Merge pull request from GHSA-88j4-pcx8-q4q3

* WIP, still need to handle npm run reset-password * Implement it for "npm run reset-password" Bug fixes and change along with this commit - Move `ssl`, `hostname`, `port` to ./server/config.js, so `reset-password` is able to read it - Fix: FBSD is missing, no idea who dropped it. - Fix: Frontend code should not require any backend code (./server/config.js), moved "badgeConstants" to the common util (./src/util.ts) and drop vite-common.js * Minor
2025-08-07 22:07:01 +08:00 · 2023-12-10 20:40:40 +08:00
parent 2815cc73cf
commit 482049c72b
16 changed files with 170 additions and 54 deletions
--- a/extra/healthcheck.js
+++ b/extra/healthcheck.js
@@ -6,7 +6,7 @@
 * ⚠️ Deprecated: Changed to healthcheck.go, it will be deleted in the future.
 * This script should be run after a period of time (180s), because the server may need some time to prepare.
 */
-const { FBSD } = require("../server/util-server");
+const FBSD = /^freebsd/.test(process.platform);

 process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

--- a/extra/reset-password.js
+++ b/extra/reset-password.js
@@ -5,6 +5,8 @@ const { R } = require("redbean-node");
 const readline = require("readline");
 const { initJWTSecret } = require("../server/util-server");
 const User = require("../server/model/user");
+const { io } = require("socket.io-client");
+const { localWebSocketURL } = require("../server/config");
 const args = require("args-parser")(process.argv);
 const rl = readline.createInterface({
    input: process.stdin,
@@ -36,12 +38,16 @@ const main = async () => {
                    // Reset all sessions by reset jwt secret
                    await initJWTSecret();

+                    // Disconnect all other socket clients of the user
+                    await disconnectAllSocketClients(user.username, password);
+
                    break;
                } else {
                    console.log("Passwords do not match, please try again.");
                }
            }
            console.log("Password reset successfully.");
+
        }
    } catch (e) {
        console.error("Error: " + e.message);
@@ -66,6 +72,45 @@ function question(question) {
    });
 }

+function disconnectAllSocketClients(username, password) {
+    return new Promise((resolve) => {
+        console.log("Connecting to " + localWebSocketURL + " to disconnect all other socket clients");
+
+        // Disconnect all socket connections
+        const socket = io(localWebSocketURL, {
+            transports: [ "websocket" ],
+            reconnection: false,
+            timeout: 5000,
+        });
+        socket.on("connect", () => {
+            socket.emit("login", {
+                username,
+                password,
+            }, (res) => {
+                if (res.ok) {
+                    console.log("Logged in.");
+                    socket.emit("disconnectOtherSocketClients");
+                } else {
+                    console.warn("Login failed.");
+                    console.warn("Please restart the server to disconnect all sessions.");
+                }
+                socket.close();
+            });
+        });
+
+        socket.on("connect_error", function () {
+            // The localWebSocketURL is not guaranteed to be working for some complicated Uptime Kuma setup
+            // Ask the user to restart the server manually
+            console.warn("Failed to connect to " + localWebSocketURL);
+            console.warn("Please restart the server to disconnect all sessions manually.");
+            resolve();
+        });
+        socket.on("disconnect", () => {
+            resolve();
+        });
+    });
+}
+
 if (!process.env.TEST_BACKEND) {
    main();
 }