src/storage/caas.js

'use strict';

exports = module.exports = {
    getBoxBackupDetails: getBoxBackupDetails,
    getAppBackupDetails: getAppBackupDetails,

    getRestoreUrl: getRestoreUrl,
    getAppRestoreConfig: getAppRestoreConfig,
    getLocalFilePath: getLocalFilePath,

    copyObject: copyObject,
    removeBackup: removeBackup,

    backupDone: backupDone,

    testConfig: testConfig
};

var assert = require('assert'),
    AWS = require('aws-sdk'),
    config = require('../config.js'),
    debug = require('debug')('box:storage/caas'),
    safe = require('safetydance'),
    SettingsError = require('../settings.js').SettingsError,
    superagent = require('superagent');

function getBackupCredentials(apiConfig, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof callback, 'function');
    assert(apiConfig.token);

    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/awscredentials';
    superagent.post(url).query({ token: apiConfig.token }).timeout(30 * 1000).end(function (error, result) {
        if (error && !error.response) return callback(error);
        if (result.statusCode !== 201) return callback(new Error(result.text));
        if (!result.body || !result.body.credentials) return callback(new Error('Unexpected response'));

        var credentials = {
            signatureVersion: 'v4',
            accessKeyId: result.body.credentials.AccessKeyId,
            secretAccessKey: result.body.credentials.SecretAccessKey,
            sessionToken: result.body.credentials.SessionToken,
            region: apiConfig.region || 'us-east-1'
        };

        if (apiConfig.endpoint) credentials.endpoint = new AWS.Endpoint(apiConfig.endpoint);

        callback(null, credentials);
    });
}

function getBoxBackupDetails(apiConfig, id, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof id, 'string');
    assert.strictEqual(typeof callback, 'function');

    getBackupCredentials(apiConfig, function (error, result) {
        if (error) return callback(error);

        var s3Url = 's3://' + apiConfig.bucket + '/' + apiConfig.prefix + '/' + id;
        var region = apiConfig.region || 'us-east-1';

        var details = {
            backupScriptArguments: [ 's3', s3Url, result.accessKeyId, result.secretAccessKey, region, '', apiConfig.key, result.sessionToken ]
        };

        callback(null, details);
    });
}

function getAppBackupDetails(apiConfig, appId, dataId, configId, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof appId, 'string');
    assert.strictEqual(typeof dataId, 'string');
    assert.strictEqual(typeof configId, 'string');
    assert.strictEqual(typeof callback, 'function');

    getBackupCredentials(apiConfig, function (error, result) {
        if (error) return callback(error);

        var s3DataUrl = 's3://' + apiConfig.bucket + '/' + apiConfig.prefix + '/' + dataId;
        var s3ConfigUrl = 's3://' + apiConfig.bucket + '/' + apiConfig.prefix + '/' + configId;
        var region = apiConfig.region || 'us-east-1';

        var details = {
            backupScriptArguments: [ 's3', appId, s3ConfigUrl, s3DataUrl, result.accessKeyId, result.secretAccessKey, region, '', apiConfig.key, result.sessionToken ]
        };

        callback(null, details);
    });
}

function getRestoreUrl(apiConfig, filename, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof filename, 'string');
    assert.strictEqual(typeof callback, 'function');

    if (!apiConfig.bucket || !apiConfig.prefix) return new Error('Invalid configuration'); // prevent error in s3

    getBackupCredentials(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        credentials.region = apiConfig.region; // use same region as where we uploaded
        var s3 = new AWS.S3(credentials);

        var params = {
            Bucket: apiConfig.bucket,
            Key: apiConfig.prefix + '/' + filename,
            Expires: 60 * 60 * 24 /* 1 day */
        };

        var url = s3.getSignedUrl('getObject', params);

        callback(null, { url: url });
    });
}

function getAppRestoreConfig(apiConfig, backupId, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof backupId, 'string');
    assert.strictEqual(typeof callback, 'function');

