jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
17433680696dc2f14cf44bc70e740335023d8f35
cloudron-box/src/apps.js

2576 lines
102 KiB
JavaScript
Raw Normal View History

app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
'use strict';
exports = module.exports = {
apps: hasAccessTo -> canAccess
2021-09-21 10:00:47 -07:00
canAccess,
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
isOperator,
apps: fix various operators issues part of #791
2021-09-21 17:28:58 -07:00
accessLevel,
fix code style
2020-10-27 17:11:50 -07:00
removeInternalFields,
removeRestrictedFields,
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// database crud
add,
update,
setHealth,
del,
add missing apps.delPortBinding this got lost in async/db translation
2021-09-17 09:52:18 -07:00
delPortBinding,
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
fix code style
2020-10-27 17:11:50 -07:00
get,
getByIpAddress,
getByFqdn,
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
list,
listByUser,
// user actions
fix code style
2020-10-27 17:11:50 -07:00
install,
uninstall,
setAccessRestriction,
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
setOperators,
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
setCrontab,
fix code style
2020-10-27 17:11:50 -07:00
setLabel,
setIcon,
setTags,
setMemoryLimit,
setCpuShares,
rename appVolumes to appMounts
2020-10-28 19:42:48 -07:00
setMounts,
fix code style
2020-10-27 17:11:50 -07:00
setAutomaticBackup,
setAutomaticUpdate,
setReverseProxyConfig,
setCertificate,
setDebugMode,
setEnvironment,
setMailbox,
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
setInbox,
fix code style
2020-10-27 17:11:50 -07:00
setLocation,
setDataDir,
repair,
restore,
importApp,
app: add export route Currently, the export route only creates the snapshot (the other side of in-place import). In the future, the export route can export to a custom backup config (like import).
2020-12-06 19:38:50 -08:00
exportApp,
fix code style
2020-10-27 17:11:50 -07:00
clone,
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
updateApp,
fix code style
2020-10-27 17:11:50 -07:00
backup,
listBackups,
operator: add app task status route
2021-09-21 22:19:20 -07:00
getTask,
fix code style
2020-10-27 17:11:50 -07:00
getLocalLogfilePaths,
getLogs,
apps: get user certificate
2021-05-07 21:37:23 -07:00
getCertificate,
fix code style
2020-10-27 17:11:50 -07:00
start,
stop,
restart,
exec,
checkManifestConstraints,
downloadManifest,
canAutoupdateApp,
autoupdateApps,
restoreInstalledApps,
configureInstalledApps,
schedulePendingTasks,
restartAppsUsingAddons,
getDataDir,
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
getIcon,
add apps.getMemoryLimit
2021-01-20 12:12:14 -08:00
getMemoryLimit,
operator: add a limits route to determine max app resource limits
2021-09-21 22:29:19 -07:00
getLimits,
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
getSchedulerConfig,
fix code style
2020-10-27 17:11:50 -07:00
operator: add route to get app event log we cannot go via /cloudron/eventlog since that requires admin
2021-09-21 19:45:29 -07:00
listEventlog,
fix code style
2020-10-27 17:11:50 -07:00
downloadFile,
uploadFile,
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
backupConfig,
app import: restore icon, tag, label, proxy configs etc
2021-05-26 09:48:34 -07:00
restoreConfig,
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
Add type field to port bindings table Part of #504
2018-08-12 22:08:19 -07:00
PORT_TYPE_TCP: 'tcp',
Save correct type of port in db Part of #504
2018-08-13 08:33:09 -07:00
PORT_TYPE_UDP: 'udp',
Add type field to port bindings table Part of #504
2018-08-12 22:08:19 -07:00
Make start/stop just a installation code the runState now just tracks if an app is stopped.
2019-09-22 00:20:12 -07:00
// task codes - the installation state is now a misnomer (keep in sync in UI)
Move state enums to the model code
2019-08-30 13:12:49 -07:00
ISTATE_PENDING_INSTALL: 'pending_install', // installs and fresh reinstalls
ISTATE_PENDING_CLONE: 'pending_clone', // clone
Add repair route this is specifically for the case where some task failed and user wants to get it back.
2019-09-19 17:04:11 -07:00
ISTATE_PENDING_CONFIGURE: 'pending_configure', // infra update
Add specific installation states to help out UI
2019-09-10 14:25:12 -07:00
ISTATE_PENDING_RECREATE_CONTAINER: 'pending_recreate_container', // env change or addon change
Break down the configure route
2019-09-08 16:57:08 -07:00
ISTATE_PENDING_LOCATION_CHANGE: 'pending_location_change',
ISTATE_PENDING_DATA_DIR_MIGRATION: 'pending_data_dir_migration',
Add specific installation states to help out UI
2019-09-10 14:25:12 -07:00
ISTATE_PENDING_RESIZE: 'pending_resize',
ISTATE_PENDING_DEBUG: 'pending_debug',
Move state enums to the model code
2019-08-30 13:12:49 -07:00
ISTATE_PENDING_UNINSTALL: 'pending_uninstall', // uninstallation
ISTATE_PENDING_RESTORE: 'pending_restore', // restore to previous backup or on upgrade
make import a task of it's own this allows us to distinguish it in the eventlog and apptask logic
2021-05-26 09:27:15 -07:00
ISTATE_PENDING_IMPORT: 'pending_import', // import from external backup
Move state enums to the model code
2019-08-30 13:12:49 -07:00
ISTATE_PENDING_UPDATE: 'pending_update', // update from installed state preserving data
ISTATE_PENDING_BACKUP: 'pending_backup', // backup the app. this is state because it blocks other operations
Make start/stop just a installation code the runState now just tracks if an app is stopped.
2019-09-22 00:20:12 -07:00
ISTATE_PENDING_START: 'pending_start',
ISTATE_PENDING_STOP: 'pending_stop',
Add restart route for atomicity
2019-12-20 10:29:29 -08:00
ISTATE_PENDING_RESTART: 'pending_restart',
Move state enums to the model code
2019-08-30 13:12:49 -07:00
ISTATE_ERROR: 'error', // error executing last pending_* command
ISTATE_INSTALLED: 'installed', // app is installed
// run states
RSTATE_RUNNING: 'running',
RSTATE_STOPPED: 'stopped', // app stopped by us
// health states (keep in sync in UI)
HEALTH_HEALTHY: 'healthy',
HEALTH_UNHEALTHY: 'unhealthy',
HEALTH_ERROR: 'error',
HEALTH_DEAD: 'dead',
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// subdomain table types
SUBDOMAIN_TYPE_PRIMARY: 'primary',
SUBDOMAIN_TYPE_REDIRECT: 'redirect',
SUBDOMAIN_TYPE_ALIAS: 'alias',
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
// exported for testing
Rewrite accessRestriction validator
2015-10-15 12:26:48 +02:00
_validatePortBindings: validatePortBindings,
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
_validateAccessRestriction: validateAccessRestriction,
Make the ldap test work
2019-08-20 11:45:00 -07:00
_translatePortBindings: translatePortBindings,
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
_parseCrontab: parseCrontab,
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
_clear: clear
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const appstore = require('./appstore.js'),
port taskmanager to use tasks
2019-08-28 15:00:55 -07:00
appTaskManager = require('./apptaskmanager.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert = require('assert'),
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
AuditSource = require('./auditsource.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
backups = require('./backups.js'),
Add TASK_ERROR reason code
2019-09-19 23:13:04 -07:00
BoxError = require('./boxerror.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
constants = require('./constants.js'),
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
CronJob = require('cron').CronJob,
apps: get user certificate
2021-05-07 21:37:23 -07:00
database = require('./database.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
debug = require('debug')('box:apps'),
merge domaindb.js into domains.js
2021-08-13 17:22:28 -07:00
dns = require('./dns.js'),
create new container from cloudron exec
2015-11-10 12:47:48 -08:00
docker = require('./docker.js'),
Remove usage of config.appFqdn()
2018-01-09 21:03:59 -08:00
domains = require('./domains.js'),
add event log in model code
2016-05-01 21:37:08 -07:00
eventlog = require('./eventlog.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
fs = require('fs'),
Add mailboxName to app configure route Fixes #558
2018-05-24 16:25:32 -07:00
mail = require('./mail.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
manifestFormat = require('cloudron-manifestformat'),
import: validate and create transient mount point fixes #788
2021-09-29 20:16:06 -07:00
mounts = require('./mounts.js'),
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
once = require('once'),
Bump max limit to two times ram part of #466
2017-11-07 09:09:30 -08:00
os = require('os'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
path = require('path'),
paths = require('./paths.js'),
merge certificates.js and nginx.js to reverseproxy.js when certs change, we have to call into nginx anyway. since they go hand in hand, just merge those files. modern reverse proxies do this job integrated already.
2018-01-30 12:23:27 -08:00
reverseProxy = require('./reverseproxy.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
safe = require('safetydance'),
semver = require('semver'),
sftp: rework appdata and volume mounting logic this tries to solve two issues: * the current approach mounts the data directories of apps/volumes individually. this causes a problem with volume mounts that mount after the container is started i.e not network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires unbound to be running but unbound can only start after docker because it wants to bind to the docker network. one way to fix is to not start sftp automatically and only start sftp container in the box code. This results in the sftp container attaching itself of the directory before mounting and it appears empty. (on the host, the directory will appear to have mount data!) * every time apptask runs we keep rebuilding this sftp container. this results in much race. the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely on binding to the mount point itself. the child directories can mount in leisure. this limits the race issue to only no-op volume mounts. part of #789
2021-06-24 16:19:30 -07:00
services = require('./services.js'),
config.js is dead, long live config.js we use settings now
2019-07-26 10:49:29 -07:00
settings = require('./settings.js'),
Use journalctl to get app logs
2015-11-02 11:20:50 -08:00
spawn = require('child_process').spawn,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
split = require('split'),
superagent = require('superagent'),
operator: add a limits route to determine max app resource limits
2021-09-21 22:29:19 -07:00
system = require('./system.js'),
Migrate apptask to use tasks framework
2019-08-26 15:55:57 -07:00
tasks = require('./tasks.js'),
Only send the stdout stream
2017-08-20 23:39:49 -07:00
TransformStream = require('stream').Transform,
migrate permissions and admin flag to user.role
2020-02-21 12:17:06 -08:00
users = require('./users.js'),
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
util = require('util'),
Update many modules npm WARN deprecated ejs-cli@1.2.0: This has breaking change. (in ejs package) use <= 2.0.0. npm WARN deprecated node-uuid@1.4.8: Use uuid module instead npm WARN deprecated minimatch@0.3.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
2017-08-13 17:44:31 -07:00
uuid = require('uuid'),
Move removeInternalAppFields to model code
2018-04-29 10:47:34 -07:00
validator = require('validator'),
_ = require('underscore');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.errorJson', 'apps.runState',
'apps.health', 'apps.containerId', 'apps.manifestJson', 'apps.accessRestrictionJson', 'apps.memoryLimit', 'apps.cpuShares',
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
'apps.label', 'apps.tagsJson', 'apps.taskId', 'apps.reverseProxyConfigJson', 'apps.servicesConfigJson', 'apps.operatorsJson',
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
'apps.sso', 'apps.debugModeJson', 'apps.enableBackup', 'apps.proxyAuth', 'apps.containerIp', 'apps.crontab',
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
'apps.creationTime', 'apps.updateTime', 'apps.enableAutomaticUpdate',
'apps.enableMailbox', 'apps.mailboxName', 'apps.mailboxDomain', 'apps.enableInbox', 'apps.inboxName', 'apps.inboxDomain',
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
'apps.dataDir', 'apps.ts', 'apps.healthTime', '(apps.icon IS NOT NULL) AS hasIcon', '(apps.appStoreIcon IS NOT NULL) AS hasAppStoreIcon' ].join(',');
// const PORT_BINDINGS_FIELDS = [ 'hostPort', 'type', 'environmentVariable', 'appId' ].join(',');
rework task API to be two-phase this lets us avoid this EE based API. we now add and then start explicitly.
2019-08-27 22:39:59 -07:00
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
// validate the port bindings
Pass the manifest to validatePortBindings
2018-08-12 22:37:36 -07:00
function validatePortBindings(portBindings, manifest) {
Make tests pass
2017-01-29 13:01:09 -08:00
assert.strictEqual(typeof portBindings, 'object');
Pass the manifest to validatePortBindings
2018-08-12 22:37:36 -07:00
assert.strictEqual(typeof manifest, 'object');
Make tests pass
2017-01-29 13:01:09 -08:00
Fix comment about firewall rule setup
2018-06-04 21:24:14 +02:00
// keep the public ports in sync with firewall rules in setup/start/cloudron-firewall.sh
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
// these ports are reserved even if we listen only on 127.0.0.1 because we setup HostIp to be 127.0.0.1
// for custom tcp ports
Support reserved port ranges
2020-03-30 10:01:52 +02:00
const RESERVED_PORTS = [
Reserve ssh ports
2017-01-29 12:38:54 -08:00
22, /* ssh */
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
25, /* smtp */
80, /* http */
reserve more ports
2016-05-05 15:00:07 -07:00
143, /* imap */
More caas removal
2019-05-08 17:30:41 -07:00
202, /* alternate ssh */
Reserve sftp port 222
2019-03-19 22:59:29 -07:00
222, /* proftd */
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
443, /* https */
reserve more ports
2016-05-05 15:00:07 -07:00
465, /* smtps */
587, /* submission */
993, /* imaps */
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
2003, /* graphite (lo) */
2004, /* graphite (lo) */
use port 2514 for syslog
2018-06-04 21:12:55 +02:00
2514, /* cloudron-syslog (lo) */
Make port a constant
2019-07-25 15:43:51 -07:00
constants.PORT, /* app server (lo) */
add support for protected sites https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/ https://gock.net/blog/2020/nginx-subrequest-authentication-server/ https://github.com/andygock/auth-server
2020-11-09 20:34:48 -08:00
constants.AUTHWALL_PORT, /* protected sites */
Make internal smtp port a constant
2019-07-25 15:27:28 -07:00
constants.INTERNAL_SMTP_PORT, /* internal smtp port (lo) */
Make ldap and docker proxy port as constants
2019-07-25 15:33:34 -07:00
constants.LDAP_PORT,
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
3306, /* mysql (lo) */
add turn,stun ports to RESERVED ones We still need to protect the TURN port range
2020-03-30 08:30:01 +02:00
3478, /* turn,stun */
reserve 4190 for sieve
2016-05-13 18:48:05 -07:00
4190, /* managesieve */
add turn,stun ports to RESERVED ones We still need to protect the TURN port range
2020-03-30 08:30:01 +02:00
5349, /* turn,stun TLS */
Move out graphite from port 8000 Port 8000 is used by esxi management service (!)
