kenmirrors/MagicMirror
1
0
Fork 0
mirror of https://github.com/MichMich/MagicMirror.git synced 2026-05-08 13:48:34 +00:00
Code Issues Projects Releases Wiki Activity
Files
fb41d24ef522e91e802e2a623ff6afbddeb3c9d8
MagicMirror/serveronly/watcher.js
Karsten Hassel fb41d24ef5 Release 2.36.0 (#4127) 
## Release Notes
Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9
> ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change
to previous release)

[Compare to previous Release
v2.35.0](https://github.com/MagicMirrorOrg/MagicMirror/compare/v2.35.0...v2.36.0)

This release falls outside the quarterly schedule. We opted for an early
release due to:
- Security fix for the internal cors proxy
- API change of the weather provider smi
- Several bug fixes

### Breaking Changes

The cors proxy is now disabled by default. If required, it must be
explicitly enabled in the `config.js` file. See the
[documentation](https://docs.magicmirror.builders/configuration/cors.html).

### ⚠️ Security

You can find several publicly accessible MagicMirror² instances.

This should never be done. Doing so makes your entire configuration,
including secrets and API keys, publicly visible. Furthermore, it allows
attackers to target the host; this is only prevented beginning with this
release.

Public MagicMirror² instances should always run behind a reverse proxy
with authentication.

### [core]
- Prepare Release 2.36.0 (#4126)
- Allow HTTPFetcher to pass through 304 responses (#4120)
- fix(http-fetcher): fall back to reloadInterval after retries exhausted
(#4113)
- config endpoint must handle functions in module configs (#4106)
- fix replaceSecretPlaceholder (#4104)
- restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102)
- fix: prevent crash when config is undefined in socket handler (#4096)
- fix cors function for alpine linux (#4091)
- fix(cors): prevent SSRF via DNS rebinding (#4090)
- add option to disable or restrict cors endpoint (#4087)
- fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs
(#4084)
- chore: add permissions section to enforce pull-request rules workflow
(#4079)
- update version for develop

### [dependencies]
- update dependencies (#4124)
- chore: update dependencies (#4088)
- refactor: enable ESLint rule "no-unused-vars" and handle related
issues (#4080)

### [modules/newsfeed]
- fix(newsfeed): prevent duplicate parse error callback when using
pipeline (#4083)

### [modules/updatenotification]
- fix(updatenotification): harden git command execution + simplify
checkUpdates (#4115)
- fix(tests): correct import path for git_helper module in
updatenotification tests (#4078)

### [modules/weather]
- fix(weather): use nearest openmeteo hourly data (#4123)
- fix(weather): avoid loading state after reconnect (#4121)
- weather: fix UV index display and add WeatherFlow precipitation
(#4108)
- fix(weather): restore OpenWeatherMap v2.5 support (#4101)
- fix(weather): use stable instanceId to prevent duplicate fetchers
(#4092)
- SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082)

### [testing]
- ci(actions): set explicit token permissions (#4114)
- fix(http_fetcher): use undici.fetch when dispatcher is present (#4097)
- ci(codeql): also scan develop branch on push and PR (#4086)
- refactor: replace implicit global config with explicit global.config
(#4085)

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: sam detweiler <sdetweil@gmail.com>
Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com>
Co-authored-by: Veeck <github@veeck.de>
Co-authored-by: veeck <gitkraken@veeck.de>
Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com>
Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DevIncomin <56730075+Developer-Incoming@users.noreply.github.com>
Co-authored-by: Nathan <n8nyoung@gmail.com>
Co-authored-by: mixasgr <mixasgr@users.noreply.github.com>
Co-authored-by: Savvas Adamtziloglou <savvas-gr@greeklug.gr>
Co-authored-by: Konstantinos <geraki@gmail.com>
Co-authored-by: OWL4C <124401812+OWL4C@users.noreply.github.com>
Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com>
Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com>
Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr>
Co-authored-by: Koen Konst <koenspero@gmail.com>
Co-authored-by: Koen Konst <c.h.konst@avisi.nl>
Co-authored-by: dathbe <github@beffa.us>
Co-authored-by: Marcel <m-idler@users.noreply.github.com>
Co-authored-by: Kevin G. <crazylegstoo@gmail.com>
Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com>
Co-authored-by: Jboucly <contact@jboucly.fr>
Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com>
Co-authored-by: Jordan Welch <JordanHWelch@gmail.com>
Co-authored-by: Blackspirits <blackspirits@gmail.com>
Co-authored-by: Samed Ozdemir <samed@xsor.io>
Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com>
Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com>
Co-authored-by: cgillinger <christian.gillinger@gmail.com>
Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com>
Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
2026-04-30 22:49:25 +02:00

