Commit Graph

665 Commits

Author SHA1 Message Date
Jordi Gutiérrez Hermoso
9b3ae08ece create: hard-code the default session secret even more
The problem here is that making it this optional meant that it wasn't
supplied by [the enterprise creation
function](fb22d94878/ext/app/server/lib/create.ts (L10)).
This resulted in an odd situation where the secret was required for
the enterprise edition, even though it offers no additional security.
Without this key, the enterprise code crashes.

The requirement to supply a secret key would make a Grist instance
crash if you start in normal mode but switch to enterprise, as the
enterprise creator does not supply a default secret key.
2024-07-28 18:52:39 -04:00
Paul Fitzpatrick
fc3a7f580c
make access control for ConvertFromColumn action less brutal (#1111)
Access control for ConvertFromColumn in the presence of access rules had previously been left as a TODO. This change allows the action when the user has schema rights. Because schema rights let you create formulas, they let you read anything, so there is currently no value in nuance here.
2024-07-24 11:41:50 -04:00
George Gevoian
4740f1f933 (core) Update onboarding flow
Summary:
A new onboarding page is now shown to all new users visiting the doc
menu for the first time. Tutorial cards on the doc menu have been
replaced with a new version that tracks completion progress, alongside
a new card that opens the orientation video.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4296
2024-07-23 11:49:23 -04:00
Jordi Gutiérrez Hermoso
e30a090a4e config: remove all async/await around config read functions
Now that reading is synchronous, there's no need to have any more
async/await in regards to the those config functions.
2024-07-18 14:32:46 -04:00
Jordi Gutiérrez Hermoso
4013382170 config: replace fse read functions with sync variants
I need to be able to read the config at module load time, which makes
async difficult if not impossible.

This will make read config operations synchronous, which is fine. The
file is tiny and seldom read.
2024-07-18 14:32:46 -04:00
Florent
39eb042ff1
Remove GRIST_SKIP_REDIS_CHECKSUM_MISMATCH (#1098)
Skipping the redis checksum mismatch is now generalized. A warning is
logged when we see a mismatch.
2024-07-10 14:28:20 -04:00
Paul Fitzpatrick
0cdfeeb992 (core) updates from grist-core 2024-07-09 14:33:35 -04:00
Jarosław Sadziński
b8c4b83a8c (core) Updating paths after core changed
Summary: Path for the HomeDbManager has beed updated after merging with core.

Test Plan: Existing

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: georgegevoian

Differential Revision: https://phab.getgrist.com/D4288
2024-07-09 12:19:25 +02:00
Spoffy
6908807236
Extracts config.json into its own module (#1061)
This adds a config file that's loaded very early on during startup. 

It enables us to save/load settings from within Grist's admin panel, that affect the startup of the FlexServer.

The config file loading:
- Is type-safe, 
- Validates the config file on startup
- Provides a path to upgrade to future versions.

It should be extensible from other versions of Grist (such as desktop), by overriding `getGlobalConfig` in stubs.

----

Some minor refactors needed to occur to make this possible. This includes:
- Extracting config loading into its own module (out of FlexServer).
- Cleaning up the `loadConfig` function in FlexServer into `loadLoginSystem` (which is what its main purpose was before).
2024-07-08 15:40:45 +01:00
Florent
786ba6b31e
Move HomeDBManager to gen-server/lib/homedb (#1076) 2024-07-05 16:02:39 +02:00
CamilleLegeron
0bfdaa9c02
Add authorization header in webhooks stored in secrets table (#941)
Summary:
Adding authorization header support for webhooks.

Issue:  https://github.com/gristlabs/grist-core/issues/827

---------

Co-authored-by: Florent <florent.git@zeteo.me>
2024-07-04 14:17:10 +02:00
Paul Fitzpatrick
5f9ecdcfe4 docstrings, moment import, fix log format 2024-07-03 15:03:14 -04:00
Paul Fitzpatrick
95b8134614 add a getSnapshotProgress implementation to DocStorageManager 2024-07-03 15:03:14 -04:00
Paul Fitzpatrick
4815a007ed log periodic per-document statistics about snapshot generation
This is to facilitate alerting to detect if snapshot generation were to
stall for a document.
2024-07-03 15:03:14 -04:00
Paul Fitzpatrick
919cff0398 (core) updates from grist-core 2024-07-01 09:37:47 -04:00
CamilleLegeron
61421e8251
Create user last connection datetime (#935)
Each time the a Grist page is reload the `last_connection_at` of the user is updated

resolve [#924](https://github.com/gristlabs/grist-core/issues/924)
2024-07-01 15:13:39 +02:00
Jarosław Sadziński
184be9387f (core) Enabling telemetry on /api/version endpoint
Summary:
Version API endpoint wasn't logging telemetry from POST requests. The issue was in registration
order, this endpoint was registered before `expressJson` and it couldn't read json body in the handler.

