Try to fetch remote guide from whitelisted hosts if not found locally

Author: oskarhane

package.json

@@ -48,7 +48,8 @@
       "afterEach",
       "neo",
       "FileReader",
-      "Blob"
+      "Blob",
+      "fetch"
     ]
   },
   "repository": {},

src/browser/modules/Stream/PlayFrame.jsx

@@ -18,36 +18,74 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+import { Component } from 'preact'
+import { withBus } from 'preact-suber'
+import { fetchGuideFromWhitelistAction } from 'shared/modules/commands/commandsDuck'
+
 import Guides from '../Guides/Guides'
 import * as html from '../Guides/html'
 import FrameTemplate from './FrameTemplate'
 import { splitStringOnFirst } from 'services/commandUtils'
+import ErrorsView from './Views/ErrorsView'
 
-const PlayFrame = ({frame}) => {
-  let guide = 'Play guide not specified'
-  if (frame.result) {
-    guide = <Guides withDirectives html={frame.result} />
-  } else {
-    const guideName = splitStringOnFirst(frame.cmd, ' ')[1].toLowerCase().replace(/\s|-/g, '').trim() || 'start'
-    if (guideName !== '') {
-      const content = html[guideName]
-      if (content !== undefined) {
-        guide = <Guides withDirectives html={content} />
-      } else {
-        if (frame.error && frame.error.error) {
-          guide = frame.error.error
-        } else {
-          guide = <Guides withDirectives html={html['unfound']} />
+export class PlayFrame extends Component {
+  constructor (props) {
+    super(props)
+    this.state = {
+      guide: null
+    }
+  }
+  componentDidMount () {
+    if (this.props.frame.result) { // Found remote guide
+      this.setState({ guide: <Guides withDirectives html={this.props.frame.result} /> })
+      return
+    }
+    if (this.props.frame.response && this.props.frame.error && this.props.frame.error.error) { // Not found remotely (or other error)
+      if (this.props.frame.response.status === 404) return this.setState({ guide: <Guides withDirectives html={html['unfound']} /> })
+      return this.setState({
+        guide: (
+          <ErrorsView
+            error={{
+              message: 'Error: The remote server responded with the following error: ' + this.props.frame.response.status,
+              code: 'Remote guide error'
+            }}
+          />)
+      })
+    }
+    if (this.props.frame.error && this.props.frame.error.error) { // Some other error. Whitelist error etc.
+      return this.setState({ guide: <ErrorsView error={{
+        message: this.props.frame.error.error,
+        code: 'Remote guide error'
+      }} /> })
+    }
+    const guideName = splitStringOnFirst(this.props.frame.cmd, ' ')[1].toLowerCase().replace(/\s|-/g, '').trim() || 'start'
+    if (html[guideName] !== undefined) { // Found it locally
+      this.setState({ guide: <Guides withDirectives html={html[guideName]} /> })
+      return
+    }
+    // Not found remotely or locally
+    // Try to find it remotely by name
+    if (this.props.bus) {
+      const action = fetchGuideFromWhitelistAction(guideName)
+      this.props.bus.self(action.type, action, (res) => {
+        if (!res.success) { // No luck
+          return this.setState({ guide: <Guides withDirectives html={html['unfound']} /> })
         }
-      }
+        this.setState({ guide: <Guides withDirectives html={res.result} /> })
+      })
+    } else { // No bus. Give up
+      return this.setState({ guide: <Guides withDirectives html={html['unfound']} /> })
     }
   }
-  return (
-    <FrameTemplate
-      className='playFrame'
-      header={frame}
-      contents={guide}
-    />
-  )
+  render () {
+    return (
+      <FrameTemplate
+        className='playFrame'
+        header={this.props.frame}
+        contents={this.state.guide}
+      />
+    )
+  }
 }
-export default PlayFrame
+
+export default withBus(PlayFrame)

