Skip to content

Commit

Permalink
Merge pull request #960 from EyeSeeTea/fix/security-issues
Browse files Browse the repository at this point in the history 
[fix] Security issues
  • Loading branch information
@MiquelAdell
MiquelAdell authored Aug 1, 2024
2 parents 7508ed7 + 8b214e7 commit d7f77e0
Show file tree
Hide file tree
Showing 15 changed files with 1,166 additions and 1,265 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ jobs:
run: sudo apt install gettext -y

- name: Setup Node
uses: actions/setup-node@v1
uses: actions/setup-node@v3
with:
node-version: "12.x"
node-version: "16.14.0"

- name: Install yarn
run: npm install -g yarn
Expand Down
4 changes: 2 additions & 2 deletions i18n/en.pot
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ msgstr ""
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
"POT-Creation-Date: 2024-07-18T21:33:28.930Z\n"
"PO-Revision-Date: 2024-07-18T21:33:28.930Z\n"
"POT-Creation-Date: 2024-07-26T07:11:17.572Z\n"
"PO-Revision-Date: 2024-07-26T07:11:17.572Z\n"

msgid ""
"THIS NEW RELEASE INCLUDES SHARING SETTINGS PER INSTANCES. FOR THIS VERSION "
Expand Down
2 changes: 1 addition & 1 deletion jest.config.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
module.exports = {
collectCoverageFrom: ["src/**/*.js"],
testPathIgnorePatterns: ["/node_modules/", "/cypress"],
transformIgnorePatterns: ["/node_modules/(?!@eyeseetea/d2-ui-components)"],
transformIgnorePatterns: ["/node_modules/(?!@eyeseetea/d2-ui-components|axios)"],
modulePaths: ["src"],
moduleDirectories: ["node_modules"],
moduleNameMapper: {
Expand Down
48 changes: 23 additions & 25 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,63 +10,57 @@
"url": "git+https://github.com/eyeseetea/metadata-synchronization.git"
},
"dependencies": {
"@dhis2/app-runtime": "3.2.3",
"@dhis2/d2-i18n-extract": "1.0.8",
"@dhis2/d2-i18n-generate": "1.2.0",
"@dhis2/d2-i18n": "1.1.0",
"@dhis2/d2-ui-core": "7.3.3",
"@dhis2/d2-ui-forms": "7.3.3",
"@dhis2/app-runtime": "3.10.4",
"@dhis2/d2-i18n": "1.1.3",
"@dhis2/ui": "7.4.1",
"@eyeseetea/d2-api": "1.13.1",
"@eyeseetea/d2-ui-components": "2.6.8",
"@eyeseetea/feedback-component": "0.1.2",
"@eyeseetea/d2-api": "1.16.0-beta.6",
"@eyeseetea/d2-ui-components": "2.9.0-beta.3",
"@eyeseetea/feedback-component": "0.1.3-beta.1",
"@material-ui/core": "4.12.3",
"@material-ui/icons": "4.11.2",
"@material-ui/lab": "4.0.0-alpha.60",
"@material-ui/styles": "4.11.4",
"@monaco-editor/react": "4.3.1",
"@octokit/rest": "18.12.0",
"axios": "0.23.0",
"axios": "1.6.4",
"btoa": "1.2.1",
"cmd-ts": "0.7.0",
"cronstrue": "1.119.0",
"cryptr": "4.0.2",
"d2-manifest": "1.0.0",
"d2": "31.10.0",
"file-saver": "2.0.5",
"fluture": "14.0.0",
"font-awesome": "4.7.0",
"json-stringify-deterministic": "1.0.1",
"jszip": "3.7.1",
"jszip": "3.8.0",
"lodash": "4.17.21",
"material-ui": "0.20.2",
"log4js": "^6.9.1",
"mime-types": "2.1.33",
"moment": "2.29.1",
"moment": "2.29.4",
"monaco-editor": "0.29.1",
"nano-memoize": "1.2.1",
"node-schedule": "2.0.0",
"purify-ts-extra-codec": "0.6.0",
"node-schedule": "2.1.1",
"purify-ts": "1.1.0",
"purify-ts-extra-codec": "0.6.0",
"qs": "^6.12.1",
"react": "17.0.2",
"react-dom": "17.0.2",
"react-dropzone": "11.4.2",
"react-json-view": "1.21.3",
"react-json-view-lite": "^1.4.0",
"react-linkify": "1.0.0-alpha",
"react-markdown": "^8.0.7",
"react-router-dom": "5.3.0",
"react-scripts": "4.0.3",
"react-virtualized-auto-sizer": "1.0.6",
"react-window": "1.8.6",
"react": "17.0.2",
"rehype-raw": "^6.1.1",
"rehype-sanitize": "^5.0.1",
"semver": "7.3.5",
"styled-components": "5.3.1",
"styled-jsx": "4.0.1"
"rxjs": "5.5.7",
"semver": "7.5.2",
"styled-components": "6.1.11",
"styled-jsx": "5.0.0"
},
"scripts": {
"clean": "npx rimraf build/ dist/",
"start": "yarn run-ts scripts/run.ts start-server -p ${PORT:-8081}",
"craco-start": "craco start",
"start-scheduler": "yarn run-ts --files src/scheduler/cli.ts",
"build": "yarn run-ts scripts/run.ts build",
"build-scheduler": "ncc build src/scheduler/cli.ts -m -o $npm_package_name-server && zip -r $npm_package_name-server.zip $npm_package_name-server && npx rimraf $npm_package_name-server/",
Expand All @@ -88,6 +82,8 @@
"@babel/core": "7.15.8",
"@babel/plugin-proposal-decorators": "7.15.8",
"@babel/preset-typescript": "7.15.0",
"@dhis2/d2-i18n-extract": "1.0.8",
"@dhis2/d2-i18n-generate": "1.2.0",
"@types/btoa": "1.2.3",
"@types/cryptr": "4.0.1",
"@types/file-saver": "2.0.3",
Expand All @@ -96,6 +92,7 @@
"@types/mime-types": "2.1.1",
"@types/node": "16.11.1",
"@types/node-schedule": "1.3.2",
"@types/qs": "^6.9.15",
"@types/react": "17.0.30",
"@types/react-dom": "17.0.9",
"@types/react-linkify": "1.0.1",
Expand All @@ -111,9 +108,9 @@
"@welldone-software/why-did-you-render": "6.2.1",
"babel-core": "6.26.3",
"babel-eslint": "10.1.0",
"craco": "0.0.3",
"cypress": "8.6.0",
"cypress-xpath": "1.6.2",
"d2-manifest": "1.0.0",
"eslint": "7.32.0",
"eslint-config-prettier": "8.3.0",
"eslint-config-react-app": "6.0.0",
Expand All @@ -134,6 +131,7 @@
"mochawesome-merge": "4.2.0",
"prettier": "2.4.1",
"prop-types": "15.7.2",
"react-scripts": "4.0.3",
"rimraf": "3.0.2",
"rxjs-compat": "6.6.7",
"sinon": "11.1.2",
Expand Down
3 changes: 1 addition & 2 deletions src/data/instance/InstanceFileD2Repository.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import { FileUploadParameters } from "@eyeseetea/d2-api/api/files";
import mime from "mime-types";
import { Instance } from "../../domain/instance/entities/Instance";
import {
Expand Down Expand Up @@ -51,7 +50,7 @@ export class InstanceFileD2Repository implements InstanceFileRepository {
}
}

