Hotfix 2.0.2 (#130)

2024-11-14 20:40:17 -05:00 · 2019-12-10 15:06:40 +01:00 · 2019-12-10 15:06:40 +01:00 · c4104806c3
commit c4104806c3
parent fc0c464216
7 changed files with 169 additions and 0 deletions
--- a/server-ce/hotfix/2.0.2/1-anon-upload.patch
+++ b/server-ce/hotfix/2.0.2/1-anon-upload.patch
@ -0,0 +1,60 @@
+--- UploadsRouter.js
+++ UploadsRouter.js
+@@ -1,13 +1,3 @@
+-/* eslint-disable
+-    no-unused-vars,
+-*/
+-// TODO: This file was created by bulk-decaffeinate.
+-// Fix any style issues and re-enable lint.
+-/*
+- * decaffeinate suggestions:
+- * DS102: Remove unnecessary code created because of implicit returns
+- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
+- */
+ const AuthorizationMiddleware = require('../Authorization/AuthorizationMiddleware')
+ const AuthenticationController = require('../Authentication/AuthenticationController')
+ const ProjectUploadController = require('./ProjectUploadController')
+@@ -28,18 +18,30 @@ module.exports = {
+       ProjectUploadController.uploadProject
+     )
+
+-    return webRouter.post(
+-      '/Project/:Project_id/upload',
+-      RateLimiterMiddleware.rateLimit({
+-        endpointName: 'file-upload',
+-        params: ['Project_id'],
+-        maxRequests: 200,
+-        timeInterval: 60 * 30
+-      }),
+-      AuthenticationController.requireLogin(),
+-      AuthorizationMiddleware.ensureUserCanWriteProjectContent,
+-      ProjectUploadController.multerMiddleware,
+-      ProjectUploadController.uploadFile
+-    )
+    const fileUploadEndpoint = '/Project/:Project_id/upload'
+    const fileUploadRateLimit = RateLimiterMiddleware.rateLimit({
+      endpointName: 'file-upload',
+      params: ['Project_id'],
+      maxRequests: 200,
+      timeInterval: 60 * 30
+    })
+    if (Settings.allowAnonymousReadAndWriteSharing) {
+      webRouter.post(
+        fileUploadEndpoint,
+        fileUploadRateLimit,
+        AuthorizationMiddleware.ensureUserCanWriteProjectContent,
+        ProjectUploadController.multerMiddleware,
+        ProjectUploadController.uploadFile
+      )
+    } else {
+      webRouter.post(
+        fileUploadEndpoint,
+        fileUploadRateLimit,
+        AuthenticationController.requireLogin(),
+        AuthorizationMiddleware.ensureUserCanWriteProjectContent,
+        ProjectUploadController.multerMiddleware,
+        ProjectUploadController.uploadFile
+      )
+    }
+   }
+ }
--- a/server-ce/hotfix/2.0.2/2-read-only-access.patch
+++ b/server-ce/hotfix/2.0.2/2-read-only-access.patch
@ -0,0 +1,11 @@
+--- TokenAccessHandler.js
+++ TokenAccessHandler.js
+@@ -255,7 +255,7 @@ const TokenAccessHandler = {
+ 
+   getV1DocPublishedInfo(token, callback) {
+     // default to allowing access
+-    if (!Settings.apis || !Settings.apis.v1) {
+    if (!Settings.apis.v1 || !Settings.apis.v1.url) {
+       return callback(null, { allow: true })
+     }
+     V1Api.request(
--- a/server-ce/hotfix/2.0.2/3-url-linking-1.patch
+++ b/server-ce/hotfix/2.0.2/3-url-linking-1.patch
@ -0,0 +1,11 @@
+--- Features.js
+++ Features.js
+@@ -53,6 +53,8 @@ module.exports = Features = {
+         return Settings.apis.references.url != null
+       case 'saml':
+         return Settings.enableSaml
+      case 'link-url':
+        return Settings.apis.linkedUrlProxy && Settings.apis.linkedUrlProxy.url
+       default:
+         throw new Error(`unknown feature: ${feature}`)
+     }
--- a/server-ce/hotfix/2.0.2/4-url-linking-2.patch
+++ b/server-ce/hotfix/2.0.2/4-url-linking-2.patch
@ -0,0 +1,20 @@
+--- new-file-modal.pug
+++ new-file-modal.pug
+@@ -21,11 +21,12 @@ script(type='text/ng-template', id='newFileModalTemplate')
+ 								i.fa.fa-fw.fa-folder-open
+ 								|
+ 								| From Another Project