src/shared/modules/commands/commandsDuck.js

@@ -18,13 +18,16 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+import Rx from 'rxjs'
 import { getInterpreter, isNamedInterpreter, cleanCommand, extractPostConnectCommandsFromServerConfig } from 'services/commandUtils'
+import { extractWhitelistFromConfigString, addProtocolsToUrlList, firstSuccessPromise } from 'services/utils'
 import { hydrate } from 'services/duckUtils'
 import helper from 'services/commandInterpreterHelper'
 import { addHistory } from '../history/historyDuck'
 import { getCmdChar, getMaxHistory } from '../settings/settingsDuck'
+import { fetchRemoteGuide } from './helpers/play'
 import { CONNECTION_SUCCESS } from '../connections/connectionsDuck'
-import { UPDATE_SETTINGS, getAvailableSettings, fetchMetaData } from '../dbMeta/dbMetaDuck'
+import { UPDATE_SETTINGS, getAvailableSettings, fetchMetaData, getRemoteContentHostnameWhitelist } from '../dbMeta/dbMetaDuck'
 import { USER_CLEAR } from 'shared/modules/app/appDuck'
 
 export const NAME = 'commands'
@@ -36,6 +39,7 @@ export const SHOW_ERROR_MESSAGE = NAME + '/SHOW_ERROR_MESSAGE'
 export const CYPHER = NAME + '/CYPHER'
 export const CYPHER_SUCCEEDED = NAME + '/CYPHER_SUCCEEDED'
 export const CYPHER_FAILED = NAME + '/CYPHER_FAILED'
+export const FETCH_GUIDE_FROM_WHITELIST = NAME + 'FETCH_GUIDE_FROM_WHITELIST'
 
 const initialState = {
   lastCommandWasUnknown: false
@@ -91,6 +95,7 @@ export const showErrorMessage = (errorMessage) => ({
 export const cypher = (query) => ({ type: CYPHER, query })
 export const successfulCypher = (query) => ({ type: CYPHER_SUCCEEDED, query })
 export const unsuccessfulCypher = (query) => ({ type: CYPHER_FAILED, query })
+export const fetchGuideFromWhitelistAction = (url) => ({ type: FETCH_GUIDE_FROM_WHITELIST, url })
 
 // Epics
 export const handleCommandsEpic = (action$, store) =>
@@ -143,3 +148,18 @@ export const postConnectCmdEpic = (some$, store) =>
       }
     })
     .mapTo({ type: 'NOOP' })
+
+export const fetchGuideFromWhitelistEpic = (some$, store) =>
+  some$.ofType(FETCH_GUIDE_FROM_WHITELIST)
+    .mergeMap((action) => {
+      if (!action.$$responseChannel || !action.url) return Rx.Observable.of({ type: 'NOOP' })
+      const whitelistStr = getRemoteContentHostnameWhitelist(store.getState())
+      const whitelist = extractWhitelistFromConfigString(whitelistStr)
+      const urlWhitelist = addProtocolsToUrlList(whitelist)
+      const guidesUrls = urlWhitelist.map((url) => url + '/' + action.url)
+      return firstSuccessPromise(guidesUrls, (url) => { // Get first successful fetch
+        return fetchRemoteGuide(url, whitelistStr)
+                .then((r) => ({type: action.$$responseChannel, success: true, result: r}))
+      })
+        .catch((e) => ({type: action.$$responseChannel, success: false, error: e})) // If all fails, report that
+    })

src/shared/modules/commands/helpers/play.js

@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2002-2017 "Neo Technology,"
+ * Network Engine for Objects in Lund AB [http://neotechnology.com]
+ *
+ * This file is part of Neo4j.
+ *
+ * Neo4j is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import { hostIsAllowed } from 'services/utils'
+import { cleanHtml } from 'services/remoteUtils'
+import remote from 'services/remote'
+
+export const fetchRemoteGuide = (url, whitelist = null) => {
+  return new Promise((resolve, reject) => {
+    if (!hostIsAllowed(url, whitelist)) {
+      return reject(new Error('Hostname is not allowed according to server whitelist'))
+    }
+    resolve()
+  }).then(() => {
+    return remote.get(url).then((r) => {
+      return cleanHtml(r)
+    })
+  })
+}

