box.js

#!/usr/bin/env node

'use strict';

const constants = require('./src/constants.js'),
    fs = require('node:fs'),
    ldapServer = require('./src/ldapserver.js'),
    net = require('node:net'),
    oidcServer = require('./src/oidcserver.js'),
    paths = require('./src/paths.js'),
    proxyAuth = require('./src/proxyauth.js'),
    safe = require('safetydance'),
    server = require('./src/server.js'),
    directoryServer = require('./src/directoryserver.js');

let logFd;

async function setupLogging() {
    if (constants.TEST) return;

    logFd = fs.openSync(paths.BOX_LOG_FILE, 'a');
    // we used to write using a stream before but it caches internally and there is no way to flush it when things crash
    process.stdout.write = process.stderr.write = function (...args) {
        const callback = typeof args[args.length-1] === 'function' ? args.pop() : function () {}; // callback is required for fs.write
        fs.write.apply(fs, [logFd, ...args, callback]);
    };
}

// happy eyeballs workaround. when there is no ipv6, nodejs timesout prematurely since the default for ipv4 is just 250ms
// https://github.com/nodejs/node/issues/54359
async function setupNetworking() {
    net.setDefaultAutoSelectFamilyAttemptTimeout(2500);
}

// this is also used as the 'uncaughtException' handler which can only have synchronous functions
function exitSync(status) {
    const ts = new Date().toISOString();
    if (status.message) fs.write(logFd, `${ts} ${status.message}\n`, function () {});
    const msg = status.error.stack.replace(/\n/g, `\n${ts} `); // prefix each line with ts
    if (status.error) fs.write(logFd, `${ts} ${msg}\n`, function () {});
    fs.fsyncSync(logFd);
    fs.closeSync(logFd);
    process.exit(status.code);
}

async function startServers() {
    await setupLogging();
    await setupNetworking();
    await server.start(); // do this first since it also inits the database
    await proxyAuth.start();
    await ldapServer.start();

    const conf = await directoryServer.getConfig();
    if (conf.enabled) await directoryServer.start();
}

async function main() {
    const [error] = await safe(startServers());
    if (error) return exitSync({ error, code: 1, message: 'Error starting servers' });

    // require this here so that logging handler is already setup
    const debug = require('debug')('box:box');

    process.on('SIGHUP', async function () {
        debug('Received SIGHUP. Re-reading configs.');
        const conf = await directoryServer.getConfig();
        if (conf.enabled) await directoryServer.checkCertificate();
    });

    process.on('SIGINT', async function () {
        debug('Received SIGINT. Shutting down.');

        await proxyAuth.stop();
        await server.stop();
        await directoryServer.stop();
        await ldapServer.stop();
        await oidcServer.stop();

        setTimeout(() => {
            debug('Shutdown complete');
            process.exit();
        }, 2000); // need to wait for the task processes to die
    });

    process.on('SIGTERM', async function () {
        debug('Received SIGTERM. Shutting down.');

        await proxyAuth.stop();
        await server.stop();
        await directoryServer.stop();
        await ldapServer.stop();
        await oidcServer.stop();

        setTimeout(() => {
            debug('Shutdown complete');
            process.exit();
        }, 2000); // need to wait for the task processes to die
    });

    process.on('uncaughtException', (error) => exitSync({ error, code: 1, message: 'From uncaughtException handler.' }));
}

main();
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00			`#!/usr/bin/env node`

			`'use strict';`

Use constants.TEST 2023-10-01 13:52:19 +05:30			`const constants = require('./src/constants.js'),`
use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace. 2025-08-14 11:17:38 +05:30			`fs = require('node:fs'),`
rename ldap.js to ldapserver.js this makes it clearer it is server module and not some generic ldap thing 2024-01-06 13:29:23 +01:00			`ldapServer = require('./src/ldapserver.js'),`
use node: prefix for requires mostly because code is being autogenerated by all the AI stuff using this prefix. it's also used in the stack trace. 2025-08-14 11:17:38 +05:30			`net = require('node:net'),`
split oidc into server and clients 2025-06-11 22:00:09 +02:00			`oidcServer = require('./src/oidcserver.js'),`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00			`paths = require('./src/paths.js'),`
Add proxyAuth as an addon 2020-11-10 09:59:28 -08:00			`proxyAuth = require('./src/proxyauth.js'),`
more async'ification 2021-09-07 09:57:49 -07:00			`safe = require('safetydance'),`
start/stop exposed LDAP depending on settings 2021-11-24 17:59:21 +01:00			`server = require('./src/server.js'),`
rename user directory to directory server 2022-08-15 19:14:02 +02:00			`directoryServer = require('./src/directoryserver.js');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Fix logger to log exceptions this is similar to the fix in taskworker 2021-09-07 11:23:54 -07:00			`let logFd;`