    var configFilename = backupId.replace(/\.tar\.gz$/, '.json');

    getRestoreUrl(apiConfig, configFilename, function (error, result) {
        if (error) return callback(error);

        superagent.get(result.url).buffer(true).timeout(30 * 1000).end(function (error, response) {
            if (error && !error.response) return callback(new Error(error.message));
            if (response.statusCode !== 200) return callback(new Error('Invalid response code when getting config.json : ' + response.statusCode));

            var config = safe.JSON.parse(response.text);
            if (!config) return callback(new Error('Error in config:' + safe.error.message));

            return callback(null, config);
        });
    });
}

function getLocalFilePath(apiConfig, filename, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof filename, 'string');
    assert.strictEqual(typeof callback, 'function');

    callback(new Error('not supported'));
}

function copyObject(apiConfig, from, to, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof from, 'string');
    assert.strictEqual(typeof to, 'string');
    assert.strictEqual(typeof callback, 'function');

    if (!apiConfig.bucket || !apiConfig.prefix) return new Error('Invalid configuration'); // prevent error in s3

    getBackupCredentials(apiConfig, function (error, credentials) {
        if (error) return callback(error);

        var params = {
            Bucket: apiConfig.bucket, // target bucket
            Key: apiConfig.prefix + '/' + to, // target file
            CopySource: apiConfig.bucket + '/' + apiConfig.prefix + '/' + from, // source
        };

        var s3 = new AWS.S3(credentials);
        s3.copyObject(params, callback);
    });
}

function removeBackup(apiConfig, backupId, appBackupIds, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof backupId, 'string');
    assert(Array.isArray(appBackupIds));
    assert.strictEqual(typeof callback, 'function');

    // Result: none

    callback(new Error('not implemented'));
}

function testConfig(apiConfig, callback) {
    assert.strictEqual(typeof apiConfig, 'object');
    assert.strictEqual(typeof callback, 'function');

    if (config.provider() !== 'caas') return callback(new SettingsError(SettingsError.BAD_FIELD, 'instance provider must be caas'));

    callback();
}

function backupDone(filename, app, appBackupIds, callback) {
    assert.strictEqual(typeof filename, 'string');
    assert(!app || typeof app === 'object');
    assert(!appBackupIds || Array.isArray(appBackupIds));
    assert.strictEqual(typeof callback, 'function');

    debug('backupDone %s', filename);

    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/backupDone';
    var data = {
        boxVersion: config.version(),
        restoreKey: filename,
        appId: app ? app.id : null,
        appVersion: app ? app.manifest.version : null,
        appBackupIds: appBackupIds
    };

    superagent.post(url).send(data).query({ token: config.token() }).timeout(30 * 1000).end(function (error, result) {
        if (error && !error.response) return callback(error);
        if (result.statusCode !== 200) return callback(new Error(result.text));
        if (!result.body) return callback(new Error('Unexpected response'));

        return callback(null);
    });
}
Add aws.js 2015-08-24 11:13:21 -07:00			`'use strict';`

			`exports = module.exports = {`
Rename getBackupDetails() -> getBoxBackupDetails() 2016-09-16 11:22:04 +02:00			`getBoxBackupDetails: getBoxBackupDetails,`
Refactor getAppBackupCredentials() 2016-09-16 11:21:08 +02:00			`getAppBackupDetails: getAppBackupDetails,`

Group exports 2016-09-16 10:59:17 +02:00			`getRestoreUrl: getRestoreUrl,`
Move backup config fetching into storage backend 2016-09-19 15:03:38 +02:00			`getAppRestoreConfig: getAppRestoreConfig,`
Add backup download route if backend supports it 2016-09-16 18:14:36 +02:00			`getLocalFilePath: getLocalFilePath,`
expose getBackupCredentials from storage api 2016-04-10 10:55:59 -07:00
Add new storage.removeBackup() api This currently is only used in the filesystem backend, but may be expanded to also cleanup S3 in the future 2016-10-10 15:04:28 +02:00			`copyObject: copyObject,`
Add backup config test for each backend 2016-10-11 11:36:25 +02:00			`removeBackup: removeBackup,`

