rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-02-27 21:54:27 +01:00
Code Issues Releases Activity

Merge branch 'dev' for release 4.7.2

Browse Source
This commit is contained in:
Sylvain 2021-03-01 12:21:56 +01:00
commit baad37e3cf
9 changed files with 44 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@ -1,5 +1,12 @@
# Changelog Fab-manager # Changelog Fab-manager
## v4.7.2 2021 March 1st
- Updated yq to v4
- Fix a bug: unable to upgrade using the easy upgrade command
- Fix a security issue: possible SQL injection when dropping the database
- Fix a security issue: restrict allowed keys when creating/updating credits
- [TODO DEPLOY] `bundle exec rails fablab:openlab:bulk_export` if you have enabled OpenLab (projects sharing)
## v4.7.1 2021 February 24 ## v4.7.1 2021 February 24
- Fix a security issue: updated axios to 0.21.1 to fix [CVE-2020-28168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168) - Fix a security issue: updated axios to 0.21.1 to fix [CVE-2020-28168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28168)

2
app/controllers/api/credits_controller.rb
View File

@ -47,6 +47,6 @@ class API::CreditsController < API::ApiController
end end
def credit_params def credit_params
params.require(:credit).permit! params.require(:credit).permit(:creditable_id, :creditable_type, :plan_id, :hours)
end end
end end

14
config/initializers/postgresql_database_tasks.rb
View File

@ -1,11 +1,21 @@
# frozen_string_literal: true
module ActiveRecord module ActiveRecord
module Tasks module Tasks
# The following magic allows to drop a PG database even if a connection exists
# @see https://stackoverflow.com/a/38710021
class PostgreSQLDatabaseTasks class PostgreSQLDatabaseTasks
include ActiveRecord::Sanitization::ClassMethods
def drop def drop
establish_master_connection establish_master_connection
connection.select_all "select pg_terminate_backend(pg_stat_activity.pid) from pg_stat_activity where datname='#{configuration['database']}' AND state='idle';" q = sanitize_sql_array [
"select pg_terminate_backend(pg_stat_activity.pid) from pg_stat_activity where datname= ? AND state='idle';",
configuration['database']
]
connection.select_all q
connection.drop_database configuration['database'] connection.drop_database configuration['database']
end end
end end
end end
end end

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "fab-manager", "name": "fab-manager",
"version": "4.7.1", "version": "4.7.2",
"description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.", "description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.",
"keywords": [ "keywords": [
"fablab", "fablab",

12
scripts/mount-payment-schedules.sh
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
yq() { yq() {
docker run --rm -i -v "${PWD}:/workdir" mikefarah/yq yq "$@" docker run --rm -i -v "${PWD}:/workdir" mikefarah/yq:4 "$@"
} }
config() config()
@ -13,20 +13,14 @@ config()
echo "current user is not allowed to use docker, exiting..." echo "current user is not allowed to use docker, exiting..."
exit 1 exit 1
fi fi
if ! command -v awk || ! [[ $(awk -W version) =~ ^GNU ]] SERVICE="$(yq eval '.services.*.image | select(. == "sleede/fab-manager*") | path | .[-2]' docker-compose.yml)"
then
echo "Please install GNU Awk before running this script."
echo "gawk was not found, exiting..."
exit 1
fi
SERVICE="$(yq r docker-compose.yml --printMode p 'services.*(.==sleede/fab-manager*)' | awk 'BEGIN { FS = "." } ; {print $2}')"
} }
add_mount() add_mount()
{ {
# shellcheck disable=SC2016 # shellcheck disable=SC2016
# we don't want to expand ${PWD} # we don't want to expand ${PWD}
yq w -i docker-compose.yml "services.$SERVICE.volumes[+]" '${PWD}/payment_schedules:/usr/src/app/payment_schedules' yq -i eval ".services.$SERVICE.volumes += [\"\${PWD}/payment_schedules:/usr/src/app/payment_schedules\"]" docker-compose.yml
} }
proceed() proceed()

