Critical security bug fixes and stability improvements

- Critical socket.io security vulnerabilities patched
- Improved collector handling of client errors, such as 504 (will no longer treat as "empty" response and remove all previously fetched items for that client)
- Client timeouts are now appropriately caught and logged, will no longer bring down Shelf instance.
- Renamed `ShelfProperties` to `PropertyManager`, for clarity
- All rogue tabs now converted to x4 spaces
- No longer attempting to load missing `Logger.js` file client-side
- Trimmed unused require statements
- Improved names in paths.js
- Refactored mongoCleaner.js to be consistent with Shelf style guide
- Rewrote some documentation
- Rewrote MongoClient.js logging statements to be more helpful, consistent, and clear

Author: barrowclift

.gitignore

@@ -63,3 +63,5 @@ typings/
 /client/static/images/board-games/boardgame*
 /server/config.json
 /replacement-art
+/fix
+package-lock.json

README.md

@@ -7,23 +7,23 @@
 <img src="https://raw.githubusercontent.com/barrowclift/shelf/master/screenshots/shelf-promo.png" />
 
 1. [FAQ](#faq)
-	* [Why use shelf?](#why-use-shelf)
-	* [Doesn't Discogs/Goodreads/BoardGameGeek already do this?](#doesnt-discogsgoodreadsboardgamegeek-already-do-this)
-	* [How does Shelf handle different issues of the same entity?](#how-does-shelf-handle-different-issues-of-the-same-entity)
-	* [Can I help?](#can-i-help)
+    * [Why use shelf?](#why-use-shelf)
+    * [Doesn't Discogs/Goodreads/BoardGameGeek already do this?](#doesnt-discogsgoodreadsboardgamegeek-already-do-this)
+    * [How does Shelf handle different issues of the same entity?](#how-does-shelf-handle-different-issues-of-the-same-entity)
+    * [Can I help?](#can-i-help)
 2. [Setup](#setup)
-	* [Installation](#installation)
-	* [v1 Migration](#v1x-migration)
-	* [How do I add my library to Shelf?](#how-do-i-add-my-library-to-shelf)
-	* [How do I sync my Discogs account with Shelf to display my records?](#how-do-i-sync-my-discogs-account-with-shelf-to-display-my-records)
-	* [How do I sync my Goodreads account with Shelf to display my books?](#how-do-i-sync-my-goodreads-account-with-shelf-to-display-my-books)
-	* [How do I sync my BoardGameGeek account with Shelf to display my games?](#how-do-i-sync-my-boardgamegeek-account-with-shelf-to-display-my-games)
-	* [Can I add new entities into Shelf directly?](#can-i-add-new-entities-into-shelf-directly)
-	* [What if I only want to display a particular collection, like board games?](#what-if-i-only-want-to-display-a-particular-collection-like-board-games)
+    * [Installation](#installation)
+    * [v1 Migration](#v1x-migration)
+    * [How do I add my library to Shelf?](#how-do-i-add-my-library-to-shelf)
+    * [How do I sync my Discogs account with Shelf to display my records?](#how-do-i-sync-my-discogs-account-with-shelf-to-display-my-records)
+    * [How do I sync my Goodreads account with Shelf to display my books?](#how-do-i-sync-my-goodreads-account-with-shelf-to-display-my-books)
+    * [How do I sync my BoardGameGeek account with Shelf to display my games?](#how-do-i-sync-my-boardgamegeek-account-with-shelf-to-display-my-games)
+    * [Can I add new entities into Shelf directly?](#can-i-add-new-entities-into-shelf-directly)
+    * [What if I only want to display a particular collection, like board games?](#what-if-i-only-want-to-display-a-particular-collection-like-board-games)
 3. [Architecture](#architecture)
 3. [Roadmap](#roadmap)
-	* [Do you plan to later support other media in Shelf, like Video Games and Movies?](#do-you-plan-to-later-support-other-media-in-shelf-like-video-games-and-movies)
-	* ["X doesn't look right in Firefox/Chrome/Opera, will you fix it?"](#x-doesnt-look-right-in-firefoxchromeopera-will-you-fix-it)
+    * [Do you plan to later support other media in Shelf, like Video Games and Movies?](#do-you-plan-to-later-support-other-media-in-shelf-like-video-games-and-movies)
+    * ["X doesn't look right in Firefox/Chrome/Opera, will you fix it?"](#x-doesnt-look-right-in-firefoxchromeopera-will-you-fix-it)
 
