Commit Graph

2720 Commits

Author SHA1 Message Date
Jordi Gutiérrez Hermoso
a437dfa28c workflows: explicitly add a dummy ext/ directory
Having it checked in to git caused problems with Grist Desktop and
Grist Static because their build processes expected to have nothing
there, as well as interfering with checking out Grist Core as a
submodule.

So we do this instead.
2024-07-11 16:55:41 -04:00
Jordi Gutiérrez Hermoso
8f443a3d78 workflows: move experimental tag back to latest
Our builds seem to be fine now. It is time to release boldly and
widely the new Docker images to the `latest` tag.
2024-07-11 13:06:32 -04:00
Jordi Gutiérrez Hermoso
78f5bd9f5d workflow: conditionally restore ext/ directory
Now that we *have* to have something in the ext directory, we need to
either restore the external ext or the default OSS ext depending on
which build we are doing.
2024-07-10 14:53:39 -04:00
Florent
39eb042ff1
Remove GRIST_SKIP_REDIS_CHECKSUM_MISMATCH (#1098)
Skipping the redis checksum mismatch is now generalized. A warning is
logged when we see a mismatch.
2024-07-10 14:28:20 -04:00
Jordi Gutiérrez Hermoso
d33629366b grist-ee: bump version 2024-07-09 16:15:53 -04:00
Jordi Gutiérrez Hermoso
8b52d55a13 (core) README: proofread the French
Summary: Change "bien" to "beaucoup" and add a space before the exclamation mark as is usually done in French.

Test Plan: None.

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4291
2024-07-09 16:01:55 -04:00
Paul Fitzpatrick
0cdfeeb992 (core) updates from grist-core 2024-07-09 14:33:35 -04:00
Jarosław Sadziński
b8c4b83a8c (core) Updating paths after core changed
Summary: Path for the HomeDbManager has beed updated after merging with core.

Test Plan: Existing

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: georgegevoian

Differential Revision: https://phab.getgrist.com/D4288
2024-07-09 12:19:25 +02:00
Spoffy
a999b4250e Fixes OSS including EE by providing empty ext dir 2024-07-08 14:21:39 -04:00
Spoffy
90a9291e0d
Configures Enterprise Edition image to automatically start with enterprise features enabled (#1084)
* Makes EE be separately built and pushed
* Adds parameterisation to docker_latest.yml to simplify testing
2024-07-08 13:23:36 -04:00
Spoffy
6908807236
Extracts config.json into its own module (#1061)
This adds a config file that's loaded very early on during startup. 

It enables us to save/load settings from within Grist's admin panel, that affect the startup of the FlexServer.

The config file loading:
- Is type-safe, 
- Validates the config file on startup
- Provides a path to upgrade to future versions.

It should be extensible from other versions of Grist (such as desktop), by overriding `getGlobalConfig` in stubs.

----

Some minor refactors needed to occur to make this possible. This includes:
- Extracting config loading into its own module (out of FlexServer).
- Cleaning up the `loadConfig` function in FlexServer into `loadLoginSystem` (which is what its main purpose was before).
2024-07-08 15:40:45 +01:00
Paul Fitzpatrick
6171a012db (core) updates from grist-core 2024-07-08 08:52:56 -04:00
Florent
786ba6b31e
Move HomeDBManager to gen-server/lib/homedb (#1076) 2024-07-05 16:02:39 +02:00
Jarosław Sadziński
9c4814e7aa (core) Bundling save funciton in the field editor
Summary:
Some editors do some async work before saving the value (Ref column can add new
records). Those actions were send without bundling, so it wasn't possible to undo those
actions with togheter.

Test Plan: Added new test

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4285
2024-07-05 08:58:09 +02:00
CamilleLegeron
0bfdaa9c02
Add authorization header in webhooks stored in secrets table (#941)
Summary:
Adding authorization header support for webhooks.

