diff --git a/packages/node_modules/@node-red/editor-client/src/js/ui/palette-editor.js b/packages/node_modules/@node-red/editor-client/src/js/ui/palette-editor.js index 147789940..3dbff87a3 100644 --- a/packages/node_modules/@node-red/editor-client/src/js/ui/palette-editor.js +++ b/packages/node_modules/@node-red/editor-client/src/js/ui/palette-editor.js @@ -329,21 +329,26 @@ RED.palette.editor = (function() { catalogueLoadStatus.push(err||v); if (!err) { if (v.modules) { - v.modules.forEach(function(m) { - loadedIndex[m.id] = m; - m.index = [m.id]; - if (m.keywords) { - m.index = m.index.concat(m.keywords); + var a = false; + v.modules = v.modules.filter(function(m) { + if (checkModuleAllowed(m.id,m.version,installAllowList,installDenyList)) { + loadedIndex[m.id] = m; + m.index = [m.id]; + if (m.keywords) { + m.index = m.index.concat(m.keywords); + } + if (m.types) { + m.index = m.index.concat(m.types); + } + if (m.updated_at) { + m.timestamp = new Date(m.updated_at).getTime(); + } else { + m.timestamp = 0; + } + m.index = m.index.join(",").toLowerCase(); + return true; } - if (m.types) { - m.index = m.index.concat(m.types); - } - if (m.updated_at) { - m.timestamp = new Date(m.updated_at).getTime(); - } else { - m.timestamp = 0; - } - m.index = m.index.join(",").toLowerCase(); + return false; }) loadedList = loadedList.concat(v.modules); } @@ -437,11 +442,87 @@ RED.palette.editor = (function() { return -1 * (A.info.timestamp-B.info.timestamp); } + var installAllowList = ['*']; + var installDenyList = []; + + function parseModuleList(list) { + list = list || ["*"]; + return list.map(rule => { + var m = /^(.+?)(?:@(.*))?$/.exec(rule); + var wildcardPos = m[1].indexOf("*"); + wildcardPos = wildcardPos===-1?Infinity:wildcardPos; + + return { + module: new RegExp("^"+m[1].replace(/\*/g,".*")+"$"), + version: m[2], + wildcardPos: wildcardPos + } + }) + } + + function checkAgainstList(module,version,list) { + for (var i=0;i deniedRule.wildcardPos + } else { + // First wildcard in same position. + // Go with the longer matching rule. This isn't going to be 100% + // right, but we are deep into edge cases at this point. + return allowedRule.module.toString().length > deniedRule.module.toString().length + } + return false; + } function init() { if (RED.settings.get('externalModules.palette.allowInstall', true) === false) { return; } + var settingsAllowList = RED.settings.get("externalModules.palette.allowList") + var settingsDenyList = RED.settings.get("externalModules.palette.denyList") + if (settingsAllowList || settingsDenyList) { + installAllowList = settingsAllowList; + installDenyList = settingsDenyList + } + installAllowList = parseModuleList(installAllowList); + installDenyList = parseModuleList(installDenyList); + + console.log(installAllowList); + console.log(installDenyList); + createSettingsPane(); RED.userSettings.add({