mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-05-08 13:48:34 +00:00
fb41d24ef5
## Release Notes Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9 > ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change to previous release) [Compare to previous Release v2.35.0](https://github.com/MagicMirrorOrg/MagicMirror/compare/v2.35.0...v2.36.0) This release falls outside the quarterly schedule. We opted for an early release due to: - Security fix for the internal cors proxy - API change of the weather provider smi - Several bug fixes ### Breaking Changes The cors proxy is now disabled by default. If required, it must be explicitly enabled in the `config.js` file. See the [documentation](https://docs.magicmirror.builders/configuration/cors.html). ### ⚠️ Security You can find several publicly accessible MagicMirror² instances. This should never be done. Doing so makes your entire configuration, including secrets and API keys, publicly visible. Furthermore, it allows attackers to target the host; this is only prevented beginning with this release. Public MagicMirror² instances should always run behind a reverse proxy with authentication. ### [core] - Prepare Release 2.36.0 (#4126) - Allow HTTPFetcher to pass through 304 responses (#4120) - fix(http-fetcher): fall back to reloadInterval after retries exhausted (#4113) - config endpoint must handle functions in module configs (#4106) - fix replaceSecretPlaceholder (#4104) - restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102) - fix: prevent crash when config is undefined in socket handler (#4096) - fix cors function for alpine linux (#4091) - fix(cors): prevent SSRF via DNS rebinding (#4090) - add option to disable or restrict cors endpoint (#4087) - fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs (#4084) - chore: add permissions section to enforce pull-request rules workflow (#4079) - update version for develop ### [dependencies] - update dependencies (#4124) - chore: update dependencies (#4088) - refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080) ### [modules/newsfeed] - fix(newsfeed): prevent duplicate parse error callback when using pipeline (#4083) ### [modules/updatenotification] - fix(updatenotification): harden git command execution + simplify checkUpdates (#4115) - fix(tests): correct import path for git_helper module in updatenotification tests (#4078) ### [modules/weather] - fix(weather): use nearest openmeteo hourly data (#4123) - fix(weather): avoid loading state after reconnect (#4121) - weather: fix UV index display and add WeatherFlow precipitation (#4108) - fix(weather): restore OpenWeatherMap v2.5 support (#4101) - fix(weather): use stable instanceId to prevent duplicate fetchers (#4092) - SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082) ### [testing] - ci(actions): set explicit token permissions (#4114) - fix(http_fetcher): use undici.fetch when dispatcher is present (#4097) - ci(codeql): also scan develop branch on push and PR (#4086) - refactor: replace implicit global config with explicit global.config (#4085) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sam detweiler <sdetweil@gmail.com> Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com> Co-authored-by: Veeck <github@veeck.de> Co-authored-by: veeck <gitkraken@veeck.de> Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevIncomin <56730075+Developer-Incoming@users.noreply.github.com> Co-authored-by: Nathan <n8nyoung@gmail.com> Co-authored-by: mixasgr <mixasgr@users.noreply.github.com> Co-authored-by: Savvas Adamtziloglou <savvas-gr@greeklug.gr> Co-authored-by: Konstantinos <geraki@gmail.com> Co-authored-by: OWL4C <124401812+OWL4C@users.noreply.github.com> Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com> Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com> Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr> Co-authored-by: Koen Konst <koenspero@gmail.com> Co-authored-by: Koen Konst <c.h.konst@avisi.nl> Co-authored-by: dathbe <github@beffa.us> Co-authored-by: Marcel <m-idler@users.noreply.github.com> Co-authored-by: Kevin G. <crazylegstoo@gmail.com> Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com> Co-authored-by: Jboucly <contact@jboucly.fr> Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com> Co-authored-by: Jordan Welch <JordanHWelch@gmail.com> Co-authored-by: Blackspirits <blackspirits@gmail.com> Co-authored-by: Samed Ozdemir <samed@xsor.io> Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com> Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com> Co-authored-by: cgillinger <christian.gillinger@gmail.com> Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com> Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
324 lines
9.6 KiB
JavaScript
324 lines
9.6 KiB
JavaScript
// Load lightweight internal alias resolver
|
|
require("./alias-resolver");
|
|
|
|
const fs = require("node:fs");
|
|
const path = require("node:path");
|
|
const Spawn = require("node:child_process").spawn;
|
|
const Log = require("logger");
|
|
|
|
// global absolute root path
|
|
global.root_path = path.resolve(`${__dirname}/../`);
|
|
|
|
// used to control fetch timeout for node_helpers
|
|
const { setGlobalDispatcher, Agent } = require("undici");
|
|
|
|
const Server = require("./server");
|
|
const Utils = require("./utils");
|
|
|
|
const { getEnvVarsAsObj } = require("#server_functions");
|
|
// common timeout value, provide environment override in case
|
|
const fetch_timeout = process.env.mmFetchTimeout !== undefined ? process.env.mmFetchTimeout : 30000;
|
|
|
|
// Get version number.
