diff --git a/CHANGELOG.md b/CHANGELOG.md index c28772421..03beab596 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ Since early in the pandemic we've been serving a custom home page on CryptPad.fr To update from 4.1.0 to 4.2.0: 1. Stop your server -2. Get the latest code from the 4.1.0 tag (`git fetch origin && git checkout 4.1.0`, or just `git pull origin main`) +2. Get the latest code from the 4.2.0 tag (`git fetch origin && git checkout 4.2.0`, or just `git pull origin main`) 3. Install the latest dependencies with `bower update` and `npm i` 4. Restart your server @@ -35,6 +35,7 @@ To update from 4.1.0 to 4.2.0: * Server administrators can now refresh the _performance_ table on the admin panel without reloading the page. * We've begun working on a _checkup_ page for CryptPad to help administrators identify and fix common misconfigurations of the platform. It's still in a very basic state, but we hope to to make it a core part of the server installation guide that is under development. * The kanban app now supports import like the rest of our apps and rejects content of any file-type other than JSON. +* We've dropped support for a very old migration that handled user accounts that had not been accessed fo several years. This should make everyone else's account slightly faster. ## Bug fixes @@ -55,10 +56,12 @@ To update from 4.1.0 to 4.2.0: * The client will now check whether a file is larger than is allowed by the server before attempting to upload it, rather failing only when the server rejects the upload. * The drive no longer allows files to be dragged and dropped into locations other than the "Documents" section, as it did not make sense for files to be displayed anywhere else. * We identified and fixed a number of issues which caused shared folders that were protected with access lists to fail to load due to race conditions between loading the document and authenticating with the server as a user or member of a team. This could also result in a loss of access to documents stored exclusively in those shared folders. +* There was a similar race condition that could occur when registering an account that could cause some parts of the UI to get stuck offline. * We've fixed a number of server issues: 1. A change in a function signature in late December caused the upload of unowned files to fail to complete. 2. Messages sent via websocket are no longer broadcast to other members of a session until they have been validated by the server and stored on the disk. This was not a security issue as clients validate messages anyway, however, it could cause inconsistencies in documents when some members of a session incorrectly believed that a message had been saved. 3. A subtle race condition in very specific circumstances could cause the server's in-memory index for a given session to become incorrect. This could cause one or two messages to be omitted when requesting the most recent history. We observed this in practice when some clients did not realize they had been kicked from a team. This is unlikely to have affected anyone in practice because it only occurred when reconnecting using cached messages for the document which records team membership, and this functionality is only being introduced in this release. + 4. Several HTTP headers were set by both our example NGINX configuration and the NodeJS server which is proxied by NGINX for a particular resource. The duplication of certain headers caused unexpected behaviour in Chrome-based browsers, so we've updated the Node process to avoid conflicting. * We spent a lot of time improving our integration of OnlyOffice's sheet editor: * The editor is now initialized with your CryptPad account's preferred language. * We realized that our peer-to-peer locking system (which replaces the server-based system provided by OnlyOffice's document server) did not correctly handle multiple locks per user. This caused