More 4.4.4 changes

https://forum.cloudron.io/topic/2050/switch-to-debian-ubuntu-spying

CHANGES

@@ -1684,3 +1684,85 @@
 * Add Skip backup option when updating an app
 * Fix bug where nginx was not reloaded on cert renewal
 
+[4.2.4]
+* Fix demo settings state regression
+
+[4.2.5]
+* Fix the demo settins fix
+
+[4.2.6]
+* Fix configuration of empty app location (subdomain)
+
+[4.2.7]
+* Fix issue where the icon for normal users was displayed incorrectly
+* Kill stuck backup processes after 12 hours and notify admins
+* Reconfigure email apps when mail domain is added/removed
+* Fix crash when only udp ports are defined
+
+[4.3.0]
+* Add timeout to kill long running tasks in case they get stuck
+* email: Auto-subscribe to Spam folder
+* Allow setting a custom CSP policy
+* ticket: when email is down, add a field to provide alternate contact email
+* Re-work app import flow
+* Add pagination and search to mailbox and mail alias listing
+* Add UI and workflow to add a private registry
+* Show external LDAP connector
+* Network view: Allow IP address detection to be configurable
+* Add support for custom docker registry
+* Resolve any lists and aliases in a mailing list
+* Rename Accounts view to Profile
+* Add search for groups and user association UI
+
+[4.3.1]
+* Make logout from all button logout from all sessions
+* List unstable apps by default
+* Fix crash when listing mailboxes
+
+[4.3.2]
+* Update manifestformat module
+
+[4.3.3]
+* Fix bug where stopped containers got started on server restart
+* Fix external LDAP UI and syncing
+* Fix timeout being too low in docker proxy
+* Make manifest.id optional for custom apps
+* Fix registry detection in private images
+* Make mailbox domain configurable for apps
+
+[4.3.4]
+* Do not error if fallback certs went missing
+* Add 'New Apps' section to Appstore view
+* Fix issue where graphs of some apps were not appearing
+
+[4.4.0]
+* Show swap in graphs
+* Make avatars customizable
+* Hide access tokens from logs
+* Add missing '@' sign for email address in app mailbox
+* Add app fqdn to backup progress message
+* import: add option to import app in-place
+* import: add option to import app from arbitrary backup config
+* Show download progress for rsync backups
+* Fix various repair workflows
+* acme2: Implement post-as-get
+
+[4.4.1]
+* ami: fix AWS provider validation
+
+[4.4.2]
+* Fix crash when reporting that DKIM is not setup correctly
+* Stopped apps cannot be updated or auto-updated
+* eventlog: track support ticket creation and remote support status
+
+[4.4.3]
+* Add restart button in recovery section
+* Fix issue where memory usage was not computed correctly
+* cloudflare: support API tokens
+
+[4.4.4]
+* Fix bug where restart button in terminal was not working
+* Add search field in apps view
+* Make app view tags and domain filter persistent
+* Add timezone UI
+

LICENSE

@@ -1,5 +1,5 @@
 The Cloudron Subscription license
-Copyright (c) 2019 Cloudron UG
+Copyright (c) 2020 Cloudron UG
 
 With regard to the Cloudron Software:
 

baseimage/initializeBaseUbuntuImage.sh

@@ -123,6 +123,13 @@ timedatectl set-ntp 1
 # mysql follows the system timezone
 timedatectl set-timezone UTC
 
+echo "==> Adding sshd configuration warning"
+sed -e '/Port 22/ i # NOTE: Cloudron only supports moving SSH to port 202. See https://cloudron.io/documentation/security/#securing-ssh-access' -i /etc/ssh/sshd_config
+
+# https://bugs.launchpad.net/ubuntu/+source/base-files/+bug/1701068
+echo "==> Disabling motd news"
+sed -i 's/^ENABLED=.*/ENABLED=0/' /etc/default/motd-news
+
 # Disable bind for good measure (on online.net, kimsufi servers these are pre-installed and conflicts with unbound)
 systemctl stop bind9 || true
 systemctl disable bind9 || true

migrations/20190303024631-apps-default-mailboxName.js

@@ -1,12 +1,6 @@
 'use strict';
 
-var async = require('async'),
-    crypto = require('crypto'),
-    fs = require('fs'),
-    os = require('os'),
-    path = require('path'),
-    safe = require('safetydance'),
-    tldjs = require('tldjs');
+var async = require('async');
 
 exports.up = function(db, callback) {
     db.all('SELECT * FROM apps, subdomains WHERE apps.id=subdomains.appId AND type="primary"', function (error, apps) {

migrations/20190725172940-settings-migrate-cloudron-conf.js

@@ -1,8 +1,7 @@
 'use strict';
 
 var async = require('async'),
-    fs = require('fs'),
-    superagent = require('superagent');
+    fs = require('fs');
 
 exports.up = function(db, callback) {
     if (!fs.existsSync('/etc/cloudron/cloudron.conf')) {

migrations/20190911193842-mailboxes-make-members-fully-qualified.js

@@ -9,7 +9,7 @@ exports.up = function(db, callback) {
             if (!mailbox.membersJson) return iteratorDone();
 
             let members = JSON.parse(mailbox.membersJson);
-            members = members.map((m) => m.indexOf('@') === -1 ? `${m}@${mailbox.domain}` : m); // only because we don't do things in a xction
+            members = members.map((m) => m && m.indexOf('@') === -1 ? `${m}@${mailbox.domain}` : m); // only because we don't do things in a xction
 
             db.runSql('UPDATE mailboxes SET membersJson=? WHERE name=? AND domain=?', [ JSON.stringify(members), mailbox.name, mailbox.domain ], iteratorDone);
         }, callback);

migrations/20191002103646-fix-demo-settings-boolean.js

@@ -0,0 +1,10 @@
+'use strict';
+
+exports.up = function(db, callback) {
+    // We clear all demo state in the Cloudron...the demo cloudron needs manual intervention afterwards
+    db.runSql('REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'demo', '' ], callback);
+};
+
+exports.down = function(db, callback) {
+    callback();
+};

migrations/20191014002401-apps-add-reverseProxyConfigJson.js

@@ -0,0 +1,30 @@
+'use strict';
+
+var async = require('async');
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE apps ADD COLUMN reverseProxyConfigJson TEXT', function (error) {
+        if (error) return callback(error);
+
+        db.all('SELECT id, robotsTxt FROM apps', function (error, apps) {
+            if (error) return callback(error);
+
+            async.eachSeries(apps, function (app, iteratorDone) {
+                if (!app.robotsTxt) return iteratorDone();
+
+                db.runSql('UPDATE apps SET reverseProxyConfigJson=? WHERE id=?', [ JSON.stringify({ robotsTxt: JSON.stringify(app.robotsTxt) }), app.id ], iteratorDone);
+            }, function (error) {
+                if (error) return callback(error);
+
+                db.runSql('ALTER TABLE apps DROP COLUMN robotsTxt', callback);
+            });
+        });
+    });
+};
+
+exports.down = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN reverseProxyConfigJson'),
+    ], callback);
+};
+

migrations/20191029223928-settings-default-sysinfo.js

@@ -0,0 +1,13 @@
+'use strict';
+
+var fs = require('fs');
+
+exports.up = function(db, callback) {
+    let sysinfoConfig = { provider: 'generic' };
+
+    db.runSql('REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'sysinfo_config', JSON.stringify(sysinfoConfig) ], callback);
+};
+
+exports.down = function(db, callback) {
+    callback();
+};

migrations/20191115053638-appdb-add-mailboxDomain.js

@@ -0,0 +1,27 @@
+'use strict';
+
+var async = require('async');
+
+exports.up = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'ALTER TABLE apps ADD COLUMN mailboxDomain VARCHAR(128)'),
+        function setDefaultMailboxDomain(done) {
+            db.all('SELECT * FROM apps, subdomains WHERE apps.id=subdomains.appId AND type="primary"', function (error, apps) {
+                if (error) return done(error);
+
+                async.eachSeries(apps, function (app, iteratorDone) {
+                    db.runSql('UPDATE apps SET mailboxDomain=? WHERE id=?', [ app.domain, app.id ], iteratorDone);
+                }, done);
+            });
+        },
+        db.runSql.bind(db, 'ALTER TABLE apps MODIFY COLUMN mailboxDomain VARCHAR(128) NOT NULL'),
+        db.runSql.bind(db, 'ALTER TABLE apps ADD CONSTRAINT apps_mailDomain_constraint FOREIGN KEY(mailboxDomain) REFERENCES domains(domain)'),
+    ], callback);
+};
+
+exports.down = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'ALTER TABLE app DROP FOREIGN KEY apps_mailDomain_constraint'),
+        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN mailboxDomain'),
+    ], callback);
+};

migrations/20200101235723-domains-set-cloudflare-tokenType.js

@@ -0,0 +1,22 @@
+'use strict';
+
+let async = require('async');
+
+exports.up = function(db, callback) {
+    db.runSql('SELECT * FROM domains', function (error, domains) {
+        if (error) return callback(error);
+
+        async.eachSeries(domains, function (domain, iteratorCallback) {
+            if (domain.provider !== 'cloudflare') return iteratorCallback();
+
+            let config = JSON.parse(domain.configJson);
+            config.tokenType = 'GlobalApiKey';
+
+            db.runSql('UPDATE domains SET configJson = ? WHERE domain = ?', [ JSON.stringify(config), domain.domain ], iteratorCallback);
+        }, callback);
+    });
+};
+
+exports.down = function(db, callback) {
+    callback();
+};

migrations/schema.sql

@@ -63,7 +63,7 @@ CREATE TABLE IF NOT EXISTS clients(
 
 CREATE TABLE IF NOT EXISTS apps(
     id VARCHAR(128) NOT NULL UNIQUE,
-    appStoreId VARCHAR(128) NOT NULL,
+    appStoreId VARCHAR(128) NOT NULL, // empty for custom apps
     installationState VARCHAR(512) NOT NULL, // the active task on the app
     runState VARCHAR(512) NOT NULL,   // if the app is stopped
     health VARCHAR(128),
@@ -81,16 +81,18 @@ CREATE TABLE IF NOT EXISTS apps(
     xFrameOptions VARCHAR(512),
     sso BOOLEAN DEFAULT 1, // whether user chose to enable SSO
     debugModeJson TEXT, // options for development mode
-    robotsTxt TEXT,
+    reverseProxyConfigJson TEXT, // { robotsTxt, csp }
     enableBackup BOOLEAN DEFAULT 1, // misnomer: controls automatic daily backups
     enableAutomaticUpdate BOOLEAN DEFAULT 1,
     mailboxName VARCHAR(128), // mailbox of this app. default allocated as '.app'
+    mailboxDomain VARCHAR(128) NOT NULL, // mailbox domain of this apps
     label VARCHAR(128),     // display name
     tagsJson VARCHAR(2048), // array of tags
     dataDir VARCHAR(256) UNIQUE,
     taskId INTEGER, // current task
     errorJson TEXT,
 
+    FOREIGN KEY(mailboxDomain) REFERENCES domains(domain),
     FOREIGN KEY(taskId) REFERENCES tasks(id),
     PRIMARY KEY(id));
 

package-lock.json

@@ -814,32 +814,35 @@
       }
     },
     "cloudron-manifestformat": {
-      "version": "2.15.0",
-      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-2.15.0.tgz",
-      "integrity": "sha512-hSL+n/ttjrjZby/tSa5YSTRUAcxfzAi9CFUSPyu3dx8OMxzHsDyTvtKHjwBtIZ0Fjz7B3THfR3kfvIgP0lULSg==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-4.0.0.tgz",
+      "integrity": "sha512-St/Quu8ofQOf0rUAMaIsOL0u0dZ46irweU8rYVMvAXU0CGwSD9KDaeLW5NjGRg3FVjNzladUDVUE/BGD4rwEvA==",
       "requires": {
-        "cron": "^1.0.9",
+        "cron": "^1.7.2",
         "java-packagename-regex": "^1.0.0",
-        "safetydance": "0.0.15",
-        "semver": "^4.3.1",
-        "tv4": "^1.1.9",
-        "validator": "^3.34.0"
+        "safetydance": "0.7.1",
+        "semver": "^6.3.0",
+        "tv4": "^1.3.0",
+        "validator": "^12.0.0"
       },
       "dependencies": {
-        "safetydance": {
-          "version": "0.0.15",
-          "resolved": "https://registry.npmjs.org/safetydance/-/safetydance-0.0.15.tgz",
-          "integrity": "sha1-VlUnZ18F92XxxoglYjRWpcVSEMQ="
+        "cron": {
+          "version": "1.7.2",
+          "resolved": "https://registry.npmjs.org/cron/-/cron-1.7.2.tgz",
+          "integrity": "sha512-+SaJ2OfeRvfQqwXQ2kgr0Y5pzBR/lijf5OpnnaruwWnmI799JfWr2jN2ItOV9s3A/+TFOt6mxvKzQq5F0Jp6VQ==",
+          "requires": {
+            "moment-timezone": "^0.5.x"
+          }
         },
         "semver": {
-          "version": "4.3.6",
-          "resolved": "https://registry.npmjs.org/semver/-/semver-4.3.6.tgz",
-          "integrity": "sha1-MAvG4OhjdPe6YQaLWx7NV/xlMto="
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+          "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw=="
         },
         "validator": {
-          "version": "3.43.0",
-          "resolved": "https://registry.npmjs.org/validator/-/validator-3.43.0.tgz",
-          "integrity": "sha1-lkZLmS1BloM9l6GUv0Cxn/VLrgU="
+          "version": "12.0.0",
+          "resolved": "https://registry.npmjs.org/validator/-/validator-12.0.0.tgz",
+          "integrity": "sha512-r5zA1cQBEOgYlesRmSEwc9LkbfNLTtji+vWyaHzRZUxCTHdsX3bd+sdHfs5tGZ2W6ILGGsxWxCNwT/h3IY/3ng=="
         }
       }
     },

package.json

@@ -20,7 +20,7 @@
     "async": "^2.6.2",
     "aws-sdk": "^2.476.0",
     "body-parser": "^1.19.0",
-    "cloudron-manifestformat": "^2.15.0",
+    "cloudron-manifestformat": "^4.0.0",
     "connect": "^3.7.0",
     "connect-ensure-login": "^0.1.1",
     "connect-lastmile": "^1.2.1",

runTests

@@ -22,7 +22,7 @@ fi
 mkdir -p ${DATA_DIR}
 cd ${DATA_DIR}
 mkdir -p appsdata
-mkdir -p boxdata/appicons boxdata/mail boxdata/certs boxdata/mail/dkim/localhost boxdata/mail/dkim/foobar.com
+mkdir -p boxdata/profileicons boxdata/appicons boxdata/mail boxdata/certs boxdata/mail/dkim/localhost boxdata/mail/dkim/foobar.com
 mkdir -p platformdata/addons/mail platformdata/nginx/cert platformdata/nginx/applications platformdata/collectd/collectd.conf.d platformdata/addons platformdata/logrotate.d platformdata/backup platformdata/logs/tasks
 
 # put cert

scripts/cloudron-setup

@@ -99,6 +99,7 @@ if [[ -z "${provider}" ]]; then
 elif [[  \
             "${provider}" != "ami" && \
             "${provider}" != "azure" && \
+            "${provider}" != "azure-image" && \
             "${provider}" != "caas" && \
             "${provider}" != "cloudscale" && \
             "${provider}" != "contabo" && \

setup/start.sh

@@ -51,6 +51,7 @@ mkdir -p "${PLATFORM_DATA_DIR}/logs/backup" \
 mkdir -p "${PLATFORM_DATA_DIR}/update"
 
 mkdir -p "${BOX_DATA_DIR}/appicons"
+mkdir -p "${BOX_DATA_DIR}/profileicons"
 mkdir -p "${BOX_DATA_DIR}/certs"
 mkdir -p "${BOX_DATA_DIR}/acme" # acme keys
 mkdir -p "${BOX_DATA_DIR}/mail/dkim"
@@ -83,7 +84,7 @@ echo "==> Setting up unbound"
 # We listen on 0.0.0.0 because there is no way control ordering of docker (which creates the 172.18.0.0/16) and unbound
 # If IP6 is not enabled, dns queries seem to fail on some hosts. -s returns false if file missing or 0 size
 ip6=$([[ -s /proc/net/if_inet6 ]] && echo "yes" || echo "no")
-echo -e "server:\n\tinterface: 0.0.0.0\n\tdo-ip6: ${ip6}\n\taccess-control: 127.0.0.1 allow\n\taccess-control: 172.18.0.1/16 allow\n\tcache-max-negative-ttl: 30\n\tcache-max-ttl: 300\n\t#logfile: /var/log/unbound.log\n\t#verbosity: 10" > /etc/unbound/unbound.conf.d/cloudron-network.conf
+cp -f "${script_dir}/start/unbound.conf" /etc/unbound/unbound.conf.d/cloudron-network.conf
 # update the root anchor after a out-of-disk-space situation (see #269)
 unbound-anchor -a /var/lib/unbound/root.key
 

setup/start/custom.yml

@@ -37,4 +37,4 @@
 #   notifyCloudronAdmins: false
 #
 # footer:
-#   body: '&copy; 2019 [Cloudron](https://cloudron.io) [Forum <i class="fa fa-comments"></i>](https://forum.cloudron.io)'
+#   body: '&copy; 2020 [Cloudron](https://cloudron.io) [Forum <i class="fa fa-comments"></i>](https://forum.cloudron.io)'

setup/start/unbound.conf

@@ -0,0 +1,11 @@
+server:
+        interface: 0.0.0.0
+        do-ip6: no
+        access-control: 127.0.0.1 allow
+        access-control: 172.18.0.1/16 allow
+        cache-max-negative-ttl: 30
+        cache-max-ttl: 300
+        # enable below for logging to journalctl -u unbound
+        # verbosity: 5
+        # log-queries: yes
+

src/accesscontrol.js

@@ -27,11 +27,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    DatabaseError = require('./databaseerror.js'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:accesscontrol'),
     tokendb = require('./tokendb.js'),
     users = require('./users.js'),
-    UsersError = users.UsersError,
     _ = require('underscore');
 
 // returns scopes that does not have wildcards and is sorted
@@ -78,13 +77,12 @@ function intersectScopes(allowedScopes, wantedScopes) {
 function validateScopeString(scope) {
     assert.strictEqual(typeof scope, 'string');
 
-    if (scope === '') return new Error('Empty scope not allowed');
+    if (scope === '') return new BoxError(BoxError.BAD_FIELD, 'Empty scope not allowed', { field: 'scope' });
 
     // NOTE: this function intentionally does not allow '*'. This is only allowed in the db to allow
     // us not write a migration script every time we add a new scope
     var allValid = scope.split(',').every(function (s) { return exports.VALID_SCOPES.indexOf(s.split(':')[0]) !== -1; });
-    if (!allValid) return new Error('Invalid scope. Available scopes are ' + exports.VALID_SCOPES.join(', '));
-
+    if (!allValid) return new BoxError(BoxError.BAD_FIELD, 'Invalid scope. Available scopes are ' + exports.VALID_SCOPES.join(', '), { field: 'scope' });
     return null;
 }
 
@@ -101,7 +99,7 @@ function hasScopes(authorizedScopes, requiredScopes) {
         // this allows apps:write if the token has a higher apps scope
         if (authorizedScopes.indexOf(requiredScopes[i]) === -1 && authorizedScopes.indexOf(scopeParts[0]) === -1) {
             debug('scope: missing scope "%s".', requiredScopes[i]);
-            return new Error('Missing required scope "' + requiredScopes[i] + '"');
+            return new BoxError(BoxError.NOT_FOUND, 'Missing required scope "' + requiredScopes[i] + '"');
         }
     }
 
@@ -122,11 +120,11 @@ function validateToken(accessToken, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tokendb.getByAccessToken(accessToken, function (error, token) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
         if (error) return callback(error); // this triggers 'internal error' in passport
 
         users.get(token.identifier, function (error, user) {
-            if (error && error.reason === UsersError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
             if (error) return callback(error);
 
             if (!user.active) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
@@ -134,11 +132,8 @@ function validateToken(accessToken, callback) {
             scopesForUser(user, function (error, userScopes) {
                 if (error) return callback(error);
 
-                var authorizedScopes = intersectScopes(userScopes, token.scope.split(','));
-                const skipPasswordVerification = token.clientId === 'cid-sdk' || token.clientId === 'cid-cli'; // these clients do not require password checks unlike UI
-                var info = { authorizedScopes: authorizedScopes, skipPasswordVerification: skipPasswordVerification }; // ends up in req.authInfo
-
-                callback(null, user, info);
+                const authorizedScopes = intersectScopes(userScopes, token.scope.split(','));
+                callback(null, user, { authorizedScopes }); // ends up in req.authInfo
             });
         });
     });

src/addons.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    AddonsError: AddonsError,
-
     getServices: getServices,
     getService: getService,
     configureService: configureService,
@@ -39,12 +37,9 @@ var accesscontrol = require('./accesscontrol.js'),
     BoxError = require('./boxerror.js'),
     clients = require('./clients.js'),
     constants = require('./constants.js'),
-    ClientsError = clients.ClientsError,
     crypto = require('crypto'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:addons'),
     docker = require('./docker.js'),
-    dockerConnection = docker.connection,
     fs = require('fs'),
     graphs = require('./graphs.js'),
     hat = require('./hat.js'),
@@ -65,31 +60,6 @@ var accesscontrol = require('./accesscontrol.js'),
     request = require('request'),
     util = require('util');
 
-// http://dustinsenos.com/articles/customErrorsInNode
-// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
-function AddonsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(AddonsError, Error);
-AddonsError.INTERNAL_ERROR = 'Internal Error';
-AddonsError.NOT_FOUND = 'Not Found';
-AddonsError.NOT_ACTIVE = 'Not Active';
-
 const NOOP = function (app, options, callback) { return callback(); };
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 const RMADDONDIR_CMD = path.join(__dirname, 'scripts/rmaddondir.sh');
@@ -261,33 +231,10 @@ function dumpPath(addon, appId) {
     }
 }
 
-function restartContainer(serviceName, callback) {
-    assert.strictEqual(typeof serviceName, 'string');
-    assert.strictEqual(typeof callback, 'function');
-
-    assert(KNOWN_SERVICES[serviceName], `Unknown service ${serviceName}`);
-
-    docker.stopContainer(serviceName, function (error) {
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
-
-        docker.startContainer(serviceName, function (error) {
-            if (error && error.reason === BoxError.NOT_FOUND) {
-                callback(null); // callback early since rebuilding takes long
-                return rebuildService(serviceName, function (error) { if (error) console.error(`Unable to rebuild service ${serviceName}`, error); });
-            }
-            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
-
-            callback(null);
-        });
-    });
-}
-
 function rebuildService(serviceName, callback) {
     assert.strictEqual(typeof serviceName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    assert(KNOWN_SERVICES[serviceName], `Unknown service ${serviceName}`);
-
     // this attempts to recreate the service docker container if they don't exist but platform infra version is unchanged
     // passing an infra version of 'none' will not attempt to purge existing data, not sure if this is good or bad
     if (serviceName === 'mongodb') return startMongodb({ version: 'none' }, callback);
@@ -300,25 +247,42 @@ function rebuildService(serviceName, callback) {
     callback();
 }
 
+function restartContainer(serviceName, callback) {
+    assert.strictEqual(typeof serviceName, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    docker.stopContainer(serviceName, function (error) {
+        if (error) return callback(error);
+
+        docker.startContainer(serviceName, function (error) {
+            if (error && error.reason === BoxError.NOT_FOUND) {
+                callback(null); // callback early since rebuilding takes long
+                return rebuildService(serviceName, function (error) { if (error) console.error(`Unable to rebuild service ${serviceName}`, error); });
+            }
+
+            callback(error);
+        });
+    });
+}
+
 function getServiceDetails(containerName, tokenEnvName, callback) {
     assert.strictEqual(typeof containerName, 'string');
     assert.strictEqual(typeof tokenEnvName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
     docker.inspect(containerName, function (error, result) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(new AddonsError(AddonsError.NOT_ACTIVE, error));
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         const ip = safe.query(result, 'NetworkSettings.Networks.cloudron.IPAddress', null);
-        if (!ip) return callback(new AddonsError(AddonsError.NOT_ACTIVE, `Error getting ${containerName} container ip`));
+        if (!ip) return callback(new BoxError(BoxError.INACTIVE, `Error getting IP of ${containerName} service`));
 
         // extract the cloudron token for auth
         const env = safe.query(result, 'Config.Env', null);
-        if (!env) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} env`));
+        if (!env) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error inspecting environment of ${containerName} service`));
         const tmp = env.find(function (e) { return e.indexOf(tokenEnvName) === 0; });
-        if (!tmp) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} cloudron token env var`));
+        if (!tmp) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting token of ${containerName} service`));
         const token = tmp.slice(tokenEnvName.length + 1); // +1 for the = sign
-        if (!token)  return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} cloudron token`));
+        if (!token)  return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting token of ${containerName} service`));
 
         callback(null, { ip: ip, token: token, state: result.State });
     });
@@ -330,7 +294,7 @@ function containerStatus(addonName, addonTokenName, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     getServiceDetails(addonName, addonTokenName, function (error, addonDetails) {
-        if (error && error.reason === AddonsError.NOT_ACTIVE) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
         if (error) return callback(error);
 
         request.get(`https://${addonDetails.ip}:3000/healthcheck?access_token=${addonDetails.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
@@ -338,7 +302,7 @@ function containerStatus(addonName, addonTokenName, callback) {
             if (response.statusCode !== 200 || !response.body.status) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for ${addonName}. Status code: ${response.statusCode} message: ${response.body.message}` });
 
             docker.memoryUsage(addonName, function (error, result) {
-                if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 var tmp = {
                     status: addonDetails.state.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -364,11 +328,14 @@ function getService(serviceName, callback) {
     assert.strictEqual(typeof serviceName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     var tmp = {
         name: serviceName,
         status: null,
+        memoryUsed: 0,
+        memoryPercent: 0,
+        error: null,
         config: {
             // If a property is not set then we cannot change it through the api, see below
             // memory: 0,
@@ -377,7 +344,7 @@ function getService(serviceName, callback) {
     };
 
     settings.getPlatformConfig(function (error, platformConfig) {
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (platformConfig[serviceName] && platformConfig[serviceName].memory && platformConfig[serviceName].memorySwap) {
             tmp.config.memory = platformConfig[serviceName].memory;
@@ -405,10 +372,10 @@ function configureService(serviceName, data, callback) {
     assert.strictEqual(typeof data, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     settings.getPlatformConfig(function (error, platformConfig) {
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (!platformConfig[serviceName]) platformConfig[serviceName] = {};
 
@@ -421,7 +388,7 @@ function configureService(serviceName, data, callback) {
         }
 
         settings.setPlatformConfig(platformConfig, function (error) {
-            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null);
         });
@@ -437,7 +404,7 @@ function getServiceLogs(serviceName, options, callback) {
     assert.strictEqual(typeof options.format, 'string');
     assert.strictEqual(typeof options.follow, 'boolean');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     debug(`Getting logs for ${serviceName}`);
 
@@ -496,7 +463,7 @@ function restartService(serviceName, callback) {
     assert.strictEqual(typeof serviceName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     KNOWN_SERVICES[serviceName].restart(callback);
 }
@@ -513,8 +480,8 @@ function waitForService(containerName, tokenEnvName, callback) {
 
         async.retry({ times: 10, interval: 15000 }, function (retryCallback) {
             request.get(`https://${result.ip}:3000/healthcheck?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
-                if (error) return retryCallback(new Error(`Error waiting for ${containerName}: ${error.message}`));
-                if (response.statusCode !== 200 || !response.body.status) return retryCallback(new Error(`Error waiting for ${containerName}. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return retryCallback(new BoxError(BoxError.ADDONS_ERROR, `Network error waiting for ${containerName}: ${error.message}`));
+                if (response.statusCode !== 200 || !response.body.status) return retryCallback(new BoxError(BoxError.ADDONS_ERROR, `Error waiting for ${containerName}. Status code: ${response.statusCode} message: ${response.body.message}`));
 
                 retryCallback(null);
             });
@@ -532,7 +499,7 @@ function setupAddons(app, addons, callback) {
     debugApp(app, 'setupAddons: Setting up %j', Object.keys(addons));
 
     async.eachSeries(Object.keys(addons), function iterator(addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
 
         debugApp(app, 'Setting up addon %s with options %j', addon, addons[addon]);
 
@@ -550,7 +517,7 @@ function teardownAddons(app, addons, callback) {
     debugApp(app, 'teardownAddons: Tearing down %j', Object.keys(addons));
 
     async.eachSeries(Object.keys(addons), function iterator(addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
 
         debugApp(app, 'Tearing down addon %s with options %j', addon, addons[addon]);
 
@@ -570,7 +537,7 @@ function backupAddons(app, addons, callback) {
     debugApp(app, 'backupAddons: Backing up %j', Object.keys(addons));
 
     async.eachSeries(Object.keys(addons), function iterator (addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
 
         KNOWN_ADDONS[addon].backup(app, addons[addon], iteratorCallback);
     }, callback);
@@ -588,7 +555,7 @@ function clearAddons(app, addons, callback) {
     debugApp(app, 'clearAddons: clearing %j', Object.keys(addons));
 
     async.eachSeries(Object.keys(addons), function iterator (addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
 
         KNOWN_ADDONS[addon].clear(app, addons[addon], iteratorCallback);
     }, callback);
@@ -606,7 +573,7 @@ function restoreAddons(app, addons, callback) {
     debugApp(app, 'restoreAddons: restoring %j', Object.keys(addons));
 
     async.eachSeries(Object.keys(addons), function iterator (addon, iteratorCallback) {
-        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new Error('No such addon:' + addon));
+        if (!(addon in KNOWN_ADDONS)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
 
         KNOWN_ADDONS[addon].restore(app, addons[addon], iteratorCallback);
     }, callback);
@@ -617,7 +584,7 @@ function importAppDatabase(app, addon, callback) {
     assert.strictEqual(typeof addon, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!(addon in KNOWN_ADDONS)) return callback(new Error(`No such addon: ${addon}`));
+    if (!(addon in KNOWN_ADDONS)) return callback(new BoxError(BoxError.NOT_FOUND, `No such addon: ${addon}`));
 
     async.series([
         KNOWN_ADDONS[addon].setup.bind(null, app, app.manifest.addons[addon]),
@@ -816,7 +783,7 @@ function setupOauth(app, options, callback) {
     var scope = accesscontrol.SCOPE_PROFILE;
 
     clients.delByAppIdAndType(appId, clients.TYPE_OAUTH, function (error) { // remove existing creds
-        if (error && error.reason !== ClientsError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         clients.add(appId, clients.TYPE_OAUTH, redirectURI, scope, function (error, result) {
             if (error) return callback(error);
@@ -844,7 +811,7 @@ function teardownOauth(app, options, callback) {
     debugApp(app, 'teardownOauth');
 
     clients.delByAppIdAndType(app.id, clients.TYPE_OAUTH, function (error) {
-        if (error && error.reason !== ClientsError.NOT_FOUND) debug(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) debug(error);
 
         appdb.unsetAddonConfig(app.id, 'oauth', callback);
     });
@@ -933,7 +900,7 @@ function setupSendMail(app, options, callback) {
     debugApp(app, 'Setting up SendMail');
 
     appdb.getAddonConfigByName(app.id, 'sendmail', '%MAIL_SMTP_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         var password = error ? hat(4 * 48) : existingPassword; // see box#565 for password length
 
@@ -943,10 +910,10 @@ function setupSendMail(app, options, callback) {
             { name: `${envPrefix}MAIL_SMTP_SERVER`, value: 'mail' },
             { name: `${envPrefix}MAIL_SMTP_PORT`, value: '2525' },
             { name: `${envPrefix}MAIL_SMTPS_PORT`, value: '2465' },
-            { name: `${envPrefix}MAIL_SMTP_USERNAME`, value: app.mailboxName + '@' + app.domain },
+            { name: `${envPrefix}MAIL_SMTP_USERNAME`, value: app.mailboxName + '@' + app.mailboxDomain },
             { name: `${envPrefix}MAIL_SMTP_PASSWORD`, value: password },
-            { name: `${envPrefix}MAIL_FROM`, value: app.mailboxName + '@' + app.domain },
-            { name: `${envPrefix}MAIL_DOMAIN`, value: app.domain }
+            { name: `${envPrefix}MAIL_FROM`, value: app.mailboxName + '@' + app.mailboxDomain },
+            { name: `${envPrefix}MAIL_DOMAIN`, value: app.mailboxDomain }
         ];
         debugApp(app, 'Setting sendmail addon config to %j', env);
         appdb.setAddonConfig(app.id, 'sendmail', env, callback);
@@ -971,7 +938,7 @@ function setupRecvMail(app, options, callback) {
     debugApp(app, 'Setting up recvmail');
 
     appdb.getAddonConfigByName(app.id, 'recvmail', '%MAIL_IMAP_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         var password = error ? hat(4 * 48) : existingPassword;  // see box#565 for password length
 
@@ -980,10 +947,10 @@ function setupRecvMail(app, options, callback) {
         var env = [
             { name: `${envPrefix}MAIL_IMAP_SERVER`, value: 'mail' },
             { name: `${envPrefix}MAIL_IMAP_PORT`, value: '9993' },
-            { name: `${envPrefix}MAIL_IMAP_USERNAME`, value: app.mailboxName + '@' + app.domain },
+            { name: `${envPrefix}MAIL_IMAP_USERNAME`, value: app.mailboxName + '@' + app.mailboxDomain },
             { name: `${envPrefix}MAIL_IMAP_PASSWORD`, value: password },
-            { name: `${envPrefix}MAIL_TO`, value: app.mailboxName + '@' + app.domain },
-            { name: `${envPrefix}MAIL_DOMAIN`, value: app.domain }
+            { name: `${envPrefix}MAIL_TO`, value: app.mailboxName + '@' + app.mailboxDomain },
+            { name: `${envPrefix}MAIL_DOMAIN`, value: app.mailboxDomain }
         ];
 
         debugApp(app, 'Setting sendmail addon config to %j', env);
@@ -1067,7 +1034,7 @@ function setupMySql(app, options, callback) {
     debugApp(app, 'Setting up mysql');
 
     appdb.getAddonConfigByName(app.id, 'mysql', '%MYSQL_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         const tmp = mysqlDatabaseName(app.id);
 
@@ -1082,8 +1049,8 @@ function setupMySql(app, options, callback) {
             if (error) return callback(error);
 
             request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `?access_token=${result.token}`, { rejectUnauthorized: false, json: data }, function (error, response) {
-                if (error) return callback(new Error('Error setting up mysql: ' + error));
-                if (response.statusCode !== 201) return callback(new Error(`Error setting up mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error setting up mysql: ${error.message}`));
+                if (response.statusCode !== 201) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error setting up mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
                 const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';
 
@@ -1120,9 +1087,10 @@ function clearMySql(app, options, callback) {
     getServiceDetails('mysql', 'CLOUDRON_MYSQL_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/clear?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error clearing mysql: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error clearing mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/clear?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing mysql: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+
             callback();
         });
     });
@@ -1139,9 +1107,9 @@ function teardownMySql(app, options, callback) {
     getServiceDetails('mysql', 'CLOUDRON_MYSQL_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.delete(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error clearing mysql: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error clearing mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.delete(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mysql: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             appdb.unsetAddonConfig(app.id, 'mysql', callback);
         });
@@ -1160,14 +1128,15 @@ function pipeRequestToFile(url, filename, callback) {
         callback(error);
     });
 
-    writeStream.on('error', done);
+    writeStream.on('error', (error) => done(new BoxError(BoxError.FS_ERROR, `Error writing to ${filename}: ${error.message}`)));
+
     writeStream.on('open', function () {
         // note: do not attach to post callback handler because this will buffer the entire reponse!
         // see https://github.com/request/request/issues/2270
         const req = request.post(url, { rejectUnauthorized: false });
-        req.on('error', done); // network error, dns error, request errored in middle etc
+        req.on('error', (error) => done(new BoxError(BoxError.NETWORK_ERROR, `Request error writing to ${filename}: ${error.message}`))); // network error, dns error, request errored in middle etc
         req.on('response', function (response) {
-            if (response.statusCode !== 200) return done(new Error(`Unexpected response code: ${response.statusCode} message: ${response.statusMessage} filename: ${filename}`));
+            if (response.statusCode !== 200) return done(new BoxError(BoxError.ADDONS_ERROR, `Unexpected response code when piping ${url}: ${response.statusCode} message: ${response.statusMessage} filename: ${filename}`));
 
             response.pipe(writeStream).on('finish', done); // this is hit after data written to disk
         });
@@ -1206,11 +1175,11 @@ function restoreMySql(app, options, callback) {
         if (error) return callback(error);
 
         var input = fs.createReadStream(dumpPath('mysql', app.id));
-        input.on('error', callback);
+        input.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring mysql: ${error.message}`)));
 
-        const restoreReq = request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/restore?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(error);
-            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from mysql addon ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/` + (options.multipleDatabases ? 'prefixes' : 'databases') + `/${database}/restore?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mysql: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mysql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback(null);
         });
@@ -1283,7 +1252,7 @@ function setupPostgreSql(app, options, callback) {
     const { database, username } = postgreSqlNames(app.id);
 
     appdb.getAddonConfigByName(app.id, 'postgresql', '%POSTGRESQL_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         const data = {
             database: database,
@@ -1295,8 +1264,8 @@ function setupPostgreSql(app, options, callback) {
             if (error) return callback(error);
 
             request.post(`https://${result.ip}:3000/databases?access_token=${result.token}`, { rejectUnauthorized: false, json: data }, function (error, response) {
-                if (error) return callback(new Error('Error setting up postgresql: ' + error));
-                if (response.statusCode !== 201) return callback(new Error(`Error setting up postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+                if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error setting up postgresql: ${error.message}`));
+                if (response.statusCode !== 201) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error setting up postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
                 const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';
 
@@ -1328,9 +1297,9 @@ function clearPostgreSql(app, options, callback) {
     getServiceDetails('postgresql', 'CLOUDRON_POSTGRESQL_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.post(`https://${result.ip}:3000/databases/${database}/clear?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error clearing postgresql: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error clearing postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/databases/${database}/clear?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing postgresql: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback(null);
         });
@@ -1347,9 +1316,9 @@ function teardownPostgreSql(app, options, callback) {
     getServiceDetails('postgresql', 'CLOUDRON_POSTGRESQL_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.delete(`https://${result.ip}:3000/databases/${database}?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error tearing down postgresql: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error tearing down postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.delete(`https://${result.ip}:3000/databases/${database}?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error tearing down postgresql: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             appdb.unsetAddonConfig(app.id, 'postgresql', callback);
         });
@@ -1388,11 +1357,11 @@ function restorePostgreSql(app, options, callback) {
         if (error) return callback(error);
 
         var input = fs.createReadStream(dumpPath('postgresql', app.id));
-        input.on('error', callback);
+        input.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring postgresql: ${error.message}`)));
 
-        const restoreReq = request.post(`https://${result.ip}:3000/databases/${database}/restore?access_token=${result.token}&username=${username}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(error);
-            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from postgresql addon ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/databases/${database}/restore?access_token=${result.token}&username=${username}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring postgresql: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring postgresql. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback(null);
         });
@@ -1458,7 +1427,7 @@ function setupMongoDb(app, options, callback) {
     debugApp(app, 'Setting up mongodb');
 
     appdb.getAddonConfigByName(app.id, 'mongodb', '%MONGODB_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         const data = {
             database: app.id,
@@ -1471,8 +1440,8 @@ function setupMongoDb(app, options, callback) {
             if (error) return callback(error);
 
             request.post(`https://${result.ip}:3000/databases?access_token=${result.token}`, { rejectUnauthorized: false, json: data }, function (error, response) {
-                if (error) return callback(new Error('Error setting up mongodb: ' + error));
-                if (response.statusCode !== 201) return callback(new Error(`Error setting up mongodb. Status code: ${response.statusCode}`));
+                if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error setting up mongodb: ${error.message}`));
+                if (response.statusCode !== 201) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error setting up mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
 
                 const envPrefix = app.manifest.manifestVersion <= 1 ? '' : 'CLOUDRON_';
 
@@ -1506,9 +1475,9 @@ function clearMongodb(app, options, callback) {
     getServiceDetails('mongodb', 'CLOUDRON_MONGODB_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.post(`https://${result.ip}:3000/databases/${app.id}/clear?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error clearing mongodb: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error clearing mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/databases/${app.id}/clear?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing mongodb: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback();
         });
@@ -1525,9 +1494,9 @@ function teardownMongoDb(app, options, callback) {
     getServiceDetails('mongodb', 'CLOUDRON_MONGODB_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.delete(`https://${result.ip}:3000/databases/${app.id}?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error tearing down mongodb: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error tearing down mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.delete(`https://${result.ip}:3000/databases/${app.id}?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mongodb: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error tearing down mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             appdb.unsetAddonConfig(app.id, 'mongodb', callback);
         });
@@ -1562,11 +1531,11 @@ function restoreMongoDb(app, options, callback) {
         if (error) return callback(error);
 
         const readStream = fs.createReadStream(dumpPath('mongodb', app.id));
-        readStream.on('error', callback);
+        readStream.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring mongodb: ${error.message}`)));
 
-        const restoreReq = request.post(`https://${result.ip}:3000/databases/${app.id}/restore?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(error);
-            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from mongodb addon ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/databases/${app.id}/restore?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mongodb: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring mongodb. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback(null);
         });
@@ -1582,9 +1551,21 @@ function startRedis(existingInfra, callback) {
     const tag = infra.images.redis.tag;
     const upgrading = existingInfra.version !== 'none' && requiresUpgrade(existingInfra.images.redis.tag, tag);
 
-    if (!upgrading) return callback();
+    appdb.getAll(function (error, apps) {
+        if (error) return callback(error);
 
-    importDatabase('redis', callback); // setupRedis currently starts the app container
+        async.eachSeries(apps, function iterator (app, iteratorCallback) {
+            if (!('redis' in app.manifest.addons)) return iteratorCallback(); // app doesn't use the addon
+
+            setupRedis(app, app.manifest.addons.redis, iteratorCallback);
+        }, function (error) {
+            if (error) return callback(error);
+
+            if (!upgrading) return callback();
+
+            importDatabase('redis', callback); // setupRedis currently starts the app container
+        });
+    });
 }
 
 // Ensures that app's addon redis container is running. Can be called when named container already exists/running
@@ -1596,9 +1577,9 @@ function setupRedis(app, options, callback) {
     const redisName = 'redis-' + app.id;
 
     appdb.getAddonConfigByName(app.id, 'redis', '%REDIS_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
-        const redisPassword = error ? hat(4 * 48) : existingPassword; // see box#362 for password length
+        const redisPassword = options.noPassword ? '' : (error ? hat(4 * 48) : existingPassword); // see box#362 for password length
         const redisServiceToken = hat(4 * 48);
 
         // Compute redis memory limit based on app's memory limit (this is arbitrary)
@@ -1645,7 +1626,7 @@ function setupRedis(app, options, callback) {
 
         async.series([
             (next) => {
-                docker.inspect(redisName, function (inspectError, result) {
+                docker.inspect(redisName, function (inspectError, result) { // fast-path
                     if (!inspectError) {
                         debug(`Re-using existing redis container with state: ${JSON.stringify(result.State)}`);
                         return next();
@@ -1672,9 +1653,9 @@ function clearRedis(app, options, callback) {
     getServiceDetails('redis-' + app.id, 'CLOUDRON_REDIS_TOKEN', function (error, result) {
         if (error) return callback(error);
 
-        request.post(`https://${result.ip}:3000/clear?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(new Error('Error clearing redis: ' + error));
-            if (response.statusCode !== 200) return callback(new Error(`Error clearing redis. Status code: ${response.statusCode} message: ${response.body.message}`));
+        request.post(`https://${result.ip}:3000/clear?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Network error clearing redis: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error clearing redis. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback(null);
         });
@@ -1686,18 +1667,11 @@ function teardownRedis(app, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    var container = dockerConnection.getContainer('redis-' + app.id);
-
-    var removeOptions = {
-        force: true, // kill container if it's running
-        v: true // removes volumes associated with the container
-    };
-
-    container.remove(removeOptions, function (error) {
-        if (error && error.statusCode !== 404) return callback(new Error('Error removing container:' + error));
+    docker.deleteContainer(`redis-${app.id}`, function (error) {
+        if (error) return callback(error);
 
         shell.sudo('removeVolume', [ RMADDONDIR_CMD, 'redis', app.id ], {}, function (error) {
-            if (error) return callback(new Error('Error removing redis data:' + error));
+            if (error) return callback(new BoxError(BoxError.FS_ERROR, `Error removing redis data: ${error.message}`));
 
             rimraf(path.join(paths.LOG_DIR, `redis-${app.id}`), function (error) {
                 if (error) debugApp(app, 'cannot cleanup logs: %s', error);
@@ -1730,6 +1704,8 @@ function restoreRedis(app, options, callback) {
 
     debugApp(app, 'Restoring redis');
 
+    callback = once(callback); // protect from multiple returns with streams
+
     getServiceDetails('redis-' + app.id, 'CLOUDRON_REDIS_TOKEN', function (error, result) {
         if (error) return callback(error);
 
@@ -1740,11 +1716,11 @@ function restoreRedis(app, options, callback) {
         } else { // old location of dumps
             input = fs.createReadStream(path.join(paths.APPS_DATA_DIR, app.id, 'redis/dump.rdb'));
         }
-        input.on('error', callback);
+        input.on('error', (error) => callback(new BoxError(BoxError.FS_ERROR, `Error reading input stream when restoring redis: ${error.message}`)));
 
-        const restoreReq = request.post(`https://${result.ip}:3000/restore?access_token=${result.token}`, { rejectUnauthorized: false }, function (error, response) {
-            if (error) return callback(error);
-            if (response.statusCode !== 200) return callback(new Error(`Unexpected response from redis addon: ${response.statusCode} message: ${response.body.message}`));
+        const restoreReq = request.post(`https://${result.ip}:3000/restore?access_token=${result.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring redis: ${error.message}`));
+            if (response.statusCode !== 200) return callback(new BoxError(BoxError.ADDONS_ERROR, `Error restoring redis. Status code: ${response.statusCode} message: ${response.body.message}`));
 
             callback(null);
         });
@@ -1806,10 +1782,10 @@ function statusSftp(callback) {
 
     docker.inspect('sftp', function (error, container) {
         if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         docker.memoryUsage('sftp', function (error, result) {
-            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             var tmp = {
                 status: container.State.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -1827,14 +1803,14 @@ function statusGraphite(callback) {
 
     docker.inspect('graphite', function (error, container) {
         if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
-        request.get('http://127.0.0.1:8417/graphite-web/dashboard', { timeout: 3000 }, function (error, response) {
+        request.get('http://127.0.0.1:8417/graphite-web/dashboard', { json: true, timeout: 3000 }, function (error, response) {
             if (error) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for graphite: ${error.message}` });
             if (response.statusCode !== 200) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for graphite. Status code: ${response.statusCode} message: ${response.body.message}` });
 
             docker.memoryUsage('graphite', function (error, result) {
-                if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 var tmp = {
                     status: container.State.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,

src/appdb.js

@@ -33,17 +33,17 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     safe = require('safetydance'),
     util = require('util');
 
 var APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.errorJson', 'apps.runState',
     'apps.health', 'apps.containerId', 'apps.manifestJson', 'apps.httpPort', 'subdomains.subdomain AS location', 'subdomains.domain',
     'apps.accessRestrictionJson', 'apps.memoryLimit',
-    'apps.label', 'apps.tagsJson', 'apps.taskId',
-    'apps.sso', 'apps.debugModeJson', 'apps.robotsTxt', 'apps.enableBackup',
-    'apps.creationTime', 'apps.updateTime', 'apps.mailboxName', 'apps.enableAutomaticUpdate',
+    'apps.label', 'apps.tagsJson', 'apps.taskId', 'apps.reverseProxyConfigJson',
+    'apps.sso', 'apps.debugModeJson', 'apps.enableBackup',
+    'apps.creationTime', 'apps.updateTime', 'apps.mailboxName', 'apps.mailboxDomain', 'apps.enableAutomaticUpdate',
     'apps.dataDir', 'apps.ts', 'apps.healthTime' ].join(',');
 
 var PORT_BINDINGS_FIELDS = [ 'hostPort', 'type', 'environmentVariable', 'appId' ].join(',');
@@ -61,6 +61,10 @@ function postProcess(result) {
     result.tags = safe.JSON.parse(result.tagsJson) || [];
     delete result.tagsJson;
 
+    assert(result.reverseProxyConfigJson === null || typeof result.reverseProxyConfigJson === 'string');
+    result.reverseProxyConfig = safe.JSON.parse(result.reverseProxyConfigJson) || {};
+    delete result.reverseProxyConfigJson;
+
     assert(result.hostPorts === null || typeof result.hostPorts === 'string');
     assert(result.environmentVariables === null || typeof result.environmentVariables === 'string');
 
@@ -122,11 +126,11 @@ function get(id, callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' WHERE apps.id = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             result[0].alternateDomains = alternateDomains;
 