src/shared/modules/dbMeta/__snapshots__/dbMetaDuck.test.js.snap

@@ -14,6 +14,7 @@ Object {
   },
   "settings": Object {
     "browser.allow_outgoing_connections": false,
+    "browser.remote_content_hostname_whitelist": "guides.neo4j.com, localhost",
   },
 }
 `;
@@ -33,6 +34,7 @@ Object {
   },
   "settings": Object {
     "browser.allow_outgoing_connections": false,
+    "browser.remote_content_hostname_whitelist": "guides.neo4j.com, localhost",
   },
   "shouldKeep": true,
 }

src/shared/modules/dbMeta/dbMetaDuck.js

@@ -40,22 +40,6 @@ export const UPDATE_SETTINGS = 'meta/UPDATE_SETTINGS'
 export const CLEAR = 'meta/CLEAR'
 export const FORCE_FETCH = 'meta/FORCE_FETCH'
 
-const initialState = {
-  labels: [],
-  relationshipTypes: [],
-  properties: [],
-  functions: [],
-  procedures: [],
-  server: {
-    version: null,
-    edition: null,
-    storeId: null
-  },
-  settings: {
-    'browser.allow_outgoing_connections': false
-  }
-}
-
 /**
  * Selectors
  */
@@ -86,6 +70,7 @@ export const getStoreId = (state) => state[NAME].server.storeId
 export const getAvailableSettings = (state) => (state[NAME] || initialState).settings
 export const allowOutgoingConnections = (state) => getAvailableSettings(state)['browser.allow_outgoing_connections']
 export const credentialsTimeout = (state) => getAvailableSettings(state)['browser.credential_timeout'] || 0
+export const getRemoteContentHostnameWhitelist = (state) => getAvailableSettings(state)['browser.remote_content_hostname_whitelist'] || initialState.settings['browser.remote_content_hostname_whitelist']
 export const shouldRetainConnectionCredentials = (state) => {
   const conf = getAvailableSettings(state)['browser.retain_connection_credentials']
   if (conf === null || typeof conf === 'undefined') return true
@@ -141,6 +126,24 @@ function updateMetaForContext (state, meta, context) {
   }
 }
 
+// Initial state
+const initialState = {
+  labels: [],
+  relationshipTypes: [],
+  properties: [],
+  functions: [],
+  procedures: [],
+  server: {
+    version: null,
+    edition: null,
+    storeId: null
+  },
+  settings: {
+    'browser.allow_outgoing_connections': false,
+    'browser.remote_content_hostname_whitelist': 'guides.neo4j.com, localhost'
+  }
+}
+
 /**
  * Reducer
  */

src/shared/rootEpic.js

@@ -19,7 +19,7 @@
  */
 
 import { combineEpics } from 'redux-observable'
-import { handleCommandsEpic, postConnectCmdEpic } from './modules/commands/commandsDuck'
+import { handleCommandsEpic, postConnectCmdEpic, fetchGuideFromWhitelistEpic } from './modules/commands/commandsDuck'
 import { retainCredentialsSettingsEpic, checkSettingsForRoutingDriver, connectEpic, disconnectEpic, startupConnectEpic, disconnectSuccessEpic, startupConnectionSuccessEpic, startupConnectionFailEpic, detectActiveConnectionChangeEpic, connectionLostEpic } from './modules/connections/connectionsDuck'
 import { dbMetaEpic, clearMetaOnDisconnectEpic } from './modules/dbMeta/dbMetaDuck'
 import { cancelRequestEpic } from './modules/requests/requestsDuck'
@@ -36,6 +36,7 @@ import { maxFramesConfigEpic } from './modules/stream/streamDuck'
 export default combineEpics(
   handleCommandsEpic,
   postConnectCmdEpic,
+  fetchGuideFromWhitelistEpic,
   connectionLostEpic,
   retainCredentialsSettingsEpic,
   checkSettingsForRoutingDriver,

