
else if typeof fromVersion == "number" and typeof options == "object" and typeof callback == 'function'
# Called with 4 args, things are as expected
else
logger.error { arguments: arguments }, "unexpected arguments"
return callback?(new Error("unexpected arguments"))
return Router._handleInvalidArguments(client, 'joinDoc', arguments)
WebsocketController.joinDoc client, doc_id, fromVersion, options, (err, args...) ->
if err?
@ -129,6 +143,9 @@ module.exports = Router =
callback(null, args...)
client.on "leaveDoc", (doc_id, callback) ->
if typeof callback != 'function'
return Router._handleInvalidArguments(client, 'leaveDoc', arguments)
WebsocketController.leaveDoc client, doc_id, (err, args...) ->
if err?
Router._handleError callback, err, client, "leaveDoc"
@ -136,6 +153,9 @@ module.exports = Router =
callback(null, args...)
client.on "clientTracking.getConnectedUsers", (callback = (error, users) ->) ->
if typeof callback != 'function'
return Router._handleInvalidArguments(client, 'clientTracking.getConnectedUsers', arguments)
WebsocketController.getConnectedUsers client, (err, users) ->
if err?
Router._handleError callback, err, client, "clientTracking.getConnectedUsers"
@ -143,6 +163,9 @@ module.exports = Router =
callback(null, users)
client.on "clientTracking.updatePosition", (cursorData, callback = (error) ->) ->
if typeof callback != 'function'
return Router._handleInvalidArguments(client, 'clientTracking.updatePosition', arguments)
WebsocketController.updateClientPosition client, cursorData, (err) ->
if err?
Router._handleError callback, err, client, "clientTracking.updatePosition"
@ -150,6 +173,9 @@ module.exports = Router =
callback()
client.on "applyOtUpdate", (doc_id, update, callback = (error) ->) ->
if typeof callback != 'function'
return Router._handleInvalidArguments(client, 'applyOtUpdate', arguments)
WebsocketController.applyOtUpdate client, doc_id, update, (err) ->
if err?
Router._handleError callback, err, client, "applyOtUpdate", {doc_id, update}