@@ -149,11 +153,11 @@ function getByHttpPort(httpPort, callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' WHERE httpPort = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, httpPort ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ result[0].id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             result[0].alternateDomains = alternateDomains;
             postProcess(result[0]);
@@ -175,11 +179,11 @@ function getByContainerId(containerId, callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' WHERE containerId = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, containerId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ result[0].id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             result[0].alternateDomains = alternateDomains;
             postProcess(result[0]);
@@ -200,10 +204,10 @@ function getAll(callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' GROUP BY apps.id ORDER BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE type = ?', [ exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             alternateDomains.forEach(function (d) {
                 var domain = results.find(function (a) { return d.appId === a.id; });
@@ -241,21 +245,22 @@ function add(id, appStoreId, manifest, location, domain, portBindings, data, cal
     const installationState = data.installationState;
     const runState = data.runState;
     const sso = 'sso' in data ? data.sso : null;
-    const robotsTxt = 'robotsTxt' in data ? data.robotsTxt : null;
     const debugModeJson = data.debugMode ? JSON.stringify(data.debugMode) : null;
     const env = data.env || {};
     const label = data.label || null;
     const tagsJson = data.tags ? JSON.stringify(data.tags) : null;
     const mailboxName = data.mailboxName || null;
+    const mailboxDomain = data.mailboxDomain || null;
+    const reverseProxyConfigJson = data.reverseProxyConfig ? JSON.stringify(data.reverseProxyConfig) : null;
 
     var queries = [];
 
     queries.push({
         query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit, '
-            + 'sso, debugModeJson, robotsTxt, mailboxName, label, tagsJson) '
-            + ' VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
+            + 'sso, debugModeJson, mailboxName, mailboxDomain, label, tagsJson, reverseProxyConfigJson) '
+            + ' VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
         args: [ id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit,
-            sso, debugModeJson, robotsTxt, mailboxName, label, tagsJson ]
+            sso, debugModeJson, mailboxName, mailboxDomain, label, tagsJson, reverseProxyConfigJson ]
     });
 
     queries.push({
@@ -287,9 +292,9 @@ function add(id, appStoreId, manifest, location, domain, portBindings, data, cal
     }
 
     database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'no such domain'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error.message));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'no such domain'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -300,7 +305,7 @@ function exists(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT 1 FROM apps WHERE id=?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback(null, result.length !== 0);
     });
@@ -311,7 +316,7 @@ function getPortBindings(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + PORT_BINDINGS_FIELDS + ' FROM appPortBindings WHERE appId = ?', [ id ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         var portBindings = { };
         for (var i = 0; i < results.length; i++) {
@@ -328,8 +333,8 @@ function delPortBinding(hostPort, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM appPortBindings WHERE hostPort=? AND type=?', [ hostPort, type ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null);
     });
@@ -347,8 +352,8 @@ function del(id, callback) {
     ];
 
     database.transaction(queries, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results[3].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results[3].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null);
     });
@@ -364,7 +369,7 @@ function clear(callback) {
         database.query.bind(null, 'DELETE FROM appEnvVars'),
         database.query.bind(null, 'DELETE FROM apps')
     ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         return callback(null);
     });
 }
@@ -420,7 +425,7 @@ function updateWithConstraints(id, app, constraints, callback) {
 
     var fields = [ ], values = [ ];
     for (var p in app) {
-        if (p === 'manifest' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode' || p === 'error') {
+        if (p === 'manifest' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode' || p === 'error' || p === 'reverseProxyConfig') {
             fields.push(`${p}Json = ?`);
             values.push(JSON.stringify(app[p]));
         } else if (p !== 'portBindings' && p !== 'location' && p !== 'domain' && p !== 'alternateDomains' && p !== 'env') {
@@ -435,9 +440,9 @@ function updateWithConstraints(id, app, constraints, callback) {
     }
 
     database.transaction(queries, function (error, results) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results[results.length - 1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error.message));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results[results.length - 1].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         return callback(null);
     });
@@ -473,7 +478,7 @@ function getAppStoreIds(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT id, appStoreId FROM apps', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -498,7 +503,7 @@ function setAddonConfig(appId, addonId, env, callback) {
         }
 
         database.query(query + queryArgs.join(','), args, function (error) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             return callback(null);
         });
@@ -511,7 +516,7 @@ function unsetAddonConfig(appId, addonId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM appAddonConfigs WHERE appId = ? AND addonId = ?', [ appId, addonId ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -522,7 +527,7 @@ function unsetAddonConfigByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM appAddonConfigs WHERE appId = ?', [ appId ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -534,7 +539,7 @@ function getAddonConfig(appId, addonId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT name, value FROM appAddonConfigs WHERE appId = ? AND addonId = ?', [ appId, addonId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -545,7 +550,7 @@ function getAddonConfigByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT name, value FROM appAddonConfigs WHERE appId = ?', [ appId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -558,8 +563,8 @@ function getAppIdByAddonConfigValue(addonId, namePattern, value, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT appId FROM appAddonConfigs WHERE addonId = ? AND name LIKE ? AND value = ?', [ addonId, namePattern, value ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null, results[0].appId);
     });
@@ -572,8 +577,8 @@ function getAddonConfigByName(appId, addonId, namePattern, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT value FROM appAddonConfigs WHERE appId = ? AND addonId = ? AND name LIKE ?', [ appId, addonId, namePattern ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null, results[0].value);
     });

src/apphealthmonitor.js

@@ -5,7 +5,7 @@ var appdb = require('./appdb.js'),
     assert = require('assert'),
     async = require('async'),
     auditSource = require('./auditsource.js'),
-    DatabaseError = require('./databaseerror.js'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:apphealthmonitor'),
     docker = require('./docker.js'),
     eventlog = require('./eventlog.js'),
@@ -26,7 +26,7 @@ let gLastOomMailTime = Date.now() - (5 * 60 * 1000); // pretend we sent email 5
 function debugApp(app) {
     assert(typeof app === 'object');
 
-    debug(app.fqdn + ' ' + app.manifest.id + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)) + ' - ' + app.id);
+    debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)) + ' - ' + app.id);
 }
 
 function setHealth(app, health, callback) {
@@ -57,7 +57,7 @@ function setHealth(app, health, callback) {
     }
 
     appdb.setHealth(app.id, health, healthTime, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null); // app uninstalled?
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null); // app uninstalled?
         if (error) return callback(error);
 
         app.health = health;
@@ -186,9 +186,10 @@ function processApp(callback) {
         async.each(result, checkAppHealth, function (error) {
             if (error) console.error(error);
 
-            var alive = result
+            const alive = result
                 .filter(function (a) { return a.installationState === apps.ISTATE_INSTALLED && a.runState === apps.RSTATE_RUNNING && a.health === apps.HEALTH_HEALTHY; })
-                .map(function (a) { return (a.location || 'naked_domain') + '|' + a.manifest.id; }).join(', ');
+                .map(a => a.fqdn)
+                .join(', ');
 
             debug('apps alive: [%s]', alive);
 

src/appstore.js

@@ -5,6 +5,9 @@ exports = module.exports = {
     getApp: getApp,
     getAppVersion: getAppVersion,
 
+    trackBeginSetup: trackBeginSetup,
+    trackFinishedSetup: trackFinishedSetup,
+
     registerWithLoginCredentials: registerWithLoginCredentials,
     registerWithLicense: registerWithLicense,
 
@@ -19,14 +22,13 @@ exports = module.exports = {
     getAppUpdate: getAppUpdate,
     getBoxUpdate: getBoxUpdate,
 
-    createTicket: createTicket,
-
-    AppstoreError: AppstoreError
+    createTicket: createTicket
 };
 
 var apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     custom = require('./custom.js'),
     debug = require('debug')('box:appstore'),
@@ -39,48 +41,17 @@ var apps = require('./apps.js'),
     semver = require('semver'),
     settings = require('./settings.js'),
     superagent = require('superagent'),
-    sysinfo = require('./sysinfo.js'),
     users = require('./users.js'),
     util = require('util');
 
-function AppstoreError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(AppstoreError, Error);
-AppstoreError.INTERNAL_ERROR = 'Internal Error';
-AppstoreError.EXTERNAL_ERROR = 'External Error';
-AppstoreError.ALREADY_EXISTS = 'Already Exists';
-AppstoreError.ACCESS_DENIED = 'Access Denied';
-AppstoreError.NOT_FOUND = 'Not Found';
-AppstoreError.PLAN_LIMIT = 'Plan limit reached'; // upstream 402 (subsciption_expired and subscription_required)
-AppstoreError.LICENSE_ERROR = 'License Error'; // upstream 422 (no license, invalid license)
-AppstoreError.INVALID_TOKEN = 'Invalid token'; // upstream 401 (invalid token)
-AppstoreError.NOT_REGISTERED = 'Not registered'; // upstream 412 (no token, not set yet)
-AppstoreError.ALREADY_REGISTERED = 'Already registered';
-
-var NOOP_CALLBACK = function (error) { if (error) debug(error); };
+const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
 function getCloudronToken(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getCloudronToken(function (error, token) {
-        if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
-        if (!token) return callback(new AppstoreError(AppstoreError.NOT_REGISTERED));
+        if (error) return callback(error);
+        if (!token) return callback(new BoxError(BoxError.LICENSE_ERROR, 'Missing token'));
 
         callback(null, token);
     });
@@ -100,9 +71,9 @@ function login(email, password, totpToken, callback) {
 
     const url = settings.apiServerOrigin() + '/api/v1/login';
     superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-        if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.ACCESS_DENIED));
-        if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `login status code: ${result.statusCode}`));
+        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+        if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `login status code: ${result.statusCode}`));
 
         callback(null, result.body); // { userId, accessToken }
     });
@@ -120,9 +91,9 @@ function registerUser(email, password, callback) {
 
     const url = settings.apiServerOrigin() + '/api/v1/register_user';
     superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-        if (result.statusCode === 409) return callback(new AppstoreError(AppstoreError.ALREADY_EXISTS));
-        if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `register status code: ${result.statusCode}`));
+        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+        if (result.statusCode === 409) return callback(new BoxError(BoxError.ALREADY_EXISTS));
+        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `register status code: ${result.statusCode}`));
 
         callback(null);
     });
@@ -136,11 +107,11 @@ function getSubscription(callback) {
 
         const url = settings.apiServerOrigin() + '/api/v1/subscription';
         superagent.get(url).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR));
-            if (result.statusCode === 502) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Stripe error: ${error.message}`));
-            if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Unknown error: ${error.message}`));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR));
+            if (result.statusCode === 502) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Stripe error: ${error.message}`));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Unknown error: ${error.message}`));
 
             callback(null, result.body); // { email, subscription }
         });
@@ -164,13 +135,13 @@ function purchaseApp(data, callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/cloudronapps`;
 
         superagent.post(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND)); // appstoreId does not exist
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.PLAN_LIMIT, result.body.message));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND)); // appstoreId does not exist
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 402) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
             // 200 if already purchased, 201 is newly purchased
-            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
 
             callback(null);
         });
@@ -189,16 +160,16 @@ function unpurchaseApp(appId, data, callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/cloudronapps/${appId}`;
 
         superagent.get(url).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
             if (result.statusCode === 404) return callback(null);   // was never purchased
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
 
             superagent.del(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
-                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode !== 204) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
+                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
 
                 callback(null);
             });
@@ -214,42 +185,42 @@ function sendAliveStatus(callback) {
     async.series([
         function (callback) {
             settings.getAll(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 allSettings = result;
                 callback();
             });
         },
         function (callback) {
             domains.getAll(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 allDomains = result;
                 callback();
             });
         },
         function (callback) {
             mail.getDomains(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 mailDomains = result;
                 callback();
             });
         },
         function (callback) {
             eventlog.getAllPaged([ eventlog.ACTION_USER_LOGIN ], null, 1, 1, function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 loginEvents = result;
                 callback();
             });
         },
         function (callback) {
             users.count(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 userCount = result;
                 callback();
             });
         },
         function (callback) {
             groups.count(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 groupCount = result;
                 callback();
             });
@@ -277,12 +248,13 @@ function sendAliveStatus(callback) {
             appAutoupdatePattern: allSettings[settings.APP_AUTOUPDATE_PATTERN_KEY],
             boxAutoupdatePattern: allSettings[settings.BOX_AUTOUPDATE_PATTERN_KEY],
             timeZone: allSettings[settings.TIME_ZONE_KEY],
+            sysinfoProvider: allSettings[settings.SYSINFO_CONFIG_KEY].provider
         };
 
         var data = {
             version: constants.VERSION,
             adminFqdn: settings.adminFqdn(),
-            provider: sysinfo.provider(),
+            provider: settings.provider(),
             backendSettings: backendSettings,
             machine: {
                 cpus: os.cpus(),
@@ -298,11 +270,11 @@ function sendAliveStatus(callback) {
 
             const url = `${settings.apiServerOrigin()}/api/v1/alive`;
             superagent.post(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
-                if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
-                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Sending alive status failed. %s %j', result.status, result.body)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
+                if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Sending alive status failed. %s %j', result.status, result.body)));
 
                 callback(null);
             });
@@ -319,25 +291,25 @@ function getBoxUpdate(callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/boxupdate`;
 
         superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
             if (result.statusCode === 204) return callback(null); // no update
-            if (result.statusCode !== 200 || !result.body) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (result.statusCode !== 200 || !result.body) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
             var updateInfo = result.body;
 
             if (!semver.valid(updateInfo.version) || semver.gt(constants.VERSION, updateInfo.version)) {
-                return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Invalid update version: %s %s', result.statusCode, result.text)));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Invalid update version: %s %s', result.statusCode, result.text)));
             }
 
             // updateInfo: { version, changelog, sourceTarballUrl, sourceTarballSigUrl, boxVersionsUrl, boxVersionsSigUrl }
-            if (!updateInfo.version || typeof updateInfo.version !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.changelog || !Array.isArray(updateInfo.changelog)) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.sourceTarballUrl || typeof updateInfo.sourceTarballUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.sourceTarballSigUrl || typeof updateInfo.sourceTarballSigUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballSigUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.boxVersionsUrl || typeof updateInfo.boxVersionsUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.boxVersionsSigUrl || typeof updateInfo.boxVersionsSigUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsSigUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.version || typeof updateInfo.version !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.changelog || !Array.isArray(updateInfo.changelog)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.sourceTarballUrl || typeof updateInfo.sourceTarballUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.sourceTarballSigUrl || typeof updateInfo.sourceTarballSigUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballSigUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.boxVersionsUrl || typeof updateInfo.boxVersionsUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.boxVersionsSigUrl || typeof updateInfo.boxVersionsSigUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsSigUrl): %s %s', result.statusCode, result.text)));
 
             callback(null, updateInfo);
         });
@@ -354,11 +326,11 @@ function getAppUpdate(app, callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/appupdate`;
 
         superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION, appId: app.appStoreId, appVersion: app.manifest.version }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
             if (result.statusCode === 204) return callback(null); // no update
-            if (result.statusCode !== 200 || !result.body) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (result.statusCode !== 200 || !result.body) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
             const updateInfo = result.body;
 
@@ -368,7 +340,7 @@ function getAppUpdate(app, callback) {
             // do some sanity checks
             if (!safe.query(updateInfo, 'manifest.version') || semver.gt(curAppVersion, safe.query(updateInfo, 'manifest.version'))) {
                 debug('Skipping malformed update of app %s version: %s. got %j', app.id, curAppVersion, updateInfo);
-                return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Malformed update: %s %s', result.statusCode, result.text)));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Malformed update: %s %s', result.statusCode, result.text)));
             }
 
             // { id, creationDate, manifest }
@@ -384,20 +356,20 @@ function registerCloudron(data, callback) {
     const url = `${settings.apiServerOrigin()}/api/v1/register_cloudron`;
 
     superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-        if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Unable to register cloudron: ${error.message}`));
+        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Unable to register cloudron: ${error.message}`));
 
         // cloudronId, token, licenseKey
-        if (!result.body.cloudronId) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no cloudron id'));
-        if (!result.body.cloudronToken) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no token'));
-        if (!result.body.licenseKey) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no license'));
+        if (!result.body.cloudronId) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no cloudron id'));
+        if (!result.body.cloudronToken) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no token'));
+        if (!result.body.licenseKey) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no license'));
 
         async.series([
             settings.setCloudronId.bind(null, result.body.cloudronId),
             settings.setCloudronToken.bind(null, result.body.cloudronToken),
             settings.setLicenseKey.bind(null, result.body.licenseKey),
         ], function (error) {
-            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             debug(`registerCloudron: Cloudron registered with id ${result.body.cloudronId}`);
 
@@ -406,15 +378,47 @@ function registerCloudron(data, callback) {
     });
 }
 
+// This works without a Cloudron token as this Cloudron was not yet registered
+let gBeginSetupAlreadyTracked = false;
+function trackBeginSetup(provider) {
+    assert.strictEqual(typeof provider, 'string');
+
+    // avoid browser reload double tracking, not perfect since box might restart, but covers most cases and is simple
+    if (gBeginSetupAlreadyTracked) return;
+    gBeginSetupAlreadyTracked = true;
+
+    const url = `${settings.apiServerOrigin()}/api/v1/helper/setup_begin`;
+
+    superagent.post(url).send({ provider }).timeout(30 * 1000).end(function (error, result) {
+        if (error && !error.response) return console.error(error.message);
+        if (result.statusCode !== 200) return console.error(error.message);
+    });
+}
+
+// This works without a Cloudron token as this Cloudron was not yet registered
+function trackFinishedSetup(domain) {
+    assert.strictEqual(typeof domain, 'string');
+
+    const url = `${settings.apiServerOrigin()}/api/v1/helper/setup_finished`;
+
+    superagent.post(url).send({ domain }).timeout(30 * 1000).end(function (error, result) {
+        if (error && !error.response) return console.error(error.message);
+        if (result.statusCode !== 200) return console.error(error.message);
+    });
+}
+
 function registerWithLicense(license, domain, callback) {
     assert.strictEqual(typeof license, 'string');
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
     getCloudronToken(function (error, token) {
-        if (token) return callback(new AppstoreError(AppstoreError.ALREADY_REGISTERED));
+        if (token) return callback(new BoxError(BoxError.CONFLICT));
 
-        registerCloudron({ license, domain }, callback);
+        const provider = settings.provider();
+        const version = constants.VERSION;
+
+        registerCloudron({ license, domain, provider, version }, callback);
     });
 }
 
@@ -429,7 +433,7 @@ function registerWithLoginCredentials(options, callback) {
     }
 
     getCloudronToken(function (error, token) {
-        if (token) return callback(new AppstoreError(AppstoreError.ALREADY_REGISTERED));
+        if (token) return callback(new BoxError(BoxError.CONFLICT));
 
         maybeSignup(function (error) {
             if (error) return callback(error);
@@ -437,19 +441,20 @@ function registerWithLoginCredentials(options, callback) {
             login(options.email, options.password, options.totpToken || '', function (error, result) {
                 if (error) return callback(error);
 
-                registerCloudron({ domain: settings.adminDomain(), accessToken: result.accessToken }, callback);
+                registerCloudron({ domain: settings.adminDomain(), accessToken: result.accessToken, provider: settings.provider(), version: constants.VERSION }, callback);
             });
         });
     });
 }
 
-function createTicket(info, callback) {
+function createTicket(info, auditSource, callback) {
     assert.strictEqual(typeof info, 'object');
     assert.strictEqual(typeof info.email, 'string');
     assert.strictEqual(typeof info.displayName, 'string');
     assert.strictEqual(typeof info.type, 'string');
     assert.strictEqual(typeof info.subject, 'string');
     assert.strictEqual(typeof info.description, 'string');
+    assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     function collectAppInfoIfNeeded(callback) {
@@ -469,10 +474,12 @@ function createTicket(info, callback) {
             info.supportEmail = custom.spec().support.email; // destination address for tickets
 
             superagent.post(url).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+
+                eventlog.add(eventlog.ACTION_SUPPORT_TICKET, auditSource, info);
 
                 callback(null);
             });
@@ -487,14 +494,15 @@ function getApps(callback) {
         if (error) return callback(error);
 
         settings.getUnstableAppsConfig(function (error, unstable) {
-            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
+
             const url = `${settings.apiServerOrigin()}/api/v1/apps`;
             superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION, unstable: unstable }).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
-                if (!result.body.apps) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
+                if (!result.body.apps) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
                 callback(null, result.body.apps);
             });
@@ -514,11 +522,11 @@ function getAppVersion(appId, version, callback) {
         if (version !== 'latest') url += `/versions/${version}`;
 
         superagent.get(url).query({ accessToken: token }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body)));
 
             callback(null, result.body);
         });

src/apptask.js

@@ -24,16 +24,14 @@ var addons = require('./addons.js'),
     apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
-    auditsource = require('./auditsource.js'),
+    auditSource = require('./auditsource.js'),
     backups = require('./backups.js'),
     BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:apptask'),
     df = require('@sindresorhus/df'),
     docker = require('./docker.js'),
     domains = require('./domains.js'),
-    DomainsError = domains.DomainsError,
     ejs = require('ejs'),
     eventlog = require('./eventlog.js'),
     fs = require('fs'),
@@ -66,11 +64,13 @@ function debugApp(app) {
 }
 
 function makeTaskError(error, app) {
-    let boxError = error instanceof BoxError ? error : new BoxError(BoxError.UNKNOWN_ERROR, error.message); // until we port everything to BoxError
+    assert.strictEqual(typeof error, 'object');
+    assert.strictEqual(typeof app, 'object');
+
     // track a few variables which helps 'repair' restart the task (see also scheduleTask in apps.js)
-    boxError.details.taskId = app.taskId;
-    boxError.details.installationState = app.installationState;
-    return boxError.toPlainObject();
+    error.details.taskId = app.taskId;
+    error.details.installationState = app.installationState;
+    return error.toPlainObject();
 }
 
 // updates the app object and the database
@@ -82,7 +82,7 @@ function updateApp(app, values, callback) {
     debugApp(app, 'updating app with values: %j', values);
 
     appdb.update(app.id, values, function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(error);
 
         for (var value in values) {
             app[value] = values[value];
@@ -115,7 +115,7 @@ function configureReverseProxy(app, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     reverseProxy.configureApp(app, { userId: null, username: 'apptask' }, function (error) {
-        if (error) return callback(new BoxError(BoxError.REVERSEPROXY_ERROR, `Error configuring nginx: ${error.message}`));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -126,7 +126,7 @@ function unconfigureReverseProxy(app, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     reverseProxy.unconfigureApp(app, function (error) {
-        if (error) return callback(new BoxError(BoxError.REVERSEPROXY_ERROR, `Error unconfiguring nginx: ${error.message}`));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -140,9 +140,17 @@ function createContainer(app, callback) {
     debugApp(app, 'creating container');
 
     docker.createContainer(app, function (error, container) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error creating container: ${error.message}`));
+        if (error) return callback(error);
 
-        updateApp(app, { containerId: container.id }, callback);
+        updateApp(app, { containerId: container.id }, function (error) {
+            if (error) return callback(error);
+
+            // re-generate configs that rely on container id
+            async.series([
+                addLogrotateConfig.bind(null, app),
+                addCollectdProfile.bind(null, app)
+            ], callback);
+        });
     });
 }
 
@@ -153,11 +161,14 @@ function deleteContainers(app, options, callback) {
 
     debugApp(app, 'deleting app containers (app, scheduler)');
 
-    docker.deleteContainers(app.id, options, function (error) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error deleting container: ${error.message}`));
-
-        updateApp(app, { containerId: null }, callback);
-    });
+    async.series([
+        // remove configs that rely on container id
+        removeCollectdProfile.bind(null, app),
+        removeLogrotateConfig.bind(null, app),
+        docker.stopContainers.bind(null, app.id),
+        docker.deleteContainers.bind(null, app.id, options),
+        updateApp.bind(null, app, { containerId: null })
+    ], callback);
 }
 
 function createAppDir(app, callback) {
@@ -248,7 +259,7 @@ function addLogrotateConfig(app, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     docker.inspect(app.containerId, function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error inspecting app container: ${error.message}`, { containerId: app.containerId }));
+        if (error) return callback(error);
 
         var runVolume = result.Mounts.find(function (mount) { return mount.Destination === '/run'; });
         if (!runVolume) return callback(new BoxError(BoxError.DOCKER_ERROR, 'App does not have /run mounted'));
@@ -352,7 +363,7 @@ function registerSubdomains(app, overwrite, callback) {
     assert.strictEqual(typeof overwrite, 'boolean');
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error);
 
         const allDomains = [ { subdomain: app.location, domain: app.domain }].concat(app.alternateDomains);
@@ -365,9 +376,9 @@ function registerSubdomains(app, overwrite, callback) {
 
                 // get the current record before updating it
                 domains.getDnsRecords(domain.subdomain, domain.domain, 'A', function (error, values) {
-                    if (error && error.reason === DomainsError.EXTERNAL_ERROR) return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
-                    if (error && error.reason === DomainsError.ACCESS_DENIED) return retryCallback(null, new BoxError(BoxError.ACCESS_DENIED, error.message, { domain }));
-                    if (error && error.reason === DomainsError.NOT_FOUND) return retryCallback(null, new BoxError(BoxError.NOT_FOUND, error.message, { domain }));
+                    if (error && error.reason === BoxError.EXTERNAL_ERROR) return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
+                    if (error && error.reason === BoxError.ACCESS_DENIED) return retryCallback(null, new BoxError(BoxError.ACCESS_DENIED, error.message, { domain }));
+                    if (error && error.reason === BoxError.NOT_FOUND) return retryCallback(null, new BoxError(BoxError.NOT_FOUND, error.message, { domain }));
                     if (error) return retryCallback(null, new BoxError(BoxError.EXTERNAL_ERROR, error.message, domain)); // give up for other errors
 
                     if (values.length !== 0 && values[0] === ip) return retryCallback(null); // up-to-date
@@ -376,7 +387,7 @@ function registerSubdomains(app, overwrite, callback) {
                     if (values.length !== 0 && !overwrite) return retryCallback(null, new BoxError(BoxError.ALREADY_EXISTS, 'DNS Record already exists', { domain }));
 
                     domains.upsertDnsRecords(domain.subdomain, domain.domain, 'A', [ ip ], function (error) {
-                        if (error && (error.reason === DomainsError.STILL_BUSY || error.reason === DomainsError.EXTERNAL_ERROR)) {
+                        if (error && (error.reason === BoxError.BUSY || error.reason === BoxError.EXTERNAL_ERROR)) {
                             debug('registerSubdomains: Upsert error. Will retry.', error.message);
                             return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
                         }
@@ -398,7 +409,7 @@ function unregisterSubdomains(app, allDomains, callback) {
     assert(Array.isArray(allDomains));
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error);
 
         async.eachSeries(allDomains, function (domain, iteratorDone) {
@@ -406,8 +417,8 @@ function unregisterSubdomains(app, allDomains, callback) {
                 debugApp(app, 'Unregistering subdomain: %s%s', domain.subdomain ? (domain.subdomain + '.') : '', domain.domain);
 
                 domains.removeDnsRecords(domain.subdomain, domain.domain, 'A', [ ip ], function (error) {
-                    if (error && error.reason === DomainsError.NOT_FOUND) return retryCallback(null, null);
-                    if (error && (error.reason === DomainsError.STILL_BUSY || error.reason === DomainsError.EXTERNAL_ERROR)) {
+                    if (error && error.reason === BoxError.NOT_FOUND) return retryCallback(null, null);
+                    if (error && (error.reason === BoxError.SBUSY || error.reason === BoxError.EXTERNAL_ERROR)) {
                         debug('registerSubdomains: Remove error. Will retry.', error.message);
                         return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
                     }
@@ -432,7 +443,7 @@ function waitForDnsPropagation(app, callback) {
         return callback(null);
     }
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Error getting public IP: ${error.message}`));
 
         domains.waitForDnsRecord(app.location, app.domain, 'A', ip, { interval: 5000, times: 240 }, function (error) {
@@ -450,16 +461,18 @@ function waitForDnsPropagation(app, callback) {
     });
 }
 
-function moveDataDir(app, sourceDir, callback) {
+function moveDataDir(app, targetDir, callback) {
     assert.strictEqual(typeof app, 'object');
-    assert(sourceDir === null || typeof sourceDir === 'string');
+    assert(targetDir === null || typeof targetDir === 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    let resolvedSourceDir = apps.getDataDir(app, sourceDir);
-    let resolvedTargetDir = apps.getDataDir(app, app.dataDir);
+    let resolvedSourceDir = apps.getDataDir(app, app.dataDir);
+    let resolvedTargetDir = apps.getDataDir(app, targetDir);
 
     debug(`moveDataDir: migrating data from ${resolvedSourceDir} to ${resolvedTargetDir}`);
 
+    if (resolvedSourceDir === resolvedTargetDir) return callback();
+
     shell.sudo('moveDataDir', [ MV_VOLUME_CMD, resolvedSourceDir, resolvedTargetDir ], {}, function (error) {
         if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Error migrating data directory: ${error.message}`));
 
@@ -472,7 +485,7 @@ function downloadImage(manifest, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     docker.info(function (error, info) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting docker info: ${error.message}`));
+        if (error) return callback(error);
 
         const dfAsync = util.callbackify(df.file);
         dfAsync(info.DockerRootDir, function (error, diskUsage) {
@@ -480,7 +493,7 @@ function downloadImage(manifest, callback) {
             if (diskUsage.available < (1024*1024*1024)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Not enough disk space to pull docker image', { diskUsage: diskUsage, dockerRootDir: info.DockerRootDir }));
 
             docker.downloadImage(manifest, function (error) {
-                if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error downloading image: ${error.message}`, { image: manifest.dockerImage }));
+                if (error) return callback(error);
 
                 callback(null);
             });
@@ -494,17 +507,6 @@ function startApp(app, callback){
     docker.startContainer(app.id, callback);
 }
 
-// Ordering is based on the following rationale:
-//   - configure nginx, icon, oauth
-//   - register subdomain.
-//          at this point, the user can visit the site and the above nginx config can show some install screen.
-//          the icon can be displayed in this nginx page and oauth proxy means the page can be protected
-//   - download image
-//   - setup volumes
-//   - setup addons (requires the above volume)
-//   - setup the container (requires image, volumes, addons)
-//   - setup collectd (requires container id)
-// restore is also handled here since restore is just an install with some oldConfig to clean up
 function install(app, args, progressCallback, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof args, 'object');
@@ -513,6 +515,7 @@ function install(app, args, progressCallback, callback) {
 
     const restoreConfig = args.restoreConfig; // has to be set when restoring
     const overwriteDns = args.overwriteDns;
+    const oldManifest = args.oldManifest;
 
     async.series([
         // this protects against the theoretical possibility of an app being marked for install/restore from
@@ -522,29 +525,29 @@ function install(app, args, progressCallback, callback) {
         // teardown for re-installs
         progressCallback.bind(null, { percent: 10, message: 'Cleaning up old install' }),
         unconfigureReverseProxy.bind(null, app),
-        removeCollectdProfile.bind(null, app),
-        removeLogrotateConfig.bind(null, app),
-        docker.stopContainers.bind(null, app.id),
         deleteContainers.bind(null, app, { managedOnly: true }),
         function teardownAddons(next) {
             // when restoring, app does not require these addons anymore. remove carefully to preserve the db passwords
             let addonsToRemove;
-            if (restoreConfig && restoreConfig.oldManifest) { // oldManifest is null for clone
-                addonsToRemove = _.omit(restoreConfig.oldManifest.addons, Object.keys(app.manifest.addons));
+            if (oldManifest) {
+                addonsToRemove = _.omit(oldManifest.addons, Object.keys(app.manifest.addons));
             } else {
                 addonsToRemove = app.manifest.addons;
             }
 
             addons.teardownAddons(app, addonsToRemove, next);
         },
-        deleteAppDir.bind(null, app, { removeDirectory: false }), // do not remove any symlinked appdata dir
+
+        function deleteAppDirIfNeeded(done) {
+            if (restoreConfig && !restoreConfig.backupId) return done(); // in-place import should not delete data dir
+
+            deleteAppDir(app, { removeDirectory: false }, done); // do not remove any symlinked appdata dir
+        },
 
         function deleteImageIfChanged(done) {
-            if (!restoreConfig || !restoreConfig.oldManifest) return done();
+            if (!oldManifest || oldManifest.dockerImage === app.manifest.dockerImage) return done();
 
-            if (restoreConfig.oldManifest.dockerImage === app.manifest.dockerImage) return done();
-
-            docker.deleteImage(restoreConfig.oldManifest, done);
+            docker.deleteImage(oldManifest, done);
         },
 
         reserveHttpPort.bind(null, app),
@@ -567,14 +570,22 @@ function install(app, args, progressCallback, callback) {
                     progressCallback.bind(null, { percent: 60, message: 'Setting up addons' }),
                     addons.setupAddons.bind(null, app, app.manifest.addons),
                 ], next);
+            } else if (!restoreConfig.backupId) { // in-place import
+                async.series([
+                    progressCallback.bind(null, { percent: 60, message: 'Importing addons in-place' }),
+                    addons.setupAddons.bind(null, app, app.manifest.addons),
+                    addons.clearAddons.bind(null, app, _.omit(app.manifest.addons, 'localstorage')),
+                    addons.restoreAddons.bind(null, app, app.manifest.addons),
+                ], next);
             } else {
                 async.series([
                     progressCallback.bind(null, { percent: 65, message: 'Download backup and restoring addons' }),
                     addons.setupAddons.bind(null, app, app.manifest.addons),
                     addons.clearAddons.bind(null, app, app.manifest.addons),
-                    backups.restoreApp.bind(null, app, app.manifest.addons, restoreConfig, (progress) => {
-                        progressCallback({ percent: 65, message: `Restore - ${progress.message}` });
-                    })
+                    backups.downloadApp.bind(null, app, restoreConfig, (progress) => {
+                        progressCallback({ percent: 65, message: progress.message });
+                    }),
+                    addons.restoreAddons.bind(null, app, app.manifest.addons)
                 ], next);
             }
         },
@@ -582,12 +593,6 @@ function install(app, args, progressCallback, callback) {
         progressCallback.bind(null, { percent: 70, message: 'Creating container' }),
         createContainer.bind(null, app),
 
-        progressCallback.bind(null, { percent: 75, message: 'Setting up logrotate config' }),
-        addLogrotateConfig.bind(null, app),
-
-        progressCallback.bind(null, { percent: 80, message: 'Setting up collectd profile' }),
-        addCollectdProfile.bind(null, app),
-
         startApp.bind(null, app),
 
         progressCallback.bind(null, { percent: 85, message: 'Waiting for DNS propagation' }),
@@ -624,8 +629,8 @@ function backup(app, args, progressCallback, callback) {
     ], function seriesDone(error) {
         if (error) {
             debugApp(app, 'error backing up app: %s', error);
-            // return to installed state intentionally
-            return updateApp(app, { installationState: apps.ISTATE_INSTALLED, error: error.toPlainObject ? error.toPlainObject() : error.message }, callback.bind(null, error));
+            // return to installed state intentionally. the error is stashed only in the task and not the app (the UI shows error state otherwise)
+            return updateApp(app, { installationState: apps.ISTATE_INSTALLED, error: null }, callback.bind(null, makeTaskError(error, app)));
         }
         callback(null);
     });
@@ -639,7 +644,6 @@ function create(app, args, progressCallback, callback) {
 
     async.series([
         progressCallback.bind(null, { percent: 10, message: 'Cleaning up old install' }),
-        docker.stopContainers.bind(null, app.id),
         deleteContainers.bind(null, app, { managedOnly: true }),
 
         // FIXME: re-setup addons only because sendmail addon to re-inject env vars on mailboxName change
@@ -675,7 +679,6 @@ function changeLocation(app, args, progressCallback, callback) {
     async.series([
         progressCallback.bind(null, { percent: 10, message: 'Cleaning up old install' }),
         unconfigureReverseProxy.bind(null, app),
-        docker.stopContainers.bind(null, app.id),
         deleteContainers.bind(null, app, { managedOnly: true }),
         function (next) {
             let obsoleteDomains = oldConfig.alternateDomains.filter(function (o) {
@@ -711,7 +714,7 @@ function changeLocation(app, args, progressCallback, callback) {
         updateApp.bind(null, app, { installationState: apps.ISTATE_INSTALLED, error: null, health: null })
     ], function seriesDone(error) {
         if (error) {
-            debugApp(app, 'error reconfiguring : %s', error);
+            debugApp(app, 'error changing location : %s', error);
             return updateApp(app, { installationState: apps.ISTATE_ERROR, error: makeTaskError(error, app) }, callback.bind(null, error));
         }
         callback(null);
@@ -724,12 +727,11 @@ function migrateDataDir(app, args, progressCallback, callback) {
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
 
-    let oldDataDir = args.oldDataDir;
-    assert(oldDataDir === null || typeof oldDataDir === 'string');
+    let newDataDir = args.newDataDir;
+    assert(newDataDir === null || typeof newDataDir === 'string');
 
     async.series([
         progressCallback.bind(null, { percent: 10, message: 'Cleaning up old install' }),
-        docker.stopContainers.bind(null, app.id),
         deleteContainers.bind(null, app, { managedOnly: true }),
 
         progressCallback.bind(null, { percent: 45, message: 'Ensuring app data directory' }),
@@ -737,72 +739,43 @@ function migrateDataDir(app, args, progressCallback, callback) {
 
         // re-setup addons since this creates the localStorage volume
         progressCallback.bind(null, { percent: 50, message: 'Setting up addons' }),
-        addons.setupAddons.bind(null, app, app.manifest.addons),
+        addons.setupAddons.bind(null, _.extend({}, app, { dataDir: newDataDir }), app.manifest.addons),
 
-        // migrate dataDir
-        function (next) {
-            const dataDirChanged = oldDataDir !== app.dataDir;
+        progressCallback.bind(null, { percent: 60, message: 'Moving data dir' }),
+        moveDataDir.bind(null, app, newDataDir),
 
-            if (!dataDirChanged) return next();
-
-            moveDataDir(app, oldDataDir, next);
-        },
-
-        progressCallback.bind(null, { percent: 60, message: 'Creating container' }),
+        progressCallback.bind(null, { percent: 90, message: 'Creating container' }),
         createContainer.bind(null, app),
 
         startApp.bind(null, app),
 
         progressCallback.bind(null, { percent: 100, message: 'Done' }),
-        updateApp.bind(null, app, { installationState: apps.ISTATE_INSTALLED, error: null, health: null })
+        updateApp.bind(null, app, { installationState: apps.ISTATE_INSTALLED, error: null, health: null, dataDir: newDataDir })
     ], function seriesDone(error) {
         if (error) {
-            debugApp(app, 'error reconfiguring : %s', error);
+            debugApp(app, 'error migrating data dir : %s', error);
             return updateApp(app, { installationState: apps.ISTATE_ERROR, error: makeTaskError(error, app) }, callback.bind(null, error));
         }
         callback(null);
     });
 }
 
-// configure is called for an infra update and repair
+// configure is called for an infra update and repair to re-create container, reverseproxy config. it's all "local"
 function configure(app, args, progressCallback, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof args, 'object');
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
 
-    const oldConfig = args.oldConfig || null;
-    const overwriteDns = args.overwriteDns;
-
     async.series([
         progressCallback.bind(null, { percent: 10, message: 'Cleaning up old install' }),
         unconfigureReverseProxy.bind(null, app),
-        removeCollectdProfile.bind(null, app),
-        removeLogrotateConfig.bind(null, app),
-        docker.stopContainers.bind(null, app.id),
         deleteContainers.bind(null, app, { managedOnly: true }),
-        function (next) {
-            if (!oldConfig) return next();
-
-            let obsoleteDomains = oldConfig.alternateDomains.filter(function (o) {
-                return !app.alternateDomains.some(function (n) { return n.subdomain === o.subdomain && n.domain === o.domain; });
-            });
-
-            if (oldConfig.fqdn !== app.fqdn) obsoleteDomains.push({ subdomain: oldConfig.location, domain: oldConfig.domain });
-
-            if (obsoleteDomains.length === 0) return next();
-
-            unregisterSubdomains(app, obsoleteDomains, next);
-        },
-
         reserveHttpPort.bind(null, app),
 
         progressCallback.bind(null, { percent: 20, message: 'Downloading icon' }),
         downloadIcon.bind(null, app),
 
-        progressCallback.bind(null, { percent: 30, message: 'Registering subdomains' }),
-        registerSubdomains.bind(null, app, overwriteDns),
-
         progressCallback.bind(null, { percent: 40, message: 'Downloading image' }),
         downloadImage.bind(null, app.manifest),
 
@@ -816,12 +789,6 @@ function configure(app, args, progressCallback, callback) {
         progressCallback.bind(null, { percent: 60, message: 'Creating container' }),
         createContainer.bind(null, app),
 
-        progressCallback.bind(null, { percent: 65, message: 'Setting up logrotate config' }),
-        addLogrotateConfig.bind(null, app),
-
-        progressCallback.bind(null, { percent: 70, message: 'Add collectd profile' }),
-        addCollectdProfile.bind(null, app),
-
         startApp.bind(null, app),
 
         progressCallback.bind(null, { percent: 80, message: 'Waiting for DNS propagation' }),
@@ -858,7 +825,7 @@ function update(app, args, progressCallback, callback) {
     async.series([
         // this protects against the theoretical possibility of an app being marked for update from
         // a previous version of box code
-        progressCallback.bind(null, { percent: 0, message: 'Verify manifest' }),
+        progressCallback.bind(null, { percent: 5, message: 'Verify manifest' }),
         verifyManifest.bind(null, updateConfig.manifest),
 
         function (next) {
@@ -884,7 +851,6 @@ function update(app, args, progressCallback, callback) {
         // note: we cleanup first and then backup. this is done so that the app is not running should backup fail
         // we cannot easily 'recover' from backup failures because we have to revert manfest and portBindings
         progressCallback.bind(null, { percent: 35, message: 'Cleaning up old install' }),
-        docker.stopContainers.bind(null, app.id),
         deleteContainers.bind(null, app, { managedOnly: true }),
         function deleteImageIfChanged(done) {
             if (app.manifest.dockerImage === updateConfig.manifest.dockerImage) return done();
@@ -905,7 +871,7 @@ function update(app, args, progressCallback, callback) {
                 if (newTcpPorts[portName] || newUdpPorts[portName]) return callback(null); // port still in use
 
                 appdb.delPortBinding(currentPorts[portName], apps.PORT_TYPE_TCP, function (error) {
-                    if (error && error.reason === DatabaseError.NOT_FOUND) console.error('Portbinding does not exist in database.');
+                    if (error && error.reason === BoxError.NOT_FOUND) console.error('Portbinding does not exist in database.');
                     else if (error) return next(error);
 
                     // also delete from app object for further processing (the db is updated in the next step)
@@ -939,7 +905,7 @@ function update(app, args, progressCallback, callback) {
             debugApp(app, 'Error updating app: %s', error);
             updateApp(app, { installationState: apps.ISTATE_ERROR, error: makeTaskError(error, app) }, callback.bind(null, error));
         } else {
-            eventlog.add(eventlog.ACTION_APP_UPDATE_FINISH, auditsource.APP_TASK, { app: app, success: true }, () => callback()); // ignore error
+            eventlog.add(eventlog.ACTION_APP_UPDATE_FINISH, auditSource.APP_TASK, { app: app, success: true }, () => callback()); // ignore error
         }
     });
 }
@@ -986,6 +952,27 @@ function stop(app, args, progressCallback, callback) {
     });
 }
 
+function restart(app, args, progressCallback, callback) {
+    assert.strictEqual(typeof app, 'object');
+    assert.strictEqual(typeof args, 'object');
+    assert.strictEqual(typeof progressCallback, 'function');
+    assert.strictEqual(typeof callback, 'function');
+
+    async.series([
+        progressCallback.bind(null, { percent: 20, message: 'Restarting container' }),
+        docker.restartContainer.bind(null, app.id),
+
+        progressCallback.bind(null, { percent: 100, message: 'Done' }),
+        updateApp.bind(null, app, { installationState: apps.ISTATE_INSTALLED, error: null, health: null })
+    ], function seriesDone(error) {
+        if (error) {
+            debugApp(app, 'error starting app: %s', error);
+            return updateApp(app, { installationState: apps.ISTATE_ERROR, error: makeTaskError(error, app) }, callback.bind(null, error));
+        }
+        callback(null);
+    });
+}
+
 function uninstall(app, args, progressCallback, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof args, 'object');
@@ -993,16 +980,8 @@ function uninstall(app, args, progressCallback, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     async.series([
-        progressCallback.bind(null, { percent: 0, message: 'Remove collectd profile' }),
-        removeCollectdProfile.bind(null, app),
-
-        progressCallback.bind(null, { percent: 5, message: 'Remove logrotate config' }),
-        removeLogrotateConfig.bind(null, app),
-
-        progressCallback.bind(null, { percent: 10, message: 'Stopping app' }),
-        docker.stopContainers.bind(null, app.id),
-
         progressCallback.bind(null, { percent: 20, message: 'Deleting container' }),
+        unconfigureReverseProxy.bind(null, app),
         deleteContainers.bind(null, app, {}),
 
         progressCallback.bind(null, { percent: 30, message: 'Teardown addons' }),
@@ -1020,9 +999,6 @@ function uninstall(app, args, progressCallback, callback) {
         progressCallback.bind(null, { percent: 70, message: 'Cleanup icon' }),
         removeIcon.bind(null, app),
 
-        progressCallback.bind(null, { percent: 80, message: 'Unconfiguring reverse proxy' }),
-        unconfigureReverseProxy.bind(null, app),
-
         progressCallback.bind(null, { percent: 90, message: 'Cleanup logs' }),
         cleanupLogs.bind(null, app),
 
@@ -1074,9 +1050,11 @@ function run(appId, args, progressCallback, callback) {
             return start(app, args, progressCallback, callback);
         case apps.ISTATE_PENDING_STOP:
             return stop(app, args, progressCallback, callback);
+        case apps.ISTATE_PENDING_RESTART:
+            return restart(app, args, progressCallback, callback);
         default:
             debugApp(app, 'apptask launched with invalid command');
-            return callback(new Error('Unknown install command in apptask:' + app.installationState));
+            return callback(new BoxError(BoxError.INTERNAL_ERROR, 'Unknown install command in apptask:' + app.installationState));
         }
     });
 }

src/apptaskmanager.js

@@ -5,6 +5,7 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:apptaskmanager'),
     fs = require('fs'),
     locker = require('./locker.js'),
@@ -42,12 +43,12 @@ function scheduleTask(appId, taskId, callback) {
     if (!gInitialized) initializeSync();
 
     if (appId in gActiveTasks) {
-        return callback(new Error(`Task for %s is already active: ${appId}`));
+        return callback(new BoxError(BoxError.CONFLICT, `Task for %s is already active: ${appId}`));
     }
 
     if (Object.keys(gActiveTasks).length >= TASK_CONCURRENCY) {
         debug(`Reached concurrency limit, queueing task id ${taskId}`);
-        tasks.update(taskId, { percent: 0, message: 'Waiting for other app tasks to complete' }, NOOP_CALLBACK);
+        tasks.update(taskId, { percent: 1, message: 'Waiting for other app tasks to complete' }, NOOP_CALLBACK);
         gPendingTasks.push({ appId, taskId, callback });
         return;
     }
@@ -56,7 +57,7 @@ function scheduleTask(appId, taskId, callback) {
 
     if (lockError) {
         debug(`Could not get lock. ${lockError.message}, queueing task id ${taskId}`);
-        tasks.update(taskId, { percent: 0, message: waitText(lockError.operation) }, NOOP_CALLBACK);
+        tasks.update(taskId, { percent: 1, message: waitText(lockError.operation) }, NOOP_CALLBACK);
         gPendingTasks.push({ appId, taskId, callback });
         return;
     }
@@ -67,7 +68,7 @@ function scheduleTask(appId, taskId, callback) {
 
     if (!fs.existsSync(path.dirname(logFile))) safe.fs.mkdirSync(path.dirname(logFile)); // ensure directory
 
-    tasks.startTask(taskId, { logFile }, function (error, result) {
+    tasks.startTask(taskId, { logFile, timeout: 20 * 60 * 60 * 1000 /* 20 hours */ }, function (error, result) {
         callback(error, result);
 
         delete gActiveTasks[appId];

src/auditsource.js

@@ -5,6 +5,7 @@ exports = module.exports = {
     HEALTH_MONITOR: { userId: null, username: 'healthmonitor' },
     APP_TASK: { userId: null, username: 'apptask' },
     EXTERNAL_LDAP_TASK: { userId: null, username: 'externalldap' },
+    EXTERNAL_LDAP_AUTO_CREATE: { userId: null, username: 'externalldap' },
 
     fromRequest: fromRequest
 };

src/authcodedb.js

@@ -12,8 +12,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 var AUTHCODES_FIELDS = [ 'authCode', 'userId', 'clientId', 'expiresAt' ].join(',');
 
@@ -22,8 +22,8 @@ function get(authCode, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + AUTHCODES_FIELDS + ' FROM authcodes WHERE authCode = ? AND expiresAt > ?', [ authCode, Date.now() ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Authcode not found'));
 
         callback(null, result[0]);
     });
@@ -37,12 +37,12 @@ function add(authCode, clientId, userId, expiresAt, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO authcodes (authCode, clientId, userId, expiresAt) VALUES (?, ?, ?, ?)',
-            [ authCode, clientId, userId, expiresAt ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        [ authCode, clientId, userId, expiresAt ], function (error, result) {
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+            if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
-        callback(null);
-    });
+            callback(null);
+        });
 }
 
 function del(authCode, callback) {
@@ -50,8 +50,8 @@ function del(authCode, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM authcodes WHERE authCode = ?', [ authCode ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Authcode not found'));
 
         callback(null);
     });
@@ -61,7 +61,7 @@ function delExpired(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM authcodes WHERE expiresAt <= ?', [ Date.now() ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         return callback(null, result.affectedRows);
     });
 }
@@ -70,7 +70,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM authcodes', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });

src/backupdb.js

@@ -1,8 +1,8 @@
 'use strict';
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     safe = require('safetydance'),
     util = require('util');
 
@@ -47,7 +47,7 @@ function getByTypeAndStatePaged(type, state, page, perPage, callback) {
 
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? AND state = ? ORDER BY creationTime DESC LIMIT ?,?',
         [ type, state, (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -63,7 +63,7 @@ function getByTypePaged(type, page, perPage, callback) {
 
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? ORDER BY creationTime DESC LIMIT ?,?',
         [ type, (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -80,7 +80,7 @@ function getByAppIdPaged(page, perPage, appId, callback) {
     // box versions (0.93.x and below) used to use appbackup_ prefix
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? AND state = ? AND id LIKE ? ORDER BY creationTime DESC LIMIT ?,?',
         [ exports.BACKUP_TYPE_APP, exports.BACKUP_STATE_NORMAL, '%app%\\_' + appId + '\\_%', (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -94,8 +94,8 @@ function get(id, callback) {
 
