overleaf/services/real-time/app/js/Router.js
Tim Down 473e74ecf1 Merge pull request #16749 from overleaf/td-upgrade-joi-celebrate
Upgrade Joi and Celebrate to latest

GitOrigin-RevId: 287130f6e476c04f9eb4efdf202729452b081c40
2024-02-05 09:04:16 +00:00

453 lines
14 KiB
JavaScript

const metrics = require('@overleaf/metrics')
const logger = require('@overleaf/logger')
const settings = require('@overleaf/settings')
const WebsocketController = require('./WebsocketController')
const HttpController = require('./HttpController')
const HttpApiController = require('./HttpApiController')
const WebsocketAddressManager = require('./WebsocketAddressManager')
const bodyParser = require('body-parser')
const base64id = require('base64id')
const { UnexpectedArgumentsError } = require('./Errors')
const Joi = require('joi')
const HOSTNAME = require('os').hostname()
const JOI_OBJECT_ID = Joi.string()
.required()
.regex(/^[0-9a-f]{24}$/)
.message('invalid id')
let Router
module.exports = Router = {
_handleError(callback, error, client, method, attrs) {
attrs = attrs || {}
for (const key of ['project_id', 'user_id']) {
attrs[key] = attrs[key] || client.ol_context[key]
}
attrs.client_id = client.id
attrs.err = error
attrs.method = method
if (Joi.isError(error)) {
logger.info(attrs, 'validation error')
let message = 'invalid'
try {
message = error.details[0].message
} catch (e) {
// ignore unexpected errors
logger.warn({ error, e }, 'unexpected validation error')
}
const serializedError = { message }
metrics.inc('validation-error', 1, {
status: method,
})
callback(serializedError)
} else if (error.name === 'CodedError') {
logger.warn(attrs, error.message)
const serializedError = { message: error.message, code: error.info.code }
callback(serializedError)
} else if (error.message === 'unexpected arguments') {
// the payload might be very large; put it on level debug
logger.debug(attrs, 'unexpected arguments')
metrics.inc('unexpected-arguments', 1, { status: method })
const serializedError = { message: error.message }
callback(serializedError)
} else if (error.message === 'no project_id found on client') {
logger.debug(attrs, error.message)
const serializedError = { message: error.message }
callback(serializedError)
} else if (
[
'not authorized',
'joinLeaveEpoch mismatch',
'doc updater could not load requested ops',
'no project_id found on client',
'cannot join multiple projects',
].includes(error.message)
) {
logger.warn(attrs, error.message)
const serializedError = { message: error.message }
callback(serializedError)
} else {
logger.error(attrs, `server side error in ${method}`)
// Don't return raw error to prevent leaking server side info
const serializedError = {
message: 'Something went wrong in real-time service',
}
callback(serializedError)
}
if (attrs.disconnect) {
setTimeout(function () {
client.disconnect()
}, 100)
}
},
_handleInvalidArguments(client, method, args) {
const error = new UnexpectedArgumentsError()
let callback = args[args.length - 1]
if (typeof callback !== 'function') {
callback = function () {}
}
const attrs = { arguments: args }
Router._handleError(callback, error, client, method, attrs)
},
configure(app, io, session) {
app.set('io', io)
if (settings.behindProxy) {
app.set('trust proxy', settings.trustedProxyIps)
}
const websocketAddressManager = new WebsocketAddressManager(
settings.behindProxy,
settings.trustedProxyIps
)
app.get('/clients', HttpController.getConnectedClients)
app.get('/clients/:client_id', HttpController.getConnectedClient)
app.post(
'/project/:project_id/message/:message',
bodyParser.json({ limit: '5mb' }),
HttpApiController.sendMessage
)
app.post('/drain', HttpApiController.startDrain)
app.post(
'/client/:client_id/disconnect',
HttpApiController.disconnectClient
)
session.on('connection', function (error, client, session) {
// init client context, we may access it in Router._handleError before
// setting any values
client.ol_context = {}
// bail out from joinDoc when a parallel joinDoc or leaveDoc is running
client.joinLeaveEpoch = 0
if (client) {
client.on('error', function (err) {
logger.err({ clientErr: err }, 'socket.io client error')
if (client.connected) {
client.emit('reconnectGracefully')
client.disconnect()
}
})
}
if (settings.shutDownInProgress) {
client.emit('connectionRejected', { message: 'retry' })
client.disconnect()
return
}
if (
client &&
error &&
error.message.match(/could not look up session by key/)
) {
logger.warn(
{ err: error, client: !!client, session: !!session },
'invalid session'
)
// tell the client to reauthenticate if it has an invalid session key
client.emit('connectionRejected', { message: 'invalid session' })
client.disconnect()
return
}
if (error) {
logger.err(
{ err: error, client: !!client, session: !!session },
'error when client connected'
)
if (client) {
client.emit('connectionRejected', { message: 'error' })
}
if (client) {
client.disconnect()
}
return
}
const projectId = client.handshake?.query?.projectId
try {
Joi.assert(projectId, JOI_OBJECT_ID)
} catch (error) {
metrics.inc('socket-io.connection', 1, {
status: client.transport,
method: projectId ? 'bad-project-id' : 'missing-project-id',
})
client.emit('connectionRejected', {
message: 'missing/bad ?projectId=... query flag on handshake',
})
client.disconnect()
return
}
