Changes the behavior of the local server for receiving oauth callbacks
from Digital Ocean by not closing it on invalid requests. This avoids
the problem where a malicious actor prematurely closes the
callback-handling server (a DoS of the authentication flow).
Also added a timeout to close the server after 30 seconds.
* initial commit - need to test
* update en.json
* update messages
* revert my access key event rerouting
* type errors
* add message descriptions
* good enough
* just one block o' text
* almost there
* put back pre-wrap
* switch to <br>
* line break to master messages
In this PR, I switched `electron-updater`'s checking-update-url to Amazon S3, so [`outline-releases` GitHub repository](https://github.com/Jigsaw-Code/outline-releases/tree/master/manager) can be deprecated (but we still need to update the yaml files for backward compatibility).
There is an Electron IPC event 'open-image' that accepts any path,
including relative paths that would expose system filenames such as
/etc/passwd. This change resolves all paths to be rooted at the base
directory for ...server_manager/web_app.
* add restrictions - bypassing for draft
* this feels like the correct list?
* this feels like the actual actual correct list?
* comment out rules for later fixing
* upgrade node setup for windows
#### Description
In this PR, I introduced the cross-platform Windows binary signing tools to the server manager. [Jsign](https://ebourg.github.io/jsign/) is included as one of the `third_party` dependencies. In the future, we can leverage GCP KMS based certificate to do the signing as well.
#### Environment Variables
- `WINDOWS_SIGNING_CERT_TYPE`: `none|pfx|digicert-usb`
- `WINDOWS_SIGNING_CERT_PASSWORD`: password of the certificate (store)
- `WINDOWS_SIGNING_PFX_CERT`: ".pfx" certificate path if the type is `pfx`
- `WINDOWS_SIGNING_EV_CERT_SUBJECT`: [optional] subject of the EV certificate if type is `digicert-usb` (in our case, you can use `Jigsaw Operations LLC`)
In this PR, I introduced 9 more language support to the Manager, including:
* bs
* en-GB
* es
* et
* hy
* ka
* mk
* pt-PT
* sq
In order to display the new languages in the UI, I updated the language list as well. The language names come from the official [Google Account language settings page](https://myaccount.google.com/language).
I also updated the translations for the following languages:
* fa
* kk
* my
* nl
* okay put this up see where we're at
* update builds here
* check browserslist
* add badge
* Update build_and_test_debug.yml
* scopes & electron version
In this PR, I fixed two build errors when starting manager locally on macOS:
1. **Cannot find python** (caused by out-dated `electron-builder`)
> ```
> $ BUILD_ENV=development npm run action server_manager/electron_app/start mac
> ...
> + electron-builder --mac --config.mac.icon=icons/mac/icon.icns --projectDir=build/server_manager/electron_app/static --config.asarUnpack=server_manager/web_app/images --publish=never '--config.artifactName="Outline-Manager.${ext}"'
> ...
> ⨯ Exit code: ENOENT. spawn /usr/bin/python ENOENT
> ...
> ```
2. **Cannot run `serve`** (caused by out-dated `webpack-cli`)
> ```
> $ npm run action server_manager/web_app/start
> ...
> TypeError: Class constructor ServeCommand cannot be invoked without 'new'
> ...
> ```
I also added [`@webpack-cli/serve`](https://www.npmjs.com/package/@webpack-cli/serve) as a global package because it is required by `webpack-cli`] when you run `npm run action server_manager/web_app/start`:
```
$ npm run action server_manager/web_app/start
...
Would you like to install serve? (That will run npm install -D @webpack-cli/serve) (yes/NO) :
@webpack-cli/serve needs to be installed in order to run the command.
...
```
