Archives
/
gristlabs_grist-core
mirror of https://github.com/gristlabs/grist-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4a01c68a50'
${ noResults }
gristlabs_grist-core/app/server/lib/BootProbes.ts

303 lines
7.8 KiB
Raw Normal View History Unescape

make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
import { ApiError } from 'app/common/ApiError';
import { BootProbeIds, BootProbeResult } from 'app/common/BootProbe';
import { removeTrailingSlash } from 'app/common/gutil';
import { expressWrap, jsonErrorHandler } from 'app/server/lib/expressWrap';
import { GristServer } from 'app/server/lib/GristServer';
import * as express from 'express';
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
import WS from 'ws';
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
import fetch from 'node-fetch';
Improve session ID security (#1059) Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set. Following is an excerpt from internal conversation. TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway. > The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
3 months ago
import { DEFAULT_SESSION_SECRET } from 'app/server/lib/coreCreator';
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
/**
* Self-diagnostics useful when installing Grist.
*/
export class BootProbes {
// List of probes.
public _probes = new Array<Probe>();
// Probes indexed by id.
public _probeById = new Map<string, Probe>();
public constructor(private _app: express.Application,
private _server: GristServer,
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
private _base: string,
private _middleware: express.Handler[] = []) {
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
this._addProbes();
}
public addEndpoints() {
// Return a list of available probes.
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
this._app.use(`${this._base}/probes$`,
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
...this._middleware,
expressWrap(async (_, res) => {
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
res.json({
'probes': this._probes.map(probe => {
return { id: probe.id, name: probe.name };
}),
});
}));
// Return result of running an individual probe.
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
this._app.use(`${this._base}/probes/:probeId`,
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
...this._middleware,
expressWrap(async (req, res) => {
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
const probe = this._probeById.get(req.params.probeId);
if (!probe) {
throw new ApiError('unknown probe', 400);
}
const result = await probe.apply(this._server, req);
res.json(result);
}));
// Fall-back for errors.
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
this._app.use(`${this._base}/probes`, jsonErrorHandler);
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
}
private _addProbes() {
this._probes.push(_homeUrlReachableProbe);
this._probes.push(_statusCheckProbe);
this._probes.push(_userProbe);
this._probes.push(_bootProbe);
this._probes.push(_hostHeaderProbe);
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
this._probes.push(_sandboxingProbe);
Displays the current authentication mechanism in the admin panel (#981) * Adds authentication mechanism to admin panel Adds field to the "Security settings" admin display, showing the currently configured authentication mechanism. * Adds 14px margin to admin panel names
4 months ago
this._probes.push(_authenticationProbe);
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
this._probes.push(_webSocketsProbe);
Improve session ID security (#1059) Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set. Following is an excerpt from internal conversation. TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway. > The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
3 months ago
this._probes.push(_sessionSecretProbe);
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
this._probeById = new Map(this._probes.map(p => [p.id, p]));
}
}
/**
* An individual probe has an id, a name, an optional description,
* and a method that returns a probe result.
