src/volumes.js

'use strict';

exports = module.exports = {
    add,
    get,
    del,
    list,
    getStatus,
    removePrivateFields
};

const assert = require('assert'),
    BoxError = require('./boxerror.js'),
    collectd = require('./collectd.js'),
    constants = require('./constants.js'),
    database = require('./database.js'),
    debug = require('debug')('box:volumes'),
    ejs = require('ejs'),
    eventlog = require('./eventlog.js'),
    fs = require('fs'),
    mounts = require('./mounts.js'),
    path = require('path'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    services = require('./services.js'),
    uuid = require('uuid');

const VOLUMES_FIELDS = [ 'id', 'name', 'hostPath', 'creationTime', 'mountType', 'mountOptionsJson' ].join(',');

const COLLECTD_CONFIG_EJS = fs.readFileSync(__dirname + '/collectd/volume.ejs', { encoding: 'utf8' });

function postProcess(result) {
    assert.strictEqual(typeof result, 'object');

    result.mountOptions = safe.JSON.parse(result.mountOptionsJson) || {};
    delete result.mountOptionsJson;

    return result;
}

function validateName(name) {
    assert.strictEqual(typeof name, 'string');

    if (!/^[-\w^&'@{}[\],$=!#().%+~ ]+$/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'Invalid name');

    return null;
}

function validateHostPath(hostPath, mountType) {
    assert.strictEqual(typeof hostPath, 'string');
    assert.strictEqual(typeof mountType, 'string');

    if (path.normalize(hostPath) !== hostPath) return new BoxError(BoxError.BAD_FIELD, 'hostPath must contain a normalized path', { field: 'hostPath' });
    if (!path.isAbsolute(hostPath)) return new BoxError(BoxError.BAD_FIELD, 'backupFolder must be an absolute path', { field: 'hostPath' });

    if (hostPath === '/') return new BoxError(BoxError.BAD_FIELD, 'hostPath cannot be /', { field: 'hostPath' });

    if (!hostPath.endsWith('/')) hostPath = hostPath + '/'; // ensure trailing slash for the prefix matching to work
    const allowedPaths = [ '/mnt/', '/media/', '/srv/', '/opt/' ];

    if (!allowedPaths.some(p => hostPath.startsWith(p))) return new BoxError(BoxError.BAD_FIELD, 'hostPath must be under /mnt, /media, /opt or /srv', { field: 'hostPath' });

    if (!constants.TEST) { // we expect user to have already mounted this
        const stat = safe.fs.lstatSync(hostPath);
        if (!stat) return new BoxError(BoxError.BAD_FIELD, 'mount point does not exist. Please create it on the server first', { field: 'hostPath' });
        if (!stat.isDirectory()) return new BoxError(BoxError.BAD_FIELD, 'mount point is not a directory', { field: 'hostPath' });
    }

    return null;
}

async function add(volume, auditSource) {
    assert.strictEqual(typeof volume, 'object');
    assert.strictEqual(typeof auditSource, 'object');

    const {name, mountType, mountOptions} = volume;

    let error = validateName(name);
    if (error) throw error;

    error = mounts.validateMountOptions(mountType, mountOptions);
    if (error) throw error;

    const id = uuid.v4().replace(/-/g, ''); // to make systemd mount file names more readable

    if (mountType === 'mountpoint' || mountType === 'filesystem') {
        error = validateHostPath(volume.hostPath, mountType);
        if (error) throw error;
    } else {
        volume.hostPath = path.join(paths.VOLUMES_MOUNT_DIR, id);
        await mounts.tryAddMount(volume, { timeout: 10 }); // 10 seconds
    }

    [error] = await safe(database.query('INSERT INTO volumes (id, name, hostPath, mountType, mountOptionsJson) VALUES (?, ?, ?, ?, ?)', [ id, name, volume.hostPath, mountType, JSON.stringify(mountOptions) ]));
    if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('name') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'name already exists');
    if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('hostPath') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'hostPath already exists');
    if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('PRIMARY') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'id already exists');
    if (error) throw error;

    eventlog.add(eventlog.ACTION_VOLUME_ADD, auditSource, { id, name, hostPath: volume.hostPath });
    // in theory, we only need to do this mountpoint volumes. but for some reason a restart is required to detect new "mounts"
    safe(services.rebuildService('sftp'), { debug });

    const collectdConf = ejs.render(COLLECTD_CONFIG_EJS, { volumeId: id, hostPath: volume.hostPath });
    await collectd.addProfile(id, collectdConf);

    return id;
}

async function getStatus(volume) {
    assert.strictEqual(typeof volume, 'object');

