Better progress message

https://github.com/haraka/Haraka/issues/2732

CHANGES

@@ -1693,3 +1693,29 @@
 [4.2.6]
 * Fix configuration of empty app location (subdomain)
 
+[4.2.7]
+* Fix issue where the icon for normal users was displayed incorrectly
+* Kill stuck backup processes after 12 hours and notify admins
+* Reconfigure email apps when mail domain is added/removed
+* Fix crash when only udp ports are defined
+
+[4.3.0]
+* Add timeout to kill long running tasks in case they get stuck
+* email: Auto-subscribe to Spam folder
+* Allow setting a custom CSP policy
+* ticket: when email is down, add a field to provide alternate contact email
+* Re-work app import flow
+* Add pagination and search to mailbox and mail alias listing
+* Add UI and workflow to add a private registry
+* Show external LDAP connector
+* Network view: Allow IP address detection to be configurable
+* Add support for custom docker registry
+* Resolve any lists and aliases in a mailing list
+* Rename Accounts view to Profile
+* Add search for groups and user association UI
+
+[4.3.1]
+* Make logout from all button logout from all sessions
+* List unstable apps by default
+* Fix crash when listing mailboxes
+

migrations/20191014002401-apps-add-reverseProxyConfigJson.js

@@ -0,0 +1,30 @@
+'use strict';
+
+var async = require('async');
+
+exports.up = function(db, callback) {
+    db.runSql('ALTER TABLE apps ADD COLUMN reverseProxyConfigJson TEXT', function (error) {
+        if (error) return callback(error);
+
+        db.all('SELECT id, robotsTxt FROM apps', function (error, apps) {
+            if (error) return callback(error);
+
+            async.eachSeries(apps, function (app, iteratorDone) {
+                if (!app.robotsTxt) return iteratorDone();
+
+                db.runSql('UPDATE apps SET reverseProxyConfigJson=? WHERE id=?', [ JSON.stringify({ robotsTxt: JSON.stringify(app.robotsTxt) }), app.id ], iteratorDone);
+            }, function (error) {
+                if (error) return callback(error);
+
+                db.runSql('ALTER TABLE apps DROP COLUMN robotsTxt', callback);
+            });
+        });
+    });
+};
+
+exports.down = function(db, callback) {
+    async.series([
+        db.runSql.bind(db, 'ALTER TABLE apps DROP COLUMN reverseProxyConfigJson'),
+    ], callback);
+};
+

migrations/20191029223928-settings-default-sysinfo.js

@@ -0,0 +1,13 @@
+'use strict';
+
+var fs = require('fs');
+
+exports.up = function(db, callback) {
+    let sysinfoConfig = { provider: 'generic' };
+
+    db.runSql('REPLACE INTO settings (name, value) VALUES(?, ?)', [ 'sysinfo_config', JSON.stringify(sysinfoConfig) ], callback);
+};
+
+exports.down = function(db, callback) {
+    callback();
+};

migrations/schema.sql

@@ -81,7 +81,7 @@ CREATE TABLE IF NOT EXISTS apps(
     xFrameOptions VARCHAR(512),
     sso BOOLEAN DEFAULT 1, // whether user chose to enable SSO
     debugModeJson TEXT, // options for development mode
-    robotsTxt TEXT,
+    reverseProxyConfigJson TEXT, // { robotsTxt, csp }
     enableBackup BOOLEAN DEFAULT 1, // misnomer: controls automatic daily backups
     enableAutomaticUpdate BOOLEAN DEFAULT 1,
     mailboxName VARCHAR(128), // mailbox of this app. default allocated as '.app'

src/accesscontrol.js

@@ -27,11 +27,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    DatabaseError = require('./databaseerror.js'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:accesscontrol'),
     tokendb = require('./tokendb.js'),
     users = require('./users.js'),
-    UsersError = users.UsersError,
     _ = require('underscore');
 
 // returns scopes that does not have wildcards and is sorted
@@ -78,13 +77,12 @@ function intersectScopes(allowedScopes, wantedScopes) {
 function validateScopeString(scope) {
     assert.strictEqual(typeof scope, 'string');
 
-    if (scope === '') return new Error('Empty scope not allowed');
+    if (scope === '') return new BoxError(BoxError.BAD_FIELD, 'Empty scope not allowed', { field: 'scope' });
 
     // NOTE: this function intentionally does not allow '*'. This is only allowed in the db to allow
     // us not write a migration script every time we add a new scope
     var allValid = scope.split(',').every(function (s) { return exports.VALID_SCOPES.indexOf(s.split(':')[0]) !== -1; });
-    if (!allValid) return new Error('Invalid scope. Available scopes are ' + exports.VALID_SCOPES.join(', '));
-
+    if (!allValid) return new BoxError(BoxError.BAD_FIELD, 'Invalid scope. Available scopes are ' + exports.VALID_SCOPES.join(', '), { field: 'scope' });
     return null;
 }
 
@@ -101,7 +99,7 @@ function hasScopes(authorizedScopes, requiredScopes) {
         // this allows apps:write if the token has a higher apps scope
         if (authorizedScopes.indexOf(requiredScopes[i]) === -1 && authorizedScopes.indexOf(scopeParts[0]) === -1) {
             debug('scope: missing scope "%s".', requiredScopes[i]);
-            return new Error('Missing required scope "' + requiredScopes[i] + '"');
+            return new BoxError(BoxError.NOT_FOUND, 'Missing required scope "' + requiredScopes[i] + '"');
         }
     }
 
@@ -122,11 +120,11 @@ function validateToken(accessToken, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tokendb.getByAccessToken(accessToken, function (error, token) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
         if (error) return callback(error); // this triggers 'internal error' in passport
 
         users.get(token.identifier, function (error, user) {
-            if (error && error.reason === UsersError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
             if (error) return callback(error);
 
             if (!user.active) return callback(null, null /* user */, 'Invalid Token'); // will end up as a 401
@@ -134,11 +132,8 @@ function validateToken(accessToken, callback) {
             scopesForUser(user, function (error, userScopes) {
                 if (error) return callback(error);
 
-                var authorizedScopes = intersectScopes(userScopes, token.scope.split(','));
-                const skipPasswordVerification = token.clientId === 'cid-sdk' || token.clientId === 'cid-cli'; // these clients do not require password checks unlike UI
-                var info = { authorizedScopes: authorizedScopes, skipPasswordVerification: skipPasswordVerification }; // ends up in req.authInfo
-
-                callback(null, user, info);
+                const authorizedScopes = intersectScopes(userScopes, token.scope.split(','));
+                callback(null, user, { authorizedScopes }); // ends up in req.authInfo
             });
         });
     });

src/addons.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    AddonsError: AddonsError,
-
     getServices: getServices,
     getService: getService,
     configureService: configureService,
@@ -39,9 +37,7 @@ var accesscontrol = require('./accesscontrol.js'),
     BoxError = require('./boxerror.js'),
     clients = require('./clients.js'),
     constants = require('./constants.js'),
-    ClientsError = clients.ClientsError,
     crypto = require('crypto'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:addons'),
     docker = require('./docker.js'),
     dockerConnection = docker.connection,
@@ -65,31 +61,6 @@ var accesscontrol = require('./accesscontrol.js'),
     request = require('request'),
     util = require('util');
 
-// http://dustinsenos.com/articles/customErrorsInNode
-// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
-function AddonsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(AddonsError, Error);
-AddonsError.INTERNAL_ERROR = 'Internal Error';
-AddonsError.NOT_FOUND = 'Not Found';
-AddonsError.NOT_ACTIVE = 'Not Active';
-
 const NOOP = function (app, options, callback) { return callback(); };
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 const RMADDONDIR_CMD = path.join(__dirname, 'scripts/rmaddondir.sh');
@@ -268,14 +239,14 @@ function restartContainer(serviceName, callback) {
     assert(KNOWN_SERVICES[serviceName], `Unknown service ${serviceName}`);
 
     docker.stopContainer(serviceName, function (error) {
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         docker.startContainer(serviceName, function (error) {
             if (error && error.reason === BoxError.NOT_FOUND) {
                 callback(null); // callback early since rebuilding takes long
                 return rebuildService(serviceName, function (error) { if (error) console.error(`Unable to rebuild service ${serviceName}`, error); });
             }
-            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null);
         });
@@ -306,19 +277,18 @@ function getServiceDetails(containerName, tokenEnvName, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     docker.inspect(containerName, function (error, result) {
-        if (error && error.reason === BoxError.NOT_FOUND) return callback(new AddonsError(AddonsError.NOT_ACTIVE, error));
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         const ip = safe.query(result, 'NetworkSettings.Networks.cloudron.IPAddress', null);
-        if (!ip) return callback(new AddonsError(AddonsError.NOT_ACTIVE, `Error getting ${containerName} container ip`));
+        if (!ip) return callback(new BoxError(BoxError.INACTIVE, `Error getting ${containerName} container ip`));
 
         // extract the cloudron token for auth
         const env = safe.query(result, 'Config.Env', null);
-        if (!env) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} env`));
+        if (!env) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting ${containerName} env`));
         const tmp = env.find(function (e) { return e.indexOf(tokenEnvName) === 0; });
-        if (!tmp) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} cloudron token env var`));
+        if (!tmp) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting ${containerName} cloudron token env var`));
         const token = tmp.slice(tokenEnvName.length + 1); // +1 for the = sign
-        if (!token)  return callback(new AddonsError(AddonsError.INTERNAL_ERROR, `Error getting ${containerName} cloudron token`));
+        if (!token)  return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting ${containerName} cloudron token`));
 
         callback(null, { ip: ip, token: token, state: result.State });
     });
@@ -330,7 +300,7 @@ function containerStatus(addonName, addonTokenName, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     getServiceDetails(addonName, addonTokenName, function (error, addonDetails) {
-        if (error && error.reason === AddonsError.NOT_ACTIVE) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
         if (error) return callback(error);
 
         request.get(`https://${addonDetails.ip}:3000/healthcheck?access_token=${addonDetails.token}`, { json: true, rejectUnauthorized: false }, function (error, response) {
@@ -338,7 +308,7 @@ function containerStatus(addonName, addonTokenName, callback) {
             if (response.statusCode !== 200 || !response.body.status) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for ${addonName}. Status code: ${response.statusCode} message: ${response.body.message}` });
 
             docker.memoryUsage(addonName, function (error, result) {
-                if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 var tmp = {
                     status: addonDetails.state.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -364,7 +334,7 @@ function getService(serviceName, callback) {
     assert.strictEqual(typeof serviceName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     var tmp = {
         name: serviceName,
@@ -377,7 +347,7 @@ function getService(serviceName, callback) {
     };
 
     settings.getPlatformConfig(function (error, platformConfig) {
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (platformConfig[serviceName] && platformConfig[serviceName].memory && platformConfig[serviceName].memorySwap) {
             tmp.config.memory = platformConfig[serviceName].memory;
@@ -405,10 +375,10 @@ function configureService(serviceName, data, callback) {
     assert.strictEqual(typeof data, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     settings.getPlatformConfig(function (error, platformConfig) {
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (!platformConfig[serviceName]) platformConfig[serviceName] = {};
 
@@ -421,7 +391,7 @@ function configureService(serviceName, data, callback) {
         }
 
         settings.setPlatformConfig(platformConfig, function (error) {
-            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null);
         });
@@ -437,7 +407,7 @@ function getServiceLogs(serviceName, options, callback) {
     assert.strictEqual(typeof options.format, 'string');
     assert.strictEqual(typeof options.follow, 'boolean');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     debug(`Getting logs for ${serviceName}`);
 
@@ -496,7 +466,7 @@ function restartService(serviceName, callback) {
     assert.strictEqual(typeof serviceName, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!KNOWN_SERVICES[serviceName]) return callback(new AddonsError(AddonsError.NOT_FOUND));
+    if (!KNOWN_SERVICES[serviceName]) return callback(new BoxError(BoxError.NOT_FOUND));
 
     KNOWN_SERVICES[serviceName].restart(callback);
 }
@@ -816,7 +786,7 @@ function setupOauth(app, options, callback) {
     var scope = accesscontrol.SCOPE_PROFILE;
 
     clients.delByAppIdAndType(appId, clients.TYPE_OAUTH, function (error) { // remove existing creds
-        if (error && error.reason !== ClientsError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         clients.add(appId, clients.TYPE_OAUTH, redirectURI, scope, function (error, result) {
             if (error) return callback(error);
@@ -844,7 +814,7 @@ function teardownOauth(app, options, callback) {
     debugApp(app, 'teardownOauth');
 
     clients.delByAppIdAndType(app.id, clients.TYPE_OAUTH, function (error) {
-        if (error && error.reason !== ClientsError.NOT_FOUND) debug(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) debug(error);
 
         appdb.unsetAddonConfig(app.id, 'oauth', callback);
     });
@@ -933,7 +903,7 @@ function setupSendMail(app, options, callback) {
     debugApp(app, 'Setting up SendMail');
 
     appdb.getAddonConfigByName(app.id, 'sendmail', '%MAIL_SMTP_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         var password = error ? hat(4 * 48) : existingPassword; // see box#565 for password length
 
@@ -971,7 +941,7 @@ function setupRecvMail(app, options, callback) {
     debugApp(app, 'Setting up recvmail');
 
     appdb.getAddonConfigByName(app.id, 'recvmail', '%MAIL_IMAP_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         var password = error ? hat(4 * 48) : existingPassword;  // see box#565 for password length
 
@@ -1067,7 +1037,7 @@ function setupMySql(app, options, callback) {
     debugApp(app, 'Setting up mysql');
 
     appdb.getAddonConfigByName(app.id, 'mysql', '%MYSQL_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         const tmp = mysqlDatabaseName(app.id);
 
@@ -1283,7 +1253,7 @@ function setupPostgreSql(app, options, callback) {
     const { database, username } = postgreSqlNames(app.id);
 
     appdb.getAddonConfigByName(app.id, 'postgresql', '%POSTGRESQL_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         const data = {
             database: database,
@@ -1458,7 +1428,7 @@ function setupMongoDb(app, options, callback) {
     debugApp(app, 'Setting up mongodb');
 
     appdb.getAddonConfigByName(app.id, 'mongodb', '%MONGODB_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
         const data = {
             database: app.id,
@@ -1582,9 +1552,21 @@ function startRedis(existingInfra, callback) {
     const tag = infra.images.redis.tag;
     const upgrading = existingInfra.version !== 'none' && requiresUpgrade(existingInfra.images.redis.tag, tag);
 
-    if (!upgrading) return callback();
+    appdb.getAll(function (error, apps) {
+        if (error) return callback(error);
 
-    importDatabase('redis', callback); // setupRedis currently starts the app container
+        async.eachSeries(apps, function iterator (app, iteratorCallback) {
+            if (!('redis' in app.manifest.addons)) return iteratorCallback(); // app doesn't use the addon
+
+            setupRedis(app, app.manifest.addons.redis, iteratorCallback);
+        }, function (error) {
+            if (error) return callback(error);
+
+            if (!upgrading) return callback();
+
+            importDatabase('redis', callback); // setupRedis currently starts the app container
+        });
+    });
 }
 
 // Ensures that app's addon redis container is running. Can be called when named container already exists/running
@@ -1596,9 +1578,9 @@ function setupRedis(app, options, callback) {
     const redisName = 'redis-' + app.id;
 
     appdb.getAddonConfigByName(app.id, 'redis', '%REDIS_PASSWORD', function (error, existingPassword) {
-        if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(error);
+        if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
-        const redisPassword = error ? hat(4 * 48) : existingPassword; // see box#362 for password length
+        const redisPassword = options.noPassword ? '' : (error ? hat(4 * 48) : existingPassword); // see box#362 for password length
         const redisServiceToken = hat(4 * 48);
 
         // Compute redis memory limit based on app's memory limit (this is arbitrary)
@@ -1645,7 +1627,7 @@ function setupRedis(app, options, callback) {
 
         async.series([
             (next) => {
-                docker.inspect(redisName, function (inspectError, result) {
+                docker.inspect(redisName, function (inspectError, result) { // fast-path
                     if (!inspectError) {
                         debug(`Re-using existing redis container with state: ${JSON.stringify(result.State)}`);
                         return next();
@@ -1806,10 +1788,10 @@ function statusSftp(callback) {
 
     docker.inspect('sftp', function (error, container) {
         if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         docker.memoryUsage('sftp', function (error, result) {
-            if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             var tmp = {
                 status: container.State.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,
@@ -1827,14 +1809,14 @@ function statusGraphite(callback) {
 
     docker.inspect('graphite', function (error, container) {
         if (error && error.reason === BoxError.NOT_FOUND) return callback(null, { status: exports.SERVICE_STATUS_STOPPED });
-        if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         request.get('http://127.0.0.1:8417/graphite-web/dashboard', { timeout: 3000 }, function (error, response) {
             if (error) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for graphite: ${error.message}` });
             if (response.statusCode !== 200) return callback(null, { status: exports.SERVICE_STATUS_STARTING, error: `Error waiting for graphite. Status code: ${response.statusCode} message: ${response.body.message}` });
 
             docker.memoryUsage('graphite', function (error, result) {
-                if (error) return callback(new AddonsError(AddonsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 var tmp = {
                     status: container.State.Running ? exports.SERVICE_STATUS_ACTIVE : exports.SERVICE_STATUS_STOPPED,

src/appdb.js

@@ -33,16 +33,16 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     safe = require('safetydance'),
     util = require('util');
 
 var APPS_FIELDS_PREFIXED = [ 'apps.id', 'apps.appStoreId', 'apps.installationState', 'apps.errorJson', 'apps.runState',
     'apps.health', 'apps.containerId', 'apps.manifestJson', 'apps.httpPort', 'subdomains.subdomain AS location', 'subdomains.domain',
     'apps.accessRestrictionJson', 'apps.memoryLimit',
-    'apps.label', 'apps.tagsJson', 'apps.taskId',
-    'apps.sso', 'apps.debugModeJson', 'apps.robotsTxt', 'apps.enableBackup',
+    'apps.label', 'apps.tagsJson', 'apps.taskId', 'apps.reverseProxyConfigJson',
+    'apps.sso', 'apps.debugModeJson', 'apps.enableBackup',
     'apps.creationTime', 'apps.updateTime', 'apps.mailboxName', 'apps.enableAutomaticUpdate',
     'apps.dataDir', 'apps.ts', 'apps.healthTime' ].join(',');
 
@@ -61,6 +61,10 @@ function postProcess(result) {
     result.tags = safe.JSON.parse(result.tagsJson) || [];
     delete result.tagsJson;
 
+    assert(result.reverseProxyConfigJson === null || typeof result.reverseProxyConfigJson === 'string');
+    result.reverseProxyConfig = safe.JSON.parse(result.reverseProxyConfigJson) || {};
+    delete result.reverseProxyConfigJson;
+
     assert(result.hostPorts === null || typeof result.hostPorts === 'string');
     assert(result.environmentVariables === null || typeof result.environmentVariables === 'string');
 
@@ -122,11 +126,11 @@ function get(id, callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' WHERE apps.id = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             result[0].alternateDomains = alternateDomains;
 
@@ -149,11 +153,11 @@ function getByHttpPort(httpPort, callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' WHERE httpPort = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, httpPort ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ result[0].id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             result[0].alternateDomains = alternateDomains;
             postProcess(result[0]);
@@ -175,11 +179,11 @@ function getByContainerId(containerId, callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' WHERE containerId = ? GROUP BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY, containerId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE appId = ? AND type = ?', [ result[0].id, exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             result[0].alternateDomains = alternateDomains;
             postProcess(result[0]);
@@ -200,10 +204,10 @@ function getAll(callback) {
         + '  LEFT OUTER JOIN appEnvVars ON apps.id = appEnvVars.appId'
         + '  LEFT OUTER JOIN subdomains ON apps.id = subdomains.appId AND subdomains.type = ?'
         + ' GROUP BY apps.id ORDER BY apps.id', [ exports.SUBDOMAIN_TYPE_PRIMARY ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         database.query('SELECT ' + SUBDOMAIN_FIELDS + ' FROM subdomains WHERE type = ?', [ exports.SUBDOMAIN_TYPE_REDIRECT ], function (error, alternateDomains) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             alternateDomains.forEach(function (d) {
                 var domain = results.find(function (a) { return d.appId === a.id; });
@@ -241,21 +245,21 @@ function add(id, appStoreId, manifest, location, domain, portBindings, data, cal
     const installationState = data.installationState;
     const runState = data.runState;
     const sso = 'sso' in data ? data.sso : null;
-    const robotsTxt = 'robotsTxt' in data ? data.robotsTxt : null;
     const debugModeJson = data.debugMode ? JSON.stringify(data.debugMode) : null;
     const env = data.env || {};
     const label = data.label || null;
     const tagsJson = data.tags ? JSON.stringify(data.tags) : null;
     const mailboxName = data.mailboxName || null;
+    const reverseProxyConfigJson = data.reverseProxyConfig ? JSON.stringify(data.reverseProxyConfig) : null;
 
     var queries = [];
 
     queries.push({
         query: 'INSERT INTO apps (id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit, '
-            + 'sso, debugModeJson, robotsTxt, mailboxName, label, tagsJson) '
+            + 'sso, debugModeJson, mailboxName, label, tagsJson, reverseProxyConfigJson) '
             + ' VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
         args: [ id, appStoreId, manifestJson, installationState, runState, accessRestrictionJson, memoryLimit,
-            sso, debugModeJson, robotsTxt, mailboxName, label, tagsJson ]
+            sso, debugModeJson, mailboxName, label, tagsJson, reverseProxyConfigJson ]
     });
 
     queries.push({
@@ -287,9 +291,9 @@ function add(id, appStoreId, manifest, location, domain, portBindings, data, cal
     }
 
     database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'no such domain'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error.message));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'no such domain'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -300,7 +304,7 @@ function exists(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT 1 FROM apps WHERE id=?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback(null, result.length !== 0);
     });
@@ -311,7 +315,7 @@ function getPortBindings(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + PORT_BINDINGS_FIELDS + ' FROM appPortBindings WHERE appId = ?', [ id ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         var portBindings = { };
         for (var i = 0; i < results.length; i++) {
@@ -328,8 +332,8 @@ function delPortBinding(hostPort, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM appPortBindings WHERE hostPort=? AND type=?', [ hostPort, type ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null);
     });
@@ -347,8 +351,8 @@ function del(id, callback) {
     ];
 
     database.transaction(queries, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results[3].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results[3].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null);
     });
@@ -364,7 +368,7 @@ function clear(callback) {
         database.query.bind(null, 'DELETE FROM appEnvVars'),
         database.query.bind(null, 'DELETE FROM apps')
     ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         return callback(null);
     });
 }
@@ -420,7 +424,7 @@ function updateWithConstraints(id, app, constraints, callback) {
 
     var fields = [ ], values = [ ];
     for (var p in app) {
-        if (p === 'manifest' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode' || p === 'error') {
+        if (p === 'manifest' || p === 'tags' || p === 'accessRestriction' || p === 'debugMode' || p === 'error' || p === 'reverseProxyConfig') {
             fields.push(`${p}Json = ?`);
             values.push(JSON.stringify(app[p]));
         } else if (p !== 'portBindings' && p !== 'location' && p !== 'domain' && p !== 'alternateDomains' && p !== 'env') {
@@ -435,9 +439,9 @@ function updateWithConstraints(id, app, constraints, callback) {
     }
 
     database.transaction(queries, function (error, results) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results[results.length - 1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error.message));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results[results.length - 1].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         return callback(null);
     });
@@ -473,7 +477,7 @@ function getAppStoreIds(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT id, appStoreId FROM apps', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -498,7 +502,7 @@ function setAddonConfig(appId, addonId, env, callback) {
         }
 
         database.query(query + queryArgs.join(','), args, function (error) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             return callback(null);
         });
@@ -511,7 +515,7 @@ function unsetAddonConfig(appId, addonId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM appAddonConfigs WHERE appId = ? AND addonId = ?', [ appId, addonId ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -522,7 +526,7 @@ function unsetAddonConfigByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM appAddonConfigs WHERE appId = ?', [ appId ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -534,7 +538,7 @@ function getAddonConfig(appId, addonId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT name, value FROM appAddonConfigs WHERE appId = ? AND addonId = ?', [ appId, addonId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -545,7 +549,7 @@ function getAddonConfigByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT name, value FROM appAddonConfigs WHERE appId = ?', [ appId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -558,8 +562,8 @@ function getAppIdByAddonConfigValue(addonId, namePattern, value, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT appId FROM appAddonConfigs WHERE addonId = ? AND name LIKE ? AND value = ?', [ addonId, namePattern, value ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null, results[0].appId);
     });
@@ -572,8 +576,8 @@ function getAddonConfigByName(appId, addonId, namePattern, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT value FROM appAddonConfigs WHERE appId = ? AND addonId = ? AND name LIKE ?', [ appId, addonId, namePattern ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'App not found'));
 
         callback(null, results[0].value);
     });

src/apphealthmonitor.js

@@ -5,7 +5,7 @@ var appdb = require('./appdb.js'),
     assert = require('assert'),
     async = require('async'),
     auditSource = require('./auditsource.js'),
-    DatabaseError = require('./databaseerror.js'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:apphealthmonitor'),
     docker = require('./docker.js'),
     eventlog = require('./eventlog.js'),
@@ -57,7 +57,7 @@ function setHealth(app, health, callback) {
     }
 
     appdb.setHealth(app.id, health, healthTime, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null); // app uninstalled?
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null); // app uninstalled?
         if (error) return callback(error);
 
         app.health = health;

src/apps.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    AppsError: AppsError,
-
     hasAccessTo: hasAccessTo,
     removeInternalFields: removeInternalFields,
     removeRestrictedFields: removeRestrictedFields,
@@ -23,7 +21,7 @@ exports = module.exports = {
     setMemoryLimit: setMemoryLimit,
     setAutomaticBackup: setAutomaticBackup,
     setAutomaticUpdate: setAutomaticUpdate,
-    setRobotsTxt: setRobotsTxt,
+    setReverseProxyConfig: setReverseProxyConfig,
     setCertificate: setCertificate,
     setDebugMode: setDebugMode,
     setEnvironment: setEnvironment,
@@ -33,6 +31,7 @@ exports = module.exports = {
     repair: repair,
 
     restore: restore,
+    importApp: importApp,
     clone: clone,
 
     update: update,
@@ -102,20 +101,16 @@ exports = module.exports = {
 
 var appdb = require('./appdb.js'),
     appstore = require('./appstore.js'),
-    AppstoreError = require('./appstore.js').AppstoreError,
     appTaskManager = require('./apptaskmanager.js'),
     assert = require('assert'),
     async = require('async'),
     backups = require('./backups.js'),
-    BackupsError = backups.BackupsError,
     BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:apps'),
     docker = require('./docker.js'),
     domaindb = require('./domaindb.js'),
     domains = require('./domains.js'),
-    DomainsError = require('./domains.js').DomainsError,
     eventlog = require('./eventlog.js'),
     fs = require('fs'),
     mail = require('./mail.js'),
@@ -139,38 +134,6 @@ var appdb = require('./appdb.js'),
     validator = require('validator'),
     _ = require('underscore');
 
-// http://dustinsenos.com/articles/customErrorsInNode
-// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
-function AppsError(reason, errorOrMessage, details) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-    assert(typeof details === 'object' || typeof details === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-
-    this.details = details || {};
-}
-util.inherits(AppsError, Error);
-AppsError.INTERNAL_ERROR = 'Internal Error';
-AppsError.EXTERNAL_ERROR = 'External Error';
-AppsError.ALREADY_EXISTS = 'Already Exists';
-AppsError.NOT_FOUND = 'Not Found';
-AppsError.BAD_FIELD = 'Bad Field';
-AppsError.BAD_STATE = 'Bad State';
-AppsError.PLAN_LIMIT = 'Plan Limit';
-
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
 // validate the port bindings
@@ -210,12 +173,12 @@ function validatePortBindings(portBindings, manifest) {
     if (!portBindings) return null;
 
     for (let portName in portBindings) {
-        if (!/^[a-zA-Z0-9_]+$/.test(portName)) return new AppsError(AppsError.BAD_FIELD, `${portName} is not a valid environment variable`, { field: 'portBindings', portName: portName });
+        if (!/^[a-zA-Z0-9_]+$/.test(portName)) return new BoxError(BoxError.BAD_FIELD, `${portName} is not a valid environment variable`, { field: 'portBindings', portName: portName });
 
         const hostPort = portBindings[portName];
-        if (!Number.isInteger(hostPort)) return new AppsError(AppsError.BAD_FIELD, `${hostPort} is not an integer`, { field: 'portBindings', portName: portName });
-        if (RESERVED_PORTS.indexOf(hostPort) !== -1) return new AppsError(AppsError.BAD_FIELD, `Port ${hostPort} is reserved.`, { field: 'portBindings', portName: portName });
-        if (hostPort <= 1023 || hostPort > 65535) return new AppsError(AppsError.BAD_FIELD, `${hostPort} is not in permitted range`, { field: 'portBindings', portName: portName });
+        if (!Number.isInteger(hostPort)) return new BoxError(BoxError.BAD_FIELD, `${hostPort} is not an integer`, { field: 'portBindings', portName: portName });
+        if (RESERVED_PORTS.indexOf(hostPort) !== -1) return new BoxError(BoxError.BAD_FIELD, `Port ${hostPort} is reserved.`, { field: 'portBindings', portName: portName });
+        if (hostPort <= 1023 || hostPort > 65535) return new BoxError(BoxError.BAD_FIELD, `${hostPort} is not in permitted range`, { field: 'portBindings', portName: portName });
     }
 
