mirror of
https://github.com/hcengineering/platform.git
synced 2025-03-15 02:23:12 +00:00
UBERF-9479: Fix adapter security selection (#8007)
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev
GitHub
parent
dcb31e6e05
commit
e0d6301100
@ -33,6 +33,7 @@ import {
|
|||||||
registerServerPlugins,
|
registerServerPlugins,
|
||||||
registerStringLoaders,
|
registerStringLoaders,
|
||||||
registerTxAdapterFactory,
|
registerTxAdapterFactory,
|
||||||
|
setAdapterSecurity,
|
||||||
sharedPipelineContextVars
|
sharedPipelineContextVars
|
||||||
} from '@hcengineering/server-pipeline'
|
} from '@hcengineering/server-pipeline'
|
||||||
import serverToken from '@hcengineering/server-token'
|
import serverToken from '@hcengineering/server-token'
|
||||||
@ -121,6 +122,7 @@ export function devTool (
|
|||||||
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
||||||
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
||||||
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
||||||
|
setAdapterSecurity('postgresql', true)
|
||||||
|
|
||||||
registerServerPlugins()
|
registerServerPlugins()
|
||||||
registerStringLoaders()
|
registerStringLoaders()
|
||||||
|
|||||||
@ -24,6 +24,7 @@ import {
|
|||||||
registerAdapterFactory,
|
registerAdapterFactory,
|
||||||
registerDestroyFactory,
|
registerDestroyFactory,
|
||||||
registerTxAdapterFactory,
|
registerTxAdapterFactory,
|
||||||
|
setAdapterSecurity,
|
||||||
sharedPipelineContextVars
|
sharedPipelineContextVars
|
||||||
} from '@hcengineering/server-pipeline'
|
} from '@hcengineering/server-pipeline'
|
||||||
import { join } from 'path'
|
import { join } from 'path'
|
||||||
@ -86,6 +87,7 @@ registerDestroyFactory('mongodb', createMongoDestroyAdapter)
|
|||||||
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
||||||
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
||||||
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
||||||
|
setAdapterSecurity('postgresql', true)
|
||||||
|
|
||||||
startBackup(
|
startBackup(
|
||||||
metricsContext,
|
metricsContext,
|
||||||
|
|||||||
@ -63,6 +63,7 @@ import {
|
|||||||
registerServerPlugins,
|
registerServerPlugins,
|
||||||
registerStringLoaders,
|
registerStringLoaders,
|
||||||
registerTxAdapterFactory,
|
registerTxAdapterFactory,
|
||||||
|
setAdapterSecurity,
|
||||||
sharedPipelineContextVars
|
sharedPipelineContextVars
|
||||||
} from '@hcengineering/server-pipeline'
|
} from '@hcengineering/server-pipeline'
|
||||||
import serverToken, { decodeToken, generateToken, type Token } from '@hcengineering/server-token'
|
import serverToken, { decodeToken, generateToken, type Token } from '@hcengineering/server-token'
|
||||||
@ -257,6 +258,7 @@ export async function startIndexer (
|
|||||||
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
||||||
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
||||||
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
||||||
|
setAdapterSecurity('postgresql', true)
|
||||||
|
|
||||||
registerServerPlugins()
|
registerServerPlugins()
|
||||||
registerStringLoaders()
|
registerStringLoaders()
|
||||||
|
|||||||
@ -29,11 +29,13 @@ import { type Token } from '@hcengineering/server-token'
|
|||||||
|
|
||||||
import {
|
import {
|
||||||
createServerPipeline,
|
createServerPipeline,
|
||||||
|
isAdapterSecurity,
|
||||||
registerAdapterFactory,
|
registerAdapterFactory,
|
||||||
registerDestroyFactory,
|
registerDestroyFactory,
|
||||||
registerServerPlugins,
|
registerServerPlugins,
|
||||||
registerStringLoaders,
|
registerStringLoaders,
|
||||||
registerTxAdapterFactory,
|
registerTxAdapterFactory,
|
||||||
|
setAdapterSecurity,
|
||||||
sharedPipelineContextVars
|
sharedPipelineContextVars
|
||||||
} from '@hcengineering/server-pipeline'
|
} from '@hcengineering/server-pipeline'
|
||||||
import { uncompress } from 'snappy'
|
import { uncompress } from 'snappy'
|
||||||
@ -99,6 +101,7 @@ export function start (
|
|||||||
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
||||||
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
||||||
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
||||||
|
setAdapterSecurity('postgresql', true)
|
||||||
|
|
||||||
const usePrepare = (process.env.DB_PREPARE ?? 'true') === 'true'
|
const usePrepare = (process.env.DB_PREPARE ?? 'true') === 'true'
|
||||||
|
|
||||||
@ -117,7 +120,7 @@ export function start (
|
|||||||
metrics,
|
metrics,
|
||||||
dbUrl,
|
dbUrl,
|
||||||
model,
|
model,
|
||||||
{ ...opt, externalStorage, adapterSecurity: dbUrl.startsWith('postgresql') },
|
{ ...opt, externalStorage, adapterSecurity: isAdapterSecurity(dbUrl) },
|
||||||
{}
|
{}
|
||||||
)
|
)
|
||||||
const sessionFactory = (token: Token, workspace: Workspace, account: Account): Session => {
|
const sessionFactory = (token: Token, workspace: Workspace, account: Account): Session => {
|
||||||
|
|||||||
@ -211,7 +211,8 @@ export async function getServerPipeline (
|
|||||||
const pipelineFactory = createServerPipeline(ctx, dbUrl, model, {
|
const pipelineFactory = createServerPipeline(ctx, dbUrl, model, {