Add backupDone hook 2017-01-04 16:22:58 -08:00			`backupDone: backupDone,`

Add backup config test for each backend 2016-10-11 11:36:25 +02:00			`testConfig: testConfig`
Add aws.js 2015-08-24 11:13:21 -07:00			`};`

			`var assert = require('assert'),`
Add getSignedUploadUrl() to aws.js 2015-08-25 10:01:04 -07:00			`AWS = require('aws-sdk'),`
split aws code into storage backends 2015-11-06 18:22:29 -08:00			`config = require('../config.js'),`
Merge backupDone webhook into caas storage backend 2017-01-04 16:26:43 -08:00			`debug = require('debug')('box:storage/caas'),`
Move backup config fetching into storage backend 2016-09-19 15:03:38 +02:00			`safe = require('safetydance'),`
Add backup config test for each backend 2016-10-11 11:36:25 +02:00			`SettingsError = require('../settings.js').SettingsError,`
The storage backends dont need a backup listing function 2016-09-16 17:27:53 +02:00			`superagent = require('superagent');`
Add aws.js 2015-08-24 11:13:21 -07:00
rename to apiConfig 2016-03-31 09:48:01 -07:00			`function getBackupCredentials(apiConfig, callback) {`
			`assert.strictEqual(typeof apiConfig, 'object');`
Add aws.js 2015-08-24 11:13:21 -07:00			`assert.strictEqual(typeof callback, 'function');`
rename to apiConfig 2016-03-31 09:48:01 -07:00			`assert(apiConfig.token);`
Add aws.js 2015-08-24 11:13:21 -07:00
split aws code into storage backends 2015-11-06 18:22:29 -08:00			`var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/awscredentials';`
Set a timeout for superagent The default is 'no timeout' and it will wait for the response forever. https://github.com/visionmedia/superagent/issues/17#issuecomment-207742985 2016-09-12 12:53:51 -07:00			`superagent.post(url).query({ token: apiConfig.token }).timeout(30 * 1000).end(function (error, result) {`
update superagent the latest superchanged changed the meaning of 'error'. Previously, error implied a network error. With the latest superagent, error means a REST api error i.e 4xx, 5xx are flagged as errors. error && !error.response means network error 2015-12-15 09:12:52 -08:00			`if (error && !error.response) return callback(error);`
split aws code into storage backends 2015-11-06 18:22:29 -08:00			`if (result.statusCode !== 201) return callback(new Error(result.text));`
			`if (!result.body \|\| !result.body.credentials) return callback(new Error('Unexpected response'));`
Return aws credentials from config.js 2015-08-24 12:25:05 -07:00
make aws endpoint configurable for tests 2015-09-09 11:43:50 -07:00			`var credentials = {`
Refactor getBackupCredentials() 2016-09-16 10:58:34 +02:00			`signatureVersion: 'v4',`
split aws code into storage backends 2015-11-06 18:22:29 -08:00			`accessKeyId: result.body.credentials.AccessKeyId,`
			`secretAccessKey: result.body.credentials.SecretAccessKey,`
sessionToken is required in credentials (when signing) 2016-04-04 11:23:38 -07:00			`sessionToken: result.body.credentials.SessionToken,`
pick region from apiConfig if present 2016-03-31 09:48:38 -07:00			`region: apiConfig.region \|\| 'us-east-1'`
make aws endpoint configurable for tests 2015-09-09 11:43:50 -07:00			`};`

