Richard Hansen
0b1ec20c5c
express: Move `preAuthorize` middleware before express-session
2021-12-20 20:08:19 -05:00
Richard Hansen
bf35dcfc50
webaccess: Move `preAuthorize` to its own middleware
2021-12-20 20:08:19 -05:00
Richard Hansen
7f3d0e71f7
express: Check access before `expressConfigure` middleware
...
There are no guarantees about the order of execution of hook
functions, which means that a plugin's `expressConfigure` hook
function could theoretically register a handler/middleware before the
access check middleware is registered. If that happens, the plugin's
handler would run before the access check, which would be bad. Avoid
the problem by explicitly installing the `webaccess.checkAccess`
middleware before running the `expressConfigure` hook.
2021-12-20 20:08:18 -05:00
Richard Hansen
472eddc821
webaccess: Skip checks if `next` is called in `preAuthenticate`
2021-12-20 20:08:18 -05:00
Richard Hansen
fc498f0ae6
tests: Delete test pad before attempting import
2021-12-20 20:08:18 -05:00
Richard Hansen
c4b25388ae
docs: Server-side hook documentation improvements
2021-12-20 20:08:18 -05:00
Richard Hansen
02d1b90d30
tests: Factor out USER_CHANGES/ACCEPT_COMMIT helpers
...
This will make it possible for other tests to reuse the code.
2021-12-19 16:53:24 -05:00
snyk-bot
674a0ccedc
fix: upgrade openapi-backend from 5.0.0 to 5.0.1
...
Snyk has created this PR to upgrade openapi-backend from 5.0.0 to 5.0.1.
See this package in npm:
https://www.npmjs.com/package/openapi-backend
See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-12-19 00:54:20 -05:00
webzwo0i
8b73f2ee70
padurlsanitize: Don't crash if `sanitizePadId()` throws
...
Let Express send a 500 status code to the user instead.
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:47:01 -05:00
Richard Hansen
4733c7d8d3
SessionStore: Promisify to the extent permitted by express-session
2021-12-18 18:29:04 -05:00
webzwo0i
694d3f630e
SessionStore: Propagate database errors to express-session
...
Send a 500 HTTP status code to the client if the session entry could
not be fetched from the database. This is useful in case the database
is busy and can't respond to the query in time. In this case we want
to abort the client connection as soon as possible.
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:29:04 -05:00
Richard Hansen
7572040836
Pad: Simplify `Pad.copy()` logic
2021-12-18 18:28:58 -05:00
webzwo0i
0040f5984e
db: await more database operations
...
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-18 18:23:27 -05:00
translatewiki.net
e64462323b
Localisation updates from https://translatewiki.net .
2021-12-16 13:03:26 +01:00
Richard Hansen
748d661495
Changeset: Fix off-by-one bug in `makeSplice`
2021-12-16 00:48:07 -05:00
Richard Hansen
30d68df396
Changeset: Add range checks to `makeSplice`
2021-12-16 00:48:07 -05:00
Richard Hansen
fdf1fdbc23
Changeset: Improve readability of `makeSplice()`
2021-12-16 00:48:07 -05:00
Richard Hansen
b1d0848701
Pad: Improve readability of `appendText`
2021-12-16 00:48:07 -05:00
Richard Hansen
a6bf7816ce
Pad: Simplify `setText`
2021-12-16 00:48:07 -05:00
Robert Geislinger
10e2b09b96
Update http_api.md
...
The current version is 1.2.15 or bigger if you look at e.g. copyPadWithoutHistory
2021-12-14 01:16:38 -05:00
snyk-bot
3693a0574f
fix: upgrade jsdom from 18.1.0 to 18.1.1
...
Snyk has created this PR to upgrade jsdom from 18.1.0 to 18.1.1.