2018-11-16 19:23:09 -08:00
8000, /* ESXi monitoring */
8417, /* graphite (lo) */
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
];
Support reserved port ranges
2020-03-30 10:01:52 +02:00
const RESERVED_PORT_RANGES = [
[50000, 51000] /* turn udp ports */
];
allow port 853 for DoT
2021-02-17 13:11:00 -08:00
const ALLOWED_PORTS = [
53, // dns 53 is special and adblocker apps can use them
853 // dns over tls
];
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
if (!portBindings) return null;
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
for (let portName in portBindings) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!/^[a-zA-Z0-9_]+$/.test(portName)) return new BoxError(BoxError.BAD_FIELD, `${portName} is not a valid environment variable`, { field: 'portBindings', portName: portName });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
const hostPort = portBindings[portName];
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!Number.isInteger(hostPort)) return new BoxError(BoxError.BAD_FIELD, `${hostPort} is not an integer`, { field: 'portBindings', portName: portName });
if (RESERVED_PORTS.indexOf(hostPort) !== -1) return new BoxError(BoxError.BAD_FIELD, `Port ${hostPort} is reserved.`, { field: 'portBindings', portName: portName });
Support reserved port ranges
2020-03-30 10:01:52 +02:00
if (RESERVED_PORT_RANGES.find(range => (hostPort >= range[0] && hostPort <= range[1]))) return new BoxError(BoxError.BAD_FIELD, `Port ${hostPort} is reserved.`, { field: 'portBindings', portName: portName });
allow port 853 for DoT
2021-02-17 13:11:00 -08:00
if (ALLOWED_PORTS.indexOf(hostPort) === -1 && (hostPort <= 1023 || hostPort > 65535)) return new BoxError(BoxError.BAD_FIELD, `${hostPort} is not in permitted range`, { field: 'portBindings', portName: portName });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
// it is OK if there is no 1-1 mapping between values in manifest.tcpPorts and portBindings. missing values implies
// that the user wants the service disabled
Pass the manifest to validatePortBindings
2018-08-12 22:37:36 -07:00
const tcpPorts = manifest.tcpPorts || { };
Set the udp ports in docker configuration Part of #504
2018-08-12 22:47:59 -07:00
const udpPorts = manifest.udpPorts || { };
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
for (let portName in portBindings) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!(portName in tcpPorts) && !(portName in udpPorts)) return new BoxError(BoxError.BAD_FIELD, `Invalid portBindings ${portName}`, { field: 'portBindings', portName: portName });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
return null;
}
Save correct type of port in db Part of #504
2018-08-13 08:33:09 -07:00
function translatePortBindings(portBindings, manifest) {
assert.strictEqual(typeof portBindings, 'object');
assert.strictEqual(typeof manifest, 'object');
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
if (!portBindings) return null;
let result = {};
Save correct type of port in db Part of #504
2018-08-13 08:33:09 -07:00
const tcpPorts = manifest.tcpPorts || { };
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
for (let portName in portBindings) {
Save correct type of port in db Part of #504
2018-08-13 08:33:09 -07:00
const portType = portName in tcpPorts ? exports.PORT_TYPE_TCP : exports.PORT_TYPE_UDP;
result[portName] = { hostPort: portBindings[portName], type: portType };
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
}
return result;
}
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
function parseCrontab(crontab) {
assert(crontab === null || typeof crontab === 'string');
const result = [];
if (!crontab) return result;
const lines = crontab.split('\n');
for (let i = 0; i < lines.length; i++) {
const line = lines[i].trim();
if (!line || line.startsWith('#')) continue;
add crontab tests
2021-09-28 11:08:10 -07:00
const parts = /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(.+)$/.exec(line);
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
if (!parts) throw new BoxError(BoxError.BAD_FIELD, `Invalid cron configuration at line ${i+1}`);
const schedule = parts.slice(1, 6).join(' ');
const command = parts[6];
try {
new CronJob('00 ' + schedule, function() {}); // second is disallowed
} catch (ex) {
throw new BoxError(BoxError.BAD_FIELD, `Invalid cron pattern at line ${i+1}`);
}
add crontab tests
2021-09-28 11:08:10 -07:00
if (command.length === 0) throw new BoxError(BoxError.BAD_FIELD, `Invalid cron pattern. Command must not be empty at line ${i+1}`); // not possible with the regexp we have
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
result.push({ schedule, command });
}
return result;
}
function getSchedulerConfig(app) {
assert.strictEqual(typeof app, 'object');
let schedulerConfig = app.manifest.addons?.scheduler || null;
const crontab = parseCrontab(app.crontab);
if (crontab.length === 0) return schedulerConfig;
schedulerConfig = schedulerConfig || {};
// put a '.' because it is not a valid name for schedule name in manifestformat
crontab.forEach((c, idx) => schedulerConfig[`crontab.${idx}`] = c);
return schedulerConfig;
}
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
// also validates operators
Rewrite accessRestriction validator
2015-10-15 12:26:48 +02:00
function validateAccessRestriction(accessRestriction) {
Make accessRestriction a JSON format to prepare for group access control
2015-10-16 15:11:54 +02:00
assert.strictEqual(typeof accessRestriction, 'object');
Rewrite accessRestriction validator
2015-10-15 12:26:48 +02:00
Make accessRestriction a JSON format to prepare for group access control
2015-10-16 15:11:54 +02:00
if (accessRestriction === null) return null;
Rewrite accessRestriction validator
2015-10-15 12:26:48 +02:00
check groups property in accessRestriction
2016-02-09 13:03:52 -08:00
if (accessRestriction.users) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!Array.isArray(accessRestriction.users)) return new BoxError(BoxError.BAD_FIELD, 'users array property required');
if (!accessRestriction.users.every(function (e) { return typeof e === 'string'; })) return new BoxError(BoxError.BAD_FIELD, 'All users have to be strings');
check groups property in accessRestriction
2016-02-09 13:03:52 -08:00
}
if (accessRestriction.groups) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!Array.isArray(accessRestriction.groups)) return new BoxError(BoxError.BAD_FIELD, 'groups array property required');
if (!accessRestriction.groups.every(function (e) { return typeof e === 'string'; })) return new BoxError(BoxError.BAD_FIELD, 'All groups have to be strings');
check groups property in accessRestriction
2016-02-09 13:03:52 -08:00
}
add TODO note to validate accessRestriction
2016-06-04 13:20:10 -07:00
// TODO: maybe validate if the users and groups actually exist
Rewrite accessRestriction validator
2015-10-15 12:26:48 +02:00
return null;
}
Add memoryLimit validation
2016-02-11 17:39:15 +01:00
function validateMemoryLimit(manifest, memoryLimit) {
assert.strictEqual(typeof manifest, 'object');
assert.strictEqual(typeof memoryLimit, 'number');
Move default memory limit to constants.js
2016-02-14 12:13:49 +01:00
var min = manifest.memoryLimit || constants.DEFAULT_MEMORY_LIMIT;
Bump max limit to two times ram part of #466
2017-11-07 09:09:30 -08:00
var max = os.totalmem() * 2; // this will overallocate since we don't allocate equal swap always (#466)
Add memoryLimit validation
2016-02-11 17:39:15 +01:00
// allow 0, which indicates that it is not set, the one from the manifest will be choosen but we don't commit any user value
// this is needed so an app update can change the value in the manifest, and if not set by the user, the new value should be used
if (memoryLimit === 0) return null;
Allow memoryLimit to be unrestricted programatically
2017-01-19 15:02:12 -08:00
// a special value that indicates unlimited memory
if (memoryLimit === -1) return null;
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (memoryLimit < min) return new BoxError(BoxError.BAD_FIELD, 'memoryLimit too small');
if (memoryLimit > max) return new BoxError(BoxError.BAD_FIELD, 'memoryLimit too large');
Add memoryLimit validation
2016-02-11 17:39:15 +01:00
return null;
}
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
function validateCpuShares(cpuShares) {
assert.strictEqual(typeof cpuShares, 'number');
min cpu shares is 2
2020-01-28 22:38:54 -08:00
if (cpuShares < 2 || cpuShares > 1024) return new BoxError(BoxError.BAD_FIELD, 'cpuShares has to be between 2 and 1024');
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
return null;
}
Merge readonlyRootfs and development mode into debug mode The core issue we want to solve is to debug a running app. Let's make it explicit that it is in debugging mode because functions like update/backup/restore don't work. Part of #171
2017-01-20 05:48:25 -08:00
function validateDebugMode(debugMode) {
assert.strictEqual(typeof debugMode, 'object');
if (debugMode === null) return null;
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if ('cmd' in debugMode && debugMode.cmd !== null && !Array.isArray(debugMode.cmd)) return new BoxError(BoxError.BAD_FIELD, 'debugMode.cmd must be an array or null' );
if ('readonlyRootfs' in debugMode && typeof debugMode.readonlyRootfs !== 'boolean') return new BoxError(BoxError.BAD_FIELD, 'debugMode.readonlyRootfs must be a boolean' );
Merge readonlyRootfs and development mode into debug mode The core issue we want to solve is to debug a running app. Let's make it explicit that it is in debugging mode because functions like update/backup/restore don't work. Part of #171
2017-01-20 05:48:25 -08:00
return null;
}
Allow per-app configuration of robots.txt https://developers.google.com/search/reference/robots_txt has the specification Part of #344
2017-07-14 12:19:27 -05:00
function validateRobotsTxt(robotsTxt) {
if (robotsTxt === null) return null;
escape and quote the robotsTxt when templating for now, we restrict the string length to 4096 since that is what nginx allows
2017-07-23 18:55:31 -07:00
// this is the nginx limit on inline strings. if we really hit this, we have to generate a file
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (robotsTxt.length > 4096) return new BoxError(BoxError.BAD_FIELD, 'robotsTxt must be less than 4096', { field: 'robotsTxt' });
escape and quote the robotsTxt when templating for now, we restrict the string length to 4096 since that is what nginx allows
2017-07-23 18:55:31 -07:00
// TODO: validate the robots file? we escape the string when templating the nginx config right now
Allow per-app configuration of robots.txt https://developers.google.com/search/reference/robots_txt has the specification Part of #344
2017-07-14 12:19:27 -05:00
return null;
}
frameAncestors -> csp It seems we cannot separate frame ancestors from CSP because the hide header just hides everything and not a specific resource. This means that the user has to set or unset the full policy whole sale.
2019-10-14 16:59:22 -07:00
function validateCsp(csp) {
if (csp === null) return null;
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (csp.length > 4096) return new BoxError(BoxError.BAD_FIELD, 'CSP must be less than 4096', { field: 'csp' });
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (csp.includes('"')) return new BoxError(BoxError.BAD_FIELD, 'CSP cannot contains double quotes', { field: 'csp' });
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
return null;
}
Revert "remove unused function" This reverts commit a19205e3adad9aa466a188da63bf478aae367a99.
2019-10-11 20:30:30 -07:00
function validateBackupFormat(format) {
assert.strictEqual(typeof format, 'string');
if (format === 'tgz' || format == 'rsync') return null;
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
return new BoxError(BoxError.BAD_FIELD, 'Invalid backup format');
Revert "remove unused function" This reverts commit a19205e3adad9aa466a188da63bf478aae367a99.
2019-10-11 20:30:30 -07:00
}
Add labels and tags
2019-03-22 07:48:31 -07:00
function validateLabel(label) {
if (label === null) return null;
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (label.length > 128) return new BoxError(BoxError.BAD_FIELD, 'label must be less than 128', { field: 'label' });
Add labels and tags
2019-03-22 07:48:31 -07:00
return null;
}
function validateTags(tags) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (tags.length > 64) return new BoxError(BoxError.BAD_FIELD, 'Can only set up to 64 tags', { field: 'tags' });
Add labels and tags
2019-03-22 07:48:31 -07:00
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (tags.some(tag => tag.length == 0)) return new BoxError(BoxError.BAD_FIELD, 'tag cannot be empty', { field: 'tags' });
if (tags.some(tag => tag.length > 128)) return new BoxError(BoxError.BAD_FIELD, 'tag must be less than 128', { field: 'tags' });
Add labels and tags
2019-03-22 07:48:31 -07:00
return null;
}
Validate env vars
2018-10-18 11:19:32 -07:00
function validateEnv(env) {
for (let key in env) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (key.length > 512) return new BoxError(BoxError.BAD_FIELD, 'Max env var key length is 512', { field: 'env', env: env });
Validate env vars
2018-10-18 11:19:32 -07:00
// http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(key)) return new BoxError(BoxError.BAD_FIELD, `"${key}" is not a valid environment variable`, { field: 'env', env: env });
Validate env vars
2018-10-18 11:19:32 -07:00
}
return null;
}
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
function validateDataDir(dataDir) {
test data dir migration
2019-09-09 16:37:59 -07:00
if (dataDir === null) return null;
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
Better error message for invalid data directories
2020-01-28 14:09:31 -08:00
if (!path.isAbsolute(dataDir)) return new BoxError(BoxError.BAD_FIELD, `${dataDir} is not an absolute path`, { field: 'dataDir' });
if (dataDir.endsWith('/')) return new BoxError(BoxError.BAD_FIELD, `${dataDir} contains trailing slash`, { field: 'dataDir' });
if (path.normalize(dataDir) !== dataDir) return new BoxError(BoxError.BAD_FIELD, `${dataDir} is not a normalized path`, { field: 'dataDir' });
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
// nfs shares will have the directory mounted already
let stat = safe.fs.lstatSync(dataDir);
if (stat) {
Better error message for invalid data directories
2020-01-28 14:09:31 -08:00
if (!stat.isDirectory()) return new BoxError(BoxError.BAD_FIELD, `${dataDir} is not a directory`, { field: 'dataDir' });
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
let entries = safe.fs.readdirSync(dataDir);
Better error message for invalid data directories
2020-01-28 14:09:31 -08:00
if (!entries) return new BoxError(BoxError.BAD_FIELD, `${dataDir} could not be listed`, { field: 'dataDir' });
if (entries.length !== 0) return new BoxError(BoxError.BAD_FIELD, `${dataDir} is not empty. If this is the root of a mounted volume, provide a subdirectory.`, { field: 'dataDir' });
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
}
Be paranoid about the data dir location
2019-01-19 22:19:43 -08:00
// backup logic relies on paths not overlapping (because it recurses)
Better error message for invalid data directories
2020-01-28 14:09:31 -08:00
if (dataDir.startsWith(paths.APPS_DATA_DIR)) return new BoxError(BoxError.BAD_FIELD, `${dataDir} cannot be inside apps data`, { field: 'dataDir' });
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
Be paranoid about the data dir location
2019-01-19 22:19:43 -08:00
// if we made it this far, it cannot start with any of these realistically
const fhs = [ '/bin', '/boot', '/etc', '/lib', '/lib32', '/lib64', '/proc', '/run', '/sbin', '/tmp', '/usr' ];
Better error message for invalid data directories
2020-01-28 14:09:31 -08:00
if (fhs.some((p) => dataDir.startsWith(p))) return new BoxError(BoxError.BAD_FIELD, `${dataDir} cannot be placed inside this location`, { field: 'dataDir' });
Be paranoid about the data dir location
2019-01-19 22:19:43 -08:00
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
return null;
}
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
function getDuplicateErrorDetails(errorMessage, locations, domainObjectMap, portBindings) {
Use taskId instead of states to check bad state a) this is because, we have install state and run state. b) we have to put taskId as part of the transaction to prevent race
2019-08-29 12:14:42 -07:00
assert.strictEqual(typeof errorMessage, 'string');
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
assert(Array.isArray(locations));
assert.strictEqual(typeof domainObjectMap, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert.strictEqual(typeof portBindings, 'object');
Use taskId instead of states to check bad state a) this is because, we have install state and run state. b) we have to put taskId as part of the transaction to prevent race
2019-08-29 12:14:42 -07:00
var match = errorMessage.match(/ER_DUP_ENTRY: Duplicate entry '(.*)' for key '(.*)'/);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
if (!match) {
Use taskId instead of states to check bad state a) this is because, we have install state and run state. b) we have to put taskId as part of the transaction to prevent race
2019-08-29 12:14:42 -07:00
debug('Unexpected SQL error message.', errorMessage);
Remove various uses of INTERNAL_ERROR INTERNAL_ERROR now means there really was some internal error
2019-10-24 18:32:33 -07:00
return new BoxError(BoxError.DATABASE_ERROR, errorMessage);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
// check if a location conflicts
Fix duplicate location error message
2019-03-19 20:43:42 -07:00
if (match[2] === 'subdomain') {
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
for (let i = 0; i < locations.length; i++) {
const { subdomain, domain } = locations[i];
if (match[1] !== `${subdomain}-${domain}`) continue;
Return correct conflicting domain
2019-06-05 16:01:44 +02:00
merge domaindb.js into domains.js
2021-08-13 17:22:28 -07:00
return new BoxError(BoxError.ALREADY_EXISTS, `Domain '${dns.fqdn(subdomain, domainObjectMap[domain])}' is in use`, { subdomain, domain });
Send detail in apps error
2019-09-01 21:34:27 -07:00
}
Fix duplicate location error message
2019-03-19 20:43:42 -07:00
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
// check if any of the port bindings conflict
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
for (let portName in portBindings) {
error text: port is in use and not reserved
2020-12-03 22:27:59 -08:00
if (portBindings[portName] === parseInt(match[1])) return new BoxError(BoxError.ALREADY_EXISTS, `Port ${match[1]} is in use`, { portName });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
Return BAD_FIELD if dataDir conflicts
2019-09-03 15:17:48 -07:00
if (match[2] === 'dataDir') {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
return new BoxError(BoxError.BAD_FIELD, `Data directory ${match[1]} is in use`, { field: 'dataDir' });
Return BAD_FIELD if dataDir conflicts
2019-09-03 15:17:48 -07:00
}
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
return new BoxError(BoxError.ALREADY_EXISTS, `${match[2]} '${match[1]}' is in use`);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
function getDataDir(app, dataDir) {
return null for default dataDir
2019-09-15 21:51:38 -07:00
assert(dataDir === null || typeof dataDir === 'string');
backups (tgz): work with a layout this will allow us to place the localstorage directory in an arbitrary location
2018-12-20 14:33:29 -08:00
return dataDir || path.join(paths.APPS_DATA_DIR, app.id, 'data');
}
rename to removeInternalFields
2018-06-25 16:40:16 -07:00
function removeInternalFields(app) {
apps: return mailbox name as part of app part of cloudron/box#558
2018-05-24 15:27:55 -07:00
return _.pick(app,
Return error object in the API
2019-08-30 11:18:42 -07:00
'id', 'appStoreId', 'installationState', 'error', 'runState', 'health', 'taskId',
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
'location', 'domain', 'fqdn', 'crontab',
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
'accessRestriction', 'manifest', 'portBindings', 'iconUrl', 'memoryLimit', 'cpuShares', 'operators',
Send reverseProxyConfig in REST response
2019-10-14 15:57:41 -07:00
'sso', 'debugMode', 'reverseProxyConfig', 'enableBackup', 'creationTime', 'updateTime', 'ts', 'tags',
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
'label', 'alternateDomains', 'aliasDomains', 'env', 'enableAutomaticUpdate', 'dataDir', 'mounts',
'enableMailbox', 'mailboxName', 'mailboxDomain', 'enableInbox', 'inboxName', 'inboxDomain');
Move removeInternalAppFields to model code
2018-04-29 10:47:34 -07:00
}
Fix usage of audit source
2019-02-11 14:37:49 -08:00
// non-admins can only see these
Add app management scope This splits the apps API into those who have just 'read' access and those who have 'manage' access.
2018-06-25 16:45:15 -07:00
function removeRestrictedFields(app) {
return _.pick(app,
Do not remove accessRestriction from install app listing
2021-02-16 20:08:41 +01:00
'id', 'appStoreId', 'installationState', 'error', 'runState', 'health', 'taskId', 'accessRestriction', 'alternateDomains', 'aliasDomains', 'sso',
apps: fix various operators issues part of #791
2021-09-21 17:28:58 -07:00
'location', 'domain', 'fqdn', 'manifest', 'portBindings', 'iconUrl', 'creationTime', 'ts', 'tags', 'label', 'enableBackup');
Add app management scope This splits the apps API into those who have just 'read' access and those who have 'manage' access.
