sxlxc/overleaf-server-arm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Yu Cong
2025-04-24 13:11:28 +08:00
commit ff9c54d5e4
5960 changed files with 834111 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
services/web/modules/launchpad/app/src/LaunchpadController.mjs Normal file
View File

@@ -0,0 +1,256 @@
import OError from '@overleaf/o-error'
import { expressify } from '@overleaf/promise-utils'
import Settings from '@overleaf/settings'
import Path from 'node:path'
import { fileURLToPath } from 'node:url'
import logger from '@overleaf/logger'
import UserRegistrationHandler from '../../../../app/src/Features/User/UserRegistrationHandler.js'
import EmailHandler from '../../../../app/src/Features/Email/EmailHandler.js'
import UserGetter from '../../../../app/src/Features/User/UserGetter.js'
import { User } from '../../../../app/src/models/User.js'
import AuthenticationManager from '../../../../app/src/Features/Authentication/AuthenticationManager.js'
import AuthenticationController from '../../../../app/src/Features/Authentication/AuthenticationController.js'
import SessionManager from '../../../../app/src/Features/Authentication/SessionManager.js'
import { hasAdminAccess } from '../../../../app/src/Features/Helpers/AdminAuthorizationHelper.js'
const __dirname = fileURLToPath(new URL('.', import.meta.url))
/**
* Container for functions that need to be mocked in tests
*
* TODO: Rewrite tests in terms of exported functions only
*/
const _mocks = {}
_mocks._atLeastOneAdminExists = async () => {
const user = await UserGetter.promises.getUser(
{ isAdmin: true },
{ _id: 1, isAdmin: 1 }
)
return Boolean(user)
}
async function _atLeastOneAdminExists() {
return await _mocks._atLeastOneAdminExists()
}
function getAuthMethod() {
if (Settings.ldap) {
return 'ldap'
} else if (Settings.saml) {
return 'saml'
} else {
return 'local'
}
}
async function launchpadPage(req, res) {
// TODO: check if we're using external auth?
// * how does all this work with ldap and saml?
const sessionUser = SessionManager.getSessionUser(req.session)
const authMethod = getAuthMethod()
const adminUserExists = await _atLeastOneAdminExists()
if (!sessionUser) {
if (!adminUserExists) {
res.render(Path.resolve(__dirname, '../views/launchpad'), {
adminUserExists,
authMethod,
})
} else {
AuthenticationController.setRedirectInSession(req)
res.redirect('/login')
}
} else {
const user = await UserGetter.promises.getUser(sessionUser._id, {
isAdmin: 1,
})
if (hasAdminAccess(user)) {
res.render(Path.resolve(__dirname, '../views/launchpad'), {
wsUrl: Settings.wsUrl,
adminUserExists,
authMethod,
})
} else {
res.redirect('/restricted')
}
}
}
async function sendTestEmail(req, res) {
const { email } = req.body
if (!email) {
logger.debug({}, 'no email address supplied')
return res.status(400).json({
message: 'no email address supplied',
})
}
logger.debug({ email }, 'sending test email')
const emailOptions = { to: email }
try {
await EmailHandler.promises.sendEmail('testEmail', emailOptions)
logger.debug({ email }, 'sent test email')
res.json({ message: res.locals.translate('email_sent') })
} catch (err) {
OError.tag(err, 'error sending test email', {
email,
})
throw err
}
}
function registerExternalAuthAdmin(authMethod) {
return expressify(async function (req, res) {
if (getAuthMethod() !== authMethod) {
logger.debug(
{ authMethod },
'trying to register external admin, but that auth service is not enabled, disallow'
)
return res.sendStatus(403)
}
const { email } = req.body
if (!email) {
logger.debug({ authMethod }, 'no email supplied, disallow')
return res.sendStatus(400)
}
logger.debug({ email }, 'attempted register first admin user')
const exists = await _atLeastOneAdminExists()
if (exists) {
logger.debug({ email }, 'already have at least one admin user, disallow')
return res.sendStatus(403)
}
const body = {
email,
password: 'password_here',
first_name: email,
last_name: '',
}
logger.debug(
{ body, authMethod },
'creating admin account for specified external-auth user'
)
let user
try {
user = await UserRegistrationHandler.promises.registerNewUser(body)
} catch (err) {
OError.tag(err, 'error with registerNewUser', {
email,
authMethod,
})
throw err
}
try {
const reversedHostname = user.email
.split('@')[1]
.split('')
.reverse()
.join('')
await User.updateOne(
{ _id: user._id },
{
$set: { isAdmin: true, emails: [{ email, reversedHostname }] },
}
).exec()
} catch (err) {
OError.tag(err, 'error setting user to admin', {
user_id: user._id,
})
throw err
}
AuthenticationController.setRedirectInSession(req, '/launchpad')
logger.debug(
{ email, userId: user._id, authMethod },
'created first admin account'
)
res.json({ redir: '/launchpad', email })
})
}
async function registerAdmin(req, res) {
const { email } = req.body
const { password } = req.body
if (!email || !password) {
logger.debug({}, 'must supply both email and password, disallow')
return res.sendStatus(400)
}
logger.debug({ email }, 'attempted register first admin user')
const exists = await _atLeastOneAdminExists()
if (exists) {
logger.debug(
{ email: req.body.email },
'already have at least one admin user, disallow'
)
return res.status(403).json({
message: { type: 'error', text: 'admin user already exists' },
})
}
const invalidEmail = AuthenticationManager.validateEmail(email)
if (invalidEmail) {
return res
.status(400)
.json({ message: { type: 'error', text: invalidEmail.message } })
}
const invalidPassword = AuthenticationManager.validatePassword(
password,
email
)
if (invalidPassword) {
return res
.status(400)
.json({ message: { type: 'error', text: invalidPassword.message } })
}
const body = { email, password }
const user = await UserRegistrationHandler.promises.registerNewUser(body)
logger.debug({ userId: user._id }, 'making user an admin')
try {
const reversedHostname = user.email
.split('@')[1]
.split('')
.reverse()
.join('')
await User.updateOne(
{ _id: user._id },
{
$set: {
isAdmin: true,
emails: [{ email, reversedHostname }],
},
}
).exec()
} catch (err) {
OError.tag(err, 'error setting user to admin', {
user_id: user._id,
})
throw err
}
logger.debug({ email, userId: user._id }, 'created first admin account')
res.json({ redir: '/launchpad' })
}
const LaunchpadController = {
launchpadPage: expressify(launchpadPage),
registerAdmin: expressify(registerAdmin),
registerExternalAuthAdmin,
sendTestEmail: expressify(sendTestEmail),
_atLeastOneAdminExists,
_mocks,
}
export default LaunchpadController

