From 9a2ae88480d114010f39f17ada67d35974ee2d3a Mon Sep 17 00:00:00 2001 From: Convly Date: Wed, 13 Apr 2022 16:11:42 +0200 Subject: [PATCH] Prevent access to telemetry-properties route if the telemetry is disabled --- .../core/admin/admin/src/pages/App/index.js | 24 ++++++++----------- packages/core/admin/server/policies/index.js | 1 + .../server/policies/isTelemetryEnabled.js | 16 +++++++++++++ packages/core/admin/server/routes/admin.js | 5 +++- packages/core/strapi/lib/Strapi.js | 1 - .../core/strapi/lib/services/metrics/index.js | 4 ++++ 6 files changed, 35 insertions(+), 16 deletions(-) create mode 100644 packages/core/admin/server/policies/isTelemetryEnabled.js diff --git a/packages/core/admin/admin/src/pages/App/index.js b/packages/core/admin/admin/src/pages/App/index.js index 2369c03b9f..f9e4b9833e 100644 --- a/packages/core/admin/admin/src/pages/App/index.js +++ b/packages/core/admin/admin/src/pages/App/index.js @@ -68,23 +68,19 @@ function App() { useEffect(() => { const getData = async () => { try { - const [ - { - data: { - data: { hasAdmin, uuid }, - }, + const { + data: { + data: { hasAdmin, uuid }, }, - { - data: { data: properties }, - }, - ] = await Promise.all([ - axios.get(`${strapi.backendURL}/admin/init`), - axios.get(`${strapi.backendURL}/admin/telemetry-properties`), - ]); - - setTelemetryProperties(properties); + } = await axios.get(`${strapi.backendURL}/admin/init`); if (uuid) { + const { + data: { data: properties }, + } = await axios.get(`${strapi.backendURL}/admin/telemetry-properties`); + + setTelemetryProperties(properties); + try { const deviceId = await getUID(); diff --git a/packages/core/admin/server/policies/index.js b/packages/core/admin/server/policies/index.js index 7bd59055fa..5d5517612e 100644 --- a/packages/core/admin/server/policies/index.js +++ b/packages/core/admin/server/policies/index.js @@ -3,4 +3,5 @@ module.exports = { isAuthenticatedAdmin: require('./isAuthenticatedAdmin'), hasPermissions: require('./hasPermissions'), + isTelemetryEnabled: require('./isTelemetryEnabled'), }; diff --git a/packages/core/admin/server/policies/isTelemetryEnabled.js b/packages/core/admin/server/policies/isTelemetryEnabled.js new file mode 100644 index 0000000000..ced7b991b4 --- /dev/null +++ b/packages/core/admin/server/policies/isTelemetryEnabled.js @@ -0,0 +1,16 @@ +'use strict'; + +const { createPolicy } = require('@strapi/utils').policy; + +/** + * This policy is used for routes dealing with telemetry and analytics content. + * It will fails when the telemetry has been disabled on the server. + */ +module.exports = createPolicy({ + name: 'admin::isTelemetryEnabled', + handler(_ctx, _config, { strapi }) { + if (strapi.telemetry.isDisabled) { + return false; + } + }, +}); diff --git a/packages/core/admin/server/routes/admin.js b/packages/core/admin/server/routes/admin.js index b54332ab15..fa8bc8dc8c 100644 --- a/packages/core/admin/server/routes/admin.js +++ b/packages/core/admin/server/routes/admin.js @@ -25,7 +25,10 @@ module.exports = [ method: 'GET', path: '/telemetry-properties', handler: 'admin.telemetryProperties', - config: { auth: false }, + config: { + auth: false, + policies: ['admin::isTelemetryEnabled'], + }, }, { method: 'GET', diff --git a/packages/core/strapi/lib/Strapi.js b/packages/core/strapi/lib/Strapi.js index 7236c9a1e6..4b654680c6 100644 --- a/packages/core/strapi/lib/Strapi.js +++ b/packages/core/strapi/lib/Strapi.js @@ -6,7 +6,6 @@ const { isFunction } = require('lodash/fp'); const { createLogger } = require('@strapi/logger'); const { Database } = require('@strapi/database'); const { createAsyncParallelHook } = require('@strapi/utils').hooks; -const { isTypeScriptProjectSync } = require('@strapi/typescript-utils'); const loadConfiguration = require('./core/app-configuration'); diff --git a/packages/core/strapi/lib/services/metrics/index.js b/packages/core/strapi/lib/services/metrics/index.js index aef14f6151..1eb806ad1a 100644 --- a/packages/core/strapi/lib/services/metrics/index.js +++ b/packages/core/strapi/lib/services/metrics/index.js @@ -31,6 +31,10 @@ const createTelemetryInstance = strapi => { const sendEvent = wrapWithRateLimit(sender, { limitedEvents: LIMITED_EVENTS }); return { + get isDisabled() { + return isDisabled; + }, + register() { if (!isDisabled) { const pingCron = scheduleJob('0 0 12 * * *', () => sendEvent('ping'));