Merge branch 'main' into confluence

2026-05-21 01:04:39 +08:00 · 2026-05-15 13:26:33 +01:00
parent 93ff3f43b7 b7b99cb3b2
commit 12ef426541
372 changed files with 21229 additions and 5574 deletions
@@ -112,7 +112,10 @@ export class EnvironmentService {
  }

  getAwsS3ForcePathStyle(): boolean {
-    return this.configService.get<boolean>('AWS_S3_FORCE_PATH_STYLE');
+    const forcePathStyle = this.configService
+      .get<string>('AWS_S3_FORCE_PATH_STYLE', 'false')
+      .toLowerCase();
+    return forcePathStyle === 'true';
  }

  getAwsS3Url(): string {
@@ -131,6 +134,17 @@ export class EnvironmentService {
    return this.configService.get<string>('MAIL_FROM_NAME', 'Docmost');
  }

+  getMailBlockedRecipientDomains(): string[] {
+    const raw = this.configService.get<string>(
+      'MAIL_BLOCKED_RECIPIENT_DOMAINS',
+      '',
+    );
+    return raw
+      .split(',')
+      .map((d) => d.trim().toLowerCase())
+      .filter(Boolean);
+  }
+
  getSmtpHost(): string {
    return this.configService.get<string>('SMTP_HOST');
  }
@@ -304,4 +318,11 @@ export class EnvironmentService {
  getClickHouseUrl(): string {
    return this.configService.get<string>('CLICKHOUSE_URL');
  }
+
+  getSamlDisableRequestedAuthnContext(): boolean {
+    const disabled = this.configService
+      .get<string>('SAML_DISABLE_REQUESTED_AUTHN_CONTEXT', 'false')
+      .toLowerCase();
+    return disabled === 'true';
+  }
 }
@@ -23,9 +23,12 @@ import {
  SpaceCaslSubject,
 } from '../../core/casl/interfaces/space-ability.type';
 import { FastifyReply } from 'fastify';
-import { sanitize } from 'sanitize-filename-ts';
 import { getExportExtension } from './utils';
-import { getMimeType, getPageTitle } from '../../common/helpers';
+import {
+  getMimeType,
+  getPageTitle,
+  sanitizeFileName,
+} from '../../common/helpers';
 import * as path from 'path';
 import { AuditEvent, AuditResource } from '../../common/events/audit-events';
 import {
@@ -85,7 +88,9 @@ export class ExportController {

    if (result.type === 'file') {
      const ext = getExportExtension(dto.format);
-      const fileName = sanitize(page.title || 'untitled') + ext;
+      const fileName =
+        sanitizeFileName(page.title || 'untitled', { preserveSpaces: true }) +
+        ext;
      const contentType = getMimeType(path.extname(fileName));

      res.headers({
@@ -96,7 +101,9 @@ export class ExportController {

      res.send(result.content);
    } else {
-      const fileName = sanitize(page.title || 'untitled') + '.zip';
+      const fileName =
+        sanitizeFileName(page.title || 'untitled', { preserveSpaces: true }) +
+        '.zip';

      res.headers({
        'Content-Type': 'application/zip',
@@ -144,7 +151,9 @@ export class ExportController {
      'Content-Type': 'application/zip',
      'Content-Disposition':
        'attachment; filename="' +
-        encodeURIComponent(sanitize(exportFile.fileName)) +
+        encodeURIComponent(
+          sanitizeFileName(exportFile.fileName, { preserveSpaces: true }),
+        ) +
        '"',
    });

@@ -39,6 +39,8 @@ import {
 } from '../../common/helpers/prosemirror/utils';
 import { htmlToMarkdown } from '@docmost/editor-ext';

+type AllowedAttachment = { id: string; fileName: string; filePath: string };
+
@Injectable()
 export class ExportService {
  private readonly logger = new Logger(ExportService.name);
@@ -272,6 +274,12 @@ export class ExportService {

    computeLocalPath(tree, format, null, '', slugIdToPath);

+    // Batch resolve attachments once for the whole export so we only run the
+    // owning-page view check a single time, regardless of page count.
+    const allowedAttachments = includeAttachments
+      ? await this.resolveAccessibleAttachments(tree, userId, ignorePermissions)
+      : new Map<string, AllowedAttachment>();
+
    const stack: { folder: JSZip; parentPageId: string | null }[] = [
      { folder: zip, parentPageId: null },
    ];
@@ -301,7 +309,7 @@ export class ExportService {
        );

        if (includeAttachments) {
-          await this.zipAttachments(updatedJsonContent, page.spaceId, folder);
+          await this.zipAttachments(updatedJsonContent, folder, allowedAttachments);
          updatedJsonContent =
            updateAttachmentUrlsToLocalPaths(updatedJsonContent);
        }
@@ -347,31 +355,80 @@ export class ExportService {
    zip.file('docmost-metadata.json', JSON.stringify(metadata, null, 2));
  }

-  async zipAttachments(prosemirrorJson: any, spaceId: string, zip: JSZip) {
+  async zipAttachments(
+    prosemirrorJson: any,
+    zip: JSZip,
+    allowed: Map<string, AllowedAttachment>,
+  ) {
    const attachmentIds = getAttachmentIds(prosemirrorJson);

-    if (attachmentIds.length > 0) {
-      const attachments = await this.db
-        .selectFrom('attachments')
-        .select(['id', 'fileName', 'filePath'])
-        .where('id', 'in', attachmentIds)
-        .where('spaceId', '=', spaceId)
-        .execute();
+    await Promise.all(
+      attachmentIds.map(async (id) => {
+        const attachment = allowed.get(id);
+        if (!attachment) return;
+        try {
+          const fileBuffer = await this.storageService.read(
+            attachment.filePath,
+          );
+          const filePath = `/files/${attachment.id}/${attachment.fileName}`;
+          zip.file(filePath, fileBuffer);
+        } catch (err) {
+          this.logger.debug(`Attachment export error ${attachment.id}`, err);
+        }
+      }),
+    );
+  }

-      await Promise.all(
-        attachments.map(async (attachment) => {
-          try {
-            const fileBuffer = await this.storageService.read(
-              attachment.filePath,
-            );
-            const filePath = `/files/${attachment.id}/${attachment.fileName}`;
-            zip.file(filePath, fileBuffer);
-          } catch (err) {
-            this.logger.debug(`Attachment export error ${attachment.id}`, err);
-          }
-        }),
+  private async resolveAccessibleAttachments(
+    tree: PageExportTree,
+    userId: string | undefined,
+    ignorePermissions: boolean,
+  ): Promise<Map<string, AllowedAttachment>> {
+    const allAttachmentIds = new Set<string>();
+    let spaceId: string | undefined;
+    for (const siblings of Object.values(tree)) {
+      for (const page of siblings) {
+        if (!spaceId) spaceId = page.spaceId;
+        for (const id of getAttachmentIds(getProsemirrorContent(page.content))) {
+          allAttachmentIds.add(id);
+        }
+      }
+    }
+
+    if (allAttachmentIds.size === 0 || !spaceId) {
+      return new Map();
+    }
+
+    const attachments = await this.db
+      .selectFrom('attachments')
+      .select(['id', 'fileName', 'filePath', 'pageId'])
+      .where('id', 'in', [...allAttachmentIds])
+      .where('spaceId', '=', spaceId)
+      .execute();
+
+    let visible = attachments;
+    if (!ignorePermissions && userId) {
+      const ownerPageIds = [
+        ...new Set(
+          attachments
+            .map((a) => a.pageId)
+            .filter((id): id is string => !!id),
+        ),
+      ];
+      const accessible = ownerPageIds.length
+        ? await this.pagePermissionRepo.filterAccessiblePageIds({
+            pageIds: ownerPageIds,
+            userId,
+            spaceId,
+          })
+        : [];
+      const accessibleSet = new Set(accessible);
+      visible = attachments.filter(
+        (a) => a.pageId && accessibleSet.has(a.pageId),
      );
    }
+
+    return new Map(visible.map((a) => [a.id, a]));
  }

  async turnPageMentionsToLinks(
@@ -51,9 +51,9 @@ export class ImportController {
    @AuthUser() user: User,
    @AuthWorkspace() workspace: Workspace,
  ) {
-    const validFileExtensions = ['.md', '.html', '.docx'];
+    const validFileExtensions = ['.md', '.html', '.docx', '.pdf'];