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE id = ? ORDER BY creationTime DESC',
         [ id ], function (error, result) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Backup not found'));
 
             postProcess(result[0]);
 
@@ -119,8 +119,8 @@ function add(id, data, callback) {
     database.query('INSERT INTO backups (id, version, type, creationTime, state, dependsOn, manifestJson, format) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
         [ id, data.version, data.type, creationTime, exports.BACKUP_STATE_NORMAL, data.dependsOn.join(','), manifestJson, data.format ],
         function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });
@@ -139,8 +139,8 @@ function update(id, backup, callback) {
     values.push(id);
 
     database.query('UPDATE backups SET ' + fields.join(', ') + ' WHERE id = ?', values, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'Backup not found'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -150,7 +150,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('TRUNCATE TABLE backups', [], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }
@@ -160,7 +160,7 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM backups WHERE id=?', [ id ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }

src/backups.js

@@ -1,9 +1,8 @@
 'use strict';
 
 exports = module.exports = {
-    BackupsError: BackupsError,
-
     testConfig: testConfig,
+    testProviderConfig: testProviderConfig,
 
     getByStatePaged: getByStatePaged,
     getByAppIdPaged: getByAppIdPaged,
@@ -16,7 +15,7 @@ exports = module.exports = {
     restore: restore,
 
     backupApp: backupApp,
-    restoreApp: restoreApp,
+    downloadApp: downloadApp,
 
     backupBoxAndApps: backupBoxAndApps,
 
@@ -41,14 +40,13 @@ exports = module.exports = {
 
 var addons = require('./addons.js'),
     apps = require('./apps.js'),
-    AppsError = require('./apps.js').AppsError,
     async = require('async'),
     assert = require('assert'),
     backupdb = require('./backupdb.js'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     crypto = require('crypto'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     DataLayout = require('./datalayout.js'),
     debug = require('debug')('box:backups'),
     df = require('@sindresorhus/df'),
@@ -78,31 +76,6 @@ function debugApp(app) {
     debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }
 
-function BackupsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(BackupsError, Error);
-BackupsError.EXTERNAL_ERROR = 'external error';
-BackupsError.INTERNAL_ERROR = 'internal error';
-BackupsError.BAD_STATE = 'bad state';
-BackupsError.BAD_FIELD = 'bad field';
-BackupsError.NOT_FOUND = 'not found';
-
 // choose which storage backend we use for test purpose we use s3
 function api(provider) {
     switch (provider) {
@@ -136,12 +109,23 @@ function testConfig(backupConfig, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var func = api(backupConfig.provider);
-    if (!func) return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown storage provider'));
+    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
 
-    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown format'));
+    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BoxError(BoxError.BAD_FIELD, 'unknown format', { field: 'format' }));
 
     // remember to adjust the cron ensureBackup task interval accordingly
-    if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Interval must be atleast 6 hours'));
+    if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BoxError(BoxError.BAD_FIELD, 'Interval must be atleast 6 hours', { field: 'interval' }));
+
+    api(backupConfig.provider).testConfig(backupConfig, callback);
+}
+
+
+function testProviderConfig(backupConfig, callback) {
+    assert.strictEqual(typeof backupConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var func = api(backupConfig.provider);
+    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
 
     api(backupConfig.provider).testConfig(backupConfig, callback);
 }
@@ -153,7 +137,7 @@ function getByStatePaged(state, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     backupdb.getByTypeAndStatePaged(backupdb.BACKUP_TYPE_BOX, state, page, perPage, function (error, results) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, results);
     });
@@ -166,7 +150,7 @@ function getByAppIdPaged(page, perPage, appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     backupdb.getByAppIdPaged(page, perPage, appId, function (error, results) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, results);
     });
@@ -177,8 +161,7 @@ function get(backupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     backupdb.get(backupId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new BackupsError(BackupsError.NOT_FOUND));
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -246,14 +229,14 @@ function createReadStream(sourceFile, key) {
 
     stream.on('error', function (error) {
         debug('createReadStream: read stream error.', error);
-        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BoxError(BoxError.FS_ERROR, error.message));
     });
 
     if (key !== null) {
         var encrypt = crypto.createCipher('aes-256-cbc', key);
         encrypt.on('error', function (error) {
             debug('createReadStream: encrypt stream error.', error);
-            ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            ps.emit('error', new BoxError(BoxError.CRYPTO_ERROR, error.message));
         });
         return stream.pipe(encrypt).pipe(ps);
     } else {
@@ -266,17 +249,25 @@ function createWriteStream(destFile, key) {
     assert(key === null || typeof key === 'string');
 
     var stream = fs.createWriteStream(destFile);
+    var ps = progressStream({ time: 10000 }); // display a progress every 10 seconds
+
+    stream.on('error', function (error) {
+        debug('createWriteStream: write stream error.', error);
+        ps.emit('error', new BoxError(BoxError.FS_ERROR, error.message));
+    });
 
     if (key !== null) {
         var decrypt = crypto.createDecipher('aes-256-cbc', key);
         decrypt.on('error', function (error) {
             debug('createWriteStream: decrypt stream error.', error);
+            ps.emit('error', new BoxError(BoxError.CRYPTO_ERROR, error.message));
         });
-        decrypt.pipe(stream);
-        return decrypt;
+        ps.pipe(decrypt).pipe(stream);
     } else {
-        return stream;
+        ps.pipe(stream);
     }
+
+    return ps;
 }
 
 function tarPack(dataLayout, key, callback) {
@@ -306,19 +297,19 @@ function tarPack(dataLayout, key, callback) {
 
     pack.on('error', function (error) {
         debug('tarPack: tar stream error.', error);
-        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     gzip.on('error', function (error) {
         debug('tarPack: gzip stream error.', error);
-        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     if (key !== null) {
         var encrypt = crypto.createCipher('aes-256-cbc', key);
         encrypt.on('error', function (error) {
             debug('tarPack: encrypt stream error.', error);
-            ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
         });
         pack.pipe(gzip).pipe(encrypt).pipe(ps);
     } else {
@@ -367,7 +358,7 @@ function sync(backupConfig, backupId, dataLayout, progressCallback, callback) {
                     debug(`read stream error for ${task.path}: ${error.message}`);
                     retryCallback();
                 }); // ignore error if file disappears
-                stream.on('progress', function(progress) {
+                stream.on('progress', function (progress) {
                     const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
                     if (!transferred && !speed) return progressCallback({ message: `Uploading ${task.path}` }); // 0M@0Mbps looks wrong
                     progressCallback({ message: `Uploading ${task.path}: ${transferred}M@${speed}Mbps` }); // 0M@0Mbps looks wrong
@@ -379,7 +370,7 @@ function sync(backupConfig, backupId, dataLayout, progressCallback, callback) {
             }
         }, iteratorCallback);
     }, concurrency, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         callback();
     });
@@ -425,7 +416,7 @@ function checkFreeDiskSpace(backupConfig, dataLayout, callback) {
     for (let localPath of dataLayout.localPaths()) {
         debug(`checkFreeDiskSpace: getting disk usage of ${localPath}`);
         let result = safe.child_process.execSync(`du -Dsb ${localPath}`, { encoding: 'utf8' });
-        if (!result) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, safe.error));
+        if (!result) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
         used += parseInt(result, 10);
     }
 
@@ -433,11 +424,11 @@ function checkFreeDiskSpace(backupConfig, dataLayout, callback) {
 
     df.file(backupConfig.backupFolder).then(function (diskUsage) {
         const needed = used + (1024 * 1024 * 1024); // check if there is atleast 1GB left afterwards
-        if (diskUsage.available <= needed) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Not enough disk space for backup. Needed: ${prettyBytes(needed)} Available: ${prettyBytes(diskUsage.available)}`));
+        if (diskUsage.available <= needed) return callback(new BoxError(BoxError.FS_ERROR, `Not enough disk space for backup. Needed: ${prettyBytes(needed)} Available: ${prettyBytes(diskUsage.available)}`));
 
         callback(null);
     }).catch(function (error) {
-        callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        callback(new BoxError(BoxError.FS_ERROR, error));
     });
 }
 
@@ -454,7 +445,7 @@ function upload(backupId, format, dataLayoutString, progressCallback, callback)
     const dataLayout = DataLayout.fromString(dataLayoutString);
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         checkFreeDiskSpace(backupConfig, dataLayout, function (error) {
             if (error) return callback(error);
@@ -466,12 +457,12 @@ function upload(backupId, format, dataLayoutString, progressCallback, callback)
                     tarPack(dataLayout, backupConfig.key || null, function (error, tarStream) {
                         if (error) return retryCallback(error);
 
-                        tarStream.on('progress', function(progress) {
+                        tarStream.on('progress', function (progress) {
                             const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
                             if (!transferred && !speed) return progressCallback({ message: 'Uploading backup' }); // 0M@0Mbps looks wrong
                             progressCallback({ message: `Uploading backup ${transferred}M@${speed}Mbps` });
                         });
-                        tarStream.on('error', retryCallback); // already returns BackupsError
+                        tarStream.on('error', retryCallback); // already returns BoxError
 
                         api(backupConfig.provider).upload(backupConfig, getBackupFilePath(backupConfig, backupId, format), tarStream, retryCallback);
                     });
@@ -505,17 +496,17 @@ function tarExtract(inStream, dataLayout, key, callback) {
 
     inStream.on('error', function (error) {
         debug('tarExtract: input stream error.', error);
-        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     gunzip.on('error', function (error) {
         debug('tarExtract: gunzip stream error.', error);
-        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     extract.on('error', function (error) {
         debug('tarExtract: extract stream error.', error);
-        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     extract.on('finish', function () {
@@ -528,7 +519,7 @@ function tarExtract(inStream, dataLayout, key, callback) {
         var decrypt = crypto.createDecipher('aes-256-cbc', key);
         decrypt.on('error', function (error) {
             debug('tarExtract: decrypt stream error.', error);
-            emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, `Failed to decrypt: ${error.message}`));
+            emitError(new BoxError(BoxError.EXTERNAL_ERROR, `Failed to decrypt: ${error.message}`));
         });
         inStream.pipe(ps).pipe(decrypt).pipe(gunzip).pipe(extract);
     } else {
@@ -546,19 +537,19 @@ function restoreFsMetadata(dataLayout, metadataFile, callback) {
     debug(`Recreating empty directories in ${dataLayout.toString()}`);
 
     var metadataJson = safe.fs.readFileSync(metadataFile, 'utf8');
-    if (metadataJson === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error loading fsmetadata.json:' + safe.error.message));
+    if (metadataJson === null) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Error loading fsmetadata.json:' + safe.error.message));
     var metadata = safe.JSON.parse(metadataJson);
-    if (metadata === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error parsing fsmetadata.json:' + safe.error.message));
+    if (metadata === null) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Error parsing fsmetadata.json:' + safe.error.message));
 
     async.eachSeries(metadata.emptyDirs, function createPath(emptyDir, iteratorDone) {
         mkdirp(dataLayout.toLocalPath(emptyDir), iteratorDone);
     }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));
 
         async.eachSeries(metadata.execFiles, function createPath(execFile, iteratorDone) {
             fs.chmod(dataLayout.toLocalPath(execFile), parseInt('0755', 8), iteratorDone);
         }, function (error) {
-            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));
 
             callback();
         });
@@ -574,24 +565,30 @@ function downloadDir(backupConfig, backupFilePath, dataLayout, progressCallback,
 
     debug(`downloadDir: ${backupFilePath} to ${dataLayout.toString()}`);
 
-    function downloadFile(entry, callback) {
+    function downloadFile(entry, done) {
         let relativePath = path.relative(backupFilePath, entry.fullPath);
         if (backupConfig.key) {
             relativePath = decryptFilePath(relativePath, backupConfig.key);
-            if (!relativePath) return callback(new BackupsError(BackupsError.BAD_STATE, 'Unable to decrypt file'));
+            if (!relativePath) return done(new BoxError(BoxError.BAD_STATE, 'Unable to decrypt file'));
         }
         const destFilePath = dataLayout.toLocalPath('./' + relativePath);
 
         mkdirp(path.dirname(destFilePath), function (error) {
-            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            if (error) return done(new BoxError(BoxError.FS_ERROR, error.message));
 
             async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
                 let destStream = createWriteStream(destFilePath, backupConfig.key || null);
 
+                destStream.on('progress', function (progress) {
+                    const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
+                    if (!transferred && !speed) return progressCallback({ message: `Downloading ${entry.fullPath}` }); // 0M@0Mbps looks wrong
+                    progressCallback({ message: `Downloading ${entry.fullPath}: ${transferred}M@${speed}Mbps` });
+                });
+
                 // protect against multiple errors. must destroy the write stream so that a previous retry does not write
                 let closeAndRetry = once((error) => {
-                    if (error) progressCallback({ message: `Download ${entry.fullPath} errored: ${error.message}` });
-                    else progressCallback({ message: `Download ${entry.fullPath} finished` });
+                    if (error) progressCallback({ message: `Download ${entry.fullPath} to ${destFilePath} errored: ${error.message}` });
+                    else progressCallback({ message: `Download ${entry.fullPath} to ${destFilePath} finished` });
                     destStream.destroy();
                     retryCallback(error);
                 });
@@ -600,21 +597,21 @@ function downloadDir(backupConfig, backupFilePath, dataLayout, progressCallback,
                     if (error) return closeAndRetry(error);
 
                     sourceStream.on('error', closeAndRetry);
-                    destStream.on('error', closeAndRetry);
+                    destStream.on('error', closeAndRetry); // already emits BoxError
 
                     progressCallback({ message: `Downloading ${entry.fullPath} to ${destFilePath}` });
 
                     sourceStream.pipe(destStream, { end: true }).on('finish', closeAndRetry);
                 });
-            }, callback);
+            }, done);
         });
     }
 
-    api(backupConfig.provider).listDir(backupConfig, backupFilePath, 1000, function (entries, done) {
+    api(backupConfig.provider).listDir(backupConfig, backupFilePath, 1000, function (entries, iteratorDone) {
         // https://www.digitalocean.com/community/questions/rate-limiting-on-spaces?answer=40441
         const concurrency = backupConfig.downloadConcurrency || (backupConfig.provider === 's3' ? 30 : 10);
 
-        async.eachLimit(entries, concurrency, downloadFile, done);
+        async.eachLimit(entries, concurrency, downloadFile, iteratorDone);
     }, callback);
 }
 
@@ -626,7 +623,7 @@ function download(backupConfig, backupId, format, dataLayout, progressCallback,
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
 
-    debug(`download - Downloading ${backupId} of format ${format} to ${dataLayout.toString()}`);
+    debug(`download: Downloading ${backupId} of format ${format} to ${dataLayout.toString()}`);
 
     const backupFilePath = getBackupFilePath(backupConfig, backupId, format);
 
@@ -640,7 +637,7 @@ function download(backupConfig, backupId, format, dataLayout, progressCallback,
 
                     ps.on('progress', function (progress) {
                         const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
-                        if (!transferred && !speed) return progressCallback({ message: 'Downloading' }); // 0M@0Mbps looks wrong
+                        if (!transferred && !speed) return progressCallback({ message: 'Downloading backup' }); // 0M@0Mbps looks wrong
                         progressCallback({ message: `Downloading ${transferred}M@${speed}Mbps` });
                     });
                     ps.on('error', retryCallback);
@@ -671,7 +668,7 @@ function restore(backupConfig, backupId, progressCallback, callback) {
         debug('restore: download completed, importing database');
 
         database.importFromFile(`${dataLayout.localRoot()}/box.mysqldump`, function (error) {
-            if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             debug('restore: database imported');
 
@@ -680,9 +677,8 @@ function restore(backupConfig, backupId, progressCallback, callback) {
     });
 }
 
-function restoreApp(app, addonsToRestore, restoreConfig, progressCallback, callback) {
+function downloadApp(app, restoreConfig, progressCallback, callback) {
     assert.strictEqual(typeof app, 'object');
-    assert.strictEqual(typeof addonsToRestore, 'object');
     assert.strictEqual(typeof restoreConfig, 'object');
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
@@ -691,43 +687,45 @@ function restoreApp(app, addonsToRestore, restoreConfig, progressCallback, callb
     if (!appDataDir) return callback(safe.error);
     const dataLayout = new DataLayout(appDataDir, app.dataDir ? [{ localDir: app.dataDir, remoteDir: 'data' }] : []);
 
-    var startTime = new Date();
+    const startTime = new Date();
+    const getBackupConfigFunc = restoreConfig.backupConfig ? (next) => next(null, restoreConfig.backupConfig) : settings.getBackupConfig;
 
-    settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+    getBackupConfigFunc(function (error, backupConfig) {
+        if (error) return callback(error);
 
-        async.series([
-            download.bind(null, backupConfig, restoreConfig.backupId, restoreConfig.backupFormat, dataLayout, progressCallback),
-            addons.restoreAddons.bind(null, app, addonsToRestore)
-        ], function (error) {
-            debug('restoreApp: time: %s', (new Date() - startTime)/1000);
+        download(backupConfig, restoreConfig.backupId, restoreConfig.backupFormat, dataLayout, progressCallback, function (error) {
+            debug('downloadApp: time: %s', (new Date() - startTime)/1000);
 
             callback(error);
         });
     });
 }
 
-function runBackupUpload(backupId, format, dataLayout, progressCallback, callback) {
-    assert.strictEqual(typeof backupId, 'string');
-    assert.strictEqual(typeof format, 'string');
-    assert(dataLayout instanceof DataLayout, 'dataLayout must be a DataLayout');
+function runBackupUpload(uploadConfig, progressCallback, callback) {
+    assert.strictEqual(typeof uploadConfig, 'object');
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
 
-    let result = '';
+    const { backupId, format, dataLayout, progressTag } = uploadConfig;
+    assert.strictEqual(typeof backupId, 'string');
+    assert.strictEqual(typeof format, 'string');
+    assert.strictEqual(typeof progressTag, 'string');
+    assert(dataLayout instanceof DataLayout, 'dataLayout must be a DataLayout');
+
+    let result = ''; // the script communicates error result as a string
 
     shell.sudo(`backup-${backupId}`, [ BACKUP_UPLOAD_CMD, backupId, format, dataLayout.toString() ], { preserveEnv: true, ipc: true }, function (error) {
         if (error && (error.code === null /* signal */ || (error.code !== 0 && error.code !== 50))) { // backuptask crashed
-            return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Backuptask crashed'));
+            return callback(new BoxError(BoxError.INTERNAL_ERROR, 'Backuptask crashed'));
         } else if (error && error.code === 50) { // exited with error
-            return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, result));
+            return callback(new BoxError(BoxError.EXTERNAL_ERROR, result));
         }
 
         callback();
-    }).on('message', function (message) {
-        if (!message.result) return progressCallback(message);
-        debug(`runBackupUpload: result - ${JSON.stringify(message)}`);
-        result = message.result;
+    }).on('message', function (progress) { // script sends either 'message' or 'result' property
+        if (!progress.result) return progressCallback({ message: `${progress.message} (${progressTag})` });
+        debug(`runBackupUpload: result - ${JSON.stringify(progress)}`);
+        result = progress.result;
     });
 }
 
@@ -748,7 +746,9 @@ function setSnapshotInfo(id, info, callback) {
     var contents = safe.fs.readFileSync(paths.SNAPSHOT_INFO_FILE, 'utf8');
     var data = safe.JSON.parse(contents) || { };
     if (info) data[id] = info; else delete data[id];
-    if (!safe.fs.writeFileSync(paths.SNAPSHOT_INFO_FILE, JSON.stringify(data, null, 4), 'utf8')) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(paths.SNAPSHOT_INFO_FILE, JSON.stringify(data, null, 4), 'utf8')) {
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+    }
 
     callback();
 }
@@ -760,7 +760,7 @@ function snapshotBox(progressCallback, callback) {
     progressCallback({ message: 'Snapshotting box' });
 
     database.exportToFile(`${paths.BOX_DATA_DIR}/box.mysqldump`, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback();
     });
@@ -779,8 +779,14 @@ function uploadBoxSnapshot(backupConfig, progressCallback, callback) {
         const boxDataDir = safe.fs.realpathSync(paths.BOX_DATA_DIR);
         if (!boxDataDir) return callback(safe.error);
 
-        const dataLayout = new DataLayout(boxDataDir, []);
-        runBackupUpload('snapshot/box', backupConfig.format, dataLayout, progressCallback, function (error) {
+        const uploadConfig = {
+            backupId: 'snapshot/box',
+            format: backupConfig.format,
+            dataLayout: new DataLayout(boxDataDir, []),
+            progressTag: 'box'
+        };
+
+        runBackupUpload(uploadConfig, progressCallback, function (error) {
             if (error) return callback(error);
 
             debug('uploadBoxSnapshot: time: %s secs', (new Date() - startTime)/1000);
@@ -798,7 +804,6 @@ function rotateBoxBackup(backupConfig, tag, appBackupIds, progressCallback, call
     assert.strictEqual(typeof callback, 'function');
 
     var snapshotInfo = getSnapshotInfo('box');
-    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));
 
     const snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,''); // add this to filename to make it unique, so it's easy to download them
     const backupId = util.format('%s/box_%s_v%s', tag, snapshotTime, constants.VERSION);
@@ -807,16 +812,16 @@ function rotateBoxBackup(backupConfig, tag, appBackupIds, progressCallback, call
     debug(`Rotating box backup to id ${backupId}`);
 
     backupdb.add(backupId, { version: constants.VERSION, type: backupdb.BACKUP_TYPE_BOX, dependsOn: appBackupIds, manifest: null, format: format }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, 'snapshot/box', format), getBackupFilePath(backupConfig, backupId, format));
-        copy.on('progress', (message) => progressCallback({ message }));
+        copy.on('progress', (message) => progressCallback({ message: `box: ${message}` }));
         copy.on('done', function (copyBackupError) {
             const state = copyBackupError ? backupdb.BACKUP_STATE_ERROR : backupdb.BACKUP_STATE_NORMAL;
 
             backupdb.update(backupId, { state: state }, function (error) {
                 if (copyBackupError) return callback(copyBackupError);
-                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 debug(`Rotated box backup successfully as id ${backupId}`);
 
@@ -833,7 +838,7 @@ function backupBoxWithAppBackupIds(appBackupIds, tag, progressCallback, callback
     assert.strictEqual(typeof callback, 'function');
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         uploadBoxSnapshot(backupConfig, progressCallback, function (error) {
             if (error) return callback(error);
@@ -860,11 +865,11 @@ function snapshotApp(app, progressCallback, callback) {
     progressCallback({ message: `Snapshotting app ${app.fqdn}` });
 
     if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(app))) {
-        return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error creating config.json: ' + safe.error.message));
+        return callback(new BoxError(BoxError.FS_ERROR, 'Error creating config.json: ' + safe.error.message));
     }
 
     addons.backupAddons(app, app.manifest.addons, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         return callback(null);
     });
@@ -879,7 +884,6 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
     assert.strictEqual(typeof callback, 'function');
 
     var snapshotInfo = getSnapshotInfo(app.id);
-    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));
 
     var manifest = snapshotInfo.restoreConfig ? snapshotInfo.restoreConfig.manifest : snapshotInfo.manifest; // compat
     const snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,''); // add this for unique filename which helps when downloading them
@@ -889,16 +893,16 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
     debug(`Rotating app backup of ${app.id} to id ${backupId}`);
 
     backupdb.add(backupId, { version: manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ], manifest: manifest, format: format }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${app.id}`, format), getBackupFilePath(backupConfig, backupId, format));
-        copy.on('progress', (message) => progressCallback({ message }));
+        copy.on('progress', (message) => progressCallback({ message: `${message} (${app.fqdn})` }));
         copy.on('done', function (copyBackupError) {
             const state = copyBackupError ? backupdb.BACKUP_STATE_ERROR : backupdb.BACKUP_STATE_NORMAL;
 
             backupdb.update(backupId, { preserveSecs: options.preserveSecs || 0, state: state }, function (error) {
                 if (copyBackupError) return callback(copyBackupError);
-                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 debug(`Rotated app backup of ${app.id} successfully to id ${backupId}`);
 
@@ -927,7 +931,14 @@ function uploadAppSnapshot(backupConfig, app, progressCallback, callback) {
 
         const dataLayout = new DataLayout(appDataDir, app.dataDir ? [{ localDir: app.dataDir, remoteDir: 'data' }] : []);
 
-        runBackupUpload(backupId, backupConfig.format, dataLayout, progressCallback, function (error) {
+        const uploadConfig = {
+            backupId,
+            format: backupConfig.format,
+            dataLayout,
+            progressTag: app.fqdn
+        };
+
+        runBackupUpload(uploadConfig, progressCallback, function (error) {
             if (error) return callback(error);
 
             debugApp(app, 'uploadAppSnapshot: %s done time: %s secs', backupId, (new Date() - startTime)/1000);
@@ -947,7 +958,7 @@ function backupAppWithTag(app, tag, options, progressCallback, callback) {
     if (!canBackupApp(app)) return callback(); // nothing to do
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         uploadAppSnapshot(backupConfig, app, progressCallback, function (error) {
             if (error) return callback(error);
@@ -978,7 +989,7 @@ function backupBoxAndApps(progressCallback, callback) {
     const tag = (new Date()).toISOString().replace(/[T.]/g, '-').replace(/[:Z]/g,'');
 
     apps.getAll(function (error, allApps) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         let percent = 1;
         let step = 100/(allApps.length+2);
@@ -993,7 +1004,7 @@ function backupBoxAndApps(progressCallback, callback) {
             }
 
             backupAppWithTag(app, tag, { /* options */ }, (progress) => progressCallback({ percent: percent, message: progress.message }), function (error, backupId) {
-                if (error && error.reason !== BackupsError.BAD_STATE) {
+                if (error && error.reason !== BoxError.BAD_STATE) {
                     debugApp(app, 'Unable to backup', error);
                     return iteratorCallback(error);
                 }
@@ -1017,19 +1028,20 @@ function backupBoxAndApps(progressCallback, callback) {
 
 function startBackupTask(auditSource, callback) {
     let error = locker.lock(locker.OP_FULL_BACKUP);
-    if (error) return callback(new BackupsError(BackupsError.BAD_STATE, `Cannot backup now: ${error.message}`));
+    if (error) return callback(new BoxError(BoxError.BAD_STATE, `Cannot backup now: ${error.message}`));
 
     tasks.add(tasks.TASK_BACKUP, [ ], function (error, taskId) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_BACKUP_START, auditSource, { taskId });
 
-        tasks.startTask(taskId, {}, function (error, result) {
+        tasks.startTask(taskId, { timeout: 12 * 60 * 60 * 1000 /* 12 hours */ }, function (error, backupId) {
             locker.unlock(locker.OP_FULL_BACKUP);
 
             const errorMessage = error ? error.message : '';
+            const timedOut = error ? error.code === tasks.ETIMEOUT : false;
 
-            eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { taskId: taskId, errorMessage: errorMessage, backupId: result });
+            eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { taskId, errorMessage, timedOut, backupId });
         });
 
         callback(null, taskId);
@@ -1105,7 +1117,7 @@ function cleanupAppBackups(backupConfig, referencedAppBackups, callback) {
 
     // we clean app backups of any state because the ones to keep are determined by the box cleanup code
     backupdb.getByTypePaged(backupdb.BACKUP_TYPE_APP, 1, 1000, function (error, appBackups) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.eachSeries(appBackups, function iterator(appBackup, iteratorDone) {
             if (referencedAppBackups.indexOf(appBackup.id) !== -1) return iteratorDone();
@@ -1193,7 +1205,7 @@ function cleanupSnapshots(backupConfig, callback) {
     delete info.box;
     async.eachSeries(Object.keys(info), function (appId, iteratorDone) {
         apps.get(appId, function (error /*, app */) {
-            if (!error || error.reason !== AppsError.NOT_FOUND) return iteratorDone();
+            if (!error || error.reason !== BoxError.NOT_FOUND) return iteratorDone();
 
             function done(/* ignoredError */) {
                 safe.fs.unlinkSync(path.join(paths.BACKUP_INFO_DIR, `${appId}.sync.cache`));
@@ -1259,7 +1271,7 @@ function cleanup(auditSource, progressCallback, callback) {
 function startCleanupTask(auditSource, callback) {
 
     tasks.add(tasks.TASK_CLEAN_BACKUPS, [ auditSource ], function (error, taskId) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         tasks.startTask(taskId, {}, (error, result) => { // result is { removedBoxBackups, removedAppBackups }
             eventlog.add(eventlog.ACTION_BACKUP_CLEANUP_FINISH, auditSource, {

src/boxerror.js

@@ -3,6 +3,7 @@
 'use strict';
 
 const assert = require('assert'),
+    HttpError = require('connect-lastmile').HttpError,
     util = require('util'),
     _ = require('underscore');
 
@@ -32,25 +33,66 @@ function BoxError(reason, errorOrMessage, details) {
 }
 util.inherits(BoxError, Error);
 BoxError.ACCESS_DENIED = 'Access Denied';
+BoxError.ADDONS_ERROR = 'Addons Error';
 BoxError.ALREADY_EXISTS = 'Already Exists';
 BoxError.BAD_FIELD = 'Bad Field';
+BoxError.BAD_STATE = 'Bad State';
+BoxError.BUSY = 'Busy';
 BoxError.COLLECTD_ERROR = 'Collectd Error';
 BoxError.CONFLICT = 'Conflict';
+BoxError.CRYPTO_ERROR = 'Crypto Error';
 BoxError.DATABASE_ERROR = 'Database Error';
 BoxError.DNS_ERROR = 'DNS Error';
 BoxError.DOCKER_ERROR = 'Docker Error';
-BoxError.EXTERNAL_ERROR = 'External Error';
+BoxError.EXTERNAL_ERROR = 'External Error'; // use this for external API errors
 BoxError.FS_ERROR = 'FileSystem Error';
+BoxError.INACTIVE = 'Inactive';
 BoxError.INTERNAL_ERROR = 'Internal Error';
+BoxError.INVALID_CREDENTIALS = 'Invalid Credentials';
+BoxError.LICENSE_ERROR = 'License Error';
 BoxError.LOGROTATE_ERROR = 'Logrotate Error';
+BoxError.MAIL_ERROR = 'Mail Error';
 BoxError.NETWORK_ERROR = 'Network Error';
+BoxError.NGINX_ERROR = 'Nginx Error';
 BoxError.NOT_FOUND = 'Not found';
+BoxError.NOT_IMPLEMENTED = 'Not implemented';
+BoxError.NOT_SIGNED = 'Not Signed';
 BoxError.OPENSSL_ERROR = 'OpenSSL Error';
-BoxError.REVERSEPROXY_ERROR = 'ReverseProxy Error';
+BoxError.PLAN_LIMIT = 'Plan Limit';
+BoxError.SPAWN_ERROR = 'Spawn Error';
 BoxError.TASK_ERROR = 'Task Error';
+BoxError.TIMEOUT = 'Timeout';
 BoxError.TRY_AGAIN = 'Try Again';
-BoxError.UNKNOWN_ERROR = 'Unknown Error'; // only used for porting
 
 BoxError.prototype.toPlainObject = function () {
     return _.extend({}, { message: this.message, reason: this.reason }, this.details);
 };
+
+// this is a class method for now in case error is not a BoxError
+BoxError.toHttpError = function (error) {
+    switch (error.reason) {
+    case BoxError.BAD_FIELD:
+        return new HttpError(400, error);
+    case BoxError.LICENSE_ERROR:
+        return new HttpError(402, error);
+    case BoxError.NOT_FOUND:
+        return new HttpError(404, error);
+    case BoxError.ALREADY_EXISTS:
+    case BoxError.BAD_STATE:
+    case BoxError.CONFLICT:
+        return new HttpError(409, error);
+    case BoxError.INVALID_CREDENTIALS:
+        return new HttpError(412, error);
+    case BoxError.EXTERNAL_ERROR:
+    case BoxError.NETWORK_ERROR:
+    case BoxError.FS_ERROR:
+    case BoxError.MAIL_ERROR:
+    case BoxError.DOCKER_ERROR:
+    case BoxError.ADDONS_ERROR:
+        return new HttpError(424, error);
+    case BoxError.DATABASE_ERROR:
+    case BoxError.INTERNAL_ERROR:
+    default:
+        return new HttpError(500, error);
+    }
+};

src/cert/acme2.js

@@ -9,8 +9,8 @@ var assert = require('assert'),
     fs = require('fs'),
     path = require('path'),
     paths = require('../paths.js'),
+    request = require('request'),
     safe = require('safetydance'),
-    superagent = require('superagent'),
     util = require('util'),
     _ = require('underscore');
 
@@ -41,15 +41,6 @@ function Acme2(options) {
     this.wildcard = !!options.wildcard;
 }
 
-Acme2.prototype.getNonce = function (callback) {
-    superagent.get(this.directory.newNonce).timeout(30 * 1000).end(function (error, response) {
-        if (error && !error.response) return callback(error);
-        if (response.statusCode !== 204) return callback(new Error('Invalid response code when fetching nonce : ' + response.statusCode));
-
-        return callback(null, response.headers['Replay-Nonce'.toLowerCase()]);
-    });
-};
-
 // urlsafe base64 encoding (jose)
 function urlBase64Encode(string) {
     return string.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
@@ -96,8 +87,12 @@ Acme2.prototype.sendSignedRequest = function (url, payload, callback) {
 
     var payload64 = b64(payload);
 
-    this.getNonce(function (error, nonce) {
-        if (error) return callback(error);
+    request.get(this.directory.newNonce, { json: true, timeout: 30000 }, function (error, response) {
+        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Network error sending signed request: ${error.message}`));
+        if (response.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response code when fetching nonce : ' + response.statusCode));
+
+        const nonce = response.headers['Replay-Nonce'.toLowerCase()];
+        if (!nonce) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'No nonce in response'));
 
         debug('sendSignedRequest: using nonce %s for url %s', nonce, url);
 
@@ -113,14 +108,23 @@ Acme2.prototype.sendSignedRequest = function (url, payload, callback) {
             signature: signature64
         };
 
-        superagent.post(url).set('Content-Type', 'application/jose+json').set('User-Agent', 'acme-cloudron').send(JSON.stringify(data)).timeout(30 * 1000).end(function (error, res) {
-            if (error && !error.response) return callback(error); // network errors
+        request.post(url, { headers: { 'Content-Type': 'application/jose+json', 'User-Agent': 'acme-cloudron' }, body: JSON.stringify(data), timeout: 30000 }, function (error, response) {
+            if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Network error sending signed request: ${error.message}`)); // network error
 
-            callback(null, res);
+            // we don't set json: true in request because it ends up mangling the content-type
+            // we don't set json: true in request because it ends up mangling the content-type
+            if (response.headers['content-type'] === 'application/json') response.body = safe.JSON.parse(response.body);
+
+            callback(null, response);
         });
     });
 };
 
+// https://tools.ietf.org/html/rfc8555#section-6.3
+Acme2.prototype.postAsGet = function (url, callback) {
+    this.sendSignedRequest(url, '', callback);
+};
+
 Acme2.prototype.updateContact = function (registrationUri, callback) {
     assert.strictEqual(typeof registrationUri, 'string');
     assert.strictEqual(typeof callback, 'function');
@@ -134,7 +138,7 @@ Acme2.prototype.updateContact = function (registrationUri, callback) {
 
     const that = this;
     this.sendSignedRequest(registrationUri, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when registering user: ' + error.message));
+        if (error) return callback(error);
         if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to update contact. Expecting 200, got %s %s', result.statusCode, result.text)));
 
         debug(`updateContact: contact of user updated to ${that.email}`);
@@ -154,7 +158,7 @@ Acme2.prototype.registerUser = function (callback) {
 
     var that = this;
     this.sendSignedRequest(this.directory.newAccount, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when registering new account: ' + error.message));
+        if (error) return callback(error);
         // 200 if already exists. 201 for new accounts
         if (result.statusCode !== 200 && result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to register new account. Expecting 200 or 201, got %s %s', result.statusCode, result.text)));
 
@@ -180,7 +184,7 @@ Acme2.prototype.newOrder = function (domain, callback) {
     debug('newOrder: %s', domain);
 
     this.sendSignedRequest(this.directory.newOrder, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when registering domain: ' + error.message));
+        if (error) return callback(error);
         if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, `Forbidden sending signed request: ${result.body.detail}`));
         if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to register user. Expecting 201, got %s %s', result.statusCode, result.text)));
 
@@ -201,14 +205,15 @@ Acme2.prototype.waitForOrder = function (orderUrl, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     debug(`waitForOrder: ${orderUrl}`);
+    const that = this;
 
     async.retry({ times: 15, interval: 20000 }, function (retryCallback) {
         debug('waitForOrder: getting status');
 
-        superagent.get(orderUrl).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) {
+        that.postAsGet(orderUrl, function (error, result) {
+            if (error) {
                 debug('waitForOrder: network error getting uri %s', orderUrl);
-                return retryCallback(new BoxError(BoxError.NETWORK_ERROR, `Network error waiting for order: ${error.message}`)); // network error
+                return retryCallback(error);
             }
             if (result.statusCode !== 200) {
                 debug('waitForOrder: invalid response code getting uri %s', result.statusCode);
@@ -253,7 +258,7 @@ Acme2.prototype.notifyChallengeReady = function (challenge, callback) {
     };
 
     this.sendSignedRequest(challenge.url, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when notifying challenge: ' + error.message));
+        if (error) return callback(error);
         if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to notify challenge. Expecting 200, got %s %s', result.statusCode, result.text)));
 
         callback();
@@ -265,14 +270,15 @@ Acme2.prototype.waitForChallenge = function (challenge, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     debug('waitingForChallenge: %j', challenge);
+    const that = this;
 
     async.retry({ times: 15, interval: 20000 }, function (retryCallback) {
         debug('waitingForChallenge: getting status');
 
-        superagent.get(challenge.url).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) {
+        that.postAsGet(challenge.url, function (error, result) {
+            if (error) {
                 debug('waitForChallenge: network error getting uri %s', challenge.url);
-                return retryCallback(new BoxError(BoxError.NETWORK_ERROR, error.message)); // network error
+                return retryCallback(error);
             }
             if (result.statusCode !== 200) {
                 debug('waitForChallenge: invalid response code getting uri %s', result.statusCode);
@@ -305,7 +311,7 @@ Acme2.prototype.signCertificate = function (domain, finalizationUrl, csrDer, cal
     debug('signCertificate: sending sign request');
 
     this.sendSignedRequest(finalizationUrl, JSON.stringify(payload), function (error, result) {
-        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when signing certificate: ' + error.message));
+        if (error) return callback(error);
         // 429 means we reached the cert limit for this domain
         if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to sign certificate. Expecting 200, got %s %s', result.statusCode, result.text)));
 
@@ -348,26 +354,27 @@ Acme2.prototype.downloadCertificate = function (hostname, certUrl, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var outdir = paths.APP_CERTS_DIR;
+    const that = this;
 
-    superagent.get(certUrl).buffer().parse(function (res, done) {
-        var data = [ ];
-        res.on('data', function(chunk) { data.push(chunk); });
-        res.on('end', function () { res.text = Buffer.concat(data); done(); });
-    }).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when downloading certificate'));
-        if (result.statusCode === 202) return callback(new BoxError(BoxError.TRY_AGAIN, 'Retry not implemented yet'));
-        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to get cert. Expecting 200, got %s %s', result.statusCode, result.text)));
+    async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
+        debug('downloadCertificate: downloading certificate');
 
-        const fullChainPem = result.text;
+        that.postAsGet(certUrl, function (error, result) {
+            if (error) return retryCallback(new BoxError(BoxError.NETWORK_ERROR, `Network error when downloading certificate: ${error.message}`));
+            if (result.statusCode === 202) return retryCallback(new BoxError(BoxError.TRY_AGAIN, 'Retry downloading certificate'));
+            if (result.statusCode !== 200) return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Failed to get cert. Expecting 200, got %s %s', result.statusCode, result.text)));
 
-        const certName = hostname.replace('*.', '_.');
-        var certificateFile = path.join(outdir, `${certName}.cert`);
-        if (!safe.fs.writeFileSync(certificateFile, fullChainPem)) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
+            const fullChainPem = result.body; // buffer
 
-        debug('downloadCertificate: cert file for %s saved at %s', hostname, certificateFile);
+            const certName = hostname.replace('*.', '_.');
+            var certificateFile = path.join(outdir, `${certName}.cert`);
+            if (!safe.fs.writeFileSync(certificateFile, fullChainPem)) return retryCallback(new BoxError(BoxError.FS_ERROR, safe.error));
 
-        callback();
-    });
+            debug('downloadCertificate: cert file for %s saved at %s', hostname, certificateFile);
+
+            retryCallback(null);
+        });
+    }, callback);
 };
 
 Acme2.prototype.prepareHttpChallenge = function (hostname, domain, authorization, callback) {
@@ -481,9 +488,11 @@ Acme2.prototype.prepareChallenge = function (hostname, domain, authorizationUrl,
     assert.strictEqual(typeof authorizationUrl, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    debug(`prepareChallenge: http: ${this.performHttpAuthorization}`);
+
     const that = this;
-    superagent.get(authorizationUrl).timeout(30 * 1000).end(function (error, response) {
-        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error when preparing challenge'));
+    this.postAsGet(authorizationUrl, function (error, response) {
+        if (error) return callback(error);
         if (response.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response code getting authorization : ' + response.statusCode));
 
         const authorization = response.body;
@@ -502,6 +511,8 @@ Acme2.prototype.cleanupChallenge = function (hostname, domain, challenge, callba
     assert.strictEqual(typeof challenge, 'object');
     assert.strictEqual(typeof callback, 'function');
 
+    debug(`cleanupChallenge: http: ${this.performHttpAuthorization}`);
+
     if (this.performHttpAuthorization) {
         this.cleanupHttpChallenge(hostname, domain, challenge, callback);
     } else {
@@ -561,13 +572,13 @@ Acme2.prototype.acmeFlow = function (hostname, domain, callback) {
 Acme2.prototype.getDirectory = function (callback) {
     const that = this;
 
-    superagent.get(this.caDirectory).timeout(30 * 1000).end(function (error, response) {
-        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, 'Network error getting directory'));
+    request.get(this.caDirectory, { json: true, timeout: 30000 }, function (error, response) {
+        if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Network error getting directory: ${error.message}`));
         if (response.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response code when fetching directory : ' + response.statusCode));
 
         if (typeof response.body.newNonce !== 'string' ||
             typeof response.body.newOrder !== 'string' ||
-            typeof response.body.newAccount !== 'string') return callback(new Error(`Invalid response body : ${response.body}`));
+            typeof response.body.newAccount !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Invalid response body : ${response.body}`));
 
         that.directory = response.body;
 
@@ -607,6 +618,11 @@ function getCertificate(hostname, domain, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    var acme = new Acme2(options || { });
-    acme.getCertificate(hostname, domain, callback);
+    let attempt = 1;
+    async.retry({ times: 3, interval: 0 }, function (retryCallback) {
+        debug(`getCertificate: attempt ${attempt++}`);
+
+        let acme = new Acme2(options || { });
+        acme.getCertificate(hostname, domain, retryCallback);
+    }, callback);
 }

src/cert/interface.js

@@ -10,7 +10,8 @@ exports = module.exports = {
     getCertificate: getCertificate
 };
 
-var assert = require('assert');
+var assert = require('assert'),
+    BoxError = require('../boxerror.js');
 
 function getCertificate(hostname, domain, options, callback) {
     assert.strictEqual(typeof hostname, 'string');
@@ -18,6 +19,6 @@ function getCertificate(hostname, domain, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    return callback(new Error('Not implemented'));
+    return callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'getCertificate is not implemented'));
 }
 

src/clientdb.js

@@ -15,14 +15,12 @@ exports = module.exports = {
     delByAppId: delByAppId,
     delByAppIdAndType: delByAppIdAndType,
 
-    _clear: clear,
-    _addDefaultClients: addDefaultClients
+    _clear: clear
 };
 
 var assert = require('assert'),
-    async = require('async'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 var CLIENTS_FIELDS = [ 'id', 'appId', 'type', 'clientSecret', 'redirectURI', 'scope' ].join(',');
 var CLIENTS_FIELDS_PREFIXED = [ 'clients.id', 'clients.appId', 'clients.type', 'clients.clientSecret', 'clients.redirectURI', 'clients.scope' ].join(',');
@@ -32,8 +30,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, `Client not found: ${id}`));
 
         callback(null, result[0]);
     });
@@ -43,7 +41,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients ORDER BY appId', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -53,7 +51,7 @@ function getAllWithTokenCount(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS_PREFIXED + ',COUNT(tokens.clientId) AS tokenCount FROM clients LEFT OUTER JOIN tokens ON clients.id=tokens.clientId GROUP BY clients.id', [], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -64,7 +62,7 @@ function getAllWithTokenCountByIdentifier(identifier, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS_PREFIXED + ',COUNT(tokens.clientId) AS tokenCount FROM clients LEFT OUTER JOIN tokens ON clients.id=tokens.clientId WHERE tokens.identifier=? GROUP BY clients.id', [ identifier ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -75,8 +73,8 @@ function getByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? LIMIT 1', [ appId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null, result[0]);
     });
@@ -88,8 +86,8 @@ function getByAppIdAndType(appId, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? AND type = ? LIMIT 1', [ appId, type ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null, result[0]);
     });
@@ -107,8 +105,8 @@ function add(id, appId, type, clientSecret, redirectURI, scope, callback) {
     var data = [ id, appId, type, clientSecret, redirectURI, scope ];
 
     database.query('INSERT INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -126,8 +124,8 @@ function upsert(id, appId, type, clientSecret, redirectURI, scope, callback) {
     var data = [ id, appId, type, clientSecret, redirectURI, scope ];
 
     database.query('REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -138,8 +136,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM clients WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, `Client not found: ${id}`));
 
         callback(null);
     });
@@ -150,8 +148,8 @@ function delByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM clients WHERE appId=?', [ appId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null);
     });
@@ -163,8 +161,8 @@ function delByAppIdAndType(appId, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM clients WHERE appId=? AND type=?', [ appId, type ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null);
     });
@@ -173,17 +171,9 @@ function delByAppIdAndType(appId, type, callback) {
 function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('DELETE FROM clients WHERE id!="cid-webadmin" AND id!="cid-sdk" AND id!="cid-cli"', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+    database.query('DELETE FROM clients', function (error) {
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
 }
-
-function addDefaultClients(callback) {
-    async.series([
-        add.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', 'https://admin-localhost', '*'),
-        add.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', 'https://admin-localhost', '*'),
-        add.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', 'https://admin-localhost', '*')
-    ], callback);
-}

src/clients.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    ClientsError: ClientsError,
-
     add: add,
     get: get,
     del: del,
@@ -20,6 +18,11 @@ exports = module.exports = {
 
     removeTokenPrivateFields: removeTokenPrivateFields,
 
+    // client ids. we categorize them so we can have different restrictions based on the client
+    ID_WEBADMIN: 'cid-webadmin',    // dashboard oauth
+    ID_SDK: 'cid-sdk',              // created by user via dashboard
+    ID_CLI: 'cid-cli',              // created via cli tool
+
     // client type enums
     TYPE_EXTERNAL: 'external',
     TYPE_BUILT_IN: 'built-in',
@@ -30,54 +33,25 @@ exports = module.exports = {
 var apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     clientdb = require('./clientdb.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:clients'),
     eventlog = require('./eventlog.js'),
     hat = require('./hat.js'),
     accesscontrol = require('./accesscontrol.js'),
     tokendb = require('./tokendb.js'),
     users = require('./users.js'),
-    UsersError = users.UsersError,
-    util = require('util'),
     uuid = require('uuid'),
     _ = require('underscore');
 
-function ClientsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(ClientsError, Error);
-ClientsError.INVALID_SCOPE = 'Invalid scope';
-ClientsError.INVALID_CLIENT = 'Invalid client';
-ClientsError.INVALID_TOKEN = 'Invalid token';
-ClientsError.BAD_FIELD = 'Bad field';
-ClientsError.NOT_FOUND = 'Not found';
-ClientsError.INTERNAL_ERROR = 'Internal Error';
-ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';
-
 function validateClientName(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
-    if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
+    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'name must be atleast 1 character', { field: 'name' });
+    if (name.length > 128) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
 
-    if (/[^a-zA-Z0-9-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');
+    if (/[^a-zA-Z0-9-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'name can only contain alphanumerals and dash', { field: 'name' });
 
     return null;
 }
@@ -85,7 +59,7 @@ function validateClientName(name) {
 function validateTokenName(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length > 64) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
+    if (name.length > 64) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
 
     return null;
 }
@@ -98,7 +72,7 @@ function add(appId, type, redirectURI, scope, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var error = accesscontrol.validateScopeString(scope);
-    if (error) return callback(new ClientsError(ClientsError.INVALID_SCOPE, error.message));
+    if (error) return callback(error);
 
     error = validateClientName(appId);
     if (error) return callback(error);
@@ -127,8 +101,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
         if (error) return callback(error);
+
         callback(null, result);
     });
 }
@@ -138,8 +112,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.del(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
         if (error) return callback(error);
+
         callback(null, result);
     });
 }
@@ -148,7 +122,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.getAll(function (error, results) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, []);
         if (error) return callback(error);
 
         var tmp = [];
@@ -190,8 +164,8 @@ function getByAppIdAndType(appId, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.getByAppIdAndType(appId, type, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
         if (error) return callback(error);
+
         callback(null, result);
     });
 }
@@ -202,7 +176,7 @@ function getTokensByUserId(clientId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tokendb.getByIdentifierAndClientId(userId, clientId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) {
+        if (error && error.reason === BoxError.NOT_FOUND) {
             // this can mean either that there are no tokens or the clientId is actually unknown
             get(clientId, function (error/*, result*/) {
                 if (error) return callback(error);
@@ -221,7 +195,7 @@ function delTokensByUserId(clientId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tokendb.delByIdentifierAndClientId(userId, clientId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) {
+        if (error && error.reason === BoxError.NOT_FOUND) {
             // this can mean either that there are no tokens or the clientId is actually unknown
             get(clientId, function (error/*, result*/) {
                 if (error) return callback(error);
@@ -243,10 +217,9 @@ function delByAppIdAndType(appId, type, callback) {
         if (error) return callback(error);
 
         tokendb.delByClientId(result.id, function (error) {
-            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
             clientdb.delByAppIdAndType(appId, type, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
                 if (error) return callback(error);
 
                 callback(null);
@@ -270,11 +243,10 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
         if (error) return callback(error);
 
         users.get(userId, function (error, user) {
-            if (error && error.reason === UsersError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such user'));
-            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             accesscontrol.scopesForUser(user, function (error, userScopes) {
-                if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 const scope = accesscontrol.canonicalScopeString(result.scope);
                 const authorizedScopes = accesscontrol.intersectScopes(userScopes, scope.split(','));
@@ -290,7 +262,7 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
                 };
 
                 tokendb.add(token, function (error) {
-                    if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+                    if (error) return callback(error);
 
                     callback(null, {
                         accessToken: token.accessToken,
@@ -305,15 +277,14 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
     });
 }
 
