mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-05-09 14:18:33 +00:00
fb41d24ef5
## Release Notes Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9 > ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change to previous release) [Compare to previous Release v2.35.0](https://github.com/MagicMirrorOrg/MagicMirror/compare/v2.35.0...v2.36.0) This release falls outside the quarterly schedule. We opted for an early release due to: - Security fix for the internal cors proxy - API change of the weather provider smi - Several bug fixes ### Breaking Changes The cors proxy is now disabled by default. If required, it must be explicitly enabled in the `config.js` file. See the [documentation](https://docs.magicmirror.builders/configuration/cors.html). ### ⚠️ Security You can find several publicly accessible MagicMirror² instances. This should never be done. Doing so makes your entire configuration, including secrets and API keys, publicly visible. Furthermore, it allows attackers to target the host; this is only prevented beginning with this release. Public MagicMirror² instances should always run behind a reverse proxy with authentication. ### [core] - Prepare Release 2.36.0 (#4126) - Allow HTTPFetcher to pass through 304 responses (#4120) - fix(http-fetcher): fall back to reloadInterval after retries exhausted (#4113) - config endpoint must handle functions in module configs (#4106) - fix replaceSecretPlaceholder (#4104) - restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102) - fix: prevent crash when config is undefined in socket handler (#4096) - fix cors function for alpine linux (#4091) - fix(cors): prevent SSRF via DNS rebinding (#4090) - add option to disable or restrict cors endpoint (#4087) - fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs (#4084) - chore: add permissions section to enforce pull-request rules workflow (#4079) - update version for develop ### [dependencies] - update dependencies (#4124) - chore: update dependencies (#4088) - refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080) ### [modules/newsfeed] - fix(newsfeed): prevent duplicate parse error callback when using pipeline (#4083) ### [modules/updatenotification] - fix(updatenotification): harden git command execution + simplify checkUpdates (#4115) - fix(tests): correct import path for git_helper module in updatenotification tests (#4078) ### [modules/weather] - fix(weather): use nearest openmeteo hourly data (#4123) - fix(weather): avoid loading state after reconnect (#4121) - weather: fix UV index display and add WeatherFlow precipitation (#4108) - fix(weather): restore OpenWeatherMap v2.5 support (#4101) - fix(weather): use stable instanceId to prevent duplicate fetchers (#4092) - SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082) ### [testing] - ci(actions): set explicit token permissions (#4114) - fix(http_fetcher): use undici.fetch when dispatcher is present (#4097) - ci(codeql): also scan develop branch on push and PR (#4086) - refactor: replace implicit global config with explicit global.config (#4085) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sam detweiler <sdetweil@gmail.com> Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com> Co-authored-by: Veeck <github@veeck.de> Co-authored-by: veeck <gitkraken@veeck.de> Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevIncomin <56730075+Developer-Incoming@users.noreply.github.com> Co-authored-by: Nathan <n8nyoung@gmail.com> Co-authored-by: mixasgr <mixasgr@users.noreply.github.com> Co-authored-by: Savvas Adamtziloglou <savvas-gr@greeklug.gr> Co-authored-by: Konstantinos <geraki@gmail.com> Co-authored-by: OWL4C <124401812+OWL4C@users.noreply.github.com> Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com> Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com> Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr> Co-authored-by: Koen Konst <koenspero@gmail.com> Co-authored-by: Koen Konst <c.h.konst@avisi.nl> Co-authored-by: dathbe <github@beffa.us> Co-authored-by: Marcel <m-idler@users.noreply.github.com> Co-authored-by: Kevin G. <crazylegstoo@gmail.com> Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com> Co-authored-by: Jboucly <contact@jboucly.fr> Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com> Co-authored-by: Jordan Welch <JordanHWelch@gmail.com> Co-authored-by: Blackspirits <blackspirits@gmail.com> Co-authored-by: Samed Ozdemir <samed@xsor.io> Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com> Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com> Co-authored-by: cgillinger <christian.gillinger@gmail.com> Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com> Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
211 lines