     // it is OK if there is no 1-1 mapping between values in manifest.tcpPorts and portBindings. missing values implies
@@ -223,7 +186,7 @@ function validatePortBindings(portBindings, manifest) {
     const tcpPorts = manifest.tcpPorts || { };
     const udpPorts = manifest.udpPorts || { };
     for (let portName in portBindings) {
-        if (!(portName in tcpPorts) && !(portName in udpPorts)) return new AppsError(AppsError.BAD_FIELD, `Invalid portBindings ${portName}`, { field: 'portBindings', portName: portName });
+        if (!(portName in tcpPorts) && !(portName in udpPorts)) return new BoxError(BoxError.BAD_FIELD, `Invalid portBindings ${portName}`, { field: 'portBindings', portName: portName });
     }
 
     return null;
@@ -251,13 +214,13 @@ function validateAccessRestriction(accessRestriction) {
     if (accessRestriction === null) return null;
 
     if (accessRestriction.users) {
-        if (!Array.isArray(accessRestriction.users)) return new AppsError(AppsError.BAD_FIELD, 'users array property required');
-        if (!accessRestriction.users.every(function (e) { return typeof e === 'string'; })) return new AppsError(AppsError.BAD_FIELD, 'All users have to be strings');
+        if (!Array.isArray(accessRestriction.users)) return new BoxError(BoxError.BAD_FIELD, 'users array property required');
+        if (!accessRestriction.users.every(function (e) { return typeof e === 'string'; })) return new BoxError(BoxError.BAD_FIELD, 'All users have to be strings');
     }
 
     if (accessRestriction.groups) {
-        if (!Array.isArray(accessRestriction.groups)) return new AppsError(AppsError.BAD_FIELD, 'groups array property required');
-        if (!accessRestriction.groups.every(function (e) { return typeof e === 'string'; })) return new AppsError(AppsError.BAD_FIELD, 'All groups have to be strings');
+        if (!Array.isArray(accessRestriction.groups)) return new BoxError(BoxError.BAD_FIELD, 'groups array property required');
+        if (!accessRestriction.groups.every(function (e) { return typeof e === 'string'; })) return new BoxError(BoxError.BAD_FIELD, 'All groups have to be strings');
     }
 
     // TODO: maybe validate if the users and groups actually exist
@@ -278,8 +241,8 @@ function validateMemoryLimit(manifest, memoryLimit) {
     // a special value that indicates unlimited memory
     if (memoryLimit === -1) return null;
 
-    if (memoryLimit < min) return new AppsError(AppsError.BAD_FIELD, 'memoryLimit too small');
-    if (memoryLimit > max) return new AppsError(AppsError.BAD_FIELD, 'memoryLimit too large');
+    if (memoryLimit < min) return new BoxError(BoxError.BAD_FIELD, 'memoryLimit too small');
+    if (memoryLimit > max) return new BoxError(BoxError.BAD_FIELD, 'memoryLimit too large');
 
     return null;
 }
@@ -288,8 +251,8 @@ function validateDebugMode(debugMode) {
     assert.strictEqual(typeof debugMode, 'object');
 
     if (debugMode === null) return null;
-    if ('cmd' in debugMode && debugMode.cmd !== null && !Array.isArray(debugMode.cmd)) return new AppsError(AppsError.BAD_FIELD, 'debugMode.cmd must be an array or null' );
-    if ('readonlyRootfs' in debugMode && typeof debugMode.readonlyRootfs !== 'boolean') return new AppsError(AppsError.BAD_FIELD, 'debugMode.readonlyRootfs must be a boolean' );
+    if ('cmd' in debugMode && debugMode.cmd !== null && !Array.isArray(debugMode.cmd)) return new BoxError(BoxError.BAD_FIELD, 'debugMode.cmd must be an array or null' );
+    if ('readonlyRootfs' in debugMode && typeof debugMode.readonlyRootfs !== 'boolean') return new BoxError(BoxError.BAD_FIELD, 'debugMode.readonlyRootfs must be a boolean' );
 
     return null;
 }
@@ -298,44 +261,53 @@ function validateRobotsTxt(robotsTxt) {
     if (robotsTxt === null) return null;
 
     // this is the nginx limit on inline strings. if we really hit this, we have to generate a file
-    if (robotsTxt.length > 4096) return new AppsError(AppsError.BAD_FIELD, 'robotsTxt must be less than 4096', { field: 'robotsTxt' });
+    if (robotsTxt.length > 4096) return new BoxError(BoxError.BAD_FIELD, 'robotsTxt must be less than 4096', { field: 'robotsTxt' });
 
     // TODO: validate the robots file? we escape the string when templating the nginx config right now
 
     return null;
 }
 
+function validateCsp(csp) {
+    if (csp === null) return null;
+
+    if (csp.length > 4096) return new BoxError(BoxError.BAD_FIELD, 'CSP must be less than 4096', { field: 'csp' });
+
+    if (csp.includes('"')) return new BoxError(BoxError.BAD_FIELD, 'CSP cannot contains double quotes', { field: 'csp' });
+
+    return null;
+}
+
 function validateBackupFormat(format) {
     assert.strictEqual(typeof format, 'string');
 
     if (format === 'tgz' || format == 'rsync') return null;
 
-    return new AppsError(AppsError.BAD_FIELD, 'Invalid backup format');
+    return new BoxError(BoxError.BAD_FIELD, 'Invalid backup format');
 }
 
 function validateLabel(label) {
     if (label === null) return null;
 
-    if (label.length > 128) return new AppsError(AppsError.BAD_FIELD, 'label must be less than 128', { field: 'label' });
+    if (label.length > 128) return new BoxError(BoxError.BAD_FIELD, 'label must be less than 128', { field: 'label' });
 
     return null;
 }
 
 function validateTags(tags) {
-    if (!Array.isArray(tags)) return new AppsError(AppsError.BAD_FIELD, 'tags must be an array of strings', { field: 'tags' });
-    if (tags.length > 64) return new AppsError(AppsError.BAD_FIELD, 'Can only set up to 64 tags', { field: 'tags' });
+    if (tags.length > 64) return new BoxError(BoxError.BAD_FIELD, 'Can only set up to 64 tags', { field: 'tags' });
 
-    if (tags.some(tag => (!tag || typeof tag !== 'string'))) return new AppsError(AppsError.BAD_FIELD, 'tags must be an array of non-empty strings', { field: 'tags' });
-    if (tags.some(tag => tag.length > 128)) return new AppsError(AppsError.BAD_FIELD, 'tag must be less than 128', { field: 'tags' });
+    if (tags.some(tag => tag.length == 0)) return new BoxError(BoxError.BAD_FIELD, 'tag cannot be empty', { field: 'tags' });
+    if (tags.some(tag => tag.length > 128)) return new BoxError(BoxError.BAD_FIELD, 'tag must be less than 128', { field: 'tags' });
 
     return null;
 }
 
 function validateEnv(env) {
     for (let key in env) {
-        if (key.length > 512) return new AppsError(AppsError.BAD_FIELD, 'Max env var key length is 512', { field: 'env', env: env });
+        if (key.length > 512) return new BoxError(BoxError.BAD_FIELD, 'Max env var key length is 512', { field: 'env', env: env });
         // http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html
-        if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(key)) return new AppsError(AppsError.BAD_FIELD, `"${key}" is not a valid environment variable`, { field: 'env', env: env });
+        if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(key)) return new BoxError(BoxError.BAD_FIELD, `"${key}" is not a valid environment variable`, { field: 'env', env: env });
     }
 
     return null;
@@ -344,23 +316,23 @@ function validateEnv(env) {
 function validateDataDir(dataDir) {
     if (dataDir === null) return null;
 
-    if (path.resolve(dataDir) !== dataDir) return new AppsError(AppsError.BAD_FIELD, 'dataDir must be an absolute path', { field: 'dataDir' });
+    if (path.resolve(dataDir) !== dataDir) return new BoxError(BoxError.BAD_FIELD, 'dataDir must be an absolute path', { field: 'dataDir' });
 
     // nfs shares will have the directory mounted already
     let stat = safe.fs.lstatSync(dataDir);
     if (stat) {
-        if (!stat.isDirectory()) return new AppsError(AppsError.BAD_FIELD, `dataDir ${dataDir} is not a directory`, { field: 'dataDir' });
+        if (!stat.isDirectory()) return new BoxError(BoxError.BAD_FIELD, `dataDir ${dataDir} is not a directory`, { field: 'dataDir' });
         let entries = safe.fs.readdirSync(dataDir);
-        if (!entries) return new AppsError(AppsError.BAD_FIELD, `dataDir ${dataDir} could not be listed`, { field: 'dataDir' });
-        if (entries.length !== 0) return new AppsError(AppsError.BAD_FIELD, `dataDir ${dataDir} is not empty`, { field: 'dataDir' });
+        if (!entries) return new BoxError(BoxError.BAD_FIELD, `dataDir ${dataDir} could not be listed`, { field: 'dataDir' });
+        if (entries.length !== 0) return new BoxError(BoxError.BAD_FIELD, `dataDir ${dataDir} is not empty`, { field: 'dataDir' });
     }
 
     // backup logic relies on paths not overlapping (because it recurses)
-    if (dataDir.startsWith(paths.APPS_DATA_DIR)) return new AppsError(AppsError.BAD_FIELD, `dataDir ${dataDir} cannot be inside apps data`, { field: 'dataDir' });
+    if (dataDir.startsWith(paths.APPS_DATA_DIR)) return new BoxError(BoxError.BAD_FIELD, `dataDir ${dataDir} cannot be inside apps data`, { field: 'dataDir' });
 
     // if we made it this far, it cannot start with any of these realistically
     const fhs = [ '/bin', '/boot', '/etc', '/lib', '/lib32', '/lib64', '/proc', '/run', '/sbin', '/tmp', '/usr' ];
-    if (fhs.some((p) => dataDir.startsWith(p))) return new AppsError(AppsError.BAD_FIELD, `dataDir ${dataDir} cannot be placed inside this location`, { field: 'dataDir' });
+    if (fhs.some((p) => dataDir.startsWith(p))) return new BoxError(BoxError.BAD_FIELD, `dataDir ${dataDir} cannot be placed inside this location`, { field: 'dataDir' });
 
     return null;
 }
@@ -374,7 +346,7 @@ function getDuplicateErrorDetails(errorMessage, locations, domainObjectMap, port
     var match = errorMessage.match(/ER_DUP_ENTRY: Duplicate entry '(.*)' for key '(.*)'/);
     if (!match) {
         debug('Unexpected SQL error message.', errorMessage);
-        return new AppsError(AppsError.INTERNAL_ERROR, new Error(errorMessage));
+        return new BoxError(BoxError.DATABASE_ERROR, errorMessage);
     }
 
     // check if a location conflicts
@@ -383,20 +355,20 @@ function getDuplicateErrorDetails(errorMessage, locations, domainObjectMap, port
             const { subdomain, domain } = locations[i];
             if  (match[1] !== `${subdomain}-${domain}`) continue;
 
-            return new AppsError(AppsError.ALREADY_EXISTS, `Domain '${domains.fqdn(subdomain, domainObjectMap[domain])}' is in use`, { subdomain, domain });
+            return new BoxError(BoxError.ALREADY_EXISTS, `Domain '${domains.fqdn(subdomain, domainObjectMap[domain])}' is in use`, { subdomain, domain });
         }
     }
 
     // check if any of the port bindings conflict
     for (let portName in portBindings) {
-        if (portBindings[portName] === parseInt(match[1])) return new AppsError(AppsError.ALREADY_EXISTS, `Port ${match[1]} is reserved`, { portName });
+        if (portBindings[portName] === parseInt(match[1])) return new BoxError(BoxError.ALREADY_EXISTS, `Port ${match[1]} is reserved`, { portName });
     }
 
     if (match[2] === 'dataDir') {
-        return new AppsError(AppsError.BAD_FIELD, `Data directory ${match[1]} is in use`, { field: 'dataDir' });
+        return new BoxError(BoxError.BAD_FIELD, `Data directory ${match[1]} is in use`, { field: 'dataDir' });
     }
 
-    return new AppsError(AppsError.ALREADY_EXISTS, `${match[2]} '${match[1]}' is in use`);
+    return new BoxError(BoxError.ALREADY_EXISTS, `${match[2]} '${match[1]}' is in use`);
 }
 
 function getDataDir(app, dataDir) {
@@ -410,7 +382,7 @@ function removeInternalFields(app) {
         'id', 'appStoreId', 'installationState', 'error', 'runState', 'health', 'taskId',
         'location', 'domain', 'fqdn', 'mailboxName',
         'accessRestriction', 'manifest', 'portBindings', 'iconUrl', 'memoryLimit',
-        'sso', 'debugMode', 'robotsTxt', 'enableBackup', 'creationTime', 'updateTime', 'ts', 'tags',
+        'sso', 'debugMode', 'reverseProxyConfig', 'enableBackup', 'creationTime', 'updateTime', 'ts', 'tags',
         'label', 'alternateDomains', 'env', 'enableAutomaticUpdate', 'dataDir');
 }
 
@@ -446,7 +418,7 @@ function getIconPath(appId, options, callback) {
     const appstoreIconPath = `${paths.APP_ICONS_DIR}/${appId}.png`;
     if (safe.fs.existsSync(appstoreIconPath)) return callback(null, appstoreIconPath);
 
-    callback(new AppsError(AppsError.NOT_FOUND, 'No icon'));
+    callback(new BoxError(BoxError.NOT_FOUND, 'No icon'));
 }
 
 function postProcess(app, domainObjectMap) {
@@ -484,7 +456,7 @@ function getDomainObjectMap(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domaindb.getAll(function (error, domainObjects) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         let domainObjectMap = {};
         for (let d of domainObjects) { domainObjectMap[d.domain] = d; }
@@ -501,8 +473,8 @@ function get(appId, callback) {
         if (error) return callback(error);
 
         appdb.get(appId, function (error, app) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'No such app'));
+            if (error) return callback(error);
 
             postProcess(app, domainObjectMap);
 
@@ -519,8 +491,8 @@ function getByContainerId(containerId, callback) {
         if (error) return callback(error);
 
         appdb.getByContainerId(containerId, function (error, app) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'No such app'));
+            if (error) return callback(error);
 
             postProcess(app, domainObjectMap);
 
@@ -538,13 +510,13 @@ function getByIpAddress(ip, callback) {
     if (constants.TEST && exports._MOCK_GET_BY_IP_APP_ID) return get(exports._MOCK_GET_BY_IP_APP_ID, callback);
 
     docker.getContainerIdByIp(ip, function (error, containerId) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         docker.inspect(containerId, function (error, result) {
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             const appId = safe.query(result, 'Config.Labels.appId', null);
-            if (!appId) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
+            if (!appId) return callback(new BoxError(BoxError.NOT_FOUND, 'No such app'));
 
             get(appId, callback);
         });
@@ -559,7 +531,7 @@ function getByFqdn(fqdn, callback) {
         if (error) return callback(error);
 
         var app = result.find(function (a) { return a.fqdn === fqdn; });
-        if (!app) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
+        if (!app) return callback(new BoxError(BoxError.NOT_FOUND, 'No such app'));
 
         callback(null, app);
     });
@@ -572,7 +544,7 @@ function getAll(callback) {
         if (error) return callback(error);
 
         appdb.getAll(function (error, apps) {
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             apps.forEach((app) => postProcess(app, domainObjectMap));
 
@@ -595,7 +567,7 @@ function getAllByUser(user, callback) {
 }
 
 function downloadManifest(appStoreId, manifest, callback) {
-    if (!appStoreId && !manifest) return callback(new AppsError(AppsError.BAD_FIELD, 'Neither manifest nor appStoreId provided'));
+    if (!appStoreId && !manifest) return callback(new BoxError(BoxError.BAD_FIELD, 'Neither manifest nor appStoreId provided'));
 
     if (!appStoreId) return callback(null, '', manifest);
 
