Commit 515b0d9a authored by Nelson DINIS GONÇALVES's avatar Nelson DINIS GONÇALVES
Browse files

Bump etherpad to 1.8.14

parent 2062bbff
FROM node:alpine
ARG NODE_ENV=production
RUN mkdir /app && apk update && apk add curl gettext nginx && mkdir /run/nginx
COPY ./etherpad-lite-1.8.7.tar.gz /app
COPY ./etherpad-lite-1.8.14.tar.gz /app
WORKDIR /app
RUN tar zxvf etherpad-lite-1.8.7.tar.gz --strip 1 -C /app && \
rm /app/etherpad-lite-1.8.7.tar.gz
RUN /app/bin/installDeps.sh
RUN tar zxvf etherpad-lite-1.8.14.tar.gz --strip 1 -C /app && \
rm /app/etherpad-lite-1.8.14.tar.gz
RUN /app/src/bin/installDeps.sh
COPY ./settings.json.tmpl /app/settings.json.tmpl
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
COPY ./nginx/default.conf.tmpl /etc/nginx/conf.d/default.conf.tmpl
......
......@@ -77,48 +77,48 @@ function httpRequest(url, params) {
});
}
exports.authorize = async function (hook_name, context, cb) {
exports.authorize = async function (hook_name, context) {
// NOTE: statics in /^\/(static|javascripts|pluginfw|api)/ are always authorized. See webaccess.js
laclasseLogger.info('authorize: for', context.resource);
// allow some statics resources
if ((context.resource.indexOf('/locales/') == 0) ||
(context.resource.indexOf('/jserror') == 0))
return cb(['readOnly']);
return 'readOnly';
// allow healthcheck without authentication
if (context.resource.match(/^\/(healthcheck)/)) return cb([true]);
if (context.resource.match(/^\/(healthcheck)/)) return true;
const user = context.req.session.user;
// everything else at least needs a login session
if (!user) return cb([]);
if (!user) return;
// protect the admin routes
if (context.resource.indexOf('/admin') === 0 && !user.is_admin) return cb([]);
if (context.resource.indexOf('/admin') === 0 && !user.is_admin) return;
// check if user has access to pad
const matches = context.resource.match(/^\/p\/(\d+)(\/.*)*$/);
const padID = matches ? matches[1] : null;
if (padID == null) return cb([]);
if (padID == null) return;
try {
let rights = await padRightsForUser(padID, user.username);
if(rights === false || rights.Read == false) {
return cb([]);
return;
}
// laclasseLogger.info('authorize: authorized with ', rights.Write ? 'modify': 'readOnly');
if(rights.Write) {
return cb(['modify']);
return 'modify';
} else {
return cb(['readOnly']);
return 'readOnly';
}
} catch (error) {
laclasseLogger.error(`padRightsForUser fails ${error}`);
return cb([]);
return;
}
};
......@@ -190,33 +190,33 @@ async function padRightsForUser(id, userId) {
return result;
}
exports.authenticate = async function (hook_name, context, cb) {
exports.authenticate = async function (hook_name, context) {
laclasseLogger.info('authenticate: current session: ', context.req.session);
// if no session available, authentication fails
if(!context.req.session) {
return cb([false]);
return false;
}
// if the user is already authentication, it is already ok
if (context.req.session.user) {
return cb([true]);
return true;
}
// no ticket is available, authentication fails
if(!context.req.query.ticket) {
return cb([false]);
return false;
}
let user;
try {
user = await serviceValidate(context.req.query.ticket, getServiceURL(context.req));
} catch {
return cb([false]);
return false;
}
if(!user)
return cb([false]);
return false;
// User authenticated, save off some information needed for authorization
context.req.session.user = {
username: user.uid,
......@@ -231,7 +231,7 @@ exports.authenticate = async function (hook_name, context, cb) {
context.res.redirect(getServiceURL(context.req));
}
exports.authnFailure = function(hook_name, context, cb) {
exports.authnFailure = async function(hook_name, context) {
const loginURL = new URL('/sso/login',baseURL);
const urlParams = new URLSearchParams({ service: getServiceURL(context.req) });
const url = `${loginURL.toString()}?${urlParams.toString()}`;
......@@ -244,10 +244,10 @@ exports.authnFailure = function(hook_name, context, cb) {
} catch(e) {}
// signal that we have handled it
return cb([true]);
return true;
}
exports.authzFailure = (hookName, context, cb) => {
exports.authzFailure = async (hookName, context) => {
laclasseLogger.warn('authzFailure');
// send our custom error page
context.res.status(403).send(
......@@ -320,7 +320,7 @@ exports.authzFailure = (hookName, context, cb) => {
</body>
</html>`
);
return cb([true]);
return true;
};
exports.handleMessage = async function (hook_name, {message, socket, client}) {
......
......@@ -12,11 +12,13 @@
"url": "https://forge.grandlyon.com/laclasse/etherpad"
},
"contributors": [],
"peerDependencies": {
"ep_etherpad_lite":">=1.8.4",
"express-rate-limit": "5.1.X",
"dependencies": {
"express-rate-limit": "5.2.X",
"jsonminify": "0.4.X",
"log4js": "0.6.X"
},
"peerDependencies": {
"ep_etherpad-lite":">=1.8.4"
},
"license": "MIT"
}
\ No newline at end of file
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment