On 2021/12/29 17:48:23 Daniel Gruno wrote:
> On 29/12/2021 18.29, [email protected] wrote:
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > sebb pushed a commit to branch master
> > in repository
> > https://gitbox.apache.org/repos/asf/incubator-ponymail-foal.git
> >
> > commit 6d02e81d1ee747d0cb8c56cb9b32dd152835c707
> > Author: Sebb <[email protected]>
> > AuthorDate: Wed Dec 29 00:28:55 2021 +0000
> >
> > Extract various versions
> > ---
> > server/endpoints/preferences.py | 9 +++++++++
> > server/main.py | 5 +++++
> > server/plugins/background.py | 7 +++++++
> > 3 files changed, 21 insertions(+)
> >
> > diff --git a/server/endpoints/preferences.py
> > b/server/endpoints/preferences.py
> > index dcf49b1..c082a50 100644
> > --- a/server/endpoints/preferences.py
> > +++ b/server/endpoints/preferences.py
> > @@ -29,7 +29,16 @@ import fnmatch
> > async def process(
> > server: plugins.server.BaseServer, session:
> > plugins.session.SessionObject, indata: dict
> > ) -> typing.Union[dict, aiohttp.web.Response]:
> > +
> > + versions: dict = {
> > + "server": server.server_version,
> > + "foal": server.foal_version,
> > + "elasticsearch_engine": server.engine_version,
> > + "elasticsearch_library": server.library_version
> > + }
>
> I think this should be configurable defaulting to off. We're essentially
> exposing backend information here that could potentially be exploited.
Not all of it has the same sensitivity. For example, the foal version gives
little away and could be important for signalling API enhancements. The server
version is a bit more sensitive, so maybe could be restricted to login users.
Likewise the ES versions.
>
> > +
> > prefs: dict = {"login": {}}
> > + prefs['versions'] = versions
> > lists: dict = {}
> > for ml, entry in server.data.lists.items():
> > if "@" in ml:
> > diff --git a/server/main.py b/server/main.py
> > index 09fc483..b7e9447 100644
> > --- a/server/main.py
> > +++ b/server/main.py
> > @@ -66,6 +66,11 @@ class Server(plugins.server.BaseServer):
> > self.server = None
> > self.streamlock = asyncio.Lock()
> > self.api_logger = None
> > + self.foal_version = PONYMAIL_FOAL_VERSION
> > + self.server_version = PONYMAIL_SERVER_VERSION
> > + # provided by background.py
> > + self.library_version: str
> > + self.engine_version: str
> >
> > # Make a pool of database connections for async queries
> > pool_size = self.config.database.pool_size
> > diff --git a/server/plugins/background.py b/server/plugins/background.py
> > index d61f872..cc08052 100644
> > --- a/server/plugins/background.py
> > +++ b/server/plugins/background.py
> > @@ -24,6 +24,7 @@ import sys
> > import time
> >
> > from elasticsearch_dsl import Search
> > +from elasticsearch import VERSION as ES_VERSION
> >
> > import plugins.configuration
> > import plugins.server
> > @@ -215,6 +216,12 @@ async def run_tasks(server: plugins.server.BaseServer)
> > -> None:
> >
> > Generally runs every 2½ minutes, or whatever is set in
> > tasks/refresh_rate in ponymail.yaml
> > """
> > +
> > + # Initial setup
> > + server.library_version = ".".join([str(v) for v in ES_VERSION])
> > + db = plugins.database.Database(server.config.database)
> > + server.engine_version = (await db.info())['version']['number']
> > +
> > while True:
> > async with ProgTimer("Gathering list of archived mailing lists"):
> > try:
>
>