2018-06-25 16:45:15 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function getIcon(app, options) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
apps: add detail to http error messages
2019-09-01 17:44:24 -07:00
assert.strictEqual(typeof options, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const icons = await getIcons(app.id);
if (!icons) throw new BoxError(BoxError.NOT_FOUND, 'No such app');
apps: add detail to http error messages
2019-09-01 17:44:24 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!options.original && icons.icon) return icons.icon;
if (icons.appStoreIcon) return icons.appStoreIcon;
apps: add detail to http error messages
2019-09-01 17:44:24 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return null;
apps: add detail to http error messages
2019-09-01 17:44:24 -07:00
}
operator: add a limits route to determine max app resource limits
2021-09-21 22:29:19 -07:00
async function getLimits(app) {
assert.strictEqual(typeof app, 'object');
return {
memory: await system.getMemory()
};
}
add apps.getMemoryLimit
2021-01-20 12:12:14 -08:00
function getMemoryLimit(app) {
assert.strictEqual(typeof app, 'object');
let memoryLimit = app.memoryLimit || app.manifest.memoryLimit || 0;
if (memoryLimit === -1) { // unrestricted
memoryLimit = 0;
} else if (memoryLimit === 0 || memoryLimit < constants.DEFAULT_MEMORY_LIMIT) { // ensure we never go below minimum (in case we change the default)
memoryLimit = constants.DEFAULT_MEMORY_LIMIT;
}
return memoryLimit;
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
function postProcess(result) {
assert.strictEqual(typeof result, 'object');
assert(result.manifestJson === null || typeof result.manifestJson === 'string');
result.manifest = safe.JSON.parse(result.manifestJson);
delete result.manifestJson;
assert(result.tagsJson === null || typeof result.tagsJson === 'string');
result.tags = safe.JSON.parse(result.tagsJson) || [];
delete result.tagsJson;
assert(result.reverseProxyConfigJson === null || typeof result.reverseProxyConfigJson === 'string');
result.reverseProxyConfig = safe.JSON.parse(result.reverseProxyConfigJson) || {};
delete result.reverseProxyConfigJson;
assert(result.hostPorts === null || typeof result.hostPorts === 'string');
assert(result.environmentVariables === null || typeof result.environmentVariables === 'string');
result.portBindings = { };
let hostPorts = result.hostPorts === null ? [ ] : result.hostPorts.split(',');
let environmentVariables = result.environmentVariables === null ? [ ] : result.environmentVariables.split(',');
let portTypes = result.portTypes === null ? [ ] : result.portTypes.split(',');
delete result.hostPorts;
delete result.environmentVariables;
delete result.portTypes;
for (let i = 0; i < environmentVariables.length; i++) {
result.portBindings[environmentVariables[i]] = { hostPort: parseInt(hostPorts[i], 10), type: portTypes[i] };
}
assert(result.accessRestrictionJson === null || typeof result.accessRestrictionJson === 'string');
result.accessRestriction = safe.JSON.parse(result.accessRestrictionJson);
if (result.accessRestriction && !result.accessRestriction.users) result.accessRestriction.users = [];
delete result.accessRestrictionJson;
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
result.operators = safe.JSON.parse(result.operatorsJson);
if (result.operators && !result.operators.users) result.operators.users = [];
delete result.operatorsJson;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
result.sso = !!result.sso;
result.enableBackup = !!result.enableBackup;
result.enableAutomaticUpdate = !!result.enableAutomaticUpdate;
result.enableMailbox = !!result.enableMailbox;
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
result.enableInbox = !!result.enableInbox;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
result.proxyAuth = !!result.proxyAuth;
result.hasIcon = !!result.hasIcon;
result.hasAppStoreIcon = !!result.hasAppStoreIcon;
assert(result.debugModeJson === null || typeof result.debugModeJson === 'string');
result.debugMode = safe.JSON.parse(result.debugModeJson);
delete result.debugModeJson;
assert(result.servicesConfigJson === null || typeof result.servicesConfigJson === 'string');
result.servicesConfig = safe.JSON.parse(result.servicesConfigJson) || {};
delete result.servicesConfigJson;
let subdomains = JSON.parse(result.subdomains), domains = JSON.parse(result.domains), subdomainTypes = JSON.parse(result.subdomainTypes);
delete result.subdomains;
delete result.domains;
delete result.subdomainTypes;
result.alternateDomains = [];
result.aliasDomains = [];
for (let i = 0; i < subdomainTypes.length; i++) {
if (subdomainTypes[i] === exports.SUBDOMAIN_TYPE_PRIMARY) {
result.location = subdomains[i];
result.domain = domains[i];
} else if (subdomainTypes[i] === exports.SUBDOMAIN_TYPE_REDIRECT) {
result.alternateDomains.push({ domain: domains[i], subdomain: subdomains[i] });
} else if (subdomainTypes[i] === exports.SUBDOMAIN_TYPE_ALIAS) {
result.aliasDomains.push({ domain: domains[i], subdomain: subdomains[i] });
}
}
let envNames = JSON.parse(result.envNames), envValues = JSON.parse(result.envValues);
delete result.envNames;
delete result.envValues;
result.env = {};
for (let i = 0; i < envNames.length; i++) { // NOTE: envNames is [ null ] when env of an app is empty
if (envNames[i]) result.env[envNames[i]] = envValues[i];
}
let volumeIds = JSON.parse(result.volumeIds);
delete result.volumeIds;
let volumeReadOnlys = JSON.parse(result.volumeReadOnlys);
delete result.volumeReadOnlys;
result.mounts = volumeIds[0] === null ? [] : volumeIds.map((v, idx) => { return { volumeId: v, readOnly: !!volumeReadOnlys[idx] }; }); // NOTE: volumeIds is [null] when volumes of an app is empty
result.error = safe.JSON.parse(result.errorJson);
delete result.errorJson;
result.taskId = result.taskId ? String(result.taskId) : null;
}
function attachProperties(app, domainObjectMap) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof domainObjectMap, 'object');
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
let result = {};
for (let portName in app.portBindings) {
result[portName] = app.portBindings[portName].hostPort;
}
app.portBindings = result;
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
app.iconUrl = app.hasIcon || app.hasAppStoreIcon ? `/api/v1/apps/${app.id}/icon` : null;
merge domaindb.js into domains.js
2021-08-13 17:22:28 -07:00
app.fqdn = dns.fqdn(app.location, domainObjectMap[app.domain]);
app.alternateDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
app.aliasDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
}
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
function isAdmin(user) {
assert.strictEqual(typeof user, 'object');
return users.compareRoles(user.role, users.ROLE_ADMIN) >= 0;
}
function isOperator(app, user) {
Add apps.hasAccessTo()
2015-10-15 15:06:34 +02:00
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof user, 'object');
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
if (!app.operators) return isAdmin(user);
make hasAccessTo take a callback
2016-02-09 12:48:21 -08:00
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
if (app.operators.users.some(function (e) { return e === user.id; })) return true;
if (!app.operators.groups) return isAdmin(user);
if (app.operators.groups.some(function (gid) { return Array.isArray(user.groupIds) && user.groupIds.indexOf(gid) !== -1; })) return true;
check groups property in accessRestriction
2016-02-09 13:03:52 -08:00
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
return isAdmin(user);
}
Allow admins to access all apps Fixes #420
2017-11-15 18:07:10 -08:00
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
function canAccess(app, user) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof user, 'object');
Allow admins to access all apps Fixes #420
2017-11-15 18:07:10 -08:00
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
if (app.accessRestriction === null) return true;
if (app.accessRestriction.users.some(function (e) { return e === user.id; })) return true;
if (!app.accessRestriction.groups) return isOperator(app, user);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (app.accessRestriction.groups.some(function (gid) { return Array.isArray(user.groupIds) && user.groupIds.indexOf(gid) !== -1; })) return true;
Allow admins to access all apps Fixes #420
2017-11-15 18:07:10 -08:00
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
return isOperator(app, user);
}
function accessLevel(app, user) {
if (isAdmin(user)) return 'admin';
if (isOperator(app, user)) return 'operator';
return canAccess(app, user) ? 'user' : null;
Add apps.hasAccessTo()
2015-10-15 15:06:34 +02:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function add(id, appStoreId, manifest, location, domain, portBindings, data) {
assert.strictEqual(typeof id, 'string');
assert.strictEqual(typeof appStoreId, 'string');
assert(manifest && typeof manifest === 'object');
assert.strictEqual(typeof manifest.version, 'string');
assert.strictEqual(typeof location, 'string');
assert.strictEqual(typeof domain, 'string');
assert.strictEqual(typeof portBindings, 'object');
assert(data && typeof data === 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
portBindings = portBindings || { };
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
const manifestJson = JSON.stringify(manifest),
accessRestriction = data.accessRestriction || null,
accessRestrictionJson = JSON.stringify(accessRestriction),
memoryLimit = data.memoryLimit || 0,
cpuShares = data.cpuShares || 512,
installationState = data.installationState,
runState = data.runState,
sso = 'sso' in data ? data.sso : null,
debugModeJson = data.debugMode ? JSON.stringify(data.debugMode) : null,
env = data.env || {},
label = data.label || null,
tagsJson = data.tags ? JSON.stringify(data.tags) : null,
mailboxName = data.mailboxName || null,
mailboxDomain = data.mailboxDomain || null,
reverseProxyConfigJson = data.reverseProxyConfig ? JSON.stringify(data.reverseProxyConfig) : null,
servicesConfigJson = data.servicesConfig ? JSON.stringify(data.servicesConfig) : null,
enableMailbox = data.enableMailbox || false,
icon = data.icon || null;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
const queries = [];
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
queries.push({
query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit, cpuShares, '
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
+ 'sso, debugModeJson, mailboxName, mailboxDomain, label, tagsJson, reverseProxyConfigJson, servicesConfigJson, icon, '
+ 'enableMailbox) '
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
+ ' VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
args: [ id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit, cpuShares,
sso, debugModeJson, mailboxName, mailboxDomain, label, tagsJson, reverseProxyConfigJson, servicesConfigJson, icon, enableMailbox ]
});
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
queries.push({
query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)',
args: [ id, domain, location, exports.SUBDOMAIN_TYPE_PRIMARY ]
});
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
Object.keys(portBindings).forEach(function (env) {
queries.push({
query: 'INSERT INTO appPortBindings (environmentVariable, hostPort, type, appId) VALUES (?, ?, ?, ?)',
args: [ env, portBindings[env].hostPort, portBindings[env].type, id ]
});
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
});
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
Object.keys(env).forEach(function (name) {
queries.push({
query: 'INSERT INTO appEnvVars (appId, name, value) VALUES (?, ?, ?)',
args: [ id, name, env[name] ]
});
});
if (data.alternateDomains) {
data.alternateDomains.forEach(function (d) {
queries.push({
query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)',
args: [ id, d.domain, d.subdomain, exports.SUBDOMAIN_TYPE_REDIRECT ]
});
});
}
if (data.aliasDomains) {
data.aliasDomains.forEach(function (d) {
queries.push({
query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)',
args: [ id, d.domain, d.subdomain, exports.SUBDOMAIN_TYPE_ALIAS ]
});
});
}
const [error] = await safe(database.transaction(queries));
if (error && error.code === 'ER_DUP_ENTRY') throw new BoxError(BoxError.ALREADY_EXISTS, error.message);
if (error && error.code === 'ER_NO_REFERENCED_ROW_2') throw new BoxError(BoxError.NOT_FOUND, 'no such domain');
if (error) throw new BoxError(BoxError.DATABASE_ERROR, error);
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function getIcons(id) {
assert.strictEqual(typeof id, 'string');
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const results = await database.query('SELECT icon, appStoreIcon FROM apps WHERE id = ?', [ id ]);
if (results.length === 0) return null;
return { icon: results[0].icon, appStoreIcon: results[0].appStoreIcon };
}
refactor apps.postProcess
2019-03-06 11:12:39 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function updateWithConstraints(id, app, constraints) {
assert.strictEqual(typeof id, 'string');
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof constraints, 'string');
assert(!('portBindings' in app) || typeof app.portBindings === 'object');
assert(!('accessRestriction' in app) || typeof app.accessRestriction === 'object' || app.accessRestriction === '');
assert(!('alternateDomains' in app) || Array.isArray(app.alternateDomains));
assert(!('aliasDomains' in app) || Array.isArray(app.aliasDomains));
assert(!('tags' in app) || Array.isArray(app.tags));
assert(!('env' in app) || typeof app.env === 'object');
const queries = [ ];
if ('portBindings' in app) {
var portBindings = app.portBindings || { };
// replace entries by app id
queries.push({ query: 'DELETE FROM appPortBindings WHERE appId = ?', args: [ id ] });
Object.keys(portBindings).forEach(function (env) {
var values = [ portBindings[env].hostPort, portBindings[env].type, env, id ];
queries.push({ query: 'INSERT INTO appPortBindings (hostPort, type, environmentVariable, appId) VALUES(?, ?, ?, ?)', args: values });
});
}
Remove usage of config.appFqdn()
2018-01-09 21:03:59 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if ('env' in app) {
queries.push({ query: 'DELETE FROM appEnvVars WHERE appId = ?', args: [ id ] });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
Object.keys(app.env).forEach(function (name) {
queries.push({
query: 'INSERT INTO appEnvVars (appId, name, value) VALUES (?, ?, ?)',
args: [ id, name, app.env[name] ]
});
Remove usage of config.appFqdn()
2018-01-09 21:03:59 -08:00
});
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
}
if ('location' in app && 'domain' in app) { // must be updated together as they are unique together
queries.push({ query: 'DELETE FROM subdomains WHERE appId = ?', args: [ id ]}); // all locations of an app must be updated together
queries.push({ query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)', args: [ id, app.domain, app.location, exports.SUBDOMAIN_TYPE_PRIMARY ]});
if ('alternateDomains' in app) {
app.alternateDomains.forEach(function (d) {
queries.push({ query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)', args: [ id, d.domain, d.subdomain, exports.SUBDOMAIN_TYPE_REDIRECT ]});
});
}
if ('aliasDomains' in app) {
app.aliasDomains.forEach(function (d) {
queries.push({ query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)', args: [ id, d.domain, d.subdomain, exports.SUBDOMAIN_TYPE_ALIAS ]});
});
}
}
if ('mounts' in app) {
queries.push({ query: 'DELETE FROM appMounts WHERE appId = ?', args: [ id ]});
app.mounts.forEach(function (m) {
queries.push({ query: 'INSERT INTO appMounts (appId, volumeId, readOnly) VALUES (?, ?, ?)', args: [ id, m.volumeId, m.readOnly ]});
});
}
const fields = [ ], values = [ ];
apps: fix various operators issues part of #791
2021-09-21 17:28:58 -07:00
for (const p in app) {
if (p === 'manifest' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode' || p === 'error' || p === 'reverseProxyConfig' || p === 'servicesConfig' || p === 'operators') {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
fields.push(`${p}Json = ?`);
values.push(JSON.stringify(app[p]));
} else if (p !== 'portBindings' && p !== 'location' && p !== 'domain' && p !== 'alternateDomains' && p !== 'aliasDomains' && p !== 'env' && p !== 'mounts') {
fields.push(p + ' = ?');
values.push(app[p]);
}
}
if (values.length !== 0) {
values.push(id);
queries.push({ query: 'UPDATE apps SET ' + fields.join(', ') + ' WHERE id = ? ' + constraints, args: values });
}
const [error, results] = await safe(database.transaction(queries));
if (error && error.code === 'ER_DUP_ENTRY') throw new BoxError(BoxError.ALREADY_EXISTS, error.message);
if (error) throw new BoxError(BoxError.DATABASE_ERROR, error);
if (results[results.length - 1].affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'App not found');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function update(id, app) {
// ts is useful as a versioning mechanism (for example, icon changed). update the timestamp explicity in code instead of db.
// this way health and healthTime can be updated without changing ts
app.ts = new Date();
await updateWithConstraints(id, app, '');
}
Expose apps.getByContainerId
2019-03-06 11:15:12 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setHealth(appId, health, healthTime) {
assert.strictEqual(typeof appId, 'string');
assert.strictEqual(typeof health, 'string');
assert(util.types.isDate(healthTime));
await updateWithConstraints(appId, { health, healthTime }, '');
}
the ip is now available in the appdb
2020-12-03 11:48:25 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setTask(appId, values, options) {
assert.strictEqual(typeof appId, 'string');
assert.strictEqual(typeof values, 'object');
assert.strictEqual(typeof options, 'object');
the ip is now available in the appdb
2020-12-03 11:48:25 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
values.ts = new Date();
the ip is now available in the appdb
2020-12-03 11:48:25 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!options.requireNullTaskId) return await updateWithConstraints(appId, values, '');
if (options.requiredState === null) {
await updateWithConstraints(appId, values, 'AND taskId IS NULL');
} else {
await updateWithConstraints(appId, values, `AND taskId IS NULL AND installationState = "${options.requiredState}"`);
}
Expose apps.getByContainerId
2019-03-06 11:15:12 -08:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function del(id) {
assert.strictEqual(typeof id, 'string');
Check for user access in ldap ftp routes
2019-03-19 16:23:03 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const queries = [
{ query: 'DELETE FROM subdomains WHERE appId = ?', args: [ id ] },
{ query: 'DELETE FROM appPortBindings WHERE appId = ?', args: [ id ] },
{ query: 'DELETE FROM appEnvVars WHERE appId = ?', args: [ id ] },
{ query: 'DELETE FROM appPasswords WHERE identifier = ?', args: [ id ] },
{ query: 'DELETE FROM appMounts WHERE appId = ?', args: [ id ] },
{ query: 'DELETE FROM apps WHERE id = ?', args: [ id ] }
];
Check for user access in ldap ftp routes
2019-03-19 16:23:03 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const results = await database.transaction(queries);
if (results[5].affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'App not found');
add missing apps.delPortBinding this got lost in async/db translation
2021-09-17 09:52:18 -07:00
}
async function delPortBinding(hostPort, type) {
assert.strictEqual(typeof hostPort, 'number');
assert.strictEqual(typeof type, 'string');
const result = await database.query('DELETE FROM appPortBindings WHERE hostPort=? AND type=?', [ hostPort, type ]);
if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'App not found');
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
}
Check for user access in ldap ftp routes
2019-03-19 16:23:03 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function clear() {
await database.query('DELETE FROM subdomains');
await database.query('DELETE FROM appPortBindings');
await database.query('DELETE FROM appAddonConfigs');
await database.query('DELETE FROM appEnvVars');
await database.query('DELETE FROM apps');
Check for user access in ldap ftp routes
2019-03-19 16:23:03 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function getDomainObjectMap() {
const domainObjects = await domains.list();
let domainObjectMap = {};
for (let d of domainObjects) { domainObjectMap[d.domain] = d; }
return domainObjectMap;
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// each query simply join apps table with another table by id. we then join the full result together
const PB_QUERY = 'SELECT id, GROUP_CONCAT(CAST(appPortBindings.hostPort AS CHAR(6))) AS hostPorts, GROUP_CONCAT(appPortBindings.environmentVariable) AS environmentVariables, GROUP_CONCAT(appPortBindings.type) AS portTypes FROM apps LEFT JOIN appPortBindings ON apps.id = appPortBindings.appId GROUP BY apps.id';
const ENV_QUERY = 'SELECT id, JSON_ARRAYAGG(appEnvVars.name) AS envNames, JSON_ARRAYAGG(appEnvVars.value) AS envValues FROM apps LEFT JOIN appEnvVars ON apps.id = appEnvVars.appId GROUP BY apps.id';
const SUBDOMAIN_QUERY = 'SELECT id, JSON_ARRAYAGG(subdomains.subdomain) AS subdomains, JSON_ARRAYAGG(subdomains.domain) AS domains, JSON_ARRAYAGG(subdomains.type) AS subdomainTypes FROM apps LEFT JOIN subdomains ON apps.id = subdomains.appId GROUP BY apps.id';
const MOUNTS_QUERY = 'SELECT id, JSON_ARRAYAGG(appMounts.volumeId) AS volumeIds, JSON_ARRAYAGG(appMounts.readOnly) AS volumeReadOnlys FROM apps LEFT JOIN appMounts ON apps.id = appMounts.appId GROUP BY apps.id';
const APPS_QUERY = `SELECT ${APPS_FIELDS_PREFIXED}, hostPorts, environmentVariables, portTypes, envNames, envValues, subdomains, domains, subdomainTypes, volumeIds, volumeReadOnlys FROM apps`
+ ` LEFT JOIN (${PB_QUERY}) AS q1 on q1.id = apps.id`
+ ` LEFT JOIN (${ENV_QUERY}) AS q2 on q2.id = apps.id`
+ ` LEFT JOIN (${SUBDOMAIN_QUERY}) AS q3 on q3.id = apps.id`
+ ` LEFT JOIN (${MOUNTS_QUERY}) AS q4 on q4.id = apps.id`;
Change the internal portBindings representation Part of #504
2018-08-12 19:33:11 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function get(id) {
assert.strictEqual(typeof id, 'string');
Remove usage of config.appFqdn()
2018-01-09 21:03:59 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const domainObjectMap = await getDomainObjectMap();
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const result = await database.query(`${APPS_QUERY} WHERE apps.id = ?`, [ id ]);
if (result.length === 0) return null;
postProcess(result[0]);
attachProperties(result[0], domainObjectMap);
return result[0];
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// returns the app associated with this IP (app or scheduler)
async function getByIpAddress(ip) {
assert.strictEqual(typeof ip, 'string');
Add apps.getAllByUser()
2016-02-25 11:28:29 +01:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const domainObjectMap = await getDomainObjectMap();
Add apps.getAllByUser()
2016-02-25 11:28:29 +01:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const result = await database.query(`${APPS_QUERY} WHERE apps.containerIp = ?`, [ ip ]);
if (result.length === 0) return null;
postProcess(result[0]);
attachProperties(result[0], domainObjectMap);
return result[0];
}
async function list() {
const domainObjectMap = await getDomainObjectMap();
const results = await database.query(`${APPS_QUERY} ORDER BY apps.id`, [ ]);
results.forEach(postProcess);
results.forEach((app) => attachProperties(app, domainObjectMap));
return results;
}
async function getByFqdn(fqdn) {
assert.strictEqual(typeof fqdn, 'string');
const result = await list();
const app = result.find(function (a) { return a.fqdn === fqdn; });
return app;
}
async function listByUser(user) {
assert.strictEqual(typeof user, 'object');
apps: fix various operators issues part of #791
2021-09-21 17:28:58 -07:00
const result = await list();
return result.filter((app) => canAccess(app, user));
Add apps.getAllByUser()
2016-02-25 11:28:29 +01:00
}
operator: add app task status route
2021-09-21 22:19:20 -07:00
async function getTask(app) {
assert.strictEqual(typeof app, 'object');
if (!app.taskId) return null;
return await tasks.get(app.taskId);
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function downloadManifest(appStoreId, manifest) {
if (!appStoreId && !manifest) throw new BoxError(BoxError.BAD_FIELD, 'Neither manifest nor appStoreId provided');
check if both are null
2016-06-07 15:36:45 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!appStoreId) return { appStoreId: '', manifest };
download manifest from appstore when appStoreId is provided
2016-06-04 01:07:43 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const parts = appStoreId.split('@');
download manifest from appstore when appStoreId is provided
2016-06-04 01:07:43 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const url = settings.apiServerOrigin() + '/api/v1/apps/' + parts[0] + (parts[1] ? '/versions/' + parts[1] : '');
download manifest from appstore when appStoreId is provided
2016-06-04 01:07:43 -07:00
debug('downloading manifest from %s', url);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [error, response] = await safe(superagent.get(url).timeout(30 * 1000).ok(() => true));
download manifest from appstore when appStoreId is provided
2016-06-04 01:07:43 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, 'Network error downloading manifest:' + error.message);
download manifest from appstore when appStoreId is provided
2016-06-04 01:07:43 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (response.status !== 200) throw new BoxError(BoxError.NOT_FOUND, `Failed to get app info from store. status: ${response.status} text: ${response.text}`);
check if manifest property is present in network response
2020-05-11 14:43:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!response.body.manifest || typeof response.body.manifest !== 'object') throw new BoxError(BoxError.NOT_FOUND, `Missing manifest. Failed to get app info from store. status: ${response.status} text: ${response.text}`);
return { appStoreId: parts[0], manifest: response.body.manifest };
download manifest from appstore when appStoreId is provided
2016-06-04 01:07:43 -07:00
}
make the mailbox name follow the apps new location, if the user did not set it explicitly
2018-06-09 11:05:54 -07:00
function mailboxNameForLocation(location, manifest) {
add mailboxDomain field to apps table
2019-11-14 21:43:14 -08:00
if (location) return `${location}.app`;
if (manifest.title) return manifest.title.toLowerCase().replace(/[^a-zA-Z0-9]/g, '') + '.app';
return 'noreply.app';
make the mailbox name follow the apps new location, if the user did not set it explicitly
2018-06-09 11:05:54 -07:00
}
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
async function onTaskFinished(appId, installationState, taskId, error) {
const success = !error;
const errorMessage = error?.message || null;
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
const app = await get(appId);
const task = await tasks.get(taskId);
if (!app || !task) return;
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
switch (installationState) {
case exports.ISTATE_PENDING_DATA_DIR_MIGRATION:
if (success) await safe(services.rebuildService('sftp', AuditSource.APPTASK), { debug });
break;
case exports.ISTATE_PENDING_UPDATE: {
const fromManifest = success ? task.args[1].updateConfig.manifest : app.manifest;
const toManifest = success ? app.manifest : task.args[1].updateConfig.manifest;
await eventlog.add(eventlog.ACTION_APP_UPDATE_FINISH, AuditSource.APPTASK, { app, toManifest, fromManifest, success, errorMessage });
break;
}
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
case exports.ISTATE_PENDING_BACKUP:
await eventlog.add(eventlog.ACTION_APP_BACKUP_FINISH, AuditSource.APPTASK, { app, success, errorMessage, backupId: task.result });
break;
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
}
}
async function scheduleTask(appId, installationState, taskId) {
Only check installationState to resume tasks also, make resumeTasks go via app logic to capture end of task
2019-09-24 00:07:20 -07:00
assert.strictEqual(typeof appId, 'string');
assert.strictEqual(typeof installationState, 'string');
stash the taskId instead of args
2019-09-24 10:28:50 -07:00
assert.strictEqual(typeof taskId, 'string');
Only check installationState to resume tasks also, make resumeTasks go via app logic to capture end of task
2019-09-24 00:07:20 -07:00
more async'ification
2021-09-07 09:57:49 -07:00
const backupConfig = await settings.getBackupConfig();
merge settingsdb into settings code
2021-08-19 13:24:38 -07:00
more async'ification
2021-09-07 09:57:49 -07:00
let memoryLimit = 400;
if (installationState === exports.ISTATE_PENDING_BACKUP || installationState === exports.ISTATE_PENDING_CLONE || installationState === exports.ISTATE_PENDING_RESTORE
|| installationState === exports.ISTATE_PENDING_IMPORT || installationState === exports.ISTATE_PENDING_UPDATE) {
memoryLimit = 'memoryLimit' in backupConfig ? Math.max(backupConfig.memoryLimit/1024/1024, 400) : 400;
} else if (installationState === exports.ISTATE_PENDING_DATA_DIR_MIGRATION) {
memoryLimit = 1024; // cp takes more memory than we think
}
apptask: set the memory limit based on the backup config fixes #759
2021-01-06 14:46:46 -08:00
more async'ification
2021-09-07 09:57:49 -07:00
const options = { timeout: 20 * 60 * 60 * 1000 /* 20 hours */, nice: 15, memoryLimit };
appTaskManager.scheduleTask(appId, taskId, options, async function (error) {
debug(`scheduleTask: task ${taskId} of ${appId} completed`);
if (error && (error.code === tasks.ECRASHED || error.code === tasks.ESTOPPED)) { // if task crashed, update the error
debug(`Apptask crashed/stopped: ${error.message}`);
let boxError = new BoxError(BoxError.TASK_ERROR, error.message);
boxError.details.crashed = error.code === tasks.ECRASHED;
boxError.details.stopped = error.code === tasks.ESTOPPED;
// see also apptask makeTaskError
boxError.details.taskId = taskId;
boxError.details.installationState = installationState;
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
await safe(update(appId, { installationState: exports.ISTATE_ERROR, error: boxError.toPlainObject(), taskId: null }), { debug });
more async'ification
2021-09-07 09:57:49 -07:00
} else if (!(installationState === exports.ISTATE_PENDING_UNINSTALL && !error)) { // clear out taskId except for successful uninstall
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
await safe(update(appId, { taskId: null }), { debug });
Only check installationState to resume tasks also, make resumeTasks go via app logic to capture end of task
2019-09-24 00:07:20 -07:00
}
apptask: set the memory limit based on the backup config fixes #759
2021-01-06 14:46:46 -08:00
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
await safe(onTaskFinished(appId, installationState, taskId, error), { debug }); // ignore error
Only check installationState to resume tasks also, make resumeTasks go via app logic to capture end of task
2019-09-24 00:07:20 -07:00
});
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function addTask(appId, installationState, task) {
port taskmanager to use tasks
2019-08-28 15:00:55 -07:00
assert.strictEqual(typeof appId, 'string');
Make schedule task take the command as arg
2019-09-23 14:17:12 -07:00
assert.strictEqual(typeof installationState, 'string');
assert.strictEqual(typeof task, 'object'); // { args, values }
Ensure log directory
2019-08-27 16:12:24 -07:00
Make schedule task take the command as arg
2019-09-23 14:17:12 -07:00
const { args, values } = task;
Disable requiredState check for now there is a race but this is mitigated by the checkAppState non-db logic for now
2019-12-06 11:29:33 -08:00
// TODO: match the SQL logic to match checkAppState. this means checking the error.installationState and installationState. Unfortunately, former is JSON right now
const requiredState = null; // 'requiredState' in task ? task.requiredState : exports.ISTATE_INSTALLED;
Fix platform update logic
2019-09-24 20:29:01 -07:00
const scheduleNow = 'scheduleNow' in task ? task.scheduleNow : true;
const requireNullTaskId = 'requireNullTaskId' in task ? task.requireNullTaskId : true;
Use taskId instead of states to check bad state a) this is because, we have install state and run state. b) we have to put taskId as part of the transaction to prevent race
2019-08-29 12:14:42 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await tasks.add(tasks.TASK_APP, [ appId, args ]);
rework task API to be two-phase this lets us avoid this EE based API. we now add and then start explicitly.
2019-08-27 22:39:59 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [updateError] = await safe(setTask(appId, _.extend({ installationState, taskId, error: null }, values), { requiredState, requireNullTaskId }));
if (updateError && updateError.reason === BoxError.NOT_FOUND) throw new BoxError(BoxError.BAD_STATE, 'Another task is scheduled for this app'); // could be because app went away OR a taskId exists
if (updateError) throw updateError;
Migrate apptask to use tasks framework
2019-08-26 15:55:57 -07:00
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
if (scheduleNow) await safe(scheduleTask(appId, installationState, taskId), { debug }); // ignore error
Migrate apptask to use tasks framework
2019-08-26 15:55:57 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return taskId;
Migrate apptask to use tasks framework
2019-08-26 15:55:57 -07:00
}
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
function checkAppState(app, state) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof state, 'string');
better error message
2019-12-05 16:31:11 -08:00
if (app.taskId) return new BoxError(BoxError.BAD_STATE, `Locked by task ${app.taskId} : ${app.installationState} / ${app.runState}`);
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
Allow uninstall in error state
2019-09-23 10:35:42 -07:00
if (app.installationState === exports.ISTATE_ERROR) {
No need to return args as part of task.get This reverts commit 831e22b4ff87576173c51ef87ab540c156e587a9. This reverts commit 6774514bd2f712ea039b5c54774b6cc98e688a60.
2019-12-06 08:40:16 -08:00
// allow task to be called again if that was the errored task
Return args as part of task.get the ui needs this to repair any failed app task
2019-11-23 18:06:31 -08:00
if (app.error.installationState === state) return null;
// allow uninstall from any state
make import a task of it's own this allows us to distinguish it in the eventlog and apptask logic
2021-05-26 09:27:15 -07:00
if (state !== exports.ISTATE_PENDING_UNINSTALL && state !== exports.ISTATE_PENDING_RESTORE && state !== exports.ISTATE_PENDING_IMPORT) return new BoxError(BoxError.BAD_STATE, 'Not allowed in error state');
Allow uninstall in error state
2019-09-23 10:35:42 -07:00
}
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
do not allow backup, import, update in stopped state
2020-05-28 12:16:28 -07:00
if (app.runState === exports.RSTATE_STOPPED) {
// can't backup or restore since app addons are down. can't update because migration scripts won't run
make import a task of it's own this allows us to distinguish it in the eventlog and apptask logic
2021-05-26 09:27:15 -07:00
if (state === exports.ISTATE_PENDING_UPDATE || state === exports.ISTATE_PENDING_BACKUP || state === exports.ISTATE_PENDING_RESTORE || state === exports.ISTATE_PENDING_IMPORT) return new BoxError(BoxError.BAD_STATE, 'Not allowed in stopped state');
do not allow backup, import, update in stopped state
2020-05-28 12:16:28 -07:00
}
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
return null;
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function validateLocations(locations) {
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
assert(Array.isArray(locations));
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const domainObjectMap = await getDomainObjectMap();
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
for (let location of locations) {
if (!(location.domain in domainObjectMap)) throw new BoxError(BoxError.BAD_FIELD, 'No such domain', { field: 'location', domain: location.domain, subdomain: location.subdomain });
allow wilcard in alias domains
2021-01-18 22:47:53 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
let subdomain = location.subdomain;
if (location.type === 'alias' && subdomain.startsWith('*')) {
if (subdomain === '*') continue;
subdomain = subdomain.replace(/^\*\./, ''); // remove *.
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const error = dns.validateHostname(subdomain, domainObjectMap[location.domain]);
if (error) throw new BoxError(BoxError.BAD_FIELD, 'Bad location: ' + error.message, { field: 'location', domain: location.domain, subdomain: location.subdomain });
}
return domainObjectMap;
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function install(data, auditSource) {
fix apps.install insane arg list
2016-06-03 23:22:38 -07:00
assert(data && typeof data === 'object');
assert.strictEqual(typeof auditSource, 'object');
Fix assert (appStoreId is optional)
2020-03-29 19:12:07 -07:00
assert.strictEqual(typeof data.manifest, 'object'); // manifest is already downloaded
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
const location = data.location.toLowerCase(),
Make appFqdn() multidomain aware
2017-11-02 22:17:44 +01:00
domain = data.domain.toLowerCase(),
fix apps.install insane arg list
2016-06-03 23:22:38 -07:00
portBindings = data.portBindings || null,
accessRestriction = data.accessRestriction || null,
memoryLimit = data.memoryLimit || 0,
Allow installing from a backup
2017-04-11 12:49:21 -07:00
debugMode = data.debugMode || null,
Add field to skip backup for an app This skips the app from a backup when doing a full box backup and simply reuses the previous backup. The app can still be explicitly backed up using 'cloudron backup' and explicitly restored using 'cloudron restore --backup'. When restoring the box, it all depends on the app's last backup. Fixes #311
2017-08-16 14:12:07 -07:00
enableBackup = 'enableBackup' in data ? data.enableBackup : true,
Add option to toggle app automatic updates
2018-12-07 09:03:28 -08:00
enableAutomaticUpdate = 'enableAutomaticUpdate' in data ? data.enableAutomaticUpdate : true,
Custom env vars for apps Add a table and the install/configure routes. Initially, I thought we can just keep the env vars in docker container but that doesn't work since we create the container only later in apptask. And if the container gets deleted we lose this information.