    return await mounts.getStatus(volume.mountType, volume.hostPath); // { state, message }
}

function removePrivateFields(volume) {
    const newVolume = Object.assign({}, volume);

    if (newVolume.mountType === 'sshfs') {
        newVolume.mountOptions.privateKey = constants.SECRET_PLACEHOLDER;
    } else if (newVolume.mountType === 'cifs') {
        newVolume.mountOptions.password = constants.SECRET_PLACEHOLDER;
    }

    return newVolume;
}

async function get(id) {
    assert.strictEqual(typeof id, 'string');

    const result = await database.query(`SELECT ${VOLUMES_FIELDS} FROM volumes WHERE id=?`, [ id ]);
    if (result.length === 0) return null;

    return postProcess(result[0]);
}

async function list() {
    const results = await database.query(`SELECT ${VOLUMES_FIELDS} FROM volumes ORDER BY name`);
    results.forEach(postProcess);
    return results;
}

async function del(volume, auditSource) {
    assert.strictEqual(typeof volume, 'object');
    assert.strictEqual(typeof auditSource, 'object');

    const [error, result] = await safe(database.query('DELETE FROM volumes WHERE id=?', [ volume.id ]));
    if (error && error.code === 'ER_ROW_IS_REFERENCED_2') throw new BoxError(BoxError.CONFLICT, 'Volume is in use');
    if (error) throw error;
    if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Volume not found');

    eventlog.add(eventlog.ACTION_VOLUME_REMOVE, auditSource, { volume });

    if (volume.mountType === 'mountpoint' || volume.mountType === 'filesystem') {
        safe(services.rebuildService('sftp'), { debug });
    } else {
        await safe(mounts.removeMount(volume));
    }

    await collectd.removeProfile(volume.id);
}
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`'use strict';`

			`exports = module.exports = {`
			`add,`
			`get,`
			`del,`
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`list,`
volume: get status 2021-05-13 15:33:16 -07:00			`getStatus,`
volume: remove private fields 2021-06-21 16:35:08 -07:00			`removePrivateFields`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`};`

			`const assert = require('assert'),`
			`BoxError = require('./boxerror.js'),`
volumes: collect du data part of #756 2021-01-04 11:05:42 -08:00			`collectd = require('./collectd.js'),`
fix volume test 2021-05-17 16:23:24 -07:00			`constants = require('./constants.js'),`
volumes: async'ify 2021-05-11 17:50:48 -07:00			`database = require('./database.js'),`
Use debug instead of console.error 2020-10-30 11:07:24 -07:00			`debug = require('debug')('box:volumes'),`
volumes: collect du data part of #756 2021-01-04 11:05:42 -08:00			`ejs = require('ejs'),`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`eventlog = require('./eventlog.js'),`
volumes: collect du data part of #756 2021-01-04 11:05:42 -08:00			`fs = require('fs'),`
backups: add mounting config 2021-05-14 15:07:29 -07:00			`mounts = require('./mounts.js'),`
volumes: better hostPath validation 2020-12-03 23:05:06 -08:00			`path = require('path'),`
volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`paths = require('./paths.js'),`
volume: hostPath must exist on server 2020-12-03 23:13:20 -08:00			`safe = require('safetydance'),`
Fixes to service configuration restart service does not rebuild automatically, we should add a route for that. we need to figure where to scale services etc if we randomly create containers like that. 2021-01-21 12:53:38 -08:00			`services = require('./services.js'),`
volumes: async'ify 2021-05-11 17:50:48 -07:00			`uuid = require('uuid');`

volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`const VOLUMES_FIELDS = [ 'id', 'name', 'hostPath', 'creationTime', 'mountType', 'mountOptionsJson' ].join(',');`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volumes: collect du data part of #756 2021-01-04 11:05:42 -08:00			`const COLLECTD_CONFIG_EJS = fs.readFileSync(__dirname + '/collectd/volume.ejs', { encoding: 'utf8' });`

volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`function postProcess(result) {`
			`assert.strictEqual(typeof result, 'object');`

			`result.mountOptions = safe.JSON.parse(result.mountOptionsJson) \|\| {};`
			`delete result.mountOptionsJson;`

			`return result;`
			`}`

Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`function validateName(name) {`
			`assert.strictEqual(typeof name, 'string');`

			`if (!/^[-\w^&'@{}[\],$=!#().%+~ ]+$/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'Invalid name');`