@@ -606,9 +578,9 @@ function downloadManifest(appStoreId, manifest, callback) {
     debug('downloading manifest from %s', url);
 
     superagent.get(url).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Network error downloading manifest:' + error.message));
+        if (error && !error.response) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Network error downloading manifest:' + error.message));
 
-        if (result.statusCode !== 200) return callback(new AppsError(AppsError.NOT_FOUND, util.format('Failed to get app info from store.', result.statusCode, result.text)));
+        if (result.statusCode !== 200) return callback(new BoxError(BoxError.NOT_FOUND, util.format('Failed to get app info from store.', result.statusCode, result.text)));
 
         callback(null, parts[0], result.body.manifest);
     });
@@ -654,12 +626,11 @@ function addTask(appId, installationState, task, callback) {
     const requireNullTaskId = 'requireNullTaskId' in task ? task.requireNullTaskId : true;
 
     tasks.add(tasks.TASK_APP, [ appId, args ], function (error, taskId) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         appdb.setTask(appId, _.extend({ installationState, taskId, error: null }, values), { requiredState, requireNullTaskId }, function (error) {
-            if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new AppsError(AppsError.ALREADY_EXISTS, error.message));
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.BAD_STATE, 'Another task is scheduled for this app')); // could be because app went away OR a taskId exists
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.BAD_STATE, 'Another task is scheduled for this app')); // could be because app went away OR a taskId exists
+            if (error) return callback(error);
 
             if (scheduleNow) scheduleTask(appId, installationState, taskId, NOOP_CALLBACK);
 
@@ -672,10 +643,10 @@ function checkAppState(app, state) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof state, 'string');
 
-    if (app.taskId) return new AppsError(AppsError.BAD_STATE, `Not allowed in this app state : ${app.installationState} / ${app.runState}`);
+    if (app.taskId) return new BoxError(BoxError.BAD_STATE, `Not allowed in this app state : ${app.installationState} / ${app.runState}`);
 
     if (app.installationState === exports.ISTATE_ERROR) {
-        if (state !== exports.ISTATE_PENDING_UNINSTALL) return new AppsError(AppsError.BAD_STATE, 'Not allowed in error state');
+        if (state !== exports.ISTATE_PENDING_UNINSTALL) return new BoxError(BoxError.BAD_STATE, 'Not allowed in error state');
     }
 
     return null;
@@ -689,10 +660,10 @@ function validateLocations(locations, callback) {
         if (error) return callback(error);
 
         for (let location of locations) {
-            if (!(location.domain in domainObjectMap)) return callback(new AppsError(AppsError.BAD_FIELD, 'No such domain', { field: 'location', domain: location.domain, subdomain: location.subdomain }));
+            if (!(location.domain in domainObjectMap)) return callback(new BoxError(BoxError.BAD_FIELD, 'No such domain', { field: 'location', domain: location.domain, subdomain: location.subdomain }));
 
             error = domains.validateHostname(location.subdomain, domainObjectMap[location.domain]);
-            if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Bad location: ' + error.message, { field: 'location', domain: location.domain, subdomain: location.subdomain }));
+            if (error) return callback(new BoxError(BoxError.BAD_FIELD, 'Bad location: ' + error.message, { field: 'location', domain: location.domain, subdomain: location.subdomain }));
         }
 
         callback(null, domainObjectMap);
@@ -715,11 +686,8 @@ function install(data, user, auditSource, callback) {
         memoryLimit = data.memoryLimit || 0,
         sso = 'sso' in data ? data.sso : null,
         debugMode = data.debugMode || null,
-        robotsTxt = data.robotsTxt || null,
         enableBackup = 'enableBackup' in data ? data.enableBackup : true,
         enableAutomaticUpdate = 'enableAutomaticUpdate' in data ? data.enableAutomaticUpdate : true,
-        backupId = data.backupId || null,
-        backupFormat = data.backupFormat || 'tgz',
         alternateDomains = data.alternateDomains || [],
         env = data.env || {},
         mailboxName = data.mailboxName || '',
@@ -733,7 +701,7 @@ function install(data, user, auditSource, callback) {
         if (error) return callback(error);
 
         error = manifestFormat.parse(manifest);
-        if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Manifest error: ' + error.message));
+        if (error) return callback(new BoxError(BoxError.BAD_FIELD, 'Manifest error: ' + error.message));
 
         error = checkManifestConstraints(manifest);
         if (error) return callback(error);
@@ -750,19 +718,13 @@ function install(data, user, auditSource, callback) {
         error = validateDebugMode(debugMode);
         if (error) return callback(error);
 
-        error = validateRobotsTxt(robotsTxt);
-        if (error) return callback(error);
-
-        error = validateBackupFormat(backupFormat);
-        if (error) return callback(error);
-
         error = validateLabel(label);
         if (error) return callback(error);
 
         error = validateTags(tags);
         if (error) return callback(error);
 
-        if ('sso' in data && !('optionalSso' in manifest)) return callback(new AppsError(AppsError.BAD_FIELD, 'sso can only be specified for apps with optionalSso'));
+        if ('sso' in data && !('optionalSso' in manifest)) return callback(new BoxError(BoxError.BAD_FIELD, 'sso can only be specified for apps with optionalSso'));
         // if sso was unspecified, enable it by default if possible
         if (sso === null) sso = !!manifest.addons['ldap'] || !!manifest.addons['oauth'];
 
@@ -771,7 +733,7 @@ function install(data, user, auditSource, callback) {
 
         if (mailboxName) {
             error = mail.validateName(mailboxName);
-            if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message, { field: 'mailboxName' }));
+            if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message, { field: 'mailboxName' }));
         } else {
             mailboxName = mailboxNameForLocation(location, manifest);
         }
@@ -779,10 +741,10 @@ function install(data, user, auditSource, callback) {
         var appId = uuid.v4();
 
         if (icon) {
-            if (!validator.isBase64(icon)) return callback(new AppsError(AppsError.BAD_FIELD, 'icon is not base64', { field: 'icon' }));
+            if (!validator.isBase64(icon)) return callback(new BoxError(BoxError.BAD_FIELD, 'icon is not base64', { field: 'icon' }));
 
             if (!safe.fs.writeFileSync(path.join(paths.APP_ICONS_DIR, appId + '.png'), Buffer.from(icon, 'base64'))) {
-                return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving icon:' + safe.error.message));
+                return callback(new BoxError(BoxError.FS_ERROR, 'Error saving icon:' + safe.error.message));
             }
         }
 
@@ -792,7 +754,7 @@ function install(data, user, auditSource, callback) {
 
             if (cert && key) {
                 error = reverseProxy.validateCertificate(location, domainObjectMap[domain], { cert, key });
-                if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message, { field: 'cert' }));
+                if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message, { field: 'cert' }));
             }
 
             debug('Will install app with id : ' + appId);
@@ -805,19 +767,17 @@ function install(data, user, auditSource, callback) {
                 mailboxName: mailboxName,
                 enableBackup: enableBackup,
                 enableAutomaticUpdate: enableAutomaticUpdate,
-                robotsTxt: robotsTxt,
                 alternateDomains: alternateDomains,
                 env: env,
                 label: label,
                 tags: tags,
                 runState: exports.RSTATE_RUNNING,
-                installationState: backupId ? exports.ISTATE_PENDING_RESTORE : exports.ISTATE_PENDING_INSTALL
+                installationState: exports.ISTATE_PENDING_INSTALL
             };
 
             appdb.add(appId, appStoreId, manifest, location, domain, translatePortBindings(portBindings, manifest), data, function (error) {
-                if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(getDuplicateErrorDetails(error.message, locations, domainObjectMap, portBindings));
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, error.message));
-                if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+                if (error && error.reason === BoxError.ALREADY_EXISTS) return callback(getDuplicateErrorDetails(error.message, locations, domainObjectMap, portBindings));
+                if (error) return callback(error);
 
                 purchaseApp({ appId: appId, appstoreId: appStoreId, manifestId: manifest.id }, function (error) {
                     if (error) return callback(error);
@@ -825,14 +785,13 @@ function install(data, user, auditSource, callback) {
                     // save cert to boxdata/certs
                     if (cert && key) {
                         let error = reverseProxy.setAppCertificateSync(location, domainObjectMap[domain], { cert, key });
-                        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error setting cert: ' + error.message));
+                        if (error) return callback(error);
                     }
 
-                    const restoreConfig = backupId ? { backupId: backupId, backupFormat: backupFormat } : null;
                     const task = {
-                        args: { restoreConfig, overwriteDns },
+                        args: { restoreConfig: null, overwriteDns },
                         values: { },
-                        requiredState: exports.ISTATE_PENDING_INSTALL
+                        requiredState: data.installationState
                     };
 
                     addTask(appId, data.installationState, task, function (error, result) {
@@ -865,8 +824,7 @@ function setAccessRestriction(appId, accessRestriction, auditSource, callback) {
         if (error) return callback(error);
 
         appdb.update(appId, { accessRestriction: accessRestriction }, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, accessRestriction: accessRestriction });
 
@@ -888,8 +846,7 @@ function setLabel(appId, label, auditSource, callback) {
         if (error) return callback(error);
 
         appdb.update(appId, { label: label }, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, label: label });
 
@@ -911,8 +868,7 @@ function setTags(appId, tags, auditSource, callback) {
         if (error) return callback(error);
 
         appdb.update(appId, { tags: tags }, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, tags: tags });
 
@@ -931,10 +887,10 @@ function setIcon(appId, icon, auditSource, callback) {
         if (error) return callback(error);
 
         if (icon) {
-            if (!validator.isBase64(icon)) return callback(new AppsError(AppsError.BAD_FIELD, 'icon is not base64', { field: 'icon' }));
+            if (!validator.isBase64(icon)) return callback(new BoxError(BoxError.BAD_FIELD, 'icon is not base64', { field: 'icon' }));
 
             if (!safe.fs.writeFileSync(path.join(paths.APP_ICONS_DIR, appId + '.user.png'), Buffer.from(icon, 'base64'))) {
-                return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving icon:' + safe.error.message));
+                return callback(new BoxError(BoxError.FS_ERROR, 'Error saving icon:' + safe.error.message));
             }
         } else {
             safe.fs.unlinkSync(path.join(paths.APP_ICONS_DIR, appId + '.user.png'));
@@ -1047,7 +1003,7 @@ function setMailbox(appId, mailboxName, auditSource, callback) {
 
         if (mailboxName) {
             error = mail.validateName(mailboxName);
-            if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message, { field: 'mailboxName' }));
+            if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message, { field: 'mailboxName' }));
         } else {
             mailboxName = mailboxNameForLocation(app.location, app.manifest);
         }
@@ -1076,8 +1032,7 @@ function setAutomaticBackup(appId, enable, auditSource, callback) {
         if (error) return callback(error);
 
         appdb.update(appId, { enableBackup: enable }, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, enableBackup: enable });
 
@@ -1096,8 +1051,7 @@ function setAutomaticUpdate(appId, enable, auditSource, callback) {
         if (error) return callback(error);
 
         appdb.update(appId, { enableAutomaticUpdate: enable }, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, enableAutomaticUpdate: enable });
 
@@ -1106,26 +1060,30 @@ function setAutomaticUpdate(appId, enable, auditSource, callback) {
     });
 }
 
-function setRobotsTxt(appId, robotsTxt, auditSource, callback) {
+function setReverseProxyConfig(appId, reverseProxyConfig, auditSource, callback) {
     assert.strictEqual(typeof appId, 'string');
-    assert(robotsTxt === null || typeof robotsTxt === 'string');
+    assert.strictEqual(typeof reverseProxyConfig, 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
+    reverseProxyConfig = _.extend({ robotsTxt: null, csp: null }, reverseProxyConfig);
+
     get(appId, function (error, app) {
         if (error) return callback(error);
 
-        error = validateRobotsTxt(robotsTxt);
+        error = validateCsp(reverseProxyConfig.csp);
         if (error) return callback(error);
 
-        reverseProxy.writeAppConfig(_.extend({}, app, { robotsTxt }), function (error) {
-            if (error) return callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Error writing nginx config'));
+        error = validateRobotsTxt(reverseProxyConfig.robotsTxt);
+        if (error) return callback(error);
 
-            appdb.update(appId, { robotsTxt: robotsTxt }, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such app'));
-                if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        reverseProxy.writeAppConfig(_.extend({}, app, { reverseProxyConfig }), function (error) {
+            if (error) return callback(error);
 
-                eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, robotsTxt: robotsTxt });
+            appdb.update(appId, { reverseProxyConfig }, function (error) {
+                if (error) return callback(error);
+
+                eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId, app, reverseProxyConfig });
 
                 callback();
             });
@@ -1143,17 +1101,15 @@ function setCertificate(appId, bundle, auditSource, callback) {
         if (error) return callback(error);
 
         domains.get(app.domain, function (error, domainObject) {
-            if (error && error.reason === DomainsError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, 'No such domain'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Could not get domain info:' + error.message));
-
+            if (error) return callback(error);
 
             if (bundle.cert && bundle.key) {
                 error = reverseProxy.validateCertificate(app.location, domainObject, { cert: bundle.cert, key: bundle.key });
-                if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message, { field: 'cert' }));
+                if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message, { field: 'cert' }));
             }
 
             error = reverseProxy.setAppCertificateSync(app.location, domainObject, { cert: bundle.cert, key: bundle.key });
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error setting cert: ' + error.message));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_APP_CONFIGURE, auditSource, { appId: appId, app: app, cert: bundle.cert, key: bundle.key });
 