*/
export interface Probe {
id: BootProbeIds;
name: string;
description?: string;
apply: (server: GristServer, req: express.Request) => Promise<BootProbeResult>;
}
const _homeUrlReachableProbe: Probe = {
id: 'reachable',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
name: 'Is home page available at expected URL',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
apply: async (server, req) => {
Introduce APP_HOME_INTERNAL_URL and fix duplicate docs (#915) Context: On self-hosted instances, some places in the code rely on the fact that we resolves public domains while being behind reverse proxies. This leads to cases where features are not available, such as the "Duplicate document" one. Bugs that are solved - n self-hosted instances: Impossible to open templates and tutorials right after having converted them; Impossible to submit forms since version 1.1.13; Impossible to restore a previous version of a document (snapshot); Impossible to copy a document; Solution: Introduce the APP_HOME_INTERNAL_URL env variable, which is quite the same as APP_DOC_INTERNAL_URL except that it may point to any home worker; Make /api/worker/:assignmentId([^/]+)/?* return not only the doc worker public url but also the internal one, and adapt the call points like fetchDocs; Ensure that the home and doc worker internal urls are trusted by trustOrigin; --------- Co-authored-by: jordigh <jordigh@octave.org>
4 months ago
const url = server.getHomeInternalUrl();
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
const details: Record<string, any> = {
url,
};
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
try {
const resp = await fetch(url);
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
details.status = resp.status;
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
if (resp.status !== 200) {
throw new ApiError(await resp.text(), resp.status);
}
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'success',
details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
} catch (e) {
return {
details: {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
...details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
error: String(e),
},
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'fault',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
}
}
};
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
const _webSocketsProbe: Probe = {
id: 'websockets',
name: 'Can we open a websocket with the server',
apply: async (server, req) => {
return new Promise((resolve) => {
const url = new URL(server.getHomeUrl(req));
url.protocol = (url.protocol === 'https:') ? 'wss:' : 'ws:';
const ws = new WS.WebSocket(url.href);
const details: Record<string, any> = {
url,
};
ws.on('open', () => {
admin: fix warning in websocket probe This is a small thing, but when visiting the admin, the websocket test doesn't send valid JSON, which the receiving endpoint expects. This results in a harmless exception being thrown. While this test should eventually be modified to be run from the frontend, for now let's just make a small fix and send valid JSON in order to avoid that JSON parsing exception.
4 months ago
ws.send('{"msg": "Just nod if you can hear me."}');
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
resolve({
status: 'success',
details,
});
ws.close();
});
ws.on('error', (ev) => {
details.error = ev.message;
resolve({
status: 'fault',
details,
});
ws.close();
});
});
}
};
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
const _statusCheckProbe: Probe = {
id: 'health-check',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
name: 'Is an internal health check passing',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
apply: async (server, req) => {
Introduce APP_HOME_INTERNAL_URL and fix duplicate docs (#915) Context: On self-hosted instances, some places in the code rely on the fact that we resolves public domains while being behind reverse proxies. This leads to cases where features are not available, such as the "Duplicate document" one. Bugs that are solved - n self-hosted instances: Impossible to open templates and tutorials right after having converted them; Impossible to submit forms since version 1.1.13; Impossible to restore a previous version of a document (snapshot); Impossible to copy a document; Solution: Introduce the APP_HOME_INTERNAL_URL env variable, which is quite the same as APP_DOC_INTERNAL_URL except that it may point to any home worker; Make /api/worker/:assignmentId([^/]+)/?* return not only the doc worker public url but also the internal one, and adapt the call points like fetchDocs; Ensure that the home and doc worker internal urls are trusted by trustOrigin; --------- Co-authored-by: jordigh <jordigh@octave.org>
4 months ago
const baseUrl = server.getHomeInternalUrl();
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
const url = new URL(baseUrl);
url.pathname = removeTrailingSlash(url.pathname) + '/status';
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
const details: Record<string, any> = {
url: url.href,
};
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
try {
const resp = await fetch(url);
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
details.status = resp.status;
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
if (resp.status !== 200) {
throw new Error(`Failed with status ${resp.status}`);
}
const txt = await resp.text();
if (!txt.includes('is alive')) {
throw new Error(`Failed, page has unexpected content`);
}
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'success',
details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
} catch (e) {
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
details: {
...details,
error: String(e),
},
status: 'fault',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
}
},
};
const _userProbe: Probe = {
id: 'system-user',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
name: 'Is the system user following best practice',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
apply: async () => {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
const details = {
uid: process.getuid ? process.getuid() : 'unavailable',
};
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
if (process.getuid && process.getuid() === 0) {
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
verdict: 'User appears to be root (UID 0)',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'warning',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
} else {
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'success',
details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
}
},
};
const _bootProbe: Probe = {
id: 'boot-page',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
name: 'Is the boot page adequately protected',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
apply: async (server) => {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
const bootKey = server.getBootKey() || '';
const hasBoot = Boolean(bootKey);
const details: Record<string, any> = {
bootKeySet: hasBoot,
};
if (!hasBoot) {
return { status: 'success', details };
}
details.bootKeyLength = bootKey.length;
if (bootKey.length < 10) {
return {
verdict: 'Boot key length is shorter than 10.',
details,
status: 'fault',
};
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
}
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
verdict: 'Boot key ideally should be removed after installation.',
details,
status: 'warning',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
},
};
/**
* Based on:
* https://github.com/gristlabs/grist-core/issues/228#issuecomment-1803304438
*
* When GRIST_SERVE_SAME_ORIGIN is set, requests arriving to Grist need
* to have an accurate Host header.