2018-10-11 14:07:43 -07:00
alternateDomains = data.alternateDomains || [],
implement domain aliases
2021-01-18 17:26:26 -08:00
aliasDomains = data.aliasDomains || [],
Fixup configuration and validation of mailboxName
2018-12-12 12:55:35 -08:00
env = data.env || {},
Add labels and tags
2019-03-22 07:48:31 -07:00
label = data.label || null,
Add overwriteDns arg to install & clone this is useful in e2e
2019-09-16 09:31:34 -07:00
tags = data.tags || [],
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
overwriteDns = 'overwriteDns' in data ? data.overwriteDns : false,
apps: add skipDnsSetup to install/restore/clone routes these are not used in the UI but added for completeness part of #737
2021-02-24 14:49:30 -08:00
skipDnsSetup = 'skipDnsSetup' in data ? data.skipDnsSetup : false,
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
appStoreId = data.appStoreId,
manifest = data.manifest;
fix apps.install insane arg list
2016-06-03 23:22:38 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
let error = manifestFormat.parse(manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw new BoxError(BoxError.BAD_FIELD, `Manifest error: ${error.message}`);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = checkManifestConstraints(manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validatePortBindings(portBindings, manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validateAccessRestriction(accessRestriction);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validateMemoryLimit(manifest, memoryLimit);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validateDebugMode(debugMode);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Set memory limit on app installation to the default or the one specified in the manifest
2016-02-05 15:07:27 +01:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validateLabel(label);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Always store the memory limit in the app db record and adjust on update if needed
2016-02-11 18:14:16 +01:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validateTags(tags);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Revert "apptask: backupId/format is not part of install anymore" This reverts commit 49e5c60422e26d2a1230dfa53e1e3a478f5300ef.
2019-10-11 20:21:32 -07:00
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
let sso = 'sso' in data ? data.sso : null;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if ('sso' in data && !('optionalSso' in manifest)) throw new BoxError(BoxError.BAD_FIELD, 'sso can only be specified for apps with optionalSso');
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
// if sso was unspecified, enable it by default if possible
Add proxyAuth as an addon
2020-11-10 09:59:28 -08:00
if (sso === null) sso = !!manifest.addons['ldap'] || !!manifest.addons['proxyAuth'];
Add labels and tags
2019-03-22 07:48:31 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
error = validateEnv(env);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Add labels and tags
2019-03-22 07:48:31 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (settings.isDemo() && constants.DEMO_BLACKLISTED_APPS.includes(appStoreId)) throw new BoxError(BoxError.BAD_FIELD, 'This app is blacklisted in the demo');
Disallow cloudtorrent in demo mode
2020-05-04 14:56:10 -07:00
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
// sendmail is enabled by default
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
const enableMailbox = 'enableMailbox' in data ? data.enableMailbox : true;
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
const mailboxName = manifest.addons?.sendmail ? mailboxNameForLocation(location, manifest) : null;
const mailboxDomain = manifest.addons?.sendmail ? domain : null;
add sso route parameter to app install presumably, we don't allow this to be changed post installation
2016-11-11 10:55:44 +05:30
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
let icon = data.icon || null;
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
if (icon) {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!validator.isBase64(icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64', { field: 'icon' });
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
icon = Buffer.from(icon, 'base64');
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
}
initialize appId before icon is saved
2016-07-09 12:25:00 -07:00
allow wilcard in alias domains
2021-01-18 22:47:53 -08:00
const locations = [{ subdomain: location, domain, type: 'primary' }]
.concat(alternateDomains.map(ad => _.extend(ad, { type: 'redirect' })))
.concat(aliasDomains.map(ad => _.extend(ad, { type: 'alias' })));
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const domainObjectMap = await validateLocations(locations);
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
const appId = uuid.v4();
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
debug('Will install app with id : ' + appId);
const app = {
accessRestriction,
memoryLimit,
sso,
debugMode,
mailboxName,
mailboxDomain,
enableBackup,
enableAutomaticUpdate,
alternateDomains,
aliasDomains,
env,
label,
tags,
icon,
enableMailbox,
runState: exports.RSTATE_RUNNING,
installationState: exports.ISTATE_PENDING_INSTALL
};
Remove usage of config.appFqdn()
2018-01-09 21:03:59 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [addError] = await safe(add(appId, appStoreId, manifest, location, domain, translatePortBindings(portBindings, manifest), app));
if (addError && addError.reason === BoxError.ALREADY_EXISTS) throw getDuplicateErrorDetails(addError.message, locations, domainObjectMap, portBindings);
if (addError) throw addError;
Rollback appdb record on clone and install if appstore purchase fails
2018-05-03 13:20:34 +02:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await purchaseApp({ appId, appstoreId: appStoreId, manifestId: manifest.id || 'customapp' });
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: { restoreConfig: null, skipDnsSetup, overwriteDns },
values: { },
requiredState: app.installationState
};
Make restoreConfigJson, oldConfigJson, updateConfigJson as task args
2019-08-27 15:18:16 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, app.installationState, task);
add full app object to app related eventlog actions
2018-02-20 10:34:09 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const newApp = _.extend({}, _.omit(app, 'icon'), { appStoreId, manifest, location, domain, portBindings });
newApp.fqdn = dns.fqdn(newApp.location, domainObjectMap[newApp.domain]);
newApp.alternateDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
newApp.aliasDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
Attach fqdn information consistently in the eventlog
2019-09-27 11:24:21 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_INSTALL, auditSource, { appId, app: newApp, taskId });
Remove usage of config.appFqdn()
2018-01-09 21:03:59 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { id : appId, taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setAccessRestriction(app, accessRestriction, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof accessRestriction, 'object');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = validateAccessRestriction(accessRestriction);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { accessRestriction });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, accessRestriction });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
async function setOperators(app, operators, auditSource) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof operators, 'object');
assert.strictEqual(typeof auditSource, 'object');
const appId = app.id;
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
const error = validateAccessRestriction(operators); // not a typo. same structure for operators and accessRestriction
Implement operator role for apps There are two main use cases: * A consultant/contractor/external developer is given access to just an app. * A "service" personnel (say upstream app author) is to be given access to single app for debugging. Since, this is an "app admin", they are also given access to apps to be consistent with the idea that Cloudron admin has access to all apps. part of #791
2021-09-21 10:11:27 -07:00
if (error) throw error;
await update(appId, { operators });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, operators });
}
apps: add crontab crontab is a text field, so we can have comments part of #793
2021-09-27 14:21:42 -07:00
async function setCrontab(app, crontab, auditSource) {
assert.strictEqual(typeof app, 'object');
assert(crontab === null || typeof crontab === 'string');
assert.strictEqual(typeof auditSource, 'object');
const appId = app.id;
parseCrontab(crontab);
await update(appId, { crontab });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, crontab });
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setLabel(app, label, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof label, 'string');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = validateLabel(label);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { label });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, label });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setTags(app, tags, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert(Array.isArray(tags));
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = validateTags(tags);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { tags });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, tags });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setIcon(app, icon, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert(icon === null || typeof icon === 'string');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if (icon) {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!validator.isBase64(icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64', { field: 'icon' });
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
icon = Buffer.from(icon, 'base64');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
}
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { icon });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, iconChanged: true });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setMemoryLimit(app, memoryLimit, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof memoryLimit, 'number');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RESIZE);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = validateMemoryLimit(app.manifest, memoryLimit);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { memoryLimit }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_RESIZE, task);
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, memoryLimit, taskId });
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setCpuShares(app, cpuShares, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
assert.strictEqual(typeof cpuShares, 'number');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RESIZE);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = validateCpuShares(cpuShares);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { cpuShares }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await safe(addTask(appId, exports.ISTATE_PENDING_RESIZE, task));
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, cpuShares, taskId });
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
apps: configure cpuShares
2020-01-28 21:30:35 -08:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setMounts(app, mounts, auditSource) {
Add binds support to containers
2020-04-29 21:55:21 -07:00
assert.strictEqual(typeof app, 'object');
rename appVolumes to appMounts
2020-10-28 19:42:48 -07:00
assert(Array.isArray(mounts));
Add binds support to containers
2020-04-29 21:55:21 -07:00
assert.strictEqual(typeof auditSource, 'object');
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RECREATE_CONTAINER);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Add binds support to containers
2020-04-29 21:55:21 -07:00
const task = {
args: {},
rename appVolumes to appMounts
2020-10-28 19:42:48 -07:00
values: { mounts }
Add binds support to containers
2020-04-29 21:55:21 -07:00
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [taskError, taskId] = await safe(addTask(appId, exports.ISTATE_PENDING_RECREATE_CONTAINER, task));
if (taskError && taskError.reason === BoxError.ALREADY_EXISTS) throw new BoxError(BoxError.CONFLICT, 'Duplicate mount points');
if (taskError) throw taskError;
Add binds support to containers
2020-04-29 21:55:21 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, mounts, taskId });
Add binds support to containers
2020-04-29 21:55:21 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Add binds support to containers
2020-04-29 21:55:21 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setEnvironment(app, env, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof env, 'object');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RECREATE_CONTAINER);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = validateEnv(env);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { env }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_RECREATE_CONTAINER, task);
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, env, taskId });
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setDebugMode(app, debugMode, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof debugMode, 'object');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_DEBUG);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = validateDebugMode(debugMode);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { debugMode }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_DEBUG, task);
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, debugMode, taskId });
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setMailbox(app, data, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Add optional mailbox support
2021-03-16 22:38:59 -07:00
assert.strictEqual(typeof data, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
assert.strictEqual(typeof data.enable, 'boolean');
const enableMailbox = data.enable;
Add optional mailbox support
2021-03-16 22:38:59 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RECREATE_CONTAINER);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
make mailbox domain nullable for apps that do not use sendmail/recvmail addon, these are now null. otherwise, there is no way to edit the mailbox in the UI part of #669
2020-03-30 22:18:39 -07:00
cannot disable sendmail if not optional
2021-10-01 11:19:26 -07:00
if (!app.manifest.addons?.sendmail) throw new BoxError(BoxError.BAD_FIELD, 'App does not use sendmail');
const optional = 'optional' in app.manifest.addons.sendmail ? app.manifest.addons.sendmail.optional : false;
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
if (!optional && !enableMailbox) throw new BoxError(BoxError.BAD_FIELD, 'App requires sendmail to be enabled');
merge maildb.js into mail.js
2021-06-29 14:26:34 -07:00
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
let mailboxName = data.mailboxName || null;
const mailboxDomain = data.mailboxDomain || null;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
if (enableMailbox) {
await mail.getDomain(mailboxDomain); // check if domain exists
if (mailboxName) {
error = mail.validateName(mailboxName);
if (error) throw new BoxError(BoxError.BAD_FIELD, error.message, { field: 'mailboxName' });
} else {
mailboxName = mailboxNameForLocation(app.location, app.domain, app.manifest);
}
}
const task = {
args: {},
values: { enableMailbox, mailboxName, mailboxDomain }
};
const taskId = await addTask(appId, exports.ISTATE_PENDING_RECREATE_CONTAINER, task);
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, mailboxName, mailboxDomain, taskId });
return { taskId };
}
async function setInbox(app, data, auditSource) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof data, 'object');
assert.strictEqual(typeof auditSource, 'object');
assert.strictEqual(typeof data.enable, 'boolean');
const enableInbox = data.enable;
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RECREATE_CONTAINER);
if (error) throw error;
if (!app.manifest.addons?.recvmail) throw new BoxError(BoxError.BAD_FIELD, 'App does not use recvmail addon');
const inboxName = data.inboxName || null;
const inboxDomain = data.inboxDomain || null;
if (enableInbox) {
const domain = await mail.getDomain(data.inboxDomain); // check if domain exists
if (!domain.enabled) throw new BoxError(BoxError.BAD_FIELD, 'Domain does not have incoming email enabled');
error = mail.validateName(data.inboxName);
if (error) throw new BoxError(BoxError.BAD_FIELD, error.message, { field: 'inboxName' });
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
}
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: {},
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
values: { enableInbox, inboxName, inboxDomain }
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
};
const taskId = await addTask(appId, exports.ISTATE_PENDING_RECREATE_CONTAINER, task);
add mailboxDomain field to apps table
2019-11-14 21:43:14 -08:00
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, enableInbox, inboxName, inboxDomain, taskId });
add mailboxDomain field to apps table
2019-11-14 21:43:14 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setAutomaticBackup(app, enable, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof enable, 'boolean');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { enableBackup: enable });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, enableBackup: enable });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setAutomaticUpdate(app, enable, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof enable, 'boolean');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { enableAutomaticUpdate: enable });
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, enableAutomaticUpdate: enable });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
async function setReverseProxyConfig(app, reverseProxyConfig, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
assert.strictEqual(typeof reverseProxyConfig, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
frameAncestors -> csp It seems we cannot separate frame ancestors from CSP because the hide header just hides everything and not a specific resource. This means that the user has to set or unset the full policy whole sale.
2019-10-14 16:59:22 -07:00
reverseProxyConfig = _.extend({ robotsTxt: null, csp: null }, reverseProxyConfig);
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = validateCsp(reverseProxyConfig.csp);
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = validateRobotsTxt(reverseProxyConfig.robotsTxt);
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
if (error) throw error;
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
await reverseProxy.writeAppConfig(_.extend({}, app, { reverseProxyConfig }));
Add field to configure the reverse proxy part of #596
2019-10-13 18:22:03 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(appId, { reverseProxyConfig });
Add robotsTxt tests
2019-09-09 21:41:55 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, reverseProxyConfig });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
async function setCertificate(app, data, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
store custom app certificates in subdomains table the REST route and model code is still ununsed as before since there is no way to set the certs from the UI.
2021-05-05 10:34:22 -07:00
assert(data && typeof data === 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
store custom app certificates in subdomains table the REST route and model code is still ununsed as before since there is no way to set the certs from the UI.
2021-05-05 10:34:22 -07:00
const { location, domain, cert, key } = data;
Break down the configure route
2019-09-08 16:57:08 -07:00
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
const domainObject = await domains.get(domain);
Break down the configure route
2019-09-08 16:57:08 -07:00
reverseproxy: async'ify
2021-08-17 14:04:29 -07:00
if (cert && key) {
const error = reverseProxy.validateCertificate(location, domainObject, { cert, key });
if (error) throw error;
}
Break down the configure route
2019-09-08 16:57:08 -07:00
Fix renamed function call
2021-09-21 18:58:18 +02:00
await reverseProxy.setAppCertificate(location, domainObject, { cert, key });
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, cert, key });
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setLocation(app, data, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof data, 'object');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_LOCATION_CHANGE);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
let values = {
location: data.location.toLowerCase(),
domain: data.domain.toLowerCase(),
// these are intentionally reset, if not set
portBindings: null,
implement domain aliases
2021-01-18 17:26:26 -08:00
alternateDomains: [],
aliasDomains: []
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
};
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if ('portBindings' in data) {
error = validatePortBindings(data.portBindings, app.manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
values.portBindings = translatePortBindings(data.portBindings || null, app.manifest);
}
Break down the configure route
2019-09-08 16:57:08 -07:00
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
// rename the auto-created mailbox to match the new location
if (app.manifest.addons?.sendmail && app.mailboxName.endsWith('.app')) {
make mailbox domain nullable for apps that do not use sendmail/recvmail addon, these are now null. otherwise, there is no way to edit the mailbox in the UI part of #669
2020-03-30 22:18:39 -07:00
values.mailboxName = mailboxNameForLocation(values.location, app.manifest);
values.mailboxDomain = values.domain;
}
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if ('alternateDomains' in data) {
values.alternateDomains = data.alternateDomains;
}
Validate alternate domain this also sets up fqdn in the eventlog entries
2019-09-27 10:25:26 -07:00
implement domain aliases
2021-01-18 17:26:26 -08:00
if ('aliasDomains' in data) {
values.aliasDomains = data.aliasDomains;
}
allow wilcard in alias domains
2021-01-18 22:47:53 -08:00
const locations = [{ subdomain: values.location, domain: values.domain, type: 'primary' }]
.concat(values.alternateDomains.map(ad => _.extend(ad, { type: 'redirect' })))
.concat(values.aliasDomains.map(ad => _.extend(ad, { type: 'alias' })));
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const domainObjectMap = await validateLocations(locations);
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: {
oldConfig: _.pick(app, 'location', 'domain', 'fqdn', 'alternateDomains', 'aliasDomains', 'portBindings'),
skipDnsSetup: !!data.skipDnsSetup,
overwriteDns: !!data.overwriteDns
},
values
};
let [taskError, taskId] = await safe(addTask(appId, exports.ISTATE_PENDING_LOCATION_CHANGE, task));
if (taskError && taskError.reason === BoxError.ALREADY_EXISTS) taskError = getDuplicateErrorDetails(error.message, locations, domainObjectMap, data.portBindings);
if (taskError) throw taskError;
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
values.fqdn = dns.fqdn(values.location, domainObjectMap[values.domain]);
values.alternateDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
values.aliasDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
Attach fqdn information consistently in the eventlog
2019-09-27 11:24:21 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, _.extend({ appId, app, taskId }, values));
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function setDataDir(app, dataDir, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
test data dir migration
2019-09-09 16:37:59 -07:00
assert(dataDir === null || typeof dataDir === 'string');
Break down the configure route
2019-09-08 16:57:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_DATA_DIR_MIGRATION);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Break down the configure route
2019-09-08 16:57:08 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = validateDataDir(dataDir);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: { newDataDir: dataDir },
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
values: {}
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_DATA_DIR_MIGRATION, task);
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, dataDir, taskId });
Break down the configure route
2019-09-08 16:57:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Break down the configure route
2019-09-08 16:57:08 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function updateApp(app, data, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
pass data object to update
2016-06-04 19:06:16 -07:00
assert(data && typeof data === 'object');
typoe in assert
2020-03-30 15:05:37 -07:00
assert(data.manifest && typeof data.manifest === 'object');
add event log in model code
2016-05-01 21:37:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
const skipBackup = !!data.skipBackup,
Only a Cloudron owner can install/update/exec apps with the docker addon this should have been part of f1975d8f2bf0e017db15188d7827ac3df136ac93
2020-03-29 18:40:49 -07:00
appId = app.id,
update: set/unset appStoreId from the update route
2020-12-09 16:51:49 -08:00
manifest = data.manifest,
appStoreId = data.appStoreId;
Only a Cloudron owner can install/update/exec apps with the docker addon this should have been part of f1975d8f2bf0e017db15188d7827ac3df136ac93
2020-03-29 18:40:49 -07:00
clear mailbox on update and restore part of #669
2020-03-31 15:44:46 -07:00
let values = {};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (app.runState === exports.RSTATE_STOPPED) throw new BoxError(BoxError.BAD_STATE, 'Stopped apps cannot be updated');
Fix use of skipBackup also, store it in the eventlog
2019-09-26 20:10:11 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
let error = checkAppState(app, exports.ISTATE_PENDING_UPDATE);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
pass data object to update
2016-06-04 19:06:16 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = manifestFormat.parse(manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw new BoxError(BoxError.BAD_FIELD, 'Manifest error:' + error.message);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = checkManifestConstraints(manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const updateConfig = { skipBackup, manifest, appStoreId }; // this will clear appStoreId when updating from a repo and set it if passed in for update route
Disallow updating an app with mismatching manifest id Story so far: 1. App installed from store. appStoreId is set to manifest.id. 2. User installed a custom built app with a custom manifest.id using cloudron install --app <id>. The appStoreId is still set. 3. When we make a new release, it overrides the users install. The fix (for now) is: 1. Do not allow mismatching ids to start with. 2. When forced, it is allowed but appStoreId is cleared so as to not get any auto updates. This leaves the user vulnerable to 'cloudron uninstall' simply autoselecting this new app. For this, they have to simply disable CLI mode for now. There is also a corner case where: 1. Dev installs from app store 2. Dev compiles from source and updates on top of app store install with --app <id> 3. Dev find out that his installation has auto-updated the next day.
