diff --git a/scripts/cloudron-setup b/scripts/cloudron-setup index 7adf20c66..94c5ea93f 100755 --- a/scripts/cloudron-setup +++ b/scripts/cloudron-setup @@ -71,13 +71,12 @@ webServerOrigin="https://cloudron.io" consoleServerOrigin="https://console.cloudron.io" sourceTarballUrl="" rebootServer="true" -setupToken="" # this is a OTP for securing an installation (https://forum.cloudron.io/topic/6389/add-password-for-initial-configuration) appstoreSetupToken="" cloudronId="" appstoreApiToken="" redo="false" -args=$(getopt -o "" -l "help,provider:,version:,env:,skip-reboot,generate-setup-token,setup-token:,redo" -n "$0" -- "$@") +args=$(getopt -o "" -l "help,provider:,version:,env:,skip-reboot,setup-token:,redo" -n "$0" -- "$@") eval set -- "${args}" while true; do @@ -103,7 +102,6 @@ while true; do --skip-reboot) rebootServer="false"; shift;; --redo) redo="true"; shift;; --setup-token) appstoreSetupToken="$2"; shift 2;; - --generate-setup-token) setupToken="$(openssl rand -hex 10)"; shift;; --) break;; *) echo "Unknown option $1"; exit 1;; esac @@ -246,7 +244,6 @@ echo "" # The provider flag is still used for marketplace images mkdir -p /etc/cloudron echo "${provider}" > /etc/cloudron/PROVIDER -[[ ! -z "${setupToken}" ]] && echo "${setupToken}" > /etc/cloudron/SETUP_TOKEN echo -n "=> Installing Cloudron version ${version} (this takes some time) ..." if ! /bin/bash "${box_src_tmp_dir}/scripts/installer.sh" &>> "${LOG_FILE}"; then @@ -279,15 +276,9 @@ ip6=$(curl -s --fail --connect-timeout 10 --max-time 10 https://ipv6.api.cloudro url4="" url6="" fallbackUrl="" -if [[ -z "${setupToken}" ]]; then - [[ -n "${ip4}" ]] && url4="https://${ip4}" - [[ -n "${ip6}" ]] && url6="https://[${ip6}]" - [[ -z "${ip4}" && -z "${ip6}" ]] && fallbackUrl="https://" -else - [[ -n "${ip4}" ]] && url4="https://${ip4}/?setupToken=${setupToken}" - [[ -n "${ip6}" ]] && url6="https://[${ip6}]/?setupToken=${setupToken}" - [[ -z "${ip4}" && -z "${ip6}" ]] && fallbackUrl="https://?setupToken=${setupToken}" -fi +[[ -n "${ip4}" ]] && url4="https://${ip4}" +[[ -n "${ip6}" ]] && url6="https://[${ip6}]" +[[ -z "${ip4}" && -z "${ip6}" ]] && fallbackUrl="https://" echo -e "\n\n${GREEN}After reboot, visit one of the following URLs and accept the self-signed certificate to finish setup.${DONE}\n" [[ -n "${url4}" ]] && echo -e " * ${GREEN}${url4}${DONE}" [[ -n "${url6}" ]] && echo -e " * ${GREEN}${url6}${DONE}" diff --git a/setup/start/cloudron-motd b/setup/start/cloudron-motd index 199e779cf..74e63b93e 100755 --- a/setup/start/cloudron-motd +++ b/setup/start/cloudron-motd @@ -26,16 +26,9 @@ function detectIp() { ip6=$(cat "${cache_file6}") fi - if [[ ! -f /etc/cloudron/SETUP_TOKEN ]]; then - [[ -n "${ip4}" ]] && url4="https://${ip4}" - [[ -n "${ip6}" ]] && url6="https://[${ip6}]" - [[ -z "${ip4}" && -z "${ip6}" ]] && fallbackUrl="https://" - else - setupToken="$(cat /etc/cloudron/SETUP_TOKEN)" - [[ -n "${ip4}" ]] && url4="https://${ip4}/?setupToken=${setupToken}" - [[ -n "${ip6}" ]] && url6="https://[${ip6}]/?setupToken=${setupToken}" - [[ -z "${ip4}" && -z "${ip6}" ]] && fallbackUrl="https://?setupToken=${setupToken}" - fi + [[ -n "${ip4}" ]] && url4="https://${ip4}" + [[ -n "${ip6}" ]] && url6="https://[${ip6}]" + [[ -z "${ip4}" && -z "${ip6}" ]] && fallbackUrl="https://" } if [[ -z "$(ls -A /home/yellowtent/platformdata/addons/mail/dkim)" ]]; then diff --git a/src/paths.js b/src/paths.js index 417407fb6..b9ff4f570 100644 --- a/src/paths.js +++ b/src/paths.js @@ -21,7 +21,6 @@ exports = module.exports = { TRANSLATIONS_DIR: constants.TEST ? path.join(__dirname, '../dashboard/dist/translation') : path.join(baseDir(), 'box/dashboard/dist/translation'), PROVIDER_FILE: '/etc/cloudron/PROVIDER', - SETUP_TOKEN_FILE: '/etc/cloudron/SETUP_TOKEN', DEFAULT_BACKUP_DIR: '/var/backups', VOLUMES_MOUNT_DIR: '/mnt/volumes', diff --git a/src/routes/provision.js b/src/routes/provision.js index fa2619c31..817d9a351 100644 --- a/src/routes/provision.js +++ b/src/routes/provision.js @@ -7,7 +7,6 @@ exports = module.exports = { activate, restore, getStatus, - setupTokenAuth, getBlockDevices, detectIP }; @@ -18,25 +17,12 @@ const assert = require('assert'), HttpError = require('connect-lastmile').HttpError, HttpSuccess = require('connect-lastmile').HttpSuccess, network = require('../network.js'), - paths = require('../paths.js'), provision = require('../provision.js'), safe = require('safetydance'), superagent = require('../superagent.js'), system = require('../system.js'), users = require('../users.js'); -function setupTokenAuth(req, res, next) { - assert.strictEqual(typeof req.body, 'object'); - - const setupToken = safe.fs.readFileSync(paths.SETUP_TOKEN_FILE, 'utf8'); - if (!setupToken) return next(); - - if (!req.body.setupToken) return next(new HttpError(400, 'setup token required')); - if (setupToken.trim() !== req.body.setupToken) return next(new HttpError(422, 'setup token does not match')); - - return next(); -} - async function verifyUnprovisioned(req, res, next) { const activated = await users.isActivated(); if (activated) return next(new HttpError(405, 'route unavailable post activation')); diff --git a/src/server.js b/src/server.js index 8a08a58b4..85166922c 100644 --- a/src/server.js +++ b/src/server.js @@ -77,11 +77,10 @@ async function initializeExpressSync() { const authorizeUser = routes.accesscontrol.authorize(users.ROLE_USER); // boostrapping/provision routes - const setupTokenAuth = routes.provision.setupTokenAuth; const verifyUnprovisioned = routes.provision.verifyUnprovisioned; - router.post('/api/v1/provision/setup', json, verifyUnprovisioned, setupTokenAuth, routes.provision.providerTokenAuth, routes.provision.setup); - router.post('/api/v1/provision/restore', json, verifyUnprovisioned, setupTokenAuth, routes.provision.restore); - router.post('/api/v1/provision/activate', json, verifyUnprovisioned, setupTokenAuth, routes.provision.activate); + router.post('/api/v1/provision/setup', json, verifyUnprovisioned, routes.provision.providerTokenAuth, routes.provision.setup); + router.post('/api/v1/provision/restore', json, verifyUnprovisioned, routes.provision.restore); + router.post('/api/v1/provision/activate', json, verifyUnprovisioned, routes.provision.activate); router.get ('/api/v1/provision/block_devices', verifyUnprovisioned, routes.provision.getBlockDevices); router.post('/api/v1/provision/detect_ip', verifyUnprovisioned, routes.provision.detectIP); router.get ('/api/v1/provision/status', routes.provision.getStatus);