			`return null;`
			`}`

volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`function validateHostPath(hostPath, mountType) {`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`assert.strictEqual(typeof hostPath, 'string');`
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`assert.strictEqual(typeof mountType, 'string');`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volumes: better hostPath validation 2020-12-03 23:05:06 -08:00			`if (path.normalize(hostPath) !== hostPath) return new BoxError(BoxError.BAD_FIELD, 'hostPath must contain a normalized path', { field: 'hostPath' });`
			`if (!path.isAbsolute(hostPath)) return new BoxError(BoxError.BAD_FIELD, 'backupFolder must be an absolute path', { field: 'hostPath' });`

			`if (hostPath === '/') return new BoxError(BoxError.BAD_FIELD, 'hostPath cannot be /', { field: 'hostPath' });`

			`if (!hostPath.endsWith('/')) hostPath = hostPath + '/'; // ensure trailing slash for the prefix matching to work`
			`const allowedPaths = [ '/mnt/', '/media/', '/srv/', '/opt/' ];`

			`if (!allowedPaths.some(p => hostPath.startsWith(p))) return new BoxError(BoxError.BAD_FIELD, 'hostPath must be under /mnt, /media, /opt or /srv', { field: 'hostPath' });`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volume: add filesystem type for shared folders rename noop to mountpoint 2021-06-24 23:01:18 -07:00			`if (!constants.TEST) { // we expect user to have already mounted this`
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`const stat = safe.fs.lstatSync(hostPath);`
volumes: hostPath -> mount point 2021-06-18 23:31:11 -07:00			`if (!stat) return new BoxError(BoxError.BAD_FIELD, 'mount point does not exist. Please create it on the server first', { field: 'hostPath' });`
			`if (!stat.isDirectory()) return new BoxError(BoxError.BAD_FIELD, 'mount point is not a directory', { field: 'hostPath' });`
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`}`
volume: hostPath must exist on server 2020-12-03 23:13:20 -08:00
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`return null;`
			`}`

volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`async function add(volume, auditSource) {`
			`assert.strictEqual(typeof volume, 'object');`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`assert.strictEqual(typeof auditSource, 'object');`

volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`const {name, mountType, mountOptions} = volume;`
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`let error = validateName(name);`
volumes: async'ify 2021-05-11 17:50:48 -07:00			`if (error) throw error;`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
backups: add mounting config 2021-05-14 15:07:29 -07:00			`error = mounts.validateMountOptions(mountType, mountOptions);`
volumes: async'ify 2021-05-11 17:50:48 -07:00			`if (error) throw error;`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`const id = uuid.v4().replace(/-/g, ''); // to make systemd mount file names more readable`

volume: add filesystem type for shared folders rename noop to mountpoint 2021-06-24 23:01:18 -07:00			`if (mountType === 'mountpoint' \|\| mountType === 'filesystem') {`
volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`error = validateHostPath(volume.hostPath, mountType);`
			`if (error) throw error;`
			`} else {`
			`volume.hostPath = path.join(paths.VOLUMES_MOUNT_DIR, id);`
volume: add filesystem type for shared folders rename noop to mountpoint 2021-06-24 23:01:18 -07:00			`await mounts.tryAddMount(volume, { timeout: 10 }); // 10 seconds`
volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`}`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
Use safe instead of try/catch 2021-09-01 15:29:35 -07:00			`[error] = await safe(database.query('INSERT INTO volumes (id, name, hostPath, mountType, mountOptionsJson) VALUES (?, ?, ?, ?, ?)', [ id, name, volume.hostPath, mountType, JSON.stringify(mountOptions) ]));`
			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('name') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'name already exists');`
			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('hostPath') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'hostPath already exists');`
			`if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('PRIMARY') !== -1) throw new BoxError(BoxError.ALREADY_EXISTS, 'id already exists');`
			`if (error) throw error;`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`eventlog.add(eventlog.ACTION_VOLUME_ADD, auditSource, { id, name, hostPath: volume.hostPath });`
volume: add filesystem type for shared folders rename noop to mountpoint 2021-06-24 23:01:18 -07:00			`// in theory, we only need to do this mountpoint volumes. but for some reason a restart is required to detect new "mounts"`
get rid of all the NOOP_CALLBACKs 2021-09-17 09:22:46 -07:00			`safe(services.rebuildService('sftp'), { debug });`
volumes: collect du data part of #756 2021-01-04 11:05:42 -08:00
volumes: set hostPath based on volume id this is required for the file browser to work which does operations based on the id fixes #789 2021-06-24 16:59:47 -07:00			`const collectdConf = ejs.render(COLLECTD_CONFIG_EJS, { volumeId: id, hostPath: volume.hostPath });`
merge settingsdb into settings code 2021-08-19 13:24:38 -07:00			`await collectd.addProfile(id, collectdConf);`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volumes: async'ify 2021-05-11 17:50:48 -07:00			`return id;`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`}`

volumes: wait for mount during add/update this is a better feedback mechanism for the user 2021-05-19 09:50:50 -07:00			`async function getStatus(volume) {`
			`assert.strictEqual(typeof volume, 'object');`

