mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #4929 from overleaf/jk-fix-disconnect-users
Fix /disconnectAllUsers endpoint security GitOrigin-RevId: 57858daa5a076c37332bc575e76ffd6b1a1bd914
This commit is contained in:
June Kelly
Copybot
parent
9ee1e29286
commit
49ac6e2e6b
3 changed files with 28 additions and 10 deletions
|
|
@ -52,6 +52,13 @@ var updateOpenConnetionsMetrics = function () {
|
||||||
setTimeout(updateOpenConnetionsMetrics, oneMinInMs)
|
setTimeout(updateOpenConnetionsMetrics, oneMinInMs)
|
||||||
|
|
||||||
const AdminController = {
|
const AdminController = {
|
||||||
|
_sendDisconnectAllUsersMessage: delay => {
|
||||||
|
return EditorRealTimeController.emitToAll(
|
||||||
|
'forceDisconnect',
|
||||||
|
'Sorry, we are performing a quick update to the editor and need to close it down. Please refresh the page to continue.',
|
||||||
|
delay
|
||||||
|
)
|
||||||
|
},
|
||||||
index: (req, res, next) => {
|
index: (req, res, next) => {
|
||||||
let agents, url
|
let agents, url
|
||||||
let agent
|
let agent
|
||||||
|
|
@ -101,11 +108,7 @@ const AdminController = {
|
||||||
disconnectAllUsers: (req, res) => {
|
disconnectAllUsers: (req, res) => {
|
||||||
logger.warn('disconecting everyone')
|
logger.warn('disconecting everyone')
|
||||||
const delay = (req.query && req.query.delay) > 0 ? req.query.delay : 10
|
const delay = (req.query && req.query.delay) > 0 ? req.query.delay : 10
|
||||||
EditorRealTimeController.emitToAll(
|
this._sendDisconnectAllUsersMessage(delay)
|
||||||
'forceDisconnect',
|
|
||||||
'Sorry, we are performing a quick update to the editor and need to close it down. Please refresh the page to continue.',
|
|
||||||
delay
|
|
||||||
)
|
|
||||||
return res.sendStatus(200)
|
return res.sendStatus(200)
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -996,11 +996,6 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
|
||||||
AdminController.unregisterServiceWorker
|
AdminController.unregisterServiceWorker
|
||||||
)
|
)
|
||||||
|
|
||||||
privateApiRouter.post(
|
|
||||||
'/disconnectAllUsers',
|
|
||||||
AdminController.disconnectAllUsers
|
|
||||||
)
|
|
||||||
|
|
||||||
privateApiRouter.get('/perfTest', (req, res) => res.send('hello'))
|
privateApiRouter.get('/perfTest', (req, res) => res.send('hello'))
|
||||||
|
|
||||||
publicApiRouter.get('/status', (req, res) => {
|
publicApiRouter.get('/status', (req, res) => {
|
||||||
|
|
|
||||||
20
services/web/scripts/disconnect_all_users.js
Normal file
20
services/web/scripts/disconnect_all_users.js
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
const AdminController = require('../app/src/Features/ServerAdmin/AdminController')
|
||||||
|
|
||||||
|
if (require.main === module) {
|
||||||
|
if (['--help', 'help'].includes(process.argv[2])) {
|
||||||
|
console.log('\n usage: node disconnect_all_users.js [delay-in-seconds]\n')
|
||||||
|
process.exit(1)
|
||||||
|
}
|
||||||
|
const delaySecondsString = process.argv[2]
|
||||||
|
const delay = parseInt(delaySecondsString, 10) || 10
|
||||||
|
console.log(`Disconnect all users, with delay ${delay}`)
|
||||||
|
AdminController._sendDisconnectAllUsersMessage(delay)
|
||||||
|
.then(() => {
|
||||||
|
console.error('Done.')
|
||||||
|
process.exit(0)
|
||||||
|
})
|
||||||
|
.catch(err => {
|
||||||
|
console.error('Error', err)
|
||||||
|
process.exit(1)
|
||||||
|
})
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue