diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/config/index.js | 2 | ||||
| -rw-r--r-- | lib/csp.js | 2 | ||||
| -rw-r--r-- | lib/errors.js | 3 | ||||
| -rw-r--r-- | lib/prometheus.js | 49 | ||||
| -rw-r--r-- | lib/web/imageRouter/imgur.js | 30 | ||||
| -rw-r--r-- | lib/web/imageRouter/index.js | 19 | ||||
| -rw-r--r-- | lib/web/note/util.js | 17 |
7 files changed, 109 insertions, 13 deletions
diff --git a/lib/config/index.js b/lib/config/index.js index 17c13f5f..48e61b6c 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -179,7 +179,6 @@ switch (config.imageUploadType) { config.allowedUploadMimeTypes = [ 'image/jpeg', 'image/png', - 'image/jpg', 'image/gif' ] break @@ -187,7 +186,6 @@ switch (config.imageUploadType) { config.allowedUploadMimeTypes = [ 'image/jpeg', 'image/png', - 'image/jpg', 'image/gif', 'image/svg+xml' ] @@ -5,7 +5,7 @@ const CspStrategy = {} const defaultDirectives = { defaultSrc: ['\'self\''], - scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''], + scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', '\'unsafe-eval\''], // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 imgSrc: ['*'], styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views diff --git a/lib/errors.js b/lib/errors.js index 950b4cae..599f54b2 100644 --- a/lib/errors.js +++ b/lib/errors.js @@ -20,6 +20,9 @@ module.exports = { errorBadRequest: function (res) { responseError(res, '400', 'Bad Request', 'something not right.') }, + errorConflict: function (res) { + responseError(res, '409', 'Conflict', 'This note already exists.') + }, errorTooLong: function (res) { responseError(res, '413', 'Payload Too Large', 'Shorten your note!') }, diff --git a/lib/prometheus.js b/lib/prometheus.js new file mode 100644 index 00000000..1ffb9ad7 --- /dev/null +++ b/lib/prometheus.js @@ -0,0 +1,49 @@ +const promClient = require('prom-client') +const realtime = require('./realtime') + +exports.setupCustomPrometheusMetrics = function () { + const onlineNotes = new promClient.Gauge({ + name: 'hedgedoc_online_notes', + help: 'Notes currently being edited' + }) + const onlineSessions = new promClient.Gauge({ + name: 'hedgedoc_online_sessions', + help: 'Sessions currently editing notes', + labelNames: ['type'] + }) + const onlineUsers = new promClient.Gauge({ + name: 'hedgedoc_online_users', + help: 'Distinct users currently editing notes', + labelNames: ['type'] + }) + const notesCount = new promClient.Gauge({ + name: 'hedgedoc_notes', + help: 'Notes in the instance' + }) + const registeredUsers = new promClient.Gauge({ + name: 'hedgedoc_registered_users', + help: 'Users that registered in the instance' + }) + const isConnectionBusy = new promClient.Gauge({ + name: 'hedgedoc_connection_busy', + help: 'Indicates that realtime currently connecting' + }) + const connectionSocketQueueLength = new promClient.Gauge({ + name: 'hedgedoc_connection_socket_queue_length', + help: 'Length of connection socket queue', + // The last gauge provides the collect callback for all metrics + collect () { + realtime.getStatus(function (data) { + onlineNotes.set(data.onlineNotes) + onlineSessions.set({ type: 'all' }, data.onlineUsers) + onlineSessions.set({ type: 'signed-in' }, data.onlineRegisteredUsers) + onlineUsers.set({ type: 'all' }, data.distinctOnlineUsers) + onlineUsers.set({ type: 'signed-in' }, data.distinctOnlineRegisteredUsers) + notesCount.set(data.notesCount) + registeredUsers.set(data.registeredUsers) + isConnectionBusy.set(data.isConnectionBusy ? 1 : 0) + connectionSocketQueueLength.set(data.connectionSocketQueueLength) + }) + } + }) +} diff --git a/lib/web/imageRouter/imgur.js b/lib/web/imageRouter/imgur.js index dcb03a7a..ed0e1182 100644 --- a/lib/web/imageRouter/imgur.js +++ b/lib/web/imageRouter/imgur.js @@ -1,8 +1,8 @@ 'use strict' const config = require('../../config') const logger = require('../../logger') - -const imgur = require('imgur') +const fs = require('fs') +const fetch = require('node-fetch') exports.uploadImage = function (imagePath, callback) { if (!callback || typeof callback !