+-						li(ng-class="type == 'url' ? 'active' : null")
+-							a(href, ng-click="type = 'url'")
+-								i.fa.fa-fw.fa-globe
+-								|
+-								| From External URL
+						if hasFeature('link-url')
+							li(ng-class="type == 'url' ? 'active' : null")
+								a(href, ng-click="type = 'url'")
+									i.fa.fa-fw.fa-globe
+									|
+									| From External URL
+ 						!= moduleIncludes("newFileModal:selector", locals)
+ 
+ 				td(class="modal-new-file--body modal-new-file--body-{{type}}")
--- a/server-ce/hotfix/2.0.2/5-disable-analytics-1.patch
+++ b/server-ce/hotfix/2.0.2/5-disable-analytics-1.patch
@ -0,0 +1,26 @@
+--- AnalyticsController.js
+++ AnalyticsController.js
+@@ -3,9 +3,13 @@ const Errors = require('../Errors/Errors')
+ const AuthenticationController = require('../Authentication/AuthenticationController')
+ const InstitutionsAPI = require('../Institutions/InstitutionsAPI')
+ const GeoIpLookup = require('../../infrastructure/GeoIpLookup')
+const Features = require('../../infrastructure/Features')
+ 
+ module.exports = {
+   updateEditingSession(req, res, next) {
+    if (!Features.hasFeature('analytics')) {
+      return res.send(204)
+    }
+     const userId = AuthenticationController.getLoggedInUserId(req)
+     const { projectId } = req.params
+     let countryCode = null
+@@ -28,6 +32,9 @@ module.exports = {
+   },
+ 
+   recordEvent(req, res, next) {
+    if (!Features.hasFeature('analytics')) {
+      return res.send(204)
+    }
+     const userId =
+       AuthenticationController.getLoggedInUserId(req) || req.sessionID
+     AnalyticsManager.recordEvent(userId, req.params.event, req.body, error =>
--- a/server-ce/hotfix/2.0.2/6-disable-analytics-2.patch
+++ b/server-ce/hotfix/2.0.2/6-disable-analytics-2.patch
@ -0,0 +1,10 @@
+--- Features.js
+++ Features.js
+@@ -41,6 +41,7 @@ module.exports = Features = {
+       case 'templates-server-pro':
+         return Settings.overleaf == null
+       case 'affiliations':
+      case 'analytics':
+         // Checking both properties is needed for the time being to allow
+         // enabling the feature in web-api and disabling in Server Pro
+         // see https://github.com/overleaf/web-internal/pull/2127
--- a/server-ce/hotfix/2.0.2/Dockerfile
+++ b/server-ce/hotfix/2.0.2/Dockerfile
@ -0,0 +1,31 @@
+FROM sharelatex/sharelatex:2.0.1
+
+
+# Patch 1: Fixes anonymous link sharing
+ADD 1-anon-upload.patch /var/www/sharelatex/web/app/src/Features/Uploads/1-anon-upload.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/Uploads/ && \
+    patch < 1-anon-upload.patch
+
+
+# Patch 2: Fixes read-only access
+ADD 2-read-only-access.patch /var/www/sharelatex/web/app/src/Features/TokenAccess/3-read-only-access.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/TokenAccess/ && \
+    patch < 3-read-only-access.patch
+
+
+# Patch 3: Fixes url linking
+ADD 3-url-linking-1.patch /var/www/sharelatex/web/app/src/infrastructure/6-url-linking-1.patch
+RUN cd /var/www/sharelatex/web/app/src/infrastructure/ && \
+    patch < 6-url-linking-1.patch
+ADD 4-url-linking-2.patch /var/www/sharelatex/web/app/views/project/editor/7-url-linking-2.patch
+RUN cd /var/www/sharelatex/web/app/views/project/editor/ && \
+    patch < 7-url-linking-2.patch
+
+
+# Patch 4: Disables analytics
+ADD 5-disable-analytics-1.patch /var/www/sharelatex/web/app/src/Features/Analytics/8-disable-analytics-1.patch
+RUN cd /var/www/sharelatex/web/app/src/Features/Analytics/ && \
+    patch < 8-disable-analytics-1.patch
+ADD 6-disable-analytics-2.patch /var/www/sharelatex/web/app/src/infrastructure/9-disable-analytics-2.patch
+RUN cd /var/www/sharelatex/web/app/src/infrastructure/ && \
+    patch < 9-disable-analytics-2.patch