22
scripts/mount-webpack.sh
View File

@ -1,7 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
yq() { yq() {
docker run --rm -i -v "${PWD}:/workdir" mikefarah/yq yq "$@" docker run --rm -i -v "${PWD}:/workdir" mikefarah/yq:4 "$@"
} }
config() config()
@ -13,27 +13,13 @@ config()
echo "current user is not allowed to use docker, exiting..." echo "current user is not allowed to use docker, exiting..."
exit 1 exit 1
fi fi
if ! command -v awk || ! [[ $(awk -W version) =~ ^GNU ]] SERVICE="$(yq eval '.services.*.image | select(. == "sleede/fab-manager*") | path | .[-2]' docker-compose.yml)"
then
echo "Please install GNU Awk before running this script."
echo "gawk was not found, exiting..."
exit 1
fi
SERVICE="$(yq r docker-compose.yml --printMode p 'services.*(.==sleede/fab-manager*)' | awk 'BEGIN { FS = "." } ; {print $2}')"
} }
change_mount() change_mount()
{ {
local volumes=$(yq r docker-compose.yml --length "services.$SERVICE.volumes") yq -i eval ".services.$SERVICE.volumes.[] | select(. == \"*assets\") |= \"\${PWD}/public/packs:/usr/src/app/public/packs\"" docker-compose.yml
local maxVol=$(($volumes - 1)) echo "Service volume was replaced for $SERVICE: /assets changed to /packs"
for i in $(seq 0 $maxVol); do
yq r docker-compose.yml "services.$SERVICE.volumes.[$i]" | grep assets
if [[ $? = 0 ]]; then
yq w -i docker-compose.yml "services.$SERVICE.volumes.[$i]" "\${PWD}/public/packs:/usr/src/app/public/packs"
echo "Volume #$i was replaced for $SERVICE: /assets changed to /packs"
exit 0
fi
done
} }
proceed() proceed()

4
scripts/redis-upgrade.sh
View File

@ -60,7 +60,7 @@ test_docker_compose()
} }
yq() { yq() {
docker run --rm -i -v "${FM_PATH}:/workdir" mikefarah/yq yq "$@" docker run --rm -i -v "${FM_PATH}:/workdir" mikefarah/yq:4 "$@"
} }
@ -71,7 +71,7 @@ docker_down()
proceed_upgrade() proceed_upgrade()
{ {
yq w -i docker-compose.yml services.redis.image redis:6-alpine yq -i eval '.services.redis.image = "redis:6-alpine"' docker-compose.yml
} }

16
setup/setup.sh
View File

@ -147,7 +147,7 @@ prepare_files()
} }
yq() { yq() {
docker run --rm -i -v "${FABMANAGER_PATH}:/workdir" mikefarah/yq yq "$@" docker run --rm -i -v "${FABMANAGER_PATH}:/workdir" mikefarah/yq:4 "$@"
} }
prepare_nginx() prepare_nginx()
@ -160,16 +160,16 @@ prepare_nginx()
else else
# if nginx is not installed, remove its associated block from docker-compose.yml # if nginx is not installed, remove its associated block from docker-compose.yml
echo "Removing nginx..." echo "Removing nginx..."
yq d -i docker-compose.yml services.nginx yq -i eval 'del(.services.nginx)' docker-compose.yml
read -rp "Do you want to map the Fab-manager's service to an external network? (Y/n) " confirm </dev/tty read -rp "Do you want to map the Fab-manager's service to an external network? (Y/n) " confirm </dev/tty
if [ "$confirm" != "n" ]; then if [ "$confirm" != "n" ]; then
echo "Adding a network configuration to the docker-compose.yml file..." echo "Adding a network configuration to the docker-compose.yml file..."
yq w -i docker-compose.yml networks.web.external true yq -i eval '.networks.web.external = "true"' docker-compose.yml
yq w -i docker-compose.yml networks.db '' yq -i eval '.networks.db = ""' docker-compose.yml
yq w -i docker-compose.yml services.fabmanager.networks[+] web yq -i eval '.services.fabmanager.networks += ["web"]' docker-compose.yml
yq w -i docker-compose.yml services.fabmanager.networks[+] db yq -i eval '.services.fabmanager.networks += ["db"]' docker-compose.yml
yq w -i docker-compose.yml services.postgres.networks[+] db yq -i eval '.services.postgres.networks += ["db"]' docker-compose.yml
yq w -i docker-compose.yml services.redis.networks[+] db yq -i eval '.services.redis.networks += ["db"]' docker-compose.yml
fi fi
fi fi
} }

