src/dashboard.js

import apps from './apps.js';
import * as appstore from './appstore.js';
import assert from 'node:assert';
import BoxError from './boxerror.js';
import * as branding from './branding.js';
import constants from './constants.js';
import debugModule from 'debug';
import * as dns from './dns.js';
import * as externalLdap from './externalldap.js';
import eventlog from './eventlog.js';
import Location from './location.js';
import * as mailServer from './mailserver.js';
import * as platform from './platform.js';
import * as reverseProxy from './reverseproxy.js';
import safe from 'safetydance';
import * as settings from './settings.js';
import * as system from './system.js';
import tasks from './tasks.js';
import * as userDirectory from './user-directory.js';

const debug = debugModule('box:dashboard');

const _setLocation = setLocation;

export {
    getLocation,
    clearLocation,
    startPrepareLocation, // starts the task,
    prepareLocation,      // the task to setup dns and cert,
    setupLocation,        // initial setup from setup/restore,
    changeLocation,       // only on dashboard change (post setup/restore),
    getConfig,
    _setLocation,
};

async function getLocation() {
    const domain = await settings.get(settings.DASHBOARD_DOMAIN_KEY);
    const subdomain = await settings.get(settings.DASHBOARD_SUBDOMAIN_KEY);
    return new Location(subdomain, domain, Location.TYPE_DASHBOARD);
}

async function setLocation(subdomain, domain) {
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof domain, 'string');

    await settings.set(settings.DASHBOARD_SUBDOMAIN_KEY, subdomain);
    await settings.set(settings.DASHBOARD_DOMAIN_KEY, domain);

    debug(`setLocation: ${domain || '<cleared>'}`);
}

async function clearLocation() {
    await setLocation('', '');
}

async function getConfig() {
    const ubuntuVersion = await system.getUbuntuVersion();
    const kernelVersion = await system.getKernelVersion();
    const profileConfig = await userDirectory.getProfileConfig();
    const externalLdapConfig = await externalLdap.getConfig();

    const { fqdn:adminFqdn, domain:adminDomain } = await getLocation();

    // be picky about what we send out here since this is sent for 'normal' users as well
    return {
        apiServerOrigin: await appstore.getApiServerOrigin(),
        webServerOrigin: await appstore.getWebServerOrigin(),
        consoleServerOrigin: await appstore.getConsoleServerOrigin(),
        adminDomain,
        adminFqdn,
        mailFqdn: (await mailServer.getLocation()).fqdn,
        version: constants.VERSION,
        ubuntuVersion,
        kernelVersion,
        isDemo: constants.DEMO,
        cloudronName: await branding.getCloudronName(),
        footer: await branding.renderFooter(),
        features: appstore.getFeatures(),
        profileLocked: profileConfig.lockUserProfiles,
        mandatory2FA: profileConfig.mandatory2FA,
        external2FA: externalLdap.supports2FA(externalLdapConfig),
        ldapGroupsSynced: externalLdapConfig.syncGroups
    };
}

async function startPrepareLocation(domain, auditSource) {
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof auditSource, 'object');

    debug(`prepareLocation: ${domain}`);

    if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');

    const fqdn = dns.fqdn(constants.DASHBOARD_SUBDOMAIN, domain);
    for (const app of await apps.list()) {
        const appName = `${app.label || app.fqdn} (${app.id})`;
        if (app.fqdn === fqdn) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with primary location of app '${appName}'`);
        if (app.secondaryDomains.some(sd => sd.fqdn === fqdn)) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with secondary location of app '${appName}'`);
        if (app.redirectDomains.some(rd => rd.fqdn === fqdn)) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with redirect location of app '${appName}'`);
        if (app.aliasDomains.some(ad => ad.fqdn === fqdn)) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with alias location of app '${appName}'`);
    }

    const taskId = await tasks.add(tasks.TASK_PREPARE_DASHBOARD_LOCATION, [ constants.DASHBOARD_SUBDOMAIN, domain, auditSource ]);
    safe(tasks.startTask(taskId, {}), { debug }); // background

    return taskId;
}

async function prepareLocation(subdomain, domain, auditSource, progressCallback) {
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof auditSource, 'object');
    assert.strictEqual(typeof progressCallback, 'function');

