Commit graph

62 commits

Author SHA1 Message Date
Jakob Ackermann
55af5e502f [WebsocketController] skip leaveProject when joinProject didn't complete
Also drop dead code:
 - user_id bailout

   There is a check on a completed joinProject call now. It will always
    set a user_id, see Router.coffee which has a fallback `{_id:"..."}`.

 - late project_id bailout

   WebsocketLoadBalancer.emitToRoom will not work without a project_id.
   We have to bail out before the call.
2020-05-12 17:15:08 +02:00
Jakob Ackermann
af53d3b603 [misc] skip duplicate JSON serialization for size check 2020-03-24 11:22:28 +01:00
Jakob Ackermann
15244a54be [misc] WebsocketController: limit the update size to 7mb
bail out early on -- especially do not push the update into redis for
 doc-updater to discard it.

Confirm the update silently, otherwise the frontend will send it again.
Broadcast a 'otUpdateError' message and disconnect the client, like
 doc-updater would do.
2020-03-24 09:12:12 +01:00
Shane Kilkelly
6df88ebc49 Filter "comments" if restricted user. 2019-10-30 13:54:40 +00:00
Shane Kilkelly
403caa65e8 Revert "Revert "Track the isRestrictedUser flag on clients""
This reverts commit 651e392a7c644403f199e1b03e7494b61ce71d0c.
2019-10-30 13:52:36 +00:00
Simon Detheridge
925a8651c1 Revert "Track the isRestrictedUser flag on clients" 2019-10-22 10:17:38 +01:00
Shane Kilkelly
df6cd4a054 Also block getConnectedUsers for restricted users.
Plus refactor to use a pass list instead of a deny list.
2019-10-04 13:41:49 +01:00
Shane Kilkelly
6765d03339 Track the isRestrictedUser flag on clients
Then, don't send new chat messages and new comments to those restricted clients.
We do this because we don't want to leak private information (email addresses
and names) to "restricted" users, those who have read-only access via a
shared token.
2019-10-04 10:30:24 +01:00
Brian Gough
d3171e4e2e remove unwanted argument 2019-08-14 13:03:06 +01:00
Brian Gough
2000f478a7 refresh the client list on demand 2019-08-13 10:40:03 +01:00
Brian Gough
277ec71a5b subscribe to doc updates before requesting doc content 2019-07-24 15:49:29 +01:00
Brian Gough
159b39c491 ensure redis channel is subscribed when joining room 2019-07-23 17:02:09 +01:00
Brian Gough
804f4c2bd2 listen on separate channels for each project/doc 2019-07-18 12:55:23 +01:00
miguel
46dfe56b05 Downgraded unathorised log to warning 2019-06-21 07:30:12 +02:00
Chrystal Maria Griffiths
0b88a63444 Merge pull request #35 from sharelatex/cmg-anonymous-display-name
Nameless logged in user labelled as anonymous
2019-02-15 14:53:18 +00:00
Chrystal Griffiths
26acdfd072 Add comment explaining why not sending anon data up 2019-02-12 14:06:59 +00:00
Chrystal Griffiths
bb06f82e04 Still send cursorData for logged in users 2019-02-12 14:00:47 +00:00
Chrystal Griffiths
2ec760403f Revert to method not sending cursorData because of duplication 2019-02-11 11:52:14 +00:00
Chrystal Griffiths
cb12e1c6f6 Send an empty string for every nameless user 2019-02-08 15:39:51 +00:00
Henry Oswald
d4e8bc1d4b remove metrics.set as we don't support it atm 2018-12-05 15:29:23 +00:00
Shane Kilkelly
7295342ec2 fix existance checks for first_name and last_name 2017-12-18 11:13:19 +00:00
Shane Kilkelly
675814f1b1 Handle the case where the user has only a last_name set 2017-12-13 10:28:35 +00:00
Shane Kilkelly
06c8729ce7 If a user has only their first_name set, don't label as Anonymous 2017-12-12 15:27:50 +00:00
Brian Gough
b734f7a3f7 convert errors to warnings 2017-11-10 15:01:23 +00:00
Shane Kilkelly
3b39464aa5 Merge branch 'master' into sk-unlisted-projects 2017-11-02 10:58:41 +00:00
Shane Kilkelly
d4c735c3ea Pass anonymous-read token along as header to web-api 2017-09-26 14:21:41 +01:00
Alasdair Smith
a0505afb23 Be defensive on comment text 2017-09-22 09:34:10 +01:00
Alasdair Smith
c67150ea10 Ensure falsy value doesn't fail conditional 2017-09-22 09:33:29 +01:00
Alasdair Smith
a299d7335d Fix incorrect var 2017-09-21 16:56:18 +01:00
Alasdair Smith
90d05dc6dd Make args order consistent 2017-09-21 16:56:09 +01:00
Alasdair Smith
55c880e1dd DRY up a bit 2017-09-21 15:07:15 +01:00
Alasdair Smith
aa6e0d0d69 Only encode ranges if option passed 2017-09-21 14:23:16 +01:00
Alasdair Smith
9f503f1e9f First pass at encoding changes & comments in ranges 2017-09-21 13:25:55 +01:00
James Allen
d8ff8ba098 Merge pull request #11 from sharelatex/ja-allow-readonly-comments
Allow readonly users to submit comments
2017-03-20 14:25:03 +00:00
James Allen
8766646149 Allow users to send a comment update if they are read-only 2017-03-15 15:45:52 +00:00
James Allen
d939f6cd65 Remove some old logging 2017-03-15 15:45:18 +00:00
Brian Gough
d468f662ac handle disconnects of unauthenticated users 2017-02-23 12:04:36 +00:00
James Allen
9fd099c24f Update getDoc signature to match reality 2017-01-16 17:09:44 +01:00
James Allen
bf2620ee0c Return ranges from docupdater to client 2016-12-08 11:37:31 +00:00
James Allen
4cff89becc Fix acceptance tests 2016-12-08 11:12:07 +00:00
Brian Gough
8ffec68250 add comment about fallback case 2016-09-05 12:46:52 +01:00
Brian Gough
ef85bce3b8 track permissions when clients join and leave docs 2016-09-05 12:46:52 +01:00
Brian Gough
9ab19c5d03 avoid double callback 2016-09-02 16:34:14 +01:00
James Allen
343ec9d708 Add in flags that track how often each callback is called 2016-05-26 15:46:45 +01:00
James Allen
030abc5340 Don't flush to track changes now that this happens in doc updater 2016-01-20 17:51:24 +00:00
James Allen
79cd0e6a5c Record user id correctly when updating position 2015-02-05 13:41:31 +00:00
James Allen
d62dc7ca3a Don't be so verbose with client update errors 2014-11-24 15:42:26 +00:00
James Allen
57a34e940e Authorize users before updating their cursor positions 2014-11-24 12:05:05 +00:00
James Allen
66dfafdebe Add metrics into all end points 2014-11-17 13:12:49 +00:00
James Allen
8bc6d0e291 Unify logging 2014-11-17 12:46:27 +00:00