rename to apiConfig 2016-03-31 09:48:01 -07:00			`if (apiConfig.endpoint) credentials.endpoint = new AWS.Endpoint(apiConfig.endpoint);`
make aws endpoint configurable for tests 2015-09-09 11:43:50 -07:00
			`callback(null, credentials);`
split aws code into storage backends 2015-11-06 18:22:29 -08:00			`});`
Add aws.js 2015-08-24 11:13:21 -07:00			`}`
Add getSignedUploadUrl() to aws.js 2015-08-25 10:01:04 -07:00
Rename getBackupDetails() -> getBoxBackupDetails() 2016-09-16 11:22:04 +02:00			`function getBoxBackupDetails(apiConfig, id, callback) {`
Refactor getBackupCredentials() 2016-09-16 10:58:34 +02:00			`assert.strictEqual(typeof apiConfig, 'object');`
			`assert.strictEqual(typeof id, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`getBackupCredentials(apiConfig, function (error, result) {`
			`if (error) return callback(error);`

			`var s3Url = 's3://' + apiConfig.bucket + '/' + apiConfig.prefix + '/' + id;`
			`var region = apiConfig.region \|\| 'us-east-1';`

			`var details = {`
Set empty endpoint url for caas storage backend Caas storage backend also uses the s3 code branches 2016-12-12 14:00:04 +01:00			`backupScriptArguments: [ 's3', s3Url, result.accessKeyId, result.secretAccessKey, region, '', apiConfig.key, result.sessionToken ]`
Refactor getBackupCredentials() 2016-09-16 10:58:34 +02:00			`};`

			`callback(null, details);`
			`});`
			`}`

Refactor getAppBackupCredentials() 2016-09-16 11:21:08 +02:00			`function getAppBackupDetails(apiConfig, appId, dataId, configId, callback) {`
			`assert.strictEqual(typeof apiConfig, 'object');`
			`assert.strictEqual(typeof appId, 'string');`
			`assert.strictEqual(typeof dataId, 'string');`
Fix typo 2016-09-16 12:07:24 +02:00			`assert.strictEqual(typeof configId, 'string');`
Refactor getAppBackupCredentials() 2016-09-16 11:21:08 +02:00			`assert.strictEqual(typeof callback, 'function');`

			`getBackupCredentials(apiConfig, function (error, result) {`
			`if (error) return callback(error);`

			`var s3DataUrl = 's3://' + apiConfig.bucket + '/' + apiConfig.prefix + '/' + dataId;`
			`var s3ConfigUrl = 's3://' + apiConfig.bucket + '/' + apiConfig.prefix + '/' + configId;`
			`var region = apiConfig.region \|\| 'us-east-1';`

			`var details = {`
Set empty endpoint url for caas storage backend Caas storage backend also uses the s3 code branches 2016-12-12 14:00:04 +01:00			`backupScriptArguments: [ 's3', appId, s3ConfigUrl, s3DataUrl, result.accessKeyId, result.secretAccessKey, region, '', apiConfig.key, result.sessionToken ]`
Refactor getAppBackupCredentials() 2016-09-16 11:21:08 +02:00			`};`

			`callback(null, details);`
			`});`
			`}`

Revert "getRestoreUrl now uses caas restore api" This reverts commit f9fc9325a8995dc0a9cb1dfcf22fb27eca697a89. For now, we can simply assume that caas is s3 based. 2016-04-04 15:54:16 -07:00			`function getRestoreUrl(apiConfig, filename, callback) {`
rename to apiConfig 2016-03-31 09:48:01 -07:00			`assert.strictEqual(typeof apiConfig, 'object');`
Revert "getRestoreUrl now uses caas restore api" This reverts commit f9fc9325a8995dc0a9cb1dfcf22fb27eca697a89. For now, we can simply assume that caas is s3 based. 2016-04-04 15:54:16 -07:00			`assert.strictEqual(typeof filename, 'string');`
Add getSignedUploadUrl() to aws.js 2015-08-25 10:01:04 -07:00			`assert.strictEqual(typeof callback, 'function');`

Revert "getRestoreUrl now uses caas restore api" This reverts commit f9fc9325a8995dc0a9cb1dfcf22fb27eca697a89. For now, we can simply assume that caas is s3 based. 2016-04-04 15:54:16 -07:00			`if (!apiConfig.bucket \|\| !apiConfig.prefix) return new Error('Invalid configuration'); // prevent error in s3`
Add getSignedUploadUrl() to aws.js 2015-08-25 10:01:04 -07:00
Revert "getRestoreUrl now uses caas restore api" This reverts commit f9fc9325a8995dc0a9cb1dfcf22fb27eca697a89. For now, we can simply assume that caas is s3 based. 2016-04-04 15:54:16 -07:00			`getBackupCredentials(apiConfig, function (error, credentials) {`
			`if (error) return callback(error);`

			`credentials.region = apiConfig.region; // use same region as where we uploaded`
			`var s3 = new AWS.S3(credentials);`

			`var params = {`
			`Bucket: apiConfig.bucket,`
			`Key: apiConfig.prefix + '/' + filename,`
create signed urls that are valid for a day sometimes the downloads take overly long and it's annoying that they expire so soon. 2016-08-24 17:53:28 -07:00			`Expires: 60 * 60 * 24 /* 1 day */`
Revert "getRestoreUrl now uses caas restore api" This reverts commit f9fc9325a8995dc0a9cb1dfcf22fb27eca697a89. For now, we can simply assume that caas is s3 based. 2016-04-04 15:54:16 -07:00			`};`

			`var url = s3.getSignedUrl('getObject', params);`
getSignedDownloadUrl must return an object with url and sessionToken 2015-08-27 09:26:19 -07:00
Revert "getRestoreUrl now uses caas restore api" This reverts commit f9fc9325a8995dc0a9cb1dfcf22fb27eca697a89. For now, we can simply assume that caas is s3 based. 2016-04-04 15:54:16 -07:00			`callback(null, { url: url });`
Add getSignedUploadUrl() to aws.js 2015-08-25 10:01:04 -07:00			`});`
			`}`
Move subdomain management from appstore to box 2015-08-26 16:14:51 -07:00
Move backup config fetching into storage backend 2016-09-19 15:03:38 +02:00			`function getAppRestoreConfig(apiConfig, backupId, callback) {`
			`assert.strictEqual(typeof apiConfig, 'object');`
			`assert.strictEqual(typeof backupId, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`var configFilename = backupId.replace(/\.tar\.gz$/, '.json');`

			`getRestoreUrl(apiConfig, configFilename, function (error, result) {`
			`if (error) return callback(error);`

			`superagent.get(result.url).buffer(true).timeout(30 * 1000).end(function (error, response) {`
			`if (error && !error.response) return callback(new Error(error.message));`
			`if (response.statusCode !== 200) return callback(new Error('Invalid response code when getting config.json : ' + response.statusCode));`

			`var config = safe.JSON.parse(response.text);`
			`if (!config) return callback(new Error('Error in config:' + safe.error.message));`

			`return callback(null, config);`
			`});`
			`});`
			`}`

Add backup download route if backend supports it 2016-09-16 18:14:36 +02:00			`function getLocalFilePath(apiConfig, filename, callback) {`
			`assert.strictEqual(typeof apiConfig, 'object');`
			`assert.strictEqual(typeof filename, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