6.1 KiB
JavaScript
211 lines
6.1 KiB
JavaScript
const util = require("node:util");
|
|
const execFile = util.promisify(require("node:child_process").execFile);
|
|
const fs = require("node:fs");
|
|
const path = require("node:path");
|
|
const Log = require("logger");
|
|
|
|
class GitHelper {
|
|
constructor () {
|
|
this.gitRepos = [];
|
|
this.gitResultList = [];
|
|
}
|
|
|
|
getRefRegex (branch) {
|
|
return new RegExp(`s*([a-z,0-9]+[.][.][a-z,0-9]+) ${branch}`, "g");
|
|
}
|
|
|
|
async execGit (moduleFolder, ...args) {
|
|
const { stdout = "", stderr = "" } = await execFile("git", args, { cwd: moduleFolder });
|
|
|
|
return { stdout, stderr };
|
|
}
|
|
|
|
async isGitRepo (moduleFolder) {
|
|
const { stderr } = await this.execGit(moduleFolder, "remote", "-v");
|
|
|
|
if (stderr) {
|
|
Log.error(`Failed to fetch git data for ${moduleFolder}: ${stderr}`);
|
|
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
async add (moduleName) {
|
|
let moduleFolder = `${global.root_path}`;
|
|
|
|
if (moduleName !== "MagicMirror") {
|
|
moduleFolder = `${moduleFolder}/modules/${moduleName}`;
|
|
}
|
|
|
|
try {
|
|
Log.info(`Checking git for module: ${moduleName}`);
|
|
// Throws error if file doesn't exist
|
|
fs.statSync(path.join(moduleFolder, ".git"));
|
|
|
|
// Fetch the git or throw error if no remotes
|
|
const isGitRepo = await this.isGitRepo(moduleFolder);
|
|
|
|
if (isGitRepo) {
|
|
// Folder has .git and has at least one git remote, watch this folder
|
|
this.gitRepos.push({ module: moduleName, folder: moduleFolder });
|
|
}
|
|
} catch {
|
|
// Error when directory .git doesn't exist or doesn't have any remotes
|
|
// This module is not managed with git, skip
|
|
}
|
|
}
|
|
|
|
async getStatusInfo (repo) {
|
|
let gitInfo = {
|
|
module: repo.module,
|
|
behind: 0, // commits behind
|
|
current: "", // branch name
|
|
hash: "", // current hash
|
|
tracking: "", // remote branch
|
|
isBehindInStatus: false
|
|
};
|
|
|
|
if (repo.module === "MagicMirror") {
|
|
// the hash is only needed for the mm repo
|
|
const { stderr, stdout } = await this.execGit(repo.folder, "rev-parse", "HEAD");
|
|
|
|
if (stderr) {
|
|
Log.error(`Failed to get current commit hash for ${repo.module}: ${stderr}`);
|
|
}
|
|
|
|
gitInfo.hash = stdout;
|
|
}
|
|
|
|
const { stderr, stdout } = await this.execGit(repo.folder, "status", "-sb");
|
|
|
|
if (stderr) {
|
|
Log.error(`Failed to get git status for ${repo.module}: ${stderr}`);
|
|
// exit without git status info
|
|
return;
|
|
}
|
|
|
|
// only the first line of stdout is evaluated
|
|
let status = stdout.split("\n")[0];
|
|
// examples for status:
|
|
// ## develop...origin/develop
|
|
// ## master...origin/master [behind 8]
|
|
// ## master...origin/master [ahead 8, behind 1]
|
|
// ## HEAD (no branch)
|
|
status = status.match(/## (.*)\.\.\.([^ ]*)(?: .*behind (\d+))?/);
|
|
// examples for status:
|
|
// [ '## develop...origin/develop', 'develop', 'origin/develop' ]
|
|
// [ '## master...origin/master [behind 8]', 'master', 'origin/master', '8' ]
|
|
// [ '## master...origin/master [ahead 8, behind 1]', 'master', 'origin/master', '1' ]
|
|
if (status) {
|
|
gitInfo.current = status[1];
|
|
gitInfo.tracking = status[2];
|
|
|
|
if (status[3]) {
|
|
// git fetch was already called before so `git status -sb` delivers already the behind number
|
|
gitInfo.behind = parseInt(status[3]);
|
|
gitInfo.isBehindInStatus = true;
|
|
}
|
|
}
|
|
|
|
return gitInfo;
|
|
}
|
|
|
|
async getRepoInfo (repo) {
|
|
const gitInfo = await this.getStatusInfo(repo);
|
|
|
|
if (!gitInfo || !gitInfo.current) {
|
|
return;
|
|
}
|
|
|
|
if (gitInfo.isBehindInStatus && (gitInfo.module !== "MagicMirror" || gitInfo.current !== "master")) {
|
|
return gitInfo;
|
|
}
|
|
|
|
const { stderr } = await this.execGit(repo.folder, "fetch", "-n", "--dry-run");
|
|
|
|
// example output:
|
|
// From https://github.com/MagicMirrorOrg/MagicMirror
|
|
// e40ddd4..06389e3 develop -> origin/develop
|
|
// here the result is in stderr (this is a git default, don't ask why ...)