|
||||||
externalStorage: storageAdapter,
|
externalStorage: storageAdapter,
|
||||||
usePassedCtx: true,
|
usePassedCtx: true,
|
||||||
disableTriggers: opt?.disableTriggers ?? false
|
disableTriggers: opt?.disableTriggers ?? false,
|
||||||
|
adapterSecurity: isAdapterSecurity(dbUrl)
|
||||||
})
|
})
|
||||||
|
|
||||||
return await pipelineFactory(ctx, wsUrl, true, () => {}, null)
|
return await pipelineFactory(ctx, wsUrl, true, () => {}, null)
|
||||||
@ -220,6 +221,23 @@ export async function getServerPipeline (
|
|||||||
const txAdapterFactories: Record<string, DbAdapterFactory> = {}
|
const txAdapterFactories: Record<string, DbAdapterFactory> = {}
|
||||||
const adapterFactories: Record<string, DbAdapterFactory> = {}
|
const adapterFactories: Record<string, DbAdapterFactory> = {}
|
||||||
const destroyFactories: Record<string, (url: string) => WorkspaceDestroyAdapter> = {}
|
const destroyFactories: Record<string, (url: string) => WorkspaceDestroyAdapter> = {}
|
||||||
|
const adapterSecurityState = new Set<string>()
|
||||||
|
|
||||||
|
export function isAdapterSecurity (name: string): boolean {
|
||||||
|
for (const it of adapterSecurityState) {
|
||||||
|
if (name.startsWith(it)) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
export function setAdapterSecurity (name: string, state: boolean): void {
|
||||||
|
if (state) {
|
||||||
|
adapterSecurityState.add(name)
|
||||||
|
} else {
|
||||||
|
adapterSecurityState.delete(name)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
export function registerTxAdapterFactory (name: string, factory: DbAdapterFactory, useAsDefault: boolean = true): void {
|
export function registerTxAdapterFactory (name: string, factory: DbAdapterFactory, useAsDefault: boolean = true): void {
|
||||||
txAdapterFactories[name] = factory
|
txAdapterFactories[name] = factory
|
||||||
|
|||||||
@ -62,6 +62,7 @@ import {
|
|||||||
registerServerPlugins,
|
registerServerPlugins,
|
||||||
registerStringLoaders,
|
registerStringLoaders,
|
||||||
registerTxAdapterFactory,
|
registerTxAdapterFactory,
|
||||||
|
setAdapterSecurity,
|
||||||
sharedPipelineContextVars
|
sharedPipelineContextVars
|
||||||
} from '@hcengineering/server-pipeline'
|
} from '@hcengineering/server-pipeline'
|
||||||
import { buildStorageFromConfig, storageConfigFromEnv } from '@hcengineering/server-storage'
|
import { buildStorageFromConfig, storageConfigFromEnv } from '@hcengineering/server-storage'
|
||||||
@ -160,6 +161,8 @@ export class WorkspaceWorker {
|
|||||||
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
||||||
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
||||||
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
||||||
|
setAdapterSecurity('postgresql', true)
|
||||||
|
|
||||||
registerServerPlugins()
|
registerServerPlugins()
|
||||||
registerStringLoaders()
|
registerStringLoaders()
|
||||||
|
|
||||||
|
|||||||
@ -46,11 +46,13 @@ import {
|
|||||||
} from '@hcengineering/postgres'
|
} from '@hcengineering/postgres'
|
||||||
import {
|
import {
|
||||||
createServerPipeline,
|
createServerPipeline,
|
||||||
|
isAdapterSecurity,
|
||||||
registerAdapterFactory,
|
registerAdapterFactory,
|
||||||
registerDestroyFactory,
|
registerDestroyFactory,
|
||||||
registerServerPlugins,
|
registerServerPlugins,
|
||||||
registerStringLoaders,
|
registerStringLoaders,
|
||||||
registerTxAdapterFactory
|
registerTxAdapterFactory,
|
||||||
|
setAdapterSecurity
|
||||||
} from '@hcengineering/server-pipeline'
|
} from '@hcengineering/server-pipeline'
|
||||||
import { CloudFlareLogger } from './logger'
|
import { CloudFlareLogger } from './logger'
|
||||||
import model from './model.json'
|
import model from './model.json'
|
||||||
@ -109,6 +111,7 @@ export class Transactor extends DurableObject<Env> {
|
|||||||
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
|
||||||
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
registerAdapterFactory('postgresql', createPostgresAdapter, true)
|
||||||
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
|
||||||
|
setAdapterSecurity('postgresql', true)
|
||||||
|
|
||||||
if (env.USE_GREEN === 'true') {
|
if (env.USE_GREEN === 'true') {
|
||||||
registerGreenUrl(env.GREEN_URL)
|
registerGreenUrl(env.GREEN_URL)
|
||||||
@ -140,7 +143,7 @@ export class Transactor extends DurableObject<Env> {
|
|||||||
this.pipelineFactory = async (ctx, ws, upgrade, broadcast, branding) => {
|
this.pipelineFactory = async (ctx, ws, upgrade, broadcast, branding) => {
|
||||||
const pipeline = createServerPipeline(this.measureCtx, dbUrl, model, {
|
const pipeline = createServerPipeline(this.measureCtx, dbUrl, model, {
|
||||||
externalStorage: storage,
|
externalStorage: storage,
|
||||||
adapterSecurity: false,
|
adapterSecurity: isAdapterSecurity(dbUrl),
|
||||||
disableTriggers: false,
|
disableTriggers: false,
|
||||||
fulltextUrl: env.FULLTEXT_URL,
|
fulltextUrl: env.FULLTEXT_URL,
|
||||||
extraLogging: true,
|
extraLogging: true,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user