Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

agnos.is Forums

  1. Home
  2. Tech
  3. A way to disable plugin installation via ACP?

A way to disable plugin installation via ACP?

Scheduled Pinned Locked Moved Tech
7 Posts 3 Posters 13 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J This user is from outside of this forum
    J This user is from outside of this forum
    [email protected]
    wrote on last edited by
    #1

    Is there a way to configure a NodeBB instance so that plugins cannot be installed via the ACP? The other settings can be changed to disrupt the forum, but installing a malicious plugin could damage the server itself (and even Docker is not completely protective).
    Thanks!

    1 Reply Last reply
    0
    • baris@community.nodebb.orgB This user is from outside of this forum
      baris@community.nodebb.orgB This user is from outside of this forum
      [email protected]
      wrote on last edited by
      #2

      We could add a flag into config.json to disable installing plugins from the acp. And check that flag in Plugins.toggleInstall in src/socket.io/admin/plugins.js. For now you can just throw an error in that function.

      Plugins.toggleInstall = async function (socket, data) {
      	throw new Error('[[error:plugin-installs-disabled]]'); // <-add this
      	postsCache.reset();
      	await plugins.checkWhitelist(data.id, data.version);
      	const pluginData = await plugins.toggleInstall(data.id, data.version);
      	await events.log({
      		type: `plugin-${pluginData.installed ? 'install' : 'uninstall'}`,
      		text: data.id,
      		version: data.version,
      		uid: socket.uid,
      	});
      	return pluginData;
      };
      
      1 Reply Last reply
      0
      • J This user is from outside of this forum
        J This user is from outside of this forum
        [email protected]
        wrote on last edited by
        #3

        @baris Thanks, do you want me to create a PR for this?

        1 Reply Last reply
        0
        • baris@community.nodebb.orgB This user is from outside of this forum
          baris@community.nodebb.orgB This user is from outside of this forum
          [email protected]
          wrote on last edited by
          #4

          @josef sure, PR's are welcome. Make sure to send a PR to the docs as well to add it https://docs.nodebb.org/configuring/config/ the page is at https://github.com/NodeBB/docs/blob/master/src/docs/configuring/config.md.

          1 Reply Last reply
          0
          • julian@community.nodebb.orgJ This user is from outside of this forum
            julian@community.nodebb.orgJ This user is from outside of this forum
            [email protected]
            wrote on last edited by
            #5

            @josef mm the whole idea is your admins should be trusted users 😅

            1 Reply Last reply
            0
            • J This user is from outside of this forum
              J This user is from outside of this forum
              [email protected]
              wrote on last edited by
              #6

              @julian said in A way to disable plugin installation via ACP?:
              > @josef mm the whole idea is your admins should be trusted users 😅

              Trusted people can do stupid things 🙂
              Just because I let someone change the forum settings doesn't mean I want them to be able to run code on my server

              1 Reply Last reply
              0
              • J This user is from outside of this forum
                J This user is from outside of this forum
                [email protected]
                wrote on last edited by
                #7

                @baris https://github.com/NodeBB/NodeBB/pull/13189

                1 Reply Last reply
                0
                Reply
                • Reply as topic
                Log in to reply
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes


                • Login

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • World
                • Users
                • Groups