-// this issues a cid-cli token that does not require a password in various routes
 function issueDeveloperToken(userObject, auditSource, callback) {
     assert.strictEqual(typeof userObject, 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    const expiresAt = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
+    const expiresAt = Date.now() + (30 * 24 * 60 * 60 * 1000); // cli tokens are valid for a month
 
-    addTokenByUserId('cid-cli', userObject.id, expiresAt, {}, function (error, result) {
+    addTokenByUserId(exports.ID_CLI, userObject.id, expiresAt, {}, function (error, result) {
         if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: userObject.id, user: users.removePrivateFields(userObject) });
@@ -331,8 +302,7 @@ function delToken(clientId, tokenId, callback) {
         if (error) return callback(error);
 
         tokendb.del(tokenId, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN, 'Invalid token'));
-            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null);
         });
@@ -348,9 +318,9 @@ function addDefaultClients(origin, callback) {
     // The domain might have changed, therefor we have to update the record
     // id, appId, type, clientSecret, redirectURI, scope
     async.series([
-        clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
-        clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', origin, '*'),
-        clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
+        clientdb.upsert.bind(null, exports.ID_WEBADMIN, 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
+        clientdb.upsert.bind(null, exports.ID_SDK, 'SDK', 'built-in', 'secret-sdk', origin, '*'),
+        clientdb.upsert.bind(null, exports.ID_CLI, 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
     ], callback);
 }
 

src/cloudron.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    CloudronError: CloudronError,
-
     initialize: initialize,
     uninitialize: uninitialize,
     getConfig: getConfig,
@@ -28,12 +26,12 @@ var apps = require('./apps.js'),
     async = require('async'),
     auditSource = require('./auditsource.js'),
     backups = require('./backups.js'),
+    BoxError = require('./boxerror.js'),
     clients = require('./clients.js'),
     constants = require('./constants.js'),
     cron = require('./cron.js'),
     debug = require('debug')('box:cloudron'),
     domains = require('./domains.js'),
-    DomainsError = require('./domains.js').DomainsError,
     eventlog = require('./eventlog.js'),
     custom = require('./custom.js'),
     fs = require('fs'),
@@ -49,40 +47,12 @@ var apps = require('./apps.js'),
     shell = require('./shell.js'),
     spawn = require('child_process').spawn,
     split = require('split'),
-    sysinfo = require('./sysinfo.js'),
     tasks = require('./tasks.js'),
-    TaskError = require('./tasks.js').TaskError,
-    users = require('./users.js'),
-    util = require('util');
+    users = require('./users.js');
 
 var REBOOT_CMD = path.join(__dirname, 'scripts/reboot.sh');
 
-var NOOP_CALLBACK = function (error) { if (error) debug(error); };
-
-function CloudronError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(CloudronError, Error);
-CloudronError.BAD_FIELD = 'Field error';
-CloudronError.INTERNAL_ERROR = 'Internal Error';
-CloudronError.EXTERNAL_ERROR = 'External Error';
-CloudronError.BAD_STATE = 'Bad state';
-CloudronError.ALREADY_UPTODATE = 'No Update Available';
+const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
 function initialize(callback) {
     assert.strictEqual(typeof callback, 'function');
@@ -119,11 +89,11 @@ function notifyUpdate(callback) {
     const version = safe.fs.readFileSync(paths.VERSION_FILE, 'utf8');
     if (version === constants.VERSION) return callback();
 
-    eventlog.add(eventlog.ACTION_UPDATE_FINISH, auditSource.CRON, { oldVersion: version || 'dev', newVersion: constants.VERSION }, function (error) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+    eventlog.add(eventlog.ACTION_UPDATE_FINISH, auditSource.CRON, { errorMessage: '', oldVersion: version || 'dev', newVersion: constants.VERSION }, function (error) {
+        if (error) return callback(error);
 
         tasks.setCompletedByType(tasks.TASK_UPDATE, { error: null }, function (error) {
-            if (error && error.reason !== TaskError.NOT_FOUND) return callback(error); // when hotfixing, task may not exist
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error); // when hotfixing, task may not exist
 
             safe.fs.writeFileSync(paths.VERSION_FILE, constants.VERSION, 'utf8');
 
@@ -153,7 +123,7 @@ function getConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getAll(function (error, allSettings) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         // be picky about what we send out here since this is sent for 'normal' users as well
         callback(null, {
@@ -164,8 +134,7 @@ function getConfig(callback) {
             mailFqdn: settings.mailFqdn(),
             version: constants.VERSION,
             isDemo: settings.isDemo(),
-            memory: os.totalmem(),
-            provider: sysinfo.provider(),
+            provider: settings.provider(),
             cloudronName: allSettings[settings.CLOUDRON_NAME_KEY],
             uiSpec: custom.uiSpec()
         });
@@ -184,20 +153,20 @@ function isRebootRequired(callback) {
 }
 
 // called from cron.js
-function runSystemChecks() {
+function runSystemChecks(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
     async.parallel([
         checkBackupConfiguration,
         checkMailStatus,
         checkRebootRequired
-    ], function (error) {
-        debug('runSystemChecks: done', error);
-    });
+    ], callback);
 }
 
 function checkBackupConfiguration(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    debug('Checking backup configuration');
+    debug('checking backup configuration');
 
     backups.checkConfiguration(function (error, message) {
         if (error) return callback(error);
@@ -251,7 +220,7 @@ function getLogs(unit, options, callback) {
     // need to handle box.log without subdir
     if (unit === 'box') args.push(path.join(paths.LOG_DIR, 'box.log'));
     else if (unit.startsWith('crash-')) args.push(path.join(paths.CRASH_LOG_DIR, unit.slice(6) + '.log'));
-    else return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such unit'));
+    else return callback(new BoxError(BoxError.BAD_FIELD, 'No such unit', { field: 'unit' }));
 
     var cp = spawn('/usr/bin/tail', args);
 
@@ -284,19 +253,18 @@ function prepareDashboardDomain(domain, auditSource, callback) {
     debug(`prepareDashboardDomain: ${domain}`);
 
     domains.get(domain, function (error, domainObject) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such domain'));
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
 
         apps.getAll(function (error, result) {
-            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             const conflict = result.filter(app => app.fqdn === fqdn);
-            if (conflict.length) return callback(new CloudronError(CloudronError.BAD_STATE, 'Dashboard location conflicts with an existing app'));
+            if (conflict.length) return callback(new BoxError(BoxError.BAD_STATE, 'Dashboard location conflicts with an existing app'));
 
             tasks.add(tasks.TASK_PREPARE_DASHBOARD_DOMAIN, [ domain, auditSource ], function (error, taskId) {
-                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 tasks.startTask(taskId, {}, NOOP_CALLBACK);
 
@@ -315,11 +283,10 @@ function setDashboardDomain(domain, auditSource, callback) {
     debug(`setDashboardDomain: ${domain}`);
 
     domains.get(domain, function (error, domainObject) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such domain'));
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         reverseProxy.writeAdminConfig(domain, function (error) {
-            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
 
@@ -327,7 +294,7 @@ function setDashboardDomain(domain, auditSource, callback) {
                 (done) => settings.setAdmin(domain, fqdn, done),
                 (done) => clients.addDefaultClients(settings.adminOrigin(), done)
             ], function (error) {
-                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 eventlog.add(eventlog.ACTION_DASHBOARD_DOMAIN_UPDATE, auditSource, { domain: domain, fqdn: fqdn });
 
@@ -371,7 +338,7 @@ function renewCerts(options, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tasks.add(tasks.TASK_RENEW_CERTS, [ options, auditSource ], function (error, taskId) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         tasks.startTask(taskId, {}, NOOP_CALLBACK);
 

src/cron.js

@@ -18,12 +18,12 @@ var appHealthMonitor = require('./apphealthmonitor.js'),
     constants = require('./constants.js'),
     CronJob = require('cron').CronJob,
     debug = require('debug')('box:cron'),
-    disks = require('./disks.js'),
     dyndns = require('./dyndns.js'),
     eventlog = require('./eventlog.js'),
     janitor = require('./janitor.js'),
     scheduler = require('./scheduler.js'),
     settings = require('./settings.js'),
+    system = require('./system.js'),
     updater = require('./updater.js'),
     updateChecker = require('./updatechecker.js');
 
@@ -107,18 +107,16 @@ function recreateJobs(tz) {
     if (gJobs.systemChecks) gJobs.systemChecks.stop();
     gJobs.systemChecks = new CronJob({
         cronTime: '00 30 * * * *', // every 30 minutes. if you change this interval, change the notification messages with correct duration
-        onTick: cloudron.runSystemChecks,
+        onTick: () => cloudron.runSystemChecks(NOOP_CALLBACK),
         start: true,
-        runOnInit: true, // run system check immediately
         timeZone: tz
     });
 
     if (gJobs.diskSpaceChecker) gJobs.diskSpaceChecker.stop();
     gJobs.diskSpaceChecker = new CronJob({
         cronTime: '00 30 * * * *', // every 30 minutes. if you change this interval, change the notification messages with correct duration
-        onTick: () => disks.checkDiskSpace(NOOP_CALLBACK),
+        onTick: () => system.checkDiskSpace(NOOP_CALLBACK),
         start: true,
-        runOnInit: true, // run system check immediately
         timeZone: tz
     });
 

src/custom.js

@@ -38,10 +38,10 @@ const DEFAULT_SPEC = {
     },
     alerts: {
         email: '',
-        notifyCloudronAdmins: false
+        notifyCloudronAdmins: true
     },
     footer: {
-        body: '&copy; 2019 [Cloudron](https://cloudron.io) [Forum <i class="fa fa-comments"></i>](https://forum.cloudron.io)'
+        body: '&copy; 2020 [Cloudron](https://cloudron.io) [Forum <i class="fa fa-comments"></i>](https://forum.cloudron.io)'
     }
 };
 
@@ -63,4 +63,4 @@ function uiSpec() {
 
 function spec() {
     return gSpec;
-}
+}

src/database.js

@@ -14,6 +14,7 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     child_process = require('child_process'),
     constants = require('./constants.js'),
     mysql = require('mysql'),
@@ -105,14 +106,14 @@ function clear(callback) {
 
     async.series([
         child_process.exec.bind(null, cmd),
-        require('./clientdb.js')._addDefaultClients
+        require('./clients.js').addDefaultClients.bind(null, 'https://admin-localhost')
     ], callback);
 }
 
 function beginTransaction(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    if (gConnectionPool === null) return callback(new Error('No database connection pool.'));
+    if (gConnectionPool === null) return callback(new BoxError(BoxError.DATABASE_ERROR, 'No database connection pool.'));
 
     gConnectionPool.getConnection(function (error, connection) {
         if (error) {
@@ -156,7 +157,7 @@ function query() {
     var callback = args[args.length - 1];
     assert.strictEqual(typeof callback, 'function');
 
-    if (gDefaultConnection === null) return callback(new Error('No connection to database'));
+    if (gDefaultConnection === null) return callback(new BoxError(BoxError.DATABASE_ERROR, 'No connection to database'));
 
     args[args.length -1 ] = function (error, result) {
         if (error && error.fatal) {

src/databaseerror.js

@@ -1,34 +0,0 @@
-/* jslint node:true */
-
-'use strict';
-
-exports = module.exports = DatabaseError;
-
-var assert = require('assert'),
-    util = require('util');
-
-function DatabaseError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(DatabaseError, Error);
-
-DatabaseError.INTERNAL_ERROR = 'Internal error';
-DatabaseError.ALREADY_EXISTS = 'Entry already exist';
-DatabaseError.NOT_FOUND = 'Record not found';
-DatabaseError.BAD_FIELD = 'Invalid field';
-DatabaseError.IN_USE = 'In Use';

src/dns/caas.js

@@ -11,14 +11,18 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/caas'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     settings = require('../settings.js'),
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
 
+function formatError(response) {
+    return util.format('Caas DNS error [%s] %j', response.statusCode, response.body);
+}
+
 function getFqdn(location, domain) {
     assert.strictEqual(typeof location, 'string');
     assert.strictEqual(typeof domain, 'string');
@@ -63,10 +67,10 @@ function upsert(domainObject, location, type, values, callback) {
         .send(data)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-            if (result.statusCode === 420) return callback(new DomainsError(DomainsError.STILL_BUSY));
-            if (result.statusCode !== 201) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+            if (result.statusCode === 420) return callback(new BoxError(BoxError.BUSY));
+            if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -88,8 +92,8 @@ function get(domainObject, location, type, callback) {
         .query({ token: dnsConfig.token, type: type })
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null, result.body.values);
         });
@@ -116,11 +120,11 @@ function del(domainObject, location, type, values, callback) {
         .send(data)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-            if (result.statusCode === 420) return callback(new DomainsError(DomainsError.STILL_BUSY));
-            if (result.statusCode === 404) return callback(new DomainsError(DomainsError.NOT_FOUND));
-            if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+            if (result.statusCode === 420) return callback(new BoxError(BoxError.BUSY));
+            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -145,7 +149,7 @@ function verifyDnsConfig(domainObject, callback) {
 
     const dnsConfig = domainObject.config;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     const ip = '127.0.0.1';
 

src/dns/cloudflare.js

@@ -12,10 +12,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/cloudflare'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js'),
@@ -37,15 +37,32 @@ function translateRequestError(result, callback) {
     assert.strictEqual(typeof result, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (result.statusCode === 404) return callback(new DomainsError(DomainsError.NOT_FOUND, util.format('%s %j', result.statusCode, 'API does not exist')));
-    if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
+    if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND, util.format('%s %j', result.statusCode, 'API does not exist')));
+    if (result.statusCode === 422) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
     if ((result.statusCode === 400 || result.statusCode === 401 || result.statusCode === 403) && result.body.errors.length > 0) {
         let error = result.body.errors[0];
         let message = `message: ${error.message} statusCode: ${result.statusCode} code:${error.code}`;
-        return callback(new DomainsError(DomainsError.ACCESS_DENIED, message));
+        return callback(new BoxError(BoxError.ACCESS_DENIED, message));
     }
 
-    callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+    callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+}
+
+function createRequest(method, url, dnsConfig) {
+    assert.strictEqual(typeof method, 'string');
+    assert.strictEqual(typeof url, 'string');
+    assert.strictEqual(typeof dnsConfig, 'object');
+
+    let request = superagent(method, url)
+        .timeout(30 * 1000);
+
+    if (dnsConfig.tokenType === 'GlobalApiKey') {
+        request.set('X-Auth-Key', dnsConfig.token).set('X-Auth-Email', dnsConfig.email);
+    } else {
+        request.set('Authorization', 'Bearer ' + dnsConfig.token);
+    }
+
+    return request;
 }
 
 function getZoneByName(dnsConfig, zoneName, callback) {
@@ -53,14 +70,11 @@ function getZoneByName(dnsConfig, zoneName, callback) {
     assert.strictEqual(typeof zoneName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    superagent.get(CLOUDFLARE_ENDPOINT + '/zones?name=' + zoneName + '&status=active')
-        .set('X-Auth-Key', dnsConfig.token)
-        .set('X-Auth-Email', dnsConfig.email)
-        .timeout(30 * 1000)
+    createRequest('GET', CLOUDFLARE_ENDPOINT + '/zones?name=' + zoneName + '&status=active', dnsConfig)
         .end(function (error, result) {
             if (error && !error.response) return callback(error);
             if (result.statusCode !== 200 || result.body.success !== true) return translateRequestError(result, callback);
-            if (!result.body.result.length) return callback(new DomainsError(DomainsError.NOT_FOUND, util.format('%s %j', result.statusCode, result.body)));
+            if (!result.body.result.length) return callback(new BoxError(BoxError.NOT_FOUND, util.format('%s %j', result.statusCode, result.body)));
 
             callback(null, result.body.result[0]);
         });
@@ -74,11 +88,8 @@ function getDnsRecords(dnsConfig, zoneId, fqdn, type, callback) {
     assert.strictEqual(typeof type, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    superagent.get(CLOUDFLARE_ENDPOINT + '/zones/' + zoneId + '/dns_records')
-        .set('X-Auth-Key',dnsConfig.token)
-        .set('X-Auth-Email',dnsConfig.email)
+    createRequest('GET', CLOUDFLARE_ENDPOINT + '/zones/' + zoneId + '/dns_records', dnsConfig)
         .query({ type: type, name: fqdn })
-        .timeout(30 * 1000)
         .end(function (error, result) {
             if (error && !error.response) return callback(error);
             if (result.statusCode !== 200 || result.body.success !== true) return translateRequestError(result, callback);
@@ -132,11 +143,8 @@ function upsert(domainObject, location, type, values, callback) {
                 if (i >= dnsRecords.length) { // create a new record
                     debug(`upsert: Adding new record fqdn: ${fqdn}, zoneName: ${zoneName} proxied: false`);
 
-                    superagent.post(CLOUDFLARE_ENDPOINT + '/zones/' + zoneId + '/dns_records')
-                        .set('X-Auth-Key', dnsConfig.token)
-                        .set('X-Auth-Email', dnsConfig.email)
+                    createRequest('POST', CLOUDFLARE_ENDPOINT + '/zones/' + zoneId + '/dns_records', dnsConfig)
                         .send(data)
-                        .timeout(30 * 1000)
                         .end(function (error, result) {
                             if (error && !error.response) return iteratorCallback(error);
                             if (result.statusCode !== 200 || result.body.success !== true) return translateRequestError(result, iteratorCallback);
@@ -148,11 +156,8 @@ function upsert(domainObject, location, type, values, callback) {
 
                     debug(`upsert: Updating existing record fqdn: ${fqdn}, zoneName: ${zoneName} proxied: ${data.proxied}`);
 
-                    superagent.put(CLOUDFLARE_ENDPOINT + '/zones/' + zoneId + '/dns_records/' + dnsRecords[i].id)
-                        .set('X-Auth-Key', dnsConfig.token)
-                        .set('X-Auth-Email', dnsConfig.email)
+                    createRequest('PUT', CLOUDFLARE_ENDPOINT + '/zones/' + zoneId + '/dns_records/' + dnsRecords[i].id, dnsConfig)
                         .send(data)
-                        .timeout(30 * 1000)
                         .end(function (error, result) {
                             ++i; // increment, as we have consumed the record
 
@@ -217,10 +222,7 @@ function del(domainObject, location, type, values, callback) {
             if (tmp.length === 0) return callback(null);
 
             async.eachSeries(tmp, function (record, callback) {
-                superagent.del(CLOUDFLARE_ENDPOINT + '/zones/'+ zoneId + '/dns_records/' + record.id)
-                    .set('X-Auth-Key', dnsConfig.token)
-                    .set('X-Auth-Email', dnsConfig.email)
-                    .timeout(30 * 1000)
+                createRequest('DELETE', CLOUDFLARE_ENDPOINT + '/zones/'+ zoneId + '/dns_records/' + record.id, dnsConfig)
                     .end(function (error, result) {
                         if (error && !error.response) return callback(error);
                         if (result.statusCode !== 200 || result.body.success !== true) return translateRequestError(result, callback);
@@ -259,7 +261,7 @@ function wait(domainObject, location, type, value, options, callback) {
 
         getDnsRecords(dnsConfig, zoneId, fqdn, type, function (error, dnsRecords) {
             if (error) return callback(error);
-            if (dnsRecords.length === 0) return callback(new DomainsError(DomainsError.NOT_FOUND, 'Domain not found'));
+            if (dnsRecords.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
 
             if (!dnsRecords[0].proxied) return waitForDns(fqdn, domainObject.zoneName, type, value, options, callback);
 
@@ -277,28 +279,34 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
-    if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'email must be a non-empty string'));
+    // token can be api token or global api key
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
+    if (dnsConfig.tokenType !== 'GlobalApiKey' && dnsConfig.tokenType !== 'ApiToken')  return callback(new BoxError(BoxError.BAD_FIELD, 'tokenType is required', { field: 'tokenType' }));
+
+    if (dnsConfig.tokenType === 'GlobalApiKey') {
+        if ('email' in dnsConfig && typeof dnsConfig.email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'email must be a non-empty string', { field: 'email' }));
+    }
 
     const ip = '127.0.0.1';
 
     var credentials = {
         token: dnsConfig.token,
-        email: dnsConfig.email
+        tokenType: dnsConfig.tokenType,
+        email: dnsConfig.email || null
     };
 
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         getZoneByName(dnsConfig, zoneName, function(error, zone) {
             if (error) return callback(error);
 
             if (!_.isEqual(zone.name_servers.sort(), nameservers.sort())) {
                 debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.name_servers);
-                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Cloudflare'));
+                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Cloudflare', { field: 'nameservers' }));
             }
 
             const location = 'cloudrontestdns';

src/dns/digitalocean.js

@@ -12,10 +12,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/digitalocean'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     safe = require('safetydance'),
     superagent = require('superagent'),
     util = require('util'),
@@ -55,10 +55,10 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {
             .timeout(30 * 1000)
             .retry(5)
             .end(function (error, result) {
-                if (error && !error.response) return iteratorDone(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                if (result.statusCode === 404) return iteratorDone(new DomainsError(DomainsError.NOT_FOUND, formatError(result)));
-                if (result.statusCode === 403 || result.statusCode === 401) return iteratorDone(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return iteratorDone(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (error && !error.response) return iteratorDone(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 404) return iteratorDone(new BoxError(BoxError.NOT_FOUND, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return iteratorDone(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return iteratorDone(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 matchingRecords = matchingRecords.concat(result.body.domain_records.filter(function (record) {
                     return (record.type === type && record.name === name);
@@ -119,10 +119,10 @@ function upsert(domainObject, location, type, values, callback) {
                     .timeout(30 * 1000)
                     .retry(5)
                     .end(function (error, result) {
-                        if (error && !error.response) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                        if (result.statusCode === 422) return iteratorCallback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-                        if (result.statusCode !== 201) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return iteratorCallback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return iteratorCallback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 201) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                         recordIds.push(safe.query(result.body, 'domain_record.id'));
 
@@ -138,10 +138,10 @@ function upsert(domainObject, location, type, values, callback) {
                     // increment, as we have consumed the record
                         ++i;
 
-                        if (error && !error.response) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                        if (result.statusCode === 422) return iteratorCallback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-                        if (result.statusCode !== 200) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return iteratorCallback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return iteratorCallback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 200) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                         recordIds.push(safe.query(result.body, 'domain_record.id'));
 
@@ -209,10 +209,10 @@ function del(domainObject, location, type, values, callback) {
             .timeout(30 * 1000)
             .retry(5)
             .end(function (error, result) {
-                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
                 if (result.statusCode === 404) return callback(null);
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 debug('del: done');
 
@@ -241,7 +241,7 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     const ip = '127.0.0.1';
 
@@ -252,12 +252,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (nameservers.map(function (n) { return n.toLowerCase(); }).indexOf('ns1.digitalocean.com') === -1) {
             debug('verifyDnsConfig: %j does not contains DO NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to DigitalOcean'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to DigitalOcean', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/gandi.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/gandi'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
@@ -57,10 +57,10 @@ function upsert(domainObject, location, type, values, callback) {
         .timeout(30 * 1000)
         .send(data)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result)));
-            if (result.statusCode !== 201) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result)));
+            if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -82,10 +82,10 @@ function get(domainObject, location, type, callback) {
         .set('X-Api-Key', dnsConfig.token)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
             if (result.statusCode === 404) return callback(null, [ ]);
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             debug('get: %j', result.body);
 
@@ -110,10 +110,10 @@ function del(domainObject, location, type, values, callback) {
         .set('X-Api-Key', dnsConfig.token)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
             if (result.statusCode === 404) return callback(null);
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             debug('del: done');
 
@@ -141,7 +141,7 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     var credentials = {
         token: dnsConfig.token
@@ -152,12 +152,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.gandi.net') !== -1; })) {
             debug('verifyDnsConfig: %j does not contain Gandi NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Gandi'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Gandi', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/gcdns.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/gcdns'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     GCDNS = require('@google-cloud/dns').DNS,
     util = require('util'),
     waitForDns = require('./waitfordns.js'),
@@ -49,20 +49,20 @@ function getZoneByName(dnsConfig, zoneName, callback) {
     var gcdns = new GCDNS(getDnsCredentials(dnsConfig));
 
     gcdns.getZones(function (error, zones) {
-        if (error && error.message === 'invalid_grant') return callback(new DomainsError(DomainsError.ACCESS_DENIED, 'The key was probably revoked'));
-        if (error && error.reason === 'No such domain') return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
-        if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-        if (error && error.code === 404) return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+        if (error && error.message === 'invalid_grant') return callback(new BoxError(BoxError.ACCESS_DENIED, 'The key was probably revoked'));
+        if (error && error.reason === 'No such domain') return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+        if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+        if (error && error.code === 404) return callback(new BoxError(BoxError.NOT_FOUND, error.message));
         if (error) {
             debug('gcdns.getZones', error);
-            return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
         }
 
         var zone = zones.filter(function (zone) {
             return zone.metadata.dnsName.slice(0, -1) === zoneName;     // the zone name contains a '.' at the end
         })[0];
 
-        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));
+        if (!zone) return callback(new BoxError(BoxError.NOT_FOUND, 'no such zone'));
 
         callback(null, zone); //zone.metadata ~= {name="", dnsName="", nameServers:[]}
     });
@@ -85,10 +85,10 @@ function upsert(domainObject, location, type, values, callback) {
         if (error) return callback(error);
 
         zone.getRecords({ type: type, name: fqdn + '.' }, function (error, oldRecords) {
-            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
             if (error) {
                 debug('upsert->zone.getRecords', error);
-                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             }
 
             var newRecord = zone.record(type, {
@@ -98,11 +98,11 @@ function upsert(domainObject, location, type, values, callback) {
             });
 
             zone.createChange({ delete: oldRecords, add: newRecord }, function(error /*, change */) {
-                if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-                if (error && error.code === 412) return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+                if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+                if (error && error.code === 412) return callback(new BoxError(BoxError.BUSY, error.message));
                 if (error) {
                     debug('upsert->zone.createChange', error);
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
                 }
 
                 callback(null);
@@ -130,8 +130,8 @@ function get(domainObject, location, type, callback) {
         };
 
         zone.getRecords(params, function (error, records) {
-            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
             if (records.length === 0) return callback(null, [ ]);
 
             return callback(null, records[0].data);
@@ -154,18 +154,18 @@ function del(domainObject, location, type, values, callback) {
         if (error) return callback(error);
 
         zone.getRecords({ type: type, name: fqdn + '.' }, function(error, oldRecords) {
-            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
             if (error) {
                 debug('del->zone.getRecords', error);
-                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             }
 
             zone.deleteRecords(oldRecords, function (error, change) {
-                if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-                if (error && error.code === 412) return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+                if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+                if (error && error.code === 412) return callback(new BoxError(BoxError.BUSY, error.message));
                 if (error) {
                     debug('del->zone.createChange', error);
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
                 }
 
                 callback(null, change.id);
@@ -194,10 +194,10 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (typeof dnsConfig.projectId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'projectId must be a string'));
-    if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials must be an object'));
-    if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.client_email must be a string'));
-    if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.private_key must be a string'));
+    if (typeof dnsConfig.projectId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'projectId must be a string', { field: 'projectId' }));
+    if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials must be an object', { field: 'credentials' }));
+    if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.client_email must be a string', { field: 'client_email' }));
+    if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.private_key must be a string', { field: 'private_key' }));
 
     var credentials = getDnsCredentials(dnsConfig);
 
@@ -206,8 +206,8 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         getZoneByName(credentials, zoneName, function (error, zone) {
             if (error) return callback(error);
@@ -215,7 +215,7 @@ function verifyDnsConfig(domainObject, callback) {
             var definedNS = zone.metadata.nameServers.sort().map(function(r) { return r.replace(/\.$/, ''); });
             if (!_.isEqual(definedNS, nameservers.sort())) {
                 debug('verifyDnsConfig: %j and %j do not match', nameservers, definedNS);
-                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS'));
+                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS', { field: 'nameservers' }));
             }
 
             const location = 'cloudrontestdns';

src/dns/godaddy.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/godaddy'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
@@ -72,11 +72,11 @@ function upsert(domainObject, location, type, values, callback) {
         .timeout(30 * 1000)
         .send(records)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result))); // no such zone
-            if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result))); // conflict
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result))); // no such zone
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result))); // conflict
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -98,10 +98,10 @@ function get(domainObject, location, type, callback) {
         .set('Authorization', `sso-key ${dnsConfig.apiKey}:${dnsConfig.apiSecret}`)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
             if (result.statusCode === 404) return callback(null, [ ]);
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             debug('get: %j', result.body);
 
@@ -126,7 +126,7 @@ function del(domainObject, location, type, values, callback) {
 
     debug(`get: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);
 
-    if (type !== 'A' && type !== 'TXT') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, new Error('Record deletion is not supported by GoDaddy API')));
+    if (type !== 'A' && type !== 'TXT') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Record deletion is not supported by GoDaddy API'));
 
     // check if the record exists at all so that we don't insert the "Dead" record for no reason
     get(domainObject, location, type, function (error, values) {
@@ -144,10 +144,10 @@ function del(domainObject, location, type, values, callback) {
             .send(records)
             .timeout(30 * 1000)
             .end(function (error, result) {
-                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
                 if (result.statusCode === 404) return callback(null);
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 debug('del: done');
 
@@ -176,8 +176,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiKey must be a non-empty string'));
-    if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiSecret must be a non-empty string'));
+    if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'apiKey must be a non-empty string', { field: 'apiKey' }));
+    if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'apiSecret must be a non-empty string', { field: 'apiSecret' }));
 
     const ip = '127.0.0.1';
 
@@ -189,12 +189,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.domaincontrol.com') !== -1; })) {
             debug('verifyDnsConfig: %j does not contain GoDaddy NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to GoDaddy'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to GoDaddy', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/interface.js

@@ -17,6 +17,7 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     util = require('util');
 
 function removePrivateFields(domainObject) {
@@ -24,6 +25,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
     // in-place injection of tokens and api keys which came in with domains.SECRET_PLACEHOLDER
 }
@@ -37,7 +39,7 @@ function upsert(domainObject, location, type, values, callback) {
 
     // Result: none
 
-    callback(new Error('not implemented'));
+    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'upsert is not implemented'));
 }
 
 function get(domainObject, location, type, callback) {
@@ -48,7 +50,7 @@ function get(domainObject, location, type, callback) {
 
     // Result: Array of matching DNS records in string format
 
-    callback(new Error('not implemented'));
+    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'get is not implemented'));
 }
 
 function del(domainObject, location, type, values, callback) {
@@ -60,7 +62,7 @@ function del(domainObject, location, type, values, callback) {
 
     // Result: none
 
-    callback(new Error('not implemented'));
+    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'del is not implemented'));
 }
 
 function wait(domainObject, location, type, value, options, callback) {
@@ -80,5 +82,5 @@ function verifyDnsConfig(domainObject, callback) {
 
     // Result: dnsConfig object
 
-    callback(new Error('not implemented'));
+    callback(new BoxError(BoxError.NOT_IMPLEMENTED, 'verifyDnsConfig is not implemented'));
 }

src/dns/manual.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/manual'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     util = require('util'),
     waitForDns = require('./waitfordns.js');
 
@@ -22,6 +22,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 
 }
@@ -78,8 +79,8 @@ function verifyDnsConfig(domainObject, callback) {
 
     // Very basic check if the nameservers can be fetched
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         callback(null, {});
     });

src/dns/namecheap.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/namecheap'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     safe = require('safetydance'),
     superagent = require('superagent'),
     sysinfo = require('../sysinfo.js'),
@@ -37,8 +37,8 @@ function getQuery(dnsConfig, callback) {
     assert.strictEqual(typeof dnsConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+    sysinfo.getServerIp(function (error, ip) {
+        if (error) return callback(error);
 
         callback(null, {
             ApiUser: dnsConfig.username,
@@ -64,21 +64,21 @@ function getInternal(dnsConfig, zoneName, subdomain, type, callback) {
         query.TLD = zoneName.split('.')[1];
 
         superagent.get(ENDPOINT).query(query).end(function (error, result) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
             var parser = new xml2js.Parser();
             parser.parseString(result.text, function (error, result) {
-                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
                 var tmp = result.ApiResponse;
                 if (tmp['$'].Status !== 'OK') {
                     var errorMessage = safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response');
-                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new DomainsError(DomainsError.ACCESS_DENIED, errorMessage));
+                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new BoxError(BoxError.ACCESS_DENIED, errorMessage));
 
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, errorMessage));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
                 }
-                if (!tmp.CommandResponse[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
 
                 var hosts = result.ApiResponse.CommandResponse[0].DomainDNSGetHostsResult[0].host.map(function (h) {
                     return h['$'];
@@ -118,22 +118,22 @@ function setInternal(dnsConfig, zoneName, hosts, callback) {
         });
 
         superagent.post(ENDPOINT).query(query).end(function (error, result) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
             var parser = new xml2js.Parser();
             parser.parseString(result.text, function (error, result) {
-                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
                 var tmp = result.ApiResponse;
                 if (tmp['$'].Status !== 'OK') {
                     var errorMessage = safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response');
-                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new DomainsError(DomainsError.ACCESS_DENIED, errorMessage));
+                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new BoxError(BoxError.ACCESS_DENIED, errorMessage));
 
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, errorMessage));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
                 }
-                if (!tmp.CommandResponse[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSSetHostsResult[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
-                if (tmp.CommandResponse[0].DomainDNSSetHostsResult[0]['$'].IsSuccess !== 'true') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0].DomainDNSSetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (tmp.CommandResponse[0].DomainDNSSetHostsResult[0]['$'].IsSuccess !== 'true') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
 
                 callback(null);
             });
@@ -281,8 +281,8 @@ function verifyDnsConfig(domainObject, callback) {
     const zoneName = domainObject.zoneName;
     const ip = '127.0.0.1';
 
-    if (!dnsConfig.username || typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a non-empty string'));
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.username || typeof dnsConfig.username !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'username must be a non-empty string', { field: 'username' }));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     let credentials = {
         username: dnsConfig.username,
@@ -292,12 +292,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (nameservers.some(function (n) { return n.toLowerCase().indexOf('.registrar-servers.com') === -1; })) {
             debug('verifyDnsConfig: %j does not contains NC NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to NameCheap'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to NameCheap', { field: 'nameservers' }));
         }
 
         const testSubdomain = 'cloudrontestdns';

src/dns/namecom.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/namecom'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     safe = require('safetydance'),
     superagent = require('superagent'),
     util = require('util'),
@@ -63,9 +63,9 @@ function addRecord(dnsConfig, zoneName, name, type, values, callback) {
         .timeout(30 * 1000)
         .send(data)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null, 'unused-id');
         });
@@ -100,9 +100,9 @@ function updateRecord(dnsConfig, zoneName, recordId, name, type, values, callbac
         .timeout(30 * 1000)
         .send(data)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -121,9 +121,9 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {
         .auth(dnsConfig.username, dnsConfig.token)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             // name.com does not return the correct content-type
             result.body = safe.JSON.parse(result.text);
@@ -209,9 +209,9 @@ function del(domainObject, location, type, values, callback) {
             .auth(dnsConfig.username, dnsConfig.token)
             .timeout(30 * 1000)
             .end(function (error, result) {
-                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-                if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 return callback(null);
             });
@@ -238,8 +238,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a string'));
-    if (typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a string'));
+    if (typeof dnsConfig.username !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'username must be a string', { field: 'username' }));
+    if (typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a string', { field: 'token' }));
 
     var credentials = {
         username: dnsConfig.username,
@@ -251,12 +251,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.name.com') !== -1; })) {
             debug('verifyDnsConfig: %j does not contain Name.com NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Name.com'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to name.com', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/noop.js

@@ -18,6 +18,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 }
 

src/dns/route53.js

@@ -12,10 +12,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     AWS = require('aws-sdk'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/route53'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     util = require('util'),
     waitForDns = require('./waitfordns.js'),
     _ = require('underscore');
@@ -59,15 +59,15 @@ function getZoneByName(dnsConfig, zoneName, callback) {
     }
 
     listHostedZones(function (error, result) {
-        if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-        if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-        if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+        if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+        if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         var zone = result.HostedZones.filter(function (zone) {
             return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
         })[0];
 
-        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));
+        if (!zone) return callback(new BoxError(BoxError.NOT_FOUND, 'no such zone'));
 
         callback(null, zone);
     });
@@ -83,9 +83,9 @@ function getHostedZone(dnsConfig, zoneName, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.getHostedZone({ Id: zone.Id }, function (error, result) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
             callback(null, result);
         });
@@ -127,11 +127,11 @@ function upsert(domainObject, location, type, values, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.changeResourceRecordSets(params, function(error) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'PriorRequestNotComplete') return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
-            if (error && error.code === 'InvalidChangeBatch') return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'PriorRequestNotComplete') return callback(new BoxError(BoxError.BUSY, error.message));
+            if (error && error.code === 'InvalidChangeBatch') return callback(new BoxError(BoxError.BAD_FIELD, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
             callback(null);
         });
@@ -160,9 +160,9 @@ function get(domainObject, location, type, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.listResourceRecordSets(params, function (error, result) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             if (result.ResourceRecordSets.length === 0) return callback(null, [ ]);
             if (result.ResourceRecordSets[0].Name !== params.StartRecordName || result.ResourceRecordSets[0].Type !== params.StartRecordType) return callback(null, [ ]);
 
@@ -208,23 +208,23 @@ function del(domainObject, location, type, values, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.changeResourceRecordSets(params, function(error) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
             if (error && error.message && error.message.indexOf('it was not found') !== -1) {
                 debug('del: resource record set not found.', error);
-                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
             } else if (error && error.code === 'NoSuchHostedZone') {
                 debug('del: hosted zone not found.', error);
-                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
             } else if (error && error.code === 'PriorRequestNotComplete') {
                 debug('del: resource is still busy', error);
-                return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+                return callback(new BoxError(BoxError.BUSY, error.message));
             } else if (error && error.code === 'InvalidChangeBatch') {
                 debug('del: invalid change batch. No such record to be deleted.');
-                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
             } else if (error) {
                 debug('del: error', error);
-                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             }
 
             callback(null);
@@ -252,8 +252,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'accessKeyId must be a non-empty string'));
-    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'secretAccessKey must be a non-empty string'));
+    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'accessKeyId must be a non-empty string', { field: 'accessKeyId' }));
+    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'secretAccessKey must be a non-empty string', { field: 'secretAccessKey' }));
 
     var credentials = {
         accessKeyId: dnsConfig.accessKeyId,
@@ -268,15 +268,15 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         getHostedZone(credentials, zoneName, function (error, zone) {
             if (error) return callback(error);
 
             if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {
                 debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);
-                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Route53'));
+                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Route53', { field: 'nameservers' }));
             }
 
             const location = 'cloudrontestdns';

src/dns/waitfordns.js

@@ -4,9 +4,9 @@ exports = module.exports = waitForDns;
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/waitfordns'),
-    dns = require('../native-dns.js'),
-    DomainsError = require('../domains.js').DomainsError;
+    dns = require('../native-dns.js');
 
 function resolveIp(hostname, options, callback) {
     assert.strictEqual(typeof hostname, 'string');
@@ -92,12 +92,12 @@ function waitForDns(hostname, zoneName, type, value, options, callback) {
         debug(`waitForDns (try ${attempt}): ${hostname} to be ${value} in zone ${zoneName}`);
 
         dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-            if (error || !nameservers) return retryCallback(error || new DomainsError(DomainsError.EXTERNAL_ERROR, 'Unable to get nameservers'));
+            if (error || !nameservers) return retryCallback(error || new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to get nameservers'));
 
             async.every(nameservers, isChangeSynced.bind(null, hostname, type, value), function (error, synced) {
                 debug('waitForDns: %s %s ns: %j', hostname, synced ? 'done' : 'not done', nameservers);
 
-                retryCallback(synced ? null : new DomainsError(DomainsError.EXTERNAL_ERROR, 'ETRYAGAIN'));
+                retryCallback(synced ? null : new BoxError(BoxError.EXTERNAL_ERROR, 'ETRYAGAIN'));
             });
         });
     }, function retryDone(error) {

src/dns/wildcard.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/manual'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     sysinfo = require('../sysinfo.js'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
@@ -23,6 +23,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 }
 
@@ -78,20 +79,20 @@ function verifyDnsConfig(domainObject, callback) {
 
     // Very basic check if the nameservers can be fetched
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         const location = 'cloudrontestdns';
         const fqdn = domains.fqdn(location, domainObject);
 
         dns.resolve(fqdn, 'A', { server: '127.0.0.1', timeout: 5000 }, function (error, result) {
-            if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, `Unable to resolve ${fqdn}`));
-            if (error || !result) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : `Unable to resolve ${fqdn}`));
+            if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, `Unable to resolve ${fqdn}`, { field: 'nameservers' }));
+            if (error || !result) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : `Unable to resolve ${fqdn}`, { field: 'nameservers' }));
 
-            sysinfo.getPublicIp(function (error, ip) {
-                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Failed to detect IP of this server: ${error.message}`));
+            sysinfo.getServerIp(function (error, ip) {
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Failed to detect IP of this server: ${error.message}`));
 
-                if (result.length !== 1 || ip !== result[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Domain resolves to ${JSON.stringify(result)} instead of ${ip}`));
+                if (result.length !== 1 || ip !== result[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Domain resolves to ${JSON.stringify(result)} instead of ${ip}`));
 
                 callback(null, {});
             });

src/docker.js

@@ -1,8 +1,12 @@
 'use strict';
 
 exports = module.exports = {
-    connection: connectionInstance(),
+    testRegistryConfig: testRegistryConfig,
     setRegistryConfig: setRegistryConfig,
+    injectPrivateFields: injectPrivateFields,
+    removePrivateFields: removePrivateFields,
+
+    SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8),
 
     ping: ping,
 
@@ -10,6 +14,7 @@ exports = module.exports = {
     downloadImage: downloadImage,
     createContainer: createContainer,
     startContainer: startContainer,
+    restartContainer: restartContainer,
     stopContainer: stopContainer,
     stopContainerByName: stopContainer,
     stopContainers: stopContainers,
@@ -21,46 +26,64 @@ exports = module.exports = {
     getContainerIdByIp: getContainerIdByIp,
     inspect: inspect,
     inspectByName: inspect,
+    execContainer: execContainer,
     getEvents: getEvents,
     memoryUsage: memoryUsage,
-    execContainer: execContainer,
     createVolume: createVolume,
     removeVolume: removeVolume,
     clearVolume: clearVolume
 };
 
-// timeout is optional
-function connectionInstance(timeout) {
-    var Docker = require('dockerode');
-    var docker = new Docker({ socketPath: '/var/run/docker.sock', timeout: timeout });
-    return docker;
-}
-
 var addons = require('./addons.js'),
     async = require('async'),
     assert = require('assert'),
     BoxError = require('./boxerror.js'),
     child_process = require('child_process'),
     constants = require('./constants.js'),
-    debug = require('debug')('box:docker.js'),
-    once = require('once'),
+    debug = require('debug')('box:docker'),
+    Docker = require('dockerode'),
     path = require('path'),
     settings = require('./settings.js'),
     shell = require('./shell.js'),
     safe = require('safetydance'),
-    spawn = child_process.spawn,
     util = require('util'),
     _ = require('underscore');
 
 const CLEARVOLUME_CMD = path.join(__dirname, 'scripts/clearvolume.sh'),
     MKDIRVOLUME_CMD = path.join(__dirname, 'scripts/mkdirvolume.sh');
 
+const DOCKER_SOCKET_PATH = '/var/run/docker.sock';
+const gConnection = new Docker({ socketPath: DOCKER_SOCKET_PATH });
+
 function debugApp(app) {
     assert(typeof app === 'object');
 
     debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }
 
+function testRegistryConfig(auth, callback) {
+    assert.strictEqual(typeof auth, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    gConnection.checkAuth(auth, function (error /*, data */) { // this returns a 500 even for auth errors
+        if (error) return callback(new BoxError(BoxError.BAD_FIELD, error, { field: 'serverAddress' }));
+
+        callback();
+    });
+}
+
+function injectPrivateFields(newConfig, currentConfig) {
+    if (newConfig.password === exports.SECRET_PLACEHOLDER) newConfig.password = currentConfig.password;
+}
+
+function removePrivateFields(registryConfig) {
+    assert.strictEqual(typeof registryConfig, 'object');
+
+    if (registryConfig.password) registryConfig.password = exports.SECRET_PLACEHOLDER;
+
+    return registryConfig;
+}
+
 function setRegistryConfig(auth, callback) {
     assert.strictEqual(typeof auth, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -68,7 +91,7 @@ function setRegistryConfig(auth, callback) {
     const isLogin = !!auth.password;
 
     // currently, auth info is not stashed in the db but maybe it should for restore to work?
-    const cmd = isLogin ? `docker login ${auth.serveraddress} --username ${auth.username} --password ${auth.password}` : `docker logout ${auth.serveraddress}`;
+    const cmd = isLogin ? `docker login ${auth.serverAddress} --username ${auth.username} --password ${auth.password}` : `docker logout ${auth.serverAddress}`;
 
     child_process.exec(cmd, { }, function (error /*, stdout, stderr */) {
         if (error) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
@@ -81,9 +104,9 @@ function ping(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     // do not let the request linger
-    var docker = connectionInstance(1000);
+    const connection = new Docker({ socketPath: DOCKER_SOCKET_PATH, timeout: 1000 });
 
-    docker.ping(function (error, result) {
+    connection.ping(function (error, result) {
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
         if (result !== 'OK') return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to ping the docker daemon'));
 
@@ -91,36 +114,59 @@ function ping(callback) {
     });
 }
 
+function getRegistryConfig(image, callback) {
+    // https://github.com/docker/distribution/blob/release/2.7/reference/normalize.go#L62
+    const parts = image.split('/');
+    if (parts.length === 1 || (parts[0].match(/[.:]/) === null)) return callback(null, null); // public docker registry
+
+    settings.getRegistryConfig(function (error, registryConfig) {
+        if (error) return callback(error);
+
+        // https://github.com/apocas/dockerode#pull-from-private-repos
+        const auth = {
+            username: registryConfig.username,
+            password: registryConfig.password,
+            auth: registryConfig.auth || '', // the auth token at login time
+            email: registryConfig.email || '',
+            serveraddress: registryConfig.serverAddress
+        };
+
+        callback(null, auth);
+    });
+}
+
 function pullImage(manifest, callback) {
-    var docker = exports.connection;
+    getRegistryConfig(manifest.dockerImage, function (error, authConfig) {
+        if (error) return callback(error);
 
-    // Use docker CLI here to support downloading of private repos. for dockerode, we have to use
-    // https://github.com/apocas/dockerode#pull-from-private-repos
-    docker.pull(manifest.dockerImage, function (error, stream) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to pull image. statusCode: ' + error.statusCode));
+        debug(`pullImage: will pull ${manifest.dockerImage}. auth: ${authConfig ? 'yes' : 'no'}`);
 
-        // https://github.com/dotcloud/docker/issues/1074 says each status message
-        // is emitted as a chunk
-        stream.on('data', function (chunk) {
-            var data = safe.JSON.parse(chunk) || { };
-            debug('pullImage %s: %j', manifest.id, data);
+        gConnection.pull(manifest.dockerImage, { authconfig: authConfig }, function (error, stream) {
+            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to pull image. Please check the network or if the image needs authentication. statusCode: ' + error.statusCode));
 
-            // The data.status here is useless because this is per layer as opposed to per image
-            if (!data.status && data.error) {
-                debug('pullImage error %s: %s', manifest.id, data.errorDetail.message);
-            }
-        });
+            // https://github.com/dotcloud/docker/issues/1074 says each status message
+            // is emitted as a chunk
+            stream.on('data', function (chunk) {
+                var data = safe.JSON.parse(chunk) || { };
+                debug('pullImage: %j', data);
 
-        stream.on('end', function () {
-            debug('downloaded image %s of %s successfully', manifest.dockerImage, manifest.id);
+                // The data.status here is useless because this is per layer as opposed to per image
+                if (!data.status && data.error) {
+                    debug('pullImage error %s: %s', manifest.dockerImage, data.errorDetail.message);
+                }
+            });
 
-            callback(null);
-        });
+            stream.on('end', function () {
+                debug('downloaded image %s', manifest.dockerImage);
 
-        stream.on('error', function (error) {
-            debug('error pulling image %s of %s: %j', manifest.dockerImage, manifest.id, error);
+                callback(null);
+            });
 