@@ -1209,7 +1165,7 @@ function setLocation(appId, data, auditSource, callback) {
                 values
             };
             addTask(appId, exports.ISTATE_PENDING_LOCATION_CHANGE, task, function (error, result) {
-                if (error && error.reason === AppsError.ALREADY_EXISTS) error = getDuplicateErrorDetails(error.message, locations, domainObjectMap, data.portBindings);
+                if (error && error.reason === BoxError.ALREADY_EXISTS) error = getDuplicateErrorDetails(error.message, locations, domainObjectMap, data.portBindings);
                 if (error) return callback(error);
 
                 values.fqdn = domains.fqdn(values.location, domainObjectMap[values.domain]);
@@ -1272,7 +1228,7 @@ function update(appId, data, auditSource, callback) {
             if (error) return callback(error);
 
             error = manifestFormat.parse(manifest);
-            if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Manifest error:' + error.message));
+            if (error) return callback(new BoxError(BoxError.BAD_FIELD, 'Manifest error:' + error.message));
 
             error = checkManifestConstraints(manifest);
             if (error) return callback(error);
@@ -1282,7 +1238,7 @@ function update(appId, data, auditSource, callback) {
             // prevent user from installing a app with different manifest id over an existing app
             // this allows cloudron install -f --app <appid> for an app installed from the appStore
             if (app.manifest.id !== updateConfig.manifest.id) {
-                if (!data.force) return callback(new AppsError(AppsError.BAD_FIELD, 'manifest id does not match. force to override'));
+                if (!data.force) return callback(new BoxError(BoxError.BAD_FIELD, 'manifest id does not match. force to override'));
                 // clear appStoreId so that this app does not get updates anymore
                 updateConfig.appStoreId = '';
             }
@@ -1291,15 +1247,15 @@ function update(appId, data, auditSource, callback) {
             const currentVersion = semver.prerelease(app.manifest.version) ? app.manifest.version : `${app.manifest.version}-0`;
             const updateVersion = semver.prerelease(updateConfig.manifest.version) ? updateConfig.manifest.version : `${updateConfig.manifest.version}-0`;
             if (app.appStoreId !== '' && semver.lte(updateVersion, currentVersion)) {
-                if (!data.force) return callback(new AppsError(AppsError.BAD_FIELD, 'Downgrades are not permitted for apps installed from AppStore. force to override'));
+                if (!data.force) return callback(new BoxError(BoxError.BAD_FIELD, 'Downgrades are not permitted for apps installed from AppStore. force to override'));
             }
 
             if ('icon' in data) {
                 if (data.icon) {
-                    if (!validator.isBase64(data.icon)) return callback(new AppsError(AppsError.BAD_FIELD, 'icon is not base64', { field: 'icon' }));
+                    if (!validator.isBase64(data.icon)) return callback(new BoxError(BoxError.BAD_FIELD, 'icon is not base64', { field: 'icon' }));
 
                     if (!safe.fs.writeFileSync(path.join(paths.APP_ICONS_DIR, appId + '.user.png'), Buffer.from(data.icon, 'base64'))) {
-                        return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving icon:' + safe.error.message));
+                        return callback(new BoxError(BoxError.FS_ERROR, 'Error saving icon:' + safe.error.message));
                     }
                 } else {
                     safe.fs.unlinkSync(path.join(paths.APP_ICONS_DIR, appId + '.user.png'));
@@ -1307,7 +1263,7 @@ function update(appId, data, auditSource, callback) {
             }
 
             // do not update apps in debug mode
-            if (app.debugMode && !data.force) return callback(new AppsError(AppsError.BAD_STATE, 'debug mode enabled. force to override'));
+            if (app.debugMode && !data.force) return callback(new BoxError(BoxError.BAD_STATE, 'debug mode enabled. force to override'));
 
             // Ensure we update the memory limit in case the new app requires more memory as a minimum
             // 0 and -1 are special updateConfig for memory limit indicating unset and unlimited
@@ -1419,7 +1375,7 @@ function repair(appId, data, auditSource, callback) {
 
                 // create a new task instead of updating the old one, since it helps tracking
                 addTask(appId, newState, { args, values, requiredState: null }, function (error, result) {
-                    if (error && error.reason === AppsError.ALREADY_EXISTS) error = getDuplicateErrorDetails(error.message, locations, domainObjectMap, { /* portBindings */});
+                    if (error && error.reason === BoxError.ALREADY_EXISTS) error = getDuplicateErrorDetails(error.message, locations, domainObjectMap, { /* portBindings */});
                     if (error) return callback(error);
 
                     eventlog.add(eventlog.ACTION_APP_REPAIR, auditSource, { taskId: result.taskId, app, newState });
@@ -1449,11 +1405,9 @@ function restore(appId, data, auditSource, callback) {
         var func = data.backupId ? backups.get.bind(null, data.backupId) : function (next) { return next(null, { manifest: app.manifest }); };
 
         func(function (error, backupInfo) {
-            if (error && error.reason === BackupsError.NOT_FOUND) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
-            if (!backupInfo.manifest) callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Could not get restore manifest'));
+            if (!backupInfo.manifest) callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Could not get restore manifest'));
 
             // re-validate because this new box version may not accept old configs
             error = checkManifestConstraints(backupInfo.manifest);
@@ -1481,6 +1435,43 @@ function restore(appId, data, auditSource, callback) {
     });
 }
 
+function importApp(appId, data, auditSource, callback) {
+    assert.strictEqual(typeof appId, 'string');
+    assert.strictEqual(typeof data, 'object');
+    assert.strictEqual(typeof auditSource, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('Will import app with id:%s', appId);
+
+    get(appId, function (error, app) {
+        if (error) return callback(error);
+
+        error = validateBackupFormat(data.backupFormat);
+        if (error) return callback(error);
+
+        error = checkAppState(app, exports.ISTATE_PENDING_RESTORE);
+        if (error) return callback(error);
+
+        // TODO: check if the file exists in the storage backend
+        const restoreConfig = { backupId: data.backupId, backupFormat: data.backupFormat, oldManifest: app.manifest };
+
+        const task = {
+            args: {
+                restoreConfig,
+                overwriteDns: true
+            },
+            values: {}
+        };
+        addTask(appId, exports.ISTATE_PENDING_RESTORE, task, function (error, result) {
+            if (error) return callback(error);
+
+            eventlog.add(eventlog.ACTION_APP_RESTORE, auditSource, { app: app, backupId: data.backupId, fromManifest: app.manifest, toManifest: app.manifest, taskId: result.taskId });
+
+            callback(null, { taskId: result.taskId });
+        });
+    });
+}
+
 function purchaseApp(data, callback) {
     assert.strictEqual(typeof data, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -1492,14 +1483,7 @@ function purchaseApp(data, callback) {
         appdb.del(data.appId, function (delError) {
             if (delError) debug('install: Failed to rollback app installation.', delError);
 
-            if (error.reason === AppstoreError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND, error.message));
-            if (error && error.reason === AppstoreError.PLAN_LIMIT) return callback(new AppsError(AppsError.PLAN_LIMIT, error.message));
-            if (error && error.reason === AppstoreError.INVALID_TOKEN) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === AppstoreError.LICENSE_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === AppstoreError.NOT_REGISTERED) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === AppstoreError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-
-            callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            callback(error);
         });
     });
 }
@@ -1529,11 +1513,9 @@ function clone(appId, data, user, auditSource, callback) {
         if (error) return callback(error);
 
         backups.get(backupId, function (error, backupInfo) {
-            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === BackupsError.NOT_FOUND) return callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Backup not found'));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
-            if (!backupInfo.manifest) callback(new AppsError(AppsError.EXTERNAL_ERROR, 'Could not get restore config'));
+            if (!backupInfo.manifest) callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Could not get restore config'));
 
             const manifest = backupInfo.manifest, appStoreId = app.appStoreId;
 
@@ -1546,7 +1528,7 @@ function clone(appId, data, user, auditSource, callback) {
 
             if (mailboxName) {
                 error = mail.validateName(mailboxName);
-                if (error) return callback(new AppsError(AppsError.BAD_FIELD, error.message, { field: 'mailboxName' }));
+                if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message, { field: 'mailboxName' }));
             } else {
                 mailboxName = mailboxNameForLocation(location, manifest);
             }
@@ -1565,14 +1547,14 @@ function clone(appId, data, user, auditSource, callback) {
                     sso: !!app.sso,
                     mailboxName: mailboxName,
                     enableBackup: app.enableBackup,
-                    robotsTxt: app.robotsTxt,
+                    reverseProxyConfig: app.reverseProxyConfig,
                     env: app.env,
                     alternateDomains: []
                 };
 
                 appdb.add(newAppId, appStoreId, manifest, location, domain, translatePortBindings(portBindings, manifest), data, function (error) {
-                    if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(getDuplicateErrorDetails(error.message, locations, domainObjectMap, portBindings));
-                    if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+                    if (error && error.reason === BoxError.ALREADY_EXISTS) return callback(getDuplicateErrorDetails(error.message, locations, domainObjectMap, portBindings));
+                    if (error) return callback(error);
 
                     purchaseApp({ appId: newAppId, appstoreId: app.appStoreId, manifestId: manifest.id }, function (error) {
                         if (error) return callback(error);
@@ -1614,11 +1596,7 @@ function uninstall(appId, auditSource, callback) {
         if (error) return callback(error);
 
         appstore.unpurchaseApp(appId, { appstoreId: app.appStoreId, manifestId: app.manifest.id }, function (error) {
-            if (error && error.reason === AppstoreError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND));
-            if (error && error.reason === AppstoreError.INVALID_TOKEN) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === AppstoreError.LICENSE_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error && error.reason === AppstoreError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             const task = {
                 args: {},
@@ -1687,16 +1665,16 @@ function stop(appId, callback) {
 function checkManifestConstraints(manifest) {
     assert(manifest && typeof manifest === 'object');
 
-    if (manifest.manifestVersion > 2) return new AppsError(AppsError.BAD_FIELD, 'Manifest version must be <= 2');
+    if (manifest.manifestVersion > 2) return new BoxError(BoxError.BAD_FIELD, 'Manifest version must be <= 2');
 
-    if (!manifest.dockerImage) return new AppsError(AppsError.BAD_FIELD, 'Missing dockerImage'); // dockerImage is optional in manifest
+    if (!manifest.dockerImage) return new BoxError(BoxError.BAD_FIELD, 'Missing dockerImage'); // dockerImage is optional in manifest
 
     if (semver.valid(manifest.maxBoxVersion) && semver.gt(constants.VERSION, manifest.maxBoxVersion)) {
-        return new AppsError(AppsError.BAD_FIELD, 'Box version exceeds Apps maxBoxVersion');
+        return new BoxError(BoxError.BAD_FIELD, 'Box version exceeds Apps maxBoxVersion');
     }
 
     if (semver.valid(manifest.minBoxVersion) && semver.gt(manifest.minBoxVersion, constants.VERSION)) {
-        return new AppsError(AppsError.BAD_FIELD, 'App version requires a new platform version');
+        return new BoxError(BoxError.BAD_FIELD, 'App version requires a new platform version');
     }
 
     return null;
@@ -1714,7 +1692,7 @@ function exec(appId, options, callback) {
         if (error) return callback(error);
 
         if (app.installationState !== exports.ISTATE_INSTALLED || app.runState !== exports.RSTATE_RUNNING) {
-            return callback(new AppsError(AppsError.BAD_STATE, 'App not installed or running'));
+            return callback(new BoxError(BoxError.BAD_STATE, 'App not installed or running'));
         }
 
         var container = docker.connection.getContainer(app.containerId);
@@ -1732,9 +1710,9 @@ function exec(appId, options, callback) {
         };
 
         container.exec(execOptions, function (error, exec) {
-            if (error && error.statusCode === 409) return callback(new AppsError(AppsError.BAD_STATE, error.message)); // container restarting/not running
+            if (error && error.statusCode === 409) return callback(new BoxError(BoxError.BAD_STATE, error.message)); // container restarting/not running
+            if (error) return callback(error);
 
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
             var startOptions = {
                 Detach: false,
                 Tty: options.tty,
@@ -1750,7 +1728,7 @@ function exec(appId, options, callback) {
                 stderr: true
             };
             exec.start(startOptions, function(error, stream /* in hijacked mode, this is a net.socket */) {
-                if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 if (options.rows && options.columns) {
                     // there is a race where resizing too early results in a 404 "no such exec"
@@ -1846,11 +1824,11 @@ function listBackups(page, perPage, appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     appdb.exists(appId, function (error, exists) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
-        if (!exists) return callback(new AppsError(AppsError.NOT_FOUND));
+        if (error) return callback(error);
+        if (!exists) return callback(new BoxError(BoxError.NOT_FOUND));
 
         backups.getByAppIdPaged(page, perPage, appId, function (error, results) {
-            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, results);
         });
@@ -1861,7 +1839,8 @@ function restoreInstalledApps(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     getAll(function (error, apps) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
+
         apps = apps.filter(app => app.installationState !== exports.ISTATE_ERROR); // remove errored apps. let them be 'repaired' by hand
         apps = apps.filter(app => app.installationState !== exports.ISTATE_PENDING_RESTORE); // safeguard against tasks being created non-stop if we crash on startup
 
@@ -1900,7 +1879,8 @@ function configureInstalledApps(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     getAll(function (error, apps) {
-        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
+
         apps = apps.filter(app => app.installationState !== exports.ISTATE_ERROR); // remove errored apps. let them be 'repaired' by hand
         apps = apps.filter(app => app.installationState !== exports.ISTATE_PENDING_CONFIGURE); // safeguard against tasks being created non-stop if we crash on startup
 
@@ -1960,7 +1940,7 @@ function downloadFile(appId, filePath, callback) {
         stream.on('data', function (d) { data += d; });
         stream.on('end', function () {
             var parts = data.split('-');
-            if (parts.length !== 2) return callback(new AppsError(AppsError.NOT_FOUND, 'file does not exist'));
+            if (parts.length !== 2) return callback(new BoxError(BoxError.NOT_FOUND, 'file does not exist'));
 
             var type = parts[0], filename, cmd, size;
 
@@ -1968,13 +1948,13 @@ function downloadFile(appId, filePath, callback) {
                 cmd = [ 'cat', filePath ];
                 size = parseInt(parts[1], 10);
                 filename = path.basename(filePath);
-                if (isNaN(size)) return callback(new AppsError(AppsError.NOT_FOUND, 'file does not exist'));
+                if (isNaN(size)) return callback(new BoxError(BoxError.NOT_FOUND, 'file does not exist'));
             } else if (type === 'directory') {
                 cmd = ['tar', 'zcf', '-', '-C', filePath, '.'];
                 filename = path.basename(filePath) + '.tar.gz';
                 size = 0; // unknown
             } else {
-                return callback(new AppsError(AppsError.NOT_FOUND, 'only files or dirs can be downloaded'));
+                return callback(new BoxError(BoxError.NOT_FOUND, 'only files or dirs can be downloaded'));
             }
 
             exec(appId, { cmd: cmd , tty: false }, function (error, stream) {

src/appstore.js

@@ -19,14 +19,13 @@ exports = module.exports = {
     getAppUpdate: getAppUpdate,
     getBoxUpdate: getBoxUpdate,
 
-    createTicket: createTicket,
-
-    AppstoreError: AppstoreError
+    createTicket: createTicket
 };
 
 var apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     custom = require('./custom.js'),
     debug = require('debug')('box:appstore'),
@@ -39,48 +38,17 @@ var apps = require('./apps.js'),
     semver = require('semver'),
     settings = require('./settings.js'),
     superagent = require('superagent'),
-    sysinfo = require('./sysinfo.js'),
     users = require('./users.js'),
     util = require('util');
 
