Merge branch 'main' into be/feature/RI-5188-add-additional-build-type

vlad-dargel · vlad-dargel · commit 8f5dfb8a163b · 2024-07-04T11:50:31.000+02:00
diff --git a/.circleci/build/build.Dockerfile b/.circleci/build/build.Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18.18-alpine
+FROM node:20.14-alpine
 
 # runtime args and environment variables
 ARG DIST=Redis-Insight.tar.gz
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -176,7 +176,7 @@ aliases:
 
 orbs:
   win: circleci/windows@2.4.1
-  node: circleci/node@5.0.2
+  node: circleci/node@5.2.0
   aws: circleci/aws-cli@2.0.3
 
 executors:
@@ -189,7 +189,7 @@ executors:
       docker_layer_caching: true
   docker-node:
     docker:
-      - image: cimg/node:18.15.0
+      - image: cimg/node:20.15
   docker:
     docker:
       - image: cibuilds/docker:19.03.5
@@ -387,7 +387,8 @@ jobs:
     steps:
       - checkout
       - node/install:
-          node-version: '18.15.0'
+          install-yarn: true
+          node-version: '20.15'
       - attach_workspace:
           at: .
       - run: sudo apt-get install net-tools
@@ -443,8 +444,8 @@ jobs:
           at: .
       - run:
           command: |
-            nvm install 18.15.0
-            nvm use 18.15.0
+            nvm install 20.15
+            nvm use 20.15
             npm install --global yarn
       - run:
           command: |
@@ -614,7 +615,8 @@ jobs:
     steps:
       - checkout
       - node/install:
-          node-version: '18.15.0'
+          install-yarn: true
+          node-version: '20.15'
       - attach_workspace:
           at: .
       - run:
@@ -675,7 +677,7 @@ jobs:
             - release/*-linux.yml
   macosx:
     executor: macos
-    resource_class: macos.x86.medium.gen2
+    resource_class: macos.m1.medium.gen1
     parameters:
       env:
         description: Build environment (stage || prod)
@@ -693,7 +695,7 @@ jobs:
     steps:
       - checkout
       - node/install:
-          node-version: '18.15.0'
+          node-version: '20.15'
       - attach_workspace:
           at: .
       - run:
@@ -792,8 +794,8 @@ jobs:
       - run:
           name: Build windows exe
           command: |
-            nvm install 18.15.0
-            nvm use 18.15.0
+            nvm install 20.15
+            nvm use 20.15
             npm install --global yarn
 
             # set ALL_REDIS_COMMANDS=$(curl $ALL_REDIS_COMMANDS_RAW_URL)
@@ -884,7 +886,8 @@ jobs:
     steps:
       - checkout
       - node/install:
-          node-version: '18.15.0'
+          install-yarn: true
+          node-version: '20.15'
       - run:
           name: Install dependencies
           command: |
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@
 # the best way to minimize the number of node_module restores and build steps
 # while still keeping the final image small.
 
-FROM node:18.18-alpine as build
+FROM node:20.14-alpine as build
 
 # update apk repository and install build dependencies
 RUN apk update && apk add --no-cache --virtual .gyp \
@@ -39,7 +39,7 @@ RUN yarn --cwd ./redisinsight/api install --production
 COPY ./redisinsight/api/.yarnclean.prod ./redisinsight/api/.yarnclean
 RUN yarn --cwd ./redisinsight/api autoclean --force
 
-FROM node:18.18-alpine
+FROM 20.14-alpine
 
 # runtime args and environment variables
 ARG NODE_ENV=production
diff --git a/api.Dockerfile b/api.Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18.15.0-alpine as build
+FROM node:20.14-alpine as build
 
 RUN apk update && apk add bash libsecret dbus-x11 gnome-keyring
 RUN dbus-uuidgen > /var/lib/dbus/machine-id
@@ -19,7 +19,7 @@ RUN yarn install --production
 RUN cp .yarnclean.prod .yarnclean && yarn autoclean --force
 
