src/routes/domains.js

'use strict';

exports = module.exports = {
    add: add,
    get: get,
    getAll: getAll,
    update: update,
    del: del,

    verifyDomainLock: verifyDomainLock
};

var assert = require('assert'),
    auditSource = require('../auditsource.js'),
    domains = require('../domains.js'),
    DomainsError = domains.DomainsError,
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess;

function verifyDomainLock(req, res, next) {
    assert.strictEqual(typeof req.params.domain, 'string');

    domains.get(req.params.domain, function (error, domain) {
        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, 'No such domain'));
        if (error) return next(new HttpError(500, error));

        if (domain.locked) return next(new HttpError(423, 'This domain is locked'));

        next();
    });
}

function add(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    if (typeof req.body.domain !== 'string') return next(new HttpError(400, 'domain must be a string'));
    if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be a string'));

    if (!req.body.config || typeof req.body.config !== 'object') return next(new HttpError(400, 'config must be an object'));
    if ('hyphenatedSubdomains' in req.body.config && typeof req.body.config.hyphenatedSubdomains !== 'boolean') return next(new HttpError(400, 'hyphenatedSubdomains must be a boolean'));
    if ('wildcard' in req.body.config && typeof req.body.config.wildcard !== 'boolean') return next(new HttpError(400, 'wildcard must be a boolean'));

    if ('zoneName' in req.body && typeof req.body.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string'));
    if ('fallbackCertificate' in req.body && typeof req.body.fallbackCertificate !== 'object') return next(new HttpError(400, 'fallbackCertificate must be a object with cert and key strings'));
    if (req.body.fallbackCertificate) {
        let fallbackCertificate = req.body.fallbackCertificate;
        if (!fallbackCertificate.cert || typeof fallbackCertificate.cert !== 'string') return next(new HttpError(400, 'fallbackCertificate.cert must be a string'));
        if (!fallbackCertificate.key || typeof fallbackCertificate.key !== 'string') return next(new HttpError(400, 'fallbackCertificate.key must be a string'));
        if ('restricted' in fallbackCertificate && typeof fallbackCertificate.restricted !== 'boolean') return next(new HttpError(400, 'fallbackCertificate.restricted must be a boolean'));
    }

    if ('tlsConfig' in req.body) {
        if (!req.body.tlsConfig || typeof req.body.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be a object with a provider string property'));
        if (!req.body.tlsConfig.provider || typeof req.body.tlsConfig.provider !== 'string') return next(new HttpError(400, 'tlsConfig.provider must be a string'));
    }

    // some DNS providers like DigitalOcean take a really long time to verify credentials (https://github.com/expressjs/timeout/issues/26)
    req.clearTimeout();

    let data = {
        zoneName: req.body.zoneName || '',
        provider: req.body.provider,
        config: req.body.config,
        fallbackCertificate: req.body.fallbackCertificate || null,
        tlsConfig: req.body.tlsConfig || { provider: 'letsencrypt-prod' }
    };

    domains.add(req.body.domain, data, auditSource.fromRequest(req), function (error) {
        if (error && error.reason === DomainsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
        if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(201, { domain: req.body.domain, config: req.body.config }));
    });
}

function get(req, res, next) {
    assert.strictEqual(typeof req.params.domain, 'string');

    domains.get(req.params.domain, function (error, result) {
        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(200, domains.removePrivateFields(result)));
    });
}

function getAll(req, res, next) {
    domains.getAll(function (error, result) {
        if (error) return next(new HttpError(500, error));

        result = result.map(domains.removeRestrictedFields);

        next(new HttpSuccess(200, { domains: result }));
    });
}

function update(req, res, next) {
    assert.strictEqual(typeof req.params.domain, 'string');
    assert.strictEqual(typeof req.body, 'object');

    if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be an object'));

    if (!req.body.config || typeof req.body.config !== 'object') return next(new HttpError(400, 'config must be an object'));
    if ('hyphenatedSubdomains' in req.body.config && typeof req.body.config.hyphenatedSubdomains !== 'boolean') return next(new HttpError(400, 'hyphenatedSubdomains must be a boolean'));
    if ('wildcard' in req.body.config && typeof req.body.config.wildcard !== 'boolean') return next(new HttpError(400, 'wildcard must be a boolean'));