|
|
const matches = stderr.match(this.getRefRegex(gitInfo.current));
|
|
|
|
// this is the default if there was no match from "git fetch -n --dry-run".
|
|
// Its a fallback because if there was a real "git fetch", the above "git fetch -n --dry-run" would deliver nothing.
|
|
let refDiff = `${gitInfo.current}..origin/${gitInfo.current}`;
|
|
if (matches && matches[0]) {
|
|
refDiff = matches[0];
|
|
}
|
|
|
|
// get behind with refs
|
|
try {
|
|
const { stdout } = await this.execGit(repo.folder, "rev-list", "--ancestry-path", "--count", refDiff);
|
|
gitInfo.behind = parseInt(stdout);
|
|
|
|
// for MagicMirror-Repo and "master" branch avoid getting notified when no tag is in refDiff
|
|
// so only releases are reported and we can change e.g. the README.md without sending notifications
|
|
if (gitInfo.behind > 0 && gitInfo.module === "MagicMirror" && gitInfo.current === "master") {
|
|
let tagList = "";
|
|
try {
|
|
const { stdout } = await this.execGit(repo.folder, "ls-remote", "-q", "--tags", "--refs");
|
|
tagList = stdout.trim();
|
|
} catch (err) {
|
|
Log.error(`Failed to get tag list for ${repo.module}: ${err}`);
|
|
}
|
|
// check if tag is between commits and only report behind > 0 if so
|
|
try {
|
|
const { stdout } = await this.execGit(repo.folder, "rev-list", "--ancestry-path", refDiff);
|
|
let cnt = 0;
|
|
for (const ref of stdout.trim().split("\n")) {
|
|
if (tagList.includes(ref)) cnt++; // tag found
|
|
}
|
|
if (cnt === 0) gitInfo.behind = 0;
|
|
} catch (err) {
|
|
Log.error(`Failed to get git revisions for ${repo.module}: ${err}`);
|
|
}
|
|
}
|
|
|
|
return gitInfo;
|
|
} catch (err) {
|
|
Log.error(`Failed to get git revisions for ${repo.module}: ${err}`);
|
|
}
|
|
}
|
|
|
|
async getRepos () {
|
|
this.gitResultList = [];
|
|
|
|
for (const repo of this.gitRepos) {
|
|
try {
|
|
const gitInfo = await this.getRepoInfo(repo);
|
|
|
|
if (gitInfo) {
|
|
this.gitResultList.push(gitInfo);
|
|
}
|
|
} catch (e) {
|
|
// Only log errors in non-test environments to keep test output clean
|
|
if (process.env.mmTestMode !== "true") {
|
|
Log.error(`Failed to retrieve repo info for ${repo.module}: ${e}`);
|
|
}
|
|
}
|
|
}
|
|
|
|
return this.gitResultList;
|
|
}
|
|
|
|
checkUpdates () {
|
|
const updates = [];
|
|
|
|
for (const moduleInfo of this.gitResultList) {
|
|
if (moduleInfo.behind > 0 && moduleInfo.module !== "MagicMirror") {
|
|
Log.info(`Update found for module: ${moduleInfo.module}`);
|
|
updates.push(moduleInfo);
|
|
}
|
|
}
|
|
|
|
return updates;
|
|
}
|
|
}
|
|
|
|
module.exports = GitHelper;
|