			`callback(new Error('not supported'));`
			`}`

rename to apiConfig 2016-03-31 09:48:01 -07:00			`function copyObject(apiConfig, from, to, callback) {`
			`assert.strictEqual(typeof apiConfig, 'object');`
aws: add copyObject 2015-09-21 14:02:00 -07:00			`assert.strictEqual(typeof from, 'string');`
			`assert.strictEqual(typeof to, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

rename to apiConfig 2016-03-31 09:48:01 -07:00			`if (!apiConfig.bucket \|\| !apiConfig.prefix) return new Error('Invalid configuration'); // prevent error in s3`
set bucket and prefix to make migrate test pass 2015-11-09 22:45:07 -08:00
rename to apiConfig 2016-03-31 09:48:01 -07:00			`getBackupCredentials(apiConfig, function (error, credentials) {`
aws: add copyObject 2015-09-21 14:02:00 -07:00			`if (error) return callback(error);`

			`var params = {`
rename to apiConfig 2016-03-31 09:48:01 -07:00			`Bucket: apiConfig.bucket, // target bucket`
			`Key: apiConfig.prefix + '/' + to, // target file`
			`CopySource: apiConfig.bucket + '/' + apiConfig.prefix + '/' + from, // source`
aws: add copyObject 2015-09-21 14:02:00 -07:00			`};`

			`var s3 = new AWS.S3(credentials);`
add backups.copyLastBackup 2015-09-21 14:14:21 -07:00			`s3.copyObject(params, callback);`
aws: add copyObject 2015-09-21 14:02:00 -07:00			`});`
			`}`
Add new storage.removeBackup() api This currently is only used in the filesystem backend, but may be expanded to also cleanup S3 in the future 2016-10-10 15:04:28 +02:00
Adjust removeBackup() api 2016-10-10 15:45:12 +02:00			`function removeBackup(apiConfig, backupId, appBackupIds, callback) {`
Add new storage.removeBackup() api This currently is only used in the filesystem backend, but may be expanded to also cleanup S3 in the future 2016-10-10 15:04:28 +02:00			`assert.strictEqual(typeof apiConfig, 'object');`
			`assert.strictEqual(typeof backupId, 'string');`
Adjust removeBackup() api 2016-10-10 15:45:12 +02:00			`assert(Array.isArray(appBackupIds));`
Add new storage.removeBackup() api This currently is only used in the filesystem backend, but may be expanded to also cleanup S3 in the future 2016-10-10 15:04:28 +02:00			`assert.strictEqual(typeof callback, 'function');`

			`// Result: none`

			`callback(new Error('not implemented'));`
			`}`
Add backup config test for each backend 2016-10-11 11:36:25 +02:00
			`function testConfig(apiConfig, callback) {`
			`assert.strictEqual(typeof apiConfig, 'object');`
			`assert.strictEqual(typeof callback, 'function');`

			`if (config.provider() !== 'caas') return callback(new SettingsError(SettingsError.BAD_FIELD, 'instance provider must be caas'));`

			`callback();`
			`}`
Add backupDone hook 2017-01-04 16:22:58 -08:00
			`function backupDone(filename, app, appBackupIds, callback) {`
			`assert.strictEqual(typeof filename, 'string');`
			`assert(!app \|\| typeof app === 'object');`
			`assert(!appBackupIds \|\| Array.isArray(appBackupIds));`
			`assert.strictEqual(typeof callback, 'function');`

Merge backupDone webhook into caas storage backend 2017-01-04 16:26:43 -08:00			`debug('backupDone %s', filename);`
Add backupDone hook 2017-01-04 16:22:58 -08:00
Merge backupDone webhook into caas storage backend 2017-01-04 16:26:43 -08:00			`var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/backupDone';`
			`var data = {`
			`boxVersion: config.version(),`
			`restoreKey: filename,`
			`appId: app ? app.id : null,`
			`appVersion: app ? app.manifest.version : null,`
			`appBackupIds: appBackupIds`
			`};`

			`superagent.post(url).send(data).query({ token: config.token() }).timeout(30 * 1000).end(function (error, result) {`
			`if (error && !error.response) return callback(error);`
			`if (result.statusCode !== 200) return callback(new Error(result.text));`
			`if (!result.body) return callback(new Error('Unexpected response'));`

			`return callback(null);`
			`});`
			`}`