From 5e17a4c9283d6b6b860a78785179710499b9055e Mon Sep 17 00:00:00 2001
From: Miguel Serrano <mserranom@users.noreply.github.com>
Date: Tue, 10 Dec 2019 15:06:40 +0100
Subject: [PATCH] Hotfix 2.0.2 (#130)

---
 hotfix/2.0.2/1-anon-upload.patch         | 60 ++++++++++++++++++++++++
 hotfix/2.0.2/2-read-only-access.patch    | 11 +++++
 hotfix/2.0.2/3-url-linking-1.patch       | 11 +++++
 hotfix/2.0.2/4-url-linking-2.patch       | 20 ++++++++
 hotfix/2.0.2/5-disable-analytics-1.patch | 26 ++++++++++
 hotfix/2.0.2/6-disable-analytics-2.patch | 10 ++++
 hotfix/2.0.2/Dockerfile                  | 31 ++++++++++++
 7 files changed, 169 insertions(+)
 create mode 100644 hotfix/2.0.2/1-anon-upload.patch
 create mode 100644 hotfix/2.0.2/2-read-only-access.patch
 create mode 100644 hotfix/2.0.2/3-url-linking-1.patch
 create mode 100644 hotfix/2.0.2/4-url-linking-2.patch
 create mode 100644 hotfix/2.0.2/5-disable-analytics-1.patch
 create mode 100644 hotfix/2.0.2/6-disable-analytics-2.patch
 create mode 100644 hotfix/2.0.2/Dockerfile

diff --git a/hotfix/2.0.2/1-anon-upload.patch b/hotfix/2.0.2/1-anon-upload.patch
new file mode 100644
index 0000000000..75037901e0
--- /dev/null
+++ b/hotfix/2.0.2/1-anon-upload.patch
@@ -0,0 +1,60 @@
+--- UploadsRouter.js
++++ UploadsRouter.js
+@@ -1,13 +1,3 @@
+-/* eslint-disable
+-    no-unused-vars,
+-*/
+-// TODO: This file was created by bulk-decaffeinate.
+-// Fix any style issues and re-enable lint.
+-/*
+- * decaffeinate suggestions:
+- * DS102: Remove unnecessary code created because of implicit returns
+- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
+- */
+ const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
+ const AuthenticationController = require('../Authentication/AuthenticationController')
+ const ProjectUploadController = require('./ProjectUploadController')
+@@ -28,18 +18,30 @@ module.exports = {
+       ProjectUploadController.uploadProject
+     )
+
+-    return webRouter.post(
+-      '/Project/:Project_id/upload',
+-      RateLimiterMiddleware.rateLimit({
+-        endpointName: 'file-upload',
+-        params: ['Project_id'],
+-        maxRequests: 200,
+-        timeInterval: 60 * 30
+-      }),
+-      AuthenticationController.requireLogin(),
+-      AuthorizationMiddleware.ensureUserCanWriteProjectContent,
+-      ProjectUploadController.multerMiddleware,
+-      ProjectUploadController.uploadFile
+-    )
++    const fileUploadEndpoint = '/Project/:Project_id/upload'
++    const fileUploadRateLimit = RateLimiterMiddleware.rateLimit({
++      endpointName: 'file-upload',
++      params: ['Project_id'],
++      maxRequests: 200,
++      timeInterval: 60 * 30
++    })
++    if (Settings.allowAnonymousReadAndWriteSharing) {
++      webRouter.post(
++        fileUploadEndpoint,
++        fileUploadRateLimit,
++        AuthorizationMiddleware.ensureUserCanWriteProjectContent,
++        ProjectUploadController.multerMiddleware,
++        ProjectUploadController.uploadFile
++      )
++    } else {
++      webRouter.post(
++        fileUploadEndpoint,
++        fileUploadRateLimit,
++        AuthenticationController.requireLogin(),
++        AuthorizationMiddleware.ensureUserCanWriteProjectContent,
++        ProjectUploadController.multerMiddleware,
++        ProjectUploadController.uploadFile
++      )
++    }
+   }
+ }
diff --git a/hotfix/2.0.2/2-read-only-access.patch b/hotfix/2.0.2/2-read-only-access.patch
new file mode 100644
index 0000000000..246cc3e04d
--- /dev/null
+++ b/hotfix/2.0.2/2-read-only-access.patch
@@ -0,0 +1,11 @@
+--- TokenAccessHandler.js
++++ TokenAccessHandler.js
+@@ -255,7 +255,7 @@ const TokenAccessHandler = {
+ 
+   getV1DocPublishedInfo(token, callback) {
+     // default to allowing access
+-    if (!Settings.apis || !Settings.apis.v1) {
++    if (!Settings.apis.v1 || !Settings.apis.v1.url) {
+       return callback(null, { allow: true })
+     }
+     V1Api.request(
diff --git a/hotfix/2.0.2/3-url-linking-1.patch b/hotfix/2.0.2/3-url-linking-1.patch
new file mode 100644
index 0000000000..173809842f
--- /dev/null
+++ b/hotfix/2.0.2/3-url-linking-1.patch
@@ -0,0 +1,11 @@
+--- Features.js
++++ Features.js
+@@ -53,6 +53,8 @@ module.exports = Features = {
+         return Settings.apis.references.url != null
+       case 'saml':
+         return Settings.enableSaml
++      case 'link-url':
++        return Settings.apis.linkedUrlProxy && Settings.apis.linkedUrlProxy.url
+       default:
+         throw new Error(`unknown feature: ${feature}`)
+     }
diff --git a/hotfix/2.0.2/4-url-linking-2.patch b/hotfix/2.0.2/4-url-linking-2.patch
new file mode 100644
index 0000000000..587a8e6e0f
--- /dev/null
+++ b/hotfix/2.0.2/4-url-linking-2.patch
@@ -0,0 +1,20 @@
+--- new-file-modal.pug
++++ new-file-modal.pug
+@@ -21,11 +21,12 @@ script(type='text/ng-template', id='newFileModalTemplate')
+ 								i.fa.fa-fw.fa-folder-open
+ 								|
+ 								| From Another Project
+-						li(ng-class="type == 'url' ? 'active' : null")
+-							a(href, ng-click="type = 'url'")
+-								i.fa.fa-fw.fa-globe
+-								|
+-								| From External URL
++						if hasFeature('link-url')
++							li(ng-class="type == 'url' ? 'active' : null")
++								a(href, ng-click="type = 'url'")
++									i.fa.fa-fw.fa-globe
++									|
++									| From External URL
+ 						!= moduleIncludes("newFileModal:selector", locals)
+ 
+ 				td(class="modal-new-file--body modal-new-file--body-{{type}}")
diff --git a/hotfix/2.0.2/5-disable-analytics-1.patch b/hotfix/2.0.2/5-disable-analytics-1.patch
new file mode 100644
index 0000000000..198ee03935
--- /dev/null
+++ b/hotfix/2.0.2/5-disable-analytics-1.patch
@@ -0,0 +1,26 @@
+--- AnalyticsController.js
++++ AnalyticsController.js
+@@ -3,9 +3,13 @@ const Errors = require('../Errors/Errors')
+ const AuthenticationController = require('../Authentication/AuthenticationController')
+ const InstitutionsAPI = require('../Institutions/InstitutionsAPI')
+ const GeoIpLookup = require('../../infrastructure/GeoIpLookup')
++const Features = require('../../infrastructure/Features')
+ 
+ module.exports = {
+   updateEditingSession(req, res, next) {
++    if (!Features.hasFeature('analytics')) {
++      return res.send(204)
++    }
+     const userId = AuthenticationController.getLoggedInUserId(req)
+     const { projectId } = req.params
+     let countryCode = null
+@@ -28,6 +32,9 @@ module.exports = {
+   },
+ 
+   recordEvent(req, res, next) {
++    if (!Features.hasFeature('analytics')) {
++      return res.send(204)
++    }
+     const userId =
+       AuthenticationController.getLoggedInUserId(req) || req.sessionID
+     AnalyticsManager.recordEvent(userId, req.params.event, req.body, error =>
diff --git a/hotfix/2.0.2/6-disable-analytics-2.patch b/hotfix/2.0.2/6-disable-analytics-2.patch
new file mode 100644
index 0000000000..9fb41c1cba
--- /dev/null
+++ b/hotfix/2.0.2/6-disable-analytics-2.patch
@@ -0,0 +1,10 @@
+--- Features.js
++++ Features.js
+@@ -41,6 +41,7 @@ module.exports = Features = {
+       case 'templates-server-pro':
+         return Settings.overleaf == null
+       case 'affiliations':
++      case 'analytics':
+         // Checking both properties is needed for the time being to allow
+         // enabling the feature in web-api and disabling in Server Pro
+         // see https://github.com/overleaf/web-internal/pull/2127
diff --git a/hotfix/2.0.2/Dockerfile b/hotfix/2.0.2/Dockerfile
new file mode 100644
index 0000000000..7a75ed97a5
--- /dev/null
+++ b/hotfix/2.0.2/Dockerfile
@@ -0,0 +1,31 @@
+FROM sharelatex/sharelatex:2.0.1
+
+
+# Patch 1: Fixes anonymous link sharing
+ADD 1-anon-upload.patch /var/www/sharelatex/web/app/src/Features/Uploads/1-anon-upload.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/Uploads/ && \
+    patch < 1-anon-upload.patch
+
+
+# Patch 2: Fixes read-only access
+ADD 2-read-only-access.patch /var/www/sharelatex/web/app/src/Features/TokenAccess/3-read-only-access.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/TokenAccess/ && \
+    patch < 3-read-only-access.patch
+
+
+# Patch 3: Fixes url linking
+ADD 3-url-linking-1.patch /var/www/sharelatex/web/app/src/infrastructure/6-url-linking-1.patch
+RUN cd /var/www/sharelatex/web/app/src/infrastructure/ && \
+    patch < 6-url-linking-1.patch
+ADD 4-url-linking-2.patch /var/www/sharelatex/web/app/views/project/editor/7-url-linking-2.patch
+RUN cd /var/www/sharelatex/web/app/views/project/editor/ && \
+    patch < 7-url-linking-2.patch
+
+
+# Patch 4: Disables analytics
+ADD 5-disable-analytics-1.patch /var/www/sharelatex/web/app/src/Features/Analytics/8-disable-analytics-1.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/Analytics/ && \
+    patch < 8-disable-analytics-1.patch
+ADD 6-disable-analytics-2.patch /var/www/sharelatex/web/app/src/infrastructure/9-disable-analytics-2.patch
+RUN cd /var/www/sharelatex/web/app/src/infrastructure/ && \
+    patch < 9-disable-analytics-2.patch