20
setup/upgrade.sh
View File

@ -28,7 +28,7 @@ parseparams()
} }
yq() { yq() {
docker run --rm -i -v "${PWD}:/workdir" mikefarah/yq yq "$@" docker run --rm -i -v "${PWD}:/workdir" mikefarah/yq:4 "$@"
} }
jq() { jq() {
@ -37,14 +37,6 @@ jq() {
config() config()
{ {
echo -ne "Checking dependency... "
if ! command -v awk || ! [[ $(awk -W version) =~ ^GNU ]]
then
echo "Please install GNU Awk before running this script."
echo "gawk was not found, exiting..."
exit 1
fi
echo -ne "Checking user... " echo -ne "Checking user... "
if [[ "$(whoami)" != "root" ]] && ! groups | grep docker if [[ "$(whoami)" != "root" ]] && ! groups | grep docker
then then
@ -53,7 +45,7 @@ config()
exit 1 exit 1
fi fi
SERVICE="$(yq r docker-compose.yml --printMode p 'services.*(.==sleede/fab-manager*)' | awk 'BEGIN { FS = "." } ; {print $2}')" SERVICE="$(yq eval '.services.*.image | select(. == "sleede/fab-manager*") | path | .[-2]' docker-compose.yml)"
YES_ALL=${Y:-false} YES_ALL=${Y:-false}
# COMMANDS, SCRIPTS and ENVIRONMENTS are set by parseparams # COMMANDS, SCRIPTS and ENVIRONMENTS are set by parseparams
} }
@ -77,7 +69,7 @@ version_check()
{ {
VERSION=$(docker-compose exec -T "$SERVICE" cat .fabmanager-version) VERSION=$(docker-compose exec -T "$SERVICE" cat .fabmanager-version)
if [[ $? = 1 ]]; then if [[ $? = 1 ]]; then
VERSION=$(docker-compose exec -T "$SERVICE" cat package.json | grep version | awk 'BEGIN { FS = "\"" } ; {print $4}') VERSION=$(docker-compose exec -T "$SERVICE" cat package.json | jq -r '.version')
fi fi
if verlt "$VERSION" 2.8.3; then if verlt "$VERSION" 2.8.3; then
@ -104,8 +96,8 @@ add_environments()
compile_assets() compile_assets()
{ {
IMAGE=$(yq r docker-compose.yml 'services.*(.==sleede/fab-manager*)') IMAGE=$(yq eval '.services.*.image | select(. == "sleede/fab-manager*")' docker-compose.yml)
mapfile -t COMPOSE_ENVS < <(yq r docker-compose.yml "services.$SERVICE.environment") mapfile -t COMPOSE_ENVS < <(yq eval ".services.$SERVICE.environment" docker-compose.yml)
ENV_ARGS=$(for i in "${COMPOSE_ENVS[@]}"; do sed 's/: /=/g;s/^/-e /g' <<< "$i"; done) ENV_ARGS=$(for i in "${COMPOSE_ENVS[@]}"; do sed 's/: /=/g;s/^/-e /g' <<< "$i"; done)
PG_ID=$(docker-compose ps -q postgres) PG_ID=$(docker-compose ps -q postgres)
if [[ "$PG_ID" = "" ]]; then if [[ "$PG_ID" = "" ]]; then
@ -131,7 +123,7 @@ upgrade()
exit 1 exit 1
fi fi
BRANCH='master' BRANCH='master'
if yq r docker-compose.yml 'services.*(.==sleede/fab-manager*)' | grep -q ':dev'; then BRANCH='dev'; fi if yq eval '.services.*.image | select(. == "sleede/fab-manager*")' docker-compose.yml | grep -q ':dev'; then BRANCH='dev'; fi
for SCRIPT in "${SCRIPTS[@]}"; do for SCRIPT in "${SCRIPTS[@]}"; do
if [[ "$YES_ALL" = "true" ]]; then if [[ "$YES_ALL" = "true" ]]; then
\curl -sSL "https://raw.githubusercontent.com/sleede/fab-manager/$BRANCH/scripts/$SCRIPT.sh" | bash -s -- -y \curl -sSL "https://raw.githubusercontent.com/sleede/fab-manager/$BRANCH/scripts/$SCRIPT.sh" | bash -s -- -y