diff --git a/.meteor/packages b/.meteor/packages index 235fba61f..c6477b1cd 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -16,7 +16,6 @@ es5-shim@4.8.0 # Collections aldeed:collection2 -cfs:standard-packages cottz:publish-relations dburles:collection-helpers idmontie:migrations @@ -147,7 +146,6 @@ meteor-autosize shell-server@0.5.0 email@2.2.5 dynamic-import@0.7.3 -cfs:gridfs msavin:usercache # Keep stylus in 1.1.0, because building v2 takes extra 52 minutes. meteorhacks:subs-manager @@ -155,7 +153,6 @@ meteorhacks:aggregate@1.3.0 wekan-markdown konecty:mongo-counter percolate:synced-cron -cfs:filesystem ostrio:cookies ostrio:files@2.3.0 pascoual:pdfkit diff --git a/.meteor/versions b/.meteor/versions index eab5ae08c..0ad897655 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -20,24 +20,6 @@ boilerplate-generator@1.7.1 caching-compiler@1.2.2 caching-html-compiler@1.2.1 callback-hook@1.5.1 -cfs:access-point@0.1.49 -cfs:base-package@0.0.30 -cfs:collection@0.5.5 -cfs:collection-filters@0.2.4 -cfs:data-man@0.0.6 -cfs:file@0.1.17 -cfs:filesystem@0.1.2 -cfs:gridfs@0.0.34 -cfs:http-methods@0.0.32 -cfs:http-publish@0.0.13 -cfs:power-queue@0.9.11 -cfs:reactive-list@0.0.9 -cfs:reactive-property@0.0.4 -cfs:standard-packages@0.5.10 -cfs:storage-adapter@0.2.4 -cfs:tempstore@0.1.6 -cfs:upload-http@0.0.20 -cfs:worker@0.1.5 check@1.3.2 coffeescript@2.7.0 coffeescript-compiler@2.4.1 @@ -77,7 +59,6 @@ kadira:blaze-layout@2.3.0 kadira:dochead@1.5.0 kadira:flow-router@2.12.1 konecty:mongo-counter@0.0.5_3 -livedata@1.0.18 lmieulet:meteor-coverage@1.1.4 localstorage@1.2.0 logging@1.3.2 diff --git a/models/attachments_old.js b/models/attachments_old.js deleted file mode 100644 index fae4b844c..000000000 --- a/models/attachments_old.js +++ /dev/null @@ -1,118 +0,0 @@ -import { ReactiveCache } from '/imports/reactiveCache'; - -const storeName = 'attachments'; -const defaultStoreOptions = { - beforeWrite: fileObj => { - if (!fileObj.isImage()) { - return { - type: 'application/octet-stream', - }; - } - return {}; - }, -}; -let store; -store = new FS.Store.GridFS(storeName, { - // XXX Add a new store for cover thumbnails so we don't load big images in - // the general board view - // If the uploaded document is not an image we need to enforce browser - // download instead of execution. This is particularly important for HTML - // files that the browser will just execute if we don't serve them with the - // appropriate `application/octet-stream` MIME header which can lead to user - // data leaks. I imagine other formats (like PDF) can also be attack vectors. - // See https://github.com/wekan/wekan/issues/99 - // XXX Should we use `beforeWrite` option of CollectionFS instead of - // collection-hooks? - // We should use `beforeWrite`. - ...defaultStoreOptions, -}); -AttachmentsOld = new FS.Collection('attachments', { - stores: [store], -}); - -if (Meteor.isServer) { - Meteor.startup(() => { - AttachmentsOld.files._ensureIndex({ cardId: 1 }); - }); - - AttachmentsOld.allow({ - insert(userId, doc) { - return allowIsBoardMember(userId, ReactiveCache.getBoard(doc.boardId)); - }, - update(userId, doc) { - return allowIsBoardMember(userId, ReactiveCache.getBoard(doc.boardId)); - }, - remove(userId, doc) { - return allowIsBoardMember(userId, ReactiveCache.getBoard(doc.boardId)); - }, - // We authorize the attachment download either: - // - if the board is public, everyone (even unconnected) can download it - // - if the board is private, only board members can download it - download(userId, doc) { - const board = ReactiveCache.getBoard(doc.boardId); - if (board.isPublic()) { - return true; - } else { - return board.hasMember(userId); - } - }, - - fetch: ['boardId'], - }); -} - -// XXX Enforce a schema for the AttachmentsOld CollectionFS - -if (Meteor.isServer) { - AttachmentsOld.files.after.insert((userId, doc) => { - // If the attachment doesn't have a source field - // or its source is different than import - if (!doc.source || doc.source !