-function AppstoreError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(AppstoreError, Error);
-AppstoreError.INTERNAL_ERROR = 'Internal Error';
-AppstoreError.EXTERNAL_ERROR = 'External Error';
-AppstoreError.ALREADY_EXISTS = 'Already Exists';
-AppstoreError.ACCESS_DENIED = 'Access Denied';
-AppstoreError.NOT_FOUND = 'Not Found';
-AppstoreError.PLAN_LIMIT = 'Plan limit reached'; // upstream 402 (subsciption_expired and subscription_required)
-AppstoreError.LICENSE_ERROR = 'License Error'; // upstream 422 (no license, invalid license)
-AppstoreError.INVALID_TOKEN = 'Invalid token'; // upstream 401 (invalid token)
-AppstoreError.NOT_REGISTERED = 'Not registered'; // upstream 412 (no token, not set yet)
-AppstoreError.ALREADY_REGISTERED = 'Already registered';
-
-var NOOP_CALLBACK = function (error) { if (error) debug(error); };
+const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
 function getCloudronToken(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getCloudronToken(function (error, token) {
-        if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
-        if (!token) return callback(new AppstoreError(AppstoreError.NOT_REGISTERED));
+        if (error) return callback(error);
+        if (!token) return callback(new BoxError(BoxError.LICENSE_ERROR, 'Missing token'));
 
         callback(null, token);
     });
@@ -100,9 +68,9 @@ function login(email, password, totpToken, callback) {
 
     const url = settings.apiServerOrigin() + '/api/v1/login';
     superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-        if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.ACCESS_DENIED));
-        if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `login status code: ${result.statusCode}`));
+        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+        if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+        if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `login status code: ${result.statusCode}`));
 
         callback(null, result.body); // { userId, accessToken }
     });
@@ -120,9 +88,9 @@ function registerUser(email, password, callback) {
 
     const url = settings.apiServerOrigin() + '/api/v1/register_user';
     superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-        if (result.statusCode === 409) return callback(new AppstoreError(AppstoreError.ALREADY_EXISTS));
-        if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `register status code: ${result.statusCode}`));
+        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+        if (result.statusCode === 409) return callback(new BoxError(BoxError.ALREADY_EXISTS));
+        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `register status code: ${result.statusCode}`));
 
         callback(null);
     });
@@ -136,11 +104,11 @@ function getSubscription(callback) {
 
         const url = settings.apiServerOrigin() + '/api/v1/subscription';
         superagent.get(url).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR));
-            if (result.statusCode === 502) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Stripe error: ${error.message}`));
-            if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Unknown error: ${error.message}`));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR));
+            if (result.statusCode === 502) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Stripe error: ${error.message}`));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Unknown error: ${error.message}`));
 
             callback(null, result.body); // { email, subscription }
         });
@@ -164,13 +132,13 @@ function purchaseApp(data, callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/cloudronapps`;
 
         superagent.post(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND)); // appstoreId does not exist
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 402) return callback(new AppstoreError(AppstoreError.PLAN_LIMIT, result.body.message));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND)); // appstoreId does not exist
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 402) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
             // 200 if already purchased, 201 is newly purchased
-            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App purchase failed. %s %j', result.status, result.body)));
 
             callback(null);
         });
@@ -189,16 +157,16 @@ function unpurchaseApp(appId, data, callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/cloudronapps/${appId}`;
 
         superagent.get(url).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
             if (result.statusCode === 404) return callback(null);   // was never purchased
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode !== 201 && result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
 
             superagent.del(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
-                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode !== 204) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
+                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App unpurchase failed. %s %j', result.status, result.body)));
 
                 callback(null);
             });
@@ -214,42 +182,42 @@ function sendAliveStatus(callback) {
     async.series([
         function (callback) {
             settings.getAll(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 allSettings = result;
                 callback();
             });
         },
         function (callback) {
             domains.getAll(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 allDomains = result;
                 callback();
             });
         },
         function (callback) {
             mail.getDomains(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 mailDomains = result;
                 callback();
             });
         },
         function (callback) {
             eventlog.getAllPaged([ eventlog.ACTION_USER_LOGIN ], null, 1, 1, function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 loginEvents = result;
                 callback();
             });
         },
         function (callback) {
             users.count(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 userCount = result;
                 callback();
             });
         },
         function (callback) {
             groups.count(function (error, result) {
-                if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
                 groupCount = result;
                 callback();
             });
@@ -277,12 +245,13 @@ function sendAliveStatus(callback) {
             appAutoupdatePattern: allSettings[settings.APP_AUTOUPDATE_PATTERN_KEY],
             boxAutoupdatePattern: allSettings[settings.BOX_AUTOUPDATE_PATTERN_KEY],
             timeZone: allSettings[settings.TIME_ZONE_KEY],
+            sysinfoProvider: allSettings[settings.SYSINFO_CONFIG_KEY].provider
         };
 
         var data = {
             version: constants.VERSION,
             adminFqdn: settings.adminFqdn(),
-            provider: sysinfo.provider(),
+            provider: settings.provider(),
             backendSettings: backendSettings,
             machine: {
                 cpus: os.cpus(),
@@ -298,11 +267,11 @@ function sendAliveStatus(callback) {
 
             const url = `${settings.apiServerOrigin()}/api/v1/alive`;
             superagent.post(url).send(data).query({ accessToken: token }).timeout(30 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
-                if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
-                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Sending alive status failed. %s %j', result.status, result.body)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
+                if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Sending alive status failed. %s %j', result.status, result.body)));
 
                 callback(null);
             });
@@ -319,25 +288,25 @@ function getBoxUpdate(callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/boxupdate`;
 
         superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
             if (result.statusCode === 204) return callback(null); // no update
-            if (result.statusCode !== 200 || !result.body) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (result.statusCode !== 200 || !result.body) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
             var updateInfo = result.body;
 
             if (!semver.valid(updateInfo.version) || semver.gt(constants.VERSION, updateInfo.version)) {
-                return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Invalid update version: %s %s', result.statusCode, result.text)));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Invalid update version: %s %s', result.statusCode, result.text)));
             }
 
             // updateInfo: { version, changelog, sourceTarballUrl, sourceTarballSigUrl, boxVersionsUrl, boxVersionsSigUrl }
-            if (!updateInfo.version || typeof updateInfo.version !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.changelog || !Array.isArray(updateInfo.changelog)) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.sourceTarballUrl || typeof updateInfo.sourceTarballUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.sourceTarballSigUrl || typeof updateInfo.sourceTarballSigUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballSigUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.boxVersionsUrl || typeof updateInfo.boxVersionsUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsUrl): %s %s', result.statusCode, result.text)));
-            if (!updateInfo.boxVersionsSigUrl || typeof updateInfo.boxVersionsSigUrl !== 'string') return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsSigUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.version || typeof updateInfo.version !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.changelog || !Array.isArray(updateInfo.changelog)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad version): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.sourceTarballUrl || typeof updateInfo.sourceTarballUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.sourceTarballSigUrl || typeof updateInfo.sourceTarballSigUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad sourceTarballSigUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.boxVersionsUrl || typeof updateInfo.boxVersionsUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsUrl): %s %s', result.statusCode, result.text)));
+            if (!updateInfo.boxVersionsSigUrl || typeof updateInfo.boxVersionsSigUrl !== 'string') return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response (bad boxVersionsSigUrl): %s %s', result.statusCode, result.text)));
 
             callback(null, updateInfo);
         });
@@ -354,11 +323,11 @@ function getAppUpdate(app, callback) {
         const url = `${settings.apiServerOrigin()}/api/v1/appupdate`;
 
         superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION, appId: app.appStoreId, appVersion: app.manifest.version }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error));
-            if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error));
+            if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
             if (result.statusCode === 204) return callback(null); // no update
-            if (result.statusCode !== 200 || !result.body) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+            if (result.statusCode !== 200 || !result.body) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
             const updateInfo = result.body;
 
@@ -368,7 +337,7 @@ function getAppUpdate(app, callback) {
             // do some sanity checks
             if (!safe.query(updateInfo, 'manifest.version') || semver.gt(curAppVersion, safe.query(updateInfo, 'manifest.version'))) {
                 debug('Skipping malformed update of app %s version: %s. got %j', app.id, curAppVersion, updateInfo);
-                return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Malformed update: %s %s', result.statusCode, result.text)));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Malformed update: %s %s', result.statusCode, result.text)));
             }
 
             // { id, creationDate, manifest }
@@ -384,20 +353,20 @@ function registerCloudron(data, callback) {
     const url = `${settings.apiServerOrigin()}/api/v1/register_cloudron`;
 
     superagent.post(url).send(data).timeout(30 * 1000).end(function (error, result) {
-        if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-        if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, `Unable to register cloudron: ${error.message}`));
+        if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+        if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Unable to register cloudron: ${error.message}`));
 
         // cloudronId, token, licenseKey
-        if (!result.body.cloudronId) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no cloudron id'));
-        if (!result.body.cloudronToken) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no token'));
-        if (!result.body.licenseKey) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, 'Invalid response - no license'));
+        if (!result.body.cloudronId) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no cloudron id'));
+        if (!result.body.cloudronToken) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no token'));
+        if (!result.body.licenseKey) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response - no license'));
 
         async.series([
             settings.setCloudronId.bind(null, result.body.cloudronId),
             settings.setCloudronToken.bind(null, result.body.cloudronToken),
             settings.setLicenseKey.bind(null, result.body.licenseKey),
         ], function (error) {
-            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             debug(`registerCloudron: Cloudron registered with id ${result.body.cloudronId}`);
 
@@ -412,7 +381,7 @@ function registerWithLicense(license, domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     getCloudronToken(function (error, token) {
-        if (token) return callback(new AppstoreError(AppstoreError.ALREADY_REGISTERED));
+        if (token) return callback(new BoxError(BoxError.CONFLICT));
 
         registerCloudron({ license, domain }, callback);
     });
@@ -429,7 +398,7 @@ function registerWithLoginCredentials(options, callback) {
     }
 
     getCloudronToken(function (error, token) {
-        if (token) return callback(new AppstoreError(AppstoreError.ALREADY_REGISTERED));
+        if (token) return callback(new BoxError(BoxError.CONFLICT));
 
         maybeSignup(function (error) {
             if (error) return callback(error);
@@ -469,10 +438,10 @@ function createTicket(info, callback) {
             info.supportEmail = custom.spec().support.email; // destination address for tickets
 
             superagent.post(url).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-                if (result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
                 callback(null);
             });
@@ -487,14 +456,15 @@ function getApps(callback) {
         if (error) return callback(error);
 
         settings.getUnstableAppsConfig(function (error, unstable) {
-            if (error) return callback(new AppstoreError(AppstoreError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
+
             const url = `${settings.apiServerOrigin()}/api/v1/apps`;
             superagent.get(url).query({ accessToken: token, boxVersion: constants.VERSION, unstable: unstable }).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-                if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
-                if (!result.body.apps) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App listing failed. %s %j', result.status, result.body)));
+                if (!result.body.apps) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
 
                 callback(null, result.body.apps);
             });
@@ -514,11 +484,11 @@ function getAppVersion(appId, version, callback) {
         if (version !== 'latest') url += `/versions/${version}`;
 
         superagent.get(url).query({ accessToken: token }).timeout(10 * 1000).end(function (error, result) {
-            if (error && !error.response) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, error.message));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new AppstoreError(AppstoreError.INVALID_TOKEN));
-            if (result.statusCode === 404) return callback(new AppstoreError(AppstoreError.NOT_FOUND));
-            if (result.statusCode === 422) return callback(new AppstoreError(AppstoreError.LICENSE_ERROR, result.body.message));
-            if (result.statusCode !== 200) return callback(new AppstoreError(AppstoreError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('App fetch failed. %s %j', result.status, result.body)));
 
             callback(null, result.body);
         });

src/apptask.js

@@ -24,16 +24,14 @@ var addons = require('./addons.js'),
     apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
-    auditsource = require('./auditsource.js'),
+    auditSource = require('./auditsource.js'),
     backups = require('./backups.js'),
     BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:apptask'),
     df = require('@sindresorhus/df'),
     docker = require('./docker.js'),
     domains = require('./domains.js'),
-    DomainsError = domains.DomainsError,
     ejs = require('ejs'),
     eventlog = require('./eventlog.js'),
     fs = require('fs'),
@@ -82,7 +80,7 @@ function updateApp(app, values, callback) {
     debugApp(app, 'updating app with values: %j', values);
 
     appdb.update(app.id, values, function (error) {
-        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (error) return callback(error);
 
         for (var value in values) {
             app[value] = values[value];
@@ -115,7 +113,7 @@ function configureReverseProxy(app, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     reverseProxy.configureApp(app, { userId: null, username: 'apptask' }, function (error) {
-        if (error) return callback(new BoxError(BoxError.REVERSEPROXY_ERROR, `Error configuring nginx: ${error.message}`));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -126,7 +124,7 @@ function unconfigureReverseProxy(app, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     reverseProxy.unconfigureApp(app, function (error) {
-        if (error) return callback(new BoxError(BoxError.REVERSEPROXY_ERROR, `Error unconfiguring nginx: ${error.message}`));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -140,7 +138,7 @@ function createContainer(app, callback) {
     debugApp(app, 'creating container');
 
     docker.createContainer(app, function (error, container) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error creating container: ${error.message}`));
+        if (error) return callback(error);
 
         updateApp(app, { containerId: container.id }, callback);
     });
@@ -154,7 +152,7 @@ function deleteContainers(app, options, callback) {
     debugApp(app, 'deleting app containers (app, scheduler)');
 
     docker.deleteContainers(app.id, options, function (error) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error deleting container: ${error.message}`));
+        if (error) return callback(error);
 
         updateApp(app, { containerId: null }, callback);
     });
@@ -248,7 +246,7 @@ function addLogrotateConfig(app, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     docker.inspect(app.containerId, function (error, result) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error inspecting app container: ${error.message}`, { containerId: app.containerId }));
+        if (error) return callback(error);
 
         var runVolume = result.Mounts.find(function (mount) { return mount.Destination === '/run'; });
         if (!runVolume) return callback(new BoxError(BoxError.DOCKER_ERROR, 'App does not have /run mounted'));
@@ -352,7 +350,7 @@ function registerSubdomains(app, overwrite, callback) {
     assert.strictEqual(typeof overwrite, 'boolean');
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error);
 
         const allDomains = [ { subdomain: app.location, domain: app.domain }].concat(app.alternateDomains);
@@ -365,9 +363,9 @@ function registerSubdomains(app, overwrite, callback) {
 