 # FAQ
 

admin/cleanMongoDb.sh

@@ -29,7 +29,7 @@ function cleanMongoDb {
         wait $starterProcess
     fi
 
-    node "${ADMIN_DIR}"/mongoCleaner.js > "${LOGS_DIR}"/clean-mongodb.log 2>&1 &
+    node "${ADMIN_DIR}"/mongoShim.js "clean" > "${LOGS_DIR}"/clean-mongodb.log 2>&1 &
     cleanerProcess=$!
     wait $cleanerProcess
 

admin/dropCache.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+export ADMIN_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+source "${ADMIN_DIR}"/init.sh
+
+function dropCache {
+    node "${ADMIN_DIR}"/mongoShim.js "clear" > "${LOGS_DIR}"/drop-cache.log 2>&1 &
+    dropCacheProcess=$!
+    wait $dropCacheProcess
+
+    echo "Shelf cache has been dropped"
+}
+
+dropCache
+
+exit 0

admin/mongoCleaner.js

@@ -0,0 +1,66 @@
+"use strict";
+
+// DEPENDENCIES
+// ------------
+// External
+let path = require("path");
+let Properties = require("properties");
+let request = require("request-promise");
+let socketIo = require("socket.io-client");
+// Local
+const SHELF_ROOT_DIRECTORY_PATH = path.join(__dirname, "..");
+let CachedMongoClient = require(path.join(SHELF_ROOT_DIRECTORY_PATH, "server/db/CachedMongoClient"));
+let PropertyManager = require(path.join(SHELF_ROOT_DIRECTORY_PATH, "server/common/PropertyManager"));
+let socketCodes = require(path.join(SHELF_ROOT_DIRECTORY_PATH, "server/common/socketCodes"));
+let util = require(path.join(SHELF_ROOT_DIRECTORY_PATH, "server/common/util"));
+
+
+// CONSTANTS
+// ---------
+const PROPERTIES_FILE_NAME = path.join(SHELF_ROOT_DIRECTORY_PATH, "server/resources/shelf.properties");
+
+
+// GLOBALS
+// -------
+var propertyManager = null;
+
+
+async function cleanDbAndClose() {
+    var mongoClient = new CachedMongoClient(propertyManager);
+    await mongoClient.connect();
+    await mongoClient.dropRecords();
+    await mongoClient.dropBoardGames();
+    await mongoClient.dropBooks();
+    await mongoClient.close();
+}
+
+async function sendClearCacheRequest() {
+    // Connect to backend server for communicating changes
+    let backendSocket = socketIo.connect(propertyManager.backendUrl, { reconnect: true });
+    let messageSent = false;
+    backendSocket.on("connect", function() {
+        console.log("Socket connection to backend server initialized");
+        backendSocket.emit(socketCodes.CLEAR_CACHE);
+        messageSent = true;
+    });
+    while (!messageSent) {
+        await util.sleepForSeconds(0.1);
+    }
+    backendSocket.close();
+}
+
+async function main() {
+    propertyManager = new PropertyManager();
+    await propertyManager.load(PROPERTIES_FILE_NAME);
+
+    let command = process.argv[2]
+    if ("clean" == command) {
+        await cleanDbAndClose();
+    } else if ("clear" == command) {
+        await sendClearCacheRequest();
+    } else {
+        console.log("Unsupported command '" + command + "'")
+    }
+}
+
+main();

admin/mongoShim.js

@@ -34,7 +34,7 @@ wait $result
 SUCCESS=$?
 
 if [ $SUCCESS -eq 0 ]; then
-	echo -e "${GREEN}All started successfully${RESET}"
+    echo -e "${GREEN}All started successfully${RESET}"
     exit 0
 else
     echo -e "${RED}Shelf failed to start${RESET}"

admin/start.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export ADMIN_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
-source ${ADMIN_DIR}/init.sh
+source "${ADMIN_DIR}"/init.sh
 
 MONGODB_NOHUP_RUNNING=$(ps -ef | grep "mongod --dbpath ""$MONGO_DB" | grep -v grep)
 HAS_SERVICE_COMMAND=$(command -v service)

admin/startMongoDb.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 export ADMIN_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
 source "${ADMIN_DIR}"/init.sh
 

admin/startServer.sh

@@ -6,11 +6,11 @@ source "${ADMIN_DIR}"/init.sh
 SERVER_RUNNING=$(ps -ef | grep "node ""${SERVER_DIR}" | grep -v grep)
 
 if [ -n "$SERVER_RUNNING" ]; then
-	if [ "$USE_PM2" = true ] ; then
-	    pm2 --silent stop shelf
-	else
-	    ps -ef | grep "node ""${SERVER_DIR}""/main.js" | grep -v grep | awk '{print $2}' | xargs kill -9
-	fi
+    if [ "$USE_PM2" = true ] ; then
+        pm2 --silent stop shelf
+    else
+        ps -ef | grep "node ""${SERVER_DIR}""/main.js" | grep -v grep | awk '{print $2}' | xargs kill -9
+    fi
 
     SUCCESS=$?
     if [ $SUCCESS -eq 0 ]; then