From b557f04c1032d422598fd8e5b2df6848d75e7f9f Mon Sep 17 00:00:00 2001 From: Manuel Date: Mon, 24 Jul 2023 21:25:41 +0200 Subject: [PATCH 1/5] =?UTF-8?q?=E2=9C=A8=20Allow=20non=20standard=20protoc?= =?UTF-8?q?ols=20for=20ext=20app=20URL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- public/locales/en/layout/modals/add-app.json | 3 ++- .../Dashboard/Modals/EditAppModal/EditAppModal.tsx | 7 +++++-- .../EditAppModal/Tabs/GeneralTab/GeneralTab.tsx | 14 ++++++++++---- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/public/locales/en/layout/modals/add-app.json b/public/locales/en/layout/modals/add-app.json index 551f84dad..bed0d0630 100644 --- a/public/locales/en/layout/modals/add-app.json +++ b/public/locales/en/layout/modals/add-app.json @@ -24,7 +24,8 @@ "isOpeningNewTab": { "label": "Open in new tab", "description": "Open the app in a new tab instead of the current one." - } + }, + "customProtocolWarning": "Using a non-standard protocol. This may require pre-installed applications and can introduce security risks. Ensure that your address is secure and trusted." }, "network": { "statusChecker": { diff --git a/src/components/Dashboard/Modals/EditAppModal/EditAppModal.tsx b/src/components/Dashboard/Modals/EditAppModal/EditAppModal.tsx index c2dfa21f5..a618f6d2e 100644 --- a/src/components/Dashboard/Modals/EditAppModal/EditAppModal.tsx +++ b/src/components/Dashboard/Modals/EditAppModal/EditAppModal.tsx @@ -28,6 +28,9 @@ import { EditAppModalTab } from './Tabs/type'; const appUrlRegex = '(https?://(?:www.|(?!www))\\[?[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\\]?.[^\\s]{2,}|www.[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9].[^\\s]{2,}|https?://(?:www.|(?!www))\\[?[a-zA-Z0-9]+\\]?.[^\\s]{2,}|www.[a-zA-Z0-9]+.[^\\s]{2,})'; +const appUrlWithAnyProtocolRegex = + '([A-z]+://(?:www.|(?!www))\\[?[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9]\\]?.[^\\s]{2,}|www.[a-zA-Z0-9][a-zA-Z0-9-]+[a-zA-Z0-9].[^\\s]{2,}|[A-z]+://(?:www.|(?!www))\\[?[a-zA-Z0-9]+\\]?.[^\\s]{2,}|www.[a-zA-Z0-9]+.[^\\s]{2,})'; + export const EditAppModal = ({ context, id, @@ -71,8 +74,8 @@ export const EditAppModal = ({ return null; } - if (!url.match(appUrlRegex)) { - return 'Uri override is not a valid uri'; + if (!url.match(appUrlWithAnyProtocolRegex)) { + return 'External URI is not a valid uri'; } return null; diff --git a/src/components/Dashboard/Modals/EditAppModal/Tabs/GeneralTab/GeneralTab.tsx b/src/components/Dashboard/Modals/EditAppModal/Tabs/GeneralTab/GeneralTab.tsx index fd5c2ea05..6bbc40a7b 100644 --- a/src/components/Dashboard/Modals/EditAppModal/Tabs/GeneralTab/GeneralTab.tsx +++ b/src/components/Dashboard/Modals/EditAppModal/Tabs/GeneralTab/GeneralTab.tsx @@ -1,4 +1,4 @@ -import { Tabs, TextInput } from '@mantine/core'; +import { Tabs, Text, TextInput } from '@mantine/core'; import { UseFormReturnType } from '@mantine/form'; import { IconClick, IconCursorText, IconLink } from '@tabler/icons-react'; import { useTranslation } from 'next-i18next'; @@ -22,6 +22,7 @@ export const GeneralTab = ({ form, openTab }: GeneralTabProps) => { placeholder="My example app" variant="default" withAsterisk + mb="md" {...form.getInputProps('name')} /> { placeholder="https://google.com" variant="default" withAsterisk + mb="md" {...form.getInputProps('url')} - onChange={(e) => { - form.setFieldValue('url', e.target.value); - }} /> } @@ -44,6 +43,13 @@ export const GeneralTab = ({ form, openTab }: GeneralTabProps) => { variant="default" {...form.getInputProps('behaviour.externalUrl')} /> + + {!form.values.behaviour.externalUrl.startsWith('https://') && + !form.values.behaviour.externalUrl.startsWith('http://') && ( + + {t('behaviour.customProtocolWarning')} + + )} ); }; From 48b2e951cd09fb26e3542b3109382e42f9f6ee9a Mon Sep 17 00:00:00 2001 From: Meier Lukas Date: Thu, 27 Jul 2023 20:25:12 +0200 Subject: [PATCH 2/5] =?UTF-8?q?