detect new versions in server telemetry responses

pull/1/head
ansuz 4 years ago
parent 93edc4e63a
commit bb7c40237b

@ -11,7 +11,6 @@ module.exports.create = function (Env) {
nThen(function (w) { nThen(function (w) {
Decrees.load(Env, w(function (err) { Decrees.load(Env, w(function (err) {
Env.flushCache(); Env.flushCache();
if (err) { if (err) {
log.error('DECREES_LOADING', { log.error('DECREES_LOADING', {
error: err.code || err, error: err.code || err,
@ -19,36 +18,6 @@ nThen(function (w) {
}); });
console.error(err); console.error(err);
} }
var stats = {
restrictRegistration: Env.restrictRegistration,
supportMailbox: Env.supportMailbox,
defaultStorageLimit: Env.defaultStorageLimit,
maxUploadSize: Env.maxUploadSize,
premiumUploadSize: Env.premiumUploadSize,
adminEmail: Env.adminEmail,
inactiveTime: Env.inactiveTime,
accountRetentionTime: Env.accountRetentionTime,
archiveRetentionTime: Env.archiveRetentionTime,
httpUnsafeOrigin: Env.httpUnsafeOrigin,
httpSafeOrigin: Env.httpSafeOrigin,
adminKeys: Env.admins,
consentToContact: Env.consentToContact,
listMyInstance: Env.listMyInstance,
provideAggregateStatistics: Env.provideAggregateStatistics,
removeDonateButton: Env.removeDonateButton,
blockDailyCheck: Env.blockDailyCheck,
};
console.log(stats);
})); }));
}).nThen(function () { }).nThen(function () {
// asynchronously create a historyKeeper and RPC together // asynchronously create a historyKeeper and RPC together

@ -4,9 +4,9 @@ const Quota = module.exports;
//const Util = require("../common-util"); //const Util = require("../common-util");
const Keys = require("../keys"); const Keys = require("../keys");
const Package = require('../../package.json');
const Https = require("https"); const Https = require("https");
const Util = require("../common-util"); const Util = require("../common-util");
const Stats = require("../stats");
var validLimitFields = ['limit', 'plan', 'note', 'users', 'origin']; var validLimitFields = ['limit', 'plan', 'note', 'users', 'origin'];
@ -51,24 +51,66 @@ Quota.applyCustomLimits = function (Env) {
// console.log(Env.limits); // console.log(Env.limits);
}; };
var isRemoteVersionNewer = function (local, remote) {
try {
local = local.split('.').map(Number);
remote = remote.split('.').map(Number);
for (var i = 0; i < 3; i++) {
if (remote[i] < local[i]) { return false; }
if (remote[i] > local[i]) { return true; }
}
} catch (err) {
// if anything goes wrong just fall through and return false
// false negatives are better than false positives
}
return false;
};
/* /*
Env = { var Assert = require("assert");
myDomain, [
mySubdomain, // remote versions
adminEmail, ['4.5.0', '4.5.0', false], // equal semver should not prompt
Package.version, ['4.5.0', '4.5.1', true], // patch versions should prompt
['4.5.0', '4.6.0', true], // minor versions should prompt
['4.5.0', '5.0.0', true], // major versions should prompt
// local
['5.3.1', '4.9.0', false], // newer major should not prompt
['4.7.0', '4.6.0', false], // newer minor should not prompt
['4.7.0', '4.6.1', false], // newer patch should not prompt if other values are greater
].forEach(function (x) {
var result = isRemoteVersionNewer(x[0], x[1]);
Assert.equal(result, x[2]);
});
*/
// check if the remote endpoint reported an available server version
// which is newer than your current version (Env.version)
// if so, set Env.updateAvailable to the URL of its release notes
var checkUpdateAvailability = function (Env, json) {
if (!(json && typeof(json.updateAvailable) === 'string' && typeof(json.version) === 'string')) { return; }
// expects {updateAvailable: 'https://github.com/xwiki-labs/cryptpad/releases/4.7.0', version: '4.7.0'}
// the version string is provided explicitly even though it could be parsed from GitHub's URL
// this will allow old instances to understand responses of arbitrary URLs
// as long as we keep using semver for 'version'
if (!isRemoteVersionNewer(Env.version, json.version)) {
Env.updateAvailable = undefined;
return;
}
Env.updateAvailable = json.updateAvailable;
Env.Log.info('AN_UPDATE_IS_AVAILABLE', {
version: json.version,
updateAvailable: json.updateAvaiable,
});
}; };
*/
var queryAccountServer = function (Env, cb) { var queryAccountServer = function (Env, cb) {
var done = Util.once(Util.mkAsync(cb)); var done = Util.once(Util.mkAsync(cb));
var body = JSON.stringify({ var rawBody = Stats.instanceData(Env);
domain: Env.myDomain, Env.Log.info("SERVER_TELEMETRY", rawBody);
subdomain: Env.mySubdomain || null, var body = JSON.stringify(rawBody);
adminEmail: Env.adminEmail,
version: Package.version
});
var options = { var options = {
host: 'accounts.cryptpad.fr', host: 'accounts.cryptpad.fr',
path: '/api/getauthorized', path: '/api/getauthorized',
@ -92,6 +134,7 @@ var queryAccountServer = function (Env, cb) {
response.on('end', function () { response.on('end', function () {
try { try {
var json = JSON.parse(str); var json = JSON.parse(str);
checkUpdateAvailability(Env, json);
// don't overwrite the limits with junk data // don't overwrite the limits with junk data
if (json && json.message === 'EINVAL') { return void cb(); } if (json && json.message === 'EINVAL') { return void cb(); }
done(void 0, json); done(void 0, json);

