From 521b59088b7ce7e2af89b29326daf6a0617d3b41 Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 18 Jun 2020 15:24:58 -0400 Subject: [PATCH 1/9] fix unreadable team chat input text color --- www/teams/app-team.less | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/teams/app-team.less b/www/teams/app-team.less index c59d0dcb9..abd46d121 100644 --- a/www/teams/app-team.less +++ b/www/teams/app-team.less @@ -45,7 +45,7 @@ .cp-app-contacts-input { textarea { border: 0px; - color: white; + color: @cryptpad_text_col; } } } From 434ba6c360208b91d848561e311fc66543a38f2e Mon Sep 17 00:00:00 2001 From: "Francisco J. Solis-Munoz" Date: Tue, 22 Sep 2020 09:43:36 -0500 Subject: [PATCH 2/9] Fixed content security policy for local development to same IP as server.js --- config/config.example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.example.js b/config/config.example.js index 3826a7291..fabddce26 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -46,7 +46,7 @@ module.exports = { * cryptpad/docs/example.nginx.conf (see the $main_domain variable) * */ - httpUnsafeOrigin: 'http://localhost:3000/', + httpUnsafeOrigin: 'http://127.0.0.1:3000/', /* httpSafeOrigin is the URL that is used for the 'sandbox' described above. * If you're testing or developing with CryptPad on your local machine then From 05cbe20bbe59a4bf4aa48ff2d70a42597a465cd3 Mon Sep 17 00:00:00 2001 From: "Francisco J. Solis-Munoz" Date: Tue, 22 Sep 2020 09:51:26 -0500 Subject: [PATCH 3/9] Unsafe origin for localhost as 127.0.0.1 --- config/config.example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.example.js b/config/config.example.js index fabddce26..3f0437953 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -46,7 +46,7 @@ module.exports = { * cryptpad/docs/example.nginx.conf (see the $main_domain variable) * */ - httpUnsafeOrigin: 'http://127.0.0.1:3000/', + httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000', /* httpSafeOrigin is the URL that is used for the 'sandbox' described above. * If you're testing or developing with CryptPad on your local machine then From 022ecc39477785d8e92035570204d6fceea6e9f5 Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 3 Mar 2021 17:36:55 +0530 Subject: [PATCH 4/9] update changelog with final notes --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c28772421..0863a368e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,7 @@ To update from 4.1.0 to 4.2.0: * Server administrators can now refresh the _performance_ table on the admin panel without reloading the page. * We've begun working on a _checkup_ page for CryptPad to help administrators identify and fix common misconfigurations of the platform. It's still in a very basic state, but we hope to to make it a core part of the server installation guide that is under development. * The kanban app now supports import like the rest of our apps and rejects content of any file-type other than JSON. +* We've dropped support for a very old migration that handled user accounts that had not been accessed fo several years. This should make everyone else's account slightly faster. ## Bug fixes @@ -55,10 +56,12 @@ To update from 4.1.0 to 4.2.0: * The client will now check whether a file is larger than is allowed by the server before attempting to upload it, rather failing only when the server rejects the upload. * The drive no longer allows files to be dragged and dropped into locations other than the "Documents" section, as it did not make sense for files to be displayed anywhere else. * We identified and fixed a number of issues which caused shared folders that were protected with access lists to fail to load due to race conditions between loading the document and authenticating with the server as a user or member of a team. This could also result in a loss of access to documents stored exclusively in those shared folders. +* There was a similar race condition that could occur when registering an account that could cause some parts of the UI to get stuck offline. * We've fixed a number of server issues: 1. A change in a function signature in late December caused the upload of unowned files to fail to complete. 2. Messages sent via websocket are no longer broadcast to other members of a session until they have been validated by the server and stored on the disk. This was not a security issue as clients validate messages anyway, however, it could cause inconsistencies in documents when some members of a session incorrectly believed that a message had been saved. 3. A subtle race condition in very specific circumstances could cause the server's in-memory index for a given session to become incorrect. This could cause one or two messages to be omitted when requesting the most recent history. We observed this in practice when some clients did not realize they had been kicked from a team. This is unlikely to have affected anyone in practice because it only occurred when reconnecting using cached messages for the document which records team membership, and this functionality is only being introduced in this release. + 4. Several HTTP headers were set by both our example NGINX configuration and the NodeJS server which is proxied by NGINX for a particular resource. The duplication of certain headers caused unexpected behaviour in Chrome-based browsers, so we've updated the Node process to avoid conflicting. * We spent a lot of time improving our integration of OnlyOffice's sheet editor: * The editor is now initialized with your CryptPad account's preferred language. * We