aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--server/helpers/custom-validators/plugins.ts70
-rw-r--r--server/lib/plugins/plugin-manager.ts24
2 files changed, 77 insertions, 17 deletions
diff --git a/server/helpers/custom-validators/plugins.ts b/server/helpers/custom-validators/plugins.ts
index 63af91a44..2e3175742 100644
--- a/server/helpers/custom-validators/plugins.ts
+++ b/server/helpers/custom-validators/plugins.ts
@@ -84,17 +84,65 @@ function isThemeNameValid (name: string) {
84} 84}
85 85
86function isPackageJSONValid (packageJSON: PluginPackageJson, pluginType: PluginType) { 86function isPackageJSONValid (packageJSON: PluginPackageJson, pluginType: PluginType) {
87 return isNpmPluginNameValid(packageJSON.name) && 87 let result = true
88 isPluginDescriptionValid(packageJSON.description) && 88 const badFields: string[] = []
89 isPluginEngineValid(packageJSON.engine) && 89
90 isPluginHomepage(packageJSON.homepage) && 90 if (!isNpmPluginNameValid(packageJSON.name)) {
91 exists(packageJSON.author) && 91 result = false
92 isPluginBugs(packageJSON.bugs) && 92 badFields.push('name')
93 (pluginType === PluginType.THEME || isSafePath(packageJSON.library)) && 93 }
94 areStaticDirectoriesValid(packageJSON.staticDirs) && 94
95 areCSSPathsValid(packageJSON.css) && 95 if (!isPluginDescriptionValid(packageJSON.description)) {
96 areClientScriptsValid(packageJSON.clientScripts) && 96 result = false
97 areTranslationPathsValid(packageJSON.translations) 97 badFields.push('description')
98 }
99
100 if (!isPluginEngineValid(packageJSON.engine)) {
101 result = false
102 badFields.push('engine')
103 }
104
105 if (!isPluginHomepage(packageJSON.homepage)) {
106 result = false
107 badFields.push('homepage')
108 }
109
110 if (!exists(packageJSON.author)) {
111 result = false
112 badFields.push('author')
113 }
114
115 if (!isPluginBugs(packageJSON.bugs)) {
116 result = false
117 badFields.push('bugs')
118 }
119
120 if (pluginType === PluginType.PLUGIN && !isSafePath(packageJSON.library)) {
121 result = false
122 badFields.push('library')
123 }
124
125 if (!areStaticDirectoriesValid(packageJSON.staticDirs)) {
126 result = false
127 badFields.push('staticDirs')
128 }
129
130 if (!areCSSPathsValid(packageJSON.css)) {
131 result = false
132 badFields.push('css')
133 }
134
135 if (!areClientScriptsValid(packageJSON.clientScripts)) {
136 result = false
137 badFields.push('clientScripts')
138 }
139
140 if (!areTranslationPathsValid(packageJSON.translations)) {
141 result = false
142 badFields.push('translations')
143 }
144
145 return { result, badFields }
98} 146}
99 147
100function isLibraryCodeValid (library: any) { 148function isLibraryCodeValid (library: any) {
diff --git a/server/lib/plugins/plugin-manager.ts b/server/lib/plugins/plugin-manager.ts
index 444162a03..8127992b5 100644
--- a/server/lib/plugins/plugin-manager.ts
+++ b/server/lib/plugins/plugin-manager.ts
@@ -222,9 +222,8 @@ export class PluginManager implements ServerHook {
222 const pluginName = PluginModel.normalizePluginName(npmName) 222 const pluginName = PluginModel.normalizePluginName(npmName)
223 223
224 const packageJSON = await this.getPackageJSON(pluginName, pluginType) 224 const packageJSON = await this.getPackageJSON(pluginName, pluginType)
225 if (!isPackageJSONValid(packageJSON, pluginType)) { 225
226 throw new Error('PackageJSON is invalid.') 226 this.sanitizeAndCheckPackageJSONOrThrow(packageJSON, pluginType);
227 }
228 227
229 [ plugin ] = await PluginModel.upsert({ 228 [ plugin ] = await PluginModel.upsert({
230 name: pluginName, 229 name: pluginName,
@@ -301,9 +300,7 @@ export class PluginManager implements ServerHook {
301 const packageJSON = await this.getPackageJSON(plugin.name, plugin.type) 300 const packageJSON = await this.getPackageJSON(plugin.name, plugin.type)
302 const pluginPath = this.getPluginPath(plugin.name, plugin.type) 301 const pluginPath = this.getPluginPath(plugin.name, plugin.type)
303 302
304 if (!isPackageJSONValid(packageJSON, plugin.type)) { 303 this.sanitizeAndCheckPackageJSONOrThrow(packageJSON, plugin.type)
305 throw new Error('Package.JSON is invalid.')
306 }
307 304
308 let library: PluginLibrary 305 let library: PluginLibrary
309 if (plugin.type === PluginType.PLUGIN) { 306 if (plugin.type === PluginType.PLUGIN) {
@@ -598,6 +595,21 @@ export class PluginManager implements ServerHook {
598 } 595 }
599 } 596 }
600 597
598 private sanitizeAndCheckPackageJSONOrThrow (packageJSON: PluginPackageJson, pluginType: PluginType) {
599 if (!packageJSON.staticDirs) packageJSON.staticDirs = {}
600 if (!packageJSON.css) packageJSON.css = []
601 if (!packageJSON.clientScripts) packageJSON.clientScripts = []
602 if (!packageJSON.translations) packageJSON.translations = {}
603
604 const { result: packageJSONValid, badFields } = isPackageJSONValid(packageJSON, pluginType)
605 if (!packageJSONValid) {
606 const formattedFields = badFields.map(f => `"${f}"`)
607 .join(', ')
608
609 throw new Error(`PackageJSON is invalid (invalid fields: ${formattedFields}).`)
610 }
611 }
612
601 static get Instance () { 613 static get Instance () {
602 return this.instance || (this.instance = new this()) 614 return this.instance || (this.instance = new this())
603 } 615 }