mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-29 10:53:35 -05:00
Merge pull request #4929 from overleaf/jk-fix-disconnect-users
Fix /disconnectAllUsers endpoint security GitOrigin-RevId: 57858daa5a076c37332bc575e76ffd6b1a1bd914
This commit is contained in:
parent
9ee1e29286
commit
49ac6e2e6b
3 changed files with 28 additions and 10 deletions
|
@ -52,6 +52,13 @@ var updateOpenConnetionsMetrics = function () {
|
|||
setTimeout(updateOpenConnetionsMetrics, oneMinInMs)
|
||||
|
||||
const AdminController = {
|
||||
_sendDisconnectAllUsersMessage: delay => {
|
||||
return EditorRealTimeController.emitToAll(
|
||||
'forceDisconnect',
|
||||
'Sorry, we are performing a quick update to the editor and need to close it down. Please refresh the page to continue.',
|
||||
delay
|
||||
)
|
||||
},
|
||||
index: (req, res, next) => {
|
||||
let agents, url
|
||||
let agent
|
||||
|
@ -101,11 +108,7 @@ const AdminController = {
|
|||
disconnectAllUsers: (req, res) => {
|
||||
logger.warn('disconecting everyone')
|
||||
const delay = (req.query && req.query.delay) > 0 ? req.query.delay : 10
|
||||
EditorRealTimeController.emitToAll(
|
||||
'forceDisconnect',
|
||||
'Sorry, we are performing a quick update to the editor and need to close it down. Please refresh the page to continue.',
|
||||
delay
|
||||
)
|
||||
this._sendDisconnectAllUsersMessage(delay)
|
||||
return res.sendStatus(200)
|
||||
},
|
||||
|
||||
|
|
|
@ -996,11 +996,6 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
|
|||
AdminController.unregisterServiceWorker
|
||||
)
|
||||
|
||||
privateApiRouter.post(
|
||||
'/disconnectAllUsers',
|
||||
AdminController.disconnectAllUsers
|
||||
)
|
||||
|
||||
privateApiRouter.get('/perfTest', (req, res) => res.send('hello'))
|
||||
|
||||
publicApiRouter.get('/status', (req, res) => {
|
||||
|
|
20
services/web/scripts/disconnect_all_users.js
Normal file
20
services/web/scripts/disconnect_all_users.js
Normal file
|
@ -0,0 +1,20 @@
|
|||
const AdminController = require('../app/src/Features/ServerAdmin/AdminController')
|
||||
|
||||
if (require.main === module) {
|
||||
if (['--help', 'help'].includes(process.argv[2])) {
|
||||
console.log('\n usage: node disconnect_all_users.js [delay-in-seconds]\n')
|
||||
process.exit(1)
|
||||
}
|
||||
const delaySecondsString = process.argv[2]
|
||||
const delay = parseInt(delaySecondsString, 10) || 10
|
||||
console.log(`Disconnect all users, with delay ${delay}`)
|
||||
AdminController._sendDisconnectAllUsersMessage(delay)
|
||||
.then(() => {
|
||||
console.error('Done.')
|
||||
process.exit(0)
|
||||
})
|
||||
.catch(err => {
|
||||
console.error('Error', err)
|
||||
process.exit(1)
|
||||
})
|
||||
}
|
Loading…
Reference in a new issue