From 2192d2d62d141a33348e3d28c4dfa25af00d31bc Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 8 Jul 2024 09:02:54 -0700 Subject: [PATCH] Upgrade to etherpad 2.1.1 This newer version actually restores APIKEY authentication, but we already converted to oauth2.0 so we don't revert. Otherwise it seems like there are a number of small fixes. Full change log here: https://github.com/ether/etherpad-lite/blob/v2.1.1/CHANGELOG.md In this change we resync configuration template files which results in a few small updates. We also realign the dockerfile with upstream which also results in a few small updates one of which is bumping the nodejs version to 22 from 20. Change-Id: I39664fde59a7cc9fdf2451d41018ae11b9e99b79 --- docker/etherpad/Dockerfile | 20 ++++++++--------- docker/etherpad/settings.json.docker | 22 +++++++++++++++++-- .../roles/etherpad/templates/settings.json.j2 | 22 ++++++++++++++++++- 3 files changed, 51 insertions(+), 13 deletions(-) diff --git a/docker/etherpad/Dockerfile b/docker/etherpad/Dockerfile index 0a4831dab0..b6b1bb061f 100644 --- a/docker/etherpad/Dockerfile +++ b/docker/etherpad/Dockerfile @@ -30,7 +30,7 @@ ARG EP_DIR=/opt/etherpad-lite ARG SETTINGS=./settings.json.docker ARG ETHERPAD_PLUGINS="ep_headings" -FROM node:20-bookworm-slim as adminBuild +FROM node:22-bookworm-slim AS adminBuild ARG EP_DIR WORKDIR "${EP_DIR}" @@ -41,12 +41,12 @@ RUN export DEBIAN_FRONTEND=noninteractive; \ apt-get -qq clean && \ rm -rf /var/lib/apt/lists/* RUN git clone https://github.com/ether/etherpad-lite ${EP_DIR} -RUN git checkout v2.0.3 -RUN cd ./admin && npm install -g pnpm && pnpm install && pnpm run build --outDir ./dist +RUN git checkout v2.1.1 +RUN cd ./admin && npm install -g pnpm@9.0.4 && pnpm install && pnpm run build --outDir ./dist RUN cd ./ui && pnpm install && pnpm run build --outDir ./dist -FROM node:20-bookworm-slim as build +FROM node:22-bookworm-slim AS build LABEL maintainer="infra-root@openstack.org" # Set these arguments when building the image from behind a proxy @@ -123,7 +123,7 @@ RUN mkdir -p "${EP_DIR}" && chown etherpad:etherpad "${EP_DIR}" # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199 RUN export DEBIAN_FRONTEND=noninteractive; \ mkdir -p /usr/share/man/man1 && \ - npm install pnpm -g && \ + npm install pnpm@9.0.4 -g && \ apt-get -qq update && \ apt-get -qq dist-upgrade && \ apt-get -qq --no-install-recommends install \ @@ -140,9 +140,9 @@ USER etherpad RUN git clone https://github.com/ether/etherpad-lite ${EP_DIR} WORKDIR "${EP_DIR}" -RUN git checkout v2.0.3 +RUN git checkout v2.1.1 -FROM build as development +FROM build AS development ARG ETHERPAD_PLUGINS COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/admin/dist ./src/templates/admin @@ -150,11 +150,11 @@ COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/ui/dist ./sr RUN bin/installDeps.sh && \ if [ ! -z "${ETHERPAD_PLUGINS}" ] || [ ! -z "${ETHERPAD_LOCAL_PLUGINS}" ]; then \ - pnpm run install-plugins ${ETHERPAD_PLUGINS} ${ETHERPAD_LOCAL_PLUGINS:+--path ${ETHERPAD_LOCAL_PLUGINS}}; \ + pnpm run plugins i ${ETHERPAD_PLUGINS} ${ETHERPAD_LOCAL_PLUGINS:+--path ${ETHERPAD_LOCAL_PLUGINS}}; \ fi -FROM build as production +FROM build AS production ARG EP_DIR ARG SETTINGS ARG ETHERPAD_PLUGINS @@ -167,7 +167,7 @@ COPY --chown=etherpad:etherpad --from=adminBuild /opt/etherpad-lite/ui/dist ./sr RUN bin/installDeps.sh && rm -rf ~/.npm && rm -rf ~/.local && rm -rf ~/.cache && \ if [ ! -z "${ETHERPAD_PLUGINS}" ] || [ ! -z "${ETHERPAD_LOCAL_PLUGINS}" ]; then \ - pnpm run install-plugins ${ETHERPAD_PLUGINS} ${ETHERPAD_LOCAL_PLUGINS:+--path ${ETHERPAD_LOCAL_PLUGINS}}; \ + pnpm run plugins i ${ETHERPAD_PLUGINS} ${ETHERPAD_LOCAL_PLUGINS:+--path ${ETHERPAD_LOCAL_PLUGINS}}; \ fi diff --git a/docker/etherpad/settings.json.docker b/docker/etherpad/settings.json.docker index d969318220..bbe96fc519 100644 --- a/docker/etherpad/settings.json.docker +++ b/docker/etherpad/settings.json.docker @@ -171,6 +171,13 @@ */ "showSettingsInAdminPage": "${SHOW_SETTINGS_IN_ADMIN_PAGE:true}", + /* + The authentication method used by the server. + The default value is sso + If you want to use the old authentication system, change this to apikey + */ + "authenticationMethod": "${AUTHENTICATION_METHOD:sso}", + /* * Node native SSL support * @@ -537,7 +544,7 @@ * value to work properly, but increasing the value increases susceptibility * to denial of service attacks (malicious clients can exhaust memory). */ - "maxHttpBufferSize": "${SOCKETIO_MAX_HTTP_BUFFER_SIZE:10000}" + "maxHttpBufferSize": "${SOCKETIO_MAX_HTTP_BUFFER_SIZE:50000}" }, /* @@ -669,5 +676,16 @@ "redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"] } ] - } + }, + + /* Set the time to live for the tokens + This is the time of seconds a user is logged into Etherpad + "ttl": { + "AccessToken": 3600, + "AuthorizationCode": 600, + "ClientCredentials": 3600, + "IdToken": 3600, + "RefreshToken": 86400 + } + */ } diff --git a/playbooks/roles/etherpad/templates/settings.json.j2 b/playbooks/roles/etherpad/templates/settings.json.j2 index ed58da9eb8..31fcddd6b1 100644 --- a/playbooks/roles/etherpad/templates/settings.json.j2 +++ b/playbooks/roles/etherpad/templates/settings.json.j2 @@ -547,7 +547,7 @@ * value to work properly, but increasing the value increases susceptibility * to denial of service attacks (malicious clients can exhaust memory). */ - "maxHttpBufferSize": 10000 + "maxHttpBufferSize": 50000 }, /* @@ -596,6 +596,13 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 + /* + The authentication method used by the server. + The default value is sso + If you want to use the old authentication system, change this to apikey + */ + "authenticationMethod": "${AUTHENTICATION_METHOD:sso}", + /* * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * @@ -661,6 +668,8 @@ * Enable/Disable case-insensitive pad names. */ "lowerCasePadIds": false, + + // OpenDev: Set up admin oauth 2.0 credentials "sso": { "issuer": "${SSO_ISSUER:http://localhost:9001}", "clients": [ @@ -679,4 +688,15 @@ } ] } + + /* Set the time to live for the tokens + This is the time of seconds a user is logged into Etherpad + "ttl": { + "AccessToken": 3600, + "AuthorizationCode": 600, + "ClientCredentials": 3600, + "IdToken": 3600, + "RefreshToken": 86400 + } + */ }