                 // get the current record before updating it
                 domains.getDnsRecords(domain.subdomain, domain.domain, 'A', function (error, values) {
-                    if (error && error.reason === DomainsError.EXTERNAL_ERROR) return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
-                    if (error && error.reason === DomainsError.ACCESS_DENIED) return retryCallback(null, new BoxError(BoxError.ACCESS_DENIED, error.message, { domain }));
-                    if (error && error.reason === DomainsError.NOT_FOUND) return retryCallback(null, new BoxError(BoxError.NOT_FOUND, error.message, { domain }));
+                    if (error && error.reason === BoxError.EXTERNAL_ERROR) return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
+                    if (error && error.reason === BoxError.ACCESS_DENIED) return retryCallback(null, new BoxError(BoxError.ACCESS_DENIED, error.message, { domain }));
+                    if (error && error.reason === BoxError.NOT_FOUND) return retryCallback(null, new BoxError(BoxError.NOT_FOUND, error.message, { domain }));
                     if (error) return retryCallback(null, new BoxError(BoxError.EXTERNAL_ERROR, error.message, domain)); // give up for other errors
 
                     if (values.length !== 0 && values[0] === ip) return retryCallback(null); // up-to-date
@@ -376,7 +374,7 @@ function registerSubdomains(app, overwrite, callback) {
                     if (values.length !== 0 && !overwrite) return retryCallback(null, new BoxError(BoxError.ALREADY_EXISTS, 'DNS Record already exists', { domain }));
 
                     domains.upsertDnsRecords(domain.subdomain, domain.domain, 'A', [ ip ], function (error) {
-                        if (error && (error.reason === DomainsError.STILL_BUSY || error.reason === DomainsError.EXTERNAL_ERROR)) {
+                        if (error && (error.reason === BoxError.BUSY || error.reason === BoxError.EXTERNAL_ERROR)) {
                             debug('registerSubdomains: Upsert error. Will retry.', error.message);
                             return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
                         }
@@ -398,7 +396,7 @@ function unregisterSubdomains(app, allDomains, callback) {
     assert(Array.isArray(allDomains));
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error);
 
         async.eachSeries(allDomains, function (domain, iteratorDone) {
@@ -406,8 +404,8 @@ function unregisterSubdomains(app, allDomains, callback) {
                 debugApp(app, 'Unregistering subdomain: %s%s', domain.subdomain ? (domain.subdomain + '.') : '', domain.domain);
 
                 domains.removeDnsRecords(domain.subdomain, domain.domain, 'A', [ ip ], function (error) {
-                    if (error && error.reason === DomainsError.NOT_FOUND) return retryCallback(null, null);
-                    if (error && (error.reason === DomainsError.STILL_BUSY || error.reason === DomainsError.EXTERNAL_ERROR)) {
+                    if (error && error.reason === BoxError.NOT_FOUND) return retryCallback(null, null);
+                    if (error && (error.reason === BoxError.SBUSY || error.reason === BoxError.EXTERNAL_ERROR)) {
                         debug('registerSubdomains: Remove error. Will retry.', error.message);
                         return retryCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message, { domain })); // try again
                     }
@@ -432,7 +430,7 @@ function waitForDnsPropagation(app, callback) {
         return callback(null);
     }
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(new BoxError(BoxError.NETWORK_ERROR, `Error getting public IP: ${error.message}`));
 
         domains.waitForDnsRecord(app.location, app.domain, 'A', ip, { interval: 5000, times: 240 }, function (error) {
@@ -472,7 +470,7 @@ function downloadImage(manifest, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     docker.info(function (error, info) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error getting docker info: ${error.message}`));
+        if (error) return callback(error);
 
         const dfAsync = util.callbackify(df.file);
         dfAsync(info.DockerRootDir, function (error, diskUsage) {
@@ -480,7 +478,7 @@ function downloadImage(manifest, callback) {
             if (diskUsage.available < (1024*1024*1024)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Not enough disk space to pull docker image', { diskUsage: diskUsage, dockerRootDir: info.DockerRootDir }));
 
             docker.downloadImage(manifest, function (error) {
-                if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, `Error downloading image: ${error.message}`, { image: manifest.dockerImage }));
+                if (error) return callback(error);
 
                 callback(null);
             });
@@ -905,7 +903,7 @@ function update(app, args, progressCallback, callback) {
                 if (newTcpPorts[portName] || newUdpPorts[portName]) return callback(null); // port still in use
 
                 appdb.delPortBinding(currentPorts[portName], apps.PORT_TYPE_TCP, function (error) {
-                    if (error && error.reason === DatabaseError.NOT_FOUND) console.error('Portbinding does not exist in database.');
+                    if (error && error.reason === BoxError.NOT_FOUND) console.error('Portbinding does not exist in database.');
                     else if (error) return next(error);
 
                     // also delete from app object for further processing (the db is updated in the next step)
@@ -939,7 +937,7 @@ function update(app, args, progressCallback, callback) {
             debugApp(app, 'Error updating app: %s', error);
             updateApp(app, { installationState: apps.ISTATE_ERROR, error: makeTaskError(error, app) }, callback.bind(null, error));
         } else {
-            eventlog.add(eventlog.ACTION_APP_UPDATE_FINISH, auditsource.APP_TASK, { app: app, success: true }, () => callback()); // ignore error
+            eventlog.add(eventlog.ACTION_APP_UPDATE_FINISH, auditSource.APP_TASK, { app: app, success: true }, () => callback()); // ignore error
         }
     });
 }

src/apptaskmanager.js

@@ -67,7 +67,7 @@ function scheduleTask(appId, taskId, callback) {
 
     if (!fs.existsSync(path.dirname(logFile))) safe.fs.mkdirSync(path.dirname(logFile)); // ensure directory
 
-    tasks.startTask(taskId, { logFile }, function (error, result) {
+    tasks.startTask(taskId, { logFile, timeout: 20 * 60 * 60 * 1000 /* 20 hours */ }, function (error, result) {
         callback(error, result);
 
         delete gActiveTasks[appId];

src/authcodedb.js

@@ -12,8 +12,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 var AUTHCODES_FIELDS = [ 'authCode', 'userId', 'clientId', 'expiresAt' ].join(',');
 
@@ -22,8 +22,8 @@ function get(authCode, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + AUTHCODES_FIELDS + ' FROM authcodes WHERE authCode = ? AND expiresAt > ?', [ authCode, Date.now() ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Authcode not found'));
 
         callback(null, result[0]);
     });
@@ -37,12 +37,12 @@ function add(authCode, clientId, userId, expiresAt, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO authcodes (authCode, clientId, userId, expiresAt) VALUES (?, ?, ?, ?)',
-            [ authCode, clientId, userId, expiresAt ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        [ authCode, clientId, userId, expiresAt ], function (error, result) {
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+            if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
-        callback(null);
-    });
+            callback(null);
+        });
 }
 
 function del(authCode, callback) {
@@ -50,8 +50,8 @@ function del(authCode, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM authcodes WHERE authCode = ?', [ authCode ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Authcode not found'));
 
         callback(null);
     });
@@ -61,7 +61,7 @@ function delExpired(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM authcodes WHERE expiresAt <= ?', [ Date.now() ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         return callback(null, result.affectedRows);
     });
 }
@@ -70,7 +70,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM authcodes', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });

src/backupdb.js

@@ -1,8 +1,8 @@
 'use strict';
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     safe = require('safetydance'),
     util = require('util');
 
@@ -47,7 +47,7 @@ function getByTypeAndStatePaged(type, state, page, perPage, callback) {
 
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? AND state = ? ORDER BY creationTime DESC LIMIT ?,?',
         [ type, state, (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -63,7 +63,7 @@ function getByTypePaged(type, page, perPage, callback) {
 
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? ORDER BY creationTime DESC LIMIT ?,?',
         [ type, (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -80,7 +80,7 @@ function getByAppIdPaged(page, perPage, appId, callback) {
     // box versions (0.93.x and below) used to use appbackup_ prefix
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE type = ? AND state = ? AND id LIKE ? ORDER BY creationTime DESC LIMIT ?,?',
         [ exports.BACKUP_TYPE_APP, exports.BACKUP_STATE_NORMAL, '%app%\\_' + appId + '\\_%', (page-1)*perPage, perPage ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -94,8 +94,8 @@ function get(id, callback) {
 
     database.query('SELECT ' + BACKUPS_FIELDS + ' FROM backups WHERE id = ? ORDER BY creationTime DESC',
         [ id ], function (error, result) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Backup not found'));
 
             postProcess(result[0]);
 
@@ -119,8 +119,8 @@ function add(id, data, callback) {
     database.query('INSERT INTO backups (id, version, type, creationTime, state, dependsOn, manifestJson, format) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
         [ id, data.version, data.type, creationTime, exports.BACKUP_STATE_NORMAL, data.dependsOn.join(','), manifestJson, data.format ],
         function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });
@@ -139,8 +139,8 @@ function update(id, backup, callback) {
     values.push(id);
 
     database.query('UPDATE backups SET ' + fields.join(', ') + ' WHERE id = ?', values, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'Backup not found'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -150,7 +150,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('TRUNCATE TABLE backups', [], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }
@@ -160,7 +160,7 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM backups WHERE id=?', [ id ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }

src/backups.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    BackupsError: BackupsError,
-
     testConfig: testConfig,
 
     getByStatePaged: getByStatePaged,
@@ -41,14 +39,13 @@ exports = module.exports = {
 
 var addons = require('./addons.js'),
     apps = require('./apps.js'),
-    AppsError = require('./apps.js').AppsError,
     async = require('async'),
     assert = require('assert'),
     backupdb = require('./backupdb.js'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     crypto = require('crypto'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     DataLayout = require('./datalayout.js'),
     debug = require('debug')('box:backups'),
     df = require('@sindresorhus/df'),
@@ -78,31 +75,6 @@ function debugApp(app) {
     debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }
 
-function BackupsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(BackupsError, Error);
-BackupsError.EXTERNAL_ERROR = 'external error';
-BackupsError.INTERNAL_ERROR = 'internal error';
-BackupsError.BAD_STATE = 'bad state';
-BackupsError.BAD_FIELD = 'bad field';
-BackupsError.NOT_FOUND = 'not found';
-
 // choose which storage backend we use for test purpose we use s3
 function api(provider) {
     switch (provider) {
@@ -136,12 +108,12 @@ function testConfig(backupConfig, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var func = api(backupConfig.provider);
-    if (!func) return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown storage provider'));
+    if (!func) return callback(new BoxError(BoxError.BAD_FIELD, 'unknown storage provider', { field: 'provider' }));
 
-    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BackupsError(BackupsError.BAD_FIELD, 'unknown format'));
+    if (backupConfig.format !== 'tgz' && backupConfig.format !== 'rsync') return callback(new BoxError(BoxError.BAD_FIELD, 'unknown format', { field: 'format' }));
 
     // remember to adjust the cron ensureBackup task interval accordingly
-    if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Interval must be atleast 6 hours'));
+    if (backupConfig.intervalSecs < 6 * 60 * 60) return callback(new BoxError(BoxError.BAD_FIELD, 'Interval must be atleast 6 hours', { field: 'interval' }));
 
     api(backupConfig.provider).testConfig(backupConfig, callback);
 }
@@ -153,7 +125,7 @@ function getByStatePaged(state, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     backupdb.getByTypeAndStatePaged(backupdb.BACKUP_TYPE_BOX, state, page, perPage, function (error, results) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, results);
     });
@@ -166,7 +138,7 @@ function getByAppIdPaged(page, perPage, appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     backupdb.getByAppIdPaged(page, perPage, appId, function (error, results) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, results);
     });
@@ -177,8 +149,7 @@ function get(backupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     backupdb.get(backupId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new BackupsError(BackupsError.NOT_FOUND));
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -246,14 +217,14 @@ function createReadStream(sourceFile, key) {
 
     stream.on('error', function (error) {
         debug('createReadStream: read stream error.', error);
-        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     if (key !== null) {
         var encrypt = crypto.createCipher('aes-256-cbc', key);
         encrypt.on('error', function (error) {
             debug('createReadStream: encrypt stream error.', error);
-            ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
         });
         return stream.pipe(encrypt).pipe(ps);
     } else {
@@ -306,19 +277,19 @@ function tarPack(dataLayout, key, callback) {
 
     pack.on('error', function (error) {
         debug('tarPack: tar stream error.', error);
-        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     gzip.on('error', function (error) {
         debug('tarPack: gzip stream error.', error);
-        ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     if (key !== null) {
         var encrypt = crypto.createCipher('aes-256-cbc', key);
         encrypt.on('error', function (error) {
             debug('tarPack: encrypt stream error.', error);
-            ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
         });
         pack.pipe(gzip).pipe(encrypt).pipe(ps);
     } else {
@@ -379,7 +350,7 @@ function sync(backupConfig, backupId, dataLayout, progressCallback, callback) {
             }
         }, iteratorCallback);
     }, concurrency, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         callback();
     });
@@ -425,7 +396,7 @@ function checkFreeDiskSpace(backupConfig, dataLayout, callback) {
     for (let localPath of dataLayout.localPaths()) {
         debug(`checkFreeDiskSpace: getting disk usage of ${localPath}`);
         let result = safe.child_process.execSync(`du -Dsb ${localPath}`, { encoding: 'utf8' });
-        if (!result) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, safe.error));
+        if (!result) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
         used += parseInt(result, 10);
     }
 
@@ -433,11 +404,11 @@ function checkFreeDiskSpace(backupConfig, dataLayout, callback) {
 
     df.file(backupConfig.backupFolder).then(function (diskUsage) {
         const needed = used + (1024 * 1024 * 1024); // check if there is atleast 1GB left afterwards
-        if (diskUsage.available <= needed) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Not enough disk space for backup. Needed: ${prettyBytes(needed)} Available: ${prettyBytes(diskUsage.available)}`));
+        if (diskUsage.available <= needed) return callback(new BoxError(BoxError.FS_ERROR, `Not enough disk space for backup. Needed: ${prettyBytes(needed)} Available: ${prettyBytes(diskUsage.available)}`));
 
         callback(null);
     }).catch(function (error) {
-        callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        callback(new BoxError(BoxError.FS_ERROR, error));
     });
 }
 
@@ -454,7 +425,7 @@ function upload(backupId, format, dataLayoutString, progressCallback, callback)
     const dataLayout = DataLayout.fromString(dataLayoutString);
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         checkFreeDiskSpace(backupConfig, dataLayout, function (error) {
             if (error) return callback(error);
@@ -471,7 +442,7 @@ function upload(backupId, format, dataLayoutString, progressCallback, callback)
                             if (!transferred && !speed) return progressCallback({ message: 'Uploading backup' }); // 0M@0Mbps looks wrong
                             progressCallback({ message: `Uploading backup ${transferred}M@${speed}Mbps` });
                         });
-                        tarStream.on('error', retryCallback); // already returns BackupsError
+                        tarStream.on('error', retryCallback); // already returns BoxError
 