Test Plan: Added new test

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4277
2024-06-27 12:05:15 +02:00
Leslie H
24ce54b586
Improve session ID security (#1059)
Follow-up of #994. This PR revises the session ID generation logic to improve security in the absence of a secure session secret. It also adds a section in the admin panel "security" section to nag system admins when GRIST_SESSION_SECRET is not set.

Following is an excerpt from internal conversation.

TL;DR: Grist's current implementation generates semi-secure session IDs and uses a publicly known default signing key to sign them when the environment variable GRIST_SESSION_SECRET is not set. This PR generates cryptographically secure session IDs to dismiss security concerns around an insecure signing key, and encourages system admins to configure their own signing key anyway.

> The session secret is required by expressjs/session to sign its session IDs. It's designed as an extra protection against session hijacking by randomly guessing session IDs and hitting a valid one. While it is easy to encourage users to set a distinct session secret, this is unnecessary if session IDs are generated in a cryptographically secure way. As of now Grist uses version 4 UUIDs as session IDs (see app/server/lib/gristSessions.ts - it uses shortUUID.generate which invokes uuid.v4 under the hood). These contain 122 bits of entropy, technically insufficient to be considered cryptographically secure. In practice, this is never considered a real vulnerability. To compare, RSA2048 is still very commonly used in web servers, yet it only has 112 bits of security (>=128 bits = "secure", rule of thumb in cryptography). But for peace of mind I propose using crypto.getRandomValues to generate real 128-bit random values. This should render session ID signing unnecessary and hence dismiss security concerns around an insecure signing key.
2024-06-25 15:43:25 -04:00
Jordi Gutiérrez Hermoso
20035fd58f FlexServer: add new admin restart endpoint
This adds an endpoint for the admin user to be able to signal to a
controlling process to restart the server. This is intended for
`docker-runner.mjs`.
2024-06-19 11:56:45 -04:00
Jarosław Sadziński
98176132b0 (core) Renaming installationId metadata for checkUpdateAPI telemetry endpoint.
Summary:
CheckUpdateAPI is now storing client's installation id in a new field called 'deploymentId'.
Previously it was using installationId which is reserved (and overriden) by the home server.

Test Plan: Existing and manual

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4268
2024-06-12 16:01:45 +02:00
Paul Fitzpatrick
f071d91a0a (core) updates from grist-core 2024-06-11 09:18:23 -04:00
Jordi Gutiérrez Hermoso
c3e23ca81e admin: fix warning in websocket probe
This is a small thing, but when visiting the admin, the websocket test
doesn't send valid JSON, which the receiving endpoint expects. This
results in a harmless exception being thrown.

While this test should eventually be modified to be run from the
frontend, for now let's just make a small fix and send valid JSON in
order to avoid that JSON parsing exception.
2024-06-06 18:25:27 -04:00
George Gevoian
b555bf5d8d
Add user id middleware to form pages (#1020) 2024-06-05 09:18:02 -07:00
George Gevoian
72066bf0e4 (core) Support user variable in dropdown conditions
Summary:
Dropdown conditions can now reference a `user` variable, similar to the
one available in Access Rules.

Test Plan: Browser test.

Reviewers: jarek, paulfitz

Reviewed By: jarek, paulfitz

Differential Revision: https://phab.getgrist.com/D4255
2024-06-04 06:56:55 -07:00
Leslie H
9c90da7398
Bump minio to v8.0.0 (#991) 2024-06-03 15:20:10 +00:00
Paul Fitzpatrick
06acc47cdb (core) updates from grist-core 2024-05-28 11:43:45 -04:00
Jarosław Sadziński
0262ad7a47 (core) Fix for ACL page for temporary documents.
Summary:
When the ACL page was visited by an anonymous user (for a temporary doc), it
tried to load the "View as" list, which failed. Apart from example users, it was
also trying to load all users the document is shared with by checking the home db.
However, since the document is not persisted, it failed.