    if ('zoneName' in req.body && typeof req.body.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string'));
    if ('fallbackCertificate' in req.body && typeof req.body.fallbackCertificate !== 'object') return next(new HttpError(400, 'fallbackCertificate must be a object with cert and key strings'));
    if (req.body.fallbackCertificate) {
        let fallbackCertificate = req.body.fallbackCertificate;
        if (!fallbackCertificate.cert || typeof fallbackCertificate.cert !== 'string') return next(new HttpError(400, 'fallbackCertificate.cert must be a string'));
        if (!fallbackCertificate.key || typeof fallbackCertificate.key !== 'string') return next(new HttpError(400, 'fallbackCertificate.key must be a string'));
        if ('restricted' in fallbackCertificate && typeof fallbackCertificate.restricted !== 'boolean') return next(new HttpError(400, 'fallbackCertificate.restricted must be a boolean'));
    }

    if ('tlsConfig' in req.body) {
        if (!req.body.tlsConfig || typeof req.body.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be a object with a provider string property'));
        if (!req.body.tlsConfig.provider || typeof req.body.tlsConfig.provider !== 'string') return next(new HttpError(400, 'tlsConfig.provider must be a string'));
    }

    // some DNS providers like DigitalOcean take a really long time to verify credentials (https://github.com/expressjs/timeout/issues/26)
    req.clearTimeout();

    let data = {
        zoneName: req.body.zoneName || '',
        provider: req.body.provider,
        config: req.body.config,
        fallbackCertificate: req.body.fallbackCertificate || null,
        tlsConfig: req.body.tlsConfig || { provider: 'letsencrypt-prod' }
    };

    domains.update(req.params.domain, data, auditSource.fromRequest(req), function (error) {
        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
        if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204, {}));
    });
}

function del(req, res, next) {
    assert.strictEqual(typeof req.params.domain, 'string');

    domains.del(req.params.domain, auditSource.fromRequest(req), function (error) {
        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
        if (error && error.reason === DomainsError.IN_USE) return next(new HttpError(409, 'Domain is still in use. Remove all apps and mailboxes using this domain'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204));
    });
}
Add domain routes 2017-10-28 22:18:07 +02:00			`'use strict';`

			`exports = module.exports = {`
			`add: add,`
			`get: get,`
			`getAll: getAll,`
			`update: update,`
lock the admin domain based on the edition 2018-09-05 22:58:43 -07:00			`del: del,`

			`verifyDomainLock: verifyDomainLock`
Add domain routes 2017-10-28 22:18:07 +02:00			`};`

			`var assert = require('assert'),`
re-factor all the audit source objects 2019-03-25 15:07:06 -07:00			`auditSource = require('../auditsource.js'),`
Add domain routes 2017-10-28 22:18:07 +02:00			`domains = require('../domains.js'),`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`DomainsError = domains.DomainsError,`
Add domain routes 2017-10-28 22:18:07 +02:00			`HttpError = require('connect-lastmile').HttpError,`
Move renewal logic to domain model code 2018-10-24 20:06:04 -07:00			`HttpSuccess = require('connect-lastmile').HttpSuccess;`
Add route to renew certs of a domain 2018-10-24 13:01:45 -07:00
lock the admin domain based on the edition 2018-09-05 22:58:43 -07:00			`function verifyDomainLock(req, res, next) {`
			`assert.strictEqual(typeof req.params.domain, 'string');`

Add locked flag to domains table 2019-01-25 14:18:39 -08:00			`domains.get(req.params.domain, function (error, domain) {`
			`if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, 'No such domain'));`
			`if (error) return next(new HttpError(500, error));`
lock the admin domain based on the edition 2018-09-05 22:58:43 -07:00
Add locked flag to domains table 2019-01-25 14:18:39 -08:00			`if (domain.locked) return next(new HttpError(423, 'This domain is locked'));`

			`next();`
			`});`
lock the admin domain based on the edition 2018-09-05 22:58:43 -07:00			`}`

Add domain routes 2017-10-28 22:18:07 +02:00			`function add(req, res, next) {`
			`assert.strictEqual(typeof req.body, 'object');`