errors when filtering and sorting columns. We've improved our locking system so these features should now work as expected, but old clients will not understand the new format. As mentioned in the "Update notes" section, admins must follow the recommended update steps to ensure that all clients correctly update to the latest version. diff --git a/config/config.example.js b/config/config.example.js index a49d66d90..855a848e3 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -45,6 +45,14 @@ module.exports = { * In such a case this should be also handled by NGINX, as documented in * cryptpad/docs/example.nginx.conf (see the $main_domain variable) * + * Note: you may provide multiple origins for the purpose of accessing + * a development instance via different URLs, like so: + * httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000/', + * + * Such configuration is not recommended for production instances, + * as the development team does not actively test such configuration + * and it may have unintended consequences in practice. + * */ httpUnsafeOrigin: 'http://localhost:3000/', @@ -295,6 +303,8 @@ module.exports = { */ blobStagingPath: './data/blobstage', + decreePath: './data/decrees', + /* CryptPad supports logging events directly to the disk in a 'logs' directory * Set its location here, or set it to false (or nothing) if you'd rather not log */ diff --git a/customize.dist/login.js b/customize.dist/login.js index 0e932c4f6..c0daaec91 100644 --- a/customize.dist/login.js +++ b/customize.dist/login.js @@ -22,6 +22,7 @@ define([ Feedback, LocalStore, Messages, nThen, Block, Hash) { var Exports = { Cred: Cred, + Block: Block, // this is depended on by non-customizable files // be careful when modifying login.js requiredBytes: 192, @@ -92,7 +93,7 @@ define([ }; - var loginOptionsFromBlock = function (blockInfo) { + var loginOptionsFromBlock = Exports.loginOptionsFromBlock = function (blockInfo) { var opt = {}; var parsed = Hash.getSecrets('pad', blockInfo.User_hash); opt.channelHex = parsed.channel; @@ -102,7 +103,7 @@ define([ return opt; }; - var loadUserObject = function (opt, cb) { + var loadUserObject = Exports.loadUserObject = function (opt, cb) { var config = { websocketURL: NetConfig.getWebsocketURL(), channel: opt.channelHex, diff --git a/customize.dist/src/less2/include/support.less b/customize.dist/src/less2/include/support.less index 1667b7d6e..a07d9d316 100644 --- a/customize.dist/src/less2/include/support.less +++ b/customize.dist/src/less2/include/support.less @@ -91,7 +91,7 @@ } } .cp-support-form-container { - display: none !important; + display: none; } } button { diff --git a/customize.dist/src/less2/pages/page-checkup.less b/customize.dist/src/less2/pages/page-checkup.less index a4ece61a4..2a05600c7 100644 --- a/customize.dist/src/less2/pages/page-checkup.less +++ b/customize.dist/src/less2/pages/page-checkup.less @@ -20,6 +20,12 @@ html, body { padding-top: 15px; } + .pending { + border: 1px solid white; + .fa { + margin-right: 20px; + } + } .success { border: 1px solid green; } @@ -53,5 +59,9 @@ html, body { background-color: @cp_alerts-danger-bg; color: @cp_alerts-danger-text; } + + iframe { + display: none; + } } diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index 30b311eb7..fb7a5ebc8 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -122,6 +122,7 @@ module.exports.create = function (Env, cb) { // create a pin store Store.create({ filePath: pinPath, + archivePath: Env.paths.archive, }, w(function (err, s) { if (err) { throw err; } Env.pinStore = s; @@ -130,7 +131,7 @@ module.exports.create = function (Env, cb) { // create a channel store Store.create({ filePath: Env.paths.data, - archivepath: Env.paths.archive, + archivePath: Env.paths.archive, }, w(function (err, _store) { if (err) { throw err; } Env.msgStore = _store; // API used by rpc diff --git a/lib/log.js b/lib/log.js index a815500b0..abd8dee8e 100644 --- a/lib/log.js +++ b/lib/log.js @@ -87,6 +87,7 @@ Logger.create = function (config, cb) { Store.create({ filePath: config.logPath, + archivePath: config.archivePath, }, function (err, store) { if (err) { throw err; diff --git a/lib/workers/db-worker.js b/lib/workers/db-worker.js index 5750ff7ac..5274445eb 100644 --- a/lib/workers/db-worker.js +++ b/lib/workers/db-worker.js @@ -63,6 +63,7 @@ const init = function (config, _cb) { })); Store.create({ filePath: config.pinPath, + archivePath: config.archivePath, }, w(function (err, _pinStore) { if (err) { w.abort(); diff --git a/scripts/migrations/migrate-tasks-v1.js b/scripts/migrations/migrate-tasks-v1.js index 40b8d7a87..941693c48 100644 --- a/scripts/migrations/migrate-tasks-v1.js +++ b/scripts/migrations/migrate-tasks-v1.js @@ -8,14 +8,14 @@ var config = require("../../lib/load-config"); // but the API requires it, and I don't feel like changing that // --ansuz var FileStorage = require("../../lib/storage/file"); - var tasks; nThen(function (w) { Logger.create(config, w(function (_log) { config.log = _log; })); }).nThen(function (w) { - FileStorage.create(config, w(function (_store) { + FileStorage.create(config, w(function (err, _store) { + if (err) { throw err; } config.store = _store; })); }).nThen(function (w) { diff --git a/server.js b/server.js index 9e26500ad..f3ee71d0b 100644 --- a/server.js +++ b/server.js @@ -107,6 +107,9 @@ var setHeaders = (function () { "Cross-Origin-Embedder-Policy": 'require-corp', }); + // Don't set CSP headers on /api/config because they aren't necessary and they cause problems + // when duplicated by NGINX in production environments + if (/^\/api\/config/.test(req.url)) { return; } // targeted CSP, generic policies, maybe custom headers const h = [ /^\/common\/onlyoffice\/.*\/index\.html.*/, diff --git a/www/admin/app-admin.less b/www/admin/app-admin.less index 9a1a61e57..c9b8bdc02 100644 --- a/www/admin/app-admin.less +++ b/www/admin/app-admin.less @@ -107,6 +107,16 @@ background-color: @cp_admin-premium-bg; } } + &.cp-support-list-closed { + .cp-support-list-actions { + .cp-support-answer { + display: inline !important; + } + } + .cp-support-form-container { + display: block !important; + } + } } .cp-support-list-ticket:not(.cp-support-list-closed) { diff --git a/www/admin/inner.js b/www/admin/inner.js index bc2085681..6f0b9d2df 100644 --- a/www/admin/inner.js +++ b/www/admin/inner.js @@ -840,6 +840,7 @@ define([ return; } if (msg.type !== 'TICKET') { return; } + $ticket.removeClass('cp-support-list-closed'); if (!$ticket.length) { $ticket = APP.support.makeTicket($div, content, function (hideButton) { diff --git a/www/assert/assertions.js b/www/assert/assertions.js index 8ea0a2638..a1f6944fb 100644 --- a/www/assert/assertions.js +++ b/www/assert/assertions.js @@ -21,8 +21,10 @@ define([], function () { }); }; - assert.run = function (cb) { + assert.run = function (cb, progress) { + progress = progress || function () {}; var count = ASSERTS.length; + var total = ASSERTS.length; var done = function (err) { count--; if (err) { failMessages.push(err); } @@ -38,6 +40,7 @@ define([], function () { ASSERTS.forEach(function (f, index) { f(function (err) { //console.log("test " + index); + progress(index, total); done(err, index); }, index); }); diff --git a/www/checkup/index.html b/www/checkup/index.html index afa469f7f..04a9502d3 100644 --- a/www/checkup/index.html +++ b/www/checkup/index.html @@ -6,4 +6,6 @@ +