|
|
global.version = require(`${global.root_path}/package.json`).version;
|
|
global.mmTestMode = process.env.mmTestMode === "true";
|
|
Log.log(`Starting MagicMirror: v${global.version}`);
|
|
|
|
// Log system information.
|
|
Spawn("node ./js/systeminformation.js", { env: { ...process.env, ELECTRON_VERSION: `${process.versions.electron}` }, cwd: this.root_path, shell: true, detached: true, stdio: "inherit" });
|
|
|
|
if (process.env.MM_CONFIG_FILE) {
|
|
global.configuration_file = process.env.MM_CONFIG_FILE.replace(`${global.root_path}/`, "");
|
|
}
|
|
|
|
// FIXME: Hotfix Pull Request
|
|
// https://github.com/MagicMirrorOrg/MagicMirror/pull/673
|
|
if (process.env.MM_PORT) {
|
|
global.mmPort = process.env.MM_PORT;
|
|
}
|
|
|
|
// The next part is here to prevent a major exception when there
|
|
// is no internet connection. This could probable be solved better.
|
|
process.on("uncaughtException", function (err) {
|
|
// ignore strange exceptions under aarch64 coming from systeminformation:
|
|
if (!err.stack.includes("node_modules/systeminformation")) {
|
|
Log.error("Whoops! There was an uncaught exception...");
|
|
Log.error(err);
|
|
Log.error("MagicMirror² will not quit, but it might be a good idea to check why this happened. Maybe no internet connection?");
|
|
Log.error("If you think this really is an issue, please open an issue on GitHub: https://github.com/MagicMirrorOrg/MagicMirror/issues");
|
|
}
|
|
});
|
|
|
|
/**
|
|
* The core app.
|
|
* @class
|
|
*/
|
|
function App () {
|
|
let nodeHelpers = [];
|
|
let httpServer;
|
|
let defaultModules;
|
|
let env;
|
|
|
|
/**
|
|
* Loads a specific module.
|
|
* @param {string} module The name of the module (including subpath).
|
|
*/
|
|
function loadModule (module) {
|
|
const elements = module.split("/");
|
|
const moduleName = elements[elements.length - 1];
|
|
let moduleFolder = path.resolve(`${global.root_path}/${env.modulesDir}`, module);
|
|
|
|
if (defaultModules.includes(moduleName)) {
|
|
const defaultModuleFolder = path.resolve(`${global.root_path}/${global.defaultModulesDir}/`, module);
|
|
if (!global.mmTestMode) {
|
|
moduleFolder = defaultModuleFolder;
|
|
} else {
|
|
// running in test mode, allow defaultModules placed under moduleDir for testing
|
|
if (env.modulesDir === "modules" || env.modulesDir === "tests/mocks") {
|
|
moduleFolder = defaultModuleFolder;
|
|
}
|
|
}
|
|
}
|
|
|
|
const moduleFile = `${moduleFolder}/${moduleName}.js`;
|
|
|
|
try {
|
|
fs.accessSync(moduleFile, fs.constants.R_OK);
|
|
} catch {
|
|
Log.warn(`No ${moduleFile} found for module: ${moduleName}.`);
|
|
}
|
|
|
|
const helperPath = `${moduleFolder}/node_helper.js`;
|
|
|
|
let loadHelper = true;
|
|
try {
|
|
fs.accessSync(helperPath, fs.constants.R_OK);
|
|
} catch {
|
|
loadHelper = false;
|
|
Log.log(`No helper found for module: ${moduleName}.`);
|
|
}
|
|
|
|
// if the helper was found
|
|
if (loadHelper) {
|
|
let Module;
|
|
try {
|
|
Module = require(helperPath);
|
|
} catch (e) {
|
|
Log.error(`Error when loading ${moduleName}:`, e.message);
|
|
return;
|
|
}
|
|
let m = new Module();
|
|
|
|
if (m.requiresVersion) {
|
|
Log.log(`Check MagicMirror² version for node helper '${moduleName}' - Minimum version: ${m.requiresVersion} - Current version: ${global.version}`);
|
|
if (cmpVersions(global.version, m.requiresVersion) >= 0) {
|
|
Log.log("Version is ok!");
|
|
} else {
|
|
Log.warn(`Version is incorrect. Skip module: '${moduleName}'`);
|
|
return;
|
|
}
|
|
}
|
|
|
|
m.setName(moduleName);
|
|
m.setPath(path.resolve(moduleFolder));
|
|
nodeHelpers.push(m);
|
|
|
|
m.loaded();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Loads all modules.
