src/routes/provision.js

'use strict';

exports = module.exports = {
    providerTokenAuth,
    setup,
    activate,
    restore,
    getStatus,
    setupTokenAuth
};

const assert = require('assert'),
    AuditSource = require('../auditsource.js'),
    BoxError = require('../boxerror.js'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    paths = require('../paths.js'),
    provision = require('../provision.js'),
    safe = require('safetydance'),
    settings = require('../settings.js'),
    superagent = require('superagent');

function setupTokenAuth(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    const setupToken = safe.fs.readFileSync(paths.SETUP_TOKEN_FILE, 'utf8');
    if (!setupToken) return next();

    if (!req.body.setupToken) return next(new HttpError(400, 'setup token required'));
    if (setupToken.trim() !== req.body.setupToken) return next(new HttpError(422, 'setup token does not match'));

    return next();
}

async function providerTokenAuth(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    if (settings.provider() === 'ami') {
        if (typeof req.body.providerToken !== 'string' || !req.body.providerToken) return next(new HttpError(400, 'providerToken must be a non empty string'));

        const [error, response] = await safe(superagent.get('http://169.254.169.254/latest/meta-data/instance-id').timeout(30 * 1000).ok(() => true));
        if (error) return next(new HttpError(422, `Network error getting EC2 metadata: ${error.message}`));
        if (response.status !== 200) return next(new HttpError(422, `Unable to get EC2 meta data. statusCode: ${response.status}`));
        if (response.text !== req.body.providerToken) return next(new HttpError(422, 'Instance ID does not match'));

        next();
    } else {
        next();
    }
}

async function setup(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    if (!req.body.domainConfig || typeof req.body.domainConfig !== 'object') return next(new HttpError(400, 'domainConfig is required'));

    const domainConfig = req.body.domainConfig;

    if (typeof domainConfig.provider !== 'string' || !domainConfig.provider) return next(new HttpError(400, 'provider is required'));
    if (typeof domainConfig.domain !== 'string' || !domainConfig.domain) return next(new HttpError(400, 'domain is required'));

    if ('zoneName' in domainConfig && typeof domainConfig.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string'));
    if (!domainConfig.config || typeof domainConfig.config !== 'object') return next(new HttpError(400, 'config must be an object'));

    if ('tlsConfig' in domainConfig && typeof domainConfig.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be an object'));
    if (domainConfig.tlsConfig && (!domainConfig.tlsConfig.provider || typeof domainConfig.tlsConfig.provider !== 'string')) return next(new HttpError(400, 'tlsConfig.provider must be a string'));

    if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));

    // it can take sometime to setup DNS, register cloudron
    req.clearTimeout();

    const [error] = await safe(provision.setup(domainConfig, req.body.sysinfoConfig || { provider: 'generic' }, AuditSource.fromRequest(req)));
    if (error) return next(BoxError.toHttpError(error));

    next(new HttpSuccess(200, {}));
}

async function activate(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));
    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));
    if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    const { username, password, email } = req.body;
    const displayName = req.body.displayName || '';

    const ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;

    const [error, info] = await safe(provision.activate(username, password, email, displayName, ip, AuditSource.fromRequest(req)));
    if (error) return next(BoxError.toHttpError(error));

    next(new HttpSuccess(201, info));
}

async function restore(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');

    if (!req.body.backupConfig || typeof req.body.backupConfig !== 'object') return next(new HttpError(400, 'backupConfig is required'));

    const backupConfig = req.body.backupConfig;
    if (typeof backupConfig.provider !== 'string') return next(new HttpError(400, 'provider is required'));
    if ('password' in backupConfig && typeof backupConfig.password !== 'string') return next(new HttpError(400, 'password must be a string'));
    if (typeof backupConfig.format !== 'string') return next(new HttpError(400, 'format must be a string'));
    if ('acceptSelfSignedCerts' in backupConfig && typeof backupConfig.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'format must be a boolean'));

    if (typeof req.body.remotePath !== 'string') return next(new HttpError(400, 'remotePath must be a string'));
    if (typeof req.body.version !== 'string') return next(new HttpError(400, 'version must be a string'));

    if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));
    if ('skipDnsSetup' in req.body && typeof req.body.skipDnsSetup !== 'boolean') return next(new HttpError(400, 'skipDnsSetup must be a boolean'));

    const options = {
        skipDnsSetup: req.body.skipDnsSetup || false
    };

    const [error] = await safe(provision.restore(backupConfig, req.body.remotePath, req.body.version, req.body.sysinfoConfig || { provider: 'generic' }, options, AuditSource.fromRequest(req)));
    if (error) return next(BoxError.toHttpError(error));

    next(new HttpSuccess(200, {}));
}

async function getStatus(req, res, next) {
    const [error, status] = await safe(provision.getStatus());
    if (error) return next(BoxError.toHttpError(error));

    next(new HttpSuccess(200, status));
}
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`'use strict';`

