jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
19,646 Commits 33 Branches 583 Tags
f12b4faf34f0bf1b17fdae9cb2d170f6ecd21342
Commit Graph

677 Commits

Author SHA1 Message Date
Girish Ramakrishnan
f12b4faf34 lint 2026-03-12 23:23:23 +05:30
Girish Ramakrishnan
01d0c738bc replace debug() with our custom logger 
mostly we want trace() and log(). trace() can be enabled whenever
we want by flipping a flag and restarting box
 2026-03-12 23:08:35 +05:30
Girish Ramakrishnan
d0f0bb799e 2fa: refactor into separate dialog 
also rename routes to totp
 2026-02-22 10:43:15 +01:00
Girish Ramakrishnan
5a613231e0 apps: remove deprecated /api/v1/apps/install route 2026-02-20 09:48:07 +01:00
Girish Ramakrishnan
a51672f3ee security: remove cors 
I traced this back to a commit from 2014! 781495e662
 2026-02-17 17:10:18 +01:00
Girish Ramakrishnan
eae86d15ef Update modules 2026-02-14 19:49:42 +01:00
Girish Ramakrishnan
36aa641cb9 migrate to "export default" 
also, set no-use-before-define in linter
 2026-02-14 15:43:24 +01:00
Girish Ramakrishnan
96dc79cfe6 Migrate codebase from CommonJS to ES Modules 
- Convert all require()/module.exports to import/export across 260+ files
- Add "type": "module" to package.json to enable ESM by default
- Add migrations/package.json with "type": "commonjs" to keep db-migrate compatible
- Convert eslint.config.js to ESM with sourceType: "module"
- Replace __dirname/__filename with import.meta.dirname/import.meta.filename
- Replace require.main === module with process.argv[1] === import.meta.filename
- Remove 'use strict' directives (implicit in ESM)
- Convert dynamic require() in switch statements to static import lookup maps
  (dns.js, domains.js, backupformats.js, backupsites.js, network.js)
- Extract self-referencing exports.CONSTANT patterns into standalone const
  declarations (apps.js, services.js, locks.js, users.js, mail.js, etc.)
- Lazify SERVICES object in services.js to avoid circular dependency TDZ issues
- Add clearMailQueue() to mailer.js for ESM-safe queue clearing in tests
- Add _setMockApp() to ldapserver.js for ESM-safe test mocking
- Add _setMockResolve() wrapper to dig.js for ESM-safe DNS mocking in tests
- Convert backupupload.js to use dynamic imports so --check exits before
  loading the module graph (which requires BOX_ENV)
- Update check-install to use ESM import for infra_version.js
- Convert scripts/ (hotfix, release, remote_hotfix.js, find-unused-translations)
- All 1315 tests passing

Migration stats (AI-assisted using Cursor with Claude):
- Wall clock time: ~3-4 hours
- Assistant completions: ~80-100
- Estimated token usage: ~1-2M tokens

Co-authored-by: Cursor <cursoragent@cursor.com>
 2026-02-14 15:11:45 +01:00
Johannes Zellner
5724ca73b4 Add passkey support 2026-02-13 17:18:56 +01:00
Girish Ramakrishnan
93a0063941 backups: add stop_integrity_check route 2026-02-09 22:00:40 +01:00
Girish Ramakrishnan
a7de7fb286 initial implementation of community packages 2026-02-05 14:21:50 +01:00
Johannes Zellner
aa84cb0079 Actually make multiplart also optional 2026-01-28 14:17:22 +01:00
Johannes Zellner
70476bd168 Use jsonOrMultipart instead of jsonOptional and multipart 2026-01-27 22:01:18 +01:00
Johannes Zellner
a7929e142f Build local image for updates in apptask 2026-01-27 22:01:18 +01:00
Johannes Zellner
280f628746 Accept json body or formdata in app install route 2026-01-27 22:01:18 +01:00
Girish Ramakrishnan
f714cd66f7 rework mail domain stats 
We can now show list count, alias count as well in the mail domains UI
 2025-12-05 13:32:07 +01:00
Girish Ramakrishnan
0dd6446f3e apps: add route to list sites for operators 
the main backup listing route is only available for admins
 2025-10-14 14:22:41 +02:00
Girish Ramakrishnan
43962c4a5a add route to list backups by site 2025-10-06 14:52:29 +02:00
Girish Ramakrishnan
f7c85d8aa2 mail: add api to list domains 2025-09-30 17:11:10 +02:00
Girish Ramakrishnan
98d4d99c1b appstore: add unlink account route 2025-09-24 21:49:24 +02:00
Girish Ramakrishnan
5157789774 backups: add per site enabledForUpdates flag 
previously, we had a singleton 'main' flag to indicate a site can
be used for updates. with this new approach, we can get rid of the
'primary' concept. each site can be used for updates or not.
 2025-09-22 18:03:01 +02:00
Girish Ramakrishnan
4c3a8e1fd7 backup site: add contents 
it is a json that can be one of the three:

* null - include everything
* include - only include these ids
* exclude - everything except these ids
 2025-09-22 13:28:16 +02:00
Girish Ramakrishnan
c5b7264f1a rename backupTargets to backupSites 2025-09-12 10:32:37 +02:00
Johannes Zellner
bbc5217c81 Remove unused variable 2025-08-22 16:46:45 +02:00
Girish Ramakrishnan
19682ec21b tgz: integrity check 2025-08-15 21:23:39 +05:30
Girish Ramakrishnan
12e073e8cf use node: prefix for requires 
mostly because code is being autogenerated by all the AI stuff using
this prefix. it's also used in the stack trace.
 2025-08-14 12:55:35 +05:30
Girish Ramakrishnan
2a90a0a278 backup target: add password hint and encryption route 2025-08-05 11:26:02 +02:00
Girish Ramakrishnan
132132307f backuptarget: rename label to name 2025-08-04 14:28:37 +02:00
Girish Ramakrishnan
7ef9e7eb51 storage: add getStatus hook 2025-08-04 11:01:20 +02:00
Girish Ramakrishnan
59aaabecc7 backups: the get route was accidentally removed 2025-07-25 11:56:31 +02:00
Girish Ramakrishnan
3f07bb5c3a backup targets: add test for all routes 2025-07-25 11:29:00 +02:00
Girish Ramakrishnan
94dd1eb0c2 backups: add setPrimary route 2025-07-25 09:43:26 +02:00
Girish Ramakrishnan
ef5631bff4 backups: setPolicy is gone 2025-07-25 01:42:25 +02:00
Girish Ramakrishnan
62017b3ff5 backup: rename back backuplisting.js to backups.js 
this was a transitional rename till I figured out how to split
it in backuptargets.js
 2025-07-25 01:37:19 +02:00
Girish Ramakrishnan
3aafbd2ccb backups: add backup multiple targets 2025-07-25 01:30:27 +02:00
Girish Ramakrishnan
931311f11f rename backups to backuptargets 2025-07-24 18:54:10 +02:00
Girish Ramakrishnan
5e456f378b backups: split listing and targets 2025-07-24 18:21:48 +02:00
Girish Ramakrishnan
8bf8c278f0 system: add tests for fs usage route 2025-07-17 01:42:28 +02:00
Girish Ramakrishnan
5539f74bea system: add disk usage task 2025-07-17 00:09:50 +02:00
Girish Ramakrishnan
7214ce2ede support: remove ssh manipulation routes 
this is now moved entirely to cloudron-support --enable-remote-access.

this emphasizes more that users have to get ssh access to the server before
we can do anything about it. it's far too simple for people to click this
button.

we have now also added clear terms to understand what remote access entails.
(what happens if support personnel makes a mistake. who is liable? etc)
 2025-07-16 17:53:19 +02:00
Girish Ramakrishnan
4b79881472 system: route to get filesystem 2025-07-16 17:20:28 +02:00
Girish Ramakrishnan
622aecfd6d users: add unset route for avatar 
also add missing tests for avatar and profile locking
 2025-07-15 10:06:26 +02:00
Johannes Zellner
7adae569f5 Remove last usage of auth/branding route 2025-07-14 11:12:05 +02:00
Girish Ramakrishnan
04de621e37 Fix crash when req.query handling 
https://expressjs.com/en/5x/api.html#req.query

"As req.query’s shape is based on user-controlled input, all properties and values in this object
are untrusted and should be validated before trusting"

In essence, req.query.xx can be an array OR an array of strings.
 2025-07-13 13:21:38 +02:00
Johannes Zellner
e1433cbf2a Always share the same meta info headers in dashboard views 2025-07-11 15:29:46 +02:00
Johannes Zellner
66d1de0821 Add initial dashboard entrypoint server side rendering routes 2025-07-11 12:28:02 +02:00
Girish Ramakrishnan
bba48f455e use @connect-lastmile 2025-07-10 11:00:31 +02:00
Girish Ramakrishnan
3bd41013c0 profile: avatar cannot be changed when profile locked 
admins can now upload user avatars
 2025-07-02 13:03:15 +02:00
Girish Ramakrishnan
a357f5a1b8 apps: add live metrics route 2025-07-01 12:23:38 +02:00
Johannes Zellner
713f1239c6 Allow admins to set users avatars 2025-06-30 22:44:59 +02:00