262 lines
6.7 KiB
JavaScript
Raw Blame History

// Load lightweight internal alias resolver to enable require("logger")
require("../js/alias-resolver");
const { spawn } = require("node:child_process");
const fs = require("node:fs");
const path = require("node:path");
const net = require("node:net");
const http = require("node:http");
const Log = require("logger");
const { getConfigFilePath } = require("#server_functions");
const RESTART_DELAY_MS = 500;
const PORT_CHECK_MAX_ATTEMPTS = 20;
const PORT_CHECK_INTERVAL_MS = 500;
let child = null;
let restartTimer = null;
let isShuttingDown = false;
let isRestarting = false;
let serverConfig = null;
const rootDir = path.join(__dirname, "..");
/**
* Get the server configuration (port and address)
* @returns {{port: number, address: string}} The server config
*/
function getServerConfig () {
if (serverConfig) return serverConfig;
try {
const configPath = getConfigFilePath();
delete require.cache[require.resolve(configPath)];
const config = require(configPath);
serverConfig = {
port: global.mmPort || config.port || 8080,
address: config.address || "localhost"
};
} catch {
serverConfig = { port: 8080, address: "localhost" };
}
return serverConfig;
}
/**
* Check if a port is available on the configured address
* @param {number} port The port to check
* @returns {Promise<boolean>} True if port is available
*/
function isPortAvailable (port) {
return new Promise((resolve) => {
const server = net.createServer();
server.once("error", () => {
resolve(false);
});
server.once("listening", () => {
server.close();
resolve(true);
});
// Use the same address as the actual server will bind to
const { address } = getServerConfig();
server.listen(port, address);
});
}
/**
* Wait until port is available
* @param {number} port The port to wait for
* @param {number} maxAttempts Maximum number of attempts
* @returns {Promise<void>}
*/
async function waitForPort (port, maxAttempts = PORT_CHECK_MAX_ATTEMPTS) {
for (let i = 0; i < maxAttempts; i++) {
if (await isPortAvailable(port)) {
Log.info(`Port ${port} is now available`);
return;
}
await new Promise((resolve) => setTimeout(resolve, PORT_CHECK_INTERVAL_MS));
}
Log.warn(`Port ${port} still not available after ${maxAttempts} attempts`);
}
/**
* Start the server process
*/
function startServer () {
// Start node directly instead of via npm to avoid process tree issues
child = spawn("node", ["./serveronly"], {
stdio: "inherit",
cwd: path.join(__dirname, "..")
});
child.on("error", (error) => {
Log.error("Failed to start server process:", error.message);
child = null;
});
child.on("exit", (code, signal) => {
child = null;
if (isShuttingDown) {
return;
}
if (isRestarting) {
// Expected restart - don't log as error
isRestarting = false;
} else {
// Unexpected exit
Log.error(`Server exited unexpectedly with code ${code} and signal ${signal}`);
}
});
}
/**
* Send reload notification to all connected clients
*/
function notifyClientsToReload () {
const { port, address } = getServerConfig();
const options = {
hostname: address,
port: port,
path: "/reload",
method: "GET"
};
const req = http.request(options, (res) => {
if (res.statusCode === 200) {
Log.info("Reload notification sent to clients");
}
});
req.on("error", (err) => {
// Server might not be running yet, ignore
Log.debug(`Could not send reload notification: ${err.message}`);
});
req.end();
}
/**
* Restart the server process
* @param {string} reason The reason for the restart
*/
function restartServer (reason) {
if (restartTimer) clearTimeout(restartTimer);
restartTimer = setTimeout(() => {
Log.info(reason);
if (child) {
isRestarting = true;
// Get the actual port being used
const { port } = getServerConfig();
// Notify clients to reload before restart
notifyClientsToReload();
// Set up one-time listener for the exit event
child.once("exit", async () => {
// Wait until port is actually available
await waitForPort(port);
// Reset config cache in case it changed
serverConfig = null;
startServer();
});
child.kill("SIGTERM");
} else {
startServer();
}
}, RESTART_DELAY_MS);
}
/**
* Watch a specific file for changes and restart the server on change
* Watches the parent directory to handle editors that use atomic writes
* @param {string} file The file path to watch
*/
function watchFile (file) {
try {
const fileName = path.basename(file);
const dirName = path.dirname(file);
const watcher = fs.watch(dirName, (_eventType, changedFile) => {
// Only trigger for the specific file we're interested in
if (changedFile !== fileName) return;
Log.info(`[watchFile] Change detected in: ${file}`);
if (restartTimer) clearTimeout(restartTimer);
restartTimer = setTimeout(() => {
Log.info(`[watchFile] Triggering restart due to change in: ${file}`);
restartServer(`File changed: ${path.basename(file)} — restarting...`);
}, RESTART_DELAY_MS);
});
watcher.on("error", (error) => {
Log.error(`Watcher error for ${file}:`, error.message);
});
Log.log(`Watching file: ${file}`);
} catch (error) {
Log.error(`Failed to watch file ${file}:`, error.message);
}
}
startServer();
// Setup file watching based on config
try {
const configPath = getConfigFilePath();
delete require.cache[require.resolve(configPath)];
const config = require(configPath);
let watchTargets = [];
if (Array.isArray(config.watchTargets) && config.watchTargets.length > 0) {
watchTargets = config.watchTargets.filter((target) => typeof target === "string" && target.trim() !== "");
}
if (watchTargets.length === 0) {
Log.warn("Watch mode is enabled but no watchTargets are configured. No files will be monitored. Set the watchTargets array in your config.js to enable file watching.");
}
Log.log(`Watch mode enabled. Watching ${watchTargets.length} file(s)`);
// Watch each target file
for (const target of watchTargets) {
const targetPath = path.isAbsolute(target)
? target
: path.join(rootDir, target);
// Check if file exists
if (!fs.existsSync(targetPath)) {
Log.warn(`Watch target does not exist: ${targetPath}`);
continue;
}
// Check if it's a file (directories are not supported)
const stats = fs.statSync(targetPath);
if (stats.isFile()) {
watchFile(targetPath);
} else {
Log.warn(`Watch target is not a file (directories not supported): ${targetPath}`);
}
}
} catch {
// Config file might not exist or be invalid, use fallback targets
Log.warn("Could not load watchTargets from config.");
}
process.on("SIGINT", () => {
isShuttingDown = true;
if (restartTimer) clearTimeout(restartTimer);
if (child) child.kill("SIGTERM");
process.exit(0);
});
Reference in New Issue View Git Blame Copy Permalink