== 'function') { @@ -15,12 +15,30 @@ exports.uploadImage = function (imagePath, callback) { return } - imgur.setClientId(config.imgur.clientID) - imgur.uploadFile(imagePath) - .then(function (json) { + // The following client ID is for use with HedgeDoc only + const clientId = config.imgur.clientID || '032aa2f687790cd' + + const buffer = fs.readFileSync(imagePath) + + const params = new URLSearchParams() + params.append('image', buffer.toString('base64')) + params.append('type', 'base64') + fetch('https://api.imgur.com/3/image', { + method: 'POST', + body: params, + headers: { Authorization: `Client-ID ${clientId}` } + }) + .then((res) => { + if (!res.ok) { + callback(new Error(res.statusText), null) + return + } + return res.json() + }) + .then((json) => { logger.debug(`SERVER uploadimage success: ${JSON.stringify(json)}`) callback(null, json.data.link.replace(/^http:\/\//i, 'https://')) - }).catch(function (err) { + }).catch((err) => { callback(new Error(err), null) }) } diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js index 0a72c65c..ee123867 100644 --- a/lib/web/imageRouter/index.js +++ b/lib/web/imageRouter/index.js @@ -7,6 +7,7 @@ const FileType = require('file-type') const fs = require('fs') const os = require('os') const rimraf = require('rimraf') +const isSvg = require('is-svg') const config = require('../../config') const logger = require('../../logger') @@ -15,12 +16,26 @@ const errors = require('../../errors') const imageRouter = (module.exports = Router()) async function checkUploadType (filePath) { - const typeFromMagic = await FileType.fromFile(filePath) + const extension = path.extname(filePath).toLowerCase() + let typeFromMagic = await FileType.fromFile(filePath) + if (extension === '.svg' && (typeFromMagic === undefined || typeFromMagic.mime === 'application/xml')) { + const fileContent = fs.readFileSync(filePath) + if (isSvg(fileContent)) { + typeFromMagic = { + ext: 'svg', + mime: 'image/svg+xml' + } + } + } if (typeFromMagic === undefined) { logger.error('Image upload error: Could not determine MIME-type') return false } - if (path.extname(filePath) !== '.' + typeFromMagic.ext) { + // .jpeg, .jfif, .jpe files are identified by FileType to have the extension jpg + if (['.jpeg', '.jfif', '.jpe'].includes(extension) && typeFromMagic.ext === 'jpg') { + typeFromMagic.ext = extension.substr(1) + } + if (extension !== '.' + typeFromMagic.ext) { logger.error( 'Image upload error: Provided file extension does not match MIME-type' ) diff --git a/lib/web/note/util.js b/lib/web/note/util.js index effeb41c..5df1e820 100644 --- a/lib/web/note/util.js +++ b/lib/web/note/util.js @@ -46,7 +46,7 @@ exports.checkViewPermission = function (req, note) { } } -exports.newNote = function (req, res, body) { +exports.newNote = async function (req, res, body) { let owner = null const noteId = req.params.noteId ? req.params.noteId : null if (req.isAuthenticated()) { @@ -60,6 +60,19 @@ exports.newNote = function (req, res, body) { } else { return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) } + try { + const count = await models.Note.count({ + where: { + alias: req.alias + } + }) + if (count > 0) { + return errors.errorConflict(res) + } + } catch (err) { + logger.error('Error while checking for possible duplicate: ' + err) + return errors.errorInternalError(res) + } } models.Note.create({ ownerId: owner, @@ -69,7 +82,7 @@ exports.newNote = function (req, res, body) { }).then(function (note) { return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) }).catch(function (err) { - logger.error(err) + logger.error('Note could not be created: ' + err) return errors.errorInternalError(res) }) } |