    const location = { subdomain, domain };
    const fqdn = dns.fqdn(subdomain, domain);
    progressCallback({ percent: 20, message: `Updating DNS of ${fqdn}` });
    await dns.registerLocations([location], { overwriteDns: true }, progressCallback);
    progressCallback({ percent: 40, message: `Waiting for DNS of ${fqdn}` });
    await dns.waitForLocations([location], progressCallback);
    progressCallback({ percent: 60, message: `Getting certificate of ${fqdn}` });
    await reverseProxy.ensureCertificate(location, {}, auditSource);
}

async function setupLocation(subdomain, domain, auditSource) {
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof auditSource, 'object');

    debug(`setupLocation: ${domain}`);

    if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');

    await setLocation(subdomain, domain);
    await platform.onDashboardLocationSet(subdomain, domain);
}

async function changeLocation(subdomain, domain, auditSource) {
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof domain, 'string');
    assert.strictEqual(typeof auditSource, 'object');

    const oldLocation = await getLocation();
    await setupLocation(subdomain, domain, auditSource);

    debug(`setupLocation: notifying appstore and platform of domain change to ${domain}`);
    await eventlog.add(eventlog.ACTION_DASHBOARD_DOMAIN_UPDATE, auditSource, { subdomain, domain });
    await safe(appstore.updateCloudron({ domain }), { debug });
    await platform.onDashboardLocationChanged(auditSource);

    await safe(reverseProxy.removeDashboardConfig(oldLocation.subdomain, oldLocation.domain), { debug });
}
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`import apps from './apps.js';`
			`import * as appstore from './appstore.js';`
			`import assert from 'node:assert';`
			`import BoxError from './boxerror.js';`
			`import * as branding from './branding.js';`
			`import constants from './constants.js';`
			`import debugModule from 'debug';`
			`import * as dns from './dns.js';`
			`import * as externalLdap from './externalldap.js';`
			`import eventlog from './eventlog.js';`
			`import Location from './location.js';`
			`import * as mailServer from './mailserver.js';`
			`import * as platform from './platform.js';`
			`import * as reverseProxy from './reverseproxy.js';`
			`import safe from 'safetydance';`
			`import * as settings from './settings.js';`
			`import * as system from './system.js';`
			`import tasks from './tasks.js';`
			`import * as userDirectory from './user-directory.js';`
move dashboard setting into dashboard.js 2023-08-11 19:41:05 +05:30
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`const debug = debugModule('box:dashboard');`
move config route under dashboard 2023-08-12 21:47:24 +05:30
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`const _setLocation = setLocation;`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`export {`
			`getLocation,`
			`clearLocation,`
			`startPrepareLocation, // starts the task,`
			`prepareLocation, // the task to setup dns and cert,`
			`setupLocation, // initial setup from setup/restore,`
			`changeLocation, // only on dashboard change (post setup/restore),`
move config route under dashboard 2023-08-12 21:47:24 +05:30			`getConfig,`
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`_setLocation,`
move dashboard setting into dashboard.js 2023-08-11 19:41:05 +05:30			`};`

better naming of the dashboard functions 2023-08-13 10:29:24 +05:30			`async function getLocation() {`
add Location class 2023-08-17 10:44:07 +05:30			`const domain = await settings.get(settings.DASHBOARD_DOMAIN_KEY);`
			`const subdomain = await settings.get(settings.DASHBOARD_SUBDOMAIN_KEY);`
			`return new Location(subdomain, domain, Location.TYPE_DASHBOARD);`
better naming of the dashboard functions 2023-08-13 10:29:24 +05:30			`}`

store subdomain in database instead of fqdn 2023-08-16 19:28:04 +05:30			`async function setLocation(subdomain, domain) {`
			`assert.strictEqual(typeof subdomain, 'string');`
move dashboard setting into dashboard.js 2023-08-11 19:41:05 +05:30			`assert.strictEqual(typeof domain, 'string');`

store subdomain in database instead of fqdn 2023-08-16 19:28:04 +05:30			`await settings.set(settings.DASHBOARD_SUBDOMAIN_KEY, subdomain);`
move dashboard setting into dashboard.js 2023-08-11 19:41:05 +05:30			`await settings.set(settings.DASHBOARD_DOMAIN_KEY, domain);`