Issue:  https://github.com/gristlabs/grist-core/issues/827

---------

Co-authored-by: Florent <florent.git@zeteo.me>
2024-07-04 14:17:10 +02:00
Leslie H
2750ed6bd9
Enable external contributors to create previews (#1068)
Reorganize preview workflows so that previews can be made for PRs from outside contributors.
2024-07-03 19:36:17 +00:00
Paul Fitzpatrick
5f9ecdcfe4 docstrings, moment import, fix log format 2024-07-03 15:03:14 -04:00
Paul Fitzpatrick
95b8134614 add a getSnapshotProgress implementation to DocStorageManager 2024-07-03 15:03:14 -04:00
Paul Fitzpatrick
4815a007ed log periodic per-document statistics about snapshot generation
This is to facilitate alerting to detect if snapshot generation were to
stall for a document.
2024-07-03 15:03:14 -04:00
Jarosław Sadziński
7f28aee79c (core) Billing updates
Summary:
- Adding confirmation dialog when user doesn't want to cancel site
- Changing `Cancel subscription` to `Cancel plan`
- Removing `Pro` from upgrade header on pricing modal
- Better handling situation when there is no default price
- Removing mentions about sprouts program
- Removing cache for stripe plans

Test Plan: Updated tests

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4273
2024-07-03 09:18:50 +02:00
Roman Holinec
3082fe0f01
Translated using Weblate (Slovak)
Currently translated at 100.0% (1340 of 1340 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-07-02 02:52:29 +02:00
Grégoire Cutzach
6801732c29
Translated using Weblate (French)
Currently translated at 99.1% (1329 of 1340 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/fr/
2024-07-02 02:52:28 +02:00
Jordi Gutiérrez Hermoso
6888f9bcee tsconfig-ext: revert bc52f65b26
While the intent was to run tests with it, we don't need it. Instead,
this caused problems because the stubs overrode the intended `ext`
directory and therefore disabled the ext features.
2024-07-01 10:21:50 -04:00
Jordi Gutiérrez Hermoso
6e11e497bc workflows: Do not use ext/ director to run tests
We need this directory for building the image, but not for running the
tests outside of it.
2024-07-01 10:21:50 -04:00
Paul Fitzpatrick
919cff0398 (core) updates from grist-core 2024-07-01 09:37:47 -04:00
CamilleLegeron
61421e8251
Create user last connection datetime (#935)
Each time the a Grist page is reload the `last_connection_at` of the user is updated

resolve [#924](https://github.com/gristlabs/grist-core/issues/924)
2024-07-01 15:13:39 +02:00
Paul Janzen
0e777b1fcf
Translated using Weblate (German)
Currently translated at 100.0% (1340 of 1340 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/de/
2024-06-30 13:16:10 +02:00
Paul Janzen
d6d9d1c52e
Translated using Weblate (Spanish)
Currently translated at 100.0% (1340 of 1340 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-06-30 13:16:10 +02:00
Paul Janzen
3769c57915
Translated using Weblate (Portuguese (Brazil))
Currently translated at 100.0% (1340 of 1340 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/pt_BR/
2024-06-30 13:16:10 +02:00
Roman Holinec
994432e5de
Translated using Weblate (Slovak)
Currently translated at 100.0% (1337 of 1337 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-29 11:09:32 +00:00
Riccardo Polignieri
6e9dae291c
Translated using Weblate (Italian)
Currently translated at 100.0% (1337 of 1337 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/it/
2024-06-29 11:09:31 +00:00
Jordi Gutiérrez Hermoso
cefadc50c4 workflows: ensure we also use the experimental image we just built
I think without a tag it defaults to `latest`, which is not what we
want.
2024-06-27 16:22:25 -04:00
Jordi Gutiérrez Hermoso
1e5cc585a7 workflows: update the latest branch conditionally
Since we now run the build three times, we don't want to update the
latest branch unless all three builds complete successfully.
2024-06-27 16:22:25 -04:00
Spoffy
a8431c69a7
Makes docker images default to non-root execution (#1031)
De-escalates to a normal user when the docker image is run as root.

Allows GRIST_DOCKER_USER and GRIST_DOCKER_GROUP to be passed to override the default de-escalation behaviour.