43
services/web/modules/launchpad/app/src/LaunchpadRouter.mjs Normal file
View File

@@ -0,0 +1,43 @@
import logger from '@overleaf/logger'
import LaunchpadController from './LaunchpadController.mjs'
import AuthenticationController from '../../../../app/src/Features/Authentication/AuthenticationController.js'
import AuthorizationMiddleware from '../../../../app/src/Features/Authorization/AuthorizationMiddleware.js'
export default {
apply(webRouter) {
logger.debug({}, 'Init launchpad router')
webRouter.get('/launchpad', LaunchpadController.launchpadPage)
webRouter.post(
'/launchpad/register_admin',
LaunchpadController.registerAdmin
)
webRouter.post(
'/launchpad/register_ldap_admin',
LaunchpadController.registerExternalAuthAdmin('ldap')
)
webRouter.post(
'/launchpad/register_saml_admin',
LaunchpadController.registerExternalAuthAdmin('saml')
)
webRouter.post(
'/launchpad/send_test_email',
AuthorizationMiddleware.ensureUserIsSiteAdmin,
LaunchpadController.sendTestEmail
)
if (AuthenticationController.addEndpointToLoginWhitelist) {
AuthenticationController.addEndpointToLoginWhitelist('/launchpad')
AuthenticationController.addEndpointToLoginWhitelist(
'/launchpad/register_admin'
)
AuthenticationController.addEndpointToLoginWhitelist(
'/launchpad/register_ldap_admin'
)
AuthenticationController.addEndpointToLoginWhitelist(
'/launchpad/register_saml_admin'
)
}
},
}