 # Production image
-FROM node:18.15.0-alpine as production
+FROM node:20.14-alpine as production
 
 RUN apk update && apk add bash libsecret dbus-x11 gnome-keyring
 RUN dbus-uuidgen > /var/lib/dbus/machine-id
diff --git a/electron-builder.json b/electron-builder.json
@@ -7,7 +7,6 @@
     "node_modules",
     "package.json"
   ],
-  "afterSign": "electron-builder-notarize",
   "artifactName": "Redis-Insight-${os}-${arch}.${ext}",
   "compression": "normal",
   "asarUnpack": [
@@ -32,6 +31,9 @@
         "arch": ["x64", "arm64"]
       }
     ],
+    "notarize": {
+      "teamId": "UUK47G4BAZ"
+    },
     "type": "distribution",
     "hardenedRuntime": true,
     "darkModeSupport": true,
@@ -55,9 +57,7 @@
       "Contents/Resources/app-arm64.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-darwin-unknown-arm64/node_sqlite3.node",
       "Contents/Resources/app-arm64.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-darwin-unknown-x64/node_sqlite3.node",
       "Contents/Resources/app-arm64.asar.unpacked/node_modules/keytar/build/Release/keytar.node",
-      "Contents/Resources/app-x64.asar.unpacked/node_modules/keytar/build/Release/keytar.node",
-      "Contents/Resources/app-arm64.asar.unpacked/node_modules/cpu-features/build/Release/cpufeatures.node",
-      "Contents/Resources/app-x64.asar.unpacked/node_modules/cpu-features/build/Release/cpufeatures.node"
+      "Contents/Resources/app-x64.asar.unpacked/node_modules/keytar/build/Release/keytar.node"
     ],
     "artifactName": "Redis-Insight-${os}-${arch}-mas.${ext}"
   },
@@ -75,9 +75,7 @@
       "Contents/Resources/app-arm64.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-darwin-unknown-arm64/node_sqlite3.node",
       "Contents/Resources/app-arm64.asar.unpacked/node_modules/sqlite3/lib/binding/napi-v6-darwin-unknown-x64/node_sqlite3.node",
       "Contents/Resources/app-arm64.asar.unpacked/node_modules/keytar/build/Release/keytar.node",
-      "Contents/Resources/app-x64.asar.unpacked/node_modules/keytar/build/Release/keytar.node",
-      "Contents/Resources/app-arm64.asar.unpacked/node_modules/cpu-features/build/Release/cpufeatures.node",
-      "Contents/Resources/app-x64.asar.unpacked/node_modules/cpu-features/build/Release/cpufeatures.node"
+      "Contents/Resources/app-x64.asar.unpacked/node_modules/keytar/build/Release/keytar.node"
     ],
     "artifactName": "Redis-Insight-${os}-${arch}-masDev.${ext}"
   },
diff --git a/package.json b/package.json
@@ -80,7 +80,6 @@
   "resolutions": {
     "**/trim": "0.0.3",
     "word-wrap": "1.2.4",
-    "electron-builder/app-builder-lib/@electron/universal/dir-compare/minimatch": "^3.0.5",
     "**/semver": "^7.5.2",
     "rawproto/protobufjs": "^7.2.5"
   },
@@ -140,9 +139,9 @@
     "css-minimizer-webpack-plugin": "^6.0.0",
     "csv-parser": "^3.0.0",
     "csv-stringify": "^6.4.0",
-    "electron": "25.8.4",
-    "electron-builder": "^23.6.0",
-    "electron-builder-notarize": "^1.5.1",
+    "electron": "31.0.2",
+    "electron-builder": "^24.13.3",
+    "electron-builder-notarize": "^1.5.2",
     "electron-debug": "^3.2.0",
     "electron-devtools-installer": "^3.2.0",
     "esbuild-plugin-react-virtualized": "^1.0.4",
diff --git a/redisinsight/api/src/app.module.ts b/redisinsight/api/src/app.module.ts
@@ -5,6 +5,7 @@ import {
 import { ServeStaticModule } from '@nestjs/serve-static';
 import { RouterModule } from '@nestjs/core';
 import { join } from 'path';
+import { Response } from 'express';
 import config, { Config } from 'src/utils/config';
 import { PluginModule } from 'src/modules/plugin/plugin.module';
 import { CommandsModule } from 'src/modules/commands/commands.module';
@@ -33,11 +34,16 @@ import { CliModule } from './modules/cli/cli.module';
 import { StaticsManagementModule } from './modules/statics-management/statics-management.module';
 import { ExcludeRouteMiddleware } from './middleware/exclude-route.middleware';
 import SubpathProxyMiddleware from './middleware/subpath-proxy.middleware';
+import XFrameOptionsMiddleware from './middleware/x-frame-options.middleware';
 import { routes } from './app.routes';
 
 const SERVER_CONFIG = config.get('server') as Config['server'];
 const PATH_CONFIG = config.get('dir_path') as Config['dir_path'];
 