+ diff --git a/www/checkup/inner.html b/www/checkup/inner.html new file mode 100644 index 000000000..4554943d5 --- /dev/null +++ b/www/checkup/inner.html @@ -0,0 +1,11 @@ + + + + + + + + + + + diff --git a/www/checkup/inner.js b/www/checkup/inner.js new file mode 100644 index 000000000..f752bc2ad --- /dev/null +++ b/www/checkup/inner.js @@ -0,0 +1,4 @@ +define([ +], function () { + console.log('inner loaded'); +}); diff --git a/www/checkup/main.js b/www/checkup/main.js index 171699a22..06b69e12b 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -4,12 +4,21 @@ define([ '/assert/assertions.js', '/common/hyperscript.js', '/customize/messages.js', + '/common/dom-ready.js', + '/bower_components/nthen/index.js', '/common/sframe-common-outer.js', - + '/customize/login.js', + '/common/common-hash.js', + '/common/common-util.js', + '/common/pinpad.js', + '/common/outer/network-config.js', '/bower_components/tweetnacl/nacl-fast.min.js', + 'css!/bower_components/components-font-awesome/css/font-awesome.min.css', 'less!/customize/src/less2/pages/page-checkup.less', -], function ($, ApiConfig, Assertions, h, Messages /*, SFCommonO*/) { +], function ($, ApiConfig, Assertions, h, Messages, DomReady, + nThen, SFCommonO, Login, Hash, Util, Pinpad, + NetConfig) { var assert = Assertions(); var trimSlashes = function (s) { @@ -41,7 +50,7 @@ define([ var checkAvailability = function (url, cb) { $.ajax({ url: url, - date: {}, + data: {}, complete: function (xhr) { cb(xhr.status === 200); }, @@ -52,10 +61,141 @@ define([ checkAvailability(trimmedUnsafe, cb); }, _alert("Main domain is not available")); + // Try loading an iframe on the safe domain + assert(function (cb) { + var to; + nThen(function (waitFor) { + DomReady.onReady(waitFor()); + }).nThen(function (waitFor) { + to = setTimeout(function () { + console.error('TIMEOUT loading iframe on the safe domain'); + cb(false); + }, 5000); + SFCommonO.initIframe(waitFor); + }).nThen(function () { + // Iframe is loaded + clearTimeout(to); + cb(true); + }); + }, _alert("Sandbox domain is not available")); + + // Test Websocket + var evWSError = Util.mkEvent(true); assert(function (cb) { - console.log(trimmedSafe); - checkAvailability(trimmedSafe, cb); - }, _alert("Sandbox domain is not available")); // FIXME Blocked by CSP. try loading it via sframe ? + var ws = new WebSocket(NetConfig.getWebsocketURL()); + var to = setTimeout(function () { + console.error('Websocket TIMEOUT'); + evWSError.fire(); + cb('TIMEOUT (5 seconds)'); + }, 5000); + ws.onopen = function () { + clearTimeout(to); + cb(true); + }; + ws.onerror = function (err) { + clearTimeout(to); + console.error('Websocket error', err); + evWSError.fire(); + cb('WebSocket error: check your console'); + }; + }, _alert("Websocket is not available")); + + // Test login block + assert(function (cb) { + var bytes = new Uint8Array(Login.requiredBytes); + + var opt = Login.allocateBytes(bytes); + + var blockUrl = Login.Block.getBlockUrl(opt.blockKeys); + var blockRequest = Login.Block.serialize("{}", opt.blockKeys); + var removeRequest = Login.Block.remove(opt.blockKeys); + console.log('Test block URL:', blockUrl); + + var userHash = '/2/drive/edit/000000000000000000000000'; + var secret = Hash.getSecrets('drive', userHash); + opt.keys = secret.keys; + opt.channelHex = secret.channel; + + var RT, rpc, exists; + + nThen(function (waitFor) { + Util.fetch(blockUrl, waitFor(function (err) { + if (err) { return; } // No block found + exists = true; + })); + }).nThen(function (waitFor) { + // If WebSockets aren't working, don't wait forever here + evWSError.reg(function () { + waitFor.abort(); + cb("No WebSocket (test number 6)"); + }); + // Create proxy + Login.loadUserObject(opt, waitFor(function (err, rt) { + if (err) { + waitFor.abort(); + console.error("Can't create new channel. This may also be a websocket issue."); + return void cb(false); + } + RT = rt; + var proxy = rt.proxy; + proxy.edPublic = opt.edPublic; + proxy.edPrivate = opt.edPrivate; + proxy.curvePublic = opt.curvePublic; + proxy.curvePrivate = opt.curvePrivate; + rt.realtime.onSettle(waitFor()); + })); + }).nThen(function (waitFor) { + // Init RPC + Pinpad.create(RT.network, RT.proxy, waitFor(function (e, _rpc) { + if (e) { + waitFor.abort(); + console.error("Can't initialize RPC", e); // INVALID_KEYS + return void cb(false); + } + rpc = _rpc; + })); + }).nThen(function (waitFor) { + // Write