Merge branch 'produpdate' into staging

config/config.example.js

@@ -139,6 +139,21 @@ module.exports = {
      */
     //enforceMFA: false,
 
+    /* =====================
+     *       Privacy
+     * ===================== */
+
+    /*  Depending on where your instance is hosted, you may be required to log IP
+     *  addresses of the users who make a change to a document. This setting allows you
+     *  to do so. You can configure the logging system below in this config file.
+     *  Setting this value to true will include a log for each websocket connection
+     *  including this connection's unique ID, the user public key and the IP.
+     *  NOTE: this option requires a log level of "info" or below.
+     *
+     *  defaults to false
+     */
+    //logIP: false,
+
     /* =====================
      *         Admin
      * ===================== */

lib/api.js

@@ -66,6 +66,7 @@ nThen(function (w) {
             .on('channelMessage', historyKeeper.channelMessage)
             .on('channelOpen', historyKeeper.channelOpen)
             .on('sessionClose', historyKeeper.sessionClose)
+            .on('sessionOpen', historyKeeper.sessionOpen)
             .on('error', function (error, label, info) {
                 if (!error) { return; }
                 var code = error && (error.code || error.message);

lib/env.js

@@ -110,6 +110,7 @@ module.exports.create = function (config) {
         httpPort: isValidPort(config.httpPort)? config.httpPort: 3000,
         httpAddress: typeof(config.httpAddress) === 'string'? config.httpAddress: 'localhost',
         websocketPath: config.externalWebsocketURL,
+        logIP: config.logIP,
 
         OFFLINE_MODE: false,
         FRESH_KEY: '',

lib/historyKeeper.js

@@ -103,8 +103,14 @@ module.exports.create = function (Env, cb) {
                 cb("ERESTRICTED", allowed);
             });
         },
-        sessionClose: function (userId, reason) {
+        sessionClose: function (userId, reason, ip) {
             HK.closeNetfluxSession(Env, userId);
+            if (Env.logIP && !['SOCKET_CLOSED', 'INACTIVITY'].includes(reason)) {
+                return void Log.info('USER_DISCONNECTED_ERROR', {
+                    userId: userId,
+                    reason: reason
+                });
+            }
             if (['BAD_MESSAGE', 'SEND_MESSAGE_FAIL_2'].indexOf(reason) !== -1) {
                 if (reason && reason.code === 'ECONNRESET') { return; }
                 return void Log.error('SESSION_CLOSE_WITH_ERROR', {
@@ -113,12 +119,19 @@ module.exports.create = function (Env, cb) {
                 });
             }
 
-            if (['SOCKET_CLOSED', 'SOCKET_ERROR'].indexOf(reason)) { return; }
+            if (['SOCKET_CLOSED', 'SOCKET_ERROR'].includes(reason)) { return; }
             Log.verbose('SESSION_CLOSE_ROUTINE', {
                 userId: userId,
                 reason: reason,
             });
         },
+        sessionOpen: function (userId, ip, oo) {
+            if (!Env.logIP) { return; }
+            Log.info('USER_CONNECTION', {
+                userId: userId,
+                ip: ip,
+            });
+        },
         directMessage: function (Server, seq, userId, json) {
             // netflux-server allows you to register an id with a handler
             // this handler is invoked every time someone sends a message to that id

lib/http-worker.js

@@ -198,6 +198,9 @@ const wsProxy = createProxyMiddleware({
     target: proxyTarget.href,
     ws: true,
     logLevel: 'error',
+    onProxyReqWs: function (proxyReq, req, socket, options, head) {
+        proxyReq.setHeader('X-Real-Ip', req.socket.remoteAddress);
+    },
     logProvider: (p) => {
         p.error = (data) => {
             if (/ECONNRESET/.test(data)) { return; }

lib/rpc.js

@@ -144,6 +144,8 @@ var rpc = function (Env, Server, userId, data, respond) {
 
     var signature = msg.shift();
     var publicKey = msg.shift();
+    var safeKey = Util.escapeKeyCharacters(publicKey);
+    var hadSession = Boolean(Env.Sessions[safeKey]);
 
     // make sure a user object is initialized in the cookie jar
     if (publicKey) {
@@ -180,6 +182,9 @@ var rpc = function (Env, Server, userId, data, respond) {
             if (err) {
                 return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
             }
+            if (command === 'COOKIE' && !hadSession && Env.logIP) {
+                Env.Log.info('NEW_RPC_SESSION', {userId: userId, publicKey: publicKey});
+            }
             HK.authenticateNetfluxSession(Env, userId, publicKey);
             return void handleAuthenticatedMessage(Env, publicKey, msg, respond, Server);
         });

package-lock.json

@@ -19,7 +19,7 @@
         "chainpad-crypto": "^0.2.5",
         "chainpad-listmap": "^1.0.0",
         "chainpad-netflux": "^1.0.0",
-        "chainpad-server": "^5.1.0",
+        "chainpad-server": "^5.2.0",
         "ckeditor": "npm:ckeditor4@~4.22.1",
         "codemirror": "^5.19.0",
         "components-font-awesome": "^4.6.3",
@@ -1402,9 +1402,9 @@
       }
     },
     "node_modules/chainpad-server": {
-      "version": "5.1.0",
+      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/chainpad-server/-/chainpad-server-5.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/chainpad-server/-/chainpad-server-5.2.0.tgz",
-      "integrity": "sha512-BdjgOOLTXXo1EjQ7lURDe7oqsqfQISNvwhILfp3K3diY2K1hxpPLbjYzOSgxNOTADeOAff0xnInR5eUCESVWaQ==",
+      "integrity": "sha512-WFbtzhuB636CAleuqH4e2CqmexNSOjXXE0t1Qd/4DIiHavxMy0/pd7CuOCTNr/MwD0eOd8dNm7/pFkRFL5f74A==",
       "dependencies": {
         "nthen": "0.1.8",
         "pull-stream": "^3.6.9",

package.json

@@ -22,7 +22,7 @@
     "chainpad-crypto": "^0.2.5",
     "chainpad-listmap": "^1.0.0",
     "chainpad-netflux": "^1.0.0",
-    "chainpad-server": "^5.1.0",
+    "chainpad-server": "^5.2.0",
     "ckeditor": "npm:ckeditor4@~4.22.1",
     "codemirror": "^5.19.0",
     "components-font-awesome": "^4.6.3",