-    const maxFileSize = bytes('20mb');
+    const maxFileSize = bytes('30mb');

    let file = null;
    try {
@@ -102,6 +102,7 @@ export class ImportController {
      '.md': 'markdown',
      '.html': 'html',
      '.docx': 'docx',
+      '.pdf': 'pdf',
    };

    if (createdPage) {
@@ -1,7 +1,6 @@
 import { BadRequestException, Injectable, Logger } from '@nestjs/common';
 import { PageRepo } from '@docmost/db/repos/page/page.repo';
 import { MultipartFile } from '@fastify/multipart';
-import { sanitize } from 'sanitize-filename-ts';
 import * as path from 'path';
 import {
  htmlToJson,
@@ -55,8 +54,8 @@ export class ImportService {
    const file = await filePromise;
    const fileBuffer = await file.toBuffer();
    const fileExtension = path.extname(file.filename).toLowerCase();
-    const fileName = sanitize(
-      path.basename(file.filename, fileExtension).slice(0, 255),
+    const fileName = sanitizeFileName(
+      path.basename(file.filename, fileExtension),
    );
    const fileContent = fileBuffer.toString();

@@ -64,7 +63,10 @@ export class ImportService {
    let createdPage = null;

    // For DOCX, we need the page ID upfront so images can reference it
-    const pageId = fileExtension === '.docx' ? uuid7() : undefined;
+    const pageId =
+      fileExtension === '.docx' || fileExtension === '.pdf'
+        ? uuid7()
+        : undefined;

    try {
      if (fileExtension.endsWith('.md')) {
@@ -79,6 +81,14 @@ export class ImportService {
          pageId,
          userId,
        );
+      } else if (fileExtension.endsWith('.pdf')) {
+        prosemirrorState = await this.processPdf(
+          fileBuffer,
+          workspaceId,
+          spaceId,
+          pageId,
+          userId,
+        );
      }
    } catch (err) {
      const message = 'Error processing file content';
@@ -157,7 +167,7 @@ export class ImportService {
    let DocxImportModule: any;
    try {
      // eslint-disable-next-line @typescript-eslint/no-require-imports
-      DocxImportModule = require('./../../../ee/docx-import/docx-import.service');
+      DocxImportModule = require('./../../../ee/document-import/docx-import.service');
    } catch (err) {
      this.logger.error(
        'DOCX import requested but EE module not bundled in this build',
@@ -183,6 +193,42 @@ export class ImportService {
    return this.processHTML(html);
  }

+  async processPdf(
+    fileBuffer: Buffer,
+    workspaceId: string,
+    spaceId: string,
+    pageId: string,
+    userId: string,
+  ): Promise<any> {
+    let PdfImportModule: any;
+    try {
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      PdfImportModule = require('./../../../ee/document-import/pdf-import.service');
+    } catch (err) {
+      this.logger.error(
+        'PDF import requested but EE module not bundled in this build',
+      );
+      throw new BadRequestException(
+        'This feature requires a valid enterprise license.',
+      );
+    }
+
+    const pdfImportService = this.moduleRef.get(
+      PdfImportModule.PdfImportService,
+      { strict: false },
+    );
+
+    const html = await pdfImportService.convertPdfToHtml(
+      fileBuffer,
+      workspaceId,
+      spaceId,
+      pageId,
+      userId,
+    );
+
+    return this.processHTML(html);
+  }
+
  async createYdoc(prosemirrorJson: any): Promise<Buffer | null> {
    if (prosemirrorJson) {
      // this.logger.debug(`Converting prosemirror json state to ydoc`);
@@ -1,5 +1,7 @@
 import { CheerioAPI, Cheerio } from 'cheerio';

+const DEFAULT_IMPORT_COL_WIDTH_PX = 150;
+
 /**
 * Extracts a pixel-integer width from either the `width` attribute or
 * `style="width: Npx"` on a <col>/<td>/<th>. Returns null when absent,
@@ -70,12 +72,23 @@ export function normalizeTableColumnWidths(
 ): void {
  $root.find('table').each(function () {
    const table = $(this);
-    const colWidths = deriveColumnWidths($, table);
-    if (!colWidths) return;
-
    const firstRow = table.find('> tbody > tr, > thead > tr, > tr').first();
    if (!firstRow.length) return;

+    let colWidths = deriveColumnWidths($, table);
+    if (!colWidths) {
+      // No widths anywhere (e.g. markdown-sourced tables). Apply a default
+      // per-column width so the table's intrinsic width can exceed the
+      // editor container, letting .tableWrapper's overflow-x: auto scroll
+      // instead of cramming columns into the available width.
+      let count = 0;
+      firstRow.children('td, th').each(function () {
+        count += parseInt($(this).attr('colspan') || '1', 10) || 1;
+      });
+      if (count === 0) return;
+      colWidths = new Array(count).fill(DEFAULT_IMPORT_COL_WIDTH_PX);
+    }
+
    let col = 0;
    firstRow.children('td, th').each(function () {
      const cell = $(this);
@@ -6,7 +6,7 @@ import { EnvironmentService } from '../environment/environment.service';
 import { InjectQueue } from '@nestjs/bullmq';
 import { QueueName, QueueJob } from '../queue/constants';
 import { Queue } from 'bullmq';
-import { render } from '@react-email/render';
+import { render } from 'react-email';

@Injectable()
 export class MailService {
@@ -17,6 +17,10 @@ export class MailService {
  ) {}

  async sendEmail(message: MailMessage): Promise<void> {
+    if (this.isRecipientBlocked(message.to)) {
+      return;
+    }
+
    if (message.template) {
      // in case this method is used directly. we do not send the tsx template from queue
      message.html = await render(message.template, {
@@ -35,6 +39,10 @@ export class MailService {
  }