2016-03-25 11:35:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// prevent user from installing a app with different manifest id over an existing app
// this allows cloudron install -f --app <appid> for an app installed from the appStore
if (app.manifest.id !== updateConfig.manifest.id) {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!data.force) throw new BoxError(BoxError.BAD_FIELD, 'manifest id does not match. force to override');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
}
disallow downgrade of App Store apps We hit this interesting case: 1. Dashboard showed update indicator for an app of v1. indicator is saying v2 is available. 2. In the meantime, the cron updated the app from v1 to v2 and then to v3 (i.e updates applied) 3. Dashboard for whatever reason (internet issues/laptop suspend) continues to show v2 update indicator. This is despite the update logic clearing the update available notification. 4. Use clicked updated indicator on the updated app. App updates to an old version v2!
2019-01-11 14:19:32 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// suffix '0' if prerelease is missing for semver.lte to work as expected
const currentVersion = semver.prerelease(app.manifest.version) ? app.manifest.version : `${app.manifest.version}-0`;
const updateVersion = semver.prerelease(updateConfig.manifest.version) ? updateConfig.manifest.version : `${updateConfig.manifest.version}-0`;
if (app.appStoreId !== '' && semver.lte(updateVersion, currentVersion)) {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!data.force) throw new BoxError(BoxError.BAD_FIELD, 'Downgrades are not permitted for apps installed from AppStore. force to override');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
}
disallow downgrade of App Store apps We hit this interesting case: 1. Dashboard showed update indicator for an app of v1. indicator is saying v2 is available. 2. In the meantime, the cron updated the app from v1 to v2 and then to v3 (i.e updates applied) 3. Dashboard for whatever reason (internet issues/laptop suspend) continues to show v2 update indicator. This is despite the update logic clearing the update available notification. 4. Use clicked updated indicator on the updated app. App updates to an old version v2!
2019-01-11 14:19:32 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if ('icon' in data) {
if (data.icon) {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!validator.isBase64(data.icon)) throw new BoxError(BoxError.BAD_FIELD, 'icon is not base64', { field: 'icon' });
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
data.icon = Buffer.from(data.icon, 'base64');
only owner can install/repair/update/exec docker addon apps
2020-03-29 16:24:04 -07:00
}
apps: add icon and appStoreIcon to database
2021-04-30 13:18:15 -07:00
values.icon = data.icon;
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
}
update code path now takes appStoreId
2016-06-04 19:19:00 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// do not update apps in debug mode
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (app.debugMode && !data.force) throw new BoxError(BoxError.BAD_STATE, 'debug mode enabled. force to override');
Add readonlyRootfs flag to apps table When turned off, it will put the app in a writable rootfs. This allows us to debug live/production apps (like change start.sh) and just get them up and running. Once turned off, this app cannot be updated anymore (unless the force flag is set). This way we can then update it using the CLI if we are convinced that the upcoming update fixes the problem. Part of #171
2017-01-19 11:20:24 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// Ensure we update the memory limit in case the new app requires more memory as a minimum
// 0 and -1 are special updateConfig for memory limit indicating unset and unlimited
if (app.memoryLimit > 0 && updateConfig.manifest.memoryLimit && app.memoryLimit < updateConfig.manifest.memoryLimit) {
updateConfig.memoryLimit = updateConfig.manifest.memoryLimit;
}
Ensure we stash and restore the memoryLimit
2016-02-14 12:10:22 +01:00
app: clear mailbox fields when sendmail is removed with an update
2021-10-03 23:38:12 -07:00
if (!manifest.addons?.sendmail) { // clear if the update removed addon
clear mailbox on update and restore part of #669
2020-03-31 15:44:46 -07:00
values.mailboxName = values.mailboxDomain = null;
app: clear mailbox fields when sendmail is removed with an update
2021-10-03 23:38:12 -07:00
} else if (!app.mailboxName || app.mailboxName.endsWith('.app')) { // allocate since update added the addon
clear mailbox on update and restore part of #669
2020-03-31 15:44:46 -07:00
values.mailboxName = mailboxNameForLocation(app.location, manifest);
values.mailboxDomain = app.domain;
}
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: { updateConfig },
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
values
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_UPDATE, task);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_UPDATE, auditSource, { appId, app, skipBackup, toManifest: manifest, fromManifest: app.manifest, force: data.force, taskId });
add event log in model code
2016-05-01 21:37:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
For app tickets, send the log files along
2020-10-06 17:53:04 +02:00
function getLocalLogfilePaths(app) {
assert.strictEqual(typeof app, 'object');
const appId = app.id;
var filePaths = [];
filePaths.push(path.join(paths.LOG_DIR, appId, 'apptask.log'));
filePaths.push(path.join(paths.LOG_DIR, appId, 'app.log'));
if (app.manifest.addons && app.manifest.addons.redis) filePaths.push(path.join(paths.LOG_DIR, `redis-${appId}/app.log`));
return filePaths;
}
make getLogs async
2021-10-01 09:23:20 -07:00
async function getLogs(app, options) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Download short format logs from web ui Fixes #304
2017-04-18 20:32:57 -07:00
assert(options && typeof options === 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
Fix line param parsing lines is a positive integer or -1 to disable line limiting. The default value is 10 if no argument is given. Fixes #604
2019-01-08 12:10:53 -08:00
assert.strictEqual(typeof options.lines, 'number');
assert.strictEqual(typeof options.format, 'string');
assert.strictEqual(typeof options.follow, 'boolean');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
Use journalctl to get app logs
2015-11-02 11:20:50 -08:00
make getLogs async
2021-10-01 09:23:20 -07:00
const lines = options.lines === -1 ? '+1' : options.lines,
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
format = options.format || 'json',
follow = options.follow;
Download short format logs from web ui Fixes #304
2017-04-18 20:32:57 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof format, 'string');
Support new platform/addon log style
2018-06-11 20:09:38 +02:00
make getLogs async
2021-10-01 09:23:20 -07:00
const args = [ '--lines=' + lines ];
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if (follow) args.push('--follow', '--retry', '--quiet'); // same as -F. to make it work if file doesn't exist, --quiet to not output file headers, which are no logs
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
make getLogs async
2021-10-01 09:23:20 -07:00
const cp = spawn('/usr/bin/tail', args.concat(getLocalLogfilePaths(app)));
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
make getLogs async
2021-10-01 09:23:20 -07:00
const transformStream = split(function mapper(line) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if (format !== 'json') return line + '\n';
Bring back json log format for now
2018-06-04 21:24:02 +02:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
var data = line.split(' '); // logs are <ISOtimestamp> <msg>
var timestamp = (new Date(data[0])).getTime();
if (isNaN(timestamp)) timestamp = 0;
var message = line.slice(data[0].length+1);
Ignore faulty empty log lines
2018-06-14 12:21:43 +02:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// ignore faulty empty logs
if (!timestamp && !message) return;
Deliver the correct utc timestamp instead of the ISO string
2018-06-04 21:34:05 +02:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
return JSON.stringify({
realtimeTimestamp: timestamp * 1000,
message: message,
source: appId
}) + '\n';
});
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
transformStream.close = cp.kill.bind(cp, 'SIGKILL'); // closing stream kills the child process
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
cp.stdout.pipe(transformStream);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
make getLogs async
2021-10-01 09:23:20 -07:00
return transformStream;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
apps: get user certificate
2021-05-07 21:37:23 -07:00
async function getCertificate(subdomain, domain) {
assert.strictEqual(typeof subdomain, 'string');
assert.strictEqual(typeof domain, 'string');
const result = await database.query('SELECT certificateJson FROM subdomains WHERE subdomain=? AND domain=?', [ subdomain, domain ]);
if (result.length === 0) return null;
return JSON.parse(result[0].certificateJson);
}
Fix repair If a task fails, we can either: * allow other task ops to be called - we cannot do this because the ops are fine-grained. for example, a restore failure removes many things and calling set-memory or set-location in that state won't make sense. * provide a generic repair route - this allows one to override args and call the failed task again. this is what we have now but has the issue that this repair function has to know about all the other op functions. for example, for argument validation. we can do some complicated refactoring to make it work if we want. * just a generic total re-configure - this does not work because clone/restore/backup/datadir/uninstall/update failure leaves the app in a state which re-configure cannot do anything about. * allow the failed op to be called again - this seems the easiest. we just allow the route to be called again in the error state. * if we hit a state where even providing extra args, cannot get you out of this "error" state, we have to provide some repair route. for example, maybe the container disappeared by some docke error. user clicks 'repair' to recreate the container. this route does not have to take any args. The final solution is: * a failed task can be called again via the route. so we can resubmit any args and we get validation * repair route just re-configures and can be called in any state to just rebuild container. re-configure is also doing only local changes (docker, nginx) * install/clone failures are fixed using repair route. updated manifest can be passed in. * UI shows backup selector for restore failures * UI shows domain selector for change location failulre
2019-11-23 18:35:51 -08:00
// does a re-configure when called from most states. for install/clone errors, it re-installs with an optional manifest
repair: take optional docker image for re-configure
2020-02-11 21:05:01 -08:00
// re-configure can take a dockerImage but not a manifest because re-configure does not clean up addons
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function repair(app, data, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Fix repair If a task fails, we can either: * allow other task ops to be called - we cannot do this because the ops are fine-grained. for example, a restore failure removes many things and calling set-memory or set-location in that state won't make sense. * provide a generic repair route - this allows one to override args and call the failed task again. this is what we have now but has the issue that this repair function has to know about all the other op functions. for example, for argument validation. we can do some complicated refactoring to make it work if we want. * just a generic total re-configure - this does not work because clone/restore/backup/datadir/uninstall/update failure leaves the app in a state which re-configure cannot do anything about. * allow the failed op to be called again - this seems the easiest. we just allow the route to be called again in the error state. * if we hit a state where even providing extra args, cannot get you out of this "error" state, we have to provide some repair route. for example, maybe the container disappeared by some docke error. user clicks 'repair' to recreate the container. this route does not have to take any args. The final solution is: * a failed task can be called again via the route. so we can resubmit any args and we get validation * repair route just re-configures and can be called in any state to just rebuild container. re-configure is also doing only local changes (docker, nginx) * install/clone failures are fixed using repair route. updated manifest can be passed in. * UI shows backup selector for restore failures * UI shows domain selector for change location failulre
2019-11-23 18:35:51 -08:00
assert.strictEqual(typeof data, 'object'); // { manifest }
Add repair route this is specifically for the case where some task failed and user wants to get it back.
2019-09-19 17:04:11 -07:00
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let errorState = (app.error && app.error.installationState) || exports.ISTATE_PENDING_CONFIGURE;
Add repair route this is specifically for the case where some task failed and user wants to get it back.
2019-09-19 17:04:11 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: {},
requiredState: null
};
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// maybe split this into a separate route like reinstall?
if (errorState === exports.ISTATE_PENDING_INSTALL || errorState === exports.ISTATE_PENDING_CLONE) {
apps: add skipDnsSetup to install/restore/clone routes these are not used in the UI but added for completeness part of #737
2021-02-24 14:49:30 -08:00
task.args = { skipDnsSetup: false, overwriteDns: true };
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if (data.manifest) {
let error = manifestFormat.parse(data.manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw new BoxError(BoxError.BAD_FIELD, `manifest error: ${error.message}`);
Add repair route this is specifically for the case where some task failed and user wants to get it back.
2019-09-19 17:04:11 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
error = checkManifestConstraints(data.manifest);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
make recvmail work unlike sendmail, recvmail is always optional. this is the case because the cloudron may not receive emails at all, so app always has to be prepared for it. part of #804
2021-10-01 12:09:13 -07:00
if (!data.manifest.addons?.sendmail) { // clear if repair removed addon
clear mailbox on update and restore part of #669
2020-03-31 15:44:46 -07:00
task.values.mailboxName = task.values.mailboxDomain = null;
} else if (!app.mailboxName || app.mailboxName.endsWith('.app')) { // allocate since repair added the addon
task.values.mailboxName = mailboxNameForLocation(app.location, data.manifest);
task.values.mailboxDomain = app.domain;
}
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
task.values.manifest = data.manifest;
task.args.oldManifest = app.manifest;
}
} else {
errorState = exports.ISTATE_PENDING_CONFIGURE;
if (data.dockerImage) {
let newManifest = _.extend({}, app.manifest, { dockerImage: data.dockerImage });
task.values.manifest = newManifest;
Fix repair If a task fails, we can either: * allow other task ops to be called - we cannot do this because the ops are fine-grained. for example, a restore failure removes many things and calling set-memory or set-location in that state won't make sense. * provide a generic repair route - this allows one to override args and call the failed task again. this is what we have now but has the issue that this repair function has to know about all the other op functions. for example, for argument validation. we can do some complicated refactoring to make it work if we want. * just a generic total re-configure - this does not work because clone/restore/backup/datadir/uninstall/update failure leaves the app in a state which re-configure cannot do anything about. * allow the failed op to be called again - this seems the easiest. we just allow the route to be called again in the error state. * if we hit a state where even providing extra args, cannot get you out of this "error" state, we have to provide some repair route. for example, maybe the container disappeared by some docke error. user clicks 'repair' to recreate the container. this route does not have to take any args. The final solution is: * a failed task can be called again via the route. so we can resubmit any args and we get validation * repair route just re-configures and can be called in any state to just rebuild container. re-configure is also doing only local changes (docker, nginx) * install/clone failures are fixed using repair route. updated manifest can be passed in. * UI shows backup selector for restore failures * UI shows domain selector for change location failulre
2019-11-23 18:35:51 -08:00
}
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
}
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, errorState, task);
Validate the location passed in repair route
2019-10-03 11:35:27 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_REPAIR, auditSource, { app, taskId });
Validate the location passed in repair route
2019-10-03 11:35:27 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Add repair route this is specifically for the case where some task failed and user wants to get it back.