|
|
* @param {Module[]} modules All modules to be loaded
|
|
* @returns {Promise} A promise that is resolved when all modules been loaded
|
|
*/
|
|
async function loadModules (modules) {
|
|
Log.log("Loading module helpers ...");
|
|
|
|
for (let module of modules) {
|
|
await loadModule(module);
|
|
}
|
|
|
|
Log.log("All module helpers loaded.");
|
|
}
|
|
|
|
/**
|
|
* Compare two semantic version numbers and return the difference.
|
|
* @param {string} a Version number a.
|
|
* @param {string} b Version number b.
|
|
* @returns {number} A positive number if a is larger than b, a negative
|
|
* number if a is smaller and 0 if they are the same
|
|
*/
|
|
function cmpVersions (a, b) {
|
|
let i, diff;
|
|
const regExStrip0 = /(\.0+)+$/;
|
|
const segmentsA = a.replace(regExStrip0, "").split(".");
|
|
const segmentsB = b.replace(regExStrip0, "").split(".");
|
|
const l = Math.min(segmentsA.length, segmentsB.length);
|
|
|
|
for (i = 0; i < l; i++) {
|
|
diff = parseInt(segmentsA[i], 10) - parseInt(segmentsB[i], 10);
|
|
if (diff) {
|
|
return diff;
|
|
}
|
|
}
|
|
return segmentsA.length - segmentsB.length;
|
|
}
|
|
|
|
/**
|
|
* Start the core app.
|
|
*
|
|
* It loads the config, then it loads all modules.
|
|
* @async
|
|
* @returns {Promise<object>} the config used
|
|
*/
|
|
this.start = async function () {
|
|
const configObj = Utils.loadConfig();
|
|
global.config = configObj.fullConf;
|
|
const config = global.config;
|
|
Utils.checkConfigFile(configObj);
|
|
|
|
global.defaultModulesDir = config.defaultModulesDir;
|
|
defaultModules = require(`${global.root_path}/${global.defaultModulesDir}/defaultmodules`);
|
|
|
|
Log.setLogLevel(config.logLevel);
|
|
|
|
env = getEnvVarsAsObj();
|
|
// check for deprecated css/custom.css and move it to new location
|
|
if ((!fs.existsSync(`${global.root_path}/${env.customCss}`)) && (fs.existsSync(`${global.root_path}/css/custom.css`))) {
|
|
try {
|
|
fs.renameSync(`${global.root_path}/css/custom.css`, `${global.root_path}/${env.customCss}`);
|
|
Log.warn(`WARNING! Your custom css file was moved from ${global.root_path}/css/custom.css to ${global.root_path}/${env.customCss}`);
|
|
} catch {
|
|
Log.warn("WARNING! Your custom css file is currently located in the css folder. Please move it to the config folder!");
|
|
}
|
|
}
|
|
|
|
// get the used module positions
|
|
Utils.getModulePositions();
|
|
|
|
let modules = [];
|
|
for (const module of config.modules) {
|
|
if (module.disabled) continue;
|
|
if (module.module) {
|
|
if (Utils.moduleHasValidPosition(module.position) || typeof (module.position) === "undefined") {
|
|
// Only add this module to be loaded if it is not a duplicate (repeated instance of the same module)
|
|
if (!modules.includes(module.module)) {
|
|
modules.push(module.module);
|
|
}
|
|
} else {
|
|
Log.warn("Invalid module position found for this configuration:" + `\n${JSON.stringify(module, null, 2)}`);
|
|
}
|
|
} else {
|
|
Log.warn("No module name found for this configuration:" + `\n${JSON.stringify(module, null, 2)}`);