saveFileResource(params: Omit<FileUploadParameters, "id">, domain: FileResourceDomain): D2ApiResponse<string> {
saveFileResource(params: { name: string; data: Blob }, domain: FileResourceDomain): D2ApiResponse<string> {
const { name, data } = params;

const formData = new FormData();
Expand Down
4 changes: 4 additions & 0 deletions src/domain/common/entities/Either.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ export class Either<Error, Data> {
}
}

matchWith<Res>(matchObj: MatchObject<Error, Data, Res>): Res {
return this.match(matchObj);
}

isError(): this is this & { value: EitherValueError<Error> } {
return this.value.type === "error";
}
Expand Down
2 changes: 1 addition & 1 deletion src/domain/packages/usecases/ListStorePackagesUseCase.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ export class ListStorePackagesUseCase implements UseCase {

const readFileResult = this.repositoryFactory.gitRepository().readFileContents<BaseModule>(encoding, content);

return readFileResult.match({
return readFileResult.matchWith({
success: module => module,
error: () => unknownModule,
});
Expand Down
33 changes: 24 additions & 9 deletions src/index.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import { Provider } from "@dhis2/app-runtime";
import i18n from "@dhis2/d2-i18n";
import axios from "axios";
import { init } from "d2";
import _ from "lodash";
import React from "react";
import ReactDOM from "react-dom";
Expand All @@ -24,8 +23,8 @@ async function getBaseUrl() {
if (isDev) {
return "/dhis2"; // See src/setupProxy.js
} else {
const { data: manifest } = await axios.get<any>("manifest.webapp");
return manifest.activities.dhis.href;
const { data: manifest } = await axios.get<AppManifest>("manifest.webapp");
return getUrlForCurrentDomain(manifest.activities.dhis.href);
}
}