1
services/web/modules/launchpad/app/src/tsconfig.json Normal file
View File

@@ -0,0 +1 @@
{ "extends": "../../../../tsconfig.backend.json" }

226
services/web/modules/launchpad/app/views/launchpad.pug Normal file
View File

@@ -0,0 +1,226 @@
extends ../../../../app/views/layout-marketing
mixin launchpad-check(section)
div(data-ol-launchpad-check=section)
span(data-ol-inflight="pending")
i.fa.fa-fw.fa-spinner.fa-spin
span  #{translate('checking')}
span(hidden data-ol-inflight="idle")
div(data-ol-result="success")
i.fa.fa-check
span  #{translate('ok')}
button.btn.btn-inline-link
span.text-danger  #{translate('retry')}
div(hidden data-ol-result="error")
i.fa.fa-exclamation
span  #{translate('error')}
button.btn.btn-inline-link
span.text-danger  #{translate('retry')}
div.alert.alert-danger
span(data-ol-error)
block entrypointVar
- entrypoint = 'modules/launchpad/pages/launchpad'
block vars
- metadata = metadata || {}
- bootstrap5PageStatus = 'disabled'
block append meta
meta(name="ol-adminUserExists" data-type="boolean" content=adminUserExists)
meta(name="ol-ideJsPath" content=buildJsPath('ide.js'))
block content
script(type="text/javascript", nonce=scriptNonce, src=(wsUrl || '/socket.io') + '/socket.io.js')
.content.content-alt#main-content
.container
.row
.col-md-8.col-md-offset-2
.card.launchpad-body
.row
.col-md-12
.text-center
h1 #{translate('welcome_to_sl')}
p
img(src=buildImgPath('/ol-brand/overleaf-o.svg'))
<!-- wrapper -->
.row
.col-md-8.col-md-offset-2
<!-- create first admin form -->
if !adminUserExists
.row(data-ol-not-sent)
.col-md-12
h2 #{translate('create_first_admin_account')}
// Local Auth Form
if authMethod === 'local'
form(
data-ol-async-form
data-ol-register-admin
action="/launchpad/register_admin"
method="POST"
)
input(name='_csrf', type='hidden', value=csrfToken)
+formMessages()
.form-group
label(for='email') #{translate("email")}
input.form-control(
type='email',
name='email',
placeholder="email@example.com"
autocomplete="username"
required,
autofocus="true"
)
.form-group
label(for='password') #{translate("password")}
input.form-control#passwordField(
type='password',
name='password',
placeholder="********",
autocomplete="new-password"
required,
)
.actions
button.btn-primary.btn(
type='submit'
data-ol-disabled-inflight
)
span(data-ol-inflight="idle") #{translate("register")}
span(hidden data-ol-inflight="pending") #{translate("registering")}…
// Ldap Form
if authMethod === 'ldap'
h3 #{translate('ldap')}
p
| #{translate('ldap_create_admin_instructions')}
form(
data-ol-async-form
data-ol-register-admin
action="/launchpad/register_ldap_admin"
method="POST"
)
input(name='_csrf', type='hidden', value=csrfToken)
+formMessages()
.form-group
label(for='email') #{translate("email")}
input.form-control(
type='email',
name='email',
placeholder="email@example.com"
autocomplete="username"
required,
autofocus="true"
)
.actions
button.btn-primary.btn(
type='submit'
data-ol-disabled-inflight
)
span(data-ol-inflight="idle") #{translate("register")}
span(hidden data-ol-inflight="pending") #{translate("registering")}…
// Saml Form
if authMethod === 'saml'
h3 #{translate('saml')}
p
| #{translate('saml_create_admin_instructions')}
form(
data-ol-async-form
data-ol-register-admin
action="/launchpad/register_saml_admin"
method="POST"
)
input(name='_csrf', type='hidden', value=csrfToken)
+formMessages()
.form-group
label(for='email') #{translate("email")}
input.form-control(
type='email',
name='email',
placeholder="email@example.com"
autocomplete="username"
required,
autofocus="true"
)
.actions
button.btn-primary.btn(
type='submit'
data-ol-disabled-inflight
)
span(data-ol-inflight="idle") #{translate("register")}
span(hidden data-ol-inflight="pending") #{translate("registering")}…
br
<!-- status indicators -->
if adminUserExists
.row
.col-md-12.status-indicators
h2 #{translate('status_checks')}
<!-- websocket -->
.row.row-spaced-small
.col-sm-5
| #{translate('websockets')}
.col-sm-7
+launchpad-check('websocket')
<!-- break -->
hr.thin
<!-- other actions -->
.row
.col-md-12
h2 #{translate('other_actions')}
h3 #{translate('send_test_email')}
form.form(
data-ol-async-form
action="/launchpad/send_test_email"
method="POST"
)
.form-group
label(for="email") Email
input.form-control(
type="text"
id="email"
name="email"
required
)
button.btn-primary.btn(
type='submit'
data-ol-disabled-inflight
)
span(data-ol-inflight="idle") #{translate("send")}
span(hidden data-ol-inflight="pending") #{translate("sending")}…
p
+formMessages()
<!-- break -->
hr.thin
<!-- Go to app -->
.row
.col-md-12
.text-center
br
p
a(href="/admin").btn.btn-info
| Go To Admin Panel
| &nbsp;
a(href="/project").btn.btn-primary
| Start Using #{settings.appName}
br