block + if (exists) { return; } + rpc.writeLoginBlock(blockRequest, waitFor(function (e) { + if (e) { + waitFor.abort(); + console.error("Can't write login block", e); + return void cb(false); + } + })); + }).nThen(function (waitFor) { + // Read block + Util.fetch(blockUrl, waitFor(function (e) { + if (e) { + waitFor.abort(); + console.error("Can't read login block", e); + return void cb(false); + } + })); + }).nThen(function (waitFor) { + // Remove block + rpc.removeLoginBlock(removeRequest, waitFor(function (e) { + if (e) { + waitFor.abort(); + console.error("Can't remove login block", e); + console.error(blockRequest); + return void cb(false); + } + })); + }).nThen(function (waitFor) { + rpc.removeOwnedChannel(secret.channel, waitFor(function (e) { + if (e) { + waitFor.abort(); + console.error("Can't remove channel", e); + return void cb(false); + } + })); + }).nThen(function () { + cb(true); + }); + + }, _alert("Login block is not working (write/read/remove)")); var row = function (cells) { return h('tr', cells.map(function (cell) { @@ -73,6 +213,8 @@ define([ ]); }; + var completed = 0; + var $progress = $('#cp-progress'); assert.run(function (state) { var errors = state.errors; var failed = errors.length; @@ -94,6 +236,17 @@ define([ h('div.failures', errors.map(failureReport)), ]); + $progress.remove(); $('body').prepend(report); + }, function (i, total) { + console.log('test '+ i +' completed'); + completed++; + Messages.assert_numberOfTestsCompleted = "{0} / {1} tests completed."; + $progress.html('').append(h('div.report.pending.summary', [ + h('p', [ + h('i.fa.fa-spinner.fa-pulse'), + h('span', Messages._getKey('assert_numberOfTestsCompleted', [completed, total])) + ]) + ])); }); }); diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 8b5101fb7..4d8adc6b4 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -836,12 +836,7 @@ define([ .text(Messages.propertiesButton)) .click(common.prepareFeedback(type)) .click(function () { - common.isPadStored(function (err, data) { - if (!data) { - return void UI.alert(Messages.autostore_notAvailable); - } - sframeChan.event('EV_PROPERTIES_OPEN'); - }); + sframeChan.event('EV_PROPERTIES_OPEN'); }); break; case 'save': // OnlyOffice save @@ -1092,36 +1087,36 @@ define([ return e; }; - UIElements.createHelpMenu = function (common, categories) { + UIElements.createHelpMenu = function (common /*, categories */) { var type = common.getMetadataMgr().getMetadata().type || 'pad'; - var elements = []; - if (Messages.help && Messages.help.generic) { - Object.keys(Messages.help.generic).forEach(function (el) { - elements.push(setHTML(h('li'), Messages.help.generic[el])); - }); - } - if (categories) { - categories.forEach(function (cat) { - var msgs = Messages.help[cat]; - if (msgs) { - Object.keys(msgs).forEach(function (el) { - elements.push(setHTML(h('li'), msgs[el])); - }); - } - }); + + var apps = { + pad: 'richtext', + code: 'code', + slide: 'slides', + sheet: 'sheets', + poll: 'poll', + kanban: 'kanban', + whiteboard: 'whiteboard', + }; + + var href = "https://docs.cryptpad.fr/en/user_guide/applications.html"; + if (apps[type]) { + href = "https://docs.cryptpad.fr/en/user_guide/apps/" + apps[type] + ".html"; } + var content = setHTML(h('p'), Messages.help.generic.more); + $(content).find('a').attr('href', href); + var text = h('p.cp-help-text', [ - h('h1', Messages.help.title), - h('ul', elements) + content ]); common.fixLinks(text); var closeButton = h('span.cp-help-close.fa.fa-times'); var $toolbarButton = common.createButton('', true, { - title: Messages.hide_help_button, text: Messages.help_button, name: 'help' }).addClass('cp-toolbar-button-active'); @@ -1130,45 +1125,25 @@ define([ text ]); - var toggleHelp = function (forceClose) { - if ($(help).hasClass('cp-help-hidden')) { - if (forceClose) { return; } - common.setAttribute(['hideHelp', type], false); - $toolbarButton.addClass('cp-toolbar-button-active'); - $toolbarButton.attr('title', Messages.hide_help_button); - return