			`async function setupLogging() {`
Use constants.TEST 2023-10-01 13:52:19 +05:30			`if (constants.TEST) return;`
pass log file as argument to task worker initially, i thought i can hardcode the log file into taskworker.js depending on the task type but for apptask, it's not easy to get the appId from the taskId unless we introspect task arguments as well. it's easier for now to pass it as an argument. 2020-08-04 22:16:38 -07:00
Fix logger to log exceptions this is similar to the fix in taskworker 2021-09-07 11:23:54 -07:00			`logFd = fs.openSync(paths.BOX_LOG_FILE, 'a');`
			`// we used to write using a stream before but it caches internally and there is no way to flush it when things crash`
			`process.stdout.write = process.stderr.write = function (...args) {`
			`const callback = typeof args[args.length-1] === 'function' ? args.pop() : function () {}; // callback is required for fs.write`
			`fs.write.apply(fs, [logFd, ...args, callback]);`
			`};`
			`}`

network: fix premature connection closures with node 20 and above the happy eyeballs implementation in node is buggy. ipv4 and ipv6 connections are made in parallel and whichever responds first is chosen. when there is no ipv6 (immediately errors with ENETUNREACH/EHOSTUNREACH) and when ipv4 is > 250ms, the code erroneously times out. see also https://github.com/nodejs/node/issues/54359 reproduction for those servers: const options = { hostname: 'www.cloudron.io', port: 80, path: '/', method: 'HEAD', // family: 4, // uncomment to make it work }; const req = require('http').request(options, (res) => { console.log('statusCode:', res.statusCode); res.on('data', () => {}); // drain }); req.on('socket', (socket) => console.log('Socket assigned to request', socket);); req.on('error', (e) => console.error(e)); req.end(); 2024-10-31 09:38:40 +01:00			`// happy eyeballs workaround. when there is no ipv6, nodejs timesout prematurely since the default for ipv4 is just 250ms`
			`// https://github.com/nodejs/node/issues/54359`
			`async function setupNetworking() {`
middleground in timeout DO BLR droplets still fail with 1s timeout! 2024-10-31 10:07:11 +01:00			`net.setDefaultAutoSelectFamilyAttemptTimeout(2500);`
network: fix premature connection closures with node 20 and above the happy eyeballs implementation in node is buggy. ipv4 and ipv6 connections are made in parallel and whichever responds first is chosen. when there is no ipv6 (immediately errors with ENETUNREACH/EHOSTUNREACH) and when ipv4 is > 250ms, the code erroneously times out. see also https://github.com/nodejs/node/issues/54359 reproduction for those servers: const options = { hostname: 'www.cloudron.io', port: 80, path: '/', method: 'HEAD', // family: 4, // uncomment to make it work }; const req = require('http').request(options, (res) => { console.log('statusCode:', res.statusCode); res.on('data', () => {}); // drain }); req.on('socket', (socket) => console.log('Socket assigned to request', socket);); req.on('error', (e) => console.error(e)); req.end(); 2024-10-31 09:38:40 +01:00			`}`

