Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-18 21:22:01 +00:00
Code Issues Projects Releases Wiki Activity
2,527 Commits 46 Branches 35 Tags 55 MiB
187358cfa2
Commit Graph

108 Commits

Author SHA1 Message Date
github-actions[bot]
187358cfa2
automated update to translation keys (#1065) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-06-26 08:36:15 -04:00
Leslie H
24ce54b586
Improve session ID security (#1059) 
Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set.

Following is an excerpt from internal conversation.

TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway.

> The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
 2024-06-25 15:43:25 -04:00
github-actions[bot]
8bc8d60fca
automated update to translation keys (#1053) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-06-18 10:54:52 -04:00
github-actions[bot]
d6ff2ec60b
automated update to translation keys (#987) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-05-31 09:32:46 -04:00
CamilleLegeron
5956c20c29
feat: add new translations (#1004) 2024-05-29 11:02:00 -07:00
CamilleLegeron
6443c9f914
feat: add translation of vue types when added (#946) 2024-05-17 11:55:24 -07:00
github-actions[bot]
6d9df7de7e
automated update to translation keys (#974) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-05-14 14:24:30 -04:00
github-actions[bot]
b8315a83d6
automated update to translation keys (#959) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-04-30 15:22:44 -04:00
github-actions[bot]
b87ade6149
automated update to translation keys (#957) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-04-29 15:58:34 -04:00
github-actions[bot]
192e2f36ba
automated update to translation keys (#936) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-04-15 10:56:04 -04:00
CamilleLegeron
fe9cc80ccc
Create team site for self-hosted instances (#903) 2024-04-15 00:55:57 -07:00
CamilleLegeron
76ef4d54f8
Webhook trigger update by column (#832) 
Add functionality to filter webhooks based on a column or columns.
 2024-04-12 16:04:37 -04:00
github-actions[bot]
e23f83c1b0
automated update to translation keys (#912) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-04-02 16:19:47 -04:00
github-actions[bot]
a86c5da5c5
automated update to translation keys (#911) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-03-25 09:56:12 -04:00
CamilleLegeron
f3f320a193
Feat: rename all column label from a given row with right click (#848) 2024-03-20 09:34:09 -04:00
github-actions[bot]
87121e89af
automated update to translation keys (#888) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-03-08 15:22:28 -05:00
CamilleLegeron
9ce8ed3f25
Feat: add title query params for exported csv and xlsx + download translations (#872) 
Co-authored-by: Florent <florent.git@zeteo.me>
 2024-03-06 12:12:42 -05:00
github-actions[bot]
ed137c1fa1
automated update to translation keys (#868) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-02-26 09:13:32 -05:00
github-actions[bot]
09287170d1
automated update to translation keys (#843) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-02-19 09:04:33 -05:00
CamilleLegeron
a0a968a2d8
Make free coaching call url configurable and popup translatable (#823) 2024-02-07 11:53:48 -05:00
github-actions[bot]
c59c71eaf3
automated update to translation keys (#841) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-02-05 09:43:31 -05:00
github-actions[bot]
f45c53d7d4
automated update to translation keys (#833) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-01-29 09:52:17 -05:00
CamilleLegeron
b2e3d8787c
Mark more strings as translatable (#795) 
* add modals translations
* GridViewMenus: add translations for column type
 2024-01-25 10:27:23 -05:00
github-actions[bot]
1f5cd0a9d5
automated update to translation keys (#829) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-01-22 08:12:59 -05:00
github-actions[bot]
e751117bd1
automated update to translation keys (#825) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-01-18 08:54:21 -05:00
github-actions[bot]
4bfc1b1eac
automated update to translation keys (#811) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2024-01-02 11:39:33 -05:00
github-actions[bot]
16b6b01134
automated update to translation keys (#805) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-12-27 10:18:13 -05:00
github-actions[bot]
a3161f6499
automated update to translation keys (#787) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-12-11 09:32:09 -05:00
github-actions[bot]
87228e9c74
automated update to translation keys (#774) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-11-27 04:52:03 -05:00
github-actions[bot]
aa73a34c05
automated update to translation keys (#758) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-11-20 12:12:46 -05:00
github-actions[bot]
1a8e432d5d
automated update to translation keys (#723) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-11-06 10:51:07 -05:00
github-actions[bot]
98dc10dec7
automated update to translation keys (#711) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-10-30 09:53:21 -04:00
github-actions[bot]
4be7e8c8c9
automated update to translation keys (#697) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-10-23 11:22:44 -04:00
github-actions[bot]
5bc8118eae
automated update to translation keys (#695) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-10-17 15:33:27 +02:00
github-actions[bot]
f345d78245
automated update to translation keys (#691) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-10-10 09:39:34 -04:00
github-actions[bot]
d7608a2604
automated update to translation keys (#686) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-09-28 08:27:39 -04:00
github-actions[bot]
a48bd85db3
automated update to translation keys (#684) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-09-25 11:54:57 -04:00
github-actions[bot]
17d9c973e7
automated update to translation keys (#663) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-09-08 09:14:41 -04:00
github-actions[bot]
b9b0632be8
automated update to translation keys (#662) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-09-05 12:05:58 -04:00
github-actions[bot]
c214fd51d2
automated update to translation keys (#636) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-08-21 09:20:57 -04:00
github-actions[bot]
884803592c
automated update to translation keys (#617) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-08-09 14:26:56 -04:00
github-actions[bot]
cefea55198
automated update to translation keys (#613) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-08-09 10:02:03 -04:00
CamilleLegeron
02841bd15c
Header colored (#581) 2023-08-07 11:01:35 -07:00
github-actions[bot]
8bfba150b9
automated update to translation keys (#611) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-08-07 10:36:30 -04:00
Jarosław Sadziński
6416994c22 (core) Import redesign 
Summary: New UI design for incremental imports.

Test Plan: Updated

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D3945
 2023-08-04 14:59:55 +02:00
github-actions[bot]
3d84014116
automated update to translation keys (#598) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-07-28 12:01:18 -04:00
github-actions[bot]
47ffa93e05
automated update to translation keys (#586) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-07-27 11:10:11 -04:00
github-actions[bot]
f1e8cba57f
automated update to translation keys (#575) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-07-19 09:42:20 -04:00
CamilleLegeron
61bd064f73
i18n: userManager translation + some forgotten translations (#557) 
* translation: add userManager translation + some forgotten translations
* use '\' caracter for multiple-line strings
 2023-07-16 12:52:13 -04:00
github-actions[bot]
b2d06bdba5
automated update to translation keys (#563) 
Co-authored-by: Paul's Grist Bot <paul+bot@getgrist.com>
 2023-07-10 08:48:13 -04:00