Merge branch 'master' into dev

node-red · Aug 5, 2020 · bcd85b1 · bcd85b1
2 parents 763f2bd + ec368ae
commit bcd85b1
Show file tree

Hide file tree

Showing 37 changed files with 909 additions and 422 deletions.
diff --git a/.github/scripts/update-node-red-website.js b/.github/scripts/update-node-red-website.js
@@ -0,0 +1,18 @@
+const fs = require("fs");
+
+const newVersion = require("../../package.json").version;
+
+if (process.env.GITHUB_REF !== "refs/tags/"+newVersion) {
+    console.log(`GITHUB_REF doesn't match the package.json version: ${process.env.GITHUB_REF} !== ${newVersion}`);
+    process.exit(0);
+}
+
+if (!/^\d+\.\d+\.\d+$/.test(newVersion)) {
+    console.log(`Not updating for a non-stable release - ${newVersion}`);
+    process.exit(0);
+}
+
+const path = __dirname+"/../../../node-red.github.io/index.html";
+let contents = fs.readFileSync(path, "utf8");
+contents = contents.replace(/<span class="node-red-latest-version">v\d+\.\d+\.\d+<\/span>/, `<span class="node-red-latest-version">v${newVersion}<\/span>` );
+fs.writeFileSync(path, contents);
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -18,12 +18,16 @@ jobs:
         with:
             repository: 'node-red/node-red-docker'
             path: 'node-red-docker'
+      - name: Check out node-red.github.io repository
+        uses: actions/checkout@v2
+        with:
+            repository: 'node-red/node-red.github.io'
+            path: 'node-red.github.io'
       - uses: actions/setup-node@v1
         with:
             node-version: '12'
       - run: node ./node-red/.github/scripts/update-node-red-docker.js
-        id: updateFiles
-      - name: Create Pull Request
+      - name: Create Docker Pull Request
         uses: peter-evans/create-pull-request@v2
         with:
           token: ${{ secrets.NR_REPO_TOKEN }}
@@ -37,4 +41,18 @@ jobs:
 
             Once this is merged, you will need to create a new release with the tag `v${{ env.newVersion }}`.
 
+            This PR was auto-generated by a GitHub Action. Any questions, speak to @knolleary
+      - run: node ./node-red/.github/scripts/update-node-red-website.js
+      - name: Create Website Pull Request
+        uses: peter-evans/create-pull-request@v2
+        with:
+          token: ${{ secrets.NR_REPO_TOKEN }}
+          committer: GitHub <noreply@github.com>
+          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
+          path: 'node-red.github.io'
+          commit-message: 'Bump to ${{ env.newVersion }}'
+          title: '🚀 Update to Node-RED ${{ env.newVersion }} release'
+          body: |
+            Updates the Node-RED Website repo for the ${{ env.newVersion }} release.
+
             This PR was auto-generated by a GitHub Action. Any questions, speak to @knolleary
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,41 @@
+### 1.1.3: Maintenance Release
+
+Editor
+ - Fix vertical align of fa node icons Fixes #2670
+ - Allow lasso selection to be restricted to active group
+ - Make ctrl-click on nested group more intuitive
+ - Fix copy/paste of nested groups
+ - Add Set(iterable) polyfill for IE11
+ - Support select-all inside active group
+ - Improve performance of moving groups
+ - Add additional check for git auth failure response Fixes #2656
+ - german translation, wording (#2660) (#2666)
+ - Remove filtering of duplicate fa icons
+ - Show node help when switching node edit dialogs Fixes #2652
+ - Ensure group theme picks up theme defaults properly Fixes #2651
+
+Nodes
+ - Clarify Switch node isEmpty help
+ - HTTP In: handle application/cbor as binary
+
+Runtime
+ - Move runtime settings back to adminApi from editorApi Fixes #2662
+ - Update Chinese message for debug node
+
+### 1.1.2: Maintenance Release
+
+Editor
+
+ - Fix all the touch screen issues Fixes #2647
+ - Add RED.view.redrawStatus to avoid full redraw on update
+ - Ensure node/group xrefs are consistent on import
+ - Disable keyboard handler when dialogs are open
+ - Ensure unknown nodes removed from outliner when node registers Fixes #2646
+
+Runtime
+
+ - Allow Comms websocket auth to be done via token header Fixes #2642
+
 ### 1.1.1: Maintenance Release
 
 Editor

diff --git a/packages/node_modules/@node-red/editor-api/lib/admin/index.js b/packages/node_modules/@node-red/editor-api/lib/admin/index.js
@@ -21,15 +21,17 @@ var flows = require("./flows");
 var flow = require("./flow");
 var context = require("./context");
 var auth = require("../auth");
+var info = require("./settings");
 
 var apiUtil = require("../util");
 
 module.exports = {
-    init: function(runtimeAPI) {
+    init: function(settings,runtimeAPI) {
         flows.init(runtimeAPI);
         flow.init(runtimeAPI);
         nodes.init(runtimeAPI);
         context.init(runtimeAPI);
+        info.init(settings,runtimeAPI);
 
         var needsPermission = auth.needsPermission;
 