+const setXFrameOptionsHeader = (res: Response) => {
+  res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+};
+
 @Module({
   imports: [
     LocalDatabaseModule,
@@ -73,6 +79,7 @@ const PATH_CONFIG = config.get('dir_path') as Config['dir_path'];
           serveRoot: SERVER_CONFIG.proxyPath ? `/${SERVER_CONFIG.proxyPath}` : '',
           serveStaticOptions: {
             index: false,
+            setHeaders: setXFrameOptionsHeader,
           },
         }),
       ]
@@ -83,6 +90,7 @@ const PATH_CONFIG = config.get('dir_path') as Config['dir_path'];
       exclude: ['/api/**'],
       serveStaticOptions: {
         fallthrough: false,
+        setHeaders: setXFrameOptionsHeader,
       },
     }),
     ServeStaticModule.forRoot({
@@ -91,6 +99,7 @@ const PATH_CONFIG = config.get('dir_path') as Config['dir_path'];
       exclude: ['/api/**'],
       serveStaticOptions: {
         fallthrough: false,
+        setHeaders: setXFrameOptionsHeader,
       },
     }),
     StaticsManagementModule,
@@ -115,7 +124,7 @@ export class AppModule implements OnModuleInit, NestModule {
 
   configure(consumer: MiddlewareConsumer) {
     consumer
-      .apply(SubpathProxyMiddleware)
+      .apply(SubpathProxyMiddleware, XFrameOptionsMiddleware)
       .forRoutes('*');
 
     consumer
diff --git a/redisinsight/api/src/middleware/x-frame-options.middleware.ts b/redisinsight/api/src/middleware/x-frame-options.middleware.ts
@@ -0,0 +1,10 @@
+import { NestMiddleware, Injectable } from '@nestjs/common';
+import { Request, Response, NextFunction } from 'express';
+
+@Injectable()
+export default class XFrameOptionsMiddleware implements NestMiddleware {
+  use(req: Request, res: Response, next: NextFunction) {
+    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+    next();
+  }
+}
diff --git a/redisinsight/api/src/modules/cluster-monitor/strategies/cluster-shards.info.strategy.ts b/redisinsight/api/src/modules/cluster-monitor/strategies/cluster-shards.info.strategy.ts
@@ -35,7 +35,8 @@ export class ClusterShardsInfoStrategy extends AbstractInfoStrategy {
       const node = {
         id: nodeObj.id,
         host: nodeObj.ip,
-        port: nodeObj.port,
+        port: nodeObj.port || nodeObj.get('tls-port'),
+        tlsPort: nodeObj.get('tls-port'),
         role: nodeObj.role === 'master' ? NodeRole.Primary : NodeRole.Replica,
         health: nodeObj.health,
       };
diff --git a/redisinsight/api/src/modules/redis/client/redis.client.ts b/redisinsight/api/src/modules/redis/client/redis.client.ts
@@ -31,6 +31,7 @@ export interface IRedisClientOptions {
   port?: number,
   natHost?: string,
   natPort?: number,
+  tlsPort?: number,
   connectTimeout?: number,
 }
 
diff --git a/redisinsight/api/src/modules/statics-management/statics-management.module.ts b/redisinsight/api/src/modules/statics-management/statics-management.module.ts
@@ -15,6 +15,7 @@ const downloadableStaticFiles = (res: Response) => {
   if (res.req?.query?.download === 'true') {
     res.setHeader('Content-Type', 'application/octet-stream');
     res.setHeader('Content-Disposition', 'attachment;');
+    res.setHeader('X-Frame-Options', 'SAMEORIGIN');
   }
 };
 
diff --git a/redisinsight/api/test/test-runs/cloud-st/docker-compose.yml b/redisinsight/api/test/test-runs/cloud-st/docker-compose.yml
@@ -8,5 +8,5 @@ services:
       TEST_CLOUD_API_KEY: ${TEST_CLOUD_API_KEY}
       TEST_CLOUD_API_SECRET_KEY: ${TEST_CLOUD_API_SECRET_KEY}
   redis:
-    image: node:18.15.0-alpine
+    image: node:20.14-alpine
     entrypoint: [ "echo", "Dummy Service" ]
diff --git a/redisinsight/api/test/test-runs/local.build.yml b/redisinsight/api/test/test-runs/local.build.yml
@@ -28,7 +28,7 @@ services:
 
   # dummy service to prevent docker validation errors
   app:
-    image: node:18.15.0-alpine
+    image: node:20.14-alpine
 
 networks:
   default:
diff --git a/redisinsight/api/test/test-runs/test.Dockerfile b/redisinsight/api/test/test-runs/test.Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18.15.0-alpine as test
+FROM node:20.14-alpine as test
 
 RUN apk update && apk add bash libsecret dbus-x11 gnome-keyring
 RUN dbus-uuidgen > /var/lib/dbus/machine-id
diff --git a/redisinsight/ui/src/services/formatter/MarkdownToJsxString.ts b/redisinsight/ui/src/services/formatter/MarkdownToJsxString.ts
@@ -10,7 +10,8 @@ import {
   remarkLink,
   rehypeLinks,
   remarkImage,
-  remarkCode
+  remarkCode,
+  remarkSanitize,
 } from 'uiSrc/utils/formatters/markdown'
 import { IFormatter, IFormatterConfig } from './formatter.interfaces'
 
