diff --git a/src/accesscontrol.js b/src/accesscontrol.js index 4920547c4..21b9d7072 100644 --- a/src/accesscontrol.js +++ b/src/accesscontrol.js @@ -3,6 +3,7 @@ exports = module.exports = { SCOPE_APPS_READ: 'apps:read', SCOPE_APPS_MANAGE: 'apps:manage', + SCOPE_APPSTORE: 'appstore', SCOPE_CLIENTS: 'clients', SCOPE_CLOUDRON: 'cloudron', SCOPE_DOMAINS_READ: 'domains:read', @@ -13,7 +14,7 @@ exports = module.exports = { SCOPE_SUBSCRIPTION: 'subscription', SCOPE_USERS_READ: 'users:read', SCOPE_USERS_MANAGE: 'users:manage', - VALID_SCOPES: [ 'apps', 'clients', 'cloudron', 'domains', 'mail', 'profile', 'settings', 'subscription', 'users' ], // keep this sorted + VALID_SCOPES: [ 'apps', 'appstore', 'clients', 'cloudron', 'domains', 'mail', 'profile', 'settings', 'subscription', 'users' ], // keep this sorted SCOPE_ANY: '*', diff --git a/src/appstore.js b/src/appstore.js index 235cd7058..d30f5a4a2 100644 --- a/src/appstore.js +++ b/src/appstore.js @@ -1,6 +1,10 @@ 'use strict'; exports = module.exports = { + getApps: getApps, + getApp: getApp, + getAppVersion: getAppVersion, + purchase: purchase, unpurchase: unpurchase, @@ -413,7 +417,7 @@ function sendFeedback(info, callback) { let url = config.apiServerOrigin() + '/api/v1/feedback'; superagent.post(url).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) { - if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error)); + if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message)); if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text))); callback(null); @@ -421,3 +425,54 @@ function sendFeedback(info, callback) { }); }); } + +function getApps(callback) { + assert.strictEqual(typeof callback, 'function'); + + getCloudronToken(function (error, token) { + if (error) return callback(error); + + settings.getUnstableAppsConfig(function (error, unstable) { + if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error)); + const url = `${config.apiServerOrigin()}/api/v1/apps`; + superagent.get(url).query({ accessToken: token, boxVersion: config.version(), unstable: unstable }).timeout(10 * 1000).end(function (error, result) { + if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message)); + if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED)); + if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED, result.body.message)); + if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body))); + if (!result.body.apps) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text))); + + callback(null, result.body.apps); + }); + }); + }); +} + +function getAppVersion(appId, version, callback) { + assert.strictEqual(typeof appId, 'string'); + assert.strictEqual(typeof version, 'string'); + assert.strictEqual(typeof callback, 'function'); + + getCloudronToken(function (error, token) { + if (error) return callback(error); + + let url = `${config.apiServerOrigin()}/api/v1/apps/${appId}`; + if (version !== 'latest') url += `/versions/${version}`; + + superagent.get(url).query({ accessToken: token }).timeout(10 * 1000).end(function (error, result) { + if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message)); + if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED)); + if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.BILLING_REQUIRED, result.body.message)); + if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body))); + + callback(null, result.body); + }); + }); +} + +function getApp(appId, callback) { + assert.strictEqual(typeof appId, 'string'); + assert.strictEqual(typeof callback, 'function'); + + getAppVersion(appId, 'latest', callback); +} diff --git a/src/routes/appstore.js b/src/routes/appstore.js new file mode 100644 index 000000000..ec33bff1e --- /dev/null +++ b/src/routes/appstore.js @@ -0,0 +1,47 @@ +'use strict'; + +exports = module.exports = { + getApps: getApps, + getApp: getApp, + getAppVersion: getAppVersion +}; + +var appstore = require('../appstore.js'), + AppstoreError = appstore.AppstoreError, + assert = require('assert'), + HttpError = require('connect-lastmile').HttpError, + HttpSuccess = require('connect-lastmile').HttpSuccess; + +function getApps(req, res, next) { + appstore.getApps(function (error, apps) { + if (error && error.reason === AppstoreError.BILLING_REQUIRED) return next(new HttpError(402, error.message)); + if (error) return next(new HttpError(500, error)); + + next(new HttpSuccess(200, { apps: apps })); + }); +} + +function getApp(req, res, next) { + assert.strictEqual(typeof req.params.appstoreId, 'string'); + + appstore.getApp(req.params.appstoreId, function (error, app) { + if (error && error.reason === AppstoreError.NOT_FOUND) return next(new HttpError(404, 'No such app')); + if (error && error.reason === AppstoreError.BILLING_REQUIRED) return next(new HttpError(402, error.message)); + if (error) return next(new HttpError(500, error)); + + next(new HttpSuccess(200, app)); + }); +} + +function getAppVersion(req, res, next) { + assert.strictEqual(typeof req.params.appstoreId, 'string'); + assert.strictEqual(typeof req.params.versionId, 'string'); + + appstore.getAppVersion(req.params.appstoreId, req.params.versionId, function (error, manifest) { + if (error && error.reason === AppstoreError.NOT_FOUND) return next(new HttpError(404, 'No such app or version')); + if (error && error.reason === AppstoreError.BILLING_REQUIRED) return next(new HttpError(402, error.message)); + if (error) return next(new HttpError(500, error)); + + next(new HttpSuccess(200, manifest)); + }); +} diff --git a/src/routes/index.js b/src/routes/index.js index 47e13a8c5..45263e53a 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -3,6 +3,7 @@ exports = module.exports = { accesscontrol: require('./accesscontrol.js'), apps: require('./apps.js'), + appstore: require('./appstore.js'), backups: require('./backups.js'), clients: require('./clients.js'), cloudron: require('./cloudron.js'), diff --git a/src/routes/test/appstore-test.js b/src/routes/test/appstore-test.js new file mode 100644 index 000000000..5e5821bf5 --- /dev/null +++ b/src/routes/test/appstore-test.js @@ -0,0 +1,146 @@ +/* global it:false */ +/* global describe:false */ +/* global before:false */ +/* global after:false */ + +'use strict'; + +var async = require('async'), + config = require('../../config.js'), + database = require('../../database.js'), + expect = require('expect.js'), + nock = require('nock'), + path = require('path'), + safe = require('safetydance'), + superagent = require('superagent'), + server = require('../../server.js'); + +var SERVER_URL = 'http://localhost:' + config.get('port'); + +var USERNAME = 'superadmin', PASSWORD = 'Foobar?1337', EMAIL ='silly@me.com'; +var AUTHORIZED_KEYS_FILE = path.join(config.baseDir(), 'authorized_keys'); +var token = null; + +function setup(done) { + nock.cleanAll(); + config._reset(); + config.setFqdn('example-ssh-test.com'); + safe.fs.unlinkSync(AUTHORIZED_KEYS_FILE); + + async.series([ + server.start.bind(server), + + database._clear, + + function createAdmin(callback) { + superagent.post(SERVER_URL + '/api/v1/cloudron/activate') + .query({ setupToken: 'somesetuptoken' }) + .send({ username: USERNAME, password: PASSWORD, email: EMAIL }) + .end(function (error, result) { + expect(result).to.be.ok(); + expect(result.statusCode).to.eql(201); + + // stash token for further use + token = result.body.token; + + callback(); + }); + } + ], done); +} + +function cleanup(done) { + database._clear(function (error) { + expect(error).to.not.be.ok(); + + config._reset(); + + server.stop(done); + }); +} + +describe('Appstore API', function () { + before(setup); + after(cleanup); + + it('cannot list apps without subscription', function (done) { + superagent.get(SERVER_URL + '/api/v1/appstore/apps') + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(402); // billing required + done(); + }); + }); + + it('cannot get app without subscription', function (done) { + superagent.get(SERVER_URL + '/api/v1/appstore/apps/org.wordpress.cloudronapp') + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(402); // billing required + done(); + }); + }); + + it('setup subscription', function (done) { + var scope1 = nock(config.apiServerOrigin()) + .post('/api/v1/login', (body) => body.email && body.password) + .reply(200, { userId: 'userId', accessToken: 'SECRET_TOKEN' }); + + var scope2 = nock(config.apiServerOrigin()) + .post('/api/v1/register_cloudron?accessToken=SECRET_TOKEN', (body) => !!body.domain) + .reply(201, { cloudronId: 'cid', cloudronToken: 'CLOUDRON_TOKEN', licenseKey: 'lkey' }); + + superagent.post(SERVER_URL + '/api/v1/subscription') + .send({ email: 'test@cloudron.io', password: 'secret', signup: false }) + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(200); + expect(scope1.isDone()).to.be.ok(); + expect(scope2.isDone()).to.be.ok(); + done(); + }); + }); + + it('can list apps', function (done) { + var scope1 = nock(config.apiServerOrigin()) + .get(`/api/v1/apps?accessToken=CLOUDRON_TOKEN&boxVersion=${config.version()}&unstable=false`, () => true) + .reply(200, { apps: [] }); + + superagent.get(SERVER_URL + '/api/v1/appstore/apps') + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(200); + expect(scope1.isDone()).to.be.ok(); + done(); + }); + }); + + it('can get app', function (done) { + var scope1 = nock(config.apiServerOrigin()) + .get('/api/v1/apps/org.wordpress.cloudronapp?accessToken=CLOUDRON_TOKEN', () => true) + .reply(200, { apps: [] }); + + superagent.get(SERVER_URL + '/api/v1/appstore/apps/org.wordpress.cloudronapp') + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(200); + expect(scope1.isDone()).to.be.ok(); + done(); + }); + }); + + it('can get app version', function (done) { + var scope1 = nock(config.apiServerOrigin()) + .get('/api/v1/apps/org.wordpress.cloudronapp/versions/3.4.2?accessToken=CLOUDRON_TOKEN', () => true) + .reply(200, { apps: [] }); + + superagent.get(SERVER_URL + '/api/v1/appstore/apps/org.wordpress.cloudronapp/versions/3.4.2') + .query({ access_token: token }) + .end(function (error, result) { + expect(result.statusCode).to.equal(200); + expect(scope1.isDone()).to.be.ok(); + done(); + }); + }); + +}); diff --git a/src/server.js b/src/server.js index 82fae4eea..b8a6747f3 100644 --- a/src/server.js +++ b/src/server.js @@ -90,6 +90,7 @@ function initializeExpressSync() { // scope middleware implicitly also adds bearer token verification var cloudronScope = routes.accesscontrol.scope(accesscontrol.SCOPE_CLOUDRON); var subscriptionScope = routes.accesscontrol.scope(accesscontrol.SCOPE_SUBSCRIPTION); + var appstoreScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPSTORE); var profileScope = routes.accesscontrol.scope(accesscontrol.SCOPE_PROFILE); var usersReadScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_READ); var usersManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_USERS_MANAGE); @@ -216,6 +217,11 @@ function initializeExpressSync() { router.del ('/api/v1/clients/:clientId/tokens', clientsScope, routes.clients.delTokens); router.del ('/api/v1/clients/:clientId/tokens/:tokenId', clientsScope, routes.clients.delToken); + // appstore routes + router.get ('/api/v1/appstore/apps', appstoreScope, routes.appstore.getApps); + router.get ('/api/v1/appstore/apps/:appstoreId', appstoreScope, routes.appstore.getApp); + router.get ('/api/v1/appstore/apps/:appstoreId/versions/:versionId', appstoreScope, routes.appstore.getAppVersion); + // app routes router.get ('/api/v1/apps', appsReadScope, routes.apps.getApps); router.get ('/api/v1/apps/:id', appsManageScope, routes.apps.getApp);