82
services/web/modules/launchpad/frontend/js/pages/launchpad.js Normal file
View File

@@ -0,0 +1,82 @@
/* global io */
import '@/marketing'
import {
inflightHelper,
toggleDisplay,
} from '../../../../../frontend/js/features/form-helpers/hydrate-form'
import getMeta from '../../../../../frontend/js/utils/meta'
function setUpStatusIndicator(el, fn) {
inflightHelper(el)
const displaySuccess = el.querySelectorAll('[data-ol-result="success"]')
const displayError = el.querySelectorAll('[data-ol-result="error"]')
// The checks are very lightweight and do not appear to do anything
// from looking at the UI. Add an artificial delay of 1s to show that
// we are actually doing something. :)
const artificialProgressDelay = 1000
function run() {
setTimeout(() => {
fn()
.then(() => {
toggleDisplay(displayError, displaySuccess)
})
.catch(error => {
el.querySelector('[data-ol-error]').textContent = error.message
toggleDisplay(displaySuccess, displayError)
})
.finally(() => {
el.dispatchEvent(new Event('idle'))
})
}, artificialProgressDelay)
}
el.querySelectorAll('button').forEach(retryBtn => {
retryBtn.addEventListener('click', function (e) {
e.preventDefault()
el.dispatchEvent(new Event('pending'))
run()
})
})
run()
}
function setUpStatusIndicators() {
setUpStatusIndicator(
document.querySelector('[data-ol-launchpad-check="websocket"]'),
() => {
const timeout = 10 * 1000
const socket = io.connect(null, {
reconnect: false,
'connect timeout': timeout,
'force new connection': true,
query: new URLSearchParams({
projectId: '404404404404404404404404',
}).toString(),
})
return new Promise((resolve, reject) => {
setTimeout(() => reject(new Error('timed out')), timeout)
socket.on('connectionRejected', function (err) {
if (err.code === 'ProjectNotFound') {
// We received the response from joinProject, so the websocket is up.
resolve()
} else {
reject(new Error(err && err.message))
}
})
socket.on('connect_failed', function (err) {
reject(new Error(err && err.message))
})
}).finally(() => {
socket.disconnect()
})
}
)
}
if (getMeta('ol-adminUserExists')) {
setUpStatusIndicators()
}