@ -111,7 +111,7 @@ module.exports.create = function (config) {
consentToContact: false, consentToContact: false,
listMyInstance: false, listMyInstance: false,
provideAggregateStatistics: false, provideAggregateStatistics: false,
updateAvailable: undefined || 'https://github.com/xwiki-labs/cryptpad/releases/4.5.0', // XXX updateAvailable: undefined,
myDomain: config.myDomain, myDomain: config.myDomain,
mySubdomain: config.mySubdomain, // only exists for the accounts integration mySubdomain: config.mySubdomain, // only exists for the accounts integration

@ -0,0 +1,65 @@
/*jshint esversion: 6 */
const Stats = module.exports;
Stats.instanceData = function (Env) {
var data = {
version: Env.version,
domain: Env.myDomain,
subdomain: Env.mySubdomain,
httpUnsafeOrigin: Env.httpUnsafeOrigin,
httpSafeOrigin: Env.httpSafeOrigin,
adminEmail: Env.adminEmail,
consentToContact: Boolean(Env.consentToContact),
};
/* We reserve the right to choose not to include instances
in our public directory at our discretion.
The following details will be included in your telemetry
as factors that may contribute to that decision.
These values are publicly available via /api/config
posting them to our server just makes it easier for us.
*/
if (Env.listMyInstance) {
// clearly indicate that you want to be listed
data.listMyInstance = Env.listMyInstance;
// you should have enabled your admin panel
data.adminKeys = Env.admins.length > 0;
// we expect that you enable your support mailbox
data.supportMailbox = Boolean(Env.supportMailbox);
// do you allow registration?
data.restrictRegistration = Boolean(Env.restrictRegistration);
// have you removed the donate button?
data.removeDonateButton = Boolean(Env.removeDonateButton);
// after how long do you consider a document to be inactive?
data.inactiveTime = Env.inactiveTime;
// how much storage do you offer to registered users?
data.defaultStorageLimit = Env.defaultStorageLimit;
// what size file upload do you permit
data.maxUploadSize = Env.maxUploadSize;
// how long do you retain inactive accounts?
data.accountRetentionTime = Env.accountRetentionTime;
// how long do you retain archived data?
//data.archiveRetentionTime = Env.archiveRetentionTime,
}
// we won't consider instances for public listings
// unless they opt to provide more info about themselves
if (!Env.provideAggregateStatistics) { return data; }
return data;
};

@ -90,7 +90,7 @@ define([
'cp-admin-update-available', 'cp-admin-update-available',
'cp-admin-checkup', 'cp-admin-checkup',
'cp-admin-block-daily-check', 'cp-admin-block-daily-check',
'cp-admin-provide-aggregate-statistics', //'cp-admin-provide-aggregate-statistics',
'cp-admin-list-my-instance', 'cp-admin-list-my-instance',
'cp-admin-consent-to-contact', 'cp-admin-consent-to-contact',
'cp-admin-remove-donate-button', 'cp-admin-remove-donate-button',
@ -1759,7 +1759,7 @@ define([
}; };
Messages.admin_consentToContactTitle = 'Consent to contact'; // XXX Messages.admin_consentToContactTitle = 'Consent to contact'; // XXX
Messages.admin_consentToContactHint = "Server telemetry includes the admin contact email so that the developers can notify you of vulnerabilities in the softare. This will never be shared, sold, or used for marketing purposes. Consent to contact if you'd like to be informed of critical issues in your server."; // XXX Messages.admin_consentToContactHint = "Server telemetry includes the admin contact email so that the developers can notify you of vulnerabilities in the software or your configuration. This will never be shared, sold, or used for marketing purposes. Consent to contact if you'd like to be informed of critical issues in your server."; // XXX
Messages.admin_consentToContactLabel = 'I consent'; // XXX Messages.admin_consentToContactLabel = 'I consent'; // XXX
create['consent-to-contact'] = makeAdminCheckbox({ create['consent-to-contact'] = makeAdminCheckbox({
@ -1784,7 +1784,7 @@ define([
}); });
Messages.admin_listMyInstanceTitle = 'List my instance in public directories'; // XXX Messages.admin_listMyInstanceTitle = 'List my instance in public directories'; // XXX
Messages.admin_listMyInstanceHint = 'If your instance is suitable for public use you may consent to be listed in web directories.'; // XXX Messages.admin_listMyInstanceHint = 'If your instance is suitable for public use you may consent to be listed in web directories. Server telemetry must be enabled for this to have any effect.'; // XXX
Messages.admin_listMyInstanceLabel = 'List this instance'; // XXX Messages.admin_listMyInstanceLabel = 'List this instance'; // XXX
create['list-my-instance'] = makeAdminCheckbox({ // XXX uncheck if server telemetry is disabled? create['list-my-instance'] = makeAdminCheckbox({ // XXX uncheck if server telemetry is disabled?
@ -1858,8 +1858,8 @@ define([
}, },
}); });
Messages.admin_blockDailyCheckTitle = 'Opt-out of server telemetry'; // XXX Messages.admin_blockDailyCheckTitle = 'Server telemetry'; // XXX
Messages.admin_blockDailyCheckHint = "CryptPad instances send a message to the developers' server when launched and once per day thereafter. This lets them keep track of how many servers are running which versions of the software. You can opt-out of this measurement below."; // XXX Messages.admin_blockDailyCheckHint = "CryptPad instances send a message to the developers' server when launched and once per day thereafter. This lets them keep track of how many servers are running which versions of the software. You can opt-out of this measurement below. The contents of this message can be found in the application server's log for your review."; // XXX
Messages.admin_blockDailyCheckLabel = 'Disable server telemetry'; // XXX Messages.admin_blockDailyCheckLabel = 'Disable server telemetry'; // XXX
/* // XXX /* // XXX

Loading…
Cancel
Save