jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
19,653 Commits 33 Branches 583 Tags
29f85a8fd27a708f624bcaa30eed5b726fe28d41
Commit Graph

677 Commits

Author SHA1 Message Date
Girish Ramakrishnan f12b4faf34 lint 2026-03-12 23:23:23 +05:30
Girish Ramakrishnan 01d0c738bc replace debug() with our custom logger 
mostly we want trace() and log(). trace() can be enabled whenever
we want by flipping a flag and restarting box
 2026-03-12 23:08:35 +05:30
Girish Ramakrishnan d0f0bb799e 2fa: refactor into separate dialog 
also rename routes to totp
 2026-02-22 10:43:15 +01:00
Girish Ramakrishnan 5a613231e0 apps: remove deprecated /api/v1/apps/install route 2026-02-20 09:48:07 +01:00
Girish Ramakrishnan a51672f3ee security: remove cors 
I traced this back to a commit from 2014! 781495e662
 2026-02-17 17:10:18 +01:00
Girish Ramakrishnan eae86d15ef Update modules 2026-02-14 19:49:42 +01:00
Girish Ramakrishnan 36aa641cb9 migrate to "export default" 
also, set no-use-before-define in linter
 2026-02-14 15:43:24 +01:00
Girish Ramakrishnan 96dc79cfe6 Migrate codebase from CommonJS to ES Modules 
- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-14 15:11:45 +01:00
Johannes Zellner 5724ca73b4 Add passkey support 2026-02-13 17:18:56 +01:00
Girish Ramakrishnan 93a0063941 backups: add stop_integrity_check route 2026-02-09 22:00:40 +01:00
Girish Ramakrishnan a7de7fb286 initial implementation of community packages 2026-02-05 14:21:50 +01:00
Johannes Zellner aa84cb0079 Actually make multiplart also optional 2026-01-28 14:17:22 +01:00
Johannes Zellner 70476bd168 Use jsonOrMultipart instead of jsonOptional and multipart 2026-01-27 22:01:18 +01:00
Johannes Zellner a7929e142f Build local image for updates in apptask 2026-01-27 22:01:18 +01:00
Johannes Zellner 280f628746 Accept json body or formdata in app install route 2026-01-27 22:01:18 +01:00
Girish Ramakrishnan f714cd66f7 rework mail domain stats 
We can now show list count, alias count as well in the mail domains UI
 2025-12-05 13:32:07 +01:00
Girish Ramakrishnan 0dd6446f3e apps: add route to list sites for operators 
the main backup listing route is only available for admins
 2025-10-14 14:22:41 +02:00
Girish Ramakrishnan 43962c4a5a add route to list backups by site 2025-10-06 14:52:29 +02:00
Girish Ramakrishnan f7c85d8aa2 mail: add api to list domains 2025-09-30 17:11:10 +02:00
Girish Ramakrishnan 98d4d99c1b appstore: add unlink account route 2025-09-24 21:49:24 +02:00
Girish Ramakrishnan 5157789774 backups: add per site enabledForUpdates flag 
previously, we had a singleton 'main' flag to indicate a site can
be used for updates. with this new approach, we can get rid of the
'primary' concept. each site can be used for updates or not.
 2025-09-22 18:03:01 +02:00
Girish Ramakrishnan 4c3a8e1fd7 backup site: add contents 
it is a json that can be one of the three:

* null - include everything
* include - only include these ids
* exclude - everything except these ids
 2025-09-22 13:28:16 +02:00
Girish Ramakrishnan c5b7264f1a rename backupTargets to backupSites 2025-09-12 10:32:37 +02:00
Johannes Zellner bbc5217c81 Remove unused variable 2025-08-22 16:46:45 +02:00
Girish Ramakrishnan 19682ec21b tgz: integrity check 2025-08-15 21:23:39 +05:30
Girish Ramakrishnan 12e073e8cf use node: prefix for requires 
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
 2025-08-14 12:55:35 +05:30
Girish Ramakrishnan 2a90a0a278 backup target: add password hint and encryption route 2025-08-05 11:26:02 +02:00
Girish Ramakrishnan 132132307f backuptarget: rename label to name 2025-08-04 14:28:37 +02:00
Girish Ramakrishnan 7ef9e7eb51 storage: add getStatus hook 2025-08-04 11:01:20 +02:00
Girish Ramakrishnan 59aaabecc7 backups: the get route was accidentally removed 2025-07-25 11:56:31 +02:00
Girish Ramakrishnan 3f07bb5c3a backup targets: add test for all routes 2025-07-25 11:29:00 +02:00
Girish Ramakrishnan 94dd1eb0c2 backups: add setPrimary route 2025-07-25 09:43:26 +02:00
Girish Ramakrishnan ef5631bff4 backups: setPolicy is gone 2025-07-25 01:42:25 +02:00
Girish Ramakrishnan 62017b3ff5 backup: rename back backuplisting.js to backups.js 
this was a transitional rename till I figured out how to split
it in backuptargets.js
 2025-07-25 01:37:19 +02:00
Girish Ramakrishnan 3aafbd2ccb backups: add backup multiple targets 2025-07-25 01:30:27 +02:00
Girish Ramakrishnan 931311f11f rename backups to backuptargets 2025-07-24 18:54:10 +02:00
Girish Ramakrishnan 5e456f378b backups: split listing and targets 2025-07-24 18:21:48 +02:00
Girish Ramakrishnan 8bf8c278f0 system: add tests for fs usage route 2025-07-17 01:42:28 +02:00
Girish Ramakrishnan 5539f74bea system: add disk usage task 2025-07-17 00:09:50 +02:00
Girish Ramakrishnan 7214ce2ede support: remove ssh manipulation routes 
this is now moved entirely to cloudron-support --enable-remote-access.

this emphasizes more that users have to get ssh access to the server before
we can do anything about it. it's far too simple for people to click this
button.

we have now also added clear terms to understand what remote access entails.
(what happens if support personnel makes a mistake. who is liable? etc)
 2025-07-16 17:53:19 +02:00
Girish Ramakrishnan 4b79881472 system: route to get filesystem 2025-07-16 17:20:28 +02:00
Girish Ramakrishnan 622aecfd6d users: add unset route for avatar 
also add missing tests for avatar and profile locking
 2025-07-15 10:06:26 +02:00
Johannes Zellner 7adae569f5 Remove last usage of auth/branding route 2025-07-14 11:12:05 +02:00
Girish Ramakrishnan 04de621e37 Fix crash when req.query handling 
https://expressjs.com/en/5x/api.html#req.query

"As req.query’s shape is based on user-controlled input, all properties and values in this object
are untrusted and should be validated before trusting"

In essence, req.query.xx can be an array OR an array of strings.
 2025-07-13 13:21:38 +02:00
Johannes Zellner e1433cbf2a Always share the same meta info headers in dashboard views 2025-07-11 15:29:46 +02:00
Johannes Zellner 66d1de0821 Add initial dashboard entrypoint server side rendering routes 2025-07-11 12:28:02 +02:00
Girish Ramakrishnan bba48f455e use @connect-lastmile 2025-07-10 11:00:31 +02:00
Girish Ramakrishnan 3bd41013c0 profile: avatar cannot be changed when profile locked 
admins can now upload user avatars
 2025-07-02 13:03:15 +02:00
Girish Ramakrishnan a357f5a1b8 apps: add live metrics route 2025-07-01 12:23:38 +02:00
Johannes Zellner 713f1239c6 Allow admins to set users avatars 2025-06-30 22:44:59 +02:00