|
|
}
|
|
}
|
|
|
|
setGlobalDispatcher(new Agent({ connect: { timeout: fetch_timeout } }));
|
|
|
|
await loadModules(modules);
|
|
|
|
httpServer = new Server(configObj);
|
|
const { app, io } = await httpServer.open();
|
|
Log.log("Server started ...");
|
|
|
|
const nodePromises = [];
|
|
for (let nodeHelper of nodeHelpers) {
|
|
nodeHelper.setExpressApp(app);
|
|
nodeHelper.setSocketIO(io);
|
|
|
|
try {
|
|
nodePromises.push(nodeHelper.start());
|
|
} catch (error) {
|
|
Log.error(`Error when starting node_helper for module ${nodeHelper.name}:`);
|
|
Log.error(error);
|
|
}
|
|
}
|
|
|
|
const results = await Promise.allSettled(nodePromises);
|
|
|
|
// Log errors that happened during async node_helper startup
|
|
results.forEach((result) => {
|
|
if (result.status === "rejected") {
|
|
Log.error(result.reason);
|
|
}
|
|
});
|
|
|
|
Log.log("Sockets connected & modules started ...");
|
|
|
|
return global.config;
|
|
};
|
|
|
|
/**
|
|
* Stops the core app. This calls each node_helper's STOP() function, if it
|
|
* exists.
|
|
*
|
|
* Added to fix #1056
|
|
* @returns {Promise} A promise that is resolved when all node_helpers and
|
|
* the http server has been closed
|
|
*/
|
|
this.stop = async function () {
|
|
const nodePromises = [];
|
|
for (let nodeHelper of nodeHelpers) {
|
|
try {
|
|
if (typeof nodeHelper.stop === "function") {
|
|
nodePromises.push(nodeHelper.stop());
|
|
}
|
|
} catch (error) {
|
|
Log.error(`Error when stopping node_helper for module ${nodeHelper.name}:`);
|
|
Log.error(error);
|
|
}
|
|
}
|
|
|
|
const results = await Promise.allSettled(nodePromises);
|
|
|
|
// Log errors that happened during async node_helper stopping
|
|
results.forEach((result) => {
|
|
if (result.status === "rejected") {
|
|
Log.error(result.reason);
|
|
}
|
|
});
|
|
|
|
Log.log("Node_helpers stopped ...");
|
|
|
|
// To be able to stop the app even if it hasn't been started (when
|
|
// running with Electron against another server)
|
|
if (!httpServer) {
|
|
return Promise.resolve();
|
|
}
|
|
|
|
return httpServer.close();
|
|
};
|
|
|
|
/**
|
|
* Listen for SIGINT signal and call stop() function.
|
|
*
|
|
* Added to fix #1056
|
|
* Note: this is only used if running `server-only`. Otherwise
|
|
* this.stop() is called by app.on("before-quit"... in `electron.js`
|
|
*/
|
|
process.on("SIGINT", async () => {
|
|
Log.log("[SIGINT] Received. Shutting down server...");
|
|
setTimeout(() => {
|
|
process.exit(0);
|
|
}, 3000); // Force quit after 3 seconds
|
|
await this.stop();
|
|
process.exit(0);
|
|
});
|
|
|
|
/**
|
|
* Listen to SIGTERM signals so we can stop everything when we
|
|
* are asked to stop by the OS.
|
|
*/
|
|
process.on("SIGTERM", async () => {
|
|
Log.log("[SIGTERM] Received. Shutting down server...");
|
|
setTimeout(() => {
|
|
process.exit(0);
|
|
}, 3000); // Force quit after 3 seconds
|
|
await this.stop();
|
|
process.exit(0);
|
|
});
|
|
}
|
|
|
|
module.exports = new App();
|