Test Plan: Added new test

Reviewers: Spoffy

Reviewed By: Spoffy

Subscribers: Spoffy

Differential Revision: https://phab.getgrist.com/D4257
2024-05-24 15:14:00 +02:00
Spoffy
e56b416c7a
Moves core create object and core getLoginSystem to server/lib (#994)
This enables code in ext/ to be able to access it (e.g for proxying / interception).

Additionally adds getCreate() to enable future refactoring of `const create` away from being a global singleton constant.
2024-05-23 23:07:46 +01:00
Paul Fitzpatrick
5dc4706dc7
reconcile boot and admin pages further (#963)
This adds some remaining parts of the boot page to the admin panel, and then removes the boot page.
2024-05-23 16:40:31 -04:00
Paul Fitzpatrick
76a43129f1 (core) updates from grist-core 2024-05-23 13:27:59 -04:00
Jarosław Sadziński
a6ffa6096a (core) Adding UI for timing API
Summary:
Adding new buttons to control the `timing` API and a way to view the results
using virtual table features.

Test Plan: Added new

Reviewers: georgegevoian

Reviewed By: georgegevoian

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4252
2024-05-22 14:56:53 +02:00
Jarosław Sadziński
60423edc17 (core) Customizable stripe plans.
Summary:
- Reading plans from Stripe, and allowing Stripe to define custom plans.
- Storing product features (aka limits) in Stripe, that override those in db.
- Adding hierarchical data in Stripe. All features are defined at Product level but can be overwritten on Price levels.
- New options for Support user to
-- Override product for team site (if he is added as a billing manager)
-- Override subscription and customer id for a team site
-- Attach an "offer", an custom plan configured in stripe that a team site can use
-- Enabling wire transfer for subscription by allowing subscription to be created without a payment method (which is customizable)

Test Plan: Updated and new.

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4201
2024-05-19 09:09:19 +02:00
Spoffy
b4acb157f8
Displays the current authentication mechanism in the admin panel (#981)
* Adds authentication mechanism to admin panel

Adds field to the "Security settings" admin display, showing the
currently configured authentication mechanism.

* Adds 14px margin to admin panel names
2024-05-16 18:09:38 +01:00
Grégoire Cutzach
d8f4e075fe
feat: ADD Terms of service link (#985)
Adds an optional terms of service link for sites that need it.

---------

Co-authored-by: Jonathan Perret <j-github@jonathanperret.net>
2024-05-16 11:31:37 -04:00
Florent
5e3cd94177
Introduce APP_HOME_INTERNAL_URL and fix duplicate docs (#915)
Context:

On self-hosted instances, some places in the code rely on the fact that we resolves public domains while being behind reverse proxies. This leads to cases where features are not available, such as the "Duplicate document" one.

Bugs that are solved - n self-hosted instances:

Impossible to open templates and tutorials right after having converted them;
Impossible to submit forms since version 1.1.13;
Impossible to restore a previous version of a document (snapshot);
Impossible to copy a document;

Solution:

Introduce the APP_HOME_INTERNAL_URL env variable, which is quite the same as APP_DOC_INTERNAL_URL except that it may point to any home worker;
Make /api/worker/:assignmentId([^/]+)/?* return not only the doc worker public url but also the internal one, and adapt the call points like fetchDocs;
Ensure that the home and doc worker internal urls are trusted by trustOrigin;

---------

Co-authored-by: jordigh <jordigh@octave.org>
2024-05-14 12:58:41 -04:00
Paul Fitzpatrick
d431c1eb63 (core) add a sandbox check to admin panel, and start reconciling boot and admin pages
Summary:
This adds a basic sandbox check to the admin panel. It also makes
the "probes" used in the boot page available from the admin panel,
though they are not yet displayed. The sandbox check is built as
a probe.

In the interests of time, a lot of steps had to be deferred:
 * Reconcile fully the admin panel and boot page. Specifically, the
   admin panel should be equally robust to common configuration problems.
 * Add tests for the sandbox check.
 * Generalize to multi-server setups. The read-out will not yet be useful
   for setups where doc workers and home servers are configured
   separately.