2019-09-19 17:04:11 -07:00
}
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
async function restore(app, backupId, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
restore: only take non-empty backupId
2019-12-05 21:15:09 -08:00
assert.strictEqual(typeof backupId, 'string');
add event log in model code
2016-05-01 21:37:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
let error = checkAppState(app, exports.ISTATE_PENDING_RESTORE);
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
if (error) throw error;
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// for empty or null backupId, use existing manifest to mimic a reinstall
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
const backupInfo = backupId ? await backups.get(backupId) : { manifest: app.manifest };
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
if (!backupInfo.manifest) throw new BoxError(BoxError.EXTERNAL_ERROR, 'Could not get restore manifest');
if (backupInfo.encryptionVersion === 1) throw new BoxError(BoxError.BAD_FIELD, 'This encrypted backup was created with an older Cloudron version and has to be restored using the CLI tool');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
// re-validate because this new box version may not accept old configs
error = checkManifestConstraints(backupInfo.manifest);
if (error) throw error;
restore from the backup's config.json To summarize what we are doing is that restore is simply getting old data and old code. Config is not changed. If config is required, then it has to come in the restore REST parameter. Otherwise, there is too much magic. https://blog.smartserver.io/2016/06/13/app-restore/
2016-06-13 13:44:49 -07:00
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
let values = { manifest: backupInfo.manifest };
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
if (!backupInfo.manifest.addons?.sendmail) { // clear if restore removed addon
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
values.mailboxName = values.mailboxDomain = null;
} else if (!app.mailboxName || app.mailboxName.endsWith('.app')) { // allocate since restore added the addon
values.mailboxName = mailboxNameForLocation(app.location, backupInfo.manifest);
values.mailboxDomain = app.domain;
}
parse the response
2016-06-13 18:11:11 -07:00
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
const restoreConfig = { backupId, backupFormat: backupInfo.format };
clear mailbox on update and restore part of #669
2020-03-31 15:44:46 -07:00
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
const task = {
args: {
restoreConfig,
oldManifest: app.manifest,
skipDnsSetup: !!backupId, // if this is a restore, just skip dns setup. only re-installs should setup dns
overwriteDns: true
},
values
};
restore without a backup is the same as re-install
2015-08-19 10:54:39 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_RESTORE, task);
restore without a backup is the same as re-install
2015-08-19 10:54:39 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_RESTORE, auditSource, { app: app, backupId: backupInfo.id, fromManifest: app.manifest, toManifest: backupInfo.manifest, taskId });
add event log in model code
2016-05-01 21:37:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function importApp(app, data, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
assert.strictEqual(typeof data, 'object');
assert.strictEqual(typeof auditSource, 'object');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
// all fields are optional
data.backupId = data.backupId || null;
data.backupFormat = data.backupFormat || null;
data.backupConfig = data.backupConfig || null;
const { backupId, backupFormat, backupConfig } = data;
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
let error = backupFormat ? validateBackupFormat(backupFormat) : null;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
implement in-place import and custom backup config
2019-12-04 18:54:25 -08:00
make import a task of it's own this allows us to distinguish it in the eventlog and apptask logic
2021-05-26 09:27:15 -07:00
error = checkAppState(app, exports.ISTATE_PENDING_IMPORT);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// TODO: make this smarter to do a read-only test and check if the file exists in the storage backend
backups: make test config funcs return error
2021-09-17 10:11:28 -07:00
if (backupConfig) {
import: validate and create transient mount point fixes #788
2021-09-29 20:16:06 -07:00
if (mounts.isMountProvider(backupConfig.provider)) {
backupConfig.mountPoint = `/mnt/appimport-${app.id}`;
error = mounts.validateMountOptions(backupConfig.provider, backupConfig.mountOptions);
if (error) throw error;
const mountObject = { // keep this in sync with the import code in apptask
name: `appimport-${app.id}`,
hostPath: backupConfig.mountPoint,
mountType: backupConfig.provider,
mountOptions: backupConfig.mountOptions
};
await mounts.tryAddMount(mountObject, { timeout: 10 });
}
backups: make test config funcs return error
2021-09-17 10:11:28 -07:00
error = await backups.testProviderConfig(backupConfig);
if (error) throw error;
}
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (backupConfig) {
if ('password' in backupConfig) {
backupConfig.encryption = backups.generateEncryptionKeysSync(backupConfig.password);
delete backupConfig.password;
} else {
backupConfig.encryption = null;
create encryption keys from password during app import & restore
2020-05-12 15:49:43 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
}
create encryption keys from password during app import & restore
2020-05-12 15:49:43 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const restoreConfig = { backupId, backupFormat, backupConfig };
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: {
restoreConfig,
oldManifest: app.manifest,
skipDnsSetup: false,
overwriteDns: true
},
values: {}
};
const taskId = await addTask(appId, exports.ISTATE_PENDING_IMPORT, task);
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_IMPORT, auditSource, { app: app, backupId, fromManifest: app.manifest, toManifest: app.manifest, taskId });
implement in-place import and custom backup config
2019-12-04 18:54:25 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Make external backup restore a separate route (import) fixes #650
2019-10-15 09:16:29 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function exportApp(app, data, auditSource) {
app: add export route Currently, the export route only creates the snapshot (the other side of in-place import). In the future, the export route can export to a custom backup config (like import).
2020-12-06 19:38:50 -08:00
assert.strictEqual(typeof app, 'object');
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
assert.strictEqual(typeof data, 'object');
assert.strictEqual(typeof auditSource, 'object');
app: add export route Currently, the export route only creates the snapshot (the other side of in-place import). In the future, the export route can export to a custom backup config (like import).
2020-12-06 19:38:50 -08:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_BACKUP);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app: add export route Currently, the export route only creates the snapshot (the other side of in-place import). In the future, the export route can export to a custom backup config (like import).
2020-12-06 19:38:50 -08:00
const task = {
args: { snapshotOnly: true },
values: {}
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_BACKUP, task);
return { taskId };
app: add export route Currently, the export route only creates the snapshot (the other side of in-place import). In the future, the export route can export to a custom backup config (like import).
2020-12-06 19:38:50 -08:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function purchaseApp(data) {
Fix http status code handling
2019-05-05 10:31:42 -07:00
assert.strictEqual(typeof data, 'object');
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [purchaseError] = await safe(appstore.purchaseApp(data));
if (!purchaseError) return;
appstore and support: async'ify
2021-08-18 15:54:53 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await del(data.appId);
return error if purchase fails
2021-09-16 17:19:38 +02:00
throw purchaseError;
Fix http status code handling
2019-05-05 10:31:42 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function clone(app, data, user, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
implement clone
2016-06-17 17:12:55 -05:00
assert.strictEqual(typeof data, 'object');
move addSpacesSuffix to model logic
2018-09-04 16:37:08 -07:00
assert(user && typeof user === 'object');
implement clone
2016-06-17 17:12:55 -05:00
assert.strictEqual(typeof auditSource, 'object');
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
const location = data.location.toLowerCase(),
Make appFqdn() multidomain aware
2017-11-02 22:17:44 +01:00
domain = data.domain.toLowerCase(),
implement clone
2016-06-17 17:12:55 -05:00
portBindings = data.portBindings || null,
Add ownerId for apps This tracks who installed the app.
2018-05-13 21:02:57 -07:00
backupId = data.backupId,
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
overwriteDns = 'overwriteDns' in data ? data.overwriteDns : false,
apps: add skipDnsSetup to install/restore/clone routes these are not used in the UI but added for completeness part of #737
2021-02-24 14:49:30 -08:00
skipDnsSetup = 'skipDnsSetup' in data ? data.skipDnsSetup : false,
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
appId = app.id;
implement clone
2016-06-17 17:12:55 -05:00
assert.strictEqual(typeof backupId, 'string');
assert.strictEqual(typeof location, 'string');
Make appFqdn() multidomain aware
2017-11-02 22:17:44 +01:00
assert.strictEqual(typeof domain, 'string');
implement clone
2016-06-17 17:12:55 -05:00
assert.strictEqual(typeof portBindings, 'object');
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
const locations = [{ subdomain: location, domain, type: 'primary' }];
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const domainObjectMap = await validateLocations(locations);
const backupInfo = await backups.get(backupId);
implement clone
2016-06-17 17:12:55 -05:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!backupInfo.manifest) throw new BoxError(BoxError.EXTERNAL_ERROR, 'Could not get restore config');
if (backupInfo.encryptionVersion === 1) throw new BoxError(BoxError.BAD_FIELD, 'This encrypted backup was created with an older Cloudron version and cannot be cloned');
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const manifest = backupInfo.manifest, appStoreId = app.appStoreId;
implement clone
2016-06-17 17:12:55 -05:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// re-validate because this new box version may not accept old configs
let error = checkManifestConstraints(manifest);
if (error) throw error;
implement clone
2016-06-17 17:12:55 -05:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
error = validatePortBindings(portBindings, manifest);
if (error) throw error;
Fixup configuration and validation of mailboxName
2018-12-12 12:55:35 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// should we copy the original app's mailbox settings instead?
hasMailAddon is really just sendmail
2021-10-01 09:37:33 -07:00
const mailboxName = manifest.addons?.sendmail ? mailboxNameForLocation(location, manifest) : null;
const mailboxDomain = manifest.addons?.sendmail ? domain : null;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const newAppId = uuid.v4();
const icons = await getIcons(app.id);
const obj = {
installationState: exports.ISTATE_PENDING_CLONE,
runState: exports.RSTATE_RUNNING,
memoryLimit: app.memoryLimit,
cpuShares: app.cpuShares,
accessRestriction: app.accessRestriction,
sso: !!app.sso,
mailboxName: mailboxName,
mailboxDomain: mailboxDomain,
enableBackup: app.enableBackup,
reverseProxyConfig: app.reverseProxyConfig,
env: app.env,
alternateDomains: [],
aliasDomains: [],
servicesConfig: app.servicesConfig,
label: app.label ? `${app.label}-clone` : '',
tags: app.tags,
enableAutomaticUpdate: app.enableAutomaticUpdate,
icon: icons.icon,
enableMailbox: app.enableMailbox
};
implement clone
2016-06-17 17:12:55 -05:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [addError] = await safe(add(newAppId, appStoreId, manifest, location, domain, translatePortBindings(portBindings, manifest), obj));
if (addError && addError.reason === BoxError.ALREADY_EXISTS) throw getDuplicateErrorDetails(addError.message, locations, domainObjectMap, portBindings);
if (addError) throw addError;
Rollback appdb record on clone and install if appstore purchase fails
2018-05-03 13:20:34 +02:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await purchaseApp({ appId: newAppId, appstoreId: app.appStoreId, manifestId: manifest.id || 'customapp' });
implement clone
2016-06-17 17:12:55 -05:00
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
const restoreConfig = { backupId, backupFormat: backupInfo.format };
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: { restoreConfig, overwriteDns, skipDnsSetup, oldManifest: null },
values: {},
requiredState: exports.ISTATE_PENDING_CLONE
};
const taskId = await addTask(newAppId, exports.ISTATE_PENDING_CLONE, task);
Fix crash in apps.clone
2018-01-11 10:59:30 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const newApp = _.extend({}, _.omit(obj, 'icon'), { appStoreId, manifest, location, domain, portBindings });
newApp.fqdn = dns.fqdn(newApp.location, domainObjectMap[newApp.domain]);
newApp.alternateDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
newApp.aliasDomains.forEach(function (ad) { ad.fqdn = dns.fqdn(ad.subdomain, domainObjectMap[ad.domain]); });
implement domain aliases
2021-01-18 17:26:26 -08:00
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
await eventlog.add(eventlog.ACTION_APP_CLONE, auditSource, { appId: newAppId, oldAppId: appId, backupId, oldApp: app, newApp, taskId });
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { id: newAppId, taskId };
implement clone
2016-06-17 17:12:55 -05:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function uninstall(app, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
add event log in model code
2016-05-01 21:37:08 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_UNINSTALL);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await appstore.unpurchaseApp(appId, { appstoreId: app.appStoreId, manifestId: app.manifest.id || 'customapp' });
Only unpurchase if the app has an appstoreId
2016-08-04 15:53:55 +02:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: {},
values: {},
requiredState: null // can run in any state, as long as no task is active
};
const taskId = await addTask(appId, exports.ISTATE_PENDING_UNINSTALL, task);
await eventlog.add(eventlog.ACTION_APP_UNINSTALL, auditSource, { appId, app, taskId });
add event log in model code
2016-05-01 21:37:08 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function start(app, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
eventlog: add start/stop/restart logs
2020-03-19 17:02:42 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_START);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { runState: exports.RSTATE_RUNNING }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_START, task);
await eventlog.add(eventlog.ACTION_APP_START, auditSource, { appId, app, taskId });
return { taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function stop(app, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
eventlog: add start/stop/restart logs
2020-03-19 17:02:42 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_STOP);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { runState: exports.RSTATE_STOPPED }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_STOP, task);
Fix installation states App operations can only be done in 'installed' or 'error' state. If some other operation is in progress, you have to cancel it first. This guarantees that the old app command got killed.
2019-08-29 09:10:39 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_STOP, auditSource, { appId, app, taskId });
eventlog: add start/stop/restart logs
2020-03-19 17:02:42 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function restart(app, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
eventlog: add start/stop/restart logs
2020-03-19 17:02:42 -07:00
assert.strictEqual(typeof auditSource, 'object');
Add restart route for atomicity
2019-12-20 10:29:29 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
let error = checkAppState(app, exports.ISTATE_PENDING_RESTART);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
Add restart route for atomicity
2019-12-20 10:29:29 -08:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: { runState: exports.RSTATE_RUNNING }
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_RESTART, task);
Add restart route for atomicity
2019-12-20 10:29:29 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await eventlog.add(eventlog.ACTION_APP_RESTART, auditSource, { appId, app, taskId });
eventlog: add start/stop/restart logs
2020-03-19 17:02:42 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
Add restart route for atomicity
2019-12-20 10:29:29 -08:00
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
function checkManifestConstraints(manifest) {
add assert
2016-06-13 18:02:57 -07:00
assert(manifest && typeof manifest === 'object');
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (manifest.manifestVersion > 2) return new BoxError(BoxError.BAD_FIELD, 'Manifest version must be <= 2');
Check manifest version when installing an app This should have been done for manifest v1 already. For now, apps will have to put in a minBoxVersion.
2019-06-03 14:02:45 -07:00
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (!manifest.dockerImage) return new BoxError(BoxError.BAD_FIELD, 'Missing dockerImage'); // dockerImage is optional in manifest
Check for dockerImage in manifest in install/update/restore routes
2015-08-19 11:08:45 -07:00
Use constants.version instead of config.version
2019-07-25 14:40:52 -07:00
if (semver.valid(manifest.maxBoxVersion) && semver.gt(constants.VERSION, manifest.maxBoxVersion)) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
return new BoxError(BoxError.BAD_FIELD, 'Box version exceeds Apps maxBoxVersion');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
Use constants.version instead of config.version
2019-07-25 14:40:52 -07:00
if (semver.valid(manifest.minBoxVersion) && semver.gt(manifest.minBoxVersion, constants.VERSION)) {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
return new BoxError(BoxError.BAD_FIELD, 'App version requires a new platform version');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
return null;
}
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
async function exec(app, options) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
assert(options && typeof options === 'object');
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
const cmd = options.cmd || [ '/bin/bash' ];
Use Array.isArray instead
2021-05-02 11:26:08 -07:00
assert(Array.isArray(cmd) && cmd.length > 0);
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
if (app.installationState !== exports.ISTATE_INSTALLED || app.runState !== exports.RSTATE_RUNNING) {
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
throw new BoxError(BoxError.BAD_STATE, 'App not installed or running');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
}
Handle 409 in container exec
2018-10-27 14:15:52 -07:00
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
const execOptions = {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
AttachStdin: true,
AttachStdout: true,
AttachStderr: true,
// A pseudo tty is a terminal which processes can detect (for example, disable colored output)
// Creating a pseudo terminal also assigns a terminal driver which detects control sequences
// When passing binary data, tty must be disabled. In addition, the stdout/stderr becomes a single
// unified stream because of the nature of a tty (see https://github.com/docker/docker/issues/19696)
Tty: options.tty,
Cmd: cmd
};
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
const startOptions = {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
Detach: false,
Tty: options.tty,
// hijacking upgrades the docker connection from http to tcp. because of this upgrade,
// we can work with half-close connections (not defined in http). this way, the client
// can properly signal that stdin is EOF by closing it's side of the socket. In http,
// the whole connection will be dropped when stdin get EOF.
