From 88bec1a36843b0a80e7d86d5bcd386fbaf0a5bb0 Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Fri, 15 Apr 2022 14:25:34 +0300 Subject: [PATCH 1/4] [npm] Fix vulnerabilities in package dependencies --- Common/npm-shrinkwrap.json | 32 +++++++++++++++---------------- Common/package.json | 2 +- DocService/npm-shrinkwrap.json | 12 ++++++------ FileConverter/npm-shrinkwrap.json | 6 +++--- npm-shrinkwrap.json | 12 ++++++------ 5 files changed, 32 insertions(+), 32 deletions(-) diff --git a/Common/npm-shrinkwrap.json b/Common/npm-shrinkwrap.json index dd85b948..8023ddf1 100644 --- a/Common/npm-shrinkwrap.json +++ b/Common/npm-shrinkwrap.json @@ -389,9 +389,9 @@ "integrity": "sha1-+kt5+kf9Pe9eOxWYJRYcClGclCc=" }, "is-electron": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/is-electron/-/is-electron-2.2.0.tgz", - "integrity": "sha512-SpMppC2XR3YdxSzczXReBjqs2zGscWQpBIKqwXYBFic0ERaxNVgwLCHwOLZeESfdJQjX0RDvrJ1lBXX2ij+G1Q==" + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-electron/-/is-electron-2.2.1.tgz", + "integrity": "sha512-r8EEQQsqT+Gn0aXFx7lTFygYQhILLCB+wn0WCDL5LZRINeLH/Rvw1j2oKodELLXYNImQ3CRlVsY8wW4cGOsyuw==" }, "is-typedarray": { "version": "1.0.0", @@ -609,9 +609,9 @@ "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==" }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" }, "mkdirp": { "version": "0.5.5", @@ -644,9 +644,9 @@ } }, "node-forge": { - "version": "0.10.0", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.10.0.tgz", - "integrity": "sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==" + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", + "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==" }, "node-localstorage": { "version": "1.3.1", @@ -961,9 +961,9 @@ } }, "url-parse": { - "version": "1.5.3", - "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.3.tgz", - "integrity": "sha512-IIORyIQD9rvj0A4CLWsHkBBJuNqWpFQe224b6j9t/ABmquIS0qDU2pY6kl6AuOrL5OkCXHMCFNe1jBcuAggjvQ==", + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", "requires": { "querystringify": "^2.1.1", "requires-port": "^1.0.0" @@ -999,13 +999,13 @@ } }, "win-ca": { - "version": "3.4.5", - "resolved": "https://registry.npmjs.org/win-ca/-/win-ca-3.4.5.tgz", - "integrity": "sha512-2xTLq3jah7Sg8Pt8me2rbTnDMxulrX6gSfU9lscyqjyE4gj34sd9w6LK0v8aNHzow+s0WEX1vve58EixZbXiLg==", + "version": "3.5.0", + "resolved": "https://registry.npmjs.org/win-ca/-/win-ca-3.5.0.tgz", + "integrity": "sha512-0TgO/+2iz2pS3OxBy2ikovPHOYyZRdLRxRTT9ze7DpZwEpaahLFOBuac93GM3lYEVzDyf8fXskJjIX/EILvkhQ==", "requires": { "is-electron": "^2.2.0", "make-dir": "^1.3.0", - "node-forge": "^0.10.0", + "node-forge": "^1.2.1", "split": "^1.0.1" } }, diff --git a/Common/package.json b/Common/package.json index 4f21aef5..f90e0e4e 100644 --- a/Common/package.json +++ b/Common/package.json @@ -26,6 +26,6 @@ "request-filtering-agent": "^1.0.5", "rhea": "^0.3.9", "uri-js": "^4.2.2", - "win-ca": "^3.4.5" + "win-ca": "^3.5.0" } } diff --git a/DocService/npm-shrinkwrap.json b/DocService/npm-shrinkwrap.json index 105bf276..353d78d1 100644 --- a/DocService/npm-shrinkwrap.json +++ b/DocService/npm-shrinkwrap.json @@ -652,9 +652,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" }, "mkdirp": { "version": "0.5.5", @@ -665,9 +665,9 @@ } }, "moment": { - "version": "2.22.2", - "resolved": "https://registry.npmjs.org/moment/-/moment-2.22.2.tgz", - "integrity": "sha1-PCV/mDn8DpP/UxSWMiOeuQeD/2Y=" + "version": "2.29.2", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.2.tgz", + "integrity": "sha512-UgzG4rvxYpN15jgCmVJwac49h9ly9NurikMWGPdVxm8GZD6XjkKPxDTjQQ43gtGgnV3X0cAyWDdP2Wexoquifg==" }, "moment-timezone": { "version": "0.5.23", diff --git a/FileConverter/npm-shrinkwrap.json b/FileConverter/npm-shrinkwrap.json index b688b30d..350d9e68 100644 --- a/FileConverter/npm-shrinkwrap.json +++ b/FileConverter/npm-shrinkwrap.json @@ -76,9 +76,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" }, "pseudomap": { "version": "1.0.2", diff --git a/npm-shrinkwrap.json b/npm-shrinkwrap.json index 6d82d0cc..feced006 100644 --- a/npm-shrinkwrap.json +++ b/npm-shrinkwrap.json @@ -774,9 +774,9 @@ }, "dependencies": { "async": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/async/-/async-2.6.3.tgz", - "integrity": "sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==", + "version": "2.6.4", + "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz", + "integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==", "requires": { "lodash": "^4.17.14" } @@ -1292,9 +1292,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" }, "mixin-deep": { "version": "1.3.2", From c5532bfd3f240eb66e3881039ea8e99efd2984e5 Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Fri, 15 Apr 2022 15:02:37 +0300 Subject: [PATCH 2/4] [log] Add warning if jwt token is not set --- DocService/sources/server.