realized that our peer-to-peer locking system (which replaces the server-based system provided by OnlyOffice's document server) did not correctly handle multiple locks per user. This caused errors when filtering and sorting columns. We've improved our locking system so these features should now work as expected, but old clients will not understand the new format. As mentioned in the "Update notes" section, admins must follow the recommended update steps to ensure that all clients correctly update to the latest version. From 60979a1f5cbb8a1199c268a128ded51767a430fd Mon Sep 17 00:00:00 2001 From: ansuz Date: Wed, 3 Mar 2021 17:54:58 +0530 Subject: [PATCH 5/9] fix a bad copy-paste in the changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0863a368e..03beab596 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ Since early in the pandemic we've been serving a custom home page on CryptPad.fr To update from 4.1.0 to 4.2.0: 1. Stop your server -2. Get the latest code from the 4.1.0 tag (`git fetch origin && git checkout 4.1.0`, or just `git pull origin main`) +2. Get the latest code from the 4.2.0 tag (`git fetch origin && git checkout 4.2.0`, or just `git pull origin main`) 3. Install the latest dependencies with `bower update` and `npm i` 4. Restart your server From 6cd2131f27e5b497efa01cc4199eed4edca26f58 Mon Sep 17 00:00:00 2001 From: Dmitry Borodaenko Date: Mon, 30 Nov 2020 16:33:32 -0800 Subject: [PATCH 6/9] Pass archivePath to Store.create always --- lib/historyKeeper.js | 3 ++- lib/log.js | 1 + lib/workers/db-worker.js | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/historyKeeper.js b/lib/historyKeeper.js index 30b311eb7..fb7a5ebc8 100644 --- a/lib/historyKeeper.js +++ b/lib/historyKeeper.js @@ -122,6 +122,7 @@ module.exports.create = function (Env, cb) { // create a pin store Store.create({ filePath: pinPath, + archivePath: Env.paths.archive, }, w(function (err, s) { if (err) { throw err; } Env.pinStore = s; @@ -130,7 +131,7 @@ module.exports.create = function (Env, cb) { // create a channel store Store.create({ filePath: Env.paths.data, - archivepath: Env.paths.archive, + archivePath: Env.paths.archive, }, w(function (err, _store) { if (err) { throw err; } Env.msgStore = _store; // API used by rpc diff --git a/lib/log.js b/lib/log.js index a815500b0..abd8dee8e 100644 --- a/lib/log.js +++ b/lib/log.js @@ -87,6 +87,7 @@ Logger.create = function (config, cb) { Store.create({ filePath: config.logPath, + archivePath: config.archivePath, }, function (err, store) { if (err) { throw err; diff --git a/lib/workers/db-worker.js b/lib/workers/db-worker.js index 5750ff7ac..5274445eb 100644 --- a/lib/workers/db-worker.js +++ b/lib/workers/db-worker.js @@ -63,6 +63,7 @@ const init = function (config, _cb) { })); Store.create({ filePath: config.pinPath, + archivePath: config.archivePath, }, w(function (err, _pinStore) { if (err) { w.abort(); From f49c7221b74577009f29b4a86401e59d7a57c771 Mon Sep 17 00:00:00 2001 From: Dmitry Borodaenko Date: Mon, 30 Nov 2020 16:51:05 -0800 Subject: [PATCH 7/9] Add decreePath to config.example.js --- config/config.example.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/config.example.js b/config/config.example.js index a49d66d90..5b3e49cc4 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -295,6 +295,8 @@ module.exports = { */ blobStagingPath: './data/blobstage', + decreePath: './data/decrees', + /* CryptPad supports logging events directly to the disk in a 'logs' directory * Set its location here, or set it to false (or nothing) if you'd rather not log */ From e62a378f9c7e1d6b42b8fddb1e34b09241b1ae9d Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 4 Mar 2021 11:01:25 +0530 Subject: [PATCH 8/9] fix PR's whitespace --- scripts/migrations/migrate-tasks-v1.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/migrations/migrate-tasks-v1.js b/scripts/migrations/migrate-tasks-v1.js index a093f9799..941693c48 100644 --- a/scripts/migrations/migrate-tasks-v1.js +++ b/scripts/migrations/migrate-tasks-v1.js @@ -15,7 +15,7 @@ nThen(function (w) { })); }).nThen(function (w) { FileStorage.create(config, w(function (err, _store) { - if (err) { throw err; } + if (err) { throw err; } config.store = _store; })); }).nThen(function (w) { From 4e20639fa0486f0dec82e9b4d3719bd8f62a885b Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 4 Mar 2021 11:07:12 +0530 Subject: [PATCH 9/9] revert example config to current default, but provide a more detailed comment --- config/config.example.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/config/config.example.js b/config/config.example.js index 6a8422b0c..9729ca93f 100644 --- a/config/config.example.js +++ b/config/config.example.js @@ -45,8 +45,16 @@ module.exports = { * In such a case this should be also handled by NGINX, as documented in * cryptpad/docs/example.nginx.conf (see the $main_domain variable) * + * Note: you may provide multiple origins for the purpose of accessing + * a development instance via different URLs, like so: + * httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000/', + * + * Such configuration is not recommended for production instances, + * as the development team does not actively test such configuration + * and it may have unintended consequences in practice. + * */ - httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000', + httpUnsafeOrigin: 'http://localhost:3000/', /* httpSafeOrigin is the URL that is used for the 'sandbox' described above. * If you're testing or developing with CryptPad on your local machine then