04de621e37
Fix crash when req.query handling
...
https://expressjs.com/en/5x/api.html#req.query
"As req.query’s shape is based on user-controlled input, all properties and values in this object
are untrusted and should be validated before trusting"
In essence, req.query.xx can be an array OR an array of strings.
2025-07-13 13:21:38 +02:00
22e23e1e65
auth: add logs when auth fails or succeeds
2025-07-11 18:14:27 +02:00
83b056738f
Always use name for ejs template title
2025-07-11 16:56:20 +02:00
e1433cbf2a
Always share the same meta info headers in dashboard views
2025-07-11 15:29:46 +02:00
8b9017224f
Only load dashboard templates once on startup
2025-07-11 12:45:30 +02:00
3b50a732b5
Replace branding route calling for name and footer in views
2025-07-11 12:42:21 +02:00
66d1de0821
Add initial dashboard entrypoint server side rendering routes
2025-07-11 12:28:02 +02:00
bba48f455e
use @connect-lastmile
2025-07-10 11:00:31 +02:00
6ac0cd421a
use the @cloudron/superagent module
2025-07-10 10:56:05 +02:00
6b2e98b9be
metrics: fix up app graphs after api changes
2025-07-07 20:09:09 +02:00
4cf1739604
metrics: overlay app metrics over system metrics
2025-07-07 19:12:57 +02:00
369474a0bc
metrics: add route to query app metrics with the system
2025-07-07 19:12:57 +02:00
2317c17b4b
metrics: interval is not configurable, unnecessary
2025-07-04 23:20:38 +02:00
53d85ac7a2
metrics: set objectMode to avoid lots of JSON
2025-07-04 22:42:05 +02:00
813409a8fb
graphs: directly stream docker stats
...
docker stats API caches the stat and reading it frequently gives back the same value.
this trips our "rate" code into thinking rate is 0.
one approach was to persist polling like we do now and ignore entries based on stats.read.
this works fine but the streaming approach seems better since we don't need to poll anymore.
2025-07-04 00:03:43 +02:00
846986987d
the oidc module expect accountId and sub to be the same
...
in our case sub is the username exposed to the app, not the userId
internal to Cloudron
Upstream behavior change https://github.com/panva/node-oidc-provider/commit/9b89153c0ea2f2280a26e35f3b66d1900aed7c79
2025-07-02 00:38:11 +02:00
24d93ea87d
test: fix status code
2025-07-01 13:04:21 +02:00
93aa4f086e
test: dns. is gone
2025-07-01 12:41:52 +02:00
a357f5a1b8
apps: add live metrics route
2025-07-01 12:23:38 +02:00
6b8b69d324
metrics: rename functions
2025-07-01 11:10:21 +02:00
713f1239c6
Allow admins to set users avatars
2025-06-30 22:44:59 +02:00
9428cf0d06
mail: make status a tristate
...
status can be 'passed', 'failed' or 'skipped'. The motivation for this
change is that when using a relay, we can provide a message indicating
why the check was skipped.
2025-06-28 12:20:25 +02:00
2486aee24d
AppsView: updateInfo is now part of app object
2025-06-26 16:57:55 +02:00
19c9d7d59d
updateInfo: move updateInfo into apps table
...
this has many advantages:
* easy to deliver the updateInfo via the apps object
* after updating, the task can clear it
* when apps are deleted, the info is automatically gone
otherwise, it's a mess of deps between apps/updater/apptask/rest routes
box update info is still in a file
2025-06-26 15:47:15 +02:00
abd640d36b
merge updatechecker into updater
2025-06-26 14:00:30 +02:00
e0af49f638
appstore: automatic is not stableOnly
2025-06-25 18:17:29 +02:00
2db99e7807
refactor: rename updater functions to have box in them
2025-06-20 19:04:55 +02:00
227da8dce4
test: remove double uninit of db
2025-06-19 10:24:17 +02:00
d9c104613c
tasks: rework the startTask API
...
it is now async. change was required to reset the pending flag
2025-06-17 19:32:46 +02:00
c44926c2cd
redis: disable by default when optional
...
this simply increases complexity of local setups since redis is
only used as a cache and not for persistent data
2025-06-14 10:40:48 +02:00
11a852d49c
test: enablePop3 is now required
2025-06-14 09:17:46 +02:00
e6d8115e52
Allow to set enablePop3 when adding a mailbox
2025-06-13 17:38:55 +02:00
a07d7ffdec
profile: do not crash on invalid avatar id
2025-06-12 01:23:17 +02:00
d112d6308c
move tokens.ID_ into oidcClients.ID_
2025-06-12 00:25:28 +02:00
1ca8eeeb50
split oidc into server and clients
2025-06-11 22:26:23 +02:00
2e4bc5e218
Start using req.resources = { app, volume, ...} pattern
...
Reason was that req.app was clashing with expressjs v5 which
stores the main expressjs app object there
2025-06-10 11:02:43 +02:00
ad4c88b535
Fix missing usage of safe()
2025-06-09 10:18:01 +02:00
a93c85ebc9
profile: drop gravatar support
...
gravatar is owned by an external entity (Automattic) and we have an
unnecessary dep to this service. users can just upload a profile pic
2025-06-08 18:12:40 +02:00
cd45046724
test: fix tasks test
2025-06-08 15:55:00 +02:00
344782099f
add explicit unset for the image routes
...
the initial motivation was to fix up the profile avatar rule which
had a mix of json or multipart. this style does not work well with
express 5
2025-06-06 18:58:49 +02:00
dffa3b7986
do not mix multipart and json
2025-06-06 17:18:39 +02:00
0f7bc9be52
GET requests should not use json middleware
2025-06-06 17:18:39 +02:00
40631a753f
Fix express 5 crashes
2025-06-06 16:23:07 +02:00
0f3eb42332
test: fix provision test
2025-06-06 15:48:21 +02:00
1fa8395847
test: remove support ticket test
2025-06-06 15:45:43 +02:00
7b9504c5b4
test: add provision test
2025-06-06 13:39:30 +02:00
2b52e21ccf
test: fix appstore test
2025-06-06 13:39:30 +02:00
c49050ea69
appstore: removed old route and rename to reset_cloudron_id
2025-06-06 13:39:30 +02:00
3ccad9ada9
cloudron-setup: remove --generate-setup-token
...
this code path is hardly ever tested and seems unnecesary
2025-06-06 10:22:06 +02:00
2c2a24c31b
support: remove createTicket
...
there is no form to create tickets anymore since a while
2025-06-06 09:51:07 +02:00
Girish Ramakrishnan