diff --git a/box.js b/box.js index 9ea2a1133..b75482753 100755 --- a/box.js +++ b/box.js @@ -55,7 +55,7 @@ async function startServers() { async function main() { const [error] = await safe(startServers()); - if (error) return exitSync({ error: new Error(`Error starting server: ${JSON.stringify(error)}`), code: 1 }); + if (error) return exitSync({ error: new Error(`Error starting server: ${error.message}`), code: 1 }); // require this here so that logging handler is already setup const debug = require('debug')('box:box'); diff --git a/src/routes/auth.js b/src/routes/auth.js index cc8f1f6b4..c4ebf9b97 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -52,7 +52,7 @@ async function logout(req, res) { await eventlog.add(eventlog.ACTION_USER_LOGOUT, AuditSource.fromRequest(req), { userId: req.user.id, user: users.removePrivateFields(req.user) }); await safe(tokens.delByAccessToken(req.token.accessToken)); - res.redirect('/'); + res.redirect(301, '/'); } async function passwordResetRequest(req, res, next) { @@ -125,4 +125,4 @@ async function getBranding(req, res, next) { }; next(new HttpSuccess(200, result)); -} \ No newline at end of file +} diff --git a/src/routes/filemanager.js b/src/routes/filemanager.js index 625477b2c..2babbeda9 100644 --- a/src/routes/filemanager.js +++ b/src/routes/filemanager.js @@ -31,10 +31,11 @@ function proxy(kind) { searchParams.delete('access_token'); searchParams.append('access_token', addonDetails.token); + const filepath = req.params.filepath.join('/'); const opts = { hostname: addonDetails.ip, port: 3000, - path: `/files/${id}/${encodeURIComponent(req.params[0])}?${searchParams.toString()}`, // params[0] already contains leading '/' + path: `/files/${id}/${encodeURIComponent(filepath)}?${searchParams.toString()}`, // params[0] already contains leading '/' method: req.method, headers: req.headers }; diff --git a/src/routes/wellknown.js b/src/routes/wellknown.js index 3dd0945bf..94000ec2a 100644 --- a/src/routes/wellknown.js +++ b/src/routes/wellknown.js @@ -10,7 +10,7 @@ const HttpError = require('connect-lastmile').HttpError, async function get(req, res, next) { const host = req.headers['host']; - const location = req.params[0]; + const location = req.params.location.join('/'); const [error, result] = await safe(wellknown.get(host, location)); if (error) return next(new HttpError(404, error.message)); diff --git a/src/server.js b/src/server.js index 7c9955948..ef79598b4 100644 --- a/src/server.js +++ b/src/server.js @@ -292,7 +292,7 @@ async function initializeExpressSync() { router.get ('/api/v1/apps/:id/task', token, routes.apps.load, authorizeOperator, routes.apps.getTask); router.get ('/api/v1/apps/:id/metrics', token, routes.apps.load, authorizeOperator, routes.apps.getMetrics); router.post('/api/v1/apps/:id/clone', json, token, routes.apps.load, authorizeAdmin, routes.apps.clone); - router.use ('/api/v1/apps/:id/files/*', token, routes.apps.load, authorizeOperator, routes.filemanager.proxy('app')); + router.use ('/api/v1/apps/:id/files/*filepath', token, routes.apps.load, authorizeOperator, routes.filemanager.proxy('app')); router.post('/api/v1/apps/:id/exec', json, token, routes.apps.load, authorizeOperator, routes.apps.createExec); router.get ('/api/v1/apps/:id/exec/:execId/start', token, routes.apps.load, authorizeOperator, routes.apps.startExec); router.get ('/api/v1/apps/:id/exec/:execId', token, routes.apps.load, authorizeOperator, routes.apps.getExec); @@ -348,7 +348,7 @@ async function initializeExpressSync() { // email routes router.get ('/api/v1/mailserver/eventlog', token, authorizeAdmin, routes.mailserver.proxy); router.post('/api/v1/mailserver/clear_eventlog', token, authorizeAdmin, routes.mailserver.proxy); - router.use ('/api/v1/mailserver/files/*', token, authorizeAdmin, routes.filemanager.proxy('mail')); + router.use ('/api/v1/mailserver/files/*filepath', token, authorizeAdmin, routes.filemanager.proxy('mail')); router.get ('/api/v1/mailserver/location', token, authorizeAdmin, routes.mailserver.getLocation); router.post('/api/v1/mailserver/location', json, token, authorizeAdmin, routes.mailserver.setLocation); router.get ('/api/v1/mailserver/max_email_size', token, authorizeAdmin, routes.mailserver.proxy); @@ -413,7 +413,7 @@ async function initializeExpressSync() { router.del ('/api/v1/volumes/:id', token, authorizeAdmin, routes.volumes.load, routes.volumes.del); router.get ('/api/v1/volumes/:id/status', token, authorizeAdmin, routes.volumes.load, routes.volumes.getStatus); router.post('/api/v1/volumes/:id/remount', token, authorizeAdmin, routes.volumes.load, routes.volumes.remount); - router.use ('/api/v1/volumes/:id/files/*', token, authorizeAdmin, routes.filemanager.proxy('volume')); + router.use ('/api/v1/volumes/:id/files/*filepath', token, authorizeAdmin, routes.filemanager.proxy('volume')); // service routes router.get ('/api/v1/services', token, authorizeAdmin, routes.services.list); @@ -427,7 +427,7 @@ async function initializeExpressSync() { router.post('/api/v1/services/:service/rebuild', json, token, authorizeAdmin, routes.services.rebuild); // well known - router.get ('/well-known-handler/*', routes.wellknown.get); + router.get ('/well-known-handler/*location', routes.wellknown.get); // OpenID connect clients router.get ('/api/v1/oidc/clients', token, authorizeAdmin, routes.oidc.listClients);