e9f96593c3
reorder functions for no-use-before-define
2026-02-14 16:34:34 +01:00
36aa641cb9
migrate to "export default"
...
also, set no-use-before-define in linter
2026-02-14 15:43:24 +01:00
96dc79cfe6
Migrate codebase from CommonJS to ES Modules
...
- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
(dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing
Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens
Co-authored-by: Cursor <cursoragent@cursor.com >
2026-02-14 15:11:45 +01:00
6877dfb772
acme: ARI support
...
ARI is a hint from the cert issuer about when to renew a cert. We will
use it when the API is available.
It provides a mechanim for CAs to revoke certs and signal to clients
that cert should be renewed.
https://www.rfc-editor.org/rfc/rfc9773.txt
https://letsencrypt.org/2024/04/25/guide-to-integrating-ari-into-existing-acme-clients
2026-01-17 23:28:47 +01:00
f65b33f3fc
Fix key type typo
2026-01-17 22:20:39 +01:00
efccf2729b
start moving openssl commands into openssl.js
2026-01-17 15:28:44 +01:00
3a1cd8f67f
acme2: do not rely on db
2026-01-17 13:21:50 +01:00
a1b4fdf624
csp: allow multiple lines and add presets
2026-01-13 17:39:00 +01:00
33c75076da
quote the value in error message
2025-09-08 18:59:47 +02:00
ac7001b96e
reverseproxy: remove OCSP support
...
OCSP is getting deprecated in favor CRLs. Lets Encrypt has already
removed the OCSP URL in the certs and the OCSP validation server
is being decommissioned .
https://letsencrypt.org/2024/12/05/ending-ocsp/
2025-09-04 09:43:49 +02:00
12e073e8cf
use node: prefix for requires
...
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
2025-08-14 12:55:35 +05:30
989d843fcb
shell: make shell.sudo promise based and waitable
2025-07-16 22:04:24 +02:00
d9c104613c
tasks: rework the startTask API
...
it is now async. change was required to reset the pending flag
2025-06-17 19:32:46 +02:00
a7c6e36ec3
replace ipaddr.js
2025-05-06 16:26:35 +02:00
3dc6e274f0
use ipaddr.js for ip validation
2025-03-07 12:32:50 +01:00
6c3ca9c364
shell: rework code to use shell.spawn
...
spawn gives out streams and we have more control over the stdout/stderr
buffers. otherwise, we have to provide a max buffer capture size to exec
2024-10-15 12:13:46 +02:00
a9e1d7641d
shell: make require take a tag
2024-10-14 21:08:32 +02:00
74447d2690
lint
2024-04-29 12:49:20 +02:00
2a6368af60
remove usage of constants.DASHBOARD_SUBDOMAIN
2024-04-27 11:10:24 +02:00
21d7438bbe
proxyauth: user OpenID instead of basic auth
2024-04-15 15:59:16 +02:00
a6f078330f
shell: no need to promise scoping
2024-02-21 19:40:27 +01:00
cfd5c0f82b
shell: rewrite exec to use execFile
...
this also renames execFile to execArgs
2024-02-21 18:54:43 +01:00
14c9260ab0
shell: exec encoding is utf8 by default and no shell
...
explicitly mark calls that require the shell
2024-02-21 17:47:25 +01:00
c1bb4de6a3
reverseproxy: use async exec
2024-02-21 12:33:04 +01:00
4844f6d927
dashboard: remove old domain config on switch
2023-09-29 09:26:42 +05:30
28bfab6700
LOCATION_TYPE can move into location.js
2023-08-17 16:05:19 +05:30
5c98b6f080
crash fixes
2023-08-17 13:02:36 +05:30
3d0ba557e5
add Location class
2023-08-17 10:44:07 +05:30
4acbb7136a
proper task name for dashboard change
2023-08-14 10:45:12 +05:30
eee49a8291
move dashboard setting into dashboard.js
2023-08-11 21:04:10 +05:30
4cdf37b060
settings: move mailFqdn/Domain into mailServer
2023-08-04 22:02:24 +05:30
946e5caacb
split mail and mailserver
...
mail = all the per-domain code
mailserver = all the mail server level code
2023-08-04 20:54:39 +05:30
1264cd1dd7
reverseproxy: move renew and trusted ip routes
2023-08-04 13:19:48 +05:30
47d57a3971
fold sysinfo into network
...
the backends are network backends
2023-08-03 13:38:42 +05:30
bbc6ba1a35
settings: move service setting into services.js
...
this also introduces getJson/setJson
2023-08-03 11:50:00 +05:30
c7f2a04e8c
settings: move reverse proxy config
2023-08-02 23:02:39 +05:30
8fe992318e
settings: move trusted ip setting to reverseproxy
2023-08-02 23:02:39 +05:30
b26c8d20cd
network: add trusted ips
...
This allows the user to set trusted ips to Cloudflare or some other CDN
and have the logs have the correct IPs.
fixes #801
2023-05-13 16:15:47 +02:00
8448d28f6f
Implement HSTS preload
...
This allows browsers to query https directly instead of the initial http redirect
https://hstspreload.org/#opt-in says it should be explicitly opt in
2023-03-06 11:46:05 +01:00
abacc60181
tls: fix wildcard alias cert file names
...
also, do not provision redirect certs. redirect domains can never
hit the server anyway.
2023-02-25 20:22:09 +01:00
54add73d2a
reverseproxy: LE backdates certs by an hour
...
https://community.letsencrypt.org/t/valid-from-date-on-cert-off-by-1-hour/103239
2023-02-01 12:52:37 +01:00
3f70edf3ec
print subject and fix notBefore parsing
2023-02-01 12:38:29 +01:00
c63e0036cb
typo
2023-02-01 12:28:46 +01:00
3b9486596d
reverseproxy: force renewal only renews if not issued in last 5 mins
...
otherwise, this leads to repeated renewals in checkCerts
2023-02-01 11:18:39 +01:00
eddfd20f24
reverseproxy: get dates
2023-02-01 11:05:50 +01:00
690df0e5c4
reverseproxy: add option to force renewal for e2e
2023-01-31 23:45:17 +01:00
ce9e78d23b
reverseproxy: fix issue where renewed certs are not written to disk
2023-01-31 17:58:28 +01:00
d7d43c73fe
reverseproxy: fix typo in regexp matching
2022-12-08 10:05:36 +01:00
f27847950c
reverseproxy: notify cert change only in cron job
...
notifying this in ensureCertificate does not work if provider changed in the middle anyway.
might as well get them to be in sync in the cronjob.
this change also resulted in tls addon getting restarted non-stop if you change from wildcard
to non-wildcard since ensureCertificate notifies the change.
2022-11-30 15:55:32 +01:00
69b46d82ab
Fix typo
2022-11-30 14:56:40 +01:00
Girish Ramakrishnan