=F0=9F=90=9B=20Fix=20config=20appearance=20?= =?UTF-8?q?on=20initial=20load?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- package.json | 6 ++++-- src/config/provider.tsx | 7 ++++--- src/pages/_app.tsx | 11 +++++++---- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index 49f0b7b82..0230cf27e 100644 --- a/package.json +++ b/package.json @@ -155,7 +155,9 @@ "^[./]" ], "importOrderSeparation": true, - "plugins": ["@trivago/prettier-plugin-sort-imports"], + "plugins": [ + "@trivago/prettier-plugin-sort-imports" + ], "importOrderSortSpecifiers": true }, "eslintConfig": { @@ -217,4 +219,4 @@ ] } } -} +} \ No newline at end of file diff --git a/src/config/provider.tsx b/src/config/provider.tsx index 1d6803b17..6d2228373 100644 --- a/src/config/provider.tsx +++ b/src/config/provider.tsx @@ -21,8 +21,9 @@ const ConfigContext = createContext({ setConfigName: () => {}, }); -export const ConfigProvider = ({ children }: { children: ReactNode }) => { - const [configName, setConfigName] = useState(); +export const ConfigProvider = ({ children, config: fallbackConfig, configName: initialConfigName }: { children: ReactNode, config?: ConfigType, configName?: string }) => { + console.log(initialConfigName); + const [configName, setConfigName] = useState(initialConfigName || 'default'); const [configVersion, setConfigVersion] = useState(0); const { configs } = useConfigStore((s) => ({ configs: s.configs }), shallow); const { setPrimaryColor, setSecondaryColor, setPrimaryShade } = useColorTheme(); @@ -39,7 +40,7 @@ export const ConfigProvider = ({ children }: { children: ReactNode }) => { setConfigVersion((v) => v + 1), setConfigName: (name: string) => setConfigName(name), diff --git a/src/pages/_app.tsx b/src/pages/_app.tsx index 37ed1a412..88d63c532 100644 --- a/src/pages/_app.tsx +++ b/src/pages/_app.tsx @@ -35,6 +35,7 @@ import { getServiceSidePackageAttributes, } from '../tools/server/getPackageVersion'; import { theme } from '../tools/server/theme/theme'; +import { ConfigType } from '~/types/config'; function App( this: any, @@ -43,13 +44,15 @@ function App( packageAttributes: ServerSidePackageAttributesType; editModeEnabled: boolean; defaultColorScheme: ColorScheme; + config?: ConfigType; + configName?: string; }> ) { const { Component, pageProps } = props; - const [primaryColor, setPrimaryColor] = useState('red'); - const [secondaryColor, setSecondaryColor] = useState('orange'); - const [primaryShade, setPrimaryShade] = useState(6); + const [primaryColor, setPrimaryColor] = useState(props.pageProps.config?.settings.customization.colors.primary || 'red'); + const [secondaryColor, setSecondaryColor] = useState(props.pageProps.config?.settings.customization.colors.secondary || 'orange'); + const [primaryShade, setPrimaryShade] = useState(props.pageProps.config?.settings.customization.colors.shade || 6); const colorTheme = { primaryColor, secondaryColor, @@ -123,7 +126,7 @@ function App( withGlobalStyles withNormalizeCSS > - + Date: Thu, 27 Jul 2023 20:31:11 +0200 Subject: [PATCH 3/5] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Address=20pull=20reque?= =?UTF-8?q?st=20feedback?