// https://github.com/apocas/dockerode/commit/b4ae8a03707fad5de893f302e4972c1e758592fe
hijack: true,
stream: true,
stdin: true,
stdout: true,
stderr: true
};
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
const stream = await docker.execContainer(app.containerId, { execOptions, startOptions, rows: options.rows, columns: options.columns });
return stream;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
make canAutoupdateApp take updateInfo object part of #698
2020-06-05 16:06:35 -07:00
function canAutoupdateApp(app, updateInfo) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof updateInfo, 'object');
const manifest = updateInfo.manifest;
lint
2019-12-04 11:18:39 -08:00
if (!app.enableAutomaticUpdate) return false;
Apps without dockerImage cannot be auto-updated
2020-05-11 23:20:02 +02:00
// for invalid subscriptions the appstore does not return a dockerImage
make canAutoupdateApp take updateInfo object part of #698
2020-06-05 16:06:35 -07:00
if (!manifest.dockerImage) return false;
Apps without dockerImage cannot be auto-updated
2020-05-11 23:20:02 +02:00
do not automatically update unstable updates part of #698
2020-06-05 16:09:12 -07:00
if (updateInfo.unstable) return false; // only manual update allowed for unstable updates
make canAutoupdateApp take updateInfo object part of #698
2020-06-05 16:06:35 -07:00
if ((semver.major(app.manifest.version) !== 0) && (semver.major(app.manifest.version) !== semver.major(manifest.version))) return false; // major changes are blocking
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
stopped apps should not be updated or auto-updated
2019-12-16 13:20:56 -08:00
if (app.runState === exports.RSTATE_STOPPED) return false; // stopped apps won't run migration scripts and shouldn't be updated
make canAutoupdateApp take updateInfo object part of #698
2020-06-05 16:06:35 -07:00
const newTcpPorts = manifest.tcpPorts || { };
const newUdpPorts = manifest.udpPorts || { };
If an app cannot be updated automatically send notification mail
2019-05-06 16:31:57 +02:00
const portBindings = app.portBindings; // this is never null
Do not automatically update apps with a major version change (future) pre-1.0 packages can be considered 'experimental' Fixes #342
2017-07-27 13:35:07 -07:00
If an app cannot be updated automatically send notification mail
2019-05-06 16:31:57 +02:00
for (let portName in portBindings) {
Use BoxError instead of Error in all places This moves everything other than the addon code and some 'done' logic
2019-12-04 10:29:06 -08:00
if (!(portName in newTcpPorts) && !(portName in newUdpPorts)) return false; // portName was in use but new update removes it
If an app cannot be updated automatically send notification mail
2019-05-06 16:31:57 +02:00
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
If an app cannot be updated automatically send notification mail
2019-05-06 16:31:57 +02:00
// it's fine if one or more (unused) keys got removed
Use BoxError instead of Error in all places This moves everything other than the addon code and some 'done' logic
2019-12-04 10:29:06 -08:00
return true;
If an app cannot be updated automatically send notification mail
2019-05-06 16:31:57 +02:00
}
Fix app autoupdater logic The main issue was that app.portBindings is never null but { }
2015-09-10 11:39:03 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function autoupdateApps(updateInfo, auditSource) { // updateInfo is { appId -> { manifest } }
If an app cannot be updated automatically send notification mail
2019-05-06 16:31:57 +02:00
assert.strictEqual(typeof updateInfo, 'object');
assert.strictEqual(typeof auditSource, 'object');
Fix app autoupdater logic The main issue was that app.portBindings is never null but { }
2015-09-10 11:39:03 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
for (const appId of Object.keys(updateInfo)) {
const [getError, app] = await safe(get(appId));
if (getError) {
debug(`Cannot autoupdate app ${appId}: ${getError.message}`);
continue;
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (!canAutoupdateApp(app, updateInfo[appId])) {
debug(`app ${app.fqdn} requires manual update`);
continue;
}
pass data object to update
2016-06-04 19:06:16 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const data = {
manifest: updateInfo[appId].manifest,
force: false
};
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [updateError] = await safe(updateApp(app, data, auditSource));
if (updateError) debug(`Error initiating autoupdate of ${appId}. ${updateError.message}`);
}
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
async function backup(app, auditSource) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
assert.strictEqual(typeof auditSource, 'object');
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const appId = app.id;
Fixup repair route * Do not allow scheduling tasks in error state * Only repair is allowed in error state * Use the error object to track what to 'repair' (like the lastState) * If uninstall failed, repair will do uninstall * If move dir failed, repair will do move dir
2019-09-21 19:45:55 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
let error = checkAppState(app, exports.ISTATE_PENDING_BACKUP);
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (error) throw error;
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
const task = {
args: {},
values: {}
};
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const taskId = await addTask(appId, exports.ISTATE_PENDING_BACKUP, task);
apps: add backup start and finish events these can then be used by the UI to show errors fixes #797
2021-09-30 10:45:25 -07:00
await eventlog.add(eventlog.ACTION_APP_BACKUP, auditSource, { app, appId, taskId });
Send taskId in the response
2019-08-27 20:55:49 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
return { taskId };
app.portBindings and newManifest.tcpPorts may be null
2015-07-20 00:09:47 -07:00
}
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
async function listBackups(app, page, perPage) {
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
assert.strictEqual(typeof app, 'object');
list app backups from db
2016-03-08 08:57:28 -08:00
assert(typeof page === 'number' && page > 0);
assert(typeof perPage === 'number' && perPage > 0);
Add apps.listBackups()
2016-01-19 13:35:18 +01:00
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
return await backups.getByIdentifierAndStatePaged(app.id, backups.BACKUP_STATE_NORMAL, page, perPage);
Add apps.listBackups()
2016-01-19 13:35:18 +01:00
}
Add helpers to restore/reconfigure all apps
2016-05-24 10:33:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function restoreInstalledApps(options) {
add missing arg
2021-02-24 16:29:43 -08:00
assert.strictEqual(typeof options, 'object');
Add helpers to restore/reconfigure all apps
2016-05-24 10:33:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
let apps = await list();
apps = apps.filter(app => app.installationState !== exports.ISTATE_ERROR); // remove errored apps. let them be 'repaired' by hand
apps = apps.filter(app => app.installationState !== exports.ISTATE_PENDING_RESTORE); // safeguard against tasks being created non-stop if we crash on startup
for (const app of apps) {
const [error, results] = await safe(backups.getByIdentifierAndStatePaged(app.id, backups.BACKUP_STATE_NORMAL, 1, 1));
let installationState, restoreConfig, oldManifest;
if (!error && results.length) {
installationState = exports.ISTATE_PENDING_RESTORE;
restoreConfig = { backupId: results[0].id, backupFormat: results[0].format };
oldManifest = app.manifest;
} else {
installationState = exports.ISTATE_PENDING_INSTALL;
restoreConfig = null;
oldManifest = null;
merge backupdb into backups.js
2021-07-14 11:07:19 -07:00
}
Fix restore
2017-11-17 22:29:13 -08:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: { restoreConfig, skipDnsSetup: options.skipDnsSetup, overwriteDns: true, oldManifest },
values: {},
scheduleNow: false, // task will be scheduled by autoRestartTasks when platform is ready
requireNullTaskId: false // ignore existing stale taskId
};
Add helpers to restore/reconfigure all apps
2016-05-24 10:33:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
debug(`restoreInstalledApps: marking ${app.fqdn} for restore using restore config ${JSON.stringify(restoreConfig)}`);
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [addTaskError, taskId] = await safe(addTask(app.id, installationState, task));
if (addTaskError) debug(`restoreInstalledApps: error marking ${app.fqdn} for restore: ${JSON.stringify(addTaskError)}`);
else debug(`restoreInstalledApps: marked ${app.id} for restore with taskId ${taskId}`);
}
}
Add helpers to restore/reconfigure all apps
2016-05-24 10:33:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function configureInstalledApps() {
let apps = await list();
apps = apps.filter(app => app.installationState !== exports.ISTATE_ERROR); // remove errored apps. let them be 'repaired' by hand
apps = apps.filter(app => app.installationState !== exports.ISTATE_PENDING_CONFIGURE); // safeguard against tasks being created non-stop if we crash on startup
Add helpers to restore/reconfigure all apps
2016-05-24 10:33:10 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
for (const app of apps) {
debug(`configureInstalledApps: marking ${app.fqdn} for reconfigure`);
configure/restoreInstalledApps must always succeed
2016-06-16 06:38:47 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: {},
values: {},
scheduleNow: false, // task will be scheduled by autoRestartTasks when platform is ready
requireNullTaskId: false // ignore existing stale taskId
};
Fix platform update logic
2019-09-24 20:29:01 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [addTaskError, taskId] = await safe(addTask(app.id, exports.ISTATE_PENDING_CONFIGURE, task));
if (addTaskError) debug(`configureInstalledApps: error marking ${app.fqdn} for configure: ${JSON.stringify(addTaskError)}`);
else debug(`configureInstalledApps: marked ${app.id} for re-configure with taskId ${taskId}`);
}
Add helpers to restore/reconfigure all apps
2016-05-24 10:33:10 -07:00
}
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function restartAppsUsingAddons(changedAddons) {
restart apps on addon container change when the IP changes on addon container re-create, the apps don't detect this (maybe there is some large DNS cache timeout in docker)
2020-05-22 16:43:16 -07:00
assert(Array.isArray(changedAddons));
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
let apps = await list();
apps = apps.filter(app => app.manifest.addons && _.intersection(Object.keys(app.manifest.addons), changedAddons).length !== 0);
apps = apps.filter(app => app.installationState !== exports.ISTATE_ERROR); // remove errored apps. let them be 'repaired' by hand
apps = apps.filter(app => app.installationState !== exports.ISTATE_PENDING_RESTART); // safeguard against tasks being created non-stop restart if we crash on startup
apps = apps.filter(app => app.runState !== exports.RSTATE_STOPPED); // don't start stopped apps
restart apps on addon container change when the IP changes on addon container re-create, the apps don't detect this (maybe there is some large DNS cache timeout in docker)
2020-05-22 16:43:16 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
for (const app of apps) {
debug(`restartAppsUsingAddons: marking ${app.fqdn} for restart`);
restart apps on addon container change when the IP changes on addon container re-create, the apps don't detect this (maybe there is some large DNS cache timeout in docker)
2020-05-22 16:43:16 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const task = {
args: {},
values: { runState: exports.RSTATE_RUNNING }
};
stop apps before updating the databases because postgres will "lock" them preventing import
2020-08-31 17:53:29 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
// stop apps before updating the databases because postgres will "lock" them preventing import
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
const [stopError] = await safe(docker.stopContainers(app.id));
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
if (stopError) debug(`restartAppsUsingAddons: error stopping ${app.fqdn}`, stopError);
stop apps before updating the databases because postgres will "lock" them preventing import
2020-08-31 17:53:29 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [addTaskError, taskId] = await safe(addTask(app.id, exports.ISTATE_PENDING_RESTART, task));
if (addTaskError) debug(`restartAppsUsingAddons: error marking ${app.fqdn} for restart: ${JSON.stringify(addTaskError)}`);
else debug(`restartAppsUsingAddons: marked ${app.id} for restart with taskId ${taskId}`);
}
restart apps on addon container change when the IP changes on addon container re-create, the apps don't detect this (maybe there is some large DNS cache timeout in docker)
2020-05-22 16:43:16 -07:00
}
Fix platform update logic
2019-09-24 20:29:01 -07:00
// auto-restart app tasks after a crash
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function schedulePendingTasks() {
Fix platform update logic
2019-09-24 20:29:01 -07:00
debug('schedulePendingTasks: scheduling app tasks');
stash the taskId instead of args
2019-09-24 10:28:50 -07:00
docker.js and services.js: async'ify
2021-08-25 19:41:46 -07:00
const result = await list();
stash the taskId instead of args
2019-09-24 10:28:50 -07:00
more async'ification
2021-09-07 09:57:49 -07:00
for (const app of result) {
if (!app.taskId) continue; // if not in any pending state, do nothing
stash the taskId instead of args
2019-09-24 10:28:50 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
debug(`schedulePendingTasks: schedule task for ${app.fqdn} ${app.id}: state=${app.installationState},taskId=${app.taskId}`);
stash the taskId instead of args
2019-09-24 10:28:50 -07:00
apps: onFinished handler not called across restarts if box code restarts in the middle of a apptask, the onFinished handlers are not called for data migration and update. rework the code to hook the onFinished handlers when the task completes and not where the task is started.
2021-09-30 10:31:50 -07:00
await safe(scheduleTask(app.id, app.installationState, app.taskId), { debug }); // ignore error
more async'ification
2021-09-07 09:57:49 -07:00
}
stash the taskId instead of args
2019-09-24 10:28:50 -07:00
}
operator: add route to get app event log we cannot go via /cloudron/eventlog since that requires admin
2021-09-21 19:45:29 -07:00
async function listEventlog(app, page, perPage) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof page, 'number');
assert.strictEqual(typeof perPage, 'number');
const actions = [];
const search = app.id;
return await eventlog.listPaged(actions, search, page, perPage);
}
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
function downloadFile(app, filePath, callback) {
assert.strictEqual(typeof app, 'object');
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
assert.strictEqual(typeof filePath, 'string');
assert.strictEqual(typeof callback, 'function');
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
exec(app, { cmd: [ 'stat', '--printf=%F-%s', filePath ], tty: true }, function (error, stream) {
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
if (error) return callback(error);
Deliver content-length and file not found errors for file downloads
2017-08-19 10:48:12 +02:00
var data = '';
stream.setEncoding('utf8');
stream.on('data', function (d) { data += d; });
stream.on('end', function () {
var parts = data.split('-');
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (parts.length !== 2) return callback(new BoxError(BoxError.NOT_FOUND, 'file does not exist'));
Deliver content-length and file not found errors for file downloads
2017-08-19 10:48:12 +02:00
Allow dirs to downloaded as tarballs
2017-08-20 18:44:26 -07:00
var type = parts[0], filename, cmd, size;
if (type === 'regular file') {
cmd = [ 'cat', filePath ];
size = parseInt(parts[1], 10);
filename = path.basename(filePath);
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
if (isNaN(size)) return callback(new BoxError(BoxError.NOT_FOUND, 'file does not exist'));
Allow dirs to downloaded as tarballs
2017-08-20 18:44:26 -07:00
} else if (type === 'directory') {
cmd = ['tar', 'zcf', '-', '-C', filePath, '.'];
filename = path.basename(filePath) + '.tar.gz';
size = 0; // unknown
} else {
Move AppsError to BoxError
2019-10-24 10:39:47 -07:00
return callback(new BoxError(BoxError.NOT_FOUND, 'only files or dirs can be downloaded'));
Allow dirs to downloaded as tarballs
2017-08-20 18:44:26 -07:00
}
Deliver content-length and file not found errors for file downloads
2017-08-19 10:48:12 +02:00
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
exec(app, { cmd: cmd , tty: false }, function (error, stream) {
Deliver content-length and file not found errors for file downloads
2017-08-19 10:48:12 +02:00
if (error) return callback(error);
Only send the stdout stream
2017-08-20 23:39:49 -07:00
var stdoutStream = new TransformStream({
transform: function (chunk, ignoredEncoding, callback) {
this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;
linter likes this better
2019-06-11 12:32:15 -07:00
for (;;) {
Only send the stdout stream
2017-08-20 23:39:49 -07:00
if (this._buffer.length < 8) break; // header is 8 bytes
var type = this._buffer.readUInt8(0);
var len = this._buffer.readUInt32BE(4);
if (this._buffer.length < (8 + len)) break; // not enough
var payload = this._buffer.slice(8, 8 + len);
this._buffer = this._buffer.slice(8+len); // consumed
if (type === 1) this.push(payload);
}
callback();
}
});
stream.pipe(stdoutStream);
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
callback(null, stdoutStream, { filename: filename, size: size });
Deliver content-length and file not found errors for file downloads
2017-08-19 10:48:12 +02:00
});
});
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
});
}
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
function uploadFile(app, sourceFilePath, destFilePath, callback) {
assert.strictEqual(typeof app, 'object');
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
assert.strictEqual(typeof sourceFilePath, 'string');
assert.strictEqual(typeof destFilePath, 'string');
assert.strictEqual(typeof callback, 'function');
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
const done = once(function (error) {
safe.fs.unlinkSync(sourceFilePath); // remove file in /tmp
Fix crash when uploading file
2019-12-09 15:02:51 -08:00
if (error) return callback(new BoxError(BoxError.FS_ERROR, error.message)); // blame it on filesystem for now
callback(null);
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
});
Properly escape the filename when uploading files tested with filename: Fancy - +!"#$&'\''()*+,:;=?@ - Filename (in the e2e repo)
2019-03-04 11:54:48 -08:00
// the built-in bash printf understands "%q" but not /usr/bin/printf.
// ' gets replaced with '\'' . the first closes the quote and last one starts a new one
const escapedDestFilePath = safe.child_process.execSync(`printf %q '${destFilePath.replace(/'/g, '\'\\\'\'')}'`, { shell: '/bin/bash', encoding: 'utf8' });
debug(`uploadFile: ${sourceFilePath} -> ${escapedDestFilePath}`);
use resource pattern in apps routes this makes it easy to implement access control in route handlers
2020-03-29 17:11:10 -07:00
exec(app, { cmd: [ 'bash', '-c', `cat - > ${escapedDestFilePath}` ], tty: false }, function (error, stream) {
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
if (error) return done(error);
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
var readFile = fs.createReadStream(sourceFilePath);
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
readFile.on('error', done);
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
stream.on('error', done);
stream.on('finish', done);
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
cleanup temporary file after upload also, wait for finish event for the http response. this should be quick because the file has already been upload and we just have to copy it to the container
2019-03-04 12:28:27 -08:00
readFile.pipe(stream);
Add upload and download for the webterminal
2017-08-18 20:45:52 -07:00
});
}
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function backupConfig(app) {
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
assert.strictEqual(typeof app, 'object');
if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(app))) {
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
throw new BoxError(BoxError.FS_ERROR, 'Error creating config.json: ' + safe.error.message);
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
}
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
const [error, icons] = await safe(getIcons(app.id));
if (!error && icons.icon) safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/icon.png'), icons.icon);
clone: save app config clone also clones the tags, labels and icon. this is not done for restore or import since it's not clear if this is a good idea or not. for example, if user had some custom tags and label set and then restores to some old backup, is it expected to reset the labels and tags?
2021-05-25 21:31:48 -07:00
}
app import: restore icon, tag, label, proxy configs etc
2021-05-26 09:48:34 -07:00
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
async function restoreConfig(app) {
app import: restore icon, tag, label, proxy configs etc
2021-05-26 09:48:34 -07:00
assert.strictEqual(typeof app, 'object');
const appConfig = safe.JSON.parse(safe.fs.readFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json')));
let data = {};
if (appConfig) {
data = _.pick(appConfig, 'memoryLimit', 'cpuShares', 'enableBackup', 'reverseProxyConfig', 'env', 'servicesConfig', 'label', 'tags', 'enableAutomaticUpdate');
}
const icon = safe.fs.readFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/icon.png'));
if (icon) data.icon = icon;
merge appdb.js into apps.js
2021-08-20 09:19:44 -07:00
await update(app.id, data);
app import: restore icon, tag, label, proxy configs etc
2021-05-26 09:48:34 -07:00
}
Reference in New Issue Copy Permalink