Backwards compatible with previous root installations.

--------

This change adds a new docker_entrypoint.sh, which when run as root de-escalates to the provided user, defaulting to grist:grist. This is similar to the approach used by the official postgres docker image.

To achieve backwards compatibility, it changes ownership of any files in `/persist` to the user it's given at runtime. Since the docker container is typically run as root, this should always work.

If the container is run as a standard user from the very start:
* It's the admin's responsibility to ensure `/persist` is writable by that user.
* `/grist` remains owned by root and is read-only.
2024-06-27 14:24:32 +01:00
Jarosław Sadziński
184be9387f (core) Enabling telemetry on /api/version endpoint
Summary:
Version API endpoint wasn't logging telemetry from POST requests. The issue was in registration
order, this endpoint was registered before `expressJson` and it couldn't read json body in the handler.

Test Plan: Added new test

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4277
2024-06-27 12:05:15 +02:00
Jordi Gutiérrez Hermoso
40f7060ac5 workflows: fix syntax error
Oops, have to quote the string because of the colon
2024-06-26 15:28:26 -04:00
Jordi Gutiérrez Hermoso
8cd9e40744 README: Mention the two possible docker images 2024-06-26 15:19:06 -04:00
Jordi Gutiérrez Hermoso
70ed8553b3 workflows: build the grist-oss, grist, and grist-ee images
This modifies the workflow to build grist-ee images as well as grist,
which is the same image as grist-ee but merely renamed. The original
image built by these workflows is now called grist-oss.
2024-06-26 15:19:06 -04:00
Jordi Gutiérrez Hermoso
bc52f65b26 tsconfig-ext: add /app, /test, and /stubs/app directories
This is so that they get built and tested, as we'll start running
tests on the ext/ directories from now on.
2024-06-26 15:19:06 -04:00
Jordi Gutiérrez Hermoso
bd7b7b778b checkout-ext-directory: new helper script
This is just a helper script to get the ext directory of other grist
repos, currently intended for grist-ee.
2024-06-26 15:19:06 -04:00
Jordi Gutiérrez Hermoso
36f897fd35 .grist-ee-version: start referencing the intended enterprise version
Since we won't be tracking ext/-directory providers via git (e.g. no
submodules), instead we'll do little version-tracking files like this,
to be used by the recent ext-checkout script.
2024-06-26 15:19:06 -04:00
Jordi Gutiérrez Hermoso
3b3aa8a86e build.sh: add some diagnostic output
As I was testing, I found it useful to see when I was using the ext/
directory or not.
2024-06-26 15:19:06 -04:00
github-actions[bot]
187358cfa2
automated update to translation keys (#1065)
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
2024-06-26 08:36:15 -04:00
Roman Holinec
eed5f364c0
Translated using Weblate (Slovak)
Currently translated at 37.1% (496 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-26 13:09:35 +02:00
Franček Prijatelj
c0e4cea273
Translated using Weblate (Slovenian)
Currently translated at 100.0% (1336 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sl/
2024-06-26 13:09:34 +02:00
Leslie H
24ce54b586
Improve session ID security (#1059)
Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set.

Following is an excerpt from internal conversation.

TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway.

> The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
2024-06-25 15:43:25 -04:00
Florent
550c39156b
Add publiccode.yml (#1056)
Co-authored-by: Florent FAYOLLE <florent.fayolle@beta.gouv.fr>
2024-06-25 11:37:12 -04:00
Roman Holinec
e007b38115
Translated using Weblate (Slovak)
Currently translated at 29.7% (398 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/sk/
2024-06-25 07:09:26 +02:00
Paul Janzen
3c7623b51b
Translated using Weblate (German)
Currently translated at 100.0% (1336 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/de/
2024-06-25 07:09:26 +02:00
Paul Janzen
fbdd896f04
Translated using Weblate (Spanish)
Currently translated at 100.0% (1336 of 1336 strings)

Translation: Grist/client
Translate-URL: https://hosted.weblate.org/projects/grist/client/es/
2024-06-25 07:09:25 +02:00