src/routes/cloudron.js

'use strict';

exports = module.exports = {
    activate: activate,
    setupTokenAuth: setupTokenAuth,
    getStatus: getStatus,
    reboot: reboot,
    getProgress: getProgress,
    getConfig: getConfig,
    update: update,
    feedback: feedback
};

var assert = require('assert'),
    cloudron = require('../cloudron.js'),
    CloudronError = cloudron.CloudronError,
    config = require('../config.js'),
    debug = require('debug')('box:routes/cloudron'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    progress = require('../progress.js'),
    mailer = require('../mailer.js'),
    superagent = require('superagent');

function auditSource(req) {
    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
    return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };
}

/**
 * Creating an admin user and activate the cloudron.
 *
 * @apiParam {string} username The administrator's user name
 * @apiParam {string} password The administrator's password
 * @apiParam {string} email The administrator's email address
 *
 * @apiSuccess (Created 201) {string} token A valid access token
 */
function activate(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');
    assert.strictEqual(typeof req.query.setupToken, 'string');

    if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));
    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));
    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    var username = req.body.username;
    var password = req.body.password;
    var email = req.body.email;
    var displayName = req.body.displayName || '';

    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
    debug('activate: username:%s ip:%s', username, ip);

    cloudron.activate(username, password, email, displayName, ip, auditSource(req), function (error, info) {
        if (error && error.reason === CloudronError.ALREADY_PROVISIONED) return next(new HttpError(409, 'Already setup'));
        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error) return next(new HttpError(500, error));

        // only in caas case do we have to notify the api server about activation
        if (config.provider() !== 'caas') return next(new HttpSuccess(201, info));

        // Now let the api server know we got activated
        superagent.post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/done').query({ setupToken: req.query.setupToken }).end(function (error, result) {
            if (error && !error.response) return next(new HttpError(500, error));
            if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
            if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
            if (result.statusCode !== 201) return next(new HttpError(500, result.text || 'Internal error'));

            next(new HttpSuccess(201, info));
        });
    });
}

function setupTokenAuth(req, res, next) {
    assert.strictEqual(typeof req.query, 'object');

    // skip setupToken auth for non caas case
    if (config.provider() !== 'caas') return next();

    if (typeof req.query.setupToken !== 'string') return next(new HttpError(400, 'no setupToken provided'));

    superagent.get(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/verify').query({ setupToken:req.query.setupToken }).end(function (error, result) {
        if (error && !error.response) return next(new HttpError(500, error));
        if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));
        if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));
        if (result.statusCode !== 200) return next(new HttpError(500, result.text || 'Internal error'));

        next();
    });
}

function getStatus(req, res, next) {
    cloudron.getStatus(function (error, status) {
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(200, status));
    });
}

function getProgress(req, res, next) {
    return next(new HttpSuccess(200, progress.get()));
}

function reboot(req, res, next) {
    // Finish the request, to let the appstore know we triggered the restore it
    next(new HttpSuccess(202, {}));

    cloudron.reboot();
}

function getConfig(req, res, next) {
    cloudron.getConfig(function (error, cloudronConfig) {
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(200, cloudronConfig));
    });
}

function update(req, res, next) {
    // this only initiates the update, progress can be checked via the progress route
    cloudron.updateToLatest(auditSource(req), function (error) {
        if (error && error.reason === CloudronError.ALREADY_UPTODATE) return next(new HttpError(422, error.message));
        if (error && error.reason === CloudronError.BAD_STATE) return next(new HttpError(409, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, {}));
    });
}

function feedback(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

    if (req.body.type !== mailer.FEEDBACK_TYPE_FEEDBACK &&
        req.body.type !== mailer.FEEDBACK_TYPE_TICKET &&
        req.body.type !== mailer.FEEDBACK_TYPE_APP_MISSING &&
        req.body.type !== mailer.FEEDBACK_TYPE_UPGRADE_REQUEST &&
        req.body.type !== mailer.FEEDBACK_TYPE_APP_ERROR) return next(new HttpError(400, 'type must be either "ticket", "feedback", "app_missing", "app_error" or "upgrade_request"'));
    if (typeof req.body.subject !== 'string' || !req.body.subject) return next(new HttpError(400, 'subject must be string'));
    if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));

    mailer.sendFeedback(req.user, req.body.type, req.body.subject, req.body.description);

    next(new HttpSuccess(201, {}));
}
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`'use strict';`

