Security Fix 1: There was not enough permission checks. Moved migrations to Admin Panel/Settings/Cron.

Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
2026-01-27 11:46:10 +01:00 · 2026-01-06 00:15:16 +02:00 · 2026-01-06 00:15:16 +02:00 · cbb1cd78de
commit cbb1cd78de
parent d6834d0287
18 changed files with 397 additions and 1805 deletions
--- a/imports/cronMigrationClient.js
+++ b/imports/cronMigrationClient.js
@ -0,0 +1,50 @@
+import { Meteor } from 'meteor/meteor';
+import { ReactiveVar } from 'meteor/reactive-var';
+
+export const cronMigrationProgress = new ReactiveVar(0);
+export const cronMigrationStatus = new ReactiveVar('');
+export const cronMigrationCurrentStep = new ReactiveVar('');
+export const cronMigrationSteps = new ReactiveVar([]);
+export const cronIsMigrating = new ReactiveVar(false);
+export const cronJobs = new ReactiveVar([]);
+
+function fetchProgress() {
+  Meteor.call('cron.getMigrationProgress', (err, res) => {
+    if (err) return;
+    if (!res) return;
+    cronMigrationProgress.set(res.progress || 0);
+    cronMigrationStatus.set(res.status || '');
+    cronMigrationCurrentStep.set(res.currentStep || '');
+    cronMigrationSteps.set(res.steps || []);
+    cronIsMigrating.set(res.isMigrating || false);
+  });
+}
+
+// Expose cron jobs via method
+function fetchJobs() {
+  Meteor.call('cron.getJobs', (err, res) => {
+    if (err) return;
+    cronJobs.set(res || []);
+  });
+}
+
+if (Meteor.isClient) {
+  // Initial fetch
+  fetchProgress();
+  fetchJobs();
+
+  // Poll periodically
+  Meteor.setInterval(() => {
+    fetchProgress();
+    fetchJobs();
+  }, 2000);
+}
+
+export default {
+  cronMigrationProgress,
+  cronMigrationStatus,
+  cronMigrationCurrentStep,
+  cronMigrationSteps,
+  cronIsMigrating,
+  cronJobs,
+};