Fix dashboard config not getting generated 2023-08-13 21:36:56 +05:30			debug(`setLocation: ${domain \|\| '<cleared>'}`);
better naming of the dashboard functions 2023-08-13 10:29:24 +05:30			`}`
move dashboard setting into dashboard.js 2023-08-11 19:41:05 +05:30
better naming of the dashboard functions 2023-08-13 10:29:24 +05:30			`async function clearLocation() {`
store subdomain in database instead of fqdn 2023-08-16 19:28:04 +05:30			`await setLocation('', '');`
move dashboard setting into dashboard.js 2023-08-11 19:41:05 +05:30			`}`
move config route under dashboard 2023-08-12 21:47:24 +05:30
			`async function getConfig() {`
			`const ubuntuVersion = await system.getUbuntuVersion();`
system: show the kernel version 2025-07-09 18:28:55 +02:00			`const kernelVersion = await system.getKernelVersion();`
split routes and model code into user-directory.js 2024-06-12 10:27:59 +02:00			`const profileConfig = await userDirectory.getProfileConfig();`
users: cannot edit groups with external ldap group sync 2024-01-20 00:11:10 +01:00			`const externalLdapConfig = await externalLdap.getConfig();`

move config route under dashboard 2023-08-12 21:47:24 +05:30			`const { fqdn:adminFqdn, domain:adminDomain } = await getLocation();`

			`// be picky about what we send out here since this is sent for 'normal' users as well`
			`return {`
			`apiServerOrigin: await appstore.getApiServerOrigin(),`
			`webServerOrigin: await appstore.getWebServerOrigin(),`
			`consoleServerOrigin: await appstore.getConsoleServerOrigin(),`
			`adminDomain,`
			`adminFqdn,`
Fix typo causing mailFqdn to be undefined 2023-09-12 18:03:36 +05:30			`mailFqdn: (await mailServer.getLocation()).fqdn,`
move config route under dashboard 2023-08-12 21:47:24 +05:30			`version: constants.VERSION,`
			`ubuntuVersion,`
system: show the kernel version 2025-07-09 18:28:55 +02:00			`kernelVersion,`
move config route under dashboard 2023-08-12 21:47:24 +05:30			`isDemo: constants.DEMO,`
			`cloudronName: await branding.getCloudronName(),`
			`footer: await branding.renderFooter(),`
			`features: appstore.getFeatures(),`
			`profileLocked: profileConfig.lockUserProfiles,`
			`mandatory2FA: profileConfig.mandatory2FA,`
externalldap: when using cloudron source, disable local 2fa setup 2024-01-20 11:35:27 +01:00			`external2FA: externalLdap.supports2FA(externalLdapConfig),`
users: cannot edit groups with external ldap group sync 2024-01-20 00:11:10 +01:00			`ldapGroupsSynced: externalLdapConfig.syncGroups`
move config route under dashboard 2023-08-12 21:47:24 +05:30			`};`
			`}`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
proper task name for dashboard change 2023-08-14 09:40:31 +05:30			`async function startPrepareLocation(domain, auditSource) {`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30			`assert.strictEqual(typeof domain, 'string');`
			`assert.strictEqual(typeof auditSource, 'object');`

better naming of the dashboard functions 2023-08-13 10:29:24 +05:30			debug(`prepareLocation: ${domain}`);
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00			`if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
			`const fqdn = dns.fqdn(constants.DASHBOARD_SUBDOMAIN, domain);`
dashboard: check if new location conflicts with all possible app locations 2025-06-10 12:54:08 +02:00			`for (const app of await apps.list()) {`
			const appName = `${app.label \|\| app.fqdn} (${app.id})`;
			if (app.fqdn === fqdn) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with primary location of app '${appName}'`);
typo 2025-06-10 13:01:40 +02:00			if (app.secondaryDomains.some(sd => sd.fqdn === fqdn)) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with secondary location of app '${appName}'`);
dashboard: check if new location conflicts with all possible app locations 2025-06-10 12:54:08 +02:00			if (app.redirectDomains.some(rd => rd.fqdn === fqdn)) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with redirect location of app '${appName}'`);
			if (app.aliasDomains.some(ad => ad.fqdn === fqdn)) throw new BoxError(BoxError.BAD_STATE, `Dashboard location conflicts with alias location of app '${appName}'`);
			`}`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
proper task name for dashboard change 2023-08-14 09:40:31 +05:30			`const taskId = await tasks.add(tasks.TASK_PREPARE_DASHBOARD_LOCATION, [ constants.DASHBOARD_SUBDOMAIN, domain, auditSource ]);`
tasks: rework the startTask API 2025-06-17 18:54:12 +02:00			`safe(tasks.startTask(taskId, {}), { debug }); // background`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
			`return taskId;`
			`}`