			`exports = module.exports = {`
			`activate: activate,`
			`setupTokenAuth: setupTokenAuth,`
			`getStatus: getStatus,`
			`reboot: reboot,`
			`getProgress: getProgress,`
			`getConfig: getConfig,`
			`update: update,`
Add feedback route 2015-08-04 14:31:40 +02:00			`feedback: feedback`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`};`

			`var assert = require('assert'),`
			`cloudron = require('../cloudron.js'),`
			`CloudronError = cloudron.CloudronError,`
add eventlog hooks 2016-04-30 13:56:03 -07:00			`config = require('../config.js'),`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`debug = require('debug')('box:routes/cloudron'),`
			`HttpError = require('connect-lastmile').HttpError,`
			`HttpSuccess = require('connect-lastmile').HttpSuccess,`
add eventlog hooks 2016-04-30 13:56:03 -07:00			`progress = require('../progress.js'),`
			`mailer = require('../mailer.js'),`
add internal route to update the cloudron need to way to trigger updates of cloudron using the caas tool 2016-01-14 11:13:00 -08:00			`superagent = require('superagent');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
make cloudron.updateToLatest take an auditSource 2016-05-01 13:15:30 -07:00			`function auditSource(req) {`
use req.connection.remoteAddress 2016-05-01 13:29:11 -07:00			`var ip = req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress \|\| null;`
make cloudron.updateToLatest take an auditSource 2016-05-01 13:15:30 -07:00			`return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };`
			`}`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`/**`
			`* Creating an admin user and activate the cloudron.`
			`*`
			`* @apiParam {string} username The administrator's user name`
			`* @apiParam {string} password The administrator's password`
			`* @apiParam {string} email The administrator's email address`
			`*`
			`* @apiSuccess (Created 201) {string} token A valid access token`
			`*/`
			`function activate(req, res, next) {`
			`assert.strictEqual(typeof req.body, 'object');`
			`assert.strictEqual(typeof req.query.setupToken, 'string');`

			`if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));`
			`if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));`
			`if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));`
Fix error message if displayName has wrong type 2016-01-20 16:14:21 +01:00			`if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`var username = req.body.username;`
			`var password = req.body.password;`
			`var email = req.body.email;`
Add displayName to create user and activate routes 2016-01-19 23:34:49 -08:00			`var displayName = req.body.displayName \|\| '';`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`var ip = req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress;`
			`debug('activate: username:%s ip:%s', username, ip);`

make cloudron.activate take an auditSource 2016-05-01 13:27:57 -07:00			`cloudron.activate(username, password, email, displayName, ip, auditSource(req), function (error, info) {`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error && error.reason === CloudronError.ALREADY_PROVISIONED) return next(new HttpError(409, 'Already setup'));`
merge bad fields and pass error.message correctly in REST responses 2016-06-02 00:06:54 -07:00			`if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(400, error.message));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error) return next(new HttpError(500, error));`

Skip calling back home on activation in non caas case 2015-12-29 15:56:37 +01:00			`// only in caas case do we have to notify the api server about activation`
			`if (config.provider() !== 'caas') return next(new HttpSuccess(201, info));`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`// Now let the api server know we got activated`
Skip calling back home on activation in non caas case 2015-12-29 15:56:37 +01:00			`superagent.post(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/done').query({ setupToken: req.query.setupToken }).end(function (error, result) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`if (error && !error.response) return next(new HttpError(500, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));`
			`if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));`
Fix crash when the appstore server does not respond correctly on setup 2015-12-29 16:07:04 +01:00			`if (result.statusCode !== 201) return next(new HttpError(500, result.text \|\| 'Internal error'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`next(new HttpSuccess(201, info));`
			`});`
			`});`
			`}`