			`exports = module.exports = {`
secure the provision and activation routes with a token 2020-12-21 22:36:10 -08:00			`providerTokenAuth,`
			`setup,`
			`activate,`
			`restore,`
			`getStatus,`
			`setupTokenAuth`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`};`

merge maildb.js into mail.js 2021-06-29 14:26:34 -07:00			`const assert = require('assert'),`
make auditsource a class 2021-09-30 09:50:30 -07:00			`AuditSource = require('../auditsource.js'),`
Move ProvisionError to BoxError 2019-10-23 15:45:09 -07:00			`BoxError = require('../boxerror.js'),`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`HttpError = require('connect-lastmile').HttpError,`
			`HttpSuccess = require('connect-lastmile').HttpSuccess,`
secure the provision and activation routes with a token 2020-12-21 22:36:10 -08:00			`paths = require('../paths.js'),`
setup -> provision 2018-12-11 15:29:47 -08:00			`provision = require('../provision.js'),`
secure the provision and activation routes with a token 2020-12-21 22:36:10 -08:00			`safe = require('safetydance'),`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`settings = require('../settings.js'),`
			`superagent = require('superagent');`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
secure the provision and activation routes with a token 2020-12-21 22:36:10 -08:00			`function setupTokenAuth(req, res, next) {`
			`assert.strictEqual(typeof req.body, 'object');`

			`const setupToken = safe.fs.readFileSync(paths.SETUP_TOKEN_FILE, 'utf8');`
			`if (!setupToken) return next();`

			`if (!req.body.setupToken) return next(new HttpError(400, 'setup token required'));`
			`if (setupToken.trim() !== req.body.setupToken) return next(new HttpError(422, 'setup token does not match'));`

			`return next();`
			`}`

docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`async function providerTokenAuth(req, res, next) {`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`assert.strictEqual(typeof req.body, 'object');`

make sysinfo provider a setting 2019-10-29 15:46:33 -07:00			`if (settings.provider() === 'ami') {`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`if (typeof req.body.providerToken !== 'string' \|\| !req.body.providerToken) return next(new HttpError(400, 'providerToken must be a non empty string'));`

ami: fix instance id check 2021-11-17 19:05:26 -08:00			`const [error, response] = await safe(superagent.get('http://169.254.169.254/latest/meta-data/instance-id').timeout(30 * 1000).ok(() => true));`
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			if (error) return next(new HttpError(422, `Network error getting EC2 metadata: ${error.message}`));
ami: fix instance id check 2021-11-17 19:05:26 -08:00			if (response.status !== 200) return next(new HttpError(422, `Unable to get EC2 meta data. statusCode: ${response.status}`));
			`if (response.text !== req.body.providerToken) return next(new HttpError(422, 'Instance ID does not match'));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
docker.js and services.js: async'ify 2021-08-25 19:41:46 -07:00			`next();`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`} else {`
			`next();`
			`}`
			`}`

sysinfo: async'ify 2021-08-27 09:52:24 -07:00			`async function setup(req, res, next) {`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`assert.strictEqual(typeof req.body, 'object');`

dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`if (!req.body.domainConfig \|\| typeof req.body.domainConfig !== 'object') return next(new HttpError(400, 'domainConfig is required'));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = req.body.domainConfig;`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`if (typeof domainConfig.provider !== 'string' \|\| !domainConfig.provider) return next(new HttpError(400, 'provider is required'));`
			`if (typeof domainConfig.domain !== 'string' \|\| !domainConfig.domain) return next(new HttpError(400, 'domain is required'));`
Add tlsConfig to domains and setup rest apis 2018-01-31 17:42:26 +01:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`if ('zoneName' in domainConfig && typeof domainConfig.zoneName !== 'string') return next(new HttpError(400, 'zoneName must be a string'));`
			`if (!domainConfig.config \|\| typeof domainConfig.config !== 'object') return next(new HttpError(400, 'config must be an object'));`
dnsSetup -> setup 2018-10-30 13:36:00 -07:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`if ('tlsConfig' in domainConfig && typeof domainConfig.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be an object'));`
			`if (domainConfig.tlsConfig && (!domainConfig.tlsConfig.provider \|\| typeof domainConfig.tlsConfig.provider !== 'string')) return next(new HttpError(400, 'tlsConfig.provider must be a string'));`
dnsSetup -> setup 2018-10-30 13:36:00 -07:00
sysinfoConfig can be passed when provisioning 2019-10-29 20:12:37 -07:00			`if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));`
Get autoconf data as separate object 2018-10-30 18:43:52 -07:00
bump timeout of setup route 2018-11-02 17:24:38 -07:00			`// it can take sometime to setup DNS, register cloudron`
			`req.clearTimeout();`

dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const [error] = await safe(provision.setup(domainConfig, req.body.sysinfoConfig \|\| { provider: 'generic' }, AuditSource.fromRequest(req)));`
sysinfo: async'ify 2021-08-27 09:52:24 -07:00			`if (error) return next(BoxError.toHttpError(error));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
sysinfo: async'ify 2021-08-27 09:52:24 -07:00			`next(new HttpSuccess(200, {}));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`}`

merge userdb.js into users.js 2021-07-15 09:50:11 -07:00			`async function activate(req, res, next) {`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`assert.strictEqual(typeof req.body, 'object');`

			`if (typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string'));`
			`if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));`
			`if (typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));`
			`if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));`

merge userdb.js into users.js 2021-07-15 09:50:11 -07:00			`const { username, password, email } = req.body;`
			`const displayName = req.body.displayName \|\| '';`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
merge userdb.js into users.js 2021-07-15 09:50:11 -07:00			`const ip = req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress;`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
make auditsource a class 2021-09-30 09:50:30 -07:00			`const [error, info] = await safe(provision.activate(username, password, email, displayName, ip, AuditSource.fromRequest(req)));`
merge userdb.js into users.js 2021-07-15 09:50:11 -07:00			`if (error) return next(BoxError.toHttpError(error));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
merge userdb.js into users.js 2021-07-15 09:50:11 -07:00			`next(new HttpSuccess(201, info));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`}`

sysinfo: async'ify 2021-08-27 09:52:24 -07:00			`async function restore(req, res, next) {`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`assert.strictEqual(typeof req.body, 'object');`

			`if (!req.body.backupConfig \|\| typeof req.body.backupConfig !== 'object') return next(new HttpError(400, 'backupConfig is required'));`

restore: add skipDnsSetup flag 2021-02-24 14:56:09 -08:00			`const backupConfig = req.body.backupConfig;`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`if (typeof backupConfig.provider !== 'string') return next(new HttpError(400, 'provider is required'));`
rename backup key to password 2020-05-12 10:31:51 -07:00			`if ('password' in backupConfig && typeof backupConfig.password !== 'string') return next(new HttpError(400, 'password must be a string'));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`if (typeof backupConfig.format !== 'string') return next(new HttpError(400, 'format must be a string'));`
			`if ('acceptSelfSignedCerts' in backupConfig && typeof backupConfig.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'format must be a boolean'));`

backups: fix restore code path after backup id changes 2022-04-05 09:28:30 -07:00			`if (typeof req.body.remotePath !== 'string') return next(new HttpError(400, 'remotePath must be a string'));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`if (typeof req.body.version !== 'string') return next(new HttpError(400, 'version must be a string'));`

restore: add sysinfoConfig 2019-11-11 09:49:18 -08:00			`if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));`
restore: add skipDnsSetup flag 2021-02-24 14:56:09 -08:00			`if ('skipDnsSetup' in req.body && typeof req.body.skipDnsSetup !== 'boolean') return next(new HttpError(400, 'skipDnsSetup must be a boolean'));`
restore: add sysinfoConfig 2019-11-11 09:49:18 -08:00
restore: add skipDnsSetup flag 2021-02-24 14:56:09 -08:00			`const options = {`
			`skipDnsSetup: req.body.skipDnsSetup \|\| false`
			`};`

backups: fix restore code path after backup id changes 2022-04-05 09:28:30 -07:00			`const [error] = await safe(provision.restore(backupConfig, req.body.remotePath, req.body.version, req.body.sysinfoConfig \|\| { provider: 'generic' }, options, AuditSource.fromRequest(req)));`
sysinfo: async'ify 2021-08-27 09:52:24 -07:00			`if (error) return next(BoxError.toHttpError(error));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00
sysinfo: async'ify 2021-08-27 09:52:24 -07:00			`next(new HttpSuccess(200, {}));`
move all setup logic to setup.js 2018-01-29 15:47:26 -08:00			`}`
Fix setup and restore to have a task style API 2018-12-15 15:27:16 -08:00
settings: initCache and list are now async 2021-08-18 13:25:42 -07:00			`async function getStatus(req, res, next) {`
			`const [error, status] = await safe(provision.getStatus());`
			`if (error) return next(BoxError.toHttpError(error));`
Fix setup and restore to have a task style API 2018-12-15 15:27:16 -08:00
settings: initCache and list are now async 2021-08-18 13:25:42 -07:00			`next(new HttpSuccess(200, status));`
Fix setup and restore to have a task style API 2018-12-15 15:27:16 -08:00			`}`