			`if (typeof req.body.domain !== 'string') return next(new HttpError(400, 'domain must be a string'));`
Add domains.provider 2018-01-09 14:46:38 -08:00			`if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be a string'));`
Move type validation to routes logic 2018-09-11 22:17:40 -07:00
			`if (!req.body.config \|\| typeof req.body.config !== 'object') return next(new HttpError(400, 'config must be an object'));`
			`if ('hyphenatedSubdomains' in req.body.config && typeof req.body.config.hyphenatedSubdomains !== 'boolean') return next(new HttpError(400, 'hyphenatedSubdomains must be a boolean'));`
acme2: implement wildcard certs 2018-09-11 22:46:17 -07:00			`if ('wildcard' in req.body.config && typeof req.body.config.wildcard !== 'boolean') return next(new HttpError(400, 'wildcard must be a boolean'));`
Move type validation to routes logic 2018-09-11 22:17:40 -07:00
Add zoneName support to domains rest API 2017-11-07 02:15:55 +01:00			`if ('zoneName' in req.body && typeof req.body.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string'));`
Move fallback certificate api to domains 2017-11-09 02:06:36 +01:00			`if ('fallbackCertificate' in req.body && typeof req.body.fallbackCertificate !== 'object') return next(new HttpError(400, 'fallbackCertificate must be a object with cert and key strings'));`
Add support for restricted certs as part of dns setup 2018-10-30 18:11:10 -07:00			`if (req.body.fallbackCertificate) {`
Fix validation of fallback certs 2018-11-05 21:13:34 -08:00			`let fallbackCertificate = req.body.fallbackCertificate;`
			`if (!fallbackCertificate.cert \|\| typeof fallbackCertificate.cert !== 'string') return next(new HttpError(400, 'fallbackCertificate.cert must be a string'));`
			`if (!fallbackCertificate.key \|\| typeof fallbackCertificate.key !== 'string') return next(new HttpError(400, 'fallbackCertificate.key must be a string'));`
			`if ('restricted' in fallbackCertificate && typeof fallbackCertificate.restricted !== 'boolean') return next(new HttpError(400, 'fallbackCertificate.restricted must be a boolean'));`
Add support for restricted certs as part of dns setup 2018-10-30 18:11:10 -07:00			`}`
Move type validation to routes logic 2018-09-11 22:17:40 -07:00
			`if ('tlsConfig' in req.body) {`
			`if (!req.body.tlsConfig \|\| typeof req.body.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be a object with a provider string property'));`
			`if (!req.body.tlsConfig.provider \|\| typeof req.body.tlsConfig.provider !== 'string') return next(new HttpError(400, 'tlsConfig.provider must be a string'));`
			`}`
Add domain routes 2017-10-28 22:18:07 +02:00
clear the request timeout when adding/updating domain 2018-03-08 09:27:56 -08:00			`// some DNS providers like DigitalOcean take a really long time to verify credentials (https://github.com/expressjs/timeout/issues/26)`
			`req.clearTimeout();`

eventlog: add domain events 2018-11-10 00:43:46 -08:00			`let data = {`
			`zoneName: req.body.zoneName \|\| '',`
			`provider: req.body.provider,`
			`config: req.body.config,`
			`fallbackCertificate: req.body.fallbackCertificate \|\| null,`
			`tlsConfig: req.body.tlsConfig \|\| { provider: 'letsencrypt-prod' }`
			`};`

re-factor all the audit source objects 2019-03-25 15:07:06 -07:00			`domains.add(req.body.domain, data, auditSource.fromRequest(req), function (error) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.reason === DomainsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));`
			`if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));`
			`if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));`
Add domain routes 2017-10-28 22:18:07 +02:00			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(201, { domain: req.body.domain, config: req.body.config }));`
			`});`
			`}`

			`function get(req, res, next) {`
			`assert.strictEqual(typeof req.params.domain, 'string');`

			`domains.get(req.params.domain, function (error, result) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));`
Add domain routes 2017-10-28 22:18:07 +02:00			`if (error) return next(new HttpError(500, error));`

Remove private fields when listing domains 2018-04-27 11:38:09 -07:00			`next(new HttpSuccess(200, domains.removePrivateFields(result)));`
Add domain routes 2017-10-28 22:18:07 +02:00			`});`
			`}`

			`function getAll(req, res, next) {`
			`domains.getAll(function (error, result) {`
			`if (error) return next(new HttpError(500, error));`

Add domain management scope 2018-06-25 15:12:20 -07:00			`result = result.map(domains.removeRestrictedFields);`
Remove private fields when listing domains 2018-04-27 11:38:09 -07:00
Add domain routes 2017-10-28 22:18:07 +02:00			`next(new HttpSuccess(200, { domains: result }));`
			`});`
			`}`