@@ -20,6 +21,7 @@ class MarkdownToJsxString implements IFormatter {
     return new Promise((resolve, reject) => {
       unified()
         .use(remarkParse)
+        .use(remarkSanitize)
         .use(remarkGfm) // support GitHub Flavored Markdown
         .use(remarkRedisUpload, path) // Add custom component for redis-upload code block
         .use(remarkCode, codeOptions) // Add custom component for Redis code block
diff --git a/redisinsight/ui/src/utils/formatters/markdown/index.ts b/redisinsight/ui/src/utils/formatters/markdown/index.ts
@@ -2,6 +2,7 @@ import { rehypeLinks } from './rehypeLinks'
 import { remarkImage } from './remarkImage'
 import { remarkLink } from './remarkLink'
 import { remarkCode } from './remarkCode'
+import { remarkSanitize } from './remarkSanitize'
 import { remarkRedisUpload } from './remarkRedisUpload'
 
 export {
@@ -10,4 +11,5 @@ export {
   remarkLink,
   remarkCode,
   remarkRedisUpload,
+  remarkSanitize,
 }
diff --git a/redisinsight/ui/src/utils/formatters/markdown/remarkSanitize.ts b/redisinsight/ui/src/utils/formatters/markdown/remarkSanitize.ts
@@ -0,0 +1,36 @@
+import { visit } from 'unist-util-visit'
+
+const dangerousAttributes = [
+  'onabort', 'onafterprint', 'onanimationend', 'onanimationiteration', 'onanimationstart',
+  'onbeforeprint', 'onbeforeunload', 'onblur', 'oncancel', 'oncanplay', 'oncanplaythrough',
+  'onchange', 'onclick', 'onclose', 'oncontextmenu', 'oncopy', 'oncuechange', 'oncut', 'ondblclick',
+  'ondrag', 'ondragend', 'ondragenter', 'ondragexit', 'ondragleave', 'ondragover', 'ondragstart',
+  'ondrop', 'ondurationchange', 'onemptied', 'onended', 'onerror', 'onfocus', 'onfocusin', 'onfocusout',
+  'onformdata', 'onhashchange', 'oninput', 'oninvalid', 'onkeydown', 'onkeypress', 'onkeyup',
+  'onlanguagechange', 'onload', 'onloadeddata', 'onloadedmetadata', 'onloadstart', 'onmessage',
+  'onmessageerror', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout',
+  'onmouseover', 'onmouseup', 'onoffline', 'ononline', 'onpagehide', 'onpageshow', 'onpaste',
+  'onpause', 'onplay', 'onplaying', 'onpopstate', 'onprogress', 'onratechange', 'onrejectionhandled',
+  'onreset', 'onresize', 'onscroll', 'onsearch', 'onseeked', 'onseeking', 'onselect', 'onstalled',
+  'onstorage', 'onsubmit', 'onsuspend', 'ontimeupdate', 'ontoggle', 'ontransitionend', 'onunhandledrejection',
+  'onunload', 'onvolumechange', 'onwaiting', 'onwheel', 'href', 'src', 'action', 'formaction', 'manifest',
+  'background', 'poster', 'cite', 'data', 'ping', 'xlink:href', 'style', 'srcdoc', 'sandbox'
+].join('|')
+
+export const remarkSanitize = (): (tree: Node) => void => (tree: any) => {
+  visit(tree, 'html', (node) => {
+    const dangerousAttrRegex = new RegExp(`\\s*(${dangerousAttributes})="[^"]*"`, 'gi')
+
+    if (node.value.match(dangerousAttrRegex)) {
+      node.value = node.value.replace(dangerousAttrRegex, (match: string) => {
+        const attr = match.toLowerCase().trim()
+        if (attr.startsWith('href') || attr.startsWith('src') || attr.startsWith('xlink:href')) {
+          if (attr.indexOf('"javascript:') > -1) return ''
+          return match
+        }
+
+        return ''
+      })
+    }
+  })
+}
diff --git a/redisinsight/ui/src/utils/tests/formatters/markdown/remarkSanitize.spec.ts b/redisinsight/ui/src/utils/tests/formatters/markdown/remarkSanitize.spec.ts
diff --git a/redisinsight/yarn.lock b/redisinsight/yarn.lock
diff --git a/tests/e2e/static-server.Dockerfile b/tests/e2e/static-server.Dockerfile
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM node:18.18-alpine`
	`1`	`+FROM node:20.14-alpine`
`2`	`2`
`3`	`3`	`# runtime args and environment variables`
`4`	`4`	`ARG DIST=Redis-Insight.tar.gz`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ export interface IRedisClientOptions {`
`31`	`31`	`port?: number,`
`32`	`32`	`natHost?: string,`
`33`	`33`	`natPort?: number,`
	`34`	`+ tlsPort?: number,`
`34`	`35`	`connectTimeout?: number,`
`35`	`36`	`}`
`36`	`37`