			`return await mounts.getStatus(volume.mountType, volume.hostPath); // { state, message }`
			`}`

volume: remove private fields 2021-06-21 16:35:08 -07:00			`function removePrivateFields(volume) {`
			`const newVolume = Object.assign({}, volume);`

			`if (newVolume.mountType === 'sshfs') {`
			`newVolume.mountOptions.privateKey = constants.SECRET_PLACEHOLDER;`
			`} else if (newVolume.mountType === 'cifs') {`
			`newVolume.mountOptions.password = constants.SECRET_PLACEHOLDER;`
			`}`

			`return newVolume;`
			`}`

volumes: async'ify 2021-05-11 17:50:48 -07:00			`async function get(id) {`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`assert.strictEqual(typeof id, 'string');`

volumes: async'ify 2021-05-11 17:50:48 -07:00			const result = await database.query(`SELECT ${VOLUMES_FIELDS} FROM volumes WHERE id=?`, [ id ]);
			`if (result.length === 0) return null;`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			`return postProcess(result[0]);`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`}`

volumes: async'ify 2021-05-11 17:50:48 -07:00			`async function list() {`
volumes: generate systemd mount files based on mount type 2021-05-12 18:00:43 -07:00			const results = await database.query(`SELECT ${VOLUMES_FIELDS} FROM volumes ORDER BY name`);
			`results.forEach(postProcess);`
			`return results;`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`}`

volumes: async'ify 2021-05-11 17:50:48 -07:00			`async function del(volume, auditSource) {`
volume: use the load pattern this way we can stash info in the eventlog 2020-10-28 15:51:43 -07:00			`assert.strictEqual(typeof volume, 'object');`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`assert.strictEqual(typeof auditSource, 'object');`

merge settingsdb into settings code 2021-08-19 13:24:38 -07:00			`const [error, result] = await safe(database.query('DELETE FROM volumes WHERE id=?', [ volume.id ]));`
			`if (error && error.code === 'ER_ROW_IS_REFERENCED_2') throw new BoxError(BoxError.CONFLICT, 'Volume is in use');`
			`if (error) throw error;`
			`if (result.affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Volume not found');`
volumes: async'ify 2021-05-11 17:50:48 -07:00
			`eventlog.add(eventlog.ACTION_VOLUME_REMOVE, auditSource, { volume });`
sftp: rework appdata and volume mounting logic this tries to solve two issues: * the current approach mounts the data directories of apps/volumes individually. this causes a problem with volume mounts that mount after the container is started i.e not network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires unbound to be running but unbound can only start after docker because it wants to bind to the docker network. one way to fix is to not start sftp automatically and only start sftp container in the box code. This results in the sftp container attaching itself of the directory before mounting and it appears empty. (on the host, the directory will appear to have mount data!) * every time apptask runs we keep rebuilding this sftp container. this results in much race. the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely on binding to the mount point itself. the child directories can mount in leisure. this limits the race issue to only no-op volume mounts. part of #789 2021-06-24 16:19:30 -07:00
volume: add filesystem type for shared folders rename noop to mountpoint 2021-06-24 23:01:18 -07:00			`if (volume.mountType === 'mountpoint' \|\| volume.mountType === 'filesystem') {`
get rid of all the NOOP_CALLBACKs 2021-09-17 09:22:46 -07:00			`safe(services.rebuildService('sftp'), { debug });`
sftp: rework appdata and volume mounting logic this tries to solve two issues: * the current approach mounts the data directories of apps/volumes individually. this causes a problem with volume mounts that mount after the container is started i.e not network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires unbound to be running but unbound can only start after docker because it wants to bind to the docker network. one way to fix is to not start sftp automatically and only start sftp container in the box code. This results in the sftp container attaching itself of the directory before mounting and it appears empty. (on the host, the directory will appear to have mount data!) * every time apptask runs we keep rebuilding this sftp container. this results in much race. the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely on binding to the mount point itself. the child directories can mount in leisure. this limits the race issue to only no-op volume mounts. part of #789 2021-06-24 16:19:30 -07:00			`} else {`
			`await safe(mounts.removeMount(volume));`
			`}`

merge settingsdb into settings code 2021-08-19 13:24:38 -07:00			`await collectd.removeProfile(volume.id);`
Add volume management the volumes table can later have backup flag, mount options etc 2020-10-27 22:39:05 -07:00			`}`