proper task name for dashboard change 2023-08-14 09:40:31 +05:30			`async function prepareLocation(subdomain, domain, auditSource, progressCallback) {`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof domain, 'string');`
			`assert.strictEqual(typeof auditSource, 'object');`
			`assert.strictEqual(typeof progressCallback, 'function');`

			`const location = { subdomain, domain };`
			`const fqdn = dns.fqdn(subdomain, domain);`
			progressCallback({ percent: 20, message: `Updating DNS of ${fqdn}` });
			`await dns.registerLocations([location], { overwriteDns: true }, progressCallback);`
			progressCallback({ percent: 40, message: `Waiting for DNS of ${fqdn}` });
			`await dns.waitForLocations([location], progressCallback);`
			progressCallback({ percent: 60, message: `Getting certificate of ${fqdn}` });
			`await reverseProxy.ensureCertificate(location, {}, auditSource);`
			`}`

store subdomain in database instead of fqdn 2023-08-16 19:28:04 +05:30			`async function setupLocation(subdomain, domain, auditSource) {`
			`assert.strictEqual(typeof subdomain, 'string');`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30			`assert.strictEqual(typeof domain, 'string');`
			`assert.strictEqual(typeof auditSource, 'object');`

Fix dashboard config not getting generated 2023-08-13 21:36:56 +05:30			debug(`setupLocation: ${domain}`);
better naming of the dashboard functions 2023-08-13 10:29:24 +05:30
Use BAD_STATE consistently for demo mode 2024-01-13 21:15:41 +01:00			`if (constants.DEMO) throw new BoxError(BoxError.BAD_STATE, 'Not allowed in demo mode');`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30
store subdomain in database instead of fqdn 2023-08-16 19:28:04 +05:30			`await setLocation(subdomain, domain);`
remove usage of constants.DASHBOARD_SUBDOMAIN 2024-04-27 11:10:24 +02:00			`await platform.onDashboardLocationSet(subdomain, domain);`
crash fixes 2023-08-17 13:02:36 +05:30			`}`

			`async function changeLocation(subdomain, domain, auditSource) {`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof domain, 'string');`
			`assert.strictEqual(typeof auditSource, 'object');`

dashboard: remove old domain config on switch 2023-09-29 09:26:22 +05:30			`const oldLocation = await getLocation();`
crash fixes 2023-08-17 13:02:36 +05:30			`await setupLocation(subdomain, domain, auditSource);`
trigger location changed only if activated 2023-08-14 14:20:20 +05:30
crash fixes 2023-08-17 13:02:36 +05:30			debug(`setupLocation: notifying appstore and platform of domain change to ${domain}`);
store subdomain in database instead of fqdn 2023-08-16 19:28:04 +05:30			`await eventlog.add(eventlog.ACTION_DASHBOARD_DOMAIN_UPDATE, auditSource, { subdomain, domain });`
Fix proxy config not generated on restore 2023-08-16 11:34:41 +05:30			`await safe(appstore.updateCloudron({ domain }), { debug });`
			`await platform.onDashboardLocationChanged(auditSource);`
dashboard: remove old domain config on switch 2023-09-29 09:26:22 +05:30
remove usage of constants.DASHBOARD_SUBDOMAIN 2024-04-27 11:10:24 +02:00			`await safe(reverseProxy.removeDashboardConfig(oldLocation.subdomain, oldLocation.domain), { debug });`
move dashboard change routes under dashboard/ 2023-08-13 10:06:01 +05:30			`}`