10
services/web/modules/launchpad/index.mjs Normal file
View File

@@ -0,0 +1,10 @@
import LaunchpadRouter from './app/src/LaunchpadRouter.mjs'
/** @import { WebModule } from "../../types/web-module" */
/** @type {WebModule} */
const LaunchpadModule = {
router: LaunchpadRouter,
}
export default LaunchpadModule

8
services/web/modules/launchpad/test/acceptance/config/settings.test.js Normal file
View File

@@ -0,0 +1,8 @@
const base = require(process.env.BASE_CONFIG)
module.exports = base.mergeWith({
enableLegacyLogin: true,
test: {
counterInit: 210000,
},
})

1
services/web/modules/launchpad/test/acceptance/src/Init.mjs Normal file
View File

@@ -0,0 +1 @@
import '../../../../../test/acceptance/src/helpers/InitApp.mjs'

83
services/web/modules/launchpad/test/acceptance/src/LaunchpadTests.mjs Normal file
View File

@@ -0,0 +1,83 @@
import { expect } from 'chai'
import cheerio from 'cheerio'
import UserHelper from '../../../../../test/acceptance/src/helpers/UserHelper.mjs'
describe('Launchpad', function () {
const adminEmail = 'admin@example.com'
const adminPassword = 'adreadfulsecret'
const user = new UserHelper()
it('should show the launchpad page', async function () {
const response = await user.fetch('/launchpad')
expect(response.status).to.equal(200)
const body = await response.text()
const $ = cheerio.load(body)
expect($('h2').first().text()).to.equal('Create the first Admin account')
expect($('form[name="email"]').first()).to.exist
expect($('form[name="password"]').first()).to.exist
})
it('should allow for creation of the first admin user', async function () {
// Load the launchpad page
const initialPageResponse = await user.fetch('/launchpad')
expect(initialPageResponse.status).to.equal(200)
const initialPageBody = await initialPageResponse.text()
const $ = cheerio.load(initialPageBody)
expect($('h2').first().text()).to.equal('Create the first Admin account')
expect($('form[name="email"]').first()).to.exist
expect($('form[name="password"]').first()).to.exist
// Submit the form
let csrfToken = await user.getCsrfToken()
const postResponse = await user.fetch('/launchpad/register_admin', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
},
body: JSON.stringify({
_csrf: csrfToken,
email: adminEmail,
password: adminPassword,
}),
})
expect(postResponse.status).to.equal(200)
const postBody = await postResponse.json()
expect(postBody).to.deep.equal({ redir: '/launchpad' })
// Try to load the page again
const secondPageResponse = await user.fetch('/launchpad')
expect(secondPageResponse.status).to.equal(302)
expect(secondPageResponse.headers.get('location')).to.equal(
UserHelper.url('/login').toString()
)
// Forbid submitting the form again
csrfToken = await user.getCsrfToken()
const badPostResponse = await user.fetch('/launchpad/register_admin', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Accept: 'application/json',
},
body: JSON.stringify({
_csrf: csrfToken,
email: adminEmail + '1',
password: adminPassword + '1',
}),
})
expect(badPostResponse.status).to.equal(403)
// Log in as this new admin user
const adminUser = await UserHelper.loginUser({
email: adminEmail,
password: adminPassword,
})
// Check we are actually admin
expect(await adminUser.isLoggedIn()).to.equal(true)
expect(adminUser.user.isAdmin).to.equal(true)
// Check reversedHostName is stored
expect(adminUser.user.emails[0].reversedHostname).to.equal('moc.elpmaxe')
})
})

1
services/web/modules/launchpad/test/acceptance/tsconfig.json Normal file
View File

@@ -0,0 +1 @@
{ "extends": "../../../../tsconfig.backend.json" }

1076
services/web/modules/launchpad/test/unit/src/LaunchpadControllerTests.mjs Normal file
View File

File diff suppressed because it is too large Load Diff

1
services/web/modules/launchpad/test/unit/tsconfig.json Normal file
View File

@@ -0,0 +1 @@
{ "extends": "../../../../tsconfig.backend.json" }