@@ -67,6 +69,8 @@ module.exports = {
         // adminApp.delete("/context/:scope(node|flow)/:id",needsPermission("context.write"),context.delete,apiUtil.errorHandler);
         adminApp.delete("/context/:scope(node|flow)/:id/*",needsPermission("context.write"),context.delete,apiUtil.errorHandler);
 
+        adminApp.get("/settings",needsPermission("settings.read"),info.runtimeSettings,apiUtil.errorHandler);
+
         return adminApp;
     }
 }
diff --git a/packages/node_modules/@node-red/editor-api/lib/admin/settings.js b/packages/node_modules/@node-red/editor-api/lib/admin/settings.js
@@ -0,0 +1,72 @@
+/**
+ * Copyright JS Foundation and other contributors, http://js.foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ **/
+var apiUtils = require("../util");
+var runtimeAPI;
+var settings;
+var theme = require("../editor/theme");
+var clone = require("clone");
+
+var i18n = require("@node-red/util").i18n
+
+function extend(target, source) {
+    var keys = Object.keys(source);
+    var i = keys.length;
+    while(i--) {
+        var value = source[keys[i]]
+        var type = typeof value;
+        if (type === 'string' || type === 'number' || type === 'boolean' || Array.isArray(value)) {
+            target[keys[i]] = value;
+        } else if (value === null) {
+            if (target.hasOwnProperty(keys[i])) {
+                delete target[keys[i]];
+            }
+        } else {
+            // Object
+            if (target.hasOwnProperty(keys[i])) {
+                target[keys[i]] = extend(target[keys[i]],value);
+            } else {
+                target[keys[i]] = value;
+            }
+        }
+    }
+    return target;
+}
+
+module.exports = {
+    init: function(_settings,_runtimeAPI) {
+        runtimeAPI = _runtimeAPI;
+        settings = _settings;
+    },
+    runtimeSettings: function(req,res) {
+        var opts = {
+            user: req.user
+        }
+        runtimeAPI.settings.getRuntimeSettings(opts).then(function(result) {
+            if (!settings.disableEditor) {
+                result.editorTheme = result.editorTheme||{};
+                var themeSettings = theme.settings();
+                if (themeSettings) {
+                    // result.editorTheme may already exist with the palette
+                    // disabled. Need to merge that into the receive settings
+                    result.editorTheme = extend(clone(themeSettings),result.editorTheme);
+                }
+                result.editorTheme.languages = i18n.availableLanguages("editor");
+            }
+            res.json(result);
+        });
+    },
+
+}
diff --git a/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js b/packages/node_modules/@node-red/editor-api/lib/auth/strategies.js
@@ -123,38 +123,57 @@ AnonymousStrategy.prototype.authenticate = function(req) {
     });
 }
 
+
+function authenticateUserToken(req) {
+    return new Promise( (resolve,reject) => {
+        var token = null;
+        var tokenHeader = Users.tokenHeader();
+        if (Users.tokenHeader() === null) {
+            // No custom user token provided. Fail the request
+            reject();
+            return;
+        } else if (Users.tokenHeader() === 'authorization') {
+            if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
+                token = req.headers.authorization.split(' ')[1];
+            }
+        } else {
+            token = req.headers[Users.tokenHeader()];
+        }
+        if (token) {
+            Users.tokens(token).then(function(user) {
+                if (user) {
+                    resolve(user);
+                } else {
+                    reject();
+                }
+            });
+        } else {
+            reject();
+        }
+    });
+}
+
+
 function TokensStrategy() {
   passport.Strategy.call(this);
   this.name = 'tokens';
 }
 util.inherits(TokensStrategy, passport.Strategy);
 TokensStrategy.prototype.authenticate = function(req) {
-    var self = this;
-    var token = null;
-    if (Users.tokenHeader() === 'authorization') {  
-        if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
-            token = req.headers.authorization.split(' ')[1];
-        }
-    } else {
-        token = req.headers[Users.tokenHeader()];
-    }
-    if (token) {
-        Users.tokens(token).then(function(admin) {
-            if (admin) {
-                self.success(admin,{scope:admin.permissions});
-            } else {
-                self.fail(401);
-            }
-        });
-    } else {
-        self.fail(401);
-    }
+    authenticateUserToken(req).then(user => {
+        this.success(user,{scope:user.permissions});
+    }).catch(err => {
+        this.fail(401);
+    });
 }
 