			`function update(req, res, next) {`
			`assert.strictEqual(typeof req.params.domain, 'string');`
			`assert.strictEqual(typeof req.body, 'object');`

Add domains.provider 2018-01-09 14:46:38 -08:00			`if (typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be an object'));`
Move type validation to routes logic 2018-09-11 22:17:40 -07:00
			`if (!req.body.config \|\| typeof req.body.config !== 'object') return next(new HttpError(400, 'config must be an object'));`
			`if ('hyphenatedSubdomains' in req.body.config && typeof req.body.config.hyphenatedSubdomains !== 'boolean') return next(new HttpError(400, 'hyphenatedSubdomains must be a boolean'));`
acme2: implement wildcard certs 2018-09-11 22:46:17 -07:00			`if ('wildcard' in req.body.config && typeof req.body.config.wildcard !== 'boolean') return next(new HttpError(400, 'wildcard must be a boolean'));`
Move type validation to routes logic 2018-09-11 22:17:40 -07:00
Allow zoneName to be changed in domain update route 2018-05-15 13:51:00 -07:00			`if ('zoneName' in req.body && typeof req.body.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string'));`
Move fallback certificate api to domains 2017-11-09 02:06:36 +01:00			`if ('fallbackCertificate' in req.body && typeof req.body.fallbackCertificate !== 'object') return next(new HttpError(400, 'fallbackCertificate must be a object with cert and key strings'));`
Fix validation of fallback certs 2018-11-05 21:13:34 -08:00			`if (req.body.fallbackCertificate) {`
			`let fallbackCertificate = req.body.fallbackCertificate;`
			`if (!fallbackCertificate.cert \|\| typeof fallbackCertificate.cert !== 'string') return next(new HttpError(400, 'fallbackCertificate.cert must be a string'));`
			`if (!fallbackCertificate.key \|\| typeof fallbackCertificate.key !== 'string') return next(new HttpError(400, 'fallbackCertificate.key must be a string'));`
			`if ('restricted' in fallbackCertificate && typeof fallbackCertificate.restricted !== 'boolean') return next(new HttpError(400, 'fallbackCertificate.restricted must be a boolean'));`
			`}`
Move type validation to routes logic 2018-09-11 22:17:40 -07:00
			`if ('tlsConfig' in req.body) {`
			`if (!req.body.tlsConfig \|\| typeof req.body.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be a object with a provider string property'));`
			`if (!req.body.tlsConfig.provider \|\| typeof req.body.tlsConfig.provider !== 'string') return next(new HttpError(400, 'tlsConfig.provider must be a string'));`
			`}`
Add domain routes 2017-10-28 22:18:07 +02:00
clear the request timeout when adding/updating domain 2018-03-08 09:27:56 -08:00			`// some DNS providers like DigitalOcean take a really long time to verify credentials (https://github.com/expressjs/timeout/issues/26)`
			`req.clearTimeout();`

eventlog: add domain events 2018-11-10 00:43:46 -08:00			`let data = {`
			`zoneName: req.body.zoneName \|\| '',`
			`provider: req.body.provider,`
			`config: req.body.config,`
			`fallbackCertificate: req.body.fallbackCertificate \|\| null,`
			`tlsConfig: req.body.tlsConfig \|\| { provider: 'letsencrypt-prod' }`
			`};`

re-factor all the audit source objects 2019-03-25 15:07:06 -07:00			`domains.update(req.params.domain, data, auditSource.fromRequest(req), function (error) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));`
			`if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));`
			`if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));`
Add domain routes 2017-10-28 22:18:07 +02:00			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(204, {}));`
			`});`
			`}`

			`function del(req, res, next) {`
			`assert.strictEqual(typeof req.params.domain, 'string');`

re-factor all the audit source objects 2019-03-25 15:07:06 -07:00			`domains.del(req.params.domain, auditSource.fromRequest(req), function (error) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));`
			`if (error && error.reason === DomainsError.IN_USE) return next(new HttpError(409, 'Domain is still in use. Remove all apps and mailboxes using this domain'));`
Add domain routes 2017-10-28 22:18:07 +02:00			`if (error) return next(new HttpError(500, error));`

Fix mail domain route 2018-01-25 10:46:15 -08:00			`next(new HttpSuccess(204));`
Add domain routes 2017-10-28 22:18:07 +02:00			`});`
			`}`