Fix logger to log exceptions this is similar to the fix in taskworker 2021-09-07 11:23:54 -07:00			`// this is also used as the 'uncaughtException' handler which can only have synchronous functions`
			`function exitSync(status) {`
log exception with timestamp prefixed 2024-10-14 16:21:25 +02:00			`const ts = new Date().toISOString();`
Do not swallow original error stack trace in box.js 2025-06-30 17:34:55 +02:00			if (status.message) fs.write(logFd, `${ts} ${status.message}\n`, function () {});
log exception with timestamp prefixed 2024-10-14 16:21:25 +02:00			const msg = status.error.stack.replace(/\n/g, `\n${ts} `); // prefix each line with ts
			if (status.error) fs.write(logFd, `${ts} ${msg}\n`, function () {});
Fix logger to log exceptions this is similar to the fix in taskworker 2021-09-07 11:23:54 -07:00			`fs.fsyncSync(logFd);`
			`fs.closeSync(logFd);`
			`process.exit(status.code);`
more async'ification 2021-09-07 09:57:49 -07:00			`}`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00
more async'ification 2021-09-07 09:57:49 -07:00			`async function startServers() {`
Fix logger to log exceptions this is similar to the fix in taskworker 2021-09-07 11:23:54 -07:00			`await setupLogging();`
network: fix premature connection closures with node 20 and above the happy eyeballs implementation in node is buggy. ipv4 and ipv6 connections are made in parallel and whichever responds first is chosen. when there is no ipv6 (immediately errors with ENETUNREACH/EHOSTUNREACH) and when ipv4 is > 250ms, the code erroneously times out. see also https://github.com/nodejs/node/issues/54359 reproduction for those servers: const options = { hostname: 'www.cloudron.io', port: 80, path: '/', method: 'HEAD', // family: 4, // uncomment to make it work }; const req = require('http').request(options, (res) => { console.log('statusCode:', res.statusCode); res.on('data', () => {}); // drain }); req.on('socket', (socket) => console.log('Socket assigned to request', socket);); req.on('error', (e) => console.error(e)); req.end(); 2024-10-31 09:38:40 +01:00			`await setupNetworking();`
more async'ification 2021-09-07 09:57:49 -07:00			`await server.start(); // do this first since it also inits the database`
			`await proxyAuth.start();`
rename ldap.js to ldapserver.js this makes it clearer it is server module and not some generic ldap thing 2024-01-06 13:29:23 +01:00			`await ldapServer.start();`
start/stop exposed LDAP depending on settings 2021-11-24 17:59:21 +01:00
Fix crash on startup 2023-08-03 06:34:55 +05:30			`const conf = await directoryServer.getConfig();`
rename user directory to directory server 2022-08-15 19:14:02 +02:00			`if (conf.enabled) await directoryServer.start();`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00			`}`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
more async'ification 2021-09-07 09:57:49 -07:00			`async function main() {`
			`const [error] = await safe(startServers());`
Do not swallow original error stack trace in box.js 2025-06-30 17:34:55 +02:00			`if (error) return exitSync({ error, code: 1, message: 'Error starting servers' });`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
remove supererror, not really used 2022-02-21 17:34:51 -08:00			`// require this here so that logging handler is already setup`
Ensure stderr and exceptions also go to logfile Bring back supererror for stacktraces when no Error object is throwing 2020-08-21 09:45:03 +02:00			`const debug = require('debug')('box:box');`
app.portBindings and newManifest.tcpPorts may be null 2015-07-20 00:09:47 -07:00
Add SIGHUP handler to reload certs we have to reload directory server certs out of process 2022-11-16 08:10:57 +01:00			`process.on('SIGHUP', async function () {`
			`debug('Received SIGHUP. Re-reading configs.');`
Fix crash on startup 2023-08-03 06:34:55 +05:30			`const conf = await directoryServer.getConfig();`
reverseproxy: notify cert change only in cron job notifying this in ensureCertificate does not work if provider changed in the middle anyway. might as well get them to be in sync in the cronjob. this change also resulted in tls addon getting restarted non-stop if you change from wildcard to non-wildcard since ensureCertificate notifies the change. 2022-11-30 15:16:16 +01:00			`if (conf.enabled) await directoryServer.checkCertificate();`
Add SIGHUP handler to reload certs we have to reload directory server certs out of process 2022-11-16 08:10:57 +01:00			`});`

more async'ification 2021-09-07 09:57:49 -07:00			`process.on('SIGINT', async function () {`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00			`debug('Received SIGINT. Shutting down.');`
Log if we receive SIGINT or SIGTERM 2018-11-08 14:35:22 +01:00
more async'ification 2021-09-07 09:57:49 -07:00			`await proxyAuth.stop();`
			`await server.stop();`
rename user directory to directory server 2022-08-15 19:14:02 +02:00			`await directoryServer.stop();`
rename ldap.js to ldapserver.js this makes it clearer it is server module and not some generic ldap thing 2024-01-06 13:29:23 +01:00			`await ldapServer.stop();`
split oidc into server and clients 2025-06-11 22:00:09 +02:00			`await oidcServer.stop();`
better logs on actual quit 2025-06-17 22:28:11 +02:00
			`setTimeout(() => {`
			`debug('Shutdown complete');`
			`process.exit();`
			`}, 2000); // need to wait for the task processes to die`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00			`});`

more async'ification 2021-09-07 09:57:49 -07:00			`process.on('SIGTERM', async function () {`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00			`debug('Received SIGTERM. Shutting down.');`
Wait upto 3 seconds for the app to quit Otherwise systemd will kill us and we get crash emails. Fixes #483 2015-09-09 16:57:41 -07:00
more async'ification 2021-09-07 09:57:49 -07:00			`await proxyAuth.stop();`
			`await server.stop();`
rename user directory to directory server 2022-08-15 19:14:02 +02:00			`await directoryServer.stop();`
rename ldap.js to ldapserver.js this makes it clearer it is server module and not some generic ldap thing 2024-01-06 13:29:23 +01:00			`await ldapServer.stop();`
split oidc into server and clients 2025-06-11 22:00:09 +02:00			`await oidcServer.stop();`
better logs on actual quit 2025-06-17 22:28:11 +02:00
			`setTimeout(() => {`
			`debug('Shutdown complete');`
			`process.exit();`
			`}, 2000); // need to wait for the task processes to die`
hardcode logging of box code to box.log 2020-08-04 09:34:03 -07:00			`});`
Log if we receive SIGINT or SIGTERM 2018-11-08 14:35:22 +01:00
Do not swallow original error stack trace in box.js 2025-06-30 17:34:55 +02:00			`process.on('uncaughtException', (error) => exitSync({ error, code: 1, message: 'From uncaughtException handler.' }));`
more async'ification 2021-09-07 09:57:49 -07:00			`}`

			`main();`