See this package in npm:
https://www.npmjs.com/package/jsdom
See this project in Snyk:
https://app.snyk.io/org/johnmclear/project/d9a12bfb-7ccd-443f-9e22-f30d339cc8c5?utm_source=github&utm_medium=referral&page=upgrade-pr
2021-12-14 01:05:47 -05:00
Richard Hansen
d94f380141
API: Fix race conditions in `setText`, `appendText`, `restoreRevision`
2021-12-14 01:02:00 -05:00
Richard Hansen
cff089e54e
PadMessageHandler: Accept retransmissions of USER_CHANGES
2021-12-14 01:02:00 -05:00
Richard Hansen
a370cfa5c6
Pad: Don't create no-op revisions
2021-12-14 01:02:00 -05:00
Richard Hansen
56b7671422
Pad: Return new rev number from `appendRevision()`
2021-12-14 01:02:00 -05:00
Richard Hansen
c05ee7ce72
PadMessageHandler: Move `ACCEPT_COMMIT` after changeset save
2021-12-14 01:02:00 -05:00
Richard Hansen
dbacc73c36
tests: Basic USER_CHANGES backend tests
2021-12-14 01:02:00 -05:00
translatewiki.net
2cae414473
Localisation updates from https://translatewiki.net .
2021-12-13 13:03:50 +01:00
Richard Hansen
1fe01c66fd
getCorePlugins.sh: Various improvements
...
* Factor out plugin query.
* Make idempotent.
* Improve logging.
* Install by symlinking to a parallel directory rather than cloning
into `etherpad-lite/node_modules`.
2021-12-11 02:01:35 -05:00
Richard Hansen
5915c2243d
checkPlugin: Redo README.md and LICENSE
2021-12-11 02:01:35 -05:00
Richard Hansen
d81546ad7b
checkPlugin: Delete Travis badge from README.md template
2021-12-11 02:01:35 -05:00
Richard Hansen
2c05de7033
checkPlugin: Update ESLint dependencies
2021-12-11 02:01:35 -05:00
Richard Hansen
3563fc1df9
checkPlugin: Relax repo checks
2021-12-11 02:01:35 -05:00
Richard Hansen
4716975c37
checkPlugin: Do case-sensitive filename checks
2021-12-11 02:01:35 -05:00
Richard Hansen
9a85bce212
checkPlugin: Only consider `README{,.md}` (case-insensitive)
...
This avoids false positives such as `README-foo.md`.
2021-12-11 02:01:35 -05:00
Richard Hansen
753d16af8a
checkPlugin: Promisify file system accesses
2021-12-11 02:01:35 -05:00
Richard Hansen
b50c6d07d4
checkPlugin: Improve readability of `files` assignment
2021-12-11 02:01:35 -05:00
Richard Hansen
b546867adb
checkPlugin: Replace `.indexOf()` with `.includes()`
2021-12-11 02:01:35 -05:00
Richard Hansen
34a4a74634
checkPlugin: Change `autocommit` to not push
2021-12-11 02:01:35 -05:00
Richard Hansen
48222449b5
checkPlugin: Add `frontend-tests.yml` GitHub workflow
2021-12-11 02:01:35 -05:00
Richard Hansen
51c530a3a0
checkPlugin: Compare entire file
2021-12-11 02:01:34 -05:00
Richard Hansen
f0669a8d31
checkPlugin: Automatically determine plugin name in `backend-tests.yml`
2021-12-11 02:01:34 -05:00
Richard Hansen
314b67b7fe
checkPlugin: Improve `eslintConfig`, `funding`, `scripts` checking
2021-12-11 02:01:34 -05:00
Richard Hansen
b7dce95802
checkPlugin: Use `updateDeps` to manage `engine`
2021-12-10 14:44:02 -05:00
Richard Hansen
f0ab112c2d
checkPlugin: Factor out duplicate file update logic and simplify
2021-12-10 14:44:02 -05:00
Richard Hansen
b7de4faf42
checkPlugin: Don't bump version if there are no changes
2021-12-10 14:44:01 -05:00
Richard Hansen
4d457f6296
ImportHandler: Pass `ImportError` to `import` hook
2021-12-10 02:34:13 -05:00
translatewiki.net
d1da8f1ebd
Localisation updates from https://translatewiki.net .
2021-12-09 13:03:48 +01:00
translatewiki.net
841bc10039
Localisation updates from https://translatewiki.net .
2021-12-06 13:03:04 +01:00
John McLear
6cca27dea6
API: `getText` with old revision should only return text, not atext
...
Co-authored-by: Richard Hansen <rhansen@rhansen.org>
2021-12-05 18:50:39 -05:00