yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-14 01:02:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent access to telemetry-properties route if the telemetry is disabled

Browse Source
This commit is contained in:
Convly 2022-04-13 16:11:42 +02:00
parent 8440d4064f
commit 9a2ae88480
6 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
packages/core/admin/admin/src/pages/App/index.js
View File

@ -68,23 +68,19 @@ function App() {
useEffect(() => { useEffect(() => {
const getData = async () => { const getData = async () => {
try { try {
const [ const {
{
data: { data: {
data: { hasAdmin, uuid }, data: { hasAdmin, uuid },
}, },
}, } = await axios.get(`${strapi.backendURL}/admin/init`);
{
if (uuid) {
const {
data: { data: properties }, data: { data: properties },
}, } = await axios.get(`${strapi.backendURL}/admin/telemetry-properties`);
] = await Promise.all([
axios.get(`${strapi.backendURL}/admin/init`),
axios.get(`${strapi.backendURL}/admin/telemetry-properties`),
]);
setTelemetryProperties(properties); setTelemetryProperties(properties);
if (uuid) {
try { try {
const deviceId = await getUID(); const deviceId = await getUID();

1
packages/core/admin/server/policies/index.js
View File

@ -3,4 +3,5 @@
module.exports = { module.exports = {
isAuthenticatedAdmin: require('./isAuthenticatedAdmin'), isAuthenticatedAdmin: require('./isAuthenticatedAdmin'),
hasPermissions: require('./hasPermissions'), hasPermissions: require('./hasPermissions'),
isTelemetryEnabled: require('./isTelemetryEnabled'),
}; };

16
packages/core/admin/server/policies/isTelemetryEnabled.js Normal file
View File

@ -0,0 +1,16 @@
'use strict';
const { createPolicy } = require('@strapi/utils').policy;
/**
* This policy is used for routes dealing with telemetry and analytics content.
* It will fails when the telemetry has been disabled on the server.
*/
module.exports = createPolicy({
name: 'admin::isTelemetryEnabled',
handler(_ctx, _config, { strapi }) {
if (strapi.telemetry.isDisabled) {
return false;
}
},
});

5
packages/core/admin/server/routes/admin.js
View File

@ -25,7 +25,10 @@ module.exports = [
method: 'GET', method: 'GET',
path: '/telemetry-properties', path: '/telemetry-properties',
handler: 'admin.telemetryProperties', handler: 'admin.telemetryProperties',
config: { auth: false }, config: {
auth: false,
policies: ['admin::isTelemetryEnabled'],
},
}, },
{ {
method: 'GET', method: 'GET',

1
packages/core/strapi/lib/Strapi.js
View File

@ -6,7 +6,6 @@ const { isFunction } = require('lodash/fp');
const { createLogger } = require('@strapi/logger'); const { createLogger } = require('@strapi/logger');
const { Database } = require('@strapi/database'); const { Database } = require('@strapi/database');
const { createAsyncParallelHook } = require('@strapi/utils').hooks; const { createAsyncParallelHook } = require('@strapi/utils').hooks;
const { isTypeScriptProjectSync } = require('@strapi/typescript-utils');
const loadConfiguration = require('./core/app-configuration'); const loadConfiguration = require('./core/app-configuration');

4
packages/core/strapi/lib/services/metrics/index.js
View File

@ -31,6 +31,10 @@ const createTelemetryInstance = strapi => {
const sendEvent = wrapWithRateLimit(sender, { limitedEvents: LIMITED_EVENTS }); const sendEvent = wrapWithRateLimit(sender, { limitedEvents: LIMITED_EVENTS });
return { return {
get isDisabled() {
return isDisabled;
},
register() { register() {
if (!isDisabled) { if (!isDisabled) {
const pingCron = scheduleJob('0 0 12 * * *', () => sendEvent('ping')); const pingCron = scheduleJob('0 0 12 * * *', () => sendEvent('ping'));