Prevent access to telemetry-properties route if the telemetry is disabled

2025-11-01 18:33:55 +00:00 · 2022-04-13 16:11:42 +02:00 · 2022-04-13 16:11:42 +02:00 · 9a2ae88480
commit 9a2ae88480
parent 8440d4064f
6 changed files with 35 additions and 16 deletions
--- a/packages/core/admin/admin/src/pages/App/index.js
+++ b/packages/core/admin/admin/src/pages/App/index.js
@ -68,23 +68,19 @@ function App() {
  useEffect(() => {
    const getData = async () => {
      try {
-        const [
-          {
-            data: {
-              data: { hasAdmin, uuid },
-            },
+        const {
+          data: {
+            data: { hasAdmin, uuid },
          },
-          {
-            data: { data: properties },
-          },
-        ] = await Promise.all([
-          axios.get(`${strapi.backendURL}/admin/init`),
-          axios.get(`${strapi.backendURL}/admin/telemetry-properties`),
-        ]);
-
-        setTelemetryProperties(properties);
+        } = await axios.get(`${strapi.backendURL}/admin/init`);

        if (uuid) {
+          const {
+            data: { data: properties },
+          } = await axios.get(`${strapi.backendURL}/admin/telemetry-properties`);
+
+          setTelemetryProperties(properties);
+
          try {
            const deviceId = await getUID();

--- a/packages/core/admin/server/policies/index.js
+++ b/packages/core/admin/server/policies/index.js
@ -3,4 +3,5 @@
 module.exports = {
  isAuthenticatedAdmin: require('./isAuthenticatedAdmin'),
  hasPermissions: require('./hasPermissions'),
+  isTelemetryEnabled: require('./isTelemetryEnabled'),
 };
--- a/packages/core/admin/server/policies/isTelemetryEnabled.js
+++ b/packages/core/admin/server/policies/isTelemetryEnabled.js
@ -0,0 +1,16 @@
+'use strict';
+
+const { createPolicy } = require('@strapi/utils').policy;
+
+/**
+ * This policy is used for routes dealing with telemetry and analytics content.
+ * It will fails when the telemetry has been disabled on the server.
+ */
+module.exports = createPolicy({
+  name: 'admin::isTelemetryEnabled',
+  handler(_ctx, _config, { strapi }) {
+    if (strapi.telemetry.isDisabled) {
+      return false;
+    }
+  },
+});
--- a/packages/core/admin/server/routes/admin.js
+++ b/packages/core/admin/server/routes/admin.js
@ -25,7 +25,10 @@ module.exports = [
    method: 'GET',
    path: '/telemetry-properties',
    handler: 'admin.telemetryProperties',
-    config: { auth: false },
+    config: {
+      auth: false,
+      policies: ['admin::isTelemetryEnabled'],
+    },
  },
  {
    method: 'GET',
--- a/packages/core/strapi/lib/Strapi.js
+++ b/packages/core/strapi/lib/Strapi.js
@ -6,7 +6,6 @@ const { isFunction } = require('lodash/fp');
 const { createLogger } = require('@strapi/logger');
 const { Database } = require('@strapi/database');
 const { createAsyncParallelHook } = require('@strapi/utils').hooks;
-const { isTypeScriptProjectSync } = require('@strapi/typescript-utils');

 const loadConfiguration = require('./core/app-configuration');

--- a/packages/core/strapi/lib/services/metrics/index.js
+++ b/packages/core/strapi/lib/services/metrics/index.js
@ -31,6 +31,10 @@ const createTelemetryInstance = strapi => {
  const sendEvent = wrapWithRateLimit(sender, { limitedEvents: LIMITED_EVENTS });

  return {
+    get isDisabled() {
+      return isDisabled;
+    },
+
    register() {
      if (!isDisabled) {
        const pingCron = scheduleJob('0 0 12 * * *', () => sendEvent('ping'));