src/shared/services/commandInterpreterHelper.js

@@ -23,10 +23,9 @@ import { getHistory } from 'shared/modules/history/historyDuck'
 import { update as updateQueryResult } from 'shared/modules/requests/requestsDuck'
 import { getParams } from 'shared/modules/params/paramsDuck'
 import { updateGraphStyleData } from 'shared/modules/grass/grassDuck'
-import { cleanHtml } from 'services/remoteUtils'
-import { hostIsAllowed } from 'services/utils'
+import { getRemoteContentHostnameWhitelist } from 'shared/modules/dbMeta/dbMetaDuck'
+import { fetchRemoteGuide } from 'shared/modules/commands/helpers/play'
 import remote from 'services/remote'
-import { getServerConfig } from 'services/bolt/boltHelpers'
 import { handleServerCommand } from 'shared/modules/commands/helpers/server'
 import { handleCypherCommand } from 'shared/modules/commands/helpers/cypher'
 import { unknownCommand, showErrorMessage, cypher, successfulCypher, unsuccessfulCypher } from 'shared/modules/commands/commandsDuck'
@@ -119,23 +118,13 @@ const availableCommands = [{
   match: (cmd) => /^play(\s|$)https?/.test(cmd),
   exec: function (action, cmdchar, put, store) {
     const url = action.cmd.substr(cmdchar.length + 'play '.length)
-
-    getServerConfig(['browser.']).then((conf) => {
-      const serverWhitelist = conf && conf['browser.remote_content_hostname_whitelist']
-      const whitelist = serverWhitelist || null
-
-      if (!hostIsAllowed(url, whitelist)) {
-        throw new Error('Hostname is not allowed according to server whitelist')
-      }
-      remote.get(url)
-        .then((r) => {
-          put(frames.add({...action, type: 'play-remote', result: cleanHtml(r)}))
-        }).catch((e) => {
-          put(frames.add({...action, type: 'play-remote', error: CouldNotFetchRemoteGuideError(e.name + ': ' + e.message)}))
-        })
-    }).catch((e) => {
-      put(frames.add({...action, type: 'play-remote', error: CouldNotFetchRemoteGuideError(e.name + ': ' + e.message)}))
-    })
+    const whitelist = getRemoteContentHostnameWhitelist(store.getState())
+    fetchRemoteGuide(url, whitelist)
+      .then((r) => {
+        put(frames.add({...action, type: 'play-remote', result: r}))
+      }).catch((e) => {
+        put(frames.add({...action, type: 'play-remote', response: (e.response || null), error: CouldNotFetchRemoteGuideError(e.name + ': ' + e.message)}))
+      })
   }
 }, {
   name: 'play',

src/shared/services/remote.js

@@ -18,7 +18,8 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-import fetch from 'isomorphic-fetch'
+/* global fetch */
+import 'isomorphic-fetch'
 
 function request (method, url, data = null) {
   return fetch(url, {
@@ -30,12 +31,15 @@ function request (method, url, data = null) {
     },
     body: data
   })
+  .then(checkStatus)
 }
 
 function get (url) {
   return fetch(url, {
     method: 'get'
-  }).then(function (response) {
+  })
+  .then(checkStatus)
+  .then(function (response) {
     return response.text()
   })
 }
@@ -53,6 +57,16 @@ function getJSON (url) {
   })
 }
 
+function checkStatus (response) {
+  if (response.status >= 200 && response.status < 300) {
+    return response
+  } else {
+    var error = new Error(response.status + ' ' + response.statusText)
+    error.response = response
+    throw error
+  }
+}
+
 export default {
   get,
   getJSON,