Expand All @@ -40,24 +39,42 @@ const configI18n = ({ keyUiLocale }: { keyUiLocale: string }) => {
document.documentElement.setAttribute("dir", isLangRTL(keyUiLocale) ? "rtl" : "ltr");
};

function getUrlForCurrentDomain(path: string) {
return new URL(path, window.location.href).href;
}

interface AppManifest {
activities: {
dhis: {
href: string;
};
};
}

async function main() {
const baseUrl = await getBaseUrl();

try {
const d2 = await init({ baseUrl: baseUrl + "/api", schemas: [] });
const instance = Instance.build({ name: "Default", url: baseUrl });
const api = getD2APiFromInstance(instance);
if (isDev) {
window.api = api;
window.d2 = d2;
}

const userSettings = await api.get<{ keyUiLocale: string }>("/userSettings").getData();
configI18n(userSettings);

const providerProps: Omit<React.ComponentProps<typeof Provider>, "children"> = {
config: { baseUrl: baseUrl, apiVersion: 30 },
offlineInterface: null,
plugin: false,
parentAlertsAdd: null,
showAlertsInPlugin: false,
};

ReactDOM.render(
<React.StrictMode>
<Provider config={{ baseUrl, apiVersion: 30 }}>
<Provider {...providerProps}>
<PresentationLoader />
</Provider>
</React.StrictMode>,
Expand All @@ -67,9 +84,7 @@ async function main() {
console.error(err);
const feedback = err.toString().match("Unable to get schemas") ? (
<h3 style={{ margin: 20 }}>
<a rel="noopener noreferrer" target="_blank" href={baseUrl}>
Login
</a>
Login to {baseUrl}
{` ${baseUrl}`}
</h3>
) : (
Expand Down
5 changes: 4 additions & 1 deletion src/presentation/react/core/components/dropdown/Dropdown.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { FormControl, InputLabel, MenuItem, MuiThemeProvider, Select } from "@material-ui/core";
import { createTheme } from "@material-ui/core/styles";
import _ from "lodash";
import React from "react";
import i18n from "../../../../../locales";
import { muiTheme } from "../../themes/dhis2.theme";

Expand All @@ -21,6 +22,7 @@ interface DropdownProps<T extends string = string> {
emptyLabel?: string;
view?: DropdownViewOption;
disabled?: boolean;
style?: React.CSSProperties;
}

const getTheme = (view: DropdownViewOption) => {
Expand Down Expand Up @@ -73,6 +75,7 @@ const getTheme = (view: DropdownViewOption) => {
export function Dropdown<T extends string = string>({
items,
value,
style,
onChange = _.noop,
onValueChange = _.noop,
label,
Expand All @@ -86,7 +89,7 @@ export function Dropdown<T extends string = string>({

return (
<MuiThemeProvider theme={getTheme(view)}>
<FormControl fullWidth={view === "full-width"}>
<FormControl fullWidth={view === "full-width"} style={style}>
{view !== "inline" && label && <InputLabel>{label}</InputLabel>}
<Select
key={`dropdown-select-${label}`}
Expand Down
12 changes: 10 additions & 2 deletions src/presentation/react/core/components/sync-summary/SyncSummary.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import {
import ExpandMoreIcon from "@material-ui/icons/ExpandMore";
import _ from "lodash";
import { useEffect, useState } from "react";
import ReactJson from "react-json-view";
import { JsonView, Props, defaultStyles } from "react-json-view-lite";
import { SynchronizationReport } from "../../../../../domain/reports/entities/SynchronizationReport";
import { ErrorMessage, SynchronizationResult } from "../../../../../domain/reports/entities/SynchronizationResult";
import { Store } from "../../../../../domain/stores/entities/Store";
Expand All @@ -29,6 +29,8 @@ import { useAppContext } from "../../contexts/AppContext";
import { NamedRef } from "../../../../../domain/common/entities/Ref";
import { SummaryTable } from "./SummaryTable";

import "react-json-view-lite/dist/index.css";

const useStyles = makeStyles(theme => ({
accordionHeading1: {
marginLeft: 30,
Expand Down Expand Up @@ -259,12 +261,18 @@ const SyncSummary = ({ report, onClose }: SyncSummaryProps) => {
</AccordionSummary>

<AccordionDetails>
<ReactJson src={{ ...report, results }} collapsed={2} enableClipboard={false} />
<JsonView
data={{ ...report, results }}
shouldExpandNode={expandToLevel2}
style={defaultStyles}
/>
</AccordionDetails>
</Accordion>
</DialogContent>
</ConfirmationDialog>
);
};

const expandToLevel2: NonNullable<Props["shouldExpandNode"]> = level => level < 2;

export default SyncSummary;
Loading

0 comments on commit d7f77e0

Please sign in to comment.