			`function setupTokenAuth(req, res, next) {`
			`assert.strictEqual(typeof req.query, 'object');`

Skip setupToken auth for non caas cloudrons 2015-12-29 11:24:45 +01:00			`// skip setupToken auth for non caas case`
			`if (config.provider() !== 'caas') return next();`

app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (typeof req.query.setupToken !== 'string') return next(new HttpError(400, 'no setupToken provided'));`

			`superagent.get(config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/setup/verify').query({ setupToken:req.query.setupToken }).end(function (error, result) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`if (error && !error.response) return next(new HttpError(500, error));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (result.statusCode === 403) return next(new HttpError(403, 'Invalid token'));`
			`if (result.statusCode === 409) return next(new HttpError(409, 'Already setup'));`
Fix crash when the appstore server does not respond correctly on setup 2015-12-29 16:07:04 +01:00			`if (result.statusCode !== 200) return next(new HttpError(500, result.text \|\| 'Internal error'));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
			`next();`
			`});`
			`}`

			`function getStatus(req, res, next) {`
			`cloudron.getStatus(function (error, status) {`
			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(200, status));`
			`});`
			`}`

			`function getProgress(req, res, next) {`
			`return next(new HttpSuccess(200, progress.get()));`
			`}`

			`function reboot(req, res, next) {`
			`// Finish the request, to let the appstore know we triggered the restore it`
			`next(new HttpSuccess(202, {}));`

			`cloudron.reboot();`
			`}`

			`function getConfig(req, res, next) {`
			`cloudron.getConfig(function (error, cloudronConfig) {`
			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(200, cloudronConfig));`
			`});`
			`}`

			`function update(req, res, next) {`
			`// this only initiates the update, progress can be checked via the progress route`
make cloudron.updateToLatest take an auditSource 2016-05-01 13:15:30 -07:00			`cloudron.updateToLatest(auditSource(req), function (error) {`
add internal route to update the cloudron need to way to trigger updates of cloudron using the caas tool 2016-01-14 11:13:00 -08:00			`if (error && error.reason === CloudronError.ALREADY_UPTODATE) return next(new HttpError(422, error.message));`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`if (error && error.reason === CloudronError.BAD_STATE) return next(new HttpError(409, error.message));`
			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(202, {}));`
			`});`
			`}`

Add feedback route 2015-08-04 14:31:40 +02:00			`function feedback(req, res, next) {`
			`assert.strictEqual(typeof req.user, 'object');`

Add new support type for failing erroring apps 2016-02-25 21:38:37 +01:00			`if (req.body.type !== mailer.FEEDBACK_TYPE_FEEDBACK &&`
			`req.body.type !== mailer.FEEDBACK_TYPE_TICKET &&`
			`req.body.type !== mailer.FEEDBACK_TYPE_APP_MISSING &&`
Support upgrade_request feedback type 2016-04-18 17:11:36 +02:00			`req.body.type !== mailer.FEEDBACK_TYPE_UPGRADE_REQUEST &&`
Implement upgrade request dialog This is currently merely a placeholder for some real upgrade ui 2016-04-18 17:12:47 +02:00			`req.body.type !== mailer.FEEDBACK_TYPE_APP_ERROR) return next(new HttpError(400, 'type must be either "ticket", "feedback", "app_missing", "app_error" or "upgrade_request"'));`
Add unit tests for feedback route and fix the route 2015-08-04 16:59:35 +02:00			`if (typeof req.body.subject !== 'string' \|\| !req.body.subject) return next(new HttpError(400, 'subject must be string'));`
			`if (typeof req.body.description !== 'string' \|\| !req.body.description) return next(new HttpError(400, 'description must be string'));`
Add feedback route 2015-08-04 14:31:40 +02:00
mailer functions only enqueue, respond immediately 2015-08-04 15:39:14 +02:00			`mailer.sendFeedback(req.user, req.body.type, req.body.subject, req.body.description);`

			`next(new HttpSuccess(201, {}));`
Add feedback route 2015-08-04 14:31:40 +02:00			`}`