*/
const _hostHeaderProbe: Probe = {
id: 'host-header',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
name: 'Does the host header look correct',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
apply: async (server, req) => {
const host = req.header('host');
const url = new URL(server.getHomeUrl(req));
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
const details = {
homeUrlHost: url.hostname,
headerHost: host,
};
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
if (url.hostname === 'localhost') {
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'none',
details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
}
if (String(url.hostname).toLowerCase() !== String(host).toLowerCase()) {
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
details,
status: 'hmm',
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
}
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: 'none',
details,
make a /boot/GRIST_BOOT_KEY page for diagnosing configuration problems (#850) This is a start at a page for diagnosing problems while setting up Grist. Starting to add some diagnostics based on feedback in github issues. We should make Grist installation easier! But when there is a problem it should be easier to diagnose than it is now, and this may help. The page is ugly and doesn't have many diagnostics yet, but we can iterate. Visit `/boot` on a Grist server for tips on how to use this feature.
7 months ago
};
},
};
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
const _sandboxingProbe: Probe = {
id: 'sandboxing',
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
name: 'Is document sandboxing effective',
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
apply: async (server, req) => {
const details = server.getSandboxInfo();
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: (details?.configured && details?.functional) ? 'success' : 'fault',
(core) add a sandbox check to admin panel, and start reconciling boot and admin pages Summary: This adds a basic sandbox check to the admin panel. It also makes the "probes" used in the boot page available from the admin panel, though they are not yet displayed. The sandbox check is built as a probe. In the interests of time, a lot of steps had to be deferred: * Reconcile fully the admin panel and boot page. Specifically, the admin panel should be equally robust to common configuration problems. * Add tests for the sandbox check. * Generalize to multi-server setups. The read-out will not yet be useful for setups where doc workers and home servers are configured separately. Test Plan: Added new test Reviewers: jarek, georgegevoian Reviewed By: georgegevoian Differential Revision: https://phab.getgrist.com/D4241
5 months ago
details,
};
},
};
Displays the current authentication mechanism in the admin panel (#981) * Adds authentication mechanism to admin panel Adds field to the "Security settings" admin display, showing the currently configured authentication mechanism. * Adds 14px margin to admin panel names
4 months ago
const _authenticationProbe: Probe = {
id: 'authentication',
name: 'Authentication system',
apply: async(server, req) => {
const loginSystemId = server.getInfo('loginMiddlewareComment');
return {
reconcile boot and admin pages further (#963) This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
4 months ago
status: (loginSystemId != undefined) ? 'success' : 'fault',
Displays the current authentication mechanism in the admin panel (#981) * Adds authentication mechanism to admin panel Adds field to the "Security settings" admin display, showing the currently configured authentication mechanism. * Adds 14px margin to admin panel names
4 months ago
details: {
loginSystemId,
}
};
},
};
Improve session ID security (#1059) Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set. Following is an excerpt from internal conversation. TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway. > The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
3 months ago
const _sessionSecretProbe: Probe = {
id: 'session-secret',
name: 'Session secret',
apply: async(server, req) => {
const usingDefaultSessionSecret = server.create.sessionSecret() === DEFAULT_SESSION_SECRET;
return {
status: usingDefaultSessionSecret ? 'warning' : 'success',
details: {
"GRIST_SESSION_SECRET": process.env.GRIST_SESSION_SECRET ? "set" : "not set",
}
};
},
};