void $(help).removeClass('cp-help-hidden'); - } + $toolbarButton.attr('title', Messages.show_help_button); + + var toggleHelp = function () { $toolbarButton.removeClass('cp-toolbar-button-active'); - $toolbarButton.attr('title', Messages.show_help_button); $(help).addClass('cp-help-hidden'); common.setAttribute(['hideHelp', type], true); }; - var showMore = function () { - $(text).addClass("cp-help-small"); - var $dot = $('').text('...').appendTo($(text).find('h1')); - $(text).click(function () { - $(text).removeClass('cp-help-small'); - $(text).off('click'); - $dot.remove(); - }); - }; - $(closeButton).click(function (e) { e.stopPropagation(); toggleHelp(true); }); $toolbarButton.click(function () { - toggleHelp(); + common.openUnsafeURL(href); }); common.getAttribute(['hideHelp', type], function (err, val) { - //if ($(window).height() < 800 || $(window).width() < 800) { return void toggleHelp(true); } - if (val === true) { return void toggleHelp(true); } - // Note: Help is always hidden by default now, to avoid displaying to many things in the UI - // This is why we have (true || ...) - if (!val && (true || $(window).height() < 800 || $(window).width() < 800)) { - return void showMore(); + if (val === true || $(window).height() < 800 || $(window).width() < 800) { + toggleHelp(true); } }); @@ -1724,21 +1699,7 @@ define([ }, }); } -/* - if (AppConfig.surveyURL) { - options.push({ - tag: 'a', - attributes: { - 'class': 'cp-toolbar-survey fa fa-graduation-cap' - }, - content: h('span', Messages.survey), - action: function () { - Common.openUnsafeURL(AppConfig.surveyURL); - Feedback.send('SURVEY_CLICKED'); - }, - }); - } -*/ + options.push({ tag: 'a', attributes: { @@ -1795,6 +1756,20 @@ define([ }); } + if (AppConfig.surveyURL) { + options.push({ + tag: 'a', + attributes: { + 'class': 'cp-toolbar-survey fa fa-graduation-cap' + }, + content: h('span', Messages.survey), + action: function () { + Common.openUnsafeURL(AppConfig.surveyURL); + Feedback.send('SURVEY_CLICKED'); + }, + }); + } + options.push({ tag: 'hr' }); // Add login or logout button depending on the current status if (priv.loggedIn) { diff --git a/www/common/common-util.js b/www/common/common-util.js index e98b37009..9ea892702 100644 --- a/www/common/common-util.js +++ b/www/common/common-util.js @@ -269,9 +269,8 @@ Util.magnitudeOfBytes = function (bytes) { if (bytes >= oneGigabyte) { return 'GB'; } - // smallest supported format is MB to preserve existing behaviour - else /* if (bytes >= oneMegabyte) */ { return 'MB'; } - //else { return 'KB'; } + else if (bytes >= oneMegabyte) { return 'MB'; } + else { return 'KB'; } }; // given a path, asynchronously return an arraybuffer diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 665464e16..91e5692b1 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -2308,6 +2308,7 @@ define([ var channelIsReady = waitFor(); + updateLocalVersion(); var msgEv = Util.mkEvent(); var postMsg, worker; @@ -2541,7 +2542,6 @@ define([ AppConfig.afterLogin(common, waitFor()); } }).nThen(function () { - updateLocalVersion(); f(void 0, env); if (typeof(window.onhashchange) === 'function') { window.onhashchange(); } }); diff --git a/www/common/inner/properties.js b/www/common/inner/properties.js index f5780d4c2..ddbf017fc 100644 --- a/www/common/inner/properties.js +++ b/www/common/inner/properties.js @@ -18,6 +18,16 @@ define([ opts = opts || {}; var $d = $('
'); if (!data) { return void cb(void 0, $d); } + data = Util.clone(data); + + var privateData = common.getMetadataMgr().getPrivateData(); + if (privateData.propChannels) { + var p = privateData.propChannels; + data.channel = data.channel || p.channel; + data.rtChannel = data.rtChannel || p.rtChannel; + data.lastVersion = data.lastVersion || p.lastVersion; + data.lastCpHash = data.lastCpHash || p.lastCpHash; + } if (data.channel) { $('