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/DocService/sources/server.js b/DocService/sources/server.js index c5b10a5e..ccc232bf 100644 --- a/DocService/sources/server.js +++ b/DocService/sources/server.js @@ -60,6 +60,9 @@ const configStorage = configCommon.get('storage'); const cfgWopiEnable = configCommon.get('wopi.enable'); const cfgHtmlTemplate = configCommon.get('wopi.htmlTemplate'); +const cfgTokenEnableBrowser = configCommon.get('services.CoAuthoring.token.enable.browser'); +const cfgTokenEnableRequestInbox = configCommon.get('services.CoAuthoring.token.enable.request.inbox'); +const cfgTokenEnableRequestOutbox = configCommon.get('services.CoAuthoring.token.enable.request.outbox'); const app = express(); //path.resolve uses __dirname by default(unexpected path in pkg) @@ -95,6 +98,12 @@ const updateLicense = () => { logger.warn('Express server starting...'); +if (!(cfgTokenEnableBrowser && cfgTokenEnableRequestInbox && cfgTokenEnableRequestOutbox)) { + logger.warn('Set services.CoAuthoring.token.enable.browser, services.CoAuthoring.token.enable.request.inbox, ' + + 'services.CoAuthoring.token.enable.request.outbox in the Document Server config ' + + 'to prevent an unauthorized access to your documents and the substitution of important parameters in ONLYOFFICE Document Server requests.'); +} + updateLicense(); if (config.has('server.static_content')) { From d1cc51ffa3cab1e4d3d304ba8ea7dcba2d643f4a Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Mon, 18 Apr 2022 17:25:29 +0300 Subject: [PATCH 3/4] [bug] Fix crash in case of undefined user name --- DocService/sources/DocsCoServer.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DocService/sources/DocsCoServer.js b/DocService/sources/DocsCoServer.js index 4d1e4f75..b654c9ce 100644 --- a/DocService/sources/DocsCoServer.js +++ b/DocService/sources/DocsCoServer.js @@ -1859,7 +1859,7 @@ exports.install = function(server, callbackFunction) { let isRu = (data.lang && /^ru/.test(data.lang)); name = isRu ? user.lastname + ' ' + user.firstname : user.firstname + ' ' + user.lastname; } else { - name = user.username; + name = user.username || "Anonymous"; } if (name.length > constants.USER_NAME_MAX_LENGTH) { logger.warn('fillUsername user name too long actual = %s; max = %s', name.length, constants.USER_NAME_MAX_LENGTH); From c94fc7d4877e51465a302d608e7081ee6733525f Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Wed, 18 May 2022 13:50:03 +0300 Subject: [PATCH 4/4] [feature] Reformat info.json response --- DocService/sources/DocsCoServer.js | 83 ++++++++++++++++---------- DocService/sources/editorDataMemory.js | 8 +-- 2 files changed, 56 insertions(+), 35 deletions(-) diff --git a/DocService/sources/DocsCoServer.js b/DocService/sources/DocsCoServer.js index e8f84c8a..1122e2a5 100644 --- a/DocService/sources/DocsCoServer.js +++ b/DocService/sources/DocsCoServer.js @@ -3472,20 +3472,26 @@ exports.licenseInfo = function(req, res) { return co(function*() { let isError = false; let output = { - connectionsStat: {}, licenseInfo: {}, serverInfo: { - buildVersion: commonDefines.buildVersion, buildNumber: commonDefines.buildNumber, - }, quota: { - editorConnectionsCount: 0, - uniqueUserCount: 0, - anonymousUserCount: 0, + connectionsStat: {}, licenseInfo: {}, serverInfo: { + buildVersion: commonDefines.buildVersion, buildNumber: commonDefines.buildNumber, + }, quota: { + edit: { + connectionsCount: 0, + usersCount: { + unique: 0, + anonymous: 0, + } + }, + view: { + connectionsCount: 0, + usersCount: { + unique: 0, + anonymous: 0, + } + }, byMonth: null - }, quotaView: { - connectionsCount: 0, - uniqueUserCount: 0, - anonymousUserCount: 0, - byMonth: null - } - }; + } + }; Object.assign(output.licenseInfo, licenseInfo); try { logger.debug('licenseInfo start'); @@ -3557,31 +3563,46 @@ exports.licenseInfo = function(req, res) { } } const nowUTC = getLicenseNowUtc(); - let execRes = yield editorData.getPresenceUniqueUser(nowUTC); - output.quota.uniqueUserCount = execRes.length; + let execRes; + execRes = yield editorData.getPresenceUniqueUser(nowUTC); + output.quota.edit.connectionsCount = yield editorData.getEditorConnectionsCount(connections); + output.quota.edit.usersCount.unique = execRes.length; execRes.forEach(function(elem) { if (elem.anonym) { - output.quota.anonymousUserCount++; + output.quota.edit.usersCount.anonymous++; } }); - output.quota.byMonth = yield editorData.getPresenceUniqueUsersOfMonth(); + + execRes = yield editorData.getPresenceUniqueViewUser(nowUTC); + output.quota.view.connectionsCount = yield editorData.getLiveViewerConnectionsCount(connections); + output.quota.view.usersCount.unique = execRes.length; + execRes.forEach(function(elem) { + if (elem.anonym) { + output.quota.view.usersCount.anonymous++; + } + }); + + let byMonth = yield editorData.getPresenceUniqueUsersOfMonth(); + let byMonthView = yield editorData.getPresenceUniqueViewUsersOfMonth(); + let byMonthMerged = yield editorData.getPresenceUniqueViewUsersOfMonth(); + for (let i in byMonth) { + if (byMonth.hasOwnProperty(i)) { + byMonthMerged[i] = {date: i, users: byMonth[i], usersView: {}}; + } + } + for (let i in byMonthView) { + if (byMonthView.hasOwnProperty(i)) { + if (byMonthMerged.hasOwnProperty(i)) { + byMonthMerged[i].usersView = byMonthView[i]; + } else { + byMonthMerged[i] = {date: i, users: {}, usersView: byMonthView[i]}; + } + } + } + output.quota.byMonth = Object.values(byMonthMerged); output.quota.byMonth.sort((a, b) => { return a.date.localeCompare(b.date); }); - output.quota.editorConnectionsCount = yield editorData.getEditorConnectionsCount(connections); - - execRes = yield editorData.getPresenceUniqueViewUser(nowUTC); - output.quotaView.uniqueUserCount = execRes.length; - execRes.forEach(function(elem) { - if (elem.anonym) { - output.quotaView.anonymousUserCount++; - } - }); - output.quotaView.byMonth = yield editorData.getPresenceUniqueViewUsersOfMonth(); - output.quotaView.byMonth.sort((a, b) => { - return a.date.localeCompare(b.date); - }); - output.quotaView.connectionsCount = yield editorData.getLiveViewerConnectionsCount(connections); logger.debug('licenseInfo end'); } catch (err) { diff --git a/DocService/sources/editorDataMemory.js b/DocService/sources/editorDataMemory.js index 610358b1..9ef9cab6 100644 --- a/DocService/sources/editorDataMemory.js +++ b/DocService/sources/editorDataMemory.js @@ -258,7 +258,7 @@ EditorData.prototype.addPresenceUniqueUsersOfMonth = function(userId, period, us return Promise.resolve(); }; EditorData.prototype.getPresenceUniqueUsersOfMonth = function() { - let res = []; + let res = {}; let nowUTC = Date.now(); for (let periodId in this.uniqueUsersOfMonth) { if (this.uniqueUsersOfMonth.hasOwnProperty(periodId)) { @@ -266,7 +266,7 @@ EditorData.prototype.getPresenceUniqueUsersOfMonth = function() { delete this.uniqueUsersOfMonth[periodId]; } else { let date = new Date(parseInt(periodId)).toISOString(); - res.push({date: date, users: this.uniqueUsersOfMonth[periodId].data}); + res[date] = this.uniqueUsersOfMonth[periodId].data; } } } @@ -302,7 +302,7 @@ EditorData.prototype.addPresenceUniqueViewUsersOfMonth = function(userId, period return Promise.resolve(); }; EditorData.prototype.getPresenceUniqueViewUsersOfMonth = function() { - let res = []; + let res = {}; let nowUTC = Date.now(); for (let periodId in this.uniqueViewUsersOfMonth) { if (this.uniqueViewUsersOfMonth.hasOwnProperty(periodId)) { @@ -310,7 +310,7 @@ EditorData.prototype.getPresenceUniqueViewUsersOfMonth = function() { delete this.uniqueViewUsersOfMonth[periodId]; } else { let date = new Date(parseInt(periodId)).toISOString(); - res.push({date: date, users: this.uniqueViewUsersOfMonth[periodId].data}); + res[date] = this.uniqueViewUsersOfMonth[periodId].data; } } }