Test Plan: Added new test

Reviewers: jarek, georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4241
2024-04-29 20:52:39 -04:00
Jarosław Sadziński
ecf242c6c6 (core) Adding latest version section to the admin panel.
Summary:
Update for the admin page to show the latest available version information.
- Latest version is read from docs.getgrist.com by default
- It sends basic information (installationId, deployment type, and version)
- Checks are done only on the page itself
- The actual request is routed through the API (to avoid CORS)

Test Plan: Added new test

Reviewers: paulfitz

Reviewed By: paulfitz

Subscribers: paulfitz

Differential Revision: https://phab.getgrist.com/D4238
2024-04-29 21:59:36 +02:00
Paul Fitzpatrick
a3442aee77 (core) updates from grist-core 2024-04-29 15:01:40 -04:00
fflorent
2f4122905d Remove useless export 2024-04-29 14:54:36 -04:00
fflorent
f405ae715b Bump dependencies versions 2024-04-29 14:54:36 -04:00
George Gevoian
3112433a58 (core) Add dropdown conditions
Summary:
Dropdown conditions let you specify a predicate formula that's used to filter
choices and references in their respective autocomplete dropdown menus.

Test Plan: Python and browser tests (WIP).

Reviewers: jarek, paulfitz

Reviewed By: jarek

Subscribers: dsagal, paulfitz

Differential Revision: https://phab.getgrist.com/D4235
2024-04-26 16:57:55 -04:00
Jarosław Sadziński
bd07e9c026 (core) New API to collect timing information from formula evaluation.
Summary:
- /timing/start endpoint to start collecting information
- /timing/stop endpoint to stop collecting
- /timing to retrive data gatherd so far

Timings are collected for all columns (including hidden/helpers/system)

Test Plan: Added new

Reviewers: paulfitz

Reviewed By: paulfitz

Differential Revision: https://phab.getgrist.com/D4230
2024-04-24 11:07:11 +02:00
Paul Fitzpatrick
4567fad947 (core) updates from grist-core 2024-04-15 09:24:09 -04:00
CamilleLegeron
76ef4d54f8
Webhook trigger update by column (#832)
Add functionality to filter webhooks based on a column or columns.
2024-04-12 16:04:37 -04:00
George Gevoian
86062a8c28 (core) New Grist Forms styling and field options
Summary:
 - New styling for forms.
 - New field options for various field types (spinner, checkbox, radio buttons, alignment, sort).
 - Improved alignment of form fields in columns.
 - Support for additional select input keyboard shortcuts (Enter and Backspace).
 - Prevent submitting form on Enter if an input has focus.
 - Fix for changing form field type causing the field to disappear.

Test Plan: Browser tests.

Reviewers: jarek

Reviewed By: jarek

Differential Revision: https://phab.getgrist.com/D4223
2024-04-11 08:17:42 -07:00
Jordi Gutiérrez Hermoso
400937fea3 uploads: do not use Origin header in fetchDoc
The `Origin` header is produced by `getTransitiveHeaders` but we don't
need it here, as this is only for an internal request where no
cross-origin attacks are possible.
2024-04-10 16:16:39 -04:00
Jordi Gutiérrez Hermoso
17ea97db78 requestUtils: add some logging to allowHost
I found it useful during my work to figure out what was going on in
this function and why some requests were being denied.
2024-04-10 16:16:39 -04:00
Jarosław Sadziński
bddbcddbef (core) Endpoint to report on the latest version of stable grist-core image
Summary:
New endpoint `/api/version` that returns latest version of stable docker image in format:
```
{"latestVersion":"1.1.12","
  updatedAt":"2024-03-06T06:28:25.752337Z","
  isCritical":false,
 "updateURL":"https://hub.docker.com/r/gristlabs/grist"
}
```

It connects to docker hub API and reads the version from the tag lists endpoint.
Stores telemetry passed from the client such us: current version, deployment type, installationId and others.

Test Plan: Added new test

Reviewers: georgegevoian

Reviewed By: georgegevoian

Differential Revision: https://phab.getgrist.com/D4220
2024-04-09 17:03:49 +02:00
Florent
a8a421c833
/status does not return a 500 HTTP code if docWorkerRegistered fails (#928) 2024-04-04 15:03:15 -04:00
Florent
4a9b6fea9d
Shutdown Doc worker when it is not considered as available in Redis #831 (#856)
* Shutdown Doc worker when it is not considered as available in Redis
* Use isAffirmative for GRIST_MANAGED_WORKERS
* Upgrade Sinon for the tests
* Run Smoke test with pages in English
* Add logic in /status endpoint
2024-04-04 10:25:42 -04:00