// The client.id is security sensitive. Generate a publicId for sending to other clients.
client.publicId = 'P.' + base64id.generateId()
client.remoteIp = websocketAddressManager.getRemoteIp(client.handshake)
const headers = client.handshake && client.handshake.headers
client.userAgent = headers && headers['user-agent']
metrics.inc('socket-io.connection', 1, {
status: client.transport,
method: 'auto-join-project',
})
metrics.gauge('socket-io.clients', io.sockets.clients().length)
logger.debug({ session, clientId: client.id }, 'client connected')
let user
if (session && session.passport && session.passport.user) {
;({ user } = session.passport)
} else if (session && session.user) {
;({ user } = session)
} else {
const anonymousAccessToken = session?.anonTokenAccess?.[projectId]
user = { _id: 'anonymous-user', anonymousAccessToken }
}
if (settings.exposeHostname) {
client.on('debug.getHostname', function (callback) {
if (typeof callback !== 'function') {
return Router._handleInvalidArguments(
client,
'debug.getHostname',
arguments
)
}
callback(HOSTNAME)
})
}
const joinProject = function (callback) {
WebsocketController.joinProject(
client,
user,
projectId,
function (err, ...args) {
if (err) {
Router._handleError(callback, err, client, 'joinProject', {
project_id: projectId,
user_id: user._id,
})
} else {
callback(null, ...args)
}
}
)
}
client.on('disconnect', function () {
metrics.inc('socket-io.disconnect', 1, { status: client.transport })
metrics.gauge('socket-io.clients', io.sockets.clients().length)
WebsocketController.leaveProject(io, client, function (err) {
if (err) {
Router._handleError(function () {}, err, client, 'leaveProject')
}
})
})
// Variadic. The possible arguments:
// doc_id, callback
// doc_id, fromVersion, callback
// doc_id, options, callback
// doc_id, fromVersion, options, callback
client.on('joinDoc', function (docId, fromVersion, options, callback) {
if (typeof fromVersion === 'function' && !options) {
callback = fromVersion
fromVersion = -1
options = {}
} else if (
typeof fromVersion === 'number' &&
typeof options === 'function'
) {
callback = options
options = {}
} else if (
typeof fromVersion === 'object' &&
typeof options === 'function'
) {
callback = options
options = fromVersion
fromVersion = -1
} else if (
typeof fromVersion === 'number' &&
typeof options === 'object' &&
typeof callback === 'function'
) {
// Called with 4 args, things are as expected
} else {
return Router._handleInvalidArguments(client, 'joinDoc', arguments)
}
try {
Joi.assert(
{ doc_id: docId, fromVersion, options },
Joi.object({
doc_id: JOI_OBJECT_ID,
fromVersion: Joi.number().integer(),
options: Joi.object().required(),
})
)
} catch (error) {
return Router._handleError(callback, error, client, 'joinDoc', {
disconnect: 1,
})
}
WebsocketController.joinDoc(
client,
docId,
fromVersion,
options,
function (err, ...args) {
if (err) {
Router._handleError(callback, err, client, 'joinDoc', {
doc_id: docId,
fromVersion,
})
} else {
callback(null, ...args)
}
}
)
})
client.on('leaveDoc', function (docId, callback) {
if (typeof callback !== 'function') {
return Router._handleInvalidArguments(client, 'leaveDoc', arguments)
}
try {
Joi.assert(docId, JOI_OBJECT_ID)
} catch (error) {
return Router._handleError(callback, error, client, 'joinDoc', {
disconnect: 1,
})
}
WebsocketController.leaveDoc(client, docId, function (err, ...args) {
if (err) {
Router._handleError(callback, err, client, 'leaveDoc', {
doc_id: docId,
})
} else {
callback(null, ...args)
}
})
})
client.on('clientTracking.getConnectedUsers', function (callback) {
if (typeof callback !== 'function') {
return Router._handleInvalidArguments(
client,
'clientTracking.getConnectedUsers',
arguments
)
}
WebsocketController.getConnectedUsers(client, function (err, users) {
if (err) {
Router._handleError(
callback,
err,
client,
'clientTracking.getConnectedUsers'
)
} else {
callback(null, users)
}
})
})
client.on(
'clientTracking.updatePosition',
function (cursorData, callback) {
if (!callback) {
callback = function () {
// NOTE: The frontend does not pass any callback to socket.io.
// Any error is already logged via Router._handleError.
}
}
if (typeof callback !== 'function') {
return Router._handleInvalidArguments(
client,
'clientTracking.updatePosition',
arguments
)
}
WebsocketController.updateClientPosition(
client,
cursorData,
function (err) {
if (err) {
Router._handleError(
callback,
err,
client,
'clientTracking.updatePosition'
)
} else {
callback()
}
}
)
}
)
client.on('applyOtUpdate', function (docId, update, callback) {
if (typeof callback !== 'function') {
return Router._handleInvalidArguments(
client,
'applyOtUpdate',
arguments
)
}
try {
Joi.assert(
{ doc_id: docId, update },
Joi.object({
doc_id: JOI_OBJECT_ID,
update: Joi.object().required(),
})
)
} catch (error) {
return Router._handleError(callback, error, client, 'applyOtUpdate', {
disconnect: 1,
})
}
WebsocketController.applyOtUpdate(
client,
docId,
update,
function (err) {
if (err) {
Router._handleError(callback, err, client, 'applyOtUpdate', {
doc_id: docId,
update,
})
} else {
callback()
}
}
)
})
joinProject((err, project, permissionsLevel, protocolVersion) => {
if (err) {
client.emit('connectionRejected', err)
client.disconnect()
return
}
client.emit('joinProjectResponse', {
publicId: client.publicId,
project,
permissionsLevel,
protocolVersion,
})
})
})
},
}