== 'import') { - // Add activity about adding the attachment - Activities.insert({ - userId, - type: 'card', - activityType: 'addAttachment', - attachmentId: doc._id, - // this preserves the name so that notifications can be meaningful after - // this file is removed - attachmentName: doc.original.name, - boardId: doc.boardId, - cardId: doc.cardId, - listId: doc.listId, - swimlaneId: doc.swimlaneId, - }); - } else { - // Don't add activity about adding the attachment as the activity - // be imported and delete source field - AttachmentsOld.update( - { - _id: doc._id, - }, - { - $unset: { - source: '', - }, - }, - ); - } - }); - - AttachmentsOld.files.before.remove((userId, doc) => { - Activities.insert({ - userId, - type: 'card', - activityType: 'deleteAttachment', - attachmentId: doc._id, - // this preserves the name so that notifications can be meaningful after - // this file is removed - attachmentName: doc.original.name, - boardId: doc.boardId, - cardId: doc.cardId, - listId: doc.listId, - swimlaneId: doc.swimlaneId, - }); - }); -} - -export default AttachmentsOld; diff --git a/models/avatars_old.js b/models/avatars_old.js deleted file mode 100644 index deae4bbc6..000000000 --- a/models/avatars_old.js +++ /dev/null @@ -1,29 +0,0 @@ -AvatarsOld = new FS.Collection('avatars', { - stores: [new FS.Store.GridFS('avatars')], - filter: { - maxSize: 72000, - allow: { - contentTypes: ['image/*'], - }, - }, -}); - -function isOwner(userId, file) { - return userId && userId === file.userId; -} - -AvatarsOld.allow({ - insert: isOwner, - update: isOwner, - remove: isOwner, - download() { - return true; - }, - fetch: ['userId'], -}); - -AvatarsOld.files.before.insert((userId, doc) => { - doc.userId = userId; -}); - -export default AvatarsOld; diff --git a/package-lock.json b/package-lock.json index 87282739b..bd5c0da93 100644 --- a/package-lock.json +++ b/package-lock.json @@ -39,6 +39,142 @@ "lodash.uniq": "^4.5.0" } }, + "@isaacs/cliui": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", + "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", + "requires": { + "string-width": "^5.1.2", + "string-width-cjs": "npm:string-width@^4.2.0", + "strip-ansi": "^7.0.1", + "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", + "wrap-ansi": "^8.1.0", + "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" + }, + "dependencies": { + "ansi-regex": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", + "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==" + }, + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "requires": { + "color-convert": "^2.0.1" + } + }, + "emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" + }, + "string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "requires": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + } + }, + "string-width-cjs": { + "version": "npm:string-width@4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "dependencies": { + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" + }, + "emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "requires": { + "ansi-regex": "^5.0.1" + } + } + } + }, + "strip-ansi": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "requires": { + "ansi-regex": "^6.0.1" + } + }, + "strip-ansi-cjs": { + "version": "npm:strip-ansi@6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "requires": { + "ansi-regex": "^5.0.1" + }, + "dependencies": { + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" + } + } + }, + "wrap-ansi-cjs": { + "version": "npm:wrap-ansi@7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "requires": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "dependencies": { + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" + }, + "emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, + "string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "requires": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + } + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "requires": { + "ansi-regex": "^5.0.1" + } + } + } + } + } + }, "@mapbox/node-pre-gyp": { "version": "1.0.11", "resolved": "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.11.tgz", diff --git a/server/migrations.js b/server/migrations.js index 268f12119..6fcee54e5 100644 --- a/server/migrations.js +++ b/server/migrations.js @@ -7,9 +7,9 @@ import Actions from '../models/actions'; import Activities from '../models/activities'; import Announcements from '../models/announcements'; import Attachments from '../models/attachments'; -import AttachmentsOld from '../models/attachments_old'; +//import AttachmentsOld from '../models/attachments_old'; import Avatars from '../models/avatars'; -import AvatarsOld from '../models/avatars_old'; +//import AvatarsOld from '../models/avatars_old'; import Boards from '../models/boards'; import CardComments from '../models/cardComments'; import Cards from '../models/cards'; @@ -1245,6 +1245,7 @@ Migrations.add('add-card-details-show-lists', () => { ); }); +/* Migrations.add('migrate-attachments-collectionFS-to-ostrioFiles', () => { Meteor.settings.public.ostrioFilesMigrationInProgress = "true"; AttachmentsOld.find().forEach(function(fileObj) { @@ -1404,6 +1405,7 @@ Migrations.add('migrate-avatars-collectionFS-to-ostrioFiles', () => { }); Meteor.settings.public.ostrioFilesMigrationInProgress = "false"; }); +*/ Migrations.add('migrate-attachment-drop-index-cardId', () => { try {