agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-12 07:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor Sandboxed Compiles

Browse Source
This commit is contained in:
yu-i-i
2025-05-13 17:13:27 +02:00
parent ddd2789933
commit b6eafbcc0a
4 changed files with 24 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server-ce/config/settings.js
-29
View File
@@ -462,35 +462,6 @@ switch (process.env.OVERLEAF_FILESTORE_BACKEND) {
}
}
// Overleaf Extended CE Compiler options to enable sandboxed compiles.
// -----------
if (process.env.SANDBOXED_COMPILES === 'true') {
settings.clsi = {
...settings.clsi,
dockerRunner: true,
docker: {
image: process.env.TEX_LIVE_DOCKER_IMAGE,
user: process.env.TEX_LIVE_DOCKER_USER || 'www-data',
}
}
if (settings.path == null) {
settings.path = {}
}
settings.path.synctexBaseDir = () => '/compile'
if (process.env.SANDBOXED_COMPILES_SIBLING_CONTAINERS === 'true') {
console.log('Using sibling containers for sandboxed compiles')
if (process.env.SANDBOXED_COMPILES_HOST_DIR) {
settings.path.sandboxedCompilesHostDir =
process.env.SANDBOXED_COMPILES_HOST_DIR
} else {
console.error(
'Sibling containers, but SANDBOXED_COMPILES_HOST_DIR not set'
)
}
}
}
// With lots of incoming and outgoing HTTP connections to different services,
// sometimes long running, it is a good idea to increase the default number
// of sockets that Node will hold open.
services/clsi/config/settings.defaults.js
+1 -1
View File
@@ -101,7 +101,7 @@ if (process.env.DOCKER_RUNNER) {
CLSI: 1,
},
socketPath: '/var/run/docker.sock',
user: process.env.TEXLIVE_IMAGE_USER || 'tex',
user: process.env.TEXLIVE_IMAGE_USER || 'www-data',
},
optimiseInDocker: true,
expireProjectAfterIdleMs: 24 * 60 * 60 * 1000,
services/web/config/settings.defaults.js
+1 -9
View File
@@ -1004,6 +1004,7 @@ module.exports = {
'launchpad',
'server-ce-scripts',
'user-activate',
'sandboxed-compiles',
'symbol-palette',
'track-changes',
'authentication/ldap',
@@ -1037,15 +1038,6 @@ module.exports = {
enabled: false,
},
allowedImageNames: process.env.SANDBOXED_COMPILES === 'true'
? parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES)
.map((imageName, index) => ({
imageName,
imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index]
|| imageName.split(':')[1],
}))
: undefined,
oauthProviders: {
...(process.env.EXTERNAL_AUTH && process.env.EXTERNAL_AUTH.includes('oidc') && {
[process.env.OVERLEAF_OIDC_PROVIDER_ID || 'oidc']: {
services/web/modules/sandboxed-compiles/index.mjs
+22
View File
@@ -0,0 +1,22 @@
import Settings from '@overleaf/settings'
const parseTextExtensions = function (extensions) {
if (extensions) {
return extensions.split(',').map(ext => ext.trim())
} else {
return []
}
}
if (process.env.SANDBOXED_COMPILES === 'true') {
Settings.allowedImageNames = parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGES)
.map((imageName, index) => ({
imageName,
imageDesc: parseTextExtensions(process.env.ALL_TEX_LIVE_DOCKER_IMAGE_NAMES)[index]
|| imageName.split(':')[1],
}))
if(!process.env.TEX_LIVE_DOCKER_IMAGE) {
process.env.TEX_LIVE_DOCKER_IMAGE = Settings.allowedImageNames[0].imageName
}
Settings.currentImageName = process.env.TEX_LIVE_DOCKER_IMAGE
}