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/config/provider.tsx | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/config/provider.tsx b/src/config/provider.tsx index 6d2228373..d0002b67d 100644 --- a/src/config/provider.tsx +++ b/src/config/provider.tsx @@ -21,8 +21,15 @@ const ConfigContext = createContext({ setConfigName: () => {}, }); -export const ConfigProvider = ({ children, config: fallbackConfig, configName: initialConfigName }: { children: ReactNode, config?: ConfigType, configName?: string }) => { - console.log(initialConfigName); +export const ConfigProvider = ({ + children, + config: fallbackConfig, + configName: initialConfigName, +}: { + children: ReactNode; + config?: ConfigType; + configName?: string; +}) => { const [configName, setConfigName] = useState(initialConfigName || 'default'); const [configVersion, setConfigVersion] = useState(0); const { configs } = useConfigStore((s) => ({ configs: s.configs }), shallow); From 45438cd402d8faeb070b0b1261c20503f3d68e6e Mon Sep 17 00:00:00 2001 From: Manuel <30572287+manuel-rw@users.noreply.github.com> Date: Thu, 27 Jul 2023 21:18:29 +0200 Subject: [PATCH 4/5] =?UTF-8?q?=F0=9F=93=9D=20Add=20security=20policy=20(#?= =?UTF-8?q?1200)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- SECURITY.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..c1bdf234a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Supported Versions +Only the following versions will receive updates, that include improvements to the security: + +| Version | Supported | +| ------- | ------------------ | +| 0.13 | :white_check_mark: | +| <=0.12 | :x: | + +## Reporting a Vulnerability +We take security issues very seriously. +When you found a security issue, please ask yourself the following question: + +**Would this be publicly disclosed, could it cause any problems or harm to any Homarr instances or individuals?** + +If the answer to that question is yes, please contact us immideatly using https://homarr.dev/docs/community/get-in-touch. E-Mail is preferred, but you can write ``manicraft1001`` or ``ajnart`` on Discord as well. +If the answer is no, please create a public visible issue: https://github.com/ajnart/homarr/issues/new?assignees=&labels=%F0%9F%90%9B+Bug&projects=&template=bug.yml&title=[Vulnerability] From 20dc69c0344db94ba64c4f67e72612bf192c5b4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Jul 2023 21:32:38 +0200 Subject: [PATCH 5/5] Bump semver from 6.3.0 to 6.3.1 (#1222) Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v6.3.0...v6.3.1) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/yarn.lock b/yarn.lock index df67a75fe..8f58ade24 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8265,26 +8265,15 @@ __metadata: linkType: hard "semver@npm:^6.0.0, semver@npm:^6.3.0": - version: 6.3.0 - resolution: "semver@npm:6.3.0" - bin: - semver: ./bin/semver.js - checksum: 1b26ecf6db9e8292dd90df4e781d91875c0dcc1b1909e70f5d12959a23c7eebb8f01ea581c00783bbee72ceeaad9505797c381756326073850dc36ed284b21b9 - languageName: node - linkType: hard - -"semver@npm:^7.3.5, semver@npm:^7.3.7": - version: 7.5.1 - resolution: "semver@npm:7.5.1" - dependencies: - lru-cache: ^6.0.0 + version: 6.3.1 + resolution: "semver@npm:6.3.1" bin: semver: bin/semver.js - checksum: d16dbedad53c65b086f79524b9ef766bf38670b2395bdad5c957f824dcc566b624988013564f4812bcace3f9d405355c3635e2007396a39d1bffc71cfec4a2fc + checksum: ae47d06de28836adb9d3e25f22a92943477371292d9b665fb023fae278d345d508ca1958232af086d85e0155aee22e313e100971898bbb8d5d89b8b1d4054ca2 languageName: node linkType: hard -"semver@npm:^7.5.0": +"semver@npm:^7.3.5, semver@npm:^7.3.7, semver@npm:^7.5.0": version: 7.5.4 resolution: "semver@npm:7.5.4" dependencies: