sudacode/metrics
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs(app/web): extra features permissions [skip ci]

Browse Source
This commit is contained in:
lowlighter
2022-07-06 23:48:40 -04:00
parent a8991dd53c
commit 04c8962a79
1 changed files with 40 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
.github/readme/partials/documentation/setup/web.md vendored
View File

@@ -72,10 +72,6 @@ Configuration file also contains settings about enabled templates, plugins and f
"by": "me", "by": "me",
"link": "https://user.me", "link": "https://user.me",
}, },
"extras": {
"css": true,
"features": false
},
"plugins": { "plugins": {
"isocalendar":{ "isocalendar":{
"enabled": false "enabled": false
@@ -84,10 +80,47 @@ Configuration file also contains settings about enabled templates, plugins and f
} }
``` ```
> Extras features **should not** be enabled on a public server, most of these are either compute, network or API intensive tasks. Some extras features even allow remote code execution which could compromise server security. ### 2.3 Extra features configuration
>
Extra features are a way to enable and control advanced functionality in plugins, which are usually either CPU or API intensive, require access to filesystem or binaries, and sometimes also allow remote code execution.
> ⚠️ Please understand that some extras features may compromise server integrity or security.
> Use at your own risk, *metrics* and its authors cannot be held responsible for any damage caused. > Use at your own risk, *metrics* and its authors cannot be held responsible for any damage caused.
*Example: extra features server configuration*
```javascript
{
"extras": {
"features": [
"metrics.setup.community.templates",
"metrics.api.github.overuse",
"metrics.cpu.overuse",
"metrics.run.puppeteer.scrapping",
]
}
}
```
The following extra features are supported:
| Extra feature identifier | Description |
| ----------------------------------- | --------------------------------------------------------- |
| `metrics.setup.community.templates` | Allow community templates download |
| `metrics.setup.community.presets` | Allow community presets usage |
| `metrics.api.github.overuse` | Allow GitHub API intensive requests |
| `metrics.cpu.overuse` | Allow CPU intensive requests |
| `metrics.run.tempdir` | Allow access to temporary directory (I/O operations may be performed) |
| `metrics.run.git` | Allow to run git (needs to be installed) |
| `metrics.run.licensed` | Allow to run licensed (needs to be installed) |
| ⚠️ `metrics.run.user.cmd` | Allow to run ANY command by user (USE WITH CAUTION!) |
| `metrics.run.puppeteer.scrapping` | Allow to run puppeteer to scrape data |
| `metrics.run.puppeteer.user.css` | Allow to run CSS by user during puppeteer render |
| `metrics.run.puppeteer.user.js` | Allow to run JavaScript by user during puppeteer render |
| ⚠️ `metrics.npm.optional.chartist` | Allow use of chartist (needs to be installed, vulnerable to [CVE-2021-20066](https://github.com/advisories/GHSA-f4c9-cqv8-9v98)) |
| `metrics.npm.optional.gifencoder` | Allow use of gifencoder (needs to be installed) |
| `metrics.npm.optional.libxmljs2` | Allow use of libxmljs2 (needs to be installed) |
If a plugin is used without sufficient permissions, it will result in an error.
## 3 Start docker container ## 3 Start docker container
Docker images are published on [GitHub Container Registry](https://github.com/lowlighter/metrics/pkgs/container/metrics). Docker images are published on [GitHub Container Registry](https://github.com/lowlighter/metrics/pkgs/container/metrics).