+
+
 module.exports = {
     bearerStrategy: bearerStrategy,
     clientPasswordStrategy: clientPasswordStrategy,
     passwordTokenExchange: passwordTokenExchange,
     anonymousStrategy: new AnonymousStrategy(),
-    tokensStrategy: new TokensStrategy()
+    tokensStrategy: new TokensStrategy(),
+    authenticateUserToken: authenticateUserToken
 }
diff --git a/packages/node_modules/@node-red/editor-api/lib/auth/users.js b/packages/node_modules/@node-red/editor-api/lib/auth/users.js
@@ -61,7 +61,7 @@ var api = {
     authenticate: authenticate,
     default: getDefaultUser,
     tokens: getDefaultUser,
-    tokenHeader: "authorization"
+    tokenHeader: null
 }
 
 function init(config) {
@@ -111,6 +111,8 @@ function init(config) {
         api.tokens = config.tokens;
         if (config.tokenHeader && typeof config.tokenHeader === "string") {
             api.tokenHeader = config.tokenHeader.toLowerCase();
+        } else {
+            api.tokenHeader = "authorization";
         }
     }
 }

diff --git a/packages/node_modules/@node-red/editor-api/lib/editor/comms.js b/packages/node_modules/@node-red/editor-api/lib/editor/comms.js
@@ -21,6 +21,7 @@ var log = require("@node-red/util").log; // TODO: separate module
 var Tokens;
 var Users;
 var Permissions;
+var Strategies;
 
 var server;
 var settings;
@@ -44,6 +45,7 @@ function init(_server,_settings,_runtimeAPI) {
     Tokens.onSessionExpiry(handleSessionExpiry);
     Users = require("../auth/users");
     Permissions = require("../auth/permissions");
+    Strategies = require("../auth/strategies");
 
 }
 function handleSessionExpiry(session) {
@@ -63,17 +65,18 @@ function generateSession(length) {
     return token.join("");
 }
 
-function CommsConnection(ws) {
+function CommsConnection(ws, user) {
     this.session = generateSession(32);
     this.ws = ws;
     this.stack = [];
-    this.user = null;
+    this.user = user;
     this.lastSentTime = 0;
     var self = this;
 
     log.audit({event: "comms.open"});
     log.trace("comms.open "+self.session);
-    var pendingAuth = (settings.adminAuth != null);
+    var preAuthed = !!user;
+    var pendingAuth = !this.user && (settings.adminAuth != null);
 
     if (!pendingAuth) {
         addActiveConnection(self);
@@ -199,8 +202,8 @@ function start() {
             var commsPath = settings.httpAdminRoot || "/";
             commsPath = (commsPath.slice(0,1) != "/" ? "/":"") + commsPath + (commsPath.slice(-1) == "/" ? "":"/") + "comms";
             wsServer = new ws.Server({ noServer: true });
-            wsServer.on('connection',function(ws) {
-                var commsConnection = new CommsConnection(ws);
+            wsServer.on('connection',function(ws, request, user) {
+                var commsConnection = new CommsConnection(ws, user);
             });
             wsServer.on('error', function(err) {
                 log.warn(log._("comms.error-server",{message:err.toString()}));
@@ -209,8 +212,26 @@ function start() {
             server.on('upgrade', function upgrade(request, socket, head) {
                 const pathname = url.parse(request.url).pathname;
                 if (pathname === commsPath) {
+                    if (Users.tokenHeader() !== null && request.headers[Users.tokenHeader()]) {
+                        // The user has provided custom token handling. For the websocket,
+                        // the token could be provided in two ways:
+                        //  - as an http header (only possible with a reverse proxy setup)
+                        //  - passed over the connected websock in an auth packet
+                        // If the header is present, verify the token. If not, use the auth
+                        // packet over the connected socket
+                        //
+                        Strategies.authenticateUserToken(request).then(user => {
+                            wsServer.handleUpgrade(request, socket, head, function done(ws) {
+                                wsServer.emit('connection', ws, request, user);
+                            });
+                        }).catch(err => {
+                            log.audit({event: "comms.auth.fail"});
+                            socket.destroy();
+                        })
+                        return
+                    }
                     wsServer.handleUpgrade(request, socket, head, function done(ws) {
-                        wsServer.emit('connection', ws, request);
+                        wsServer.emit('connection', ws, request, null);
                     });
                 }
                 // Don't destroy the socket as other listeners may want to handle the

diff --git a/packages/node_modules/@node-red/editor-api/lib/editor/index.js b/packages/node_modules/@node-red/editor-api/lib/editor/index.js
@@ -103,7 +103,7 @@ module.exports = {
             editorApp.get('/credentials/:type/:id', needsPermission("credentials.read"),credentials.get,apiUtil.errorHandler);
 
             // Settings
-            editorApp.get("/settings",needsPermission("settings.read"),info.runtimeSettings,apiUtil.errorHandler);
+            //  Main /settings route is an admin route - see lib/admin/settings.js
             // User Settings
             editorApp.get("/settings/user",needsPermission("settings.read"),info.userSettings,apiUtil.errorHandler);
             // User Settings