When socket.io is not able to close a connection somehow, the code
never reaches the final shutdown state but keeps waiting for all
connections to be closed. This can cause a high CPU load on failing
shutdown. It is very unlikely to happen, except when the server is
shut down exactly at the same time a socket is disconnecting and not
already marked as disconnected. This change adds a fallback timer
which forcefully kills the server after a certain amount of time.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
Node 18 has not the ability yet to run the more modern
packages. Since we want to keep Node 18 compatability
around for some time, these packages can't be upgraded.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit upgrades dependencies that are more or less trivial
to update, e.g. because they didn't have major version bumps or
simply didn't break anything. There are some dependencies which
have not been upgraded since this would have required larger
refactorings. This includes especially the markdown-it ecosystem
and the webpack ecosystem.
The largest refactorings in this commit come from the bump of
socket.io v2 to v4 which changed the handling of the connected
socket list for instance.
This commit further removes some outdated and/or unnecessary
dependencies. This includes the String.js library which is
unmaintained for 9 years and has some CVEs. We mainly used
this library for their escapeHTML and unescapeHTML methods.
This can be done using native DOM APIs nowadays, which is also
considered more safe since it is the same logic that the
browser itself uses.
Since we target Node 18 and above, we can also rely on the
built-in fetch function instead of the node-fetch package.
The current version of Chance.js includes a method for
generating a random color now too, so we don't need the
package randomcolor anymore.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This is required since SVG files are able to contain
malicious code through JavaScript and remote embeddings.
When opened in a browser tab, this code would be
executed. However, with these headers in place, there's
no possibility of getting the files to run in the
browser.
Co-authored-by: Philip Molares <philip.molares@udo.edu>
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
When the /_health endpoint for the docker container
healthcheck was introduced, it seems that it was
forgotten to exclude that route from the session
creation. As the healthcheck runs quite periodically,
this created a huge amount of session entries in the
database. This commit excludes the route from
session creation.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This endpoint returns the internal readiness state used by
the realtime code to indicate whether HedgeDoc is performing
properly. As it only returns the state of a variable, it is
less resource hungry compared to a call to /status for
checking the health of HedgeDoc.
By prepending the route with an underscore, it should not be conflicting with already created pads in FreeURL mode.
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
It can be a security concern in some environments to expose system
capabilities even though they don't expose any PII. Add some
flags (defaulted `true` to maintain existing behaviour) to control
whether the /metrics and /status (and anything in the StatusRouter)
are exposed.
Signed-off-by: Stéphane Maniaci <stephane.maniaci@beta.gouv.fr>
Using `CMD_SAML_PROVIDERNAME` and the respective auth provider objects
in the configuration structures.
Signed-off-by: Moritz Schlarb <schlarbm@uni-mainz.de>
This patch disables logging of HTTP requests containing
health-check UA from the local IP address. These logs
can take up a lot of disk space but are of little use.
Signed-off-by: Chongyun Lee <uchkks@protonmail.com>
Because of seemingly undocumented changes in passport 0.5.0,
passport now crashes on requests to paths without session data.
This removes the session middleware from /status and /metrics, which are
excluded from sessions since 90c5ab0833.
Fixes https://github.com/hedgedoc/container/issues/270
Signed-off-by: David Mehren <git@herrmehren.de>
The shutdown handler calls `checkAllNotesRevision` on a 100 ms
interval. If the database connection is broken, this will return
an error. Previously, this error was effectively ignored and resulted
in an endless loop printing out the error message every 100 ms.
This improves the error handling by terminating the process with a
nonzero exit code when an error was encountered 30 times. The loop
interval is also increased to 200 ms, giving the database 6 seconds
total time to recover in case of intermittent issues.
Signed-off-by: David Mehren <git@herrmehren.de>
This adds retry logic to the initial DB connection on startup.
HedgeDoc now tries connecting to the database up to 30 times, waiting
one second after each try.
This gives a database that was simultaneously started (e.g. via
docker-compose) enough time to get ready to accept connections.
Signed-off-by: David Mehren <git@herrmehren.de>
`socket.io` already depends on `ws` and uses it by default.
The separate dependency to and initialization of `ws` sees to be
a relic of the past usage of `uws`, but is redundant now.
As documented in https://socket.io/docs/v2/server-initialization/#Notable-options,
`perMessageDeflate` is now `false` by default.
Signed-off-by: David Mehren <git@herrmehren.de>
This commit adds a `useUnless` helper method which can be used as a middleware for express.
It receives an express-middleware and an array of paths.
When a request matches one of the given paths, this middleware does nothing.
Otherwise the given middleware is called.
For the express-session middleware this helper middleware is used to avoid session creation on purely status routes.
See #1446
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This reuses the `realtime.getStatus` method to get the state of the
application state on every prometheus scrape cycle.
Signed-off-by: David Mehren <git@herrmehren.de>
`file.unlink` requires a callback, which we didn't set.
This commit adds a callback with (error) logging, enabling HedgeDoc
to properly clean up the socket.
Closes#784
Signed-off-by: David Mehren <git@herrmehren.de>
This commit removes the need for separate migrations with the sequelize-cli
by running them with umzug on application startup.
This is a port of #384
Co-authored-by: Sheogorath <sheogorath@shivering-isles.com>
Signed-off-by: David Mehren <git@herrmehren.de>
This patch adds the Malayalam translation to CodiMD. Do by our awesome
translation supporters civic john, Sooraj Kenoth, Nithin Prabhakaran and
Jothish.
Thank you very much!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Our frontend requests the `/me` pathname in order to determine whether
it's logged in or not. Due to the fact that the sameSite attribute of
the session cookie was set to `strict` in a previous commit, the session
token was no longer sent along with HTTP calls initiated by JS. This is
due to the RFCs definition of "safe" HTTP calls in RFC7231.
The bug triggers the UI to show up like an unauthenticated user, even
after a successful login. In order to debug it a look into the send
cookies to the `/me` turned out to be very enlightening.
The fix this patch implements is rather simple, it replaces the sameSite
attribute to `lax` which enables the cookies for those requests again.
Some older and mobile clients were unaffected by this due to the lack of
implementations of sameSite policies.
References:
https://tools.ietf.org/html/rfc7231#section-4.2.1https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-5.3.7.1https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSitee77e7b165a
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
We enabled the `secure` flag for various cookies in previous commits.
This caused setups behind reverse proxies to drop cookies as the nodejs
instance wasn't aware of the fact that it was able to hand out secure
commits using an insecure connection (between the codimd instance and
the reverse proxy).
This patch makes express, the webserver framework we use, aware of
proxies and this way re-enabled the handing out of cookies. Not only the
cookie monster will enjoy, but also functionality like authentication
and real-time editing will return as intended.
References:
https://www.npmjs.com/package/express-session#cookiesecure383d791a50
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
While HSTS should take care of most of this, setting cookies to be
secure, and only applied on same site helps to improve situations where
for whatever reason, downgrade attacks are still a thing.
This patch adds the `sameSite` and `secure` to the session cookie and
this way prevent all accidents where a browser may doesn't support HSTS
or HSTS is intentionally dropped.
Reference:
https://www.npmjs.com/package/express-session#cookiesecure
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Because of circular import problems, this commit also moves the error messages from response.js to errors.js
Signed-off-by: David Mehren <dmehren1@gmail.com>
Thanks to our great translators that made it to translate the major
parts of CodiMD into Arabic!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
There was some awesome work by Hồng in the recent days who translated
CodiMD completely into Vietnamese language! This patch provides this
awesome contributions.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