-            callback(new BoxError(BoxError.DOCKER_ERROR, error.message));
+            stream.on('error', function (error) {
+                debug('error pulling image %s: %j', manifest.dockerImage, error);
+
+                callback(new BoxError(BoxError.DOCKER_ERROR, error.message));
+            });
         });
     });
 }
@@ -129,12 +175,12 @@ function downloadImage(manifest, callback) {
     assert.strictEqual(typeof manifest, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    debug('downloadImage %s %s', manifest.id, manifest.dockerImage);
+    debug('downloadImage %s', manifest.dockerImage);
 
     var attempt = 1;
 
     async.retry({ times: 10, interval: 15000 }, function (retryCallback) {
-        debug('Downloading image %s %s. attempt: %s', manifest.id, manifest.dockerImage, attempt++);
+        debug('Downloading image %s. attempt: %s', manifest.dockerImage, attempt++);
 
         pullImage(manifest, function (error) {
             if (error) console.error(error);
@@ -151,8 +197,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    var docker = exports.connection,
-        isAppContainer = !cmd; // non app-containers are like scheduler and exec (terminal) containers
+    let isAppContainer = !cmd; // non app-containers are like scheduler and exec (terminal) containers
 
     var manifest = app.manifest;
     var exposedPorts = {}, dockerPortBindings = { };
@@ -165,7 +210,6 @@ function createSubcontainer(app, name, cmd, options, callback) {
         'CLOUDRON=1',
         'CLOUDRON_PROXY_IP=172.18.0.1',
         `CLOUDRON_APP_HOSTNAME=${app.id}`,
-        `CLOUDRON_ADMIN_EMAIL=${app.adminEmail}`,
         `${envPrefix}WEBADMIN_ORIGIN=${settings.adminOrigin()}`,
         `${envPrefix}API_ORIGIN=${settings.adminOrigin()}`,
         `${envPrefix}APP_ORIGIN=https://${domain}`,
@@ -180,7 +224,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
     var portEnv = [];
     for (let portName in app.portBindings) {
         const hostPort = app.portBindings[portName];
-        const portType = portName in manifest.tcpPorts ? 'tcp' : 'udp';
+        const portType = (manifest.tcpPorts && portName in manifest.tcpPorts) ? 'tcp' : 'udp';
         const ports = portType == 'tcp' ? manifest.tcpPorts : manifest.udpPorts;
 
         var containerPort = ports[portName].containerPort || hostPort;
@@ -208,7 +252,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
     if (!isAppContainer) memoryLimit *= 2;
 
     addons.getEnvironment(app, function (error, addonEnv) {
-        if (error) return callback(new Error('Error getting addon environment : ' + error));
+        if (error) return callback(error);
 
         // do no set hostname of containers to location as it might conflict with addons names. for example, an app installed in mail
         // location may not reach mail container anymore by DNS. We cannot set hostname to fqdn either as that sets up the dns
@@ -249,7 +293,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
                 PublishAllPorts: false,
                 ReadonlyRootfs: app.debugMode ? !!app.debugMode.readonlyRootfs : true,
                 RestartPolicy: {
-                    'Name': isAppContainer ? 'always' : 'no',
+                    'Name': isAppContainer ? 'unless-stopped' : 'no',
                     'MaximumRetryCount': 0
                 },
                 CpuShares: 512, // relative to 1024 for system processes
@@ -279,7 +323,11 @@ function createSubcontainer(app, name, cmd, options, callback) {
 
         debugApp(app, 'Creating container for %s', app.manifest.dockerImage);
 
-        docker.createContainer(containerOptions, callback);
+        gConnection.createContainer(containerOptions, function (error, container) {
+            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+
+            callback(null, container);
+        });
     });
 }
 
@@ -291,14 +339,29 @@ function startContainer(containerId, callback) {
     assert.strictEqual(typeof containerId, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    var docker = exports.connection;
-
-    var container = docker.getContainer(containerId);
+    var container = gConnection.getContainer(containerId);
     debug('Starting container %s', containerId);
 
     container.start(function (error) {
         if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
-        if (error && error.statusCode !== 304) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        if (error && error.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, error)); // e.g start.sh is not executable
+        if (error && error.statusCode !== 304) return callback(new BoxError(BoxError.DOCKER_ERROR, error)); // 304 means already started
+
+        return callback(null);
+    });
+}
+
+function restartContainer(containerId, callback) {
+    assert.strictEqual(typeof containerId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    var container = gConnection.getContainer(containerId);
+    debug('Restarting container %s', containerId);
+
+    container.restart(function (error) {
+        if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+        if (error && error.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, error)); // e.g start.sh is not executable
+        if (error && error.statusCode !== 204) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         return callback(null);
     });
@@ -313,8 +376,7 @@ function stopContainer(containerId, callback) {
         return callback();
     }
 
-    var docker = exports.connection;
-    var container = docker.getContainer(containerId);
+    var container = gConnection.getContainer(containerId);
     debug('Stopping container %s', containerId);
 
     var options = {
@@ -322,12 +384,12 @@ function stopContainer(containerId, callback) {
     };
 
     container.stop(options, function (error) {
-        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error stopping container:' + error));
+        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error stopping container:' + error.message));
 
         debug('Waiting for container ' + containerId);
 
         container.wait(function (error, data) {
-            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error waiting on container:' + error));
+            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error waiting on container:' + error.message));
 
             debug('Container %s stopped with status code [%s]', containerId, data ? String(data.StatusCode) : '');
 
@@ -344,8 +406,7 @@ function deleteContainer(containerId, callback) {
 
     if (containerId === null) return callback(null);
 
-    var docker = exports.connection;
-    var container = docker.getContainer(containerId);
+    var container = gConnection.getContainer(containerId);
 
     var removeOptions = {
         force: true, // kill container if it's running
@@ -355,9 +416,12 @@ function deleteContainer(containerId, callback) {
     container.remove(removeOptions, function (error) {
         if (error && error.statusCode === 404) return callback(null);
 
-        if (error) debug('Error removing container %s : %j', containerId, error);
+        if (error) {
+            debug('Error removing container %s : %j', containerId, error);
+            return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        }
 
-        callback(error);
+        callback(null);
     });
 }
 
@@ -366,14 +430,12 @@ function deleteContainers(appId, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    var docker = exports.connection;
-
     debug('deleting containers of %s', appId);
 
     let labels = [ 'appId=' + appId ];
     if (options.managedOnly) labels.push('isCloudronManaged=true');
 
-    docker.listContainers({ all: 1, filters: JSON.stringify({ label: labels }) }, function (error, containers) {
+    gConnection.listContainers({ all: 1, filters: JSON.stringify({ label: labels }) }, function (error, containers) {
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         async.eachSeries(containers, function (container, iteratorDone) {
@@ -386,11 +448,9 @@ function stopContainers(appId, callback) {
     assert.strictEqual(typeof appId, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    var docker = exports.connection;
-
     debug('stopping containers of %s', appId);
 
-    docker.listContainers({ all: 1, filters: JSON.stringify({ label: [ 'appId=' + appId ] }) }, function (error, containers) {
+    gConnection.listContainers({ all: 1, filters: JSON.stringify({ label: [ 'appId=' + appId ] }) }, function (error, containers) {
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         async.eachSeries(containers, function (container, iteratorDone) {
@@ -406,8 +466,6 @@ function deleteImage(manifest, callback) {
     var dockerImage = manifest ? manifest.dockerImage : null;
     if (!dockerImage) return callback(null);
 
-    var docker = exports.connection;
-
     var removeOptions = {
         force: false, // might be shared with another instance of this app
         noprune: false // delete untagged parents
@@ -416,14 +474,17 @@ function deleteImage(manifest, callback) {
     // registry v1 used to pull down all *tags*. this meant that deleting image by tag was not enough (since that
     // just removes the tag). we used to remove the image by id. this is not required anymore because aliases are
     // not created anymore after https://github.com/docker/docker/pull/10571
-    docker.getImage(dockerImage).remove(removeOptions, function (error) {
+    gConnection.getImage(dockerImage).remove(removeOptions, function (error) {
         if (error && error.statusCode === 400) return callback(null); // invalid image format. this can happen if user installed with a bad --docker-image
         if (error && error.statusCode === 404) return callback(null); // not found
         if (error && error.statusCode === 409) return callback(null); // another container using the image
 
-        if (error) debug('Error removing image %s : %j', dockerImage, error);
+        if (error) {
+            debug('Error removing image %s : %j', dockerImage, error);
+            return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        }
 
-        callback(error);
+        callback(null);
     });
 }
 
@@ -431,10 +492,8 @@ function getContainerIdByIp(ip, callback) {
     assert.strictEqual(typeof ip, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    var docker = exports.connection;
-
-    docker.getNetwork('cloudron').inspect(function (error, bridge) {
-        if (error && error.statusCode === 404) return callback(new Error('Unable to find the cloudron network'));
+    gConnection.getNetwork('cloudron').inspect(function (error, bridge) {
+        if (error && error.statusCode === 404) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to find the cloudron network'));
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         var containerId;
@@ -444,7 +503,7 @@ function getContainerIdByIp(ip, callback) {
                 break;
             }
         }
-        if (!containerId) return callback(new Error('No container with that ip'));
+        if (!containerId) return callback(new BoxError(BoxError.DOCKER_ERROR, 'No container with that ip'));
 
         callback(null, containerId);
     });
@@ -454,7 +513,7 @@ function inspect(containerId, callback) {
     assert.strictEqual(typeof containerId, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    var container = exports.connection.getContainer(containerId);
+    var container = gConnection.getContainer(containerId);
 
     container.inspect(function (error, result) {
         if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
@@ -464,13 +523,38 @@ function inspect(containerId, callback) {
     });
 }
 
+function execContainer(containerId, options, callback) {
+    assert.strictEqual(typeof containerId, 'string');
+    assert.strictEqual(typeof options, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    var container = gConnection.getContainer(containerId);
+
+    container.exec(options.execOptions, function (error, exec) {
+        if (error && error.statusCode === 409) return callback(new BoxError(BoxError.BAD_STATE, error.message)); // container restarting/not running
+        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+
+        exec.start(options.startOptions, function(error, stream /* in hijacked mode, this is a net.socket */) {
+            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+
+            if (options.rows && options.columns) {
+                // there is a race where resizing too early results in a 404 "no such exec"
+                // https://git.cloudron.io/cloudron/box/issues/549
+                setTimeout(function () {
+                    exec.resize({ h: options.rows, w: options.columns }, function (error) { if (error) debug('Error resizing console', error); });
+                }, 2000);
+            }
+
+            callback(null, stream);
+        });
+    });
+}
+
 function getEvents(options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    let docker = exports.connection;
-
-    docker.getEvents(options, function (error, stream) {
+    gConnection.getEvents(options, function (error, stream) {
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         callback(null, stream);
@@ -481,7 +565,7 @@ function memoryUsage(containerId, callback) {
     assert.strictEqual(typeof containerId, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    var container = exports.connection.getContainer(containerId);
+    var container = gConnection.getContainer(containerId);
 
     container.stats({ stream: false }, function (error, result) {
         if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
@@ -491,45 +575,12 @@ function memoryUsage(containerId, callback) {
     });
 }
 
-function execContainer(containerId, cmd, options, callback) {
-    assert.strictEqual(typeof containerId, 'string');
-    assert(util.isArray(cmd));
-    assert.strictEqual(typeof options, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    callback = once(callback); // ChildProcess exit may or may not be called after error
-
-    var cp = spawn('/usr/bin/docker', [ 'exec', '-i', containerId  ].concat(cmd));
-
-    var chunks = [ ];
-
-    if (options.stdout) {
-        cp.stdout.pipe(options.stdout);
-    } else if (options.bufferStdout) {
-        cp.stdout.on('data', function (chunk) { chunks.push(chunk); });
-    } else {
-        cp.stdout.pipe(process.stdout);
-    }
-
-    cp.on('error', callback);
-    cp.on('exit', function (code, signal) {
-        debug('execContainer code: %s signal: %s', code, signal);
-        if (!callback.called) callback(code ? 'Failed with status ' + code : null, Buffer.concat(chunks));
-    });
-
-    cp.stderr.pipe(options.stderr || process.stderr);
-
-    if (options.stdin) options.stdin.pipe(cp.stdin).on('error', callback);
-}
-
 function createVolume(app, name, volumeDataDir, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof volumeDataDir, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    let docker = exports.connection;
-
     const volumeOptions = {
         Name: name,
         Driver: 'local',
@@ -546,9 +597,9 @@ function createVolume(app, name, volumeDataDir, callback) {
 
     // requires sudo because the path can be outside appsdata
     shell.sudo('createVolume', [ MKDIRVOLUME_CMD, volumeDataDir ], {}, function (error) {
-        if (error) return callback(new Error(`Error creating app data dir: ${error.message}`));
+        if (error) return callback(new BoxError(BoxError.FS_ERROR, `Error creating app data dir: ${error.message}`));
 
-        docker.createVolume(volumeOptions, function (error) {
+        gConnection.createVolume(volumeOptions, function (error) {
             if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
             callback();
@@ -562,14 +613,17 @@ function clearVolume(app, name, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    let docker = exports.connection;
-    let volume = docker.getVolume(name);
+    let volume = gConnection.getVolume(name);
     volume.inspect(function (error, v) {
         if (error && error.statusCode === 404) return callback();
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         const volumeDataDir = v.Options.device;
-        shell.sudo('clearVolume', [ CLEARVOLUME_CMD, options.removeDirectory ? 'rmdir' : 'clear', volumeDataDir ], {}, callback);
+        shell.sudo('clearVolume', [ CLEARVOLUME_CMD, options.removeDirectory ? 'rmdir' : 'clear', volumeDataDir ], {}, function (error) {
+            if (error) return callback(new BoxError(BoxError.FS_ERROR, error));
+
+            callback();
+        });
     });
 }
 
@@ -579,11 +633,9 @@ function removeVolume(app, name, callback) {
     assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    let docker = exports.connection;
-
-    let volume = docker.getVolume(name);
+    let volume = gConnection.getVolume(name);
     volume.remove(function (error) {
-        if (error && error.statusCode !== 404) return callback(new Error(`removeVolume: Error removing volume of ${app.id} ${error.message}`));
+        if (error && error.statusCode !== 404) return callback(new BoxError(BoxError.DOCKER_ERROR, `removeVolume: Error removing volume of ${app.id} ${error.message}`));
 
         callback();
     });
@@ -592,9 +644,7 @@ function removeVolume(app, name, callback) {
 function info(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    let docker = exports.connection;
-
-    docker.info(function (error, result) {
+    gConnection.info(function (error, result) {
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error connecting to docker'));
 
         callback(null, result);

src/dockerproxy.js

@@ -6,8 +6,8 @@ exports = module.exports = {
 };
 
 var apps = require('./apps.js'),
-    AppsError = apps.AppsError,
     assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     express = require('express'),
     debug = require('debug')('box:dockerproxy'),
@@ -35,7 +35,7 @@ function authorizeApp(req, res, next) {
     }
 
     apps.getByIpAddress(req.connection.remoteAddress, function (error, app) {
-        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
         if (error) return next(new HttpError(500, error));
 
         if (!('docker' in app.manifest.addons)) return next(new HttpError(401, 'Unauthorized'));
@@ -67,6 +67,7 @@ function attachDockerRequest(req, res, next) {
     next();
 }
 
+// eslint-disable-next-line no-unused-vars
 function containersCreate(req, res, next) {
     safe.set(req.body, 'HostConfig.NetworkMode', 'cloudron'); // overwrite the network the container lives in
     safe.set(req.body, 'NetworkingConfig', {}); // drop any custom network configs
@@ -97,6 +98,7 @@ function containersCreate(req, res, next) {
     req.dockerRequest.end(plainBody);
 }
 
+// eslint-disable-next-line no-unused-vars
 function process(req, res, next) {
     // we have to rebuild the body since we consumed in in the parser
     if (Object.keys(req.body).length !== 0) {
@@ -137,8 +139,12 @@ function start(callback) {
     gHttpServer = http.createServer(proxyServer);
     gHttpServer.listen(constants.DOCKER_PROXY_PORT, '0.0.0.0', callback);
 
+    // Overwrite the default 2min request timeout. This is required for large builds for example
+    gHttpServer.setTimeout(60 * 60 * 1000);
+
     debug(`startDockerProxy: started proxy on port ${constants.DOCKER_PROXY_PORT}`);
 
+    // eslint-disable-next-line no-unused-vars
     gHttpServer.on('upgrade', function (req, client, head) {
         // Create a new tcp connection to the TCP server
         var remote = net.connect('/var/run/docker.sock', function () {

src/domaindb.js

@@ -12,8 +12,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     safe = require('safetydance');
 
 var DOMAINS_FIELDS = [ 'domain', 'zoneName', 'provider', 'configJson', 'tlsConfigJson', 'locked' ].join(',');
@@ -34,8 +34,8 @@ function get(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query(`SELECT ${DOMAINS_FIELDS} FROM domains WHERE domain=?`, [ domain ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
 
         postProcess(result[0]);
 
@@ -45,7 +45,7 @@ function get(domain, callback) {
 
 function getAll(callback) {
     database.query(`SELECT ${DOMAINS_FIELDS} FROM domains ORDER BY domain`, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -63,8 +63,8 @@ function add(name, domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO domains (domain, zoneName, provider, configJson, tlsConfigJson) VALUES (?, ?, ?, ?, ?)', [ name, domain.zoneName, domain.provider, JSON.stringify(domain.config), JSON.stringify(domain.tlsConfig) ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -91,8 +91,8 @@ function update(name, domain, callback) {
     args.push(name);
 
     database.query('UPDATE domains SET ' + fields.join(', ') + ' WHERE domain=?', args, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -103,9 +103,9 @@ function del(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM domains WHERE domain=?', [ domain ], function (error, result) {
-        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new DatabaseError(DatabaseError.IN_USE));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new BoxError(BoxError.CONFLICT));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
 
         callback(null);
     });
@@ -113,7 +113,7 @@ function del(domain, callback) {
 
 function clear(callback) {
     database.query('DELETE FROM domains', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(error);
     });

src/domains.js

@@ -30,20 +30,17 @@ module.exports = exports = {
 
     prepareDashboardDomain: prepareDashboardDomain,
 
-    DomainsError: DomainsError,
-
     SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8)
 };
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:domains'),
     domaindb = require('./domaindb.js'),
     eventlog = require('./eventlog.js'),
     reverseProxy = require('./reverseproxy.js'),
-    ReverseProxyError = reverseProxy.ReverseProxyError,
     safe = require('safetydance'),
     settings = require('./settings.js'),
     sysinfo = require('./sysinfo.js'),
@@ -51,36 +48,6 @@ var assert = require('assert'),
     util = require('util'),
     _ = require('underscore');
 
-function DomainsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(DomainsError, Error);
-
-DomainsError.NOT_FOUND = 'No such domain';
-DomainsError.ALREADY_EXISTS = 'Domain already exists';
-DomainsError.EXTERNAL_ERROR = 'External error';
-DomainsError.BAD_FIELD = 'Bad Field';
-DomainsError.STILL_BUSY = 'Still busy';
-DomainsError.IN_USE = 'In Use';
-DomainsError.INTERNAL_ERROR = 'Internal error';
-DomainsError.ACCESS_DENIED = 'Access Denied';
-DomainsError.INVALID_PROVIDER = 'provider must be route53, gcdns, digitalocean, gandi, cloudflare, namecom, noop, wildcard, manual or caas';
-
 // choose which subdomain backend we use for test purpose we use route53
 function api(provider) {
     assert.strictEqual(typeof provider, 'string');
@@ -115,16 +82,14 @@ function verifyDnsConfig(dnsConfig, domain, zoneName, provider, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var backend = api(provider);
-    if (!backend) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid provider'));
+    if (!backend) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid provider', { field: 'provider' }));
 
     const domainObject = { config: dnsConfig, domain: domain, zoneName: zoneName };
     api(provider).verifyDnsConfig(domainObject, function (error, result) {
-        if (error && error.reason === DomainsError.ACCESS_DENIED) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Incorrect configuration. Access denied'));
-        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Zone not found'));
-        if (error && error.reason === DomainsError.EXTERNAL_ERROR) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Configuration error: ' + error.message));
-        if (error && error.reason === DomainsError.BAD_FIELD) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
-        if (error && error.reason === DomainsError.INVALID_PROVIDER) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.ACCESS_DENIED) return callback(new BoxError(BoxError.BAD_FIELD, `Access denied: ${error.message}`));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.BAD_FIELD, `Zone not found: ${error.message}`));
+        if (error && error.reason === BoxError.EXTERNAL_ERROR) return callback(new BoxError(BoxError.BAD_FIELD, `Configuration error: ${error.message}`));
+        if (error) return callback(error);
 
         result.hyphenatedSubdomains = !!dnsConfig.hyphenatedSubdomains;
 
@@ -150,25 +115,25 @@ function validateHostname(location, domainObject) {
         constants.SMTP_LOCATION,
         constants.IMAP_LOCATION
     ];
-    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');
+    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new BoxError(BoxError.BAD_FIELD, location + ' is reserved', { field: 'location' });
 
-    if (hostname === settings.adminFqdn()) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');
+    if (hostname === settings.adminFqdn()) return new BoxError(BoxError.BAD_FIELD, location + ' is reserved', { field: 'location' });
 
     // workaround https://github.com/oncletom/tld.js/issues/73
     var tmp = hostname.replace('_', '-');
-    if (!tld.isValid(tmp)) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname is not a valid domain name');
+    if (!tld.isValid(tmp)) return new BoxError(BoxError.BAD_FIELD, 'Hostname is not a valid domain name', { field: 'location' });
 
-    if (hostname.length > 253) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname length exceeds 253 characters');
+    if (hostname.length > 253) return new BoxError(BoxError.BAD_FIELD, 'Hostname length exceeds 253 characters', { field: 'location' });
 
     if (location) {
         // label validation
-        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new DomainsError(DomainsError.BAD_FIELD, 'Invalid subdomain length');
-        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot');
-        if (/^[-.]/.test(location)) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot');
+        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new BoxError(BoxError.BAD_FIELD, 'Invalid subdomain length', { field: 'location' });
+        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new BoxError(BoxError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot', { field: 'location' });
+        if (/^[-.]/.test(location)) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot', { field: 'location' });
     }
 
     if (domainObject.config.hyphenatedSubdomains) {
-        if (location.indexOf('.') !== -1) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot contain a dot');
+        if (location.indexOf('.') !== -1) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot contain a dot', { field: 'location' });
     }
 
     return null;
@@ -185,12 +150,12 @@ function validateTlsConfig(tlsConfig, dnsProvider) {
     case 'caas':
         break;
     default:
-        return new DomainsError(DomainsError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback, letsencrypt-prod/staging');
+        return new BoxError(BoxError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback, letsencrypt-prod/staging', { field: 'tlsProvider' });
     }
 
     if (tlsConfig.wildcard) {
-        if (!tlsConfig.provider.startsWith('letsencrypt')) return new DomainsError(DomainsError.BAD_FIELD, 'wildcard can only be set with letsencrypt');
-        if (dnsProvider === 'manual' || dnsProvider === 'noop' || dnsProvider === 'wildcard') return new DomainsError(DomainsError.BAD_FIELD, 'wildcard cert requires a programmable DNS backend');
+        if (!tlsConfig.provider.startsWith('letsencrypt')) return new BoxError(BoxError.BAD_FIELD, 'wildcard can only be set with letsencrypt', { field: 'wildcard' });
+        if (dnsProvider === 'manual' || dnsProvider === 'noop' || dnsProvider === 'wildcard') return new BoxError(BoxError.BAD_FIELD, 'wildcard cert requires a programmable DNS backend', { field: 'tlsProvider' });
     }
 
     return null;
@@ -207,22 +172,22 @@ function add(domain, data, auditSource, callback) {
 
     let { zoneName, provider, config, fallbackCertificate, tlsConfig } = data;
 
-    if (!tld.isValid(domain)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid domain'));
-    if (domain.endsWith('.')) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid domain'));
+    if (!tld.isValid(domain)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid domain', { field: 'domain' }));
+    if (domain.endsWith('.')) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid domain', { field: 'domain' }));
 
     if (zoneName) {
-        if (!tld.isValid(zoneName)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
-        if (zoneName.endsWith('.')) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
+        if (!tld.isValid(zoneName)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
+        if (zoneName.endsWith('.')) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
     } else {
         zoneName = tld.getDomain(domain) || domain;
     }
 
     if (fallbackCertificate) {
         let error = reverseProxy.validateCertificate('test', { domain, config }, fallbackCertificate);
-        if (error) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+        if (error) return callback(error);
     } else {
         fallbackCertificate = reverseProxy.generateFallbackCertificateSync({ domain, config });
-        if (fallbackCertificate.error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, fallbackCertificate.error));
+        if (fallbackCertificate.error) return callback(error);
     }
 
     let error = validateTlsConfig(tlsConfig, provider);
@@ -232,11 +197,10 @@ function add(domain, data, auditSource, callback) {
         if (error) return callback(error);
 
         domaindb.add(domain, { zoneName: zoneName, provider: provider, config: sanitizedConfig, tlsConfig: tlsConfig }, function (error) {
-            if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new DomainsError(DomainsError.ALREADY_EXISTS));
-            if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             reverseProxy.setFallbackCertificate(domain, fallbackCertificate, function (error) {
-                if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 eventlog.add(eventlog.ACTION_DOMAIN_ADD, auditSource, { domain, zoneName, provider });
 
@@ -251,17 +215,14 @@ function get(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domaindb.get(domain, function (error, result) {
-        // TODO try to find subdomain entries maybe based on zoneNames or so
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
-
-        reverseProxy.getFallbackCertificate(domain, function (error, bundle) {
-            if (error && error.reason !== ReverseProxyError.NOT_FOUND) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
+        reverseProxy.getFallbackCertificate(domain, function (_, bundle) { // never returns an error
             var cert = safe.fs.readFileSync(bundle.certFilePath, 'utf-8');
             var key = safe.fs.readFileSync(bundle.keyFilePath, 'utf-8');
 
-            if (!cert || !key) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, 'unable to read certificates from disk'));
+            // do not error here. otherwise, there is no way to fix things up from the UI
+            if (!cert || !key) debug(`Unable to read fallback certificates of ${domain} from disk`);
 
             result.fallbackCertificate = { cert: cert, key: key };
 
@@ -274,7 +235,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domaindb.getAll(function (error, result) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -293,18 +254,17 @@ function update(domain, data, auditSource, callback) {
     let { zoneName, provider, config, fallbackCertificate, tlsConfig } = data;
 
     domaindb.get(domain, function (error, domainObject) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (zoneName) {
-            if (!tld.isValid(zoneName)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
+            if (!tld.isValid(zoneName)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
         } else {
             zoneName = domainObject.zoneName;
         }
 
         if (fallbackCertificate) {
             let error = reverseProxy.validateCertificate('test', domainObject, fallbackCertificate);
-            if (error) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+            if (error) return callback(error);
         }
 
         error = validateTlsConfig(tlsConfig, provider);
@@ -323,13 +283,12 @@ function update(domain, data, auditSource, callback) {
             };
 
             domaindb.update(domain, newData, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-                if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 if (!fallbackCertificate) return callback();
 
                 reverseProxy.setFallbackCertificate(domain, fallbackCertificate, function (error) {
-                    if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+                    if (error) return callback(error);
 
                     eventlog.add(eventlog.ACTION_DOMAIN_UPDATE, auditSource, { domain, zoneName, provider });
 
@@ -345,12 +304,10 @@ function del(domain, auditSource, callback) {
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (domain === settings.adminDomain()) return callback(new DomainsError(DomainsError.IN_USE));
+    if (domain === settings.adminDomain()) return callback(new BoxError(BoxError.CONFLICT, 'Cannot remove admin domain'));
 
     domaindb.del(domain, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-        if (error && error.reason === DatabaseError.IN_USE) return callback(new DomainsError(DomainsError.IN_USE));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_DOMAIN_REMOVE, auditSource, { domain });
 
@@ -362,7 +319,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domaindb.clear(function (error) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -414,8 +371,8 @@ function checkDnsRecords(location, domain, callback) {
     getDnsRecords(location, domain, 'A', function (error, values) {
         if (error) return callback(error);
 
-        sysinfo.getPublicIp(function (error, ip) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+        sysinfo.getServerIp(function (error, ip) {
+            if (error) return callback(error);
 
             if (values.length === 0) return callback(null, { needsOverwrite: false }); // does not exist
             if (values[0] === ip) return callback(null, { needsOverwrite: false }); // exists but in sync
@@ -436,7 +393,7 @@ function upsertDnsRecords(location, domain, type, values, callback) {
     debug('upsertDNSRecord: %s on %s type %s values', location, domain, type, values);
 
     get(domain, function (error, domainObject) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         api(domainObject.provider).upsert(domainObject, location, type, values, function (error) {
             if (error) return callback(error);
@@ -459,7 +416,7 @@ function removeDnsRecords(location, domain, type, values, callback) {
         if (error) return callback(error);
 
         api(domainObject.provider).del(domainObject, location, type, values, function (error) {
-            if (error && error.reason !== DomainsError.NOT_FOUND) return callback(error);
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
             callback(null);
         });
@@ -516,8 +473,8 @@ function prepareDashboardDomain(domain, auditSource, progressCallback, callback)
 
         const adminFqdn = fqdn(constants.ADMIN_LOCATION, domainObject);
 
-        sysinfo.getPublicIp(function (error, ip) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+        sysinfo.getServerIp(function (error, ip) {
+            if (error) return callback(error);
 
             async.series([
                 (done) => { progressCallback({ percent: 10, message: `Updating DNS of ${adminFqdn}` }); done(); },

src/dyndns.js

@@ -21,7 +21,7 @@ function sync(auditSource, callback) {
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error);
 
         let info = safe.JSON.parse(safe.fs.readFileSync(paths.DYNDNS_INFO_FILE, 'utf8')) || { ip: null };

src/eventlog.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    EventLogError: EventLogError,
-
     add: add,
     get: get,
     getAllPaged: getAllPaged,
@@ -59,11 +57,13 @@ exports = module.exports = {
 
     ACTION_DYNDNS_UPDATE: 'dyndns.update',
 
+    ACTION_SUPPORT_TICKET: 'support.ticket',
+    ACTION_SUPPORT_SSH: 'support.ssh',
+
     ACTION_PROCESS_CRASH: 'system.crash'
 };
 
 var assert = require('assert'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:eventlog'),
     eventlogdb = require('./eventlogdb.js'),
     notifications = require('./notifications.js'),
@@ -72,28 +72,6 @@ var assert = require('assert'),
 
 var NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
-function EventLogError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(EventLogError, Error);
-EventLogError.INTERNAL_ERROR = 'Internal error';
-EventLogError.NOT_FOUND = 'Not Found';
-
 function add(action, source, data, callback) {
     assert.strictEqual(typeof action, 'string');
     assert.strictEqual(typeof source, 'object');
@@ -105,10 +83,10 @@ function add(action, source, data, callback) {
     // we do only daily upserts for login actions, so they don't spam the db
     var api = action === exports.ACTION_USER_LOGIN ? eventlogdb.upsert : eventlogdb.add;
     api(uuid.v4(), action, source, data, function (error, id) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifications.onEvent(id, action, source, data, function (error) {
-            if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, { id: id });
         });
@@ -120,8 +98,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     eventlogdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new EventLogError(EventLogError.NOT_FOUND, 'No such event'));
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -135,7 +112,7 @@ function getAllPaged(actions, search, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     eventlogdb.getAllPaged(actions, search, page, perPage, function (error, events) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, events);
     });
@@ -146,7 +123,7 @@ function getByCreationTime(creationTime, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     eventlogdb.getByCreationTime(creationTime, function (error, events) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, events);
     });
@@ -159,7 +136,7 @@ function cleanup(callback) {
     d.setDate(d.getDate() - 10); // 10 days ago
 
     eventlogdb.delByCreationTime(d, function (error) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });

src/eventlogdb.js

@@ -14,8 +14,8 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     mysql = require('mysql'),
     safe = require('safetydance'),
     util = require('util');
@@ -35,8 +35,8 @@ function get(eventId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + EVENTLOG_FIELDS + ' FROM eventlog WHERE id = ?', [ eventId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Eventlog not found'));
 
         callback(null, postProcess(result[0]));
     });
@@ -68,7 +68,7 @@ function getAllPaged(actions, search, page, perPage, callback) {
     data.push(perPage);
 
     database.query(query, data, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -82,7 +82,7 @@ function getByCreationTime(creationTime, callback) {
 
     var query = 'SELECT ' + EVENTLOG_FIELDS + ' FROM eventlog WHERE creationTime >= ? ORDER BY creationTime DESC';
     database.query(query, [ creationTime ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -98,8 +98,8 @@ function add(id, action, source, data, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO eventlog (id, action, source, data) VALUES (?, ?, ?, ?)', [ id, action, JSON.stringify(source), JSON.stringify(data) ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, id);
     });
@@ -123,7 +123,7 @@ function upsert(id, action, source, data, callback) {
     }];
 
     database.transaction(queries, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         if (result[0].affectedRows >= 1) return callback(null, result[1][0].id);
 
         // no existing eventlog found, create one
@@ -135,7 +135,7 @@ function count(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT COUNT(*) AS total FROM eventlog', function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback(null, result[0].total);
     });
@@ -143,7 +143,7 @@ function count(callback) {
 
 function clear(callback) {
     database.query('DELETE FROM eventlog', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -155,7 +155,7 @@ function delByCreationTime(creationTime, callback) {
 
     // remove notifications that reference the events as well
     database.query('SELECT * FROM eventlog WHERE creationTime <= ?', [ creationTime ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         async.eachSeries(result, function (item, iteratorCallback) {
             async.series([
@@ -163,7 +163,7 @@ function delByCreationTime(creationTime, callback) {
                 database.query.bind(null, 'DELETE FROM eventlog WHERE id=?', [ item.id ])
             ], iteratorCallback);
         }, function (error) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });

src/externalldap.js

@@ -1,89 +1,145 @@
 'use strict';
 
 exports = module.exports = {
-    ExternalLdapError: ExternalLdapError,
-
+    search: search,
     verifyPassword: verifyPassword,
+    createAndVerifyUserIfNotExist: createAndVerifyUserIfNotExist,
 
     testConfig: testConfig,
     startSyncer: startSyncer,
 
+    injectPrivateFields: injectPrivateFields,
+    removePrivateFields: removePrivateFields,
+
     sync: sync
 };
 
 var assert = require('assert'),
     async = require('async'),
-    auditsource = require('./auditsource.js'),
+    auditSource = require('./auditsource.js'),
+    BoxError = require('./boxerror.js'),
+    constants = require('./constants.js'),
     debug = require('debug')('box:externalldap'),
     ldap = require('ldapjs'),
     settings = require('./settings.js'),
     tasks = require('./tasks.js'),
-    users = require('./users.js'),
-    UserError = users.UsersError,
-    util = require('util');
+    users = require('./users.js');
 
-function ExternalLdapError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+function injectPrivateFields(newConfig, currentConfig) {
+    if (newConfig.bindPassword === constants.SECRET_PLACEHOLDER) newConfig.bindPassword = currentConfig.bindPassword;
+}
 
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
+function removePrivateFields(ldapConfig) {
+    assert.strictEqual(typeof ldapConfig, 'object');
+    if (ldapConfig.bindPassword) ldapConfig.bindPassword = constants.SECRET_PLACEHOLDER;
+    return ldapConfig;
+}
 
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
+function translateUser(ldapConfig, ldapUser) {
+    assert.strictEqual(typeof ldapConfig, 'object');
+
+    return {
+        username: ldapUser[ldapConfig.usernameField],
+        email: ldapUser.mail,
+        displayName: ldapUser.cn // user.giveName + ' ' + user.sn
+    };
+}
+
+function validUserRequirements(user) {
+    if (!user.username || !user.email || !user.displayName) {
+        debug(`[LDAP user empty username/email/displayName] username=${user.username} email=${user.email} displayName=${user.displayName}`);
+        return false;
     } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
+        return true;
     }
 }
-util.inherits(ExternalLdapError, Error);
-ExternalLdapError.EXTERNAL_ERROR = 'external error';
-ExternalLdapError.INTERNAL_ERROR = 'internal error';
-ExternalLdapError.INVALID_CREDENTIALS = 'invalid credentials';
-ExternalLdapError.BAD_STATE = 'bad state';
-ExternalLdapError.BAD_FIELD = 'bad field';
-ExternalLdapError.NOT_FOUND = 'not found';
 
 // performs service bind if required
 function getClient(externalLdapConfig, callback) {
+    assert.strictEqual(typeof externalLdapConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     // basic validation to not crash
-    try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); }
-    try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); }
-    if (externalLdapConfig.bindDn) try { ldap.parseFilter(externalLdapConfig.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); }
+    try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid baseDn')); }
+    try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
 
     var client;
     try {
         client = ldap.createClient({ url: externalLdapConfig.url });
     } catch (e) {
-        if (e instanceof ldap.ProtocolError) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'url protocol is invalid'));
-        return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, e));
+        if (e instanceof ldap.ProtocolError) return callback(new BoxError(BoxError.BAD_FIELD, 'url protocol is invalid'));
+        return callback(new BoxError(BoxError.INTERNAL_ERROR, e));
     }
 
     if (!externalLdapConfig.bindDn) return callback(null, client);
 
     client.bind(externalLdapConfig.bindDn, externalLdapConfig.bindPassword, function (error) {
-        if (error instanceof ldap.InvalidCredentialsError) return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS));
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+        if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
         callback(null, client, externalLdapConfig);
     });
 }
 
+
+// TODO support search by email
+function ldapSearch(externalLdapConfig, options, callback) {
+    assert.strictEqual(typeof externalLdapConfig, 'object');
+    assert.strictEqual(typeof options, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    getClient(externalLdapConfig, function (error, client) {
+        if (error) return callback(error);
+
+        let searchOptions = {
+            paged: true,
+            filter: ldap.parseFilter(externalLdapConfig.filter),
+            scope: 'sub'    // We may have to make this configurable
+        };
+
+        if (options.filter) { // https://github.com/ldapjs/node-ldapjs/blob/master/docs/filters.md
+            let extraFilter = ldap.parseFilter(options.filter);
+            searchOptions.filter = new ldap.AndFilter({ filters: [ extraFilter, searchOptions.filter ] });
+        }
+
+        debug(`Listing users at ${externalLdapConfig.baseDn} with filter ${searchOptions.filter.toString()}`);
+
+        client.search(externalLdapConfig.baseDn, searchOptions, function (error, result) {
+            if (error instanceof ldap.NoSuchObjectError) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+
+            let ldapUsers = [];
+
+            result.on('searchEntry', entry => ldapUsers.push(entry.object));
+            result.on('error', error => callback(new BoxError(BoxError.EXTERNAL_ERROR, error)));
+
+            result.on('end', function (result) {
+                client.unbind();
+
+                if (result.status !== 0) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Server returned status ' + result.status));
+
+                callback(null, ldapUsers);
+            });
+        });
+    });
+}
+
 function testConfig(config, callback) {
     assert.strictEqual(typeof config, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!config.enabled) return callback();
+    if (config.provider === 'noop') return callback();
 
-    if (!config.url) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'url must not be empty'));
-    if (!config.baseDn) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'basedn must not be empty'));
-    if (!config.filter) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'filter must not be empty'));
+    if (!config.url) return callback(new BoxError(BoxError.BAD_FIELD, 'url must not be empty'));
+    if (!config.url.startsWith('ldap://') && !config.url.startsWith('ldaps://')) return callback(new BoxError(BoxError.BAD_FIELD, 'url is missing ldap:// or ldaps:// prefix'));
+    if (!config.usernameField) config.usernameField = 'uid';
+
+    // bindDn may not be a dn!
+    if (!config.baseDn) return callback(new BoxError(BoxError.BAD_FIELD, 'basedn must not be empty'));
+    try { ldap.parseDN(config.baseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid baseDn')); }
+
+    if (!config.filter) return callback(new BoxError(BoxError.BAD_FIELD, 'filter must not be empty'));
+    try { ldap.parseFilter(config.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
 
     getClient(config, function (error, client) {
         if (error) return callback(error);
@@ -94,11 +150,63 @@ function testConfig(config, callback) {
         };
 
         client.search(config.baseDn, opts, function (error, result) {
-            if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
-            result.on('searchEntry', function (entry) {});
-            result.on('error', function (error) { callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'Unable to search directory')); });
-            result.on('end', function (result) { callback(); });
+            result.on('searchEntry', function (/* entry */) {});
+            result.on('error', function (error) { client.unbind(); callback(new BoxError(BoxError.BAD_FIELD, `Unable to search directory: ${error.message}`)); });
+            result.on('end', function (/* result */) { client.unbind(); callback(); });
+        });
+    });
+}
+
+function search(identifier, callback) {
+    assert.strictEqual(typeof identifier, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
+
+        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${identifier}` }, function (error, ldapUsers) {
+            if (error) return callback(error);
+
+            // translate ldap properties to ours
+            let users = ldapUsers.map(function (u) { return translateUser(externalLdapConfig, u); });
+
+            callback(null, users);
+        });
+    });
+}
+
+function createAndVerifyUserIfNotExist(identifier, password, callback) {
+    assert.strictEqual(typeof identifier, 'string');
+    assert.strictEqual(typeof password, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    settings.getExternalLdapConfig(function (error, externalLdapConfig) {
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
+        if (!externalLdapConfig.autoCreate) return callback(new BoxError(BoxError.BAD_STATE, 'auto create not enabled'));
+
+        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${identifier}` }, function (error, ldapUsers) {
+            if (error) return callback(error);
+            if (ldapUsers.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (ldapUsers.length > 1) return callback(new BoxError(BoxError.CONFLICT));
+
+            let user = translateUser(externalLdapConfig, ldapUsers[0]);
+            if (!validUserRequirements(user)) return callback(new BoxError(BoxError.BAD_FIELD));
+
+            users.create(user.username, null /* password */, user.email, user.displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_AUTO_CREATE, function (error, user) {
+                if (error) {
+                    console.error('Failed to auto create user', user.username, error);
+                    return callback(new BoxError(BoxError.INTERNAL_ERROR));
+                }
+
+                verifyPassword(user, password, function (error) {
+                    if (error) return callback(error);
+                    callback(null, user);
+                });
+            });
         });
     });
 }
@@ -109,19 +217,20 @@ function verifyPassword(user, password, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
-        if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled'));
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
 
-        getClient(externalLdapConfig, function (error, client) {
+        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${user.username}` }, function (error, ldapUsers) {
             if (error) return callback(error);
+            if (ldapUsers.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (ldapUsers.length > 1) return callback(new BoxError(BoxError.CONFLICT));
 
-            const dn = `uid=${user.username},${externalLdapConfig.baseDn}`;
+            let client = ldap.createClient({ url: externalLdapConfig.url });
+            client.bind(ldapUsers[0].dn, password, function (error) {
+                if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
-            client.bind(dn, password, function (error) {
-                if (error instanceof ldap.InvalidCredentialsError) return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS));
-                if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
-
-                callback();
+                callback(null, translateUser(externalLdapConfig, ldapUsers[0]));
             });
         });
     });
@@ -131,11 +240,11 @@ function startSyncer(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
-        if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled'));
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
 
         tasks.add(tasks.TASK_SYNC_EXTERNAL_LDAP, [], function (error, taskId) {
-            if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             tasks.startTask(taskId, {}, function (error, result) {
                 debug('sync: done', error, result);
@@ -150,81 +259,63 @@ function sync(progressCallback, callback) {
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
 
-    debug('Start user syncing ...');
+    progressCallback({ percent: 10, message: 'Starting ldap user sync' });
 
     settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
-        if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled'));
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
 
-        getClient(externalLdapConfig, function (error, client) {
+        ldapSearch(externalLdapConfig, {}, function (error, ldapUsers) {
             if (error) return callback(error);
 
-            var opts = {
-                paged: true,
-                filter: externalLdapConfig.filter,
-                scope: 'sub'    // We may have to make this configurable
-            };
+            debug(`Found ${ldapUsers.length} users`);
+            let percent = 10;
+            let step = 90/(ldapUsers.length+1); // ensure no divide by 0
 
-            debug(`Listing users at ${externalLdapConfig.baseDn} with filter ${externalLdapConfig.filter}`);
+            // we ignore all errors here and just log them for now
+            async.eachSeries(ldapUsers, function (user, iteratorCallback) {
+                user = translateUser(externalLdapConfig, user);
 
-            client.search(externalLdapConfig.baseDn, opts, function (error, result) {
-                if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+                if (!validUserRequirements(user)) return iteratorCallback();
 
-                var ldapUsers = [];
+                percent += step;
+                progressCallback({ percent, message: `Syncing... ${user.username}` });
 
-                result.on('searchEntry', function (entry) {
-                    ldapUsers.push(entry.object);
-                });
+                users.getByUsername(user.username, function (error, result) {
+                    if (error && error.reason !== BoxError.NOT_FOUND) {
+                        debug(`Could not find user with username ${user.username}: ${error.message}`);
+                        return iteratorCallback();
+                    }
 
-                result.on('error', function (error) {
-                    callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
-                });
+                    if (error) {
+                        debug(`[adding user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
 
-                result.on('end', function (result) {
-                    if (result.status !== 0) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, 'Server returned status ' + result.status));
-
-                    debug(`Found ${ldapUsers.length} users`);
-
-                    // we ignore all errors here and just log them for now
-                    async.eachSeries(ldapUsers, function (user, callback) {
-
-                        // ignore the bindDn user if any
-                        if (user.dn === externalLdapConfig.bindDn) return callback();
-
-                        users.getByUsername(user.uid, function (error, result) {
-                            if (error && error.reason !== UserError.NOT_FOUND) {
-                                console.error(error);
-                                return callback();
-                            }
-
-                            if (error) {
-                                debug('[adding user]     ', user.uid, user.mail, user.cn);
-
-                                users.create(user.uid, null, user.mail, user.cn, { source: 'ldap' }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
-                                    if (error) console.error('Failed to create user', user, error);
-                                    callback();
-                                });
-                            } else if (result.source !== 'ldap') {
-                                debug('[conflicting user]', user.uid, user.mail, user.cn);
-
-                                callback();
-                            } else if (result.email !== user.mail || result.displayName !== user.cn) {
-                                debug('[updating user]   ', user.uid, user.mail, user.cn);
-
-                                users.update(result.id, { email: user.mail, fallbackEmail: user.mail, displayName: user.cn }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
-                                    if (error) console.error('Failed to update user', user, error);
-                                    callback();
-                                });
-                            } else {
-                                // user known and up-to-date
-                                callback();
-                            }
+                        users.create(user.username, null /* password */, user.email, user.displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_TASK, function (error) {
+                            if (error) console.error('Failed to create user', user, error);
+                            iteratorCallback();
                         });
-                    }, function () {
-                        debug('User sync done.');
-                        callback();
-                    });
+                    } else if (result.source !== 'ldap') {
+                        debug(`[conflicting user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
+
+                        iteratorCallback();
+                    } else if (result.email !== user.email || result.displayName !== user.displayName) {
+                        debug(`[updating user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
+
+                        users.update(result.id, { email: user.email, fallbackEmail: user.email, displayName: user.displayName }, auditSource.EXTERNAL_LDAP_TASK, function (error) {
+                            if (error) debug('Failed to update user', user, error);
+
+                            iteratorCallback();
+                        });
+                    } else {
+                        // user known and up-to-date
+                        debug(`[up-to-date user] username=${user.username} email=${user.email} displayName=${user.displayName}`);
+
+                        iteratorCallback();
+                    }
                 });
+            }, function (error) {
+                debug('sync: ldap sync is done', error);
+                callback(error);
             });
         });
     });

src/groupdb.js

@@ -25,8 +25,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 var GROUPS_FIELDS = [ 'id', 'name' ].join(',');
 
@@ -35,8 +35,8 @@ function get(groupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + GROUPS_FIELDS + ' FROM userGroups WHERE id = ? ORDER BY name', [ groupId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         callback(null, result[0]);
     });
@@ -50,8 +50,8 @@ function getWithMembers(groupId, callback) {
                     ' FROM userGroups LEFT OUTER JOIN groupMembers ON userGroups.id = groupMembers.groupId ' +
                     ' WHERE userGroups.id = ? ' +
                     ' GROUP BY userGroups.id', [ groupId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         var result = results[0];
         result.userIds = result.userIds ? result.userIds.split(',') : [ ];
@@ -64,7 +64,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + GROUPS_FIELDS + ' FROM userGroups', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -74,8 +74,8 @@ function getAllWithMembers(callback) {
     database.query('SELECT ' + GROUPS_FIELDS + ',GROUP_CONCAT(groupMembers.userId) AS userIds ' +
                     ' FROM userGroups LEFT OUTER JOIN groupMembers ON userGroups.id = groupMembers.groupId ' +
                     ' GROUP BY userGroups.id', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         results.forEach(function (result) { result.userIds = result.userIds ? result.userIds.split(',') : [ ]; });
 
@@ -89,8 +89,8 @@ function add(id, name, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO userGroups (id, name) VALUES (?, ?)', [ id, name ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -113,9 +113,9 @@ function update(id, data, callback) {
     args.push(id);
 
     database.query('UPDATE userGroups SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('userGroups_name') !== -1) return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'name already exists'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('userGroups_name') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'name already exists'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         return callback(null);
     });
@@ -131,8 +131,8 @@ function del(id, callback) {
     queries.push({ query: 'DELETE FROM userGroups WHERE id = ?', args: [ id ] });
 
     database.transaction(queries, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result[1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result[1].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         callback(error);
     });
@@ -142,7 +142,7 @@ function count(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT COUNT(*) AS total FROM userGroups', function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback(null, result[0].total);
     });
@@ -150,10 +150,10 @@ function count(callback) {
 
 function clear(callback) {
     database.query('DELETE FROM groupMembers', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         database.query('DELETE FROM userGroups', function (error) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(error);
         });
@@ -165,8 +165,8 @@ function getMembers(groupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT userId FROM groupMembers WHERE groupId=?', [ groupId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        // if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); // need to differentiate group with no members and invalid groupId
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        // if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found')); // need to differentiate group with no members and invalid groupId
 
         callback(error, result.map(function (r) { return r.userId; }));
     });
@@ -184,8 +184,8 @@ function setMembers(groupId, userIds, callback) {
     }
 
     database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(error);
     });
@@ -196,8 +196,8 @@ function getMembership(userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT groupId FROM groupMembers WHERE userId=? ORDER BY groupId', [ userId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        // if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); // need to differentiate group with no members and invalid groupId
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        // if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found')); // need to differentiate group with no members and invalid groupId
 
         callback(error, result.map(function (r) { return r.groupId; }));
     });
@@ -215,8 +215,8 @@ function setMembership(userId, groupIds, callback) {
     });
 
     database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, error.message));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -228,9 +228,9 @@ function addMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO groupMembers (groupId, userId) VALUES (?, ?)', [ groupId, userId ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -242,8 +242,8 @@ function removeMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM groupMembers WHERE groupId = ? AND userId = ?', [ groupId, userId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         callback(null);
     });
@@ -255,7 +255,7 @@ function isMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT 1 FROM groupMembers WHERE groupId=? AND userId=?', [ groupId, userId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, result.length !== 0);
     });
@@ -267,7 +267,7 @@ function getGroups(userId, callback) {
 
     database.query('SELECT ' + GROUPS_FIELDS + ' ' +
         ' FROM userGroups INNER JOIN groupMembers ON userGroups.id = groupMembers.groupId AND groupMembers.userId = ?', [ userId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });

src/groups.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    GroupsError: GroupsError,
-
     create: create,
     remove: remove,
     get: get,
@@ -26,52 +24,23 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     groupdb = require('./groupdb.js'),
-    util = require('util'),
     uuid = require('uuid'),
     _ = require('underscore');
 