  async sendToQueue(message: MailMessage): Promise<void> {
+    if (this.isRecipientBlocked(message.to)) {
+      return;
+    }
+
    if (message.template) {
      // transform the React object because it gets lost when sent via the queue
      message.html = await render(message.template, {
@@ -47,4 +55,11 @@ export class MailService {
    }
    await this.emailQueue.add(QueueJob.SEND_EMAIL, message);
  }
+
+  private isRecipientBlocked(to: string): boolean {
+    const blocked = this.environmentService.getMailBlockedRecipientDomains();
+    if (blocked.length === 0) return false;
+    const domain = to?.split('@')[1]?.toLowerCase();
+    return !!domain && blocked.includes(domain);
+  }
 }
@@ -0,0 +1,67 @@
+import { resolve, sep } from 'path';
+import { LocalDriver } from './local.driver';
+
+type FullPath = (filePath: string) => string;
+
+describe('LocalDriver._fullPath', () => {
+  const ROOT = resolve('/data/storage');
+  const driver = new LocalDriver({ storagePath: ROOT });
+  const fullPath = ((driver as any)._fullPath as FullPath).bind(driver);
+
+  describe('legitimate inputs (behavior preserved)', () => {
+    it.each([
+      ['workspace-id/avatars/uuid.png', `${ROOT}${sep}workspace-id${sep}avatars${sep}uuid.png`],
+      ['workspace-id/files/uuid/file.pdf', `${ROOT}${sep}workspace-id${sep}files${sep}uuid${sep}file.pdf`],
+      ['a/b/c/d/e.bin', `${ROOT}${sep}a${sep}b${sep}c${sep}d${sep}e.bin`],
+      ['', ROOT],
+      ['.', ROOT],
+      ['./x/y.png', `${ROOT}${sep}x${sep}y.png`],
+      ['a//b', `${ROOT}${sep}a${sep}b`],
+      ['a/b/../c', `${ROOT}${sep}a${sep}c`],
+    ])('resolves %j to %j', (input, expected) => {
+      expect(fullPath(input)).toBe(expected);
+    });
+  });
+
+  describe('traversal rejected', () => {
+    it.each([
+      '../etc/passwd',
+      '../../../etc/passwd',
+      'workspace/../../../etc/passwd',
+      '..',
+      '../..',
+      'a/../../..',
+    ])('throws for %j', (input) => {
+      expect(() => fullPath(input)).toThrow('Invalid file path');
+    });
+  });
+
+  describe('absolute path rejected', () => {
+    it.each([
+      '/etc/passwd',
+      '/root/.ssh/id_rsa',
+      sep + 'absolute',
+    ])('throws for %j', (input) => {
+      expect(() => fullPath(input)).toThrow('Invalid file path');
+    });
+  });
+
+  describe('prefix-confusion rejected', () => {
+    it('rejects a sibling directory whose name starts with the storage root', () => {
+      const siblingDriver = new LocalDriver({ storagePath: '/data/storage' });
+      const siblingFullPath = ((siblingDriver as any)._fullPath as FullPath).bind(siblingDriver);
+      // Attempt to reach /data/storage-evil/secret by traversal:
+      // resolve('/data/storage', '../storage-evil/secret') === '/data/storage-evil/secret'
+      // Without the `+ sep` guard, a startsWith check would match.
+      expect(() => siblingFullPath('../storage-evil/secret')).toThrow('Invalid file path');
+    });
+  });
+
+  describe('storage root itself', () => {
+    it('accepts the root when input resolves to it', () => {
+      expect(fullPath('')).toBe(ROOT);
+      expect(fullPath('.')).toBe(ROOT);
+      expect(fullPath('a/..')).toBe(ROOT);
+    });
+  });
+});
@@ -3,7 +3,7 @@ import {
  LocalStorageConfig,
  StorageOption,
 } from '../interfaces';
-import { join, dirname } from 'path';
+import { dirname, resolve, sep } from 'path';
 import * as fs from 'fs-extra';
 import { Readable } from 'stream';
 import { createReadStream, createWriteStream } from 'node:fs';
@@ -17,7 +17,12 @@ export class LocalDriver implements StorageDriver {
  }

  private _fullPath(filePath: string): string {
-    return join(this.config.storagePath, filePath);
+    const storageRoot = resolve(this.config.storagePath);
+    const fullPath = resolve(storageRoot, filePath);
+    if (fullPath !== storageRoot && !fullPath.startsWith(storageRoot + sep)) {
+      throw new Error('Invalid file path');
+    }
+    return fullPath;
  }

  async upload(filePath: string, file: Buffer | Readable): Promise<void> {
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Button, Link, Section, Text } from '@react-email/components';
+import { Button, Link, Section, Text } from 'react-email';
 import * as React from 'react';
 import { button, content, paragraph } from '../css/styles';
 import { MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Link, Section, Text } from '@react-email/components';
+import { Link, Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, link, paragraph } from '../css/styles';
 import { getGreetingName, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Link, Section, Text } from '@react-email/components';
+import { Link, Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, link, paragraph } from '../css/styles';
 import { EmailButton, getGreetingName, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -1,4 +1,4 @@
-import { Section, Text } from '@react-email/components';
+import { Section, Text } from 'react-email';
 import * as React from 'react';
 import { content, paragraph } from '../css/styles';
 import { EmailButton, MailBody } from '../partials/partials';
@@ -7,7 +7,7 @@ import {
  Row,
  Section,
  Text,
-} from '@react-email/components';
+} from 'react-email';
 import * as React from 'react';

 interface MailBodyProps {