From e9f84cb591131051a98614ca1b31601954ede866 Mon Sep 17 00:00:00 2001 From: nightwing Date: Thu, 21 Apr 2016 00:19:09 +0000 Subject: [PATCH] be more strict about vfs extend in readonly mode --- configs/client-default.js | 5 ---- package.json | 10 ++++---- plugins/c9.vfs.client/vfs.log.js | 2 ++ plugins/c9.vfs.client/vfs.ping.js | 5 ++-- .../c9.vfs.server/vfs.connect.standalone.js | 1 - plugins/c9.vfs.server/vfs.js | 3 --- plugins/c9.vfs.server/vfs_wrapper.js | 25 +++++++++++-------- plugins/c9.vfs.standalone/standalone.js | 2 +- 8 files changed, 25 insertions(+), 28 deletions(-) diff --git a/configs/client-default.js b/configs/client-default.js index 50593d86..f532d9e7 100644 --- a/configs/client-default.js +++ b/configs/client-default.js @@ -35,8 +35,6 @@ module.exports = function(options) { var devel = options.standalone && !options.local || options.mode === "devel" || options.mode == "onlinedev" || options.dev; var localExtendFiles = options.localExtend || options.standalone; - // allow extend code access only to C9-deveoped plugins - var extendToken = options.extendToken || "token"; var plugins = [ // C9 @@ -412,7 +410,6 @@ module.exports = function(options) { "plugins/c9.ide.language.go/go", { packagePath: "plugins/c9.ide.language.jsonalyzer/jsonalyzer", - extendToken: extendToken, workspaceDir: workspaceDir, homeDir: options.home, bashBin: options.bashBin, @@ -787,7 +784,6 @@ module.exports = function(options) { }, { packagePath: "plugins/c9.ide.pubsub/pubsub-client", - extendToken: extendToken }, { packagePath: "plugins/c9.ide.collab/notifications/bubble", @@ -868,7 +864,6 @@ module.exports = function(options) { plugins.push( { packagePath: "plugins/c9.ide.collab/connect", - extendToken: extendToken, enable: collab, debug: debug, localServerFile: localExtendFiles, diff --git a/package.json b/package.json index e74ae73a..94f947ae 100644 --- a/package.json +++ b/package.json @@ -65,9 +65,9 @@ "c9.ide.language.javascript.eslint": "#4de5457db1", "c9.ide.language.javascript.tern": "#b55d0069bb", "c9.ide.language.javascript.infer": "#18acb93a3a", - "c9.ide.language.jsonalyzer": "#4b329741b1", + "c9.ide.language.jsonalyzer": "#23457a0bf6", "c9.ide.language.codeintel": "#253ae15f5e", - "c9.ide.collab": "#bab99a8b38", + "c9.ide.collab": "#763cbbfe3f", "c9.ide.local": "#10eb45842a", "c9.ide.find": "#e33fbaed2f", "c9.ide.find.infiles": "#c0a13737ef", @@ -90,17 +90,17 @@ "c9.ide.help.support": "#932fbb3743", "c9.ide.imgeditor": "#612e75ef4f", "c9.ide.immediate": "#19758abe08", - "c9.ide.installer": "#1232d4e179", + "c9.ide.installer": "#4ec5341876", "c9.ide.language.python": "#330b80e3b2", "c9.ide.language.go": "#6ce1c7a7ef", "c9.ide.mount": "#4c39359b87", - "c9.ide.navigate": "#0b7ec7936c", + "c9.ide.navigate": "#3941d604b9", "c9.ide.newresource": "#981a408a7b", "c9.ide.openfiles": "#2ae85a9e33", "c9.ide.preview": "#5f5fff0185", "c9.ide.preview.browser": "#897177be7f", "c9.ide.preview.markdown": "#c3174d86e0", - "c9.ide.pubsub": "#a85fb27eca", + "c9.ide.pubsub": "#933baeb7b4", "c9.ide.readonly": "#719881e192", "c9.ide.recentfiles": "#7c099abf40", "c9.ide.remote": "#301d2ab519", diff --git a/plugins/c9.vfs.client/vfs.log.js b/plugins/c9.vfs.client/vfs.log.js index 3d3c453a..5ab2d214 100644 --- a/plugins/c9.vfs.client/vfs.log.js +++ b/plugins/c9.vfs.client/vfs.log.js @@ -20,6 +20,8 @@ define(function (require, exports, module) { if (loaded) return false; loaded = true; + if (c9.readonly) return false; + ext.loadRemotePlugin("log", { code: require("text!./log-service.js"), redefine: true diff --git a/plugins/c9.vfs.client/vfs.ping.js b/plugins/c9.vfs.client/vfs.ping.js index fcebcf6e..275814e6 100644 --- a/plugins/c9.vfs.client/vfs.ping.js +++ b/plugins/c9.vfs.client/vfs.ping.js @@ -22,10 +22,9 @@ define(function(require, exports, module) { loaded = true; ext.loadRemotePlugin("ping", { - code: require("text!./ping-service.js"), - redefine: true + file: "c9.vfs.client/ping-service.js" }, function(err, remote) { - if (err) + if (!remote) return console.error(err); api = remote; diff --git a/plugins/c9.vfs.server/vfs.connect.standalone.js b/plugins/c9.vfs.server/vfs.connect.standalone.js index 82807063..51096d8a 100644 --- a/plugins/c9.vfs.server/vfs.connect.standalone.js +++ b/plugins/c9.vfs.server/vfs.connect.standalone.js @@ -56,7 +56,6 @@ define(function(require, exports, module) { projectDir: vfsOptions.projectDir, extendDirectory: options.extendDirectory, extendOptions: projectOptions.extendOptions, - extendToken: "not_needed", collab: options.collab, vfsOptions: vfsOptions, public: true diff --git a/plugins/c9.vfs.server/vfs.js b/plugins/c9.vfs.server/vfs.js index 8a6107cf..8cf16b1e 100644 --- a/plugins/c9.vfs.server/vfs.js +++ b/plugins/c9.vfs.server/vfs.js @@ -24,7 +24,6 @@ function Vfs(vfs, master, options) { this.public = options.public || false; this.vfsOptions = options.vfsOptions || {}; this.pid = this.vfsOptions.pid; - var extendToken = options.extendToken; this.homeDir = options.homeDir; this.workspaceDir = options.projectDir; @@ -36,14 +35,12 @@ function Vfs(vfs, master, options) { blocked: this.readonly, extendDirectory: options.extendDirectory, extendOptions: options.extendOptions, - extendToken: extendToken }); this.vfsWorkspace = wrapVfs(vfs, { root: this.workspaceDir, readonly: this.readonly, extendDirectory: options.extendDirectory, extendOptions: options.extendOptions, - extendToken: extendToken }); var vfsProxy = proxyVfs(Object.keys(this.vfsHome), this.vfsHome, this.vfsWorkspace); diff --git a/plugins/c9.vfs.server/vfs_wrapper.js b/plugins/c9.vfs.server/vfs_wrapper.js index 8fe1192a..d3eade23 100644 --- a/plugins/c9.vfs.server/vfs_wrapper.js +++ b/plugins/c9.vfs.server/vfs_wrapper.js @@ -8,7 +8,6 @@ module.exports = function(vfs, options) { var methods = options.methods || Object.keys(vfs); var readonly = "readonly" in options ? options.readonly : false; var blocked = !!options.blocked; - var extendToken = options.extendToken; var roMethods = { resolve: 1, @@ -74,18 +73,24 @@ module.exports = function(vfs, options) { options[key] = extendOptions[key]; } - if (options.code || options.stream) { - if (readonly && (!extendToken || extendToken !== options.extendToken)) - return callback(new error.Forbidden("VFS extend: " + name + " with options 'stream' or 'code' not authorized in read only mode")); - else - return vfs.extend(name, options, callback); + if (readonly) { + var whitelist = { + "c9.ide.collab/server/collab-server.js": true, + "c9.ide.pubsub/pubsub-service.js": true, + "c9.vfs.client/ping-service.js": true, + }; + if (!options.file || !whitelist[options.file]) + return callback(new error.Forbidden("VFS extend: " + name + " is not authorized in read only mode")); } + + if (options.code || options.stream) + return vfs.extend(name, options, callback); - if (!options.file) - return callback(new error.Forbidden("Option 'file' is missing")); + if (!options.file) + return callback(new error.Forbidden("Option 'file' is missing")); - if (typeof options.file != "string") - return callback(new error.Forbidden("Invalid option 'file'")); + if (typeof options.file != "string") + return callback(new error.Forbidden("Invalid option 'file'")); if (extendDirectory) { var file = options.file = path.normalize(path.join(extendDirectory, options.file)); diff --git a/plugins/c9.vfs.standalone/standalone.js b/plugins/c9.vfs.standalone/standalone.js index 7470c8ab..8da836c9 100644 --- a/plugins/c9.vfs.standalone/standalone.js +++ b/plugins/c9.vfs.standalone/standalone.js @@ -255,7 +255,7 @@ function plugin(options, imports, register) { }; api.updatConfig = api.updatConfig || function(opts, params) { var id = params.token; - opts.accessToken = opts.extendToken = id || "token"; + opts.accessToken = id || "token"; var user = opts.extendOptions.user; user.id = id || -1; user.name = id ? "user" + id : "johndoe";