-// http://dustinsenos.com/articles/customErrorsInNode
-// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
-function GroupsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(GroupsError, Error);
-GroupsError.INTERNAL_ERROR = 'Internal Error';
-GroupsError.ALREADY_EXISTS = 'Already Exists';
-GroupsError.NOT_FOUND = 'Not Found';
-GroupsError.BAD_FIELD = 'Field error';
-GroupsError.NOT_EMPTY = 'Not Empty';
-GroupsError.NOT_ALLOWED = 'Not Allowed';
-
 // keep this in sync with validateUsername
 function validateGroupname(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 1) return new GroupsError(GroupsError.BAD_FIELD, 'name must be atleast 1 char');
-    if (name.length >= 200) return new GroupsError(GroupsError.BAD_FIELD, 'name too long');
+    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'name must be atleast 1 char', { field: 'name' });
+    if (name.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
 
-    if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupsError(GroupsError.BAD_FIELD, 'name is reserved');
+    if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new BoxError(BoxError.BAD_FIELD, 'name is reserved', { field: name });
 
     // need to consider valid LDAP characters here (e.g '+' is reserved)
-    if (/[^a-zA-Z0-9.-]/.test(name)) return new GroupsError(GroupsError.BAD_FIELD, 'name can only contain alphanumerals, hyphen and dot');
+    if (/[^a-zA-Z0-9.-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'name can only contain alphanumerals, hyphen and dot', { field: 'name' });
 
     return null;
 }
@@ -88,8 +57,7 @@ function create(name, callback) {
 
     var id = 'gid-' + uuid.v4();
     groupdb.add(id, name, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new GroupsError(GroupsError.ALREADY_EXISTS));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, { id: id, name: name });
     });
@@ -100,8 +68,7 @@ function remove(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.del(id, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -112,8 +79,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -124,8 +90,7 @@ function getWithMembers(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getWithMembers(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -135,7 +100,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getAll(function (error, result) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -145,7 +110,7 @@ function getAllWithMembers(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getAllWithMembers(function (error, result) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -156,8 +121,7 @@ function getMembers(groupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getMembers(groupId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -168,8 +132,7 @@ function getMembership(userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getMembership(userId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -181,8 +144,7 @@ function setMembership(userId, groupIds, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.setMembership(userId, groupIds, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -194,8 +156,7 @@ function addMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.addMember(groupId, userId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -207,8 +168,7 @@ function setMembers(groupId, userIds, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.setMembers(groupId, userIds, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND, 'Invalid group or user id'));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -220,8 +180,7 @@ function removeMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.removeMember(groupId, userId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -233,8 +192,7 @@ function isMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.isMember(groupId, userId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -253,8 +211,7 @@ function update(groupId, data, callback) {
     }
 
     groupdb.update(groupId, _.pick(data, 'name'), function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -265,7 +222,7 @@ function getGroups(userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getGroups(userId, function (error, results) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, results);
     });
@@ -275,7 +232,7 @@ function count(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.count(function (error, count) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, count);
     });

src/infra_version.js

@@ -6,7 +6,7 @@
 
 exports = module.exports = {
     // a version change recreates all containers with latest docker config
-    'version': '48.16.0',
+    'version': '48.17.0',
 
     'baseImages': [
         { repo: 'cloudron/base', tag: 'cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617' }
@@ -18,8 +18,8 @@ exports = module.exports = {
         'mysql': { repo: 'cloudron/mysql', tag: 'cloudron/mysql:2.0.2@sha256:a28320f313785816be60e3f865e09065504170a3d20ed37de675c719b32b01eb' },
         'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:2.0.2@sha256:6dcee0731dfb9b013ed94d56205eee219040ee806c7e251db3b3886eaa4947ff' },
         'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:2.1.0@sha256:6d1bf221cfe6124957e2c58b57c0a47214353496009296acb16adf56df1da9d5' },
-        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.0.0@sha256:8a88dd334b62b578530a014ca1a2425a54cb9df1e475f5d3a36806e5cfa22121' },
-        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.4.0@sha256:209f76833ff8cce58be8a09897c378e3b706e1e318249870afb7294a4ee83cad' },
+        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.1.0@sha256:f2cda21bd15c21bbf44432df412525369ef831a2d53860b5c5b1675e6f384de2' },
+        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.5.0@sha256:086ae1c9433d90a820326aa43914a2afe94ad707074ef2bc05a7ef4798e83655' },
         'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:2.2.0@sha256:fc9ca69d16e6ebdbd98ed53143d4a0d2212eef60cb638dc71219234e6f427a2c' },
         'sftp': { repo: 'cloudron/sftp', tag: 'cloudron/sftp:0.1.0@sha256:e177c5bf5f38c84ce1dea35649c22a1b05f96eec67a54a812c5a35e585670f0f' }
     }

src/janitor.js

@@ -3,8 +3,9 @@
 var assert = require('assert'),
     async = require('async'),
     authcodedb = require('./authcodedb.js'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:janitor'),
-    docker = require('./docker.js').connection,
+    Docker = require('dockerode'),
     tokendb = require('./tokendb.js');
 
 exports = module.exports = {
@@ -12,7 +13,9 @@ exports = module.exports = {
     cleanupDockerVolumes: cleanupDockerVolumes
 };
 
-var NOOP_CALLBACK = function () { };
+const NOOP_CALLBACK = function () { };
+
+const gConnection = new Docker({ socketPath: '/var/run/docker.sock' });
 
 function ignoreError(func) {
     return function (callback) {
@@ -67,16 +70,16 @@ function cleanupTmpVolume(containerInfo, callback) {
 
     debug('cleanupTmpVolume %j', containerInfo.Names);
 
-    docker.getContainer(containerInfo.Id).exec({ Cmd: cmd, AttachStdout: true, AttachStderr: true, Tty: false }, function (error, execContainer) {
-        if (error) return callback(new Error('Failed to exec container : ' + error.message));
+    gConnection.getContainer(containerInfo.Id).exec({ Cmd: cmd, AttachStdout: true, AttachStderr: true, Tty: false }, function (error, execContainer) {
+        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Failed to exec container: ${error.message}`));
 
         execContainer.start({ hijack: true }, function (error, stream) {
-            if (error) return callback(new Error('Failed to start exec container : ' + error.message));
+            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Failed to start exec container: ${error.message}`));
 
             stream.on('error', callback);
             stream.on('end', callback);
 
-            docker.modem.demuxStream(stream, process.stdout, process.stderr);
+            gConnection.modem.demuxStream(stream, process.stdout, process.stderr);
         });
     });
 }
@@ -88,7 +91,7 @@ function cleanupDockerVolumes(callback) {
 
     debug('Cleaning up docker volumes');
 
-    docker.listContainers({ all: 0 }, function (error, containers) {
+    gConnection.listContainers({ all: 0 }, function (error, containers) {
         if (error) return callback(error);
 
         async.eachSeries(containers, function (container, iteratorDone) {

src/ldap.js

@@ -9,18 +9,16 @@ var assert = require('assert'),
     appdb = require('./appdb.js'),
     apps = require('./apps.js'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:ldap'),
     eventlog = require('./eventlog.js'),
     ldap = require('ldapjs'),
     mail = require('./mail.js'),
-    MailError = mail.MailError,
     mailboxdb = require('./mailboxdb.js'),
     path = require('path'),
     safe = require('safetydance'),
-    users = require('./users.js'),
-    UsersError = users.UsersError;
+    users = require('./users.js');
 
 var gServer = null;
 
@@ -145,10 +143,11 @@ function userSearch(req, res, next) {
             var obj = {
                 dn: dn.toString(),
                 attributes: {
-                    objectclass: ['user'],
+                    objectclass: ['user', 'inetorgperson', 'person' ],
                     objectcategory: 'person',
                     cn: entry.id,
                     uid: entry.id,
+                    entryuuid: entry.id, // to support OpenLDAP clients
                     mail: entry.email,
                     mailAlternateAddress: entry.fallbackEmail,
                     displayname: displayName,
@@ -261,7 +260,7 @@ function mailboxSearch(req, res, next) {
         if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
         mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+            if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
             if (error) return next(new ldap.OperationsError(error.toString()));
 
             var obj = {
@@ -288,7 +287,7 @@ function mailboxSearch(req, res, next) {
     } else if (req.dn.rdns[0].attrs.domain) {
         var domain = req.dn.rdns[0].attrs.domain.value.toLowerCase();
 
-        mailboxdb.listMailboxes(domain, function (error, result) {
+        mailboxdb.listMailboxes(domain, 1, 1000, function (error, result) {
             if (error) return next(new ldap.OperationsError(error.toString()));
 
             var results = [];
@@ -334,7 +333,7 @@ function mailAliasSearch(req, res, next) {
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
     mailboxdb.getAlias(parts[0], parts[1], function (error, alias) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.toString()));
 
         // https://wiki.debian.org/LDAP/MigrationTools/Examples
@@ -367,12 +366,13 @@ function mailingListSearch(req, res, next) {
 
     if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
-    var email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
-    var parts = email.split('@');
+    let email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
+    let parts = email.split('@');
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+    const name = parts[0], domain = parts[1];
 
-    mailboxdb.getList(parts[0], parts[1], function (error, list) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+    mail.resolveList(parts[0], parts[1], function (error, resolvedMembers) {
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.toString()));
 
         // http://ldapwiki.willeke.com/wiki/Original%20Mailgroup%20Schema%20From%20Netscape
@@ -382,9 +382,9 @@ function mailingListSearch(req, res, next) {
             attributes: {
                 objectclass: ['mailGroup'],
                 objectcategory: 'mailGroup',
-                cn: `${list.name}@${list.domain}`, // fully qualified
-                mail: `${list.name}@${list.domain}`,
-                mgrpRFC822MailMember: list.members // fully qualified
+                cn: `${name}@${domain}`, // fully qualified
+                mail: `${name}@${domain}`,
+                mgrpRFC822MailMember: resolvedMembers // fully qualified
             }
         };
 
@@ -421,8 +421,8 @@ function authenticateUser(req, res, next) {
     }
 
     api(commonName, req.credentials || '', function (error, user) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-        if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.message));
 
         req.user = user;
@@ -457,18 +457,18 @@ function authenticateUserMailbox(req, res, next) {
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
     mail.getDomain(parts[1], function (error, domain) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.message));
 
         if (!domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
         mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+            if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
             if (error) return next(new ldap.OperationsError(error.message));
 
             users.verify(mailbox.ownerId, req.credentials || '', function (error, result) {
-                if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-                if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+                if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
                 if (error) return next(new ldap.OperationsError(error.message));
 
                 eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', mailboxId: email }, { userId: result.id, user: users.removePrivateFields(result) });
@@ -555,7 +555,7 @@ function authenticateMailAddon(req, res, next) {
     const addonId = req.dn.rdns[1].attrs.ou.value.toLowerCase(); // 'sendmail' or 'recvmail'
 
     mail.getDomain(parts[1], function (error, domain) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.message));
 
         if (addonId === 'recvmail' && !domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));
@@ -567,19 +567,19 @@ function authenticateMailAddon(req, res, next) {
 
         // note: with sendmail addon, apps can send mail without a mailbox (unlike users)
         appdb.getAppIdByAddonConfigValue(addonId, namePattern, req.credentials || '', function (error, appId) {
-            if (error && error.reason !== DatabaseError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
+            if (error && error.reason !== BoxError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
             if (appId) { // matched app password
                 eventlog.add(eventlog.ACTION_APP_LOGIN, { authType: 'ldap', mailboxId: email }, { appId: appId, addonId: addonId });
                 return res.end();
             }
 
             mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
                 if (error) return next(new ldap.OperationsError(error.message));
 
                 users.verify(mailbox.ownerId, req.credentials || '', function (error, result) {
-                    if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-                    if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+                    if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
                     if (error) return next(new ldap.OperationsError(error.message));
 
                     eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', mailboxId: email }, { userId: result.id, user: users.removePrivateFields(result) });

src/locker.js

@@ -1,6 +1,7 @@
 'use strict';
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:locker'),
     EventEmitter = require('events').EventEmitter,
     util = require('util');
@@ -23,7 +24,7 @@ Locker.prototype.lock = function (operation) {
     assert.strictEqual(typeof operation, 'string');
 
     if (this._operation !== null) {
-        let error = new Error(`Locked for ${this._operation}`);
+        let error = new BoxError(BoxError.CONFLICT, `Locked for ${this._operation}`);
         error.operation = this._operation;
         return error;
     }
@@ -54,7 +55,7 @@ Locker.prototype.recursiveLock = function (operation) {
 Locker.prototype.unlock = function (operation) {
     assert.strictEqual(typeof operation, 'string');
 
-    if (this._operation !== operation) throw new Error('Mismatched unlock. Current lock is for ' + this._operation); // throw because this is a programming error
+    if (this._operation !== operation) throw BoxError(BoxError.BAD_STATE, 'Mismatched unlock. Current lock is for ' + this._operation); // throw because this is a programming error
 
     if (--this._lockDepth === 0) {
         debug('Released : %s', this._operation);

src/mail.js

@@ -26,6 +26,7 @@ exports = module.exports = {
     startMail: restartMail,
     restartMail: restartMail,
     handleCertChanged: handleCertChanged,
+    getMailAuth: getMailAuth,
 
     sendTestMail: sendTestMail,
 
@@ -45,18 +46,18 @@ exports = module.exports = {
     addList: addList,
     updateList: updateList,
     removeList: removeList,
+    resolveList: resolveList,
 
-    _readDkimPublicKeySync: readDkimPublicKeySync,
-
-    MailError: MailError
+    _readDkimPublicKeySync: readDkimPublicKeySync
 };
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:mail'),
     dns = require('./native-dns.js'),
+    docker = require('./docker.js'),
     domains = require('./domains.js'),
     eventlog = require('./eventlog.js'),
     hat = require('./hat.js'),
@@ -75,47 +76,20 @@ var assert = require('assert'),
     smtpTransport = require('nodemailer-smtp-transport'),
     sysinfo = require('./sysinfo.js'),
     users = require('./users.js'),
-    util = require('util'),
     validator = require('validator'),
     _ = require('underscore');
 
 const DNS_OPTIONS = { timeout: 5000 };
 var NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
-function MailError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(MailError, Error);
-MailError.INTERNAL_ERROR = 'Internal Error';
-MailError.EXTERNAL_ERROR = 'External Error';
-MailError.BAD_FIELD = 'Bad Field';
-MailError.ALREADY_EXISTS = 'Already Exists';
-MailError.NOT_FOUND = 'Not Found';
-MailError.IN_USE = 'In Use';
-
 function validateName(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 1) return new MailError(MailError.BAD_FIELD, 'mailbox name must be atleast 1 char');
-    if (name.length >= 200) return new MailError(MailError.BAD_FIELD, 'mailbox name too long');
+    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'mailbox name must be atleast 1 char');
+    if (name.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'mailbox name too long');
 
     // also need to consider valid LDAP characters here (e.g '+' is reserved)
-    if (/[^a-zA-Z0-9.-]/.test(name)) return new MailError(MailError.BAD_FIELD, 'mailbox name can only contain alphanumerals and dot');
+    if (/[^a-zA-Z0-9.-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'mailbox name can only contain alphanumerals and dot');
 
     return null;
 }
@@ -149,13 +123,13 @@ function checkOutboundPort25(callback) {
         relay.status = false;
         relay.value = `Connect to ${smtpServer} timed out. Check if port 25 (outbound) is blocked`;
         client.destroy();
-        callback(new Error('Timeout'), relay);
+        callback(new BoxError(BoxError.TIMEOUT, `Connect to ${smtpServer} timed out.`), relay);
     });
     client.on('error', function (error) {
         relay.status = false;
         relay.value = `Connect to ${smtpServer} failed: ${error.message}. Check if port 25 (outbound) is blocked`;
         client.destroy();
-        callback(error, relay);
+        callback(new BoxError(BoxError.NETWORK_ERROR, `Connect to ${smtpServer} failed.`), relay);
     });
 }
 
@@ -204,7 +178,7 @@ function verifyRelay(relay, callback) {
     if (relay.provider === 'cloudron-smtp' || relay.provider === 'noop') return callback();
 
     checkSmtpRelay(relay, function (error) {
-        if (error) return callback(new MailError(MailError.BAD_FIELD, error.message));
+        if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message));
 
         callback();
     });
@@ -225,7 +199,7 @@ function checkDkim(mailDomain, callback) {
     };
 
     var dkimKey = readDkimPublicKeySync(domain);
-    if (!dkimKey) return callback(new Error('Failed to read dkim public key'), dkim);
+    if (!dkimKey) return callback(new BoxError(BoxError.FS_ERROR, `Failed to read dkim public key of ${domain}`), dkim);
 
     dkim.expected = 'v=DKIM1; t=s; p=' + dkimKey;
 
@@ -304,7 +278,7 @@ function checkMx(domain, mailFqdn, callback) {
         dns.resolve(mxRecords[0].exchange, 'A', DNS_OPTIONS, function (error, mxIps) {
             if (error || mxIps.length !== 1) return callback(null, mx);
 
-            sysinfo.getPublicIp(function (error, ip) {
+            sysinfo.getServerIp(function (error, ip) {
                 if (error) return callback(null, mx);
 
                 mx.status = mxIps[0] === ip;
@@ -354,16 +328,18 @@ function checkPtr(mailFqdn, callback) {
 
     var ptr = {
         domain: null,
+        name: null,
         type: 'PTR',
         value: null,
         expected: mailFqdn, // any trailing '.' is added by client software (https://lists.gt.net/spf/devel/7918)
         status: false
     };
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error, ptr);
 
         ptr.domain = ip.split('.').reverse().join('.') + '.in-addr.arpa';
+        ptr.name = ip;
 
         dns.resolve(ptr.domain, 'PTR', DNS_OPTIONS, function (error, ptrRecords) {
             if (error) return callback(error, ptr);
@@ -442,7 +418,7 @@ const RBL_LIST = [
 function checkRblStatus(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error, ip);
 
         var flippedIp = ip.split('.').reverse().join('.');
@@ -480,7 +456,7 @@ function getStatus(domain, callback) {
 
     // ensure we always have a valid toplevel properties for the api
     var results = {
-        dns: {}, // { mx: { expected, value }, dmarc: { expected, value }, dkim: { expected, value }, spf: { expected, value }, ptr: { expected, value } }
+        dns: {}, // { mx/dmarc/dkim/spf/ptr: { expected, value, name, domain, type } }
         rbl: {}, // { status, ip, servers: [{name,site,dns}]} optional. only for cloudron-smtp
         relay: {} // { status, value } always checked
     };
@@ -490,7 +466,7 @@ function getStatus(domain, callback) {
             func(function (error, result) {
                 if (error) debug('Ignored error - ' + what + ':', error);
 
-                safe.set(results, what, result);
+                safe.set(results, what, result || {});
 
                 callback();
             });
@@ -545,7 +521,7 @@ function checkConfiguration(callback) {
 
                 Object.keys(result.dns).forEach((type) => {
                     const record = result.dns[type];
-                    if (!record.status) message.push(`${type.toUpperCase()} DNS record did not match. Expected: \`${record.expected}\`. Actual: \`${record.value}\``);
+                    if (!record.status) message.push(`${type.toUpperCase()} DNS record (${record.type}) did not match.\n    * Hostname: \`${record.name}\`\n    * Expected: \`${record.expected}\`\n    * Actual: \`${record.value}\``);
                 });
                 if (result.relay && result.relay.status === false) message.push(`Relay error: ${result.relay.value}`);
                 if (result.rbl && result.rbl.status === false) { // rbl field contents is optional
@@ -591,12 +567,12 @@ function createMailConfig(mailFqdn, mailDomain, callback) {
         // mail_domain is used for SRS
         if (!safe.fs.writeFileSync(path.join(paths.ADDON_CONFIG_DIR, 'mail/mail.ini'),
             `mail_in_domains=${mailInDomains}\nmail_out_domains=${mailOutDomains}\nmail_server_name=${mailFqdn}\nmail_domain=${mailDomain}\n\n`, 'utf8')) {
-            return callback(new Error('Could not create mail var file:' + safe.error.message));
+            return callback(new BoxError(BoxError.FS_ERROR, 'Could not create mail var file:' + safe.error.message));
         }
 
         // enable_outbound makes plugin forward email for relayed mail. non-relayed mail always hits LMTP plugin first
         if (!safe.fs.writeFileSync(path.join(paths.ADDON_CONFIG_DIR, 'mail/smtp_forward.ini'), 'enable_outbound=false\ndomain_selector=mail_from\n', 'utf8')) {
-            return callback(new Error('Could not create smtp forward file:' + safe.error.message));
+            return callback(new BoxError(BoxError.FS_ERROR, 'Could not create smtp forward file:' + safe.error.message));
         }
 
         // create sections for per-domain configuration
@@ -606,7 +582,7 @@ function createMailConfig(mailFqdn, mailDomain, callback) {
 
             if (!safe.fs.appendFileSync(path.join(paths.ADDON_CONFIG_DIR, 'mail/mail.ini'),
                 `[${domain.domain}]\ncatch_all=${catchAll}\nmail_from_validation=${mailFromValidation}\n\n`, 'utf8')) {
-                return callback(new Error('Could not create mail var file:' + safe.error.message));
+                return callback(new BoxError(BoxError.FS_ERROR, 'Could not create mail var file:' + safe.error.message));
             }
 
             const relay = domain.relay;
@@ -622,7 +598,7 @@ function createMailConfig(mailFqdn, mailDomain, callback) {
 
             if (!safe.fs.appendFileSync(paths.ADDON_CONFIG_DIR + '/mail/smtp_forward.ini',
                 `[${domain.domain}]\nenable_outbound=true\nhost=${host}\nport=${port}\nenable_tls=true\nauth_type=${authType}\nauth_user=${username}\nauth_pass=${password}\n\n`, 'utf8')) {
-                return callback(new Error('Could not create mail var file:' + safe.error.message));
+                return callback(new BoxError(BoxError.FS_ERROR, 'Could not create mail var file:' + safe.error.message));
             }
         });
 
@@ -651,8 +627,8 @@ function configureMail(mailFqdn, mailDomain, callback) {
         const mailCertFilePath = path.join(paths.ADDON_CONFIG_DIR, 'mail/tls_cert.pem');
         const mailKeyFilePath = path.join(paths.ADDON_CONFIG_DIR, 'mail/tls_key.pem');
 
-        if (!safe.child_process.execSync(`cp ${bundle.certFilePath} ${mailCertFilePath}`)) return callback(new Error('Could not create cert file:' + safe.error.message));
-        if (!safe.child_process.execSync(`cp ${bundle.keyFilePath} ${mailKeyFilePath}`)) return callback(new Error('Could not create key file:' + safe.error.message));
+        if (!safe.child_process.execSync(`cp ${bundle.certFilePath} ${mailCertFilePath}`)) return callback(new BoxError(BoxError.FS_ERROR, 'Could not create cert file:' + safe.error.message));
+        if (!safe.child_process.execSync(`cp ${bundle.keyFilePath} ${mailKeyFilePath}`)) return callback(new BoxError(BoxError.FS_ERROR, 'Could not create key file:' + safe.error.message));
 
         shell.exec('startMail', 'docker rm -f mail || true', function (error) {
             if (error) return callback(error);
@@ -688,6 +664,31 @@ function configureMail(mailFqdn, mailDomain, callback) {
     });
 }
 
+function getMailAuth(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    docker.inspect('mail', function (error, data) {
+        if (error) return callback(error);
+
+        const ip = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
+        if (!ip) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error querying mail server IP'));
+
+        // extract the relay token for auth
+        const env = safe.query(data, 'Config.Env', null);
+        if (!env) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error getting mail env'));
+        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
+        if (!tmp) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error getting CLOUDRON_RELAY_TOKEN env var'));
+        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
+        if (!relayToken)  return callback(new BoxError(BoxError.MAIL_ERROR, 'Error parsing CLOUDRON_RELAY_TOKEN'));
+
+        callback(null, {
+            ip,
+            port: constants.INTERNAL_SMTP_PORT,
+            relayToken
+        });
+    });
+}
+
 function restartMail(callback) {
     assert.strictEqual(typeof callback, 'function');
 
@@ -701,7 +702,8 @@ function restartMailIfActivated(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     users.isActivated(function (error, activated) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
+
         if (!activated) {
             debug('restartMailIfActivated: skipping restart of mail container since Cloudron is not activated yet');
             return callback(); // not provisioned yet, do not restart container after dns setup
@@ -723,8 +725,7 @@ function getDomain(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.get(domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -734,7 +735,7 @@ function getDomains(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.list(function (error, results) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, results);
     });
@@ -747,7 +748,7 @@ function txtRecordsWithSpf(domain, mailFqdn, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domains.getDnsRecords('', domain, 'TXT', function (error, txtRecords) {
-        if (error) return new MailError(MailError.EXTERNAL_ERROR, error.message);
+        if (error) return error;
 
         debug('txtRecordsWithSpf: current txt records - %j', txtRecords);
 
@@ -796,16 +797,16 @@ function ensureDkimKeySync(mailDomain) {
 
     if (!safe.fs.mkdirSync(dkimPath) && safe.error.code !== 'EEXIST') {
         debug('Error creating dkim.', safe.error);
-        return new MailError(MailError.INTERNAL_ERROR, safe.error);
+        return new BoxError(BoxError.FS_ERROR, safe.error);
     }
 
-    if (!safe.child_process.execSync('openssl genrsa -out ' + dkimPrivateKeyFile + ' 1024')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
-    if (!safe.child_process.execSync('openssl rsa -in ' + dkimPrivateKeyFile + ' -out ' + dkimPublicKeyFile + ' -pubout -outform PEM')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.child_process.execSync('openssl genrsa -out ' + dkimPrivateKeyFile + ' 1024')) return new BoxError(BoxError.OPENSSL_ERROR, safe.error);
+    if (!safe.child_process.execSync('openssl rsa -in ' + dkimPrivateKeyFile + ' -out ' + dkimPublicKeyFile + ' -pubout -outform PEM')) return new BoxError(BoxError.OPENSSL_ERROR, safe.error);
 
-    if (!safe.fs.writeFileSync(dkimSelectorFile, mailDomain.dkimSelector, 'utf8')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.fs.writeFileSync(dkimSelectorFile, mailDomain.dkimSelector, 'utf8')) return new BoxError(BoxError.FS_ERROR, safe.error);
 
     // if the 'yellowtent' user of OS and the 'cloudron' user of mail container don't match, the keys become inaccessible by mail code
-    if (!safe.fs.chmodSync(dkimPrivateKeyFile, 0o644)) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.fs.chmodSync(dkimPrivateKeyFile, 0o644)) return new BoxError(BoxError.FS_ERROR, safe.error);
 
     return null;
 }
@@ -837,8 +838,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
     debug(`upsertDnsRecords: updating mail dns records of domain ${domain} and mail fqdn ${mailFqdn}`);
 
     maildb.get(domain, function (error, mailDomain) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         error = ensureDkimKeySync(mailDomain);
         if (error) return callback(error);
@@ -846,7 +846,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
         if (process.env.BOX_ENV === 'test') return callback();
 
         var dkimKey = readDkimPublicKeySync(domain);
-        if (!dkimKey) return callback(new MailError(MailError.INTERNAL_ERROR, new Error('Failed to read dkim public key')));
+        if (!dkimKey) return callback(new BoxError(BoxError.FS_ERROR, 'Failed to read dkim public key'));
 
         // t=s limits the domainkey to this domain and not it's subdomains
         var dkimRecord = { subdomain: `${mailDomain.dkimSelector}._domainkey`, domain: domain, type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
@@ -870,7 +870,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
             }, function (error, changeIds) {
                 if (error) {
                     debug(`upsertDnsRecords: failed to update: ${error}`);
-                    return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+                    return callback(error);
                 }
 
                 debug('upsertDnsRecords: records %j added with changeIds %j', records, changeIds);
@@ -895,12 +895,12 @@ function onMailFqdnChanged(callback) {
         mailDomain = settings.adminDomain();
 
     domains.getAll(function (error, allDomains) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.eachOfSeries(allDomains, function (domainObject, idx, iteratorDone) {
             upsertDnsRecords(domainObject.domain, mailFqdn, iteratorDone);
         }, function (error) {
-            if (error) return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+            if (error) return callback(error);
 
             configureMail(mailFqdn, mailDomain, callback);
         });
@@ -914,9 +914,7 @@ function addDomain(domain, callback) {
     const dkimSelector = domain === settings.adminDomain() ? 'cloudron' : ('cloudron-' + settings.adminDomain().replace(/\./g, ''));
 
     maildb.add(domain, { dkimSelector }, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, 'Domain already exists'));
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'No such domain'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.series([
             upsertDnsRecords.bind(null, domain, settings.mailFqdn()), // do this first to ensure DKIM keys
@@ -931,12 +929,10 @@ function removeDomain(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (domain === settings.adminDomain()) return callback(new MailError(MailError.IN_USE));
+    if (domain === settings.adminDomain()) return callback(new BoxError(BoxError.CONFLICT));
 
     maildb.del(domain, function (error) {
-        if (error && error.reason === DatabaseError.IN_USE) return callback(new MailError(MailError.IN_USE));
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK);
 
@@ -948,7 +944,7 @@ function clearDomains(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.clear(function (error) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback();
     });
@@ -970,8 +966,7 @@ function setMailFromValidation(domain, enabled, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.update(domain, { mailFromValidation: enabled }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK); // have to restart mail container since haraka cannot watch symlinked config files (mail.ini)
 
@@ -985,8 +980,7 @@ function setCatchAllAddress(domain, addresses, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.update(domain, { catchAll: addresses }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK); // have to restart mail container since haraka cannot watch symlinked config files (mail.ini)
 
@@ -1012,8 +1006,7 @@ function setMailRelay(domain, relay, callback) {
             if (error) return callback(error);
 
             maildb.update(domain, { relay: relay }, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-                if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 restartMail(NOOP_CALLBACK);
 
@@ -1030,8 +1023,7 @@ function setMailEnabled(domain, enabled, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.update(domain, { enabled: enabled }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK);
 
@@ -1050,19 +1042,21 @@ function sendTestMail(domain, to, callback) {
         if (error) return callback(error);
 
         mailer.sendTestMail(result.domain, to, function (error) {
-            if (error) return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+            if (error) return callback(error);
 
             callback();
         });
     });
 }
 
-function listMailboxes(domain, callback) {
+function listMailboxes(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    mailboxdb.listMailboxes(domain, function (error, result) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+    mailboxdb.listMailboxes(domain, page, perPage, function (error, result) {
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1073,7 +1067,7 @@ function removeMailboxes(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.delByDomain(domain, function (error) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback();
     });
@@ -1085,8 +1079,7 @@ function getMailbox(name, domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.getMailbox(name, domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1105,8 +1098,7 @@ function addMailbox(name, domain, userId, auditSource, callback) {
     if (error) return callback(error);
 
     mailboxdb.addMailbox(name, domain, userId, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, `mailbox ${name} already exists`));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_MAILBOX_ADD, auditSource, { name, domain, userId });
 
@@ -1123,8 +1115,7 @@ function updateMailboxOwner(name, domain, userId, callback) {
     name = name.toLowerCase();
 
     mailboxdb.updateMailboxOwner(name, domain, userId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -1137,8 +1128,7 @@ function removeMailbox(name, domain, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.del(name, domain, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_MAILBOX_REMOVE, auditSource, { name, domain });
 
@@ -1146,13 +1136,14 @@ function removeMailbox(name, domain, auditSource, callback) {
     });
 }
 
-function listAliases(domain, callback) {
+function listAliases(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    mailboxdb.listAliases(domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+    mailboxdb.listAliases(domain, page, perPage, function (error, result) {
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1167,8 +1158,7 @@ function getAliases(name, domain, callback) {
         if (error) return callback(error);
 
         mailboxdb.getAliasesForName(name, domain, function (error, aliases) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-            if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, aliases);
         });
@@ -1189,14 +1179,7 @@ function setAliases(name, domain, aliases, callback) {
     }
 
     mailboxdb.setAliasesForName(name, domain, aliases, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS && error.message.indexOf('mailboxes_name_domain_unique_index') !== -1) {
-            var aliasMatch = error.message.match(new RegExp(`^ER_DUP_ENTRY: Duplicate entry '(.*)-${domain}' for key 'mailboxes_name_domain_unique_index'$`));
-            if (!aliasMatch) return callback(new MailError(MailError.ALREADY_EXISTS, error.message));
-            return callback(new MailError(MailError.ALREADY_EXISTS, `Mailbox, mailinglist or alias for ${aliasMatch[1]} already exists`));
-        }
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, error.message));
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -1207,7 +1190,7 @@ function getLists(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.getLists(domain, function (error, result) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1219,8 +1202,7 @@ function getList(domain, listName, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.getList(listName, domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such list'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1239,12 +1221,11 @@ function addList(name, domain, members, auditSource, callback) {
     if (error) return callback(error);
 
     for (var i = 0; i < members.length; i++) {
-        if (!validator.isEmail(members[i])) return callback(new MailError(MailError.BAD_FIELD, 'Invalid mail member: ' + members[i]));
+        if (!validator.isEmail(members[i])) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid mail member: ' + members[i]));
     }
 
     mailboxdb.addList(name, domain, members, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, 'list already exits'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_LIST_ADD, auditSource, { name, domain });
 
@@ -1264,12 +1245,11 @@ function updateList(name, domain, members, callback) {
     if (error) return callback(error);
 
     for (var i = 0; i < members.length; i++) {
-        if (!validator.isEmail(members[i])) return callback(new MailError(MailError.BAD_FIELD, 'Invalid email: ' + members[i]));
+        if (!validator.isEmail(members[i])) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid email: ' + members[i]));
     }
 
     mailboxdb.updateList(name, domain, members, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -1282,11 +1262,57 @@ function removeList(name, domain, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.del(name, domain, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such list'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
-        eventlog.add(eventlog.ACTION_MAIL_LIST_ADD, auditSource, { name, domain });
+        eventlog.add(eventlog.ACTION_MAIL_LIST_REMOVE, auditSource, { name, domain });
 
         callback();
     });
 }
+
+function resolveList(listName, listDomain, callback) {
+    assert.strictEqual(typeof listName, 'string');
+    assert.strictEqual(typeof listDomain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    getDomains(function (error, mailDomains) {
+        if (error) return callback(error);
+
+        const mailInDomains = mailDomains.filter(function (d) { return d.enabled; }).map(function (d) { return d.domain; }).join(',');
+
+        mailboxdb.getList(listName, listDomain, function (error, list) {
+            if (error) return callback(error);
+
+            let result = [], toResolve = list.members.slice(), visited = []; // slice creates a copy of array
+
+            async.whilst(() => toResolve.length != 0, function (iteratorCallback) {
+                const toProcess = toResolve.shift();
+                const parts = toProcess.split('@');
+                const memberName = parts[0].split('+')[0], memberDomain = parts[1];
+
+                if (!mailInDomains.includes(memberDomain)) { result.push(toProcess); return iteratorCallback(); } // external domain
+
+                const member =`${memberName}@${memberDomain}`; // cleaned up without any '+' subaddress
+                if (visited.includes(member)) {
+                    debug(`resolveList: list ${listName}@${listDomain} has a recursion at member ${member}`);
+                    return iteratorCallback();
+                }
+                visited.push(member);
+
+                mailboxdb.get(memberName, memberDomain, function (error, entry) {
+                    if (error && error.reason == BoxError.NOT_FOUND) { result.push(member); return iteratorCallback(); }
+                    if (error) return iteratorCallback(error);
+
+                    if (entry.type === mailboxdb.TYPE_MAILBOX) { result.push(member); return iteratorCallback(); }
+                    // no need to resolve alias because we only allow one level and within same domain
+                    if (entry.type === mailboxdb.TYPE_ALIAS) { result.push(`${entry.aliasTarget}@${entry.domain}`); return iteratorCallback(); }
+
+                    toResolve = toResolve.concat(entry.members);
+                    iteratorCallback();
+                });
+            }, function (error) {
+                callback(error, result);
+            });
+        });
+    });
+}

src/mail_templates/box_update_error.ejs

@@ -0,0 +1,20 @@
+<%if (format === 'text') { %>
+
+Dear Cloudron Admin,
+
+Cloudron update failed because of the following reason:
+
+-------------------------------------
+
+<%- message %>
+
+-------------------------------------
+
+
+Powered by https://cloudron.io
+
+Sent at: <%= new Date().toUTCString() %>
+
+<% } else { %>
+
+<% } %>

src/mailboxdb.js

@@ -12,6 +12,7 @@ exports = module.exports = {
     listMailboxes: listMailboxes,
     getLists: getLists,
 
+    get: get,
     getMailbox: getMailbox,
     getList: getList,
     getAlias: getAlias,
@@ -33,8 +34,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     safe = require('safetydance'),
     util = require('util');
 
@@ -54,8 +55,8 @@ function addMailbox(name, domain, ownerId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO mailboxes (name, type, domain, ownerId) VALUES (?, ?, ?, ?)', [ name, exports.TYPE_MAILBOX, domain, ownerId ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -68,8 +69,8 @@ function updateMailboxOwner(name, domain, ownerId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('UPDATE mailboxes SET ownerId = ? WHERE name = ? AND domain = ?', [ ownerId, name, domain ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         callback(null);
     });
@@ -83,8 +84,8 @@ function addList(name, domain, members, callback) {
 
     database.query('INSERT INTO mailboxes (name, type, domain, ownerId, membersJson) VALUES (?, ?, ?, ?, ?)',
         [ name, exports.TYPE_LIST, domain, 'admin', JSON.stringify(members) ], function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });
@@ -98,8 +99,8 @@ function updateList(name, domain, members, callback) {
 
     database.query('UPDATE mailboxes SET membersJson = ? WHERE name = ? AND domain = ?',
         [ JSON.stringify(members), name, domain ], function (error, result) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             callback(null);
         });
@@ -109,7 +110,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('TRUNCATE TABLE mailboxes', [], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }
@@ -121,8 +122,8 @@ function del(name, domain, callback) {
 
     // deletes aliases as well
     database.query('DELETE FROM mailboxes WHERE (name=? OR aliasTarget = ?) AND domain = ?', [ name, name, domain ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         callback(null);
     });
@@ -133,7 +134,7 @@ function delByDomain(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM mailboxes WHERE domain = ?', [ domain ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -144,7 +145,7 @@ function delByOwnerId(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM mailboxes WHERE ownerId=?', [ id ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -161,14 +162,28 @@ function updateName(oldName, oldDomain, newName, newDomain, callback) {
     if (oldName === newName && oldDomain === newDomain) return callback(null);
 
     database.query('UPDATE mailboxes SET name=?, domain=? WHERE name=? AND domain = ?', [ newName, newDomain, oldName, oldDomain ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         callback(null);
     });
 }
 
+function get(name, domain, callback) {
+    assert.strictEqual(typeof name, 'string');
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND domain = ?',
+        [ name, domain ], function (error, results) {
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+
+            callback(null, postProcess(results[0]));
+        });
+}
+
 function getMailbox(name, domain, callback) {
     assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof domain, 'string');
@@ -176,20 +191,22 @@ function getMailbox(name, domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND type = ? AND domain = ?',
         [ name, exports.TYPE_MAILBOX, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             callback(null, postProcess(results[0]));
         });
 }
 
-function listMailboxes(domain, callback) {
+function listMailboxes(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND domain = ? ORDER BY name',
+    database.query(`SELECT ${MAILBOX_FIELDS} FROM mailboxes WHERE type = ? AND domain = ? ORDER BY name LIMIT ${(page-1)*perPage},${perPage}`,
         [ exports.TYPE_MAILBOX, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -203,7 +220,7 @@ function getLists(domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND domain = ?',
         [ exports.TYPE_LIST, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -218,8 +235,8 @@ function getList(name, domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND name = ? AND domain = ?',
         [ exports.TYPE_LIST, name, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             callback(null, postProcess(results[0]));
         });
@@ -230,8 +247,8 @@ function getByOwnerId(ownerId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE ownerId = ? ORDER BY name', [ ownerId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         results.forEach(function (result) { postProcess(result); });
 
@@ -246,8 +263,8 @@ function setAliasesForName(name, domain, aliases, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND domain = ?', [ name, domain ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         var queries = [];
         // clear existing aliases
@@ -258,8 +275,14 @@ function setAliasesForName(name, domain, aliases, callback) {
         });
 
         database.transaction(queries, function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY' && error.message.indexOf('mailboxes_name_domain_unique_index') !== -1) {
+                var aliasMatch = error.message.match(new RegExp(`^ER_DUP_ENTRY: Duplicate entry '(.*)-${domain}' for key 'mailboxes_name_domain_unique_index'$`));
+                if (!aliasMatch) return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+
+                return callback(new BoxError(BoxError.ALREADY_EXISTS, `Mailbox, mailinglist or alias for ${aliasMatch[1]} already exists`));
+            }
+
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });
@@ -273,20 +296,22 @@ function getAliasesForName(name, domain, callback) {
 
     database.query('SELECT name FROM mailboxes WHERE type = ? AND aliasTarget = ? AND domain = ? ORDER BY name',
         [ exports.TYPE_ALIAS, name, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results = results.map(function (r) { return r.name; });
             callback(null, results);
         });
 }
 
-function listAliases(domain, callback) {
+function listAliases(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE domain = ? AND type = ? ORDER BY name',
+    database.query(`SELECT ${MAILBOX_FIELDS} FROM mailboxes WHERE domain = ? AND type = ? ORDER BY name LIMIT ${(page-1)*perPage},${perPage}`,
         [ domain, exports.TYPE_ALIAS ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -301,8 +326,8 @@ function getAlias(name, domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND type = ? AND domain = ?',
         [ name, exports.TYPE_ALIAS, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             results.forEach(function (result) { postProcess(result); });
 

src/maildb.js

@@ -15,8 +15,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     safe = require('safetydance');
 
 var MAILDB_FIELDS = [ 'domain', 'enabled', 'mailFromValidation', 'catchAllJson', 'relayJson', 'dkimSelector' ].join(',');
@@ -40,9 +40,9 @@ function add(domain, data, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO mail (domain, dkimSelector) VALUES (?, ?)', [ domain, data.dkimSelector || 'cloudron' ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mail domain already exists'));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND), 'no such domain');
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mail domain already exists'));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND), 'no such domain');
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -53,7 +53,7 @@ function clear(callback) {
 
     // using TRUNCATE makes it fail foreign key check
     database.query('DELETE FROM mail', [], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }
@@ -64,9 +64,9 @@ function del(domain, callback) {
 
     // deletes aliases as well
     database.query('DELETE FROM mail WHERE domain=?', [ domain ], function (error, result) {
-        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new DatabaseError(DatabaseError.IN_USE));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new BoxError(BoxError.CONFLICT));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
 
         callback(null);
     });
@@ -77,8 +77,8 @@ function get(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILDB_FIELDS + ' FROM mail WHERE domain = ?', [ domain ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
 
         callback(null, postProcess(results[0]));
     });
@@ -88,7 +88,7 @@ function list(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILDB_FIELDS + ' FROM mail ORDER BY domain', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(function (result) { postProcess(result); });
 
@@ -118,8 +118,8 @@ function update(domain, data, callback) {
     args.push(domain);
 
     database.query('UPDATE mail SET ' + fields.join(', ') + ' WHERE domain=?', args, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
 
         callback(null);
     });

src/mailer.js

@@ -17,6 +17,7 @@ exports = module.exports = {
     backupFailed: backupFailed,
 
     certificateRenewalError: certificateRenewalError,
+    boxUpdateError: boxUpdateError,
 
     sendTestMail: sendTestMail,
 
@@ -24,11 +25,11 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    constants = require('./constants.js'),
+    BoxError = require('./boxerror.js'),
     custom = require('./custom.js'),
     debug = require('debug')('box:mailer'),
-    docker = require('./docker.js').connection,
     ejs = require('ejs'),
+    mail = require('./mail.js'),
     nodemailer = require('nodemailer'),
     path = require('path'),
     safe = require('safetydance'),
@@ -68,31 +69,20 @@ function sendMail(mailOptions, callback) {
         return callback();
     }
 
-    docker.getContainer('mail').inspect(function (error, data) {
+    mail.getMailAuth(function (error, data) {
         if (error) return callback(error);
 
-        var mailServerIp = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
-        if (!mailServerIp) return callback('Error querying mail server IP');
-
-        // extract the relay token for auth
-        const env = safe.query(data, 'Config.Env', null);
-        if (!env) return callback(new Error('Error getting mail env'));
-        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
-        if (!tmp) return callback(new Error('Error getting CLOUDRON_RELAY_TOKEN env var'));
-        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
-        if (!relayToken)  return callback(new Error('Error parsing CLOUDRON_RELAY_TOKEN'));
-
         var transport = nodemailer.createTransport(smtpTransport({
-            host: mailServerIp,
-            port: constants.INTERNAL_SMTP_PORT,
+            host: data.ip,
+            port: data.port,
             auth: {
                 user: mailOptions.authUser || `no-reply@${settings.adminDomain()}`,
-                pass: relayToken
+                pass: data.relayToken
             }
         }));
 
         transport.sendMail(mailOptions, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
             debug(`Email "${mailOptions.subject}" sent to ${mailOptions.to}`);
 
@@ -411,6 +401,24 @@ function certificateRenewalError(mailTo, domain, message) {
     });
 }
 
+function boxUpdateError(mailTo, message) {
+    assert.strictEqual(typeof mailTo, 'string');
+    assert.strictEqual(typeof message, 'string');
+
+    getMailConfig(function (error, mailConfig) {
+        if (error) return debug('Error getting mail details:', error);
+
+        var mailOptions = {
+            from: mailConfig.notificationFrom,
+            to: mailTo,
+            subject: util.format('[%s] Cloudron update error', mailConfig.cloudronName),
+            text: render('box_update_error.ejs', { message: message, format: 'text' })
+        };
+
+        sendMail(mailOptions);
+    });
+}
+
 function oomEvent(mailTo, program, event) {
     assert.strictEqual(typeof mailTo, 'string');
     assert.strictEqual(typeof program, 'string');

src/nginxconfig.ejs

@@ -97,6 +97,14 @@ server {
 <% if ( endpoint === 'admin' ) { -%>
     # CSP headers for the admin/dashboard resources
     add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
+<% } else { %>
+    <% if (cspQuoted) { %>
+    add_header Content-Security-Policy <%- cspQuoted %>;
+    <% } %>
+
+    <% for (var i = 0; i < hideHeaders.length; i++) { -%>
+    proxy_hide_header <%- hideHeaders[i] %>;
+    <% } %>
 <% } -%>
 
     proxy_http_version 1.1;

src/notificationdb.js

@@ -13,8 +13,8 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 const NOTIFICATION_FIELDS = [ 'id', 'userId', 'eventId', 'title', 'message', 'creationTime', 'acknowledged' ];
 
@@ -34,8 +34,8 @@ function add(notification, callback) {
     const args = [ notification.userId, notification.eventId, notification.title, notification.message, notification.acknowledged ];
 
     database.query(query, args, function (error, result) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'no such eventlog entry'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'no such eventlog entry'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, String(result.insertId));
     });
@@ -47,8 +47,8 @@ function getByUserIdAndTitle(userId, title, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + NOTIFICATION_FIELDS + ' from notifications WHERE userId = ? AND title = ? ORDER BY creationTime LIMIT 1', [ userId, title ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         postProcess(results[0]);
 
@@ -70,8 +70,8 @@ function update(id, data, callback) {
     args.push(id);
 
     database.query('UPDATE notifications SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         callback(null);
     });
@@ -82,8 +82,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + NOTIFICATION_FIELDS + ' FROM notifications WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         postProcess(result[0]);
 
@@ -96,8 +96,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM notifications WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         callback(null);
     });
@@ -118,7 +118,7 @@ function listByUserIdPaged(userId, page, perPage, callback) {
     data.push(perPage);
 
     database.query(query, data, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -130,7 +130,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM notifications', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });

src/notifications.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    NotificationsError: NotificationsError,
-
     get: get,
     ack: ack,
     getAllPaged: getAllPaged,
@@ -24,39 +22,16 @@ exports = module.exports = {
 
 let assert = require('assert'),
     async = require('async'),
-    auditsource = require('./auditsource.js'),
+    auditSource = require('./auditsource.js'),
+    BoxError = require('./boxerror.js'),
     changelog = require('./changelog.js'),
     custom = require('./custom.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:notifications'),
     eventlog = require('./eventlog.js'),
     mailer = require('./mailer.js'),
     notificationdb = require('./notificationdb.js'),
     settings = require('./settings.js'),
-    users = require('./users.js'),
-    util = require('util');
-
-function NotificationsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(NotificationsError, Error);
-NotificationsError.INTERNAL_ERROR = 'Internal Error';
-NotificationsError.NOT_FOUND = 'Not Found';
+    users = require('./users.js');
 
 function add(userId, eventId, title, message, callback) {
     assert.strictEqual(typeof userId, 'string');
@@ -74,8 +49,7 @@ function add(userId, eventId, title, message, callback) {
         message: message,
         acknowledged: false
     }, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND, error.message));
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, { id: result });
     });
@@ -86,8 +60,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     notificationdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND));
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -98,8 +71,7 @@ function ack(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     notificationdb.update(id, { acknowledged: true }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND));
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -114,7 +86,7 @@ function getAllPaged(userId, acknowledged, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     notificationdb.listByUserIdPaged(userId, page, perPage, function (error, result) {
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (acknowledged === null) return callback(null, result);
 
