wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-03-15 02:23:12 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

UBERF-9479: Fix adapter security selection (#8007)

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2025-02-14 17:38:06 +07:00 committed by GitHub
parent dcb31e6e05
commit e0d6301100
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 37 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
dev/tool/src/index.ts
View File

@ -33,6 +33,7 @@ import {
registerServerPlugins,
registerStringLoaders,
registerTxAdapterFactory,
setAdapterSecurity,
sharedPipelineContextVars
} from '@hcengineering/server-pipeline'
import serverToken from '@hcengineering/server-token'
@ -121,6 +122,7 @@ export function devTool (
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
registerAdapterFactory('postgresql', createPostgresAdapter, true)
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
setAdapterSecurity('postgresql', true)
registerServerPlugins()
registerStringLoaders()

2
pods/backup/src/index.ts
View File

@ -24,6 +24,7 @@ import {
registerAdapterFactory,
registerDestroyFactory,
registerTxAdapterFactory,
setAdapterSecurity,
sharedPipelineContextVars
} from '@hcengineering/server-pipeline'
import { join } from 'path'
@ -86,6 +87,7 @@ registerDestroyFactory('mongodb', createMongoDestroyAdapter)
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
registerAdapterFactory('postgresql', createPostgresAdapter, true)
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
setAdapterSecurity('postgresql', true)
startBackup(
metricsContext,

2
pods/fulltext/src/server.ts
View File

@ -63,6 +63,7 @@ import {
registerServerPlugins,
registerStringLoaders,
registerTxAdapterFactory,
setAdapterSecurity,
sharedPipelineContextVars
} from '@hcengineering/server-pipeline'
import serverToken, { decodeToken, generateToken, type Token } from '@hcengineering/server-token'
@ -257,6 +258,7 @@ export async function startIndexer (
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
registerAdapterFactory('postgresql', createPostgresAdapter, true)
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
setAdapterSecurity('postgresql', true)
registerServerPlugins()
registerStringLoaders()

5
pods/server/src/server.ts
View File

@ -29,11 +29,13 @@ import { type Token } from '@hcengineering/server-token'
import {
createServerPipeline,
isAdapterSecurity,
registerAdapterFactory,
registerDestroyFactory,
registerServerPlugins,
registerStringLoaders,
registerTxAdapterFactory,
setAdapterSecurity,
sharedPipelineContextVars
} from '@hcengineering/server-pipeline'
import { uncompress } from 'snappy'
@ -99,6 +101,7 @@ export function start (
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
registerAdapterFactory('postgresql', createPostgresAdapter, true)
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
setAdapterSecurity('postgresql', true)
const usePrepare = (process.env.DB_PREPARE ?? 'true') === 'true'
@ -117,7 +120,7 @@ export function start (
metrics,
dbUrl,
model,
{ ...opt, externalStorage, adapterSecurity: dbUrl.startsWith('postgresql') },
{ ...opt, externalStorage, adapterSecurity: isAdapterSecurity(dbUrl) },
{}
)
const sessionFactory = (token: Token, workspace: Workspace, account: Account): Session => {

20
server/server-pipeline/src/pipeline.ts
View File

@ -211,7 +211,8 @@ export async function getServerPipeline (
const pipelineFactory = createServerPipeline(ctx, dbUrl, model, {
externalStorage: storageAdapter,
usePassedCtx: true,
disableTriggers: opt?.disableTriggers ?? false
disableTriggers: opt?.disableTriggers ?? false,
adapterSecurity: isAdapterSecurity(dbUrl)
})
return await pipelineFactory(ctx, wsUrl, true, () => {}, null)
@ -220,6 +221,23 @@ export async function getServerPipeline (
const txAdapterFactories: Record<string, DbAdapterFactory> = {}
const adapterFactories: Record<string, DbAdapterFactory> = {}
const destroyFactories: Record<string, (url: string) => WorkspaceDestroyAdapter> = {}
const adapterSecurityState = new Set<string>()
export function isAdapterSecurity (name: string): boolean {
for (const it of adapterSecurityState) {
if (name.startsWith(it)) {
return true
}
}
return false
}
export function setAdapterSecurity (name: string, state: boolean): void {
if (state) {
adapterSecurityState.add(name)
} else {
adapterSecurityState.delete(name)
}
}
export function registerTxAdapterFactory (name: string, factory: DbAdapterFactory, useAsDefault: boolean = true): void {
txAdapterFactories[name] = factory

3
server/workspace-service/src/service.ts
View File

@ -62,6 +62,7 @@ import {
registerServerPlugins,
registerStringLoaders,
registerTxAdapterFactory,
setAdapterSecurity,
sharedPipelineContextVars
} from '@hcengineering/server-pipeline'
import { buildStorageFromConfig, storageConfigFromEnv } from '@hcengineering/server-storage'
@ -160,6 +161,8 @@ export class WorkspaceWorker {
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
registerAdapterFactory('postgresql', createPostgresAdapter, true)
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
setAdapterSecurity('postgresql', true)
registerServerPlugins()
registerStringLoaders()

7
workers/transactor/src/transactor.ts
View File

@ -46,11 +46,13 @@ import {
} from '@hcengineering/postgres'
import {
createServerPipeline,
isAdapterSecurity,
registerAdapterFactory,
registerDestroyFactory,
registerServerPlugins,
registerStringLoaders,
registerTxAdapterFactory
registerTxAdapterFactory,
setAdapterSecurity
} from '@hcengineering/server-pipeline'
import { CloudFlareLogger } from './logger'
import model from './model.json'
@ -109,6 +111,7 @@ export class Transactor extends DurableObject<Env> {
registerTxAdapterFactory('postgresql', createPostgresTxAdapter, true)
registerAdapterFactory('postgresql', createPostgresAdapter, true)
registerDestroyFactory('postgresql', createPostgreeDestroyAdapter, true)
setAdapterSecurity('postgresql', true)
if (env.USE_GREEN === 'true') {
registerGreenUrl(env.GREEN_URL)
@ -140,7 +143,7 @@ export class Transactor extends DurableObject<Env> {
this.pipelineFactory = async (ctx, ws, upgrade, broadcast, branding) => {
const pipeline = createServerPipeline(this.measureCtx, dbUrl, model, {
externalStorage: storage,
adapterSecurity: false,
adapterSecurity: isAdapterSecurity(dbUrl),
disableTriggers: false,
fulltextUrl: env.FULLTEXT_URL,
extraLogging: true,