@@ -129,7 +101,7 @@ function actionForAllAdmins(skippingUserIds, iterator, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     users.getAllAdmins(function (error, result) {
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         // filter out users we want to skip (like the user who did the action or the user the action was performed on)
         result = result.filter(function (r) { return skippingUserIds.indexOf(r.id) === -1; });
@@ -255,7 +227,8 @@ function appUpdated(eventId, app, callback) {
     }, callback);
 }
 
-function boxUpdated(oldVersion, newVersion, callback) {
+function boxUpdated(eventId, oldVersion, newVersion, callback) {
+    assert.strictEqual(typeof eventId, 'string');
     assert.strictEqual(typeof oldVersion, 'string');
     assert.strictEqual(typeof newVersion, 'string');
     assert.strictEqual(typeof callback, 'function');
@@ -264,7 +237,21 @@ function boxUpdated(oldVersion, newVersion, callback) {
     const changelogMarkdown = changes.map((m) => `* ${m}\n`).join('');
 
     actionForAllAdmins([], function (admin, done) {
-        add(admin.id, null, `Cloudron updated to v${newVersion}`, `Cloudron was updated from v${oldVersion} to v${newVersion}.\n\nChangelog:\n${changelogMarkdown}\n`, done);
+        add(admin.id, eventId, `Cloudron updated to v${newVersion}`, `Cloudron was updated from v${oldVersion} to v${newVersion}.\n\nChangelog:\n${changelogMarkdown}\n`, done);
+    }, callback);
+}
+
+function boxUpdateError(eventId, errorMessage, callback) {
+    assert.strictEqual(typeof eventId, 'string');
+    assert.strictEqual(typeof errorMessage, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (custom.spec().alerts.email) mailer.boxUpdateError(custom.spec().alerts.email, errorMessage);
+    if (!custom.spec().alerts.notifyCloudronAdmins) return callback();
+
+    actionForAllAdmins([], function (admin, done) {
+        mailer.boxUpdateError(admin.email, errorMessage);
+        add(admin.id, eventId, 'Cloudron update failed', `Failed to update Cloudron: ${errorMessage}. Update will be retried in 4 hours`, done);
     }, callback);
 }
 
@@ -294,7 +281,7 @@ function backupFailed(eventId, taskId, errorMessage, callback) {
 
     actionForAllAdmins([], function (admin, callback) {
         mailer.backupFailed(admin.email, errorMessage, `${settings.adminOrigin()}/logs.html?taskId=${taskId}`);
-        add(admin.id, eventId, 'Failed to backup', `Backup failed: ${errorMessage}. Logs are available [here](/logs.html?taskId=${taskId}). Will be retried in 4 hours`, callback);
+        add(admin.id, eventId, 'Backup failed', `Backup failed: ${errorMessage}. Logs are available [here](/logs.html?taskId=${taskId}). Will be retried in 4 hours`, callback);
     }, callback);
 }
 
@@ -319,15 +306,14 @@ function alert(id, title, message, callback) {
         };
 
         notificationdb.getByUserIdAndTitle(admin.id, title, function (error, result) {
-            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
             if (!result && acknowledged) return callback(); // do not add acked alerts
 
             let updateFunc = !result ? notificationdb.add.bind(null, data) : notificationdb.update.bind(null, result.id, data);
 
             updateFunc(function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND, error.message));
-                if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 callback(null);
             });
@@ -347,7 +333,7 @@ function onEvent(id, action, source, data, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     // external ldap syncer does not generate notifications - FIXME username might be an issue here
-    if (source.username === auditsource.EXTERNAL_LDAP_TASK.username) return callback();
+    if (source.username === auditSource.EXTERNAL_LDAP_TASK.username) return callback();
 
     switch (action) {
     case eventlog.ACTION_USER_ADD:
@@ -379,11 +365,15 @@ function onEvent(id, action, source, data, callback) {
         return certificateRenewalError(id, data.domain, data.errorMessage, callback);
 
     case eventlog.ACTION_BACKUP_FINISH:
-        if (!data.errorMessage || source.username !== 'cron') return callback();
-        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups
+        if (!data.errorMessage) return callback();
+        if (source.username !== auditSource.CRON.username && !data.timedOut) return callback(); // manual stop by user
+
+        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups or timedout
 
     case eventlog.ACTION_UPDATE_FINISH:
-        return boxUpdated(data.oldVersion, data.newVersion, callback);
+        if (!data.errorMessage) return boxUpdated(id, data.oldVersion, data.newVersion, callback);
+        if (data.timedOut) return boxUpdateError(id, data.errorMessage, callback);
+        return callback();
 
     default:
         return callback();

src/paths.js

@@ -44,6 +44,7 @@ exports = module.exports = {
 
     // this is not part of appdata because an icon may be set before install
     APP_ICONS_DIR: path.join(baseDir(), 'boxdata/appicons'),
+    PROFILE_ICONS_DIR: path.join(baseDir(), 'boxdata/profileicons'),
     MAIL_DATA_DIR: path.join(baseDir(), 'boxdata/mail'),
     ACME_ACCOUNT_KEY_FILE: path.join(baseDir(), 'boxdata/acme/acme.key'),
     APP_CERTS_DIR: path.join(baseDir(), 'boxdata/certs'),

src/provision.js

@@ -6,23 +6,19 @@ exports = module.exports = {
     activate: activate,
     getStatus: getStatus,
 
-    autoRegister: autoRegister,
-
-    ProvisionError: ProvisionError
+    autoRegister: autoRegister
 };
 
 var appstore = require('./appstore.js'),
-    AppstoreError = require('./appstore.js').AppstoreError,
     assert = require('assert'),
     async = require('async'),
     backups = require('./backups.js'),
-    BackupsError = require('./backups.js').BackupsError,
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     clients = require('./clients.js'),
     cloudron = require('./cloudron.js'),
     debug = require('debug')('box:provision'),
     domains = require('./domains.js'),
-    DomainsError = domains.DomainsError,
     eventlog = require('./eventlog.js'),
     fs = require('fs'),
     mail = require('./mail.js'),
@@ -30,12 +26,10 @@ var appstore = require('./appstore.js'),
     safe = require('safetydance'),
     semver = require('semver'),
     settings = require('./settings.js'),
-    superagent = require('superagent'),
     sysinfo = require('./sysinfo.js'),
+    superagent = require('superagent'),
     users = require('./users.js'),
-    UsersError = users.UsersError,
     tld = require('tldjs'),
-    util = require('util'),
     _ = require('underscore');
 
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
@@ -54,33 +48,6 @@ let gProvisionStatus = {
     }
 };
 
-function ProvisionError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(ProvisionError, Error);
-ProvisionError.BAD_FIELD = 'Field error';
-ProvisionError.BAD_STATE = 'Bad State';
-ProvisionError.ALREADY_SETUP = 'Already Setup';
-ProvisionError.INTERNAL_ERROR = 'Internal Error';
-ProvisionError.EXTERNAL_ERROR = 'External Error';
-ProvisionError.LICENSE_ERROR = 'License Error';
-ProvisionError.ALREADY_PROVISIONED = 'Already Provisioned';
-
 function setProgress(task, message, callback) {
     debug(`setProgress: ${task} - ${message}`);
     gProvisionStatus[task].message = message;
@@ -94,14 +61,14 @@ function autoRegister(domain, callback) {
     if (!fs.existsSync(paths.LICENSE_FILE)) return callback();
 
     const license = safe.fs.readFileSync(paths.LICENSE_FILE, 'utf8');
-    if (!license) return callback(new ProvisionError(ProvisionError.EXTERNAL_ERROR, 'Cannot read license'));
+    if (!license) return callback(new BoxError(BoxError.LICENSE_ERROR, 'Cannot read license'));
 
     debug('Auto-registering cloudron');
 
     appstore.registerWithLicense(license.trim(), domain, function (error) {
-        if (error && error.reason !== AppstoreError.ALREADY_REGISTERED) {
+        if (error && error.reason !== BoxError.CONFLICT) { // not already registered
             debug('Failed to auto-register cloudron', error);
-            return callback(new ProvisionError(ProvisionError.LICENSE_ERROR, 'Failed to auto-register Cloudron with license. Please contact support@cloudron.io'));
+            return callback(new BoxError(BoxError.LICENSE_ERROR, 'Failed to auto-register Cloudron with license. Please contact support@cloudron.io'));
         }
 
         callback();
@@ -122,13 +89,13 @@ function unprovision(callback) {
 }
 
 
-function setup(dnsConfig, backupConfig, auditSource, callback) {
+function setup(dnsConfig, sysinfoConfig, auditSource, callback) {
     assert.strictEqual(typeof dnsConfig, 'object');
-    assert.strictEqual(typeof backupConfig, 'object');
+    assert.strictEqual(typeof sysinfoConfig, 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new ProvisionError(ProvisionError.BAD_STATE, 'Already setting up or restoring'));
+    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new BoxError(BoxError.BAD_STATE, 'Already setting up or restoring'));
 
     gProvisionStatus.setup = { active: true, errorMessage: '', message: 'Adding domain' };
 
@@ -139,11 +106,11 @@ function setup(dnsConfig, backupConfig, auditSource, callback) {
     }
 
     users.isActivated(function (error, activated) {
-        if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
-        if (activated) return done(new ProvisionError(ProvisionError.ALREADY_SETUP));
+        if (error) return done(error);
+        if (activated) return done(new BoxError(BoxError.CONFLICT, 'Already activated', { activate: true }));
 
         unprovision(function (error) {
-            if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return done(error);
 
             const domain = dnsConfig.domain.toLowerCase();
             const zoneName = dnsConfig.zoneName ? dnsConfig.zoneName : (tld.getDomain(domain) || domain);
@@ -159,23 +126,25 @@ function setup(dnsConfig, backupConfig, auditSource, callback) {
             };
 
             domains.add(domain, data, auditSource, function (error) {
-                if (error && error.reason === DomainsError.BAD_FIELD) return done(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-                if (error && error.reason === DomainsError.ALREADY_EXISTS) return done(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-                if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+                if (error) return done(error);
 
-                callback(); // now that args are validated run the task in the background
+                sysinfo.testConfig(sysinfoConfig, function (error) {
+                    if (error) return done(error);
 
-                async.series([
-                    autoRegister.bind(null, domain),
-                    domains.prepareDashboardDomain.bind(null, domain, auditSource, (progress) => setProgress('setup', progress.message, NOOP_CALLBACK)),
-                    cloudron.setDashboardDomain.bind(null, domain, auditSource),
-                    mail.addDomain.bind(null, domain), // this relies on settings.mailFqdn() and settings.adminDomain()
-                    (next) => { if (!backupConfig) return next(); settings.setBackupConfig(backupConfig, next); },
-                    setProgress.bind(null, 'setup', 'Done'),
-                    eventlog.add.bind(null, eventlog.ACTION_PROVISION, auditSource, { })
-                ], function (error) {
-                    gProvisionStatus.setup.active = false;
-                    gProvisionStatus.setup.errorMessage = error ? error.message : '';
+                    callback(); // now that args are validated run the task in the background
+
+                    async.series([
+                        autoRegister.bind(null, domain),
+                        settings.setSysinfoConfig.bind(null, sysinfoConfig),
+                        domains.prepareDashboardDomain.bind(null, domain, auditSource, (progress) => setProgress('setup', progress.message, NOOP_CALLBACK)),
+                        cloudron.setDashboardDomain.bind(null, domain, auditSource),
+                        mail.addDomain.bind(null, domain), // this relies on settings.mailFqdn() and settings.adminDomain()
+                        setProgress.bind(null, 'setup', 'Done'),
+                        eventlog.add.bind(null, eventlog.ACTION_PROVISION, auditSource, { })
+                    ], function (error) {
+                        gProvisionStatus.setup.active = false;
+                        gProvisionStatus.setup.errorMessage = error ? error.message : '';
+                    });
                 });
             });
         });
@@ -221,12 +190,11 @@ function activate(username, password, email, displayName, ip, auditSource, callb
     setTimeZone(ip, function () { }); // TODO: get this from user. note that timezone is detected based on the browser location and not the cloudron region
 
     users.createOwner(username, password, email, displayName, auditSource, function (error, userObject) {
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return callback(new ProvisionError(ProvisionError.ALREADY_PROVISIONED, 'Already activated'));
-        if (error && error.reason === UsersError.BAD_FIELD) return callback(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-        if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.ALREADY_EXISTS) return callback(new BoxError(BoxError.CONFLICT, 'Already activated'));
+        if (error) return callback(error);
 
         clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
-            if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, { });
 
@@ -241,17 +209,18 @@ function activate(username, password, email, displayName, ip, auditSource, callb
     });
 }
 
-function restore(backupConfig, backupId, version, auditSource, callback) {
+function restore(backupConfig, backupId, version, sysinfoConfig, auditSource, callback) {
     assert.strictEqual(typeof backupConfig, 'object');
     assert.strictEqual(typeof backupId, 'string');
     assert.strictEqual(typeof version, 'string');
+    assert.strictEqual(typeof sysinfoConfig, 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!semver.valid(version)) return callback(new ProvisionError(ProvisionError.BAD_STATE, 'version is not a valid semver'));
-    if (semver.major(constants.VERSION) !== semver.major(version) || semver.minor(constants.VERSION) !== semver.minor(version)) return callback(new ProvisionError(ProvisionError.BAD_STATE, `Run cloudron-setup with --version ${version} to restore from this backup`));
+    if (!semver.valid(version)) return callback(new BoxError(BoxError.BAD_FIELD, 'version is not a valid semver', { field: 'version' }));
+    if (constants.VERSION !== version) return callback(new BoxError(BoxError.BAD_STATE, `Run cloudron-setup with --version ${version} to restore from this backup`));
 
-    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new ProvisionError(ProvisionError.BAD_STATE, 'Already setting up or restoring'));
+    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new BoxError(BoxError.BAD_STATE, 'Already setting up or restoring'));
 
     gProvisionStatus.restore = { active: true, errorMessage: '', message: 'Testing backup config' };
 
@@ -262,29 +231,32 @@ function restore(backupConfig, backupId, version, auditSource, callback) {
     }
 
     users.isActivated(function (error, activated) {
-        if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
-        if (activated) return done(new ProvisionError(ProvisionError.ALREADY_PROVISIONED, 'Already activated. Restore with a fresh Cloudron installation.'));
+        if (error) return done(error);
+        if (activated) return done(new BoxError(BoxError.CONFLICT, 'Already activated. Restore with a fresh Cloudron installation.'));
 
         backups.testConfig(backupConfig, function (error) {
-            if (error && error.reason === BackupsError.BAD_FIELD) return done(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return done(new ProvisionError(ProvisionError.EXTERNAL_ERROR, error.message));
-            if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return done(error);
 
-            debug(`restore: restoring from ${backupId} from provider ${backupConfig.provider} with format ${backupConfig.format}`);
+            sysinfo.testConfig(sysinfoConfig, function (error) {
+                if (error) return done(error);
 
-            callback(); // now that the fields are validated, continue task in the background
+                debug(`restore: restoring from ${backupId} from provider ${backupConfig.provider} with format ${backupConfig.format}`);
 
-            async.series([
-                setProgress.bind(null, 'restore', 'Downloading backup'),
-                backups.restore.bind(null, backupConfig, backupId, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
-                cloudron.setupDashboard.bind(null, auditSource, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
-                settings.setBackupConfig.bind(null, backupConfig), // update with the latest backupConfig
-                eventlog.add.bind(null, eventlog.ACTION_RESTORE, auditSource, { backupId }),
-            ], function (error) {
-                gProvisionStatus.restore.active = false;
-                gProvisionStatus.restore.errorMessage = error ? error.message : '';
+                callback(); // now that the fields are validated, continue task in the background
 
-                if (!error) cloudron.onActivated(NOOP_CALLBACK);
+                async.series([
+                    setProgress.bind(null, 'restore', 'Downloading backup'),
+                    backups.restore.bind(null, backupConfig, backupId, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
+                    settings.setSysinfoConfig.bind(null, sysinfoConfig),
+                    cloudron.setupDashboard.bind(null, auditSource, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
+                    settings.setBackupConfig.bind(null, backupConfig), // update with the latest backupConfig
+                    eventlog.add.bind(null, eventlog.ACTION_RESTORE, auditSource, { backupId }),
+                ], function (error) {
+                    gProvisionStatus.restore.active = false;
+                    gProvisionStatus.restore.errorMessage = error ? error.message : '';
+
+                    if (!error) cloudron.onActivated(NOOP_CALLBACK);
+                });
             });
         });
     });
@@ -294,15 +266,16 @@ function getStatus(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     users.isActivated(function (error, activated) {
-        if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         settings.getCloudronName(function (error, cloudronName) {
-            if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, _.extend({
                 version: constants.VERSION,
                 apiServerOrigin: settings.apiServerOrigin(), // used by CaaS tool
-                provider: sysinfo.provider(),
+                webServerOrigin: settings.webServerOrigin(), // used by CaaS tool
+                provider: settings.provider(),
                 cloudronName: cloudronName,
                 adminFqdn: settings.adminDomain() ? settings.adminFqdn() : null,
                 activated: activated,

src/reverseproxy.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    ReverseProxyError: ReverseProxyError,
-
     setFallbackCertificate: setFallbackCertificate,
     getFallbackCertificate: getFallbackCertificate,
 
@@ -36,6 +34,7 @@ var acme2 = require('./cert/acme2.js'),
     apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     caas = require('./cert/caas.js'),
     constants = require('./constants.js'),
     crypto = require('crypto'),
@@ -57,32 +56,9 @@ var acme2 = require('./cert/acme2.js'),
     users = require('./users.js'),
     util = require('util');
 
-var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/appconfig.ejs', { encoding: 'utf8' }),
+var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/nginxconfig.ejs', { encoding: 'utf8' }),
     RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh');
 
-function ReverseProxyError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(ReverseProxyError, Error);
-ReverseProxyError.INTERNAL_ERROR = 'Internal Error';
-ReverseProxyError.INVALID_CERT = 'Invalid certificate';
-ReverseProxyError.NOT_FOUND = 'Not Found';
-
 function getCertApi(domainObject, callback) {
     assert.strictEqual(typeof domainObject, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -164,29 +140,29 @@ function validateCertificate(location, domainObject, certificate) {
     const cert = certificate.cert, key = certificate.key;
 
     // check for empty cert and key strings
-    if (!cert && key) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'missing cert');
-    if (cert && !key) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'missing key');
+    if (!cert && key) return new BoxError(BoxError.BAD_FIELD, 'missing cert', { field: 'cert' });
+    if (cert && !key) return new BoxError(BoxError.BAD_FIELD, 'missing key', { field: 'key' });
 
     // -checkhost checks for SAN or CN exclusively. SAN takes precedence and if present, ignores the CN.
     const fqdn = domains.fqdn(location, domainObject);
 
     var result = safe.child_process.execSync(`openssl x509 -noout -checkhost "${fqdn}"`, { encoding: 'utf8', input: cert });
-    if (result === null) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'Unable to get certificate subject:' + safe.error.message);
+    if (result === null) return new BoxError(BoxError.BAD_FIELD, 'Unable to get certificate subject:' + safe.error.message, { field: 'cert' });
 
-    if (result.indexOf('does match certificate') === -1) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, `Certificate is not valid for this domain. Expecting ${fqdn}`);
+    if (result.indexOf('does match certificate') === -1) return new BoxError(BoxError.BAD_FIELD, `Certificate is not valid for this domain. Expecting ${fqdn}`, { field: 'cert' });
 
     // http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify
     var certModulus = safe.child_process.execSync('openssl x509 -noout -modulus', { encoding: 'utf8', input: cert });
-    if (certModulus === null) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, `Unable to get cert modulus: ${safe.error.message}`);
+    if (certModulus === null) return new BoxError(BoxError.BAD_FIELD, `Unable to get cert modulus: ${safe.error.message}`, { field: 'cert' });
 
     var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key });
-    if (keyModulus === null) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, `Unable to get key modulus: ${safe.error.message}`);
+    if (keyModulus === null) return new BoxError(BoxError.BAD_FIELD, `Unable to get key modulus: ${safe.error.message}`, { field: 'cert' });
 
-    if (certModulus !== keyModulus) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'Key does not match the certificate.');
+    if (certModulus !== keyModulus) return new BoxError(BoxError.BAD_FIELD, 'Key does not match the certificate.', { field: 'cert' });
 
     // check expiration
     result = safe.child_process.execSync('openssl x509 -checkend 0', { encoding: 'utf8', input: cert });
-    if (!result) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'Certificate has expired.');
+    if (!result) return new BoxError(BoxError.BAD_FIELD, 'Certificate has expired.', { field: 'cert' });
 
     return null;
 }
@@ -194,7 +170,11 @@ function validateCertificate(location, domainObject, certificate) {
 function reload(callback) {
     if (process.env.BOX_ENV === 'test') return callback();
 
-    shell.sudo('reload', [ RELOAD_NGINX_CMD ], {}, callback);
+    shell.sudo('reload', [ RELOAD_NGINX_CMD ], {}, function (error) {
+        if (error) return callback(new BoxError(BoxError.NGINX_ERROR, `Error reloading nginx: ${error.message}`));
+
+        callback();
+    });
 }
 
 function generateFallbackCertificateSync(domainObject) {
@@ -215,15 +195,15 @@ function generateFallbackCertificateSync(domainObject) {
     let configFile = path.join(os.tmpdir(), 'openssl-' + crypto.randomBytes(4).readUInt32LE(0) + '.conf');
     safe.fs.writeFileSync(configFile, opensslConfWithSan, 'utf8');
     let certCommand = util.format(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 3650 -subj /CN=*.${cn} -extensions SAN -config ${configFile} -nodes`);
-    if (!safe.child_process.execSync(certCommand)) return { error: new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message) };
+    if (!safe.child_process.execSync(certCommand)) return { error: new BoxError(BoxError.OPENSSL_ERROR, safe.error.message) };
     safe.fs.unlinkSync(configFile);
 
     const cert = safe.fs.readFileSync(certFilePath, 'utf8');
-    if (!cert) return { error: safe.error };
+    if (!cert) return { error: new BoxError(BoxError.FS_ERROR, safe.error.message) };
     safe.fs.unlinkSync(certFilePath);
 
     const key = safe.fs.readFileSync(keyFilePath, 'utf8');
-    if (!key) return { error: safe.error };
+    if (!key) return { error: new BoxError(BoxError.FS_ERROR, safe.error.message) };
     safe.fs.unlinkSync(keyFilePath);
 
     return { cert: cert, key: key, error: null };
@@ -237,17 +217,17 @@ function setFallbackCertificate(domain, fallback, callback) {
 
     if (fallback.restricted) { // restricted certs are not backed up
         debug(`setFallbackCertificate: setting restricted certs for domain ${domain}`);
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), fallback.key)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
     } else {
         debug(`setFallbackCertificate: setting certs for domain ${domain}`);
-        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
-        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
     }
 
     // TODO: maybe the cert is being used by the mail container
     reload(function (error) {
-        if (error) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.NGINX_ERROR, error));
 
         return callback(null);
     });
@@ -333,6 +313,8 @@ function notifyCertChanged(vhost, callback) {
     assert.strictEqual(typeof vhost, 'string');
     assert.strictEqual(typeof callback, 'function');
 
+    debug(`notifyCertChanged: vhost: ${vhost} mailFqdn: ${settings.mailFqdn()}`);
+
     if (vhost !== settings.mailFqdn()) return callback();
 
     mail.handleCertChanged(callback);
@@ -350,7 +332,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
         getCertApi(domainObject, function (error, api, apiOptions) {
             if (error) return callback(error);
 
-            getCertificateByHostname(vhost, domainObject, function (error, currentBundle) {
+            getCertificateByHostname(vhost, domainObject, function (_error, currentBundle) {
                 if (currentBundle) {
                     debug(`ensureCertificate: ${vhost} certificate already exists at ${currentBundle.keyFilePath}`);
 
@@ -364,13 +346,22 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
                 debug('ensureCertificate: getting certificate for %s with options %j', vhost, apiOptions);
 
                 api.getCertificate(vhost, domain, apiOptions, function (error, certFilePath, keyFilePath) {
+                    debug(`ensureCertificate: error: ${error ? error.message : 'null'} cert: ${certFilePath || 'null'}`);
+
                     eventlog.add(currentBundle ? eventlog.ACTION_CERTIFICATE_RENEWAL : eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: vhost, errorMessage: error ? error.message : '' });
 
+                    if (error && currentBundle && !isExpiringSync(currentBundle.certFilePath, 0)) {
+                        debug('ensureCertificate: continue using existing bundle since renewal failed');
+                        return callback(null, currentBundle, { renewed: false });
+                    }
+
                     notifyCertChanged(vhost, function (error) {
                         if (error) return callback(error);
 
                         if (certFilePath && keyFilePath) return callback(null, { certFilePath, keyFilePath }, { renewed: true });
 
+                        debug(`ensureCertificate: renewal of ${vhost} failed. using fallback certificates for ${domain}`);
+
                         // if no cert was returned use fallback. the fallback/caas provider will not provide any for example
                         getFallbackCertificate(domain, function (error, bundle) {
                             if (error) return callback(error);
@@ -403,7 +394,7 @@ function writeAdminNginxConfig(bundle, configFileName, vhost, callback) {
     var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
     var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, configFileName);
 
-    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(safe.error);
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
 
     reload(callback);
 }
@@ -453,6 +444,15 @@ function writeAppNginxConfig(app, bundle, callback) {
     var sourceDir = path.resolve(__dirname, '..');
     var endpoint = 'app';
 
+    let robotsTxtQuoted = null, hideHeaders = [], cspQuoted = null;
+    const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
+    if (reverseProxyConfig.robotsTxt) robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
+    if (reverseProxyConfig.csp) {
+        cspQuoted = `"${app.reverseProxyConfig.csp}"`;
+        hideHeaders = [ 'Content-Security-Policy' ];
+        if (reverseProxyConfig.csp.includes('frame-ancestors ')) hideHeaders.push('X-Frame-Options');
+    }
+
     var data = {
         sourceDir: sourceDir,
         adminOrigin: settings.adminOrigin(),
@@ -462,7 +462,9 @@ function writeAppNginxConfig(app, bundle, callback) {
         endpoint: endpoint,
         certFilePath: bundle.certFilePath,
         keyFilePath: bundle.keyFilePath,
-        robotsTxtQuoted: app.robotsTxt ? JSON.stringify(app.robotsTxt) : null
+        robotsTxtQuoted,
+        cspQuoted,
+        hideHeaders
     };
     var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
@@ -471,7 +473,7 @@ function writeAppNginxConfig(app, bundle, callback) {
 
     if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
         debug('Error creating nginx config for "%s" : %s', app.fqdn, safe.error.message);
-        return callback(safe.error);
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
     }
 
     reload(callback);
@@ -491,7 +493,9 @@ function writeAppRedirectNginxConfig(app, fqdn, bundle, callback) {
         endpoint: 'redirect',
         certFilePath: bundle.certFilePath,
         keyFilePath: bundle.keyFilePath,
-        robotsTxtQuoted: null
+        robotsTxtQuoted: null,
+        cspQuoted: null,
+        hideHeaders: []
     };
     var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
@@ -501,7 +505,7 @@ function writeAppRedirectNginxConfig(app, fqdn, bundle, callback) {
 
     if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
         debug('Error creating nginx redirect config for "%s" : %s', app.fqdn, safe.error.message);
-        return callback(safe.error);
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
     }
 
     reload(callback);
@@ -610,7 +614,7 @@ function renewCerts(options, auditSource, progressCallback, callback) {
                 if (appDomain.type === 'webadmin') configureFunc = writeAdminNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn());
                 else if (appDomain.type === 'main') configureFunc = writeAppNginxConfig.bind(null, appDomain.app, bundle);
                 else if (appDomain.type === 'alternate') configureFunc = writeAppRedirectNginxConfig.bind(null, appDomain.app, appDomain.fqdn, bundle);
-                else return iteratorCallback(new Error(`Unknown domain type for ${appDomain.fqdn}. This should never happen`));
+                else return iteratorCallback(new BoxError(BoxError.INTERNAL_ERROR, `Unknown domain type for ${appDomain.fqdn}. This should never happen`));
 
                 configureFunc(iteratorCallback);
             });
@@ -646,7 +650,7 @@ function writeDefaultConfig(callback) {
         var cn = 'cloudron-' + (new Date()).toISOString(); // randomize date a bit to keep firefox happy
         if (!safe.child_process.execSync(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 3650 -subj /CN=${cn} -nodes`)) {
             debug(`writeDefaultConfig: could not generate certificate: ${safe.error.message}`);
-            return callback(safe.error);
+            return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
         }
     }
 

src/routes/accesscontrol.js

@@ -12,14 +12,14 @@ var accesscontrol = require('../accesscontrol.js'),
     assert = require('assert'),
     BasicStrategy = require('passport-http').BasicStrategy,
     BearerStrategy = require('passport-http-bearer').Strategy,
+    BoxError = require('../boxerror.js'),
     clients = require('../clients.js'),
     ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
-    ClientsError = clients.ClientsError,
+    externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
     LocalStrategy = require('passport-local').Strategy,
     passport = require('passport'),
-    users = require('../users.js'),
-    UsersError = users.UsersError;
+    users = require('../users.js');
 
 function initialize(callback) {
     assert.strictEqual(typeof callback, 'function');
@@ -32,26 +32,46 @@ function initialize(callback) {
     // deserialize user from session
     passport.deserializeUser(function(userId, callback) {
         users.get(userId, function (error, result) {
-            if (error) return callback(error);
+            if (error) return callback(null, null /* user */, error.message); // will end up as a 401. can happen if user with active session got deleted
 
             callback(null, result);
         });
     });
 
-    // used when username/password is sent in request body. used in CLI tool login route
+
+    // used when username/password is sent in request body. used in CLI login & oauth2 login route
     passport.use(new LocalStrategy(function (username, password, callback) {
+
+        // TODO we should only do this for dashboard logins
+        function createAndVerifyUserIfNotExist(identifier, password, callback) {
+            assert.strictEqual(typeof identifier, 'string');
+            assert.strictEqual(typeof password, 'string');
+            assert.strictEqual(typeof callback, 'function');
+
+            externalLdap.createAndVerifyUserIfNotExist(identifier.toLowerCase(), password, function (error, result) {
+                if (error && error.reason === BoxError.BAD_STATE) return callback(null, false);
+                if (error && error.reason === BoxError.BAD_FIELD) return callback(null, false);
+                if (error && error.reason === BoxError.CONFLICT) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
+                if (error) return callback(error);
+
+                callback(null, result);
+            });
+        }
+
         if (username.indexOf('@') === -1) {
             users.verifyWithUsername(username, password, function (error, result) {
-                if (error && error.reason === UsersError.NOT_FOUND) return callback(null, false);
-                if (error && error.reason === UsersError.WRONG_PASSWORD) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyUserIfNotExist(username, password, callback);
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
                 if (error) return callback(error);
                 if (!result) return callback(null, false);
                 callback(null, result);
             });
         } else {
             users.verifyWithEmail(username, password, function (error, result) {
-                if (error && error.reason === UsersError.NOT_FOUND) return callback(null, false);
-                if (error && error.reason === UsersError.WRONG_PASSWORD) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return createAndVerifyUserIfNotExist(username, password, callback);
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
                 if (error) return callback(error);
                 if (!result) return callback(null, false);
                 callback(null, result);
@@ -62,7 +82,7 @@ function initialize(callback) {
     // Used to authenticate a OAuth2 client which uses clientId and clientSecret in the Authorization header
     passport.use(new BasicStrategy(function (clientId, clientSecret, callback) {
         clients.get(clientId, function (error, client) {
-            if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
             if (error) return callback(error);
             if (client.clientSecret !== clientSecret) return callback(null, false);
             callback(null, client);
@@ -72,7 +92,7 @@ function initialize(callback) {
     // Used to authenticate a OAuth2 client which uses clientId and clientSecret in the request body (client_id, client_secret)
     passport.use(new ClientPasswordStrategy(function (clientId, clientSecret, callback) {
         clients.get(clientId, function(error, client) {
-            if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
             if (error) { return callback(error); }
             if (client.clientSecret !== clientSecret) { return callback(null, false); }
             callback(null, client);

src/routes/apps.js

@@ -7,6 +7,7 @@ exports = module.exports = {
     installApp: installApp,
     uninstallApp: uninstallApp,
     restoreApp: restoreApp,
+    importApp: importApp,
     backupApp: backupApp,
     updateApp: updateApp,
     getLogs: getLogs,
@@ -21,7 +22,7 @@ exports = module.exports = {
     setMemoryLimit: setMemoryLimit,
     setAutomaticBackup: setAutomaticBackup,
     setAutomaticUpdate: setAutomaticUpdate,
-    setRobotsTxt: setRobotsTxt,
+    setReverseProxyConfig: setReverseProxyConfig,
     setCertificate: setCertificate,
     setDebugMode: setDebugMode,
     setEnvironment: setEnvironment,
@@ -31,6 +32,7 @@ exports = module.exports = {
 
     stopApp: stopApp,
     startApp: startApp,
+    restartApp: restartApp,
     exec: exec,
     execWebSocket: execWebSocket,
 
@@ -41,9 +43,9 @@ exports = module.exports = {
 };
 
 var apps = require('../apps.js'),
-    AppsError = apps.AppsError,
     assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:routes/apps'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -51,30 +53,11 @@ var apps = require('../apps.js'),
     util = require('util'),
     WebSocket = require('ws');
 
-function toHttpError(appError) {
-    switch (appError.reason) {
-    case AppsError.NOT_FOUND:
-        return new HttpError(404, appError);
-    case AppsError.ALREADY_EXISTS:
-    case AppsError.BAD_STATE:
-        return new HttpError(409, appError);
-    case AppsError.BAD_FIELD:
-        return new HttpError(400, appError);
-    case AppsError.PLAN_LIMIT:
-        return new HttpError(402, appError);
-    case AppsError.EXTERNAL_ERROR:
-        return new HttpError(424, appError);
-    case AppsError.INTERNAL_ERROR:
-    default:
-        return new HttpError(500, appError);
-    }
-}
-
 function getApp(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
     apps.get(req.params.id, function (error, app) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, apps.removeInternalFields(app)));
     });
@@ -84,7 +67,7 @@ function getApps(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     apps.getAllByUser(req.user, function (error, allApps) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         allApps = allApps.map(apps.removeRestrictedFields);
 
@@ -96,7 +79,7 @@ function getAppIcon(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
     apps.getIconPath(req.params.id, { original: req.query.original }, function (error, iconPath) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.sendFile(iconPath);
     });
@@ -121,9 +104,6 @@ function installApp(req, res, next) {
     if (('portBindings' in data) && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object'));
     if ('icon' in data && typeof data.icon !== 'string') return next(new HttpError(400, 'icon is not a string'));
 
-    if (data.backupId && typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string or null'));
-    if (data.backupFormat && typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string or null'));
-
     if ('label' in data && typeof data.label !== 'string') return next(new HttpError(400, 'label must be a string'));
 
     // falsy values in cert and key unset the cert
@@ -140,8 +120,6 @@ function installApp(req, res, next) {
 
     if (('debugMode' in data) && typeof data.debugMode !== 'object') return next(new HttpError(400, 'debugMode must be an object'));
 
-    if (data.robotsTxt && typeof data.robotsTxt !== 'string') return next(new HttpError(400, 'robotsTxt must be a string'));
-
     if ('alternateDomains' in data) {
         if (!Array.isArray(data.alternateDomains)) return next(new HttpError(400, 'alternateDomains must be an array'));
         if (data.alternateDomains.some(function (d) { return (typeof d.domain !== 'string' || typeof d.subdomain !== 'string'); })) return next(new HttpError(400, 'alternateDomains array must contain objects with domain and subdomain strings'));
@@ -157,7 +135,7 @@ function installApp(req, res, next) {
     debug('Installing app :%j', data);
 
     apps.install(data, req.user, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { id: result.id, taskId: result.taskId }));
     });
@@ -170,7 +148,7 @@ function setAccessRestriction(req, res, next) {
     if (typeof req.body.accessRestriction !== 'object') return next(new HttpError(400, 'accessRestriction must be an object'));
 
     apps.setAccessRestriction(req.params.id, req.body.accessRestriction, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -183,7 +161,7 @@ function setLabel(req, res, next) {
     if (typeof req.body.label !== 'string') return next(new HttpError(400, 'label must be a string'));
 
     apps.setLabel(req.params.id, req.body.label, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -197,7 +175,7 @@ function setTags(req, res, next) {
     if (req.body.tags.some((t) => typeof t !== 'string')) return next(new HttpError(400, 'tags array must contain strings'));
 
     apps.setTags(req.params.id, req.body.tags, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -210,7 +188,7 @@ function setIcon(req, res, next) {
     if (req.body.icon !== null && typeof req.body.icon !== 'string') return next(new HttpError(400, 'icon is null or a base-64 image string'));
 
     apps.setIcon(req.params.id, req.body.icon, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -223,7 +201,7 @@ function setMemoryLimit(req, res, next) {
     if (typeof req.body.memoryLimit !== 'number') return next(new HttpError(400, 'memoryLimit is not a number'));
 
     apps.setMemoryLimit(req.params.id, req.body.memoryLimit, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -236,7 +214,7 @@ function setAutomaticBackup(req, res, next) {
     if (typeof req.body.enable !== 'boolean') return next(new HttpError(400, 'enable must be a boolean'));
 
     apps.setAutomaticBackup(req.params.id, req.body.enable, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -249,20 +227,22 @@ function setAutomaticUpdate(req, res, next) {
     if (typeof req.body.enable !== 'boolean') return next(new HttpError(400, 'enable must be a boolean'));
 
     apps.setAutomaticUpdate(req.params.id, req.body.enable, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
 }
 
-function setRobotsTxt(req, res, next) {
+function setReverseProxyConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
     assert.strictEqual(typeof req.params.id, 'string');
 
     if (req.body.robotsTxt !== null && typeof req.body.robotsTxt !== 'string') return next(new HttpError(400, 'robotsTxt is not a string'));
 
-    apps.setRobotsTxt(req.params.id, req.body.robotsTxt, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+    if (req.body.csp !== null && typeof req.body.csp !== 'string') return next(new HttpError(400, 'csp is not a string'));
+
+    apps.setReverseProxyConfig(req.params.id, req.body, auditSource.fromRequest(req), function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -278,7 +258,7 @@ function setCertificate(req, res, next) {
     if (!req.body.cert && req.body.key) return next(new HttpError(400, 'cert must be provided'));
 
     apps.setCertificate(req.params.id, req.body, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -292,7 +272,7 @@ function setEnvironment(req, res, next) {
     if (Object.keys(req.body.env).some((key) => typeof req.body.env[key] !== 'string')) return next(new HttpError(400, 'env must contain values as strings'));
 
     apps.setEnvironment(req.params.id, req.body.env, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -305,7 +285,7 @@ function setDebugMode(req, res, next) {
     if (req.body.debugMode !== null && typeof req.body.debugMode !== 'object') return next(new HttpError(400, 'debugMode must be an object'));
 
     apps.setDebugMode(req.params.id, req.body.debugMode, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -316,9 +296,10 @@ function setMailbox(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
     if (req.body.mailboxName !== null && typeof req.body.mailboxName !== 'string') return next(new HttpError(400, 'mailboxName must be a string'));
+    if (typeof req.body.mailboxDomain !== 'string') return next(new HttpError(400, 'mailboxDomain must be a string'));
 
-    apps.setMailbox(req.params.id, req.body.mailboxName, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+    apps.setMailbox(req.params.id, req.body.mailboxName, req.body.mailboxDomain, auditSource.fromRequest(req), function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -328,8 +309,7 @@ function setLocation(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
     assert.strictEqual(typeof req.params.id, 'string');
 
-    if (!req.body.location) return next(new HttpError(400, 'location is required'));
-    if (typeof req.body.location !== 'string') return next(new HttpError(400, 'location must be string'));
+    if (typeof req.body.location !== 'string') return next(new HttpError(400, 'location must be string')); // location may be an empty string
     if (!req.body.domain) return next(new HttpError(400, 'domain is required'));
     if (typeof req.body.domain !== 'string') return next(new HttpError(400, 'domain must be string'));
 
@@ -343,7 +323,7 @@ function setLocation(req, res, next) {
     if ('overwriteDns' in req.body && typeof req.body.overwriteDns !== 'boolean') return next(new HttpError(400, 'overwriteDns must be boolean'));
 
     apps.setLocation(req.params.id, req.body, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -356,7 +336,7 @@ function setDataDir(req, res, next) {
     if (req.body.dataDir !== null && typeof req.body.dataDir !== 'string') return next(new HttpError(400, 'dataDir must be a string'));
 
     apps.setDataDir(req.params.id, req.body.dataDir, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -370,21 +350,12 @@ function repairApp(req, res, next) {
 
     const data = req.body;
 
-    if (data.backupId && typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string or null'));
-    if (data.backupFormat && typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string or null'));
-
-    if (data.location && typeof data.location !== 'string') return next(new HttpError(400, 'location is required'));
-    if (data.domain && typeof data.domain !== 'string') return next(new HttpError(400, 'domain is required'));
-
-    if ('alternateDomains' in data) {
-        if (!Array.isArray(data.alternateDomains)) return next(new HttpError(400, 'alternateDomains must be an array'));
-        if (data.alternateDomains.some(function (d) { return (typeof d.domain !== 'string' || typeof d.subdomain !== 'string'); })) return next(new HttpError(400, 'alternateDomains array must contain objects with domain and subdomain strings'));
+    if ('manifest' in data) {
+        if (!data.manifest || typeof data.manifest !== 'object') return next(new HttpError(400, 'backupId must be an object'));
     }
 
-    if ('overwriteDns' in req.body && typeof req.body.overwriteDns !== 'boolean') return next(new HttpError(400, 'overwriteDns must be boolean'));
-
     apps.repair(req.params.id, data, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -398,11 +369,43 @@ function restoreApp(req, res, next) {
 
     debug('Restore app id:%s', req.params.id);
 
-    if (!('backupId' in req.body)) return next(new HttpError(400, 'backupId is required'));
-    if (data.backupId !== null && typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string or null'));
+    if (!data.backupId || typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be non-empty string'));
 
-    apps.restore(req.params.id, data, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+    apps.restore(req.params.id, data.backupId, auditSource.fromRequest(req), function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(202, { taskId: result.taskId }));
+    });
+}
+
+function importApp(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+    assert.strictEqual(typeof req.params.id, 'string');
+
+    var data = req.body;
+
+    debug('Importing app id:%s', req.params.id);
+
+    if ('backupId' in data) { // if not provided, we import in-place
+        if (typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string'));
+        if (typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string'));
+
+        if ('backupConfig' in data && typeof data.backupConfig !== 'object') return next(new HttpError(400, 'backupConfig must be an object'));
+
+        const backupConfig = req.body.backupConfig;
+
+        if (req.body.backupConfig) {
+            if (typeof backupConfig.provider !== 'string') return next(new HttpError(400, 'provider is required'));
+            if ('key' in backupConfig && typeof backupConfig.key !== 'string') return next(new HttpError(400, 'key must be a string'));
+            if ('acceptSelfSignedCerts' in backupConfig && typeof backupConfig.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'format must be a boolean'));
+
+            // testing backup config can take sometime
+            req.clearTimeout();
+        }
+    }
+
+    apps.importApp(req.params.id, data, auditSource.fromRequest(req), function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -424,7 +427,7 @@ function cloneApp(req, res, next) {
     if ('overwriteDns' in req.body && typeof req.body.overwriteDns !== 'boolean') return next(new HttpError(400, 'overwriteDns must be boolean'));
 
     apps.clone(req.params.id, data, req.user, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { id: result.id, taskId: result.taskId }));
     });
@@ -436,7 +439,7 @@ function backupApp(req, res, next) {
     debug('Backup app id:%s', req.params.id);
 
     apps.backup(req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -448,7 +451,7 @@ function uninstallApp(req, res, next) {
     debug('Uninstalling app id:%s', req.params.id);
 
     apps.uninstall(req.params.id, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -460,7 +463,7 @@ function startApp(req, res, next) {
     debug('Start app id:%s', req.params.id);
 
     apps.start(req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -472,7 +475,19 @@ function stopApp(req, res, next) {
     debug('Stop app id:%s', req.params.id);
 
     apps.stop(req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(202, { taskId: result.taskId }));
+    });
+}
+
+function restartApp(req, res, next) {
+    assert.strictEqual(typeof req.params.id, 'string');
+
+    debug('Restart app id:%s', req.params.id);
+
+    apps.restart(req.params.id, function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -495,7 +510,7 @@ function updateApp(req, res, next) {
     debug('Update app id:%s to manifest:%j', req.params.id, data.manifest);
 
     apps.update(req.params.id, req.body, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -521,7 +536,7 @@ function getLogStream(req, res, next) {
     };
 
     apps.getLogs(req.params.id, options, function (error, logStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',
@@ -556,7 +571,7 @@ function getLogs(req, res, next) {
     };
 
     apps.getLogs(req.params.id, options, function (error, logStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -610,7 +625,7 @@ function exec(req, res, next) {
     var tty = req.query.tty === 'true' ? true : false;
 
     apps.exec(req.params.id, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         if (req.headers['upgrade'] !== 'tcp') return next(new HttpError(404, 'exec requires TCP upgrade'));
 
@@ -650,7 +665,7 @@ function execWebSocket(req, res, next) {
     var tty = req.query.tty === 'true' ? true : false;
 
     apps.exec(req.params.id, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         debug('Connected to terminal');
 
@@ -690,7 +705,7 @@ function listBackups(req, res, next) {
     if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
 
     apps.listBackups(page, perPage, req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { backups: result }));
     });
@@ -705,7 +720,7 @@ function uploadFile(req, res, next) {
     if (!req.files.file) return next(new HttpError(400, 'file must be provided as multipart'));
 
     apps.uploadFile(req.params.id, req.files.file.path, req.query.file, function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         debug('uploadFile: done');
 
@@ -721,7 +736,7 @@ function downloadFile(req, res, next) {
     if (typeof req.query.file !== 'string' || !req.query.file) return next(new HttpError(400, 'file query argument must be provided'));
 
     apps.downloadFile(req.params.id, req.query.file, function (error, stream, info) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         var headers = {
             'Content-Type': 'application/octet-stream',

src/routes/appstore.js

@@ -10,8 +10,8 @@ exports = module.exports = {
 };
 
 var appstore = require('../appstore.js'),
-    AppstoreError = appstore.AppstoreError,
     assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     custom = require('../custom.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
@@ -27,10 +27,7 @@ function isAppAllowed(appstoreId) {
 
 function getApps(req, res, next) {
     appstore.getApps(function (error, apps) {
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.LICENSE_ERROR) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         let filteredApps = apps.filter((app) => !custom.spec().appstore.blacklist.includes(app.id));
         if (custom.spec().appstore.whitelist) filteredApps = filteredApps.filter((app) => app.id in custom.spec().appstore.whitelist);
@@ -45,11 +42,7 @@ function getApp(req, res, next) {
     if (!isAppAllowed(req.params.appstoreId)) return next(new HttpError(405, 'feature disabled by admin'));
 
     appstore.getApp(req.params.appstoreId, function (error, app) {
-        if (error && error.reason === AppstoreError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.LICENSE_ERROR) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, app));
     });
@@ -62,11 +55,7 @@ function getAppVersion(req, res, next) {
     if (!isAppAllowed(req.params.appstoreId)) return next(new HttpError(405, 'feature disabled by admin'));
 
     appstore.getAppVersion(req.params.appstoreId, req.params.versionId, function (error, manifest) {
-        if (error && error.reason === AppstoreError.NOT_FOUND) return next(new HttpError(404, 'No such app or version'));
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.LICENSE_ERROR) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, manifest));
     });
@@ -81,11 +70,7 @@ function registerCloudron(req, res, next) {
     if (typeof req.body.signup !== 'boolean') return next(new HttpError(400, 'signup must be a boolean'));
 
     appstore.registerWithLoginCredentials(req.body, function (error) {
-        if (error && error.reason === AppstoreError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === AppstoreError.ACCESS_DENIED) return next(new HttpError(412, error.message));
-        if (error && error.reason === AppstoreError.ALREADY_REGISTERED) return next(new HttpError(422, error.message));
-        if (error && error.reason === AppstoreError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -95,10 +80,7 @@ function getSubscription(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
     appstore.getSubscription(function (error, result) {
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error && error.reason === AppstoreError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, result)); // { email, cloudronId, plan, cancel_at, status }
     });

src/routes/backups.js

@@ -9,7 +9,7 @@ exports = module.exports = {
 let auditSource = require('../auditsource.js'),
     backupdb = require('../backupdb.js'),
     backups = require('../backups.js'),
-    BackupsError = require('../backups.js').BackupsError,
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
@@ -21,8 +21,7 @@ function list(req, res, next) {
     if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
 
     backups.getByStatePaged(backupdb.BACKUP_STATE_NORMAL, page, perPage, function (error, result) {
-        if (error && error.reason === BackupsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { backups: result }));
     });
@@ -30,8 +29,7 @@ function list(req, res, next) {
 
 function startBackup(req, res, next) {
     backups.startBackupTask(auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === BackupsError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });
@@ -39,7 +37,7 @@ function startBackup(req, res, next) {
 
 function cleanup(req, res, next) {
     backups.startCleanupTask(auditSource.fromRequest(req), function (error, taskId) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });

src/routes/clients.js

@@ -12,8 +12,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     clients = require('../clients.js'),
-    ClientsError = clients.ClientsError,
     constants = require('../constants.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -29,9 +29,8 @@ function add(req, res, next) {
     if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));
 
     clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
-        if (error && error.reason === ClientsError.INVALID_SCOPE) return next(new HttpError(400, error.message));
-        if (error && error.reason === ClientsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(201, result));
     });
 }
@@ -40,8 +39,8 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.clientId, 'string');
 
     clients.get(req.params.clientId, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(200, result));
     });
 }
@@ -50,16 +49,14 @@ function del(req, res, next) {
     assert.strictEqual(typeof req.params.clientId, 'string');
 
     clients.get(req.params.clientId, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         // we do not allow to use the REST API to delete addon clients
         if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.'));
 
         clients.del(req.params.clientId, function (error, result) {
-            if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-            if (error && error.reason === ClientsError.NOT_ALLOWED) return next(new HttpError(405, error.message));
-            if (error) return next(new HttpError(500, error));
+            if (error) return next(BoxError.toHttpError(error));
+
             next(new HttpSuccess(204, result));
         });
     });
@@ -67,7 +64,8 @@ function del(req, res, next) {
 
 function getAll(req, res, next) {
     clients.getAll(function (error, result) {
-        if (error && error.reason !== ClientsError.NOT_FOUND) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(200, { clients: result }));
     });
 }
@@ -83,8 +81,8 @@ function addToken(req, res, next) {
     if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
 
     clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(201, { token: result }));
     });
 }
@@ -94,8 +92,7 @@ function getTokens(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         result = result.map(clients.removeTokenPrivateFields);
 
@@ -108,8 +105,8 @@ function delTokens(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(204));
     });
 }
@@ -120,9 +117,7 @@ function delToken(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     clients.delToken(req.params.clientId, req.params.tokenId, function (error) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === ClientsError.INVALID_TOKEN) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/routes/cloudron.js

@@ -5,6 +5,7 @@ exports = module.exports = {
     isRebootRequired: isRebootRequired,
     getConfig: getConfig,
     getDisks: getDisks,
+    getMemory: getMemory,
     getUpdateInfo: getUpdateInfo,
     update: update,
     checkForUpdates: checkForUpdates,
@@ -13,22 +14,23 @@ exports = module.exports = {
     setDashboardAndMailDomain: setDashboardAndMailDomain,
     prepareDashboardDomain: prepareDashboardDomain,
     renewCerts: renewCerts,
+    getServerIp: getServerIp,
     syncExternalLdap: syncExternalLdap
 };
 
 let assert = require('assert'),
     async = require('async'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     cloudron = require('../cloudron.js'),
-    CloudronError = cloudron.CloudronError,
     custom = require('../custom.js'),
-    disks = require('../disks.js'),
-    externalldap = require('../externalldap.js'),
+    externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
+    sysinfo = require('../sysinfo.js'),
+    system = require('../system.js'),
     updater = require('../updater.js'),
-    updateChecker = require('../updatechecker.js'),
-    UpdaterError = require('../updater.js').UpdaterError;
+    updateChecker = require('../updatechecker.js');
 
 function reboot(req, res, next) {
     // Finish the request, to let the appstore know we triggered the reboot
@@ -39,7 +41,7 @@ function reboot(req, res, next) {
 
 function isRebootRequired(req, res, next) {
     cloudron.isRebootRequired(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { rebootRequired: result }));
     });
@@ -47,15 +49,24 @@ function isRebootRequired(req, res, next) {
 
 function getConfig(req, res, next) {
     cloudron.getConfig(function (error, cloudronConfig) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, cloudronConfig));
     });
 }
 
 function getDisks(req, res, next) {
-    disks.getDisks(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+    system.getDisks(function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, result));
+    });
+}
+
+function getMemory(req, res, next) {
+    system.getMemory(function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(200, result));
     });
 }
@@ -65,8 +76,8 @@ function update(req, res, next) {
 
     // this only initiates the update, progress can be checked via the progress route
     updater.updateToLatest(req.body, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === UpdaterError.ALREADY_UPTODATE) return next(new HttpError(422, error.message));
-        if (error && error.reason === UpdaterError.BAD_STATE) return next(new HttpError(409, error.message));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(422, error.message));
+        if (error && error.reason === BoxError.BAD_STATE) return next(new HttpError(409, error.message));
         if (error) return next(new HttpError(500, error));
 
         next(new HttpSuccess(202, { taskId }));
@@ -102,8 +113,7 @@ function getLogs(req, res, next) {
     };
 
     cloudron.getLogs(req.params.unit, options, function (error, logStream) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, 'Invalid type'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -132,8 +142,7 @@ function getLogStream(req, res, next) {
     };
 
     cloudron.getLogs(req.params.unit, options, function (error, logStream) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, 'Invalid type'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',
@@ -159,8 +168,7 @@ function setDashboardAndMailDomain(req, res, next) {
     if (!custom.spec().domains.changeDashboardDomain) return next(new HttpError(405, 'feature disabled by admin'));
 
     cloudron.setDashboardAndMailDomain(req.body.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });
@@ -172,9 +180,7 @@ function prepareDashboardDomain(req, res, next) {
     if (!custom.spec().domains.changeDashboardDomain) return next(new HttpError(405, 'feature disabled by admin'));
 
     cloudron.prepareDashboardDomain(req.body.domain, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, error.message));
-        if (error && error.reason === CloudronError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });
@@ -182,17 +188,24 @@ function prepareDashboardDomain(req, res, next) {
 
 function renewCerts(req, res, next) {
     cloudron.renewCerts({ domain: req.body.domain || null }, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === CloudronError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });
 }
 
 function syncExternalLdap(req, res, next) {
-    externalldap.startSyncer(function (error, taskId) {
+    externalLdap.startSyncer(function (error, taskId) {
         if (error) return next(new HttpError(500, error.message));
 
         next(new HttpSuccess(202, { taskId: taskId }));
     });
 }
+
+function getServerIp(req, res, next) {
+    sysinfo.getServerIp(function (error, ip) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, { ip }));
+    });
+}

src/routes/domains.js

@@ -14,8 +14,8 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     domains = require('../domains.js'),
-    DomainsError = domains.DomainsError,
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
@@ -23,8 +23,7 @@ function verifyDomainLock(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     domains.get(req.params.domain, function (error, domain) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, 'No such domain'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         if (domain.locked) return next(new HttpError(423, 'This domain is locked'));
 
@@ -68,12 +67,9 @@ function add(req, res, next) {
     };
 
     domains.add(req.body.domain, data, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === DomainsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
-        next(new HttpSuccess(201, { domain: req.body.domain, config: req.body.config }));
+        next(new HttpSuccess(201, {}));
     });
 }
 
@@ -81,8 +77,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     domains.get(req.params.domain, function (error, result) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, domains.removePrivateFields(result)));
     });
@@ -134,10 +129,7 @@ function update(req, res, next) {
     };
 
     domains.update(req.params.domain, data, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });
@@ -147,9 +139,7 @@ function del(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     domains.del(req.params.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === DomainsError.IN_USE) return next(new HttpError(409, 'Domain is still in use. Remove all apps and mailboxes using this domain'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -164,10 +154,8 @@ function checkDnsRecords(req, res, next) {
     req.clearTimeout();
 
     domains.checkDnsRecords(req.query.subdomain, req.params.domain, function (error, result) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message)); // domain (and not record!) not found
-        if (error && error.reason === DomainsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error && error.reason === DomainsError.ACCESS_DENIED) return next(new HttpSuccess(200, { error: { reason: error.reason, message: error.message }}));
-        if (error) return next(new HttpError(500, error));
+        if (error && error.reason === BoxError.ACCESS_DENIED) return next(new HttpSuccess(200, { error: { reason: error.reason, message: error.message }}));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { needsOverwrite: result.needsOverwrite }));
     });

src/routes/eventlog.js

@@ -5,15 +5,14 @@ exports = module.exports = {
     list: list
 };
 
-var eventlog = require('../eventlog.js'),
-    EventLogError = eventlog.EventLogError,
+var BoxError = require('../boxerror.js'),
+    eventlog = require('../eventlog.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
 function get(req, res, next) {
     eventlog.get(req.params.eventId, function (error, result) {
-        if (error && error.reason === EventLogError.NOT_FOUND) return next(new HttpError(404, 'no such eventlog'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { event: result }));
     });
@@ -34,7 +33,7 @@ function list(req, res, next) {
     if (req.query.action) actions.push(req.query.action);
 
     eventlog.getAllPaged(actions, req.query.search || null, page, perPage, function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { eventlogs: result }));
     });

src/routes/groups.js

@@ -10,10 +10,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     groups = require('../groups.js'),
     HttpError = require('connect-lastmile').HttpError,
-    HttpSuccess = require('connect-lastmile').HttpSuccess,
-    GroupsError = groups.GroupsError;
+    HttpSuccess = require('connect-lastmile').HttpSuccess;
 
 function create(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
@@ -21,9 +21,7 @@ function create(req, res, next) {
     if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be string'));
 
     groups.create(req.body.name, function (error, group) {
-        if (error && error.reason === GroupsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === GroupsError.ALREADY_EXISTS) return next(new HttpError(409, 'Already exists'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         var groupInfo = {
             id: group.id,
@@ -38,8 +36,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.groupId, 'string');
 
     groups.getWithMembers(req.params.groupId, function (error, result) {
-        if (error && error.reason === GroupsError.NOT_FOUND) return next(new HttpError(404, 'No such group'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, result));
     });
@@ -52,8 +49,7 @@ function update(req, res, next) {
     if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
 
     groups.update(req.params.groupId, req.body, function (error) {
-        if (error && error.reason === GroupsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { }));
     });
@@ -66,8 +62,7 @@ function updateMembers(req, res, next) {
     if (!Array.isArray(req.body.userIds)) return next(new HttpError(404, 'userIds must be an array'));
 
     groups.setMembers(req.params.groupId, req.body.userIds, function (error) {
-        if (error && error.reason === GroupsError.NOT_FOUND) return next(new HttpError(404, 'Invalid group or user id'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { }));
     });
@@ -75,7 +70,7 @@ function updateMembers(req, res, next) {
 
 function list(req, res, next) {
     groups.getAll(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { groups: result }));
     });
@@ -85,9 +80,7 @@ function remove(req, res, next) {
     assert.strictEqual(typeof req.params.groupId, 'string');
 
     groups.remove(req.params.groupId, function (error) {
-        if (error && error.reason === GroupsError.NOT_FOUND) return next(new HttpError(404, 'Group not found'));
-        if (error && error.reason === GroupsError.NOT_ALLOWED) return next(new HttpError(409, 'Group deletion not allowed'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/routes/mail.js

@@ -36,8 +36,8 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     mail = require('../mail.js'),
-    MailError = mail.MailError,
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     middleware = require('../middleware/index.js'),
@@ -49,8 +49,7 @@ function getDomain(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     mail.getDomain(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, mail.removePrivateFields(result)));
     });
@@ -62,9 +61,7 @@ function addDomain(req, res, next) {
     if (typeof req.body.domain !== 'string') return next(new HttpError(400, 'domain must be a string'));
 
     mail.addDomain(req.body.domain, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, 'domain already exists'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { domain: req.body.domain }));
     });
@@ -92,9 +89,7 @@ function setDnsRecords(req, res, next) {
     req.clearTimeout();
 
     mail.setDnsRecords(req.params.domain, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201));
     });
@@ -104,9 +99,7 @@ function removeDomain(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     mail.removeDomain(req.params.domain, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.IN_USE) return next(new HttpError(409, 'Mail domain is still in use. Remove existing mailboxes'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -119,8 +112,7 @@ function getStatus(req, res, next) {
     req.clearTimeout();
 
     mail.getStatus(req.params.domain, function (error, records) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, records));
     });
@@ -133,9 +125,7 @@ function setMailFromValidation(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled is required'));
 
     mail.setMailFromValidation(req.params.domain, req.body.enabled, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -153,9 +143,7 @@ function setCatchAllAddress(req, res, next) {
     }
 
     mail.setCatchAllAddress(req.params.domain, req.body.addresses, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -173,9 +161,7 @@ function setMailRelay(req, res, next) {
     if ('acceptSelfSignedCerts' in req.body && typeof req.body.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'acceptSelfSignedCerts must be a boolean'));
 
     mail.setMailRelay(req.params.domain, req.body, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -188,9 +174,7 @@ function setMailEnabled(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled is required'));
 
     mail.setMailEnabled(req.params.domain, !!req.body.enabled, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -203,9 +187,7 @@ function sendTestMail(req, res, next) {
     if (!req.body.to || typeof req.body.to !== 'string') return next(new HttpError(400, 'to must be a non-empty string'));
 
     mail.sendTestMail(req.params.domain, req.body.to, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -214,9 +196,14 @@ function sendTestMail(req, res, next) {
 function listMailboxes(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
-    mail.listMailboxes(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+    var page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
+    if (!page || page < 0) return next(new HttpError(400, 'page query param has to be a postive number'));
+
+    var perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
+    if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
+
+    mail.listMailboxes(req.params.domain, page, perPage, function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { mailboxes: result }));
     });
@@ -227,8 +214,7 @@ function getMailbox(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.getMailbox(req.params.name, req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { mailbox: result }));
     });
@@ -241,10 +227,7 @@ function addMailbox(req, res, next) {
     if (typeof req.body.userId !== 'string') return next(new HttpError(400, 'userId must be a string'));
 
     mail.addMailbox(req.body.name, req.params.domain, req.body.userId, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -257,9 +240,7 @@ function updateMailbox(req, res, next) {
     if (typeof req.body.userId !== 'string') return next(new HttpError(400, 'userId must be a string'));
 
     mail.updateMailboxOwner(req.params.name, req.params.domain, req.body.userId, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -270,8 +251,7 @@ function removeMailbox(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.removeMailbox(req.params.name, req.params.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -280,9 +260,14 @@ function removeMailbox(req, res, next) {
 function listAliases(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
-    mail.listAliases(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+    var page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
+    if (!page || page < 0) return next(new HttpError(400, 'page query param has to be a postive number'));
+
+    var perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
+    if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
+
+    mail.listAliases(req.params.domain, page, perPage, function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { aliases: result }));
     });
@@ -293,8 +278,7 @@ function getAliases(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.getAliases(req.params.name, req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { aliases: result }));
     });
@@ -312,10 +296,7 @@ function setAliases(req, res, next) {
     }
 
     mail.setAliases(req.params.name, req.params.domain, req.body.aliases, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -325,8 +306,7 @@ function getLists(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     mail.getLists(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { lists: result }));
     });
@@ -337,8 +317,7 @@ function getList(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.getList(req.params.domain, req.params.name, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { list: result }));
     });
@@ -357,10 +336,7 @@ function addList(req, res, next) {
     }
 
     mail.addList(req.body.name, req.params.domain, req.body.members, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, 'list already exists'));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -378,9 +354,7 @@ function updateList(req, res, next) {
     }
 
     mail.updateList(req.params.name, req.params.domain, req.body.members, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -391,8 +365,7 @@ function removeList(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.removeList(req.params.name, req.params.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/routes/notifications.js

@@ -8,17 +8,16 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
-    notifications = require('../notifications.js'),
-    NotificationsError = notifications.NotificationsError;
+    notifications = require('../notifications.js');
 
 function verifyOwnership(req, res, next) {
     if (!req.params.notificationId) return next();  // skip for listing
 
     notifications.get(req.params.notificationId, function (error, result) {
-        if (error && error.reason === NotificationsError.NOT_FOUND) return next(new HttpError(404, 'No such notification'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         if (result.userId !== req.user.id) return next(new HttpError(403, 'User is not owner'));
 
@@ -46,7 +45,7 @@ function list(req, res, next) {
     else if (req.query.acknowledged) acknowledged = req.query.acknowledged === 'true' ? true : false;
 
     notifications.getAllPaged(req.user.id, acknowledged, page, perPage, function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { notifications: result }));
     });
@@ -56,8 +55,7 @@ function ack(req, res, next) {
     assert.strictEqual(typeof req.params.notificationId, 'string');
 
     notifications.ack(req.params.notificationId, function (error) {
-        if (error && error.reason === NotificationsError.NOT_FOUND) return next(new HttpError(404, 'No such notification'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });

src/routes/oauth2.js

@@ -21,11 +21,11 @@ exports = module.exports = {
 
 var apps = require('../apps.js'),
     assert = require('assert'),
+    async = require('async'),
     authcodedb = require('../authcodedb.js'),
+    BoxError = require('../boxerror.js'),
     clients = require('../clients'),
-    ClientsError = clients.ClientsError,
     constants = require('../constants.js'),
-    DatabaseError = require('../databaseerror.js'),
     debug = require('debug')('box:routes/oauth2'),
     eventlog = require('../eventlog.js'),
     hat = require('../hat.js'),
@@ -39,7 +39,6 @@ var apps = require('../apps.js'),
     speakeasy = require('speakeasy'),
     url = require('url'),
     users = require('../users.js'),
-    UsersError = users.UsersError,
     util = require('util'),
     _ = require('underscore');
 
@@ -89,7 +88,7 @@ function initialize() {
     // exchange authorization codes for access tokens. this is used by external oauth clients
     gServer.exchange(oauth2orize.exchange.code(function (client, code, redirectURI, callback) {
         authcodedb.get(code, function (error, authCode) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, false);
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
             if (error) return callback(error);
             if (client.id !== authCode.clientId) return callback(null, false);
 
@@ -255,7 +254,9 @@ function login(req, res) {
     var failureQuery = querystring.stringify({ error: 'Invalid username or password', returnTo: returnTo });
     passport.authenticate('local', {
         failureRedirect: '/api/v1/session/login?' + failureQuery
-    })(req, res, function () {
+    })(req, res, function (error) {
+        if (error) return res.redirect('/api/v1/session/login?' + failureQuery); // on some exception in the handlers
+
         if (!req.user.ghost && req.user.twoFactorAuthenticationEnabled) {
             if (!req.body.totpToken) {
                 let failureQuery = querystring.stringify({ error: 'A 2FA token is required', returnTo: returnTo });
@@ -275,10 +276,45 @@ function login(req, res) {
 
 // -> GET /api/v1/session/logout
 function logout(req, res) {
-    req.logout();
+    function done() {
+        req.logout();
 
-    if (req.query && req.query.redirect) res.redirect(req.query.redirect);
-    else res.redirect('/');
+        if (req.query && req.query.redirect) res.redirect(req.query.redirect);
+        else res.redirect('/');
+    }
+
+    if (!req.query.all) return done();
+
+    // find and destroy all login sessions by this user - this got rather complex quickly
+    req.sessionStore.list(function (error, result) {
+        if (error) {
+            console.error('Error listing sessions', error);
+            return done();
+        }
+
+        // WARNING fix this if we change the storage backend - Great stuff!
+        var sessionIds = result.map(function(s) { return s.replace('.json', ''); });
+
+        async.each(sessionIds, function (id, callback) {
+            req.sessionStore.get(id, function (error, result) {
+                if (error) {
+                    console.error(`Error getting session ${id}`, error);
+                    return callback();
+                }
+
+                // ignore empty or non passport sessions
+                if (!result || !result.passport || !result.passport.user) return callback();
+
+                // not this user
+                if (result.passport.user !== req.user.id) return callback();
+
+                req.sessionStore.destroy(id, function (error) {
+                    if (error) console.error(`Unable to destroy session ${id}`, error);
+                    callback();
+                });
+            });
+        }, done);
+    });
 }
 
 // Form to enter email address to send a password reset request mail
@@ -302,7 +338,7 @@ function passwordResetRequest(req, res, next) {
     debug('passwordResetRequest: email or username %s.', req.body.identifier);
 
     users.resetPasswordByIdentifier(req.body.identifier, function (error) {
-        if (error && error.reason !== UsersError.NOT_FOUND) {
+        if (error && error.reason !== BoxError.NOT_FOUND) {
             console.error(error);
             return sendErrorPageOrRedirect(req, res, 'User not found');
         }
@@ -356,9 +392,9 @@ function accountSetup(req, res, next) {
 
         var data = _.pick(req.body, 'username', 'displayName');
         users.update(userObject.id, data, auditSource(req), function (error) {
-            if (error && error.reason === UsersError.ALREADY_EXISTS) return renderAccountSetupSite(res, req, userObject, 'Username already exists');
-            if (error && error.reason === UsersError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
-            if (error && error.reason === UsersError.NOT_FOUND) return renderAccountSetupSite(res, req, userObject, 'No such user');
+            if (error && error.reason === BoxError.ALREADY_EXISTS) return renderAccountSetupSite(res, req, userObject, 'Username already exists');
+            if (error && error.reason === BoxError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
+            if (error && error.reason === BoxError.NOT_FOUND) return renderAccountSetupSite(res, req, userObject, 'No such user');
             if (error) return next(new HttpError(500, error));
 
             userObject.username = req.body.username;
@@ -366,7 +402,7 @@ function accountSetup(req, res, next) {
 
             // setPassword clears the resetToken
             users.setPassword(userObject.id, req.body.password, function (error) {
-                if (error && error.reason === UsersError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
+                if (error && error.reason === BoxError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
                 if (error) return next(new HttpError(500, error));
 
                 clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
@@ -414,7 +450,7 @@ function passwordReset(req, res, next) {
 
         // setPassword clears the resetToken
         users.setPassword(userObject.id, req.body.password, function (error) {
-            if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(406, error.message));
+            if (error && error.reason === BoxError.BAD_FIELD) return next(new HttpError(406, error.message));
             if (error) return next(new HttpError(500, error));
 
             clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
@@ -463,7 +499,7 @@ function authorization() {
             debug('authorization: client %s with callback to %s.', clientId, redirectURI);
 
             clients.get(clientId, function (error, client) {
-                if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
                 if (error) return callback(error);
 
                 // ignore the origin passed into form the client, but use the one from the clientdb

src/routes/profile.js

@@ -3,6 +3,9 @@
 exports = module.exports = {
     get: get,
     update: update,
+    getAvatar: getAvatar,
+    setAvatar: setAvatar,
+    clearAvatar: clearAvatar,
     changePassword: changePassword,
     setTwoFactorAuthenticationSecret: setTwoFactorAuthenticationSecret,
     enableTwoFactorAuthentication: enableTwoFactorAuthentication,
@@ -11,15 +14,22 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
+    fs = require('fs'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
+    path = require('path'),
+    paths = require('../paths.js'),
+    safe = require('safetydance'),
     users = require('../users.js'),
-    UsersError = users.UsersError,
+    settings = require('../settings.js'),
     _ = require('underscore');
 
 function get(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
+    const emailHash = require('crypto').createHash('md5').update(req.user.email).digest('hex');
+
     next(new HttpSuccess(200, {
         id: req.user.id,
         username: req.user.username,
@@ -28,7 +38,8 @@ function get(req, res, next) {
         displayName: req.user.displayName,
         twoFactorAuthenticationEnabled: req.user.twoFactorAuthenticationEnabled,
         admin: req.user.admin,
-        source: req.user.source
+        source: req.user.source,
+        avatarUrl: fs.existsSync(path.join(paths.PROFILE_ICONS_DIR, req.user.id)) ? `${settings.adminOrigin()}/api/v1/profile/avatar/${req.user.id}` : `https://www.gravatar.com/avatar/${emailHash}.jpg`
     }));
 }
 
@@ -43,15 +54,34 @@ function update(req, res, next) {
     var data = _.pick(req.body, 'email', 'fallbackEmail', 'displayName');
 
     users.update(req.user.id, data, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
 }
 
+function setAvatar(req, res, next) {
+    assert.strictEqual(typeof req.user, 'object');
+
+    if (!req.files.avatar) return next(new HttpError(400, 'avatar is missing'));
+
+    if (!safe.fs.renameSync(req.files.avatar.path, path.join(paths.PROFILE_ICONS_DIR, req.user.id))) return next(new HttpError(500, safe.error));
+
+    next(new HttpSuccess(202, {}));
+}
+
+function clearAvatar(req, res, next) {
+    assert.strictEqual(typeof req.user, 'object');
+
+    safe.fs.unlinkSync(path.join(paths.PROFILE_ICONS_DIR, req.user.id));
+
+    next(new HttpSuccess(202, {}));
+}
+
+function getAvatar(req, res) {
+    res.sendFile(path.join(paths.PROFILE_ICONS_DIR, req.params.identifier));
+}
+
 function changePassword(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
     assert.strictEqual(typeof req.user, 'object');
@@ -59,9 +89,7 @@ function changePassword(req, res, next) {
     if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string'));
 
     users.setPassword(req.user.id, req.body.newPassword, function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -71,8 +99,7 @@ function setTwoFactorAuthenticationSecret(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     users.setTwoFactorAuthenticationSecret(req.user.id, function (error, result) {
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is enabled, disable first'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { secret: result.secret, qrcode: result.qrcode }));
     });
@@ -85,10 +112,7 @@ function enableTwoFactorAuthentication(req, res, next) {
     if (!req.body.totpToken || typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a nonempty string'));
 
     users.enableTwoFactorAuthentication(req.user.id, req.body.totpToken, function (error) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error && error.reason === UsersError.BAD_TOKEN) return next(new HttpError(412, 'Invalid token'));
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is already enabled'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -98,7 +122,7 @@ function disableTwoFactorAuthentication(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     users.disableTwoFactorAuthentication(req.user.id, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });

src/routes/provision.js

@@ -9,26 +9,27 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    auditSource = require('../auditsource'),
+    appstore = require('../appstore.js'),
+    auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:routes/setup'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     provision = require('../provision.js'),
-    ProvisionError = require('../provision.js').ProvisionError,
-    sysinfo = require('../sysinfo.js'),
-    superagent = require('superagent');
+    request = require('request'),
+    settings = require('../settings.js');
 
 function providerTokenAuth(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (sysinfo.provider() === 'ami') {
+    if (settings.provider() === 'ami') {
         if (typeof req.body.providerToken !== 'string' || !req.body.providerToken) return next(new HttpError(400, 'providerToken must be a non empty string'));
 
-        superagent.get('http://169.254.169.254/latest/meta-data/instance-id').timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return next(new HttpError(500, error));
-            if (result.statusCode !== 200) return next(new HttpError(500, 'Unable to get meta data'));
+        request.get('http://169.254.169.254/latest/meta-data/instance-id', { timeout: 30 * 1000 }, function (error, result) {
+            if (error) return next(new HttpError(422, `Network error getting EC2 metadata: ${error.message}`));
+            if (result.statusCode !== 200) return next(new HttpError(422, `Unable to get EC2 meta data. statusCode: ${result.statusCode}`));
 
-            if (result.text !== req.body.providerToken) return next(new HttpError(401, 'Invalid providerToken'));
+            if (result.body !== req.body.providerToken) return next(new HttpError(422, 'Instance ID does not match'));
 
             next();
         });
@@ -53,18 +54,17 @@ function setup(req, res, next) {
     if ('tlsConfig' in dnsConfig && typeof dnsConfig.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be an object'));
     if (dnsConfig.tlsConfig && (!dnsConfig.tlsConfig.provider || typeof dnsConfig.tlsConfig.provider !== 'string')) return next(new HttpError(400, 'tlsConfig.provider must be a string'));
 
-    if ('backupConfig' in req.body && typeof req.body.backupConfig !== 'object') return next(new HttpError(400, 'backupConfig must be an object'));
+    if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));
 
     // it can take sometime to setup DNS, register cloudron
     req.clearTimeout();
 
-    provision.setup(dnsConfig, req.body.backupConfig || null, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === ProvisionError.ALREADY_SETUP) return next(new HttpError(409, error.message));
-        if (error && error.reason === ProvisionError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === ProvisionError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+    provision.setup(dnsConfig, req.body.sysinfoConfig || { provider: 'generic' }, auditSource.fromRequest(req), function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
+
+        appstore.trackFinishedSetup(dnsConfig.domain);
     });
 }
 
@@ -85,9 +85,7 @@ function activate(req, res, next) {
     debug('activate: username:%s ip:%s', username, ip);
 
     provision.activate(username, password, email, displayName, ip, auditSource.fromRequest(req), function (error, info) {
-        if (error && error.reason === ProvisionError.ALREADY_PROVISIONED) return next(new HttpError(409, 'Already setup'));
-        if (error && error.reason === ProvisionError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, info));
     });
@@ -107,12 +105,10 @@ function restore(req, res, next) {
     if (typeof req.body.backupId !== 'string') return next(new HttpError(400, 'backupId must be a string or null'));
     if (typeof req.body.version !== 'string') return next(new HttpError(400, 'version must be a string'));
 
-    provision.restore(backupConfig, req.body.backupId, req.body.version, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === ProvisionError.ALREADY_SETUP) return next(new HttpError(409, error.message));
-        if (error && error.reason === ProvisionError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === ProvisionError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error && error.reason === ProvisionError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+    if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));
+
+    provision.restore(backupConfig, req.body.backupId, req.body.version, req.body.sysinfoConfig || { provider: 'generic' }, auditSource.fromRequest(req), function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -120,8 +116,13 @@ function restore(req, res, next) {
 
 function getStatus(req, res, next) {
     provision.getStatus(function (error, status) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, status));
+
+        // check if Cloudron is not in setup state nor activated and let appstore know of the attempt
+        if (!status.activated && !status.setup.active && !status.restore.active) {
+            appstore.trackBeginSetup(status.provider);
+        }
     });
 }

src/routes/services.js

@@ -10,8 +10,8 @@ exports = module.exports = {
 };
 
 var addons = require('../addons.js'),
-    AddonsError = addons.AddonsError,
     assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:routes/addons'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
@@ -20,7 +20,7 @@ function getAll(req, res, next) {
     req.clearTimeout(); // can take a while to get status of all services
 
     addons.getServices(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { services: result }));
     });
@@ -30,8 +30,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.service, 'string');
 
     addons.getService(req.params.service, function (error, result) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { service: result }));
     });
@@ -48,8 +47,7 @@ function configure(req, res, next) {
     };
 
     addons.configureService(req.params.service, data, function (error) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -70,8 +68,7 @@ function getLogs(req, res, next) {
     };
 
     addons.getServiceLogs(req.params.service, options, function (error, logStream) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -103,8 +100,7 @@ function getLogStream(req, res, next) {
     };
 
     addons.getServiceLogs(req.params.service, options, function (error, logStream) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',
@@ -130,7 +126,7 @@ function restart(req, res, next) {
     debug(`Restarting service ${req.params.service}`);
 
     addons.restartService(req.params.service, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });

src/routes/settings.js

@@ -9,18 +9,18 @@ exports = module.exports = {
 
 var assert = require('assert'),
     backups = require('../backups.js'),
+    BoxError = require('../boxerror.js'),
     custom = require('../custom.js'),
     docker = require('../docker.js'),
-    BoxError = require('../boxerror.js'),
+    externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     safe = require('safetydance'),
-    settings = require('../settings.js'),
-    SettingsError = settings.SettingsError;
+    settings = require('../settings.js');
 
 function getAppAutoupdatePattern(req, res, next) {
     settings.getAppAutoupdatePattern(function (error, pattern) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { pattern: pattern }));
     });
@@ -32,8 +32,7 @@ function setAppAutoupdatePattern(req, res, next) {
     if (typeof req.body.pattern !== 'string') return next(new HttpError(400, 'pattern is required'));
 
     settings.setAppAutoupdatePattern(req.body.pattern, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -41,7 +40,7 @@ function setAppAutoupdatePattern(req, res, next) {
 
 function getBoxAutoupdatePattern(req, res, next) {
     settings.getBoxAutoupdatePattern(function (error, pattern) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { pattern: pattern }));
     });
@@ -53,8 +52,7 @@ function setBoxAutoupdatePattern(req, res, next) {
     if (typeof req.body.pattern !== 'string') return next(new HttpError(400, 'pattern is required'));
 
     settings.setBoxAutoupdatePattern(req.body.pattern, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -66,8 +64,7 @@ function setCloudronName(req, res, next) {
     if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name is required'));
 
     settings.setCloudronName(req.body.name, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -75,7 +72,7 @@ function setCloudronName(req, res, next) {
 
 function getCloudronName(req, res, next) {
     settings.getCloudronName(function (error, name) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { name: name }));
     });
@@ -83,7 +80,7 @@ function getCloudronName(req, res, next) {
 
 function getTimeZone(req, res, next) {
     settings.getTimeZone(function (error, tz) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { timeZone: tz }));
     });
@@ -95,8 +92,7 @@ function setTimeZone(req, res, next) {
     if (typeof req.body.timeZone !== 'string') return next(new HttpError(400, 'timeZone is required'));
 
     settings.setTimeZone(req.body.timeZone, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -109,7 +105,7 @@ function setCloudronAvatar(req, res, next) {
     var avatar = safe.fs.readFileSync(req.files.avatar.path);
 
     settings.setCloudronAvatar(avatar, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -117,7 +113,7 @@ function setCloudronAvatar(req, res, next) {
 
 function getCloudronAvatar(req, res, next) {
     settings.getCloudronAvatar(function (error, avatar) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         // avoid caching the avatar on the client to see avatar changes immediately
         res.set('Cache-Control', 'no-cache');
@@ -129,7 +125,7 @@ function getCloudronAvatar(req, res, next) {
 
 function getBackupConfig(req, res, next) {
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         // always send provider as it is used by the UI to figure if backups are disabled ('noop' backend)
         if (!custom.spec().backups.configurable) {
@@ -160,9 +156,7 @@ function setBackupConfig(req, res, next) {
     req.clearTimeout();
 
     settings.setBackupConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -170,7 +164,7 @@ function setBackupConfig(req, res, next) {
 
 function getPlatformConfig(req, res, next) {
     settings.getPlatformConfig(function (error, config) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, config));
     });
@@ -188,9 +182,7 @@ function setPlatformConfig(req, res, next) {
     }
 
     settings.setPlatformConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -198,26 +190,25 @@ function setPlatformConfig(req, res, next) {
 
 function getExternalLdapConfig(req, res, next) {
     settings.getExternalLdapConfig(function (error, config) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
-        next(new HttpSuccess(200, config));
+        next(new HttpSuccess(200, externalLdap.removePrivateFields(config)));
     });
 }
 
 function setExternalLdapConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled must be a boolean'));
-    if (typeof req.body.url !== 'string' || req.body.url === '') return next(new HttpError(400, 'url must be a non empty string'));
-    if (typeof req.body.baseDn !== 'string' || req.body.baseDn === '') return next(new HttpError(400, 'baseDn must be a non empty string'));
-    if (typeof req.body.filter !== 'string' || req.body.filter === '') return next(new HttpError(400, 'filter must be a non empty string'));
-    if ('bindDn' in req.body && (typeof req.body.bindDn !== 'string' || req.body.bindDn === '')) return next(new HttpError(400, 'bindDn must be a non empty string'));
+    if (!req.body.provider || typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be a string'));
+    if ('url' in req.body && typeof req.body.url !== 'string') return next(new HttpError(400, 'url must be a string'));
+    if ('baseDn' in req.body && typeof req.body.baseDn !== 'string') return next(new HttpError(400, 'baseDn must be a string'));
+    if ('usernameField' in req.body && typeof req.body.usernameField !== 'string') return next(new HttpError(400, 'usernameField must be a string'));
+    if ('filter' in req.body && typeof req.body.filter !== 'string') return next(new HttpError(400, 'filter must be a string'));
+    if ('bindDn' in req.body && typeof req.body.bindDn !== 'string') return next(new HttpError(400, 'bindDn must be a non empty string'));
     if ('bindPassword' in req.body && typeof req.body.bindPassword !== 'string') return next(new HttpError(400, 'bindPassword must be a string'));
 
     settings.setExternalLdapConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -225,7 +216,7 @@ function setExternalLdapConfig(req, res, next) {
 
 function getDynamicDnsConfig(req, res, next) {
     settings.getDynamicDnsConfig(function (error, enabled) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { enabled: enabled }));
     });
@@ -239,8 +230,7 @@ function setDynamicDnsConfig(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled boolean is required'));
 
     settings.setDynamicDnsConfig(req.body.enabled, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -248,7 +238,7 @@ function setDynamicDnsConfig(req, res, next) {
 
 function getUnstableAppsConfig(req, res, next) {
     settings.getUnstableAppsConfig(function (error, enabled) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { enabled: enabled }));
     });
@@ -260,28 +250,55 @@ function setUnstableAppsConfig(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled boolean is required'));
 
     settings.setUnstableAppsConfig(req.body.enabled, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
 }
 
+function getRegistryConfig(req, res, next) {
+    settings.getRegistryConfig(function (error, registryConfig) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, docker.removePrivateFields(registryConfig)));
+    });
+}
+
 function setRegistryConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (typeof req.body.serveraddress !== 'string') return next(new HttpError(400, 'serveraddress is required'));
+    if (typeof req.body.serverAddress !== 'string') return next(new HttpError(400, 'serverAddress is required'));
     if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username is required'));
+    if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email is required'));
     if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password is required'));
 
-    docker.setRegistryConfig(req.body, function (error) {
-        if (error && error.reason === BoxError.ACCESS_DENIED) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+    settings.setRegistryConfig(req.body, function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200));
     });
 }
 
+function getSysinfoConfig(req, res, next) {
+    settings.getSysinfoConfig(function (error, sysinfoConfig) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, sysinfoConfig));
+    });
+}
+
+function setSysinfoConfig(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (!req.body.provider || typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider is required'));
+
+    settings.setSysinfoConfig(req.body, function (error) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, {}));
+    });
+}
+
 function get(req, res, next) {
     assert.strictEqual(typeof req.params.setting, 'string');
 
@@ -291,6 +308,8 @@ function get(req, res, next) {
     case settings.PLATFORM_CONFIG_KEY: return getPlatformConfig(req, res, next);
     case settings.EXTERNAL_LDAP_KEY: return getExternalLdapConfig(req, res, next);
     case settings.UNSTABLE_APPS_KEY: return getUnstableAppsConfig(req, res, next);
+    case settings.REGISTRY_CONFIG_KEY: return getRegistryConfig(req, res, next);
+    case settings.SYSINFO_CONFIG_KEY: return getSysinfoConfig(req, res, next);
 
     case settings.APP_AUTOUPDATE_PATTERN_KEY: return getAppAutoupdatePattern(req, res, next);
     case settings.BOX_AUTOUPDATE_PATTERN_KEY: return getBoxAutoupdatePattern(req, res, next);
@@ -312,6 +331,8 @@ function set(req, res, next) {
     case settings.PLATFORM_CONFIG_KEY: return setPlatformConfig(req, res, next);
     case settings.EXTERNAL_LDAP_KEY: return setExternalLdapConfig(req, res, next);
     case settings.UNSTABLE_APPS_KEY: return setUnstableAppsConfig(req, res, next);
+    case settings.REGISTRY_CONFIG_KEY: return setRegistryConfig(req, res, next);
+    case settings.SYSINFO_CONFIG_KEY: return setSysinfoConfig(req, res, next);
 
     case settings.APP_AUTOUPDATE_PATTERN_KEY: return setAppAutoupdatePattern(req, res, next);
     case settings.BOX_AUTOUPDATE_PATTERN_KEY: return setBoxAutoupdatePattern(req, res, next);

src/routes/support.js

@@ -9,6 +9,7 @@ exports = module.exports = {
 
 var appstore = require('../appstore.js'),
     assert = require('assert'),
+    auditSource = require('../auditsource.js'),
     custom = require('../custom.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -20,15 +21,16 @@ function createTicket(req, res, next) {
 
     if (!custom.spec().support.submitTickets) return next(new HttpError(405, 'feature disabled by admin'));
 
-    const VALID_TYPES = [ 'feedback', 'ticket', 'app_missing', 'app_error', 'upgrade_request' ];
+    const VALID_TYPES = [ 'feedback', 'ticket', 'app_missing', 'app_error', 'upgrade_request', 'email_error' ];
 
     if (typeof req.body.type !== 'string' || !req.body.type) return next(new HttpError(400, 'type must be string'));
     if (VALID_TYPES.indexOf(req.body.type) === -1) return next(new HttpError(400, 'unknown type'));
     if (typeof req.body.subject !== 'string' || !req.body.subject) return next(new HttpError(400, 'subject must be string'));
     if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));
     if (req.body.appId && typeof req.body.appId !== 'string') return next(new HttpError(400, 'appId must be string'));
+    if (req.body.altEmail && typeof req.body.altEmail !== 'string') return next(new HttpError(400, 'altEmail must be string'));
 
-    appstore.createTicket(_.extend({ }, req.body, { email: req.user.email, displayName: req.user.displayName }), function (error) {
+    appstore.createTicket(_.extend({ }, req.body, { email: req.user.email, displayName: req.user.displayName }), auditSource.fromRequest(req), function (error) {
         if (error) return next(new HttpError(503, `Error contacting cloudron.io: ${error.message}. Please email ${custom.spec().support.email}`));
 
         next(new HttpSuccess(201, { message: `An email for sent to ${custom.spec().support.email}. We will get back shortly!` }));
@@ -42,8 +44,8 @@ function enableRemoteSupport(req, res, next) {
 
     if (typeof req.body.enable !== 'boolean') return next(new HttpError(400, 'enabled is required'));
 
-    support.enableRemoteSupport(req.body.enable, function (error) {
-        if (error) return next(new HttpError(500, error));
+    support.enableRemoteSupport(req.body.enable, auditSource.fromRequest(req), function (error) {
+        if (error) return next(new HttpError(503, 'Error enabling remote support. Try running "cloudron-support --enable-ssh" on the server'));
 
         next(new HttpSuccess(202, {}));
     });

src/routes/tasks.js

@@ -10,18 +10,16 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
-    TaskError = require('../tasks.js').TaskError,
     tasks = require('../tasks.js');
 
 function stopTask(req, res, next) {
     assert.strictEqual(typeof req.params.taskId, 'string');
 
     tasks.stopTask(req.params.taskId, function (error) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error && error.reason === TaskError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });
@@ -31,8 +29,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.taskId, 'string');
 
     tasks.get(req.params.taskId, function (error, task) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, tasks.removePrivateFields(task)));
     });
@@ -48,7 +45,7 @@ function list(req, res, next) {
     if (req.query.type && typeof req.query.type !== 'string') return next(new HttpError(400, 'type must be a string'));
 
     tasks.listByTypePaged(req.query.type || null, page, perPage, function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         result = result.map(tasks.removePrivateFields);
 
@@ -69,8 +66,7 @@ function getLogs(req, res, next) {
     };
 
     tasks.getLogs(req.params.taskId, options, function (error, logStream) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -100,8 +96,7 @@ function getLogStream(req, res, next) {
     };
 
     tasks.getLogs(req.params.taskId, options, function (error, logStream) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',

src/routes/test/apps-test.js

@@ -11,7 +11,7 @@ let apps = require('../../apps.js'),
     constants = require('../../constants.js'),
     crypto = require('crypto'),
     database = require('../../database.js'),
-    docker = require('../../docker.js').connection,
+    Docker = require('dockerode'),
     expect = require('expect.js'),
     fs = require('fs'),
     hat = require('../../hat.js'),
@@ -33,6 +33,8 @@ let apps = require('../../apps.js'),
 
 var SERVER_URL = 'http://localhost:' + constants.PORT;
 
+const docker = new Docker({ socketPath: '/var/run/docker.sock' });
+
 // Test image information
 var TEST_IMAGE_REPO = 'cloudron/test';
 var TEST_IMAGE_TAG = '25.19.0';
@@ -211,7 +213,7 @@ function startBox(done) {
                     token_1 = hat(8 * 32);
 
                     // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                    tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: 'cid-sdk', expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback); // cid-sdk means we don't need to send password
+                    tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: clients.ID_SDK, expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback);
                 });
         },
 
@@ -432,7 +434,7 @@ describe('App API', function () {
                 .query({ access_token: token })
                 .send({ appStoreId: APP_STORE_ID, location: APP_LOCATION, domain: DOMAIN_0.domain, portBindings: null, accessRestriction: null })
                 .end(function (err, res) {
-                    expect(res.statusCode).to.equal(424);
+                    expect(res.statusCode).to.equal(402);
                     expect(fake1.isDone()).to.be.ok();
                     done();
                 });
@@ -480,6 +482,7 @@ describe('App API', function () {
                     expect(res.body.id).to.eql(APP_ID);
                     expect(res.body.installationState).to.be.ok();
                     expect(res.body.mailboxName).to.be(APP_LOCATION + '.app');
+                    expect(res.body.mailboxDomain).to.be(DOMAIN_0.domain);
                     done();
                 });
         });
@@ -1040,18 +1043,9 @@ describe('App API', function () {
         });
     });
 
-    describe('configure robotsTxt', function () {
-        it('fails with missing robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
-                .query({ access_token: token })
-                .end(function (err, res) {
-                    expect(res.statusCode).to.equal(400);
-                    done();
-                });
-        });
-
+    describe('configure reverseProxy - robotsTxt', function () {
         it('fails with bad robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
                 .query({ access_token: token })
                 .send({ robotsTxt: 34 })
                 .end(function (err, res) {
@@ -1061,9 +1055,9 @@ describe('App API', function () {
         });
 
         it('can set robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
                 .query({ access_token: token })
-                .send({ robotsTxt: 'any string is good' })
+                .send({ robotsTxt: 'any string is good', csp: null })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(200);
                     done();
@@ -1071,9 +1065,39 @@ describe('App API', function () {
         });
 
         it('can reset robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
                 .query({ access_token: token })
-                .send({ robotsTxt: null })
+                .send({ robotsTxt: null, csp: null })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(200);
+                    done();
+                });
+        });
+
+        it('fails with bad csp', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
+                .query({ access_token: token })
+                .send({ robotsTxt: null, csp: 34 })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(400);
+                    done();
+                });
+        });
+
+        it('can set frame-ancestors', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
+                .query({ access_token: token })
+                .send({ robotsTxt: null, csp: 'frame-ancestors \'self\'' })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(200);
+                    done();
+                });
+        });
+
+        it('can reset frame-ancestors', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
+                .query({ access_token: token })
+                .send({ robotsTxt: null, csp: null })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(200);
                     done();
@@ -1132,6 +1156,7 @@ describe('App API', function () {
                 if (error) return done(error);
 
                 expect(app.mailboxName).to.be(APP_LOCATION_NEW + '.app'); // must follow location change
+                expect(app.mailboxDomain).to.be(DOMAIN_0.domain);
 
                 docker.getContainer(app.containerId).inspect(function (error, data) {
                     expect(error).to.not.be.ok();
@@ -1343,7 +1368,7 @@ describe('App API', function () {
         it('can set mailbox', function (done) {
             superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/mailbox')
                 .query({ access_token: token })
-                .send({ mailboxName: 'genos' })
+                .send({ mailboxName: 'genos', mailboxDomain: DOMAIN_0.domain })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(202);
                     taskId = res.body.taskId;
@@ -1371,7 +1396,7 @@ describe('App API', function () {
         it('can reset mailbox', function (done) {
             superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/mailbox')
                 .query({ access_token: token })
-                .send({ mailboxName: null })
+                .send({ mailboxName: null, mailboxDomain: DOMAIN_0.domain })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(202);
                     taskId = res.body.taskId;
@@ -1545,6 +1570,34 @@ describe('App API', function () {
                     });
             });
         });
+
+        it('can restart app', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/restart')
+                .query({ access_token: token })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(202);
+                    taskId = res.body.taskId;
+                    done();
+                });
+        });
+
+        it('wait for app to restart', function (done) {
+            waitForTask(taskId, function () { setTimeout(done, 12000); }); // give app 12 seconds (to die and start)
+        });
+
+        it('did restart the app', function (done) {
+            apps.get(APP_ID, function (error, app) {
+                if (error) return done(error);
+
+                superagent.get('http://localhost:' + app.httpPort + APP_MANIFEST.healthCheckPath)
+                    .end(function (err, res) {
+                        if (res && res.statusCode === 200) return done();
+                        done(new Error('app is not running'));
+                    });
+            });
+        });
+
+
     });
 
     describe('uninstall', function () {

src/routes/test/appstore-test.js

@@ -63,7 +63,7 @@ describe('Appstore Apps API', function () {
         superagent.get(SERVER_URL + '/api/v1/appstore/apps')
             .query({ access_token: token })
             .end(function (error, result) {
-                expect(result.statusCode).to.equal(412); // not registered yet
+                expect(result.statusCode).to.equal(402); // not registered yet; invalid credentials
                 done();
             });
     });
@@ -72,7 +72,7 @@ describe('Appstore Apps API', function () {
         superagent.get(SERVER_URL + '/api/v1/appstore/apps/org.wordpress.cloudronapp')
             .query({ access_token: token })
             .end(function (error, result) {
-                expect(result.statusCode).to.equal(412); // not registered yet
+                expect(result.statusCode).to.equal(402); // not registered yet; invalid credentials
                 done();
             });
     });
@@ -99,7 +99,7 @@ describe('Appstore Apps API', function () {
 
     it('can list apps', function (done) {
         var scope1 = nock(settings.apiServerOrigin())
-            .get(`/api/v1/apps?accessToken=CLOUDRON_TOKEN&boxVersion=${constants.VERSION}&unstable=false`, () => true)
+            .get(`/api/v1/apps?accessToken=CLOUDRON_TOKEN&boxVersion=${constants.VERSION}&unstable=true`, () => true)
             .reply(200, { apps: [] });
 
         superagent.get(SERVER_URL + '/api/v1/appstore/apps')
@@ -170,7 +170,7 @@ describe('Subscription API - no signup', function () {
             .send({ email: 'test@cloudron.io', password: 'secret', signup: false })
             .query({ access_token: token })
             .end(function (error, result) {
-                expect(result.statusCode).to.equal(422);
+                expect(result.statusCode).to.equal(409);
                 done();
             });
     });