                         api(backupConfig.provider).upload(backupConfig, getBackupFilePath(backupConfig, backupId, format), tarStream, retryCallback);
                     });
@@ -505,17 +476,17 @@ function tarExtract(inStream, dataLayout, key, callback) {
 
     inStream.on('error', function (error) {
         debug('tarExtract: input stream error.', error);
-        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     gunzip.on('error', function (error) {
         debug('tarExtract: gunzip stream error.', error);
-        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     extract.on('error', function (error) {
         debug('tarExtract: extract stream error.', error);
-        emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        emitError(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     extract.on('finish', function () {
@@ -528,7 +499,7 @@ function tarExtract(inStream, dataLayout, key, callback) {
         var decrypt = crypto.createDecipher('aes-256-cbc', key);
         decrypt.on('error', function (error) {
             debug('tarExtract: decrypt stream error.', error);
-            emitError(new BackupsError(BackupsError.EXTERNAL_ERROR, `Failed to decrypt: ${error.message}`));
+            emitError(new BoxError(BoxError.EXTERNAL_ERROR, `Failed to decrypt: ${error.message}`));
         });
         inStream.pipe(ps).pipe(decrypt).pipe(gunzip).pipe(extract);
     } else {
@@ -546,19 +517,19 @@ function restoreFsMetadata(dataLayout, metadataFile, callback) {
     debug(`Recreating empty directories in ${dataLayout.toString()}`);
 
     var metadataJson = safe.fs.readFileSync(metadataFile, 'utf8');
-    if (metadataJson === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error loading fsmetadata.json:' + safe.error.message));
+    if (metadataJson === null) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Error loading fsmetadata.json:' + safe.error.message));
     var metadata = safe.JSON.parse(metadataJson);
-    if (metadata === null) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error parsing fsmetadata.json:' + safe.error.message));
+    if (metadata === null) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Error parsing fsmetadata.json:' + safe.error.message));
 
     async.eachSeries(metadata.emptyDirs, function createPath(emptyDir, iteratorDone) {
         mkdirp(dataLayout.toLocalPath(emptyDir), iteratorDone);
     }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `unable to create path: ${error.message}`));
 
         async.eachSeries(metadata.execFiles, function createPath(execFile, iteratorDone) {
             fs.chmod(dataLayout.toLocalPath(execFile), parseInt('0755', 8), iteratorDone);
         }, function (error) {
-            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `unable to chmod: ${error.message}`));
 
             callback();
         });
@@ -578,12 +549,12 @@ function downloadDir(backupConfig, backupFilePath, dataLayout, progressCallback,
         let relativePath = path.relative(backupFilePath, entry.fullPath);
         if (backupConfig.key) {
             relativePath = decryptFilePath(relativePath, backupConfig.key);
-            if (!relativePath) return callback(new BackupsError(BackupsError.BAD_STATE, 'Unable to decrypt file'));
+            if (!relativePath) return callback(new BoxError(BoxError.BAD_STATE, 'Unable to decrypt file'));
         }
         const destFilePath = dataLayout.toLocalPath('./' + relativePath);
 
         mkdirp(path.dirname(destFilePath), function (error) {
-            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            if (error) return callback(new BoxError(BoxError.FS_ERROR, error.message));
 
             async.retry({ times: 5, interval: 20000 }, function (retryCallback) {
                 let destStream = createWriteStream(destFilePath, backupConfig.key || null);
@@ -640,7 +611,7 @@ function download(backupConfig, backupId, format, dataLayout, progressCallback,
 
                     ps.on('progress', function (progress) {
                         const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
-                        if (!transferred && !speed) return progressCallback({ message: 'Downloading' }); // 0M@0Mbps looks wrong
+                        if (!transferred && !speed) return progressCallback({ message: 'Downloading backup' }); // 0M@0Mbps looks wrong
                         progressCallback({ message: `Downloading ${transferred}M@${speed}Mbps` });
                     });
                     ps.on('error', retryCallback);
@@ -671,7 +642,7 @@ function restore(backupConfig, backupId, progressCallback, callback) {
         debug('restore: download completed, importing database');
 
         database.importFromFile(`${dataLayout.localRoot()}/box.mysqldump`, function (error) {
-            if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             debug('restore: database imported');
 
@@ -694,7 +665,7 @@ function restoreApp(app, addonsToRestore, restoreConfig, progressCallback, callb
     var startTime = new Date();
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.series([
             download.bind(null, backupConfig, restoreConfig.backupId, restoreConfig.backupFormat, dataLayout, progressCallback),
@@ -718,9 +689,9 @@ function runBackupUpload(backupId, format, dataLayout, progressCallback, callbac
 
     shell.sudo(`backup-${backupId}`, [ BACKUP_UPLOAD_CMD, backupId, format, dataLayout.toString() ], { preserveEnv: true, ipc: true }, function (error) {
         if (error && (error.code === null /* signal */ || (error.code !== 0 && error.code !== 50))) { // backuptask crashed
-            return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Backuptask crashed'));
+            return callback(new BoxError(BoxError.INTERNAL_ERROR, 'Backuptask crashed'));
         } else if (error && error.code === 50) { // exited with error
-            return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, result));
+            return callback(new BoxError(BoxError.EXTERNAL_ERROR, result));
         }
 
         callback();
@@ -748,7 +719,9 @@ function setSnapshotInfo(id, info, callback) {
     var contents = safe.fs.readFileSync(paths.SNAPSHOT_INFO_FILE, 'utf8');
     var data = safe.JSON.parse(contents) || { };
     if (info) data[id] = info; else delete data[id];
-    if (!safe.fs.writeFileSync(paths.SNAPSHOT_INFO_FILE, JSON.stringify(data, null, 4), 'utf8')) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, safe.error.message));
+    if (!safe.fs.writeFileSync(paths.SNAPSHOT_INFO_FILE, JSON.stringify(data, null, 4), 'utf8')) {
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+    }
 
     callback();
 }
@@ -760,7 +733,7 @@ function snapshotBox(progressCallback, callback) {
     progressCallback({ message: 'Snapshotting box' });
 
     database.exportToFile(`${paths.BOX_DATA_DIR}/box.mysqldump`, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback();
     });
@@ -798,7 +771,6 @@ function rotateBoxBackup(backupConfig, tag, appBackupIds, progressCallback, call
     assert.strictEqual(typeof callback, 'function');
 
     var snapshotInfo = getSnapshotInfo('box');
-    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));
 
     const snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,''); // add this to filename to make it unique, so it's easy to download them
     const backupId = util.format('%s/box_%s_v%s', tag, snapshotTime, constants.VERSION);
@@ -807,7 +779,7 @@ function rotateBoxBackup(backupConfig, tag, appBackupIds, progressCallback, call
     debug(`Rotating box backup to id ${backupId}`);
 
     backupdb.add(backupId, { version: constants.VERSION, type: backupdb.BACKUP_TYPE_BOX, dependsOn: appBackupIds, manifest: null, format: format }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, 'snapshot/box', format), getBackupFilePath(backupConfig, backupId, format));
         copy.on('progress', (message) => progressCallback({ message }));
@@ -816,7 +788,7 @@ function rotateBoxBackup(backupConfig, tag, appBackupIds, progressCallback, call
 
             backupdb.update(backupId, { state: state }, function (error) {
                 if (copyBackupError) return callback(copyBackupError);
-                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 debug(`Rotated box backup successfully as id ${backupId}`);
 
@@ -833,7 +805,7 @@ function backupBoxWithAppBackupIds(appBackupIds, tag, progressCallback, callback
     assert.strictEqual(typeof callback, 'function');
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         uploadBoxSnapshot(backupConfig, progressCallback, function (error) {
             if (error) return callback(error);
@@ -860,11 +832,11 @@ function snapshotApp(app, progressCallback, callback) {
     progressCallback({ message: `Snapshotting app ${app.fqdn}` });
 
     if (!safe.fs.writeFileSync(path.join(paths.APPS_DATA_DIR, app.id + '/config.json'), JSON.stringify(app))) {
-        return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Error creating config.json: ' + safe.error.message));
+        return callback(new BoxError(BoxError.FS_ERROR, 'Error creating config.json: ' + safe.error.message));
     }
 
     addons.backupAddons(app, app.manifest.addons, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         return callback(null);
     });
@@ -879,7 +851,6 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
     assert.strictEqual(typeof callback, 'function');
 
     var snapshotInfo = getSnapshotInfo(app.id);
-    if (!snapshotInfo) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, 'Snapshot info missing or corrupt'));
 
     var manifest = snapshotInfo.restoreConfig ? snapshotInfo.restoreConfig.manifest : snapshotInfo.manifest; // compat
     const snapshotTime = snapshotInfo.timestamp.replace(/[T.]/g, '-').replace(/[:Z]/g,''); // add this for unique filename which helps when downloading them
@@ -889,7 +860,7 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
     debug(`Rotating app backup of ${app.id} to id ${backupId}`);
 
     backupdb.add(backupId, { version: manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ], manifest: manifest, format: format }, function (error) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         var copy = api(backupConfig.provider).copy(backupConfig, getBackupFilePath(backupConfig, `snapshot/app_${app.id}`, format), getBackupFilePath(backupConfig, backupId, format));
         copy.on('progress', (message) => progressCallback({ message }));
@@ -898,7 +869,7 @@ function rotateAppBackup(backupConfig, app, tag, options, progressCallback, call
 
             backupdb.update(backupId, { preserveSecs: options.preserveSecs || 0, state: state }, function (error) {
                 if (copyBackupError) return callback(copyBackupError);
-                if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 debug(`Rotated app backup of ${app.id} successfully to id ${backupId}`);
 
@@ -947,7 +918,7 @@ function backupAppWithTag(app, tag, options, progressCallback, callback) {
     if (!canBackupApp(app)) return callback(); // nothing to do
 
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         uploadAppSnapshot(backupConfig, app, progressCallback, function (error) {
             if (error) return callback(error);
@@ -978,7 +949,7 @@ function backupBoxAndApps(progressCallback, callback) {
     const tag = (new Date()).toISOString().replace(/[T.]/g, '-').replace(/[:Z]/g,'');
 
     apps.getAll(function (error, allApps) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         let percent = 1;
         let step = 100/(allApps.length+2);
@@ -993,7 +964,7 @@ function backupBoxAndApps(progressCallback, callback) {
             }
 
             backupAppWithTag(app, tag, { /* options */ }, (progress) => progressCallback({ percent: percent, message: progress.message }), function (error, backupId) {
-                if (error && error.reason !== BackupsError.BAD_STATE) {
+                if (error && error.reason !== BoxError.BAD_STATE) {
                     debugApp(app, 'Unable to backup', error);
                     return iteratorCallback(error);
                 }
@@ -1017,19 +988,20 @@ function backupBoxAndApps(progressCallback, callback) {
 
 function startBackupTask(auditSource, callback) {
     let error = locker.lock(locker.OP_FULL_BACKUP);
-    if (error) return callback(new BackupsError(BackupsError.BAD_STATE, `Cannot backup now: ${error.message}`));
+    if (error) return callback(new BoxError(BoxError.BAD_STATE, `Cannot backup now: ${error.message}`));
 
     tasks.add(tasks.TASK_BACKUP, [ ], function (error, taskId) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_BACKUP_START, auditSource, { taskId });
 
-        tasks.startTask(taskId, {}, function (error, result) {
+        tasks.startTask(taskId, { timeout: 12 * 60 * 60 * 1000 /* 12 hours */ }, function (error, backupId) {
             locker.unlock(locker.OP_FULL_BACKUP);
 
             const errorMessage = error ? error.message : '';
+            const timedOut = error ? error.code === tasks.ETIMEOUT : false;
 
-            eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { taskId: taskId, errorMessage: errorMessage, backupId: result });
+            eventlog.add(eventlog.ACTION_BACKUP_FINISH, auditSource, { taskId, errorMessage, timedOut, backupId });
         });
 
         callback(null, taskId);
@@ -1105,7 +1077,7 @@ function cleanupAppBackups(backupConfig, referencedAppBackups, callback) {
 
     // we clean app backups of any state because the ones to keep are determined by the box cleanup code
     backupdb.getByTypePaged(backupdb.BACKUP_TYPE_APP, 1, 1000, function (error, appBackups) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.eachSeries(appBackups, function iterator(appBackup, iteratorDone) {
             if (referencedAppBackups.indexOf(appBackup.id) !== -1) return iteratorDone();
@@ -1193,7 +1165,7 @@ function cleanupSnapshots(backupConfig, callback) {
     delete info.box;
     async.eachSeries(Object.keys(info), function (appId, iteratorDone) {
         apps.get(appId, function (error /*, app */) {
-            if (!error || error.reason !== AppsError.NOT_FOUND) return iteratorDone();
+            if (!error || error.reason !== BoxError.NOT_FOUND) return iteratorDone();
 
             function done(/* ignoredError */) {
                 safe.fs.unlinkSync(path.join(paths.BACKUP_INFO_DIR, `${appId}.sync.cache`));
@@ -1259,7 +1231,7 @@ function cleanup(auditSource, progressCallback, callback) {
 function startCleanupTask(auditSource, callback) {
 
     tasks.add(tasks.TASK_CLEAN_BACKUPS, [ auditSource ], function (error, taskId) {
-        if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         tasks.startTask(taskId, {}, (error, result) => { // result is { removedBoxBackups, removedAppBackups }
             eventlog.add(eventlog.ACTION_BACKUP_CLEANUP_FINISH, auditSource, {

src/boxerror.js

@@ -3,6 +3,7 @@
 'use strict';
 
 const assert = require('assert'),
+    HttpError = require('connect-lastmile').HttpError,
     util = require('util'),
     _ = require('underscore');
 
@@ -34,19 +35,29 @@ util.inherits(BoxError, Error);
 BoxError.ACCESS_DENIED = 'Access Denied';
 BoxError.ALREADY_EXISTS = 'Already Exists';
 BoxError.BAD_FIELD = 'Bad Field';
+BoxError.BAD_STATE = 'Bad State';
+BoxError.BUSY = 'Busy';
 BoxError.COLLECTD_ERROR = 'Collectd Error';
 BoxError.CONFLICT = 'Conflict';
+BoxError.CRYPTO_ERROR = 'Crypto Error';
 BoxError.DATABASE_ERROR = 'Database Error';
 BoxError.DNS_ERROR = 'DNS Error';
 BoxError.DOCKER_ERROR = 'Docker Error';
-BoxError.EXTERNAL_ERROR = 'External Error';
+BoxError.EXTERNAL_ERROR = 'External Error'; // use this for external API errors
 BoxError.FS_ERROR = 'FileSystem Error';
+BoxError.INACTIVE = 'Inactive';
 BoxError.INTERNAL_ERROR = 'Internal Error';
+BoxError.INVALID_CREDENTIALS = 'Invalid Credentials';
+BoxError.LICENSE_ERROR = 'License Error';
 BoxError.LOGROTATE_ERROR = 'Logrotate Error';
+BoxError.MAIL_ERROR = 'Mail Error';
 BoxError.NETWORK_ERROR = 'Network Error';
+BoxError.NGINX_ERROR = 'Nginx Error';
 BoxError.NOT_FOUND = 'Not found';
+BoxError.NOT_IMPLEMENTED = 'Not implemented';
+BoxError.NOT_SIGNED = 'Not Signed';
 BoxError.OPENSSL_ERROR = 'OpenSSL Error';
-BoxError.REVERSEPROXY_ERROR = 'ReverseProxy Error';
+BoxError.PLAN_LIMIT = 'Plan Limit';
 BoxError.TASK_ERROR = 'Task Error';
 BoxError.TRY_AGAIN = 'Try Again';
 BoxError.UNKNOWN_ERROR = 'Unknown Error'; // only used for porting
@@ -54,3 +65,31 @@ BoxError.UNKNOWN_ERROR = 'Unknown Error'; // only used for porting
 BoxError.prototype.toPlainObject = function () {
     return _.extend({}, { message: this.message, reason: this.reason }, this.details);
 };
+
+// this is a class method for now in case error is not a BoxError
+BoxError.toHttpError = function (error) {
+    switch (error.reason) {
+    case BoxError.BAD_FIELD:
+        return new HttpError(400, error);
+    case BoxError.LICENSE_ERROR:
+        return new HttpError(402, error);
+    case BoxError.NOT_FOUND:
+        return new HttpError(404, error);
+    case BoxError.ALREADY_EXISTS:
+    case BoxError.BAD_STATE:
+    case BoxError.CONFLICT:
+        return new HttpError(409, error);
+    case BoxError.INVALID_CREDENTIALS:
+        return new HttpError(412, error);
+    case BoxError.EXTERNAL_ERROR:
+    case BoxError.NETWORK_ERROR:
+    case BoxError.FS_ERROR:
+    case BoxError.MAIL_ERROR:
+    case BoxError.DOCKER_ERROR:
+        return new HttpError(424, error);
+    case BoxError.DATABASE_ERROR:
+    case BoxError.INTERNAL_ERROR:
+    default:
+        return new HttpError(500, error);
+    }
+};

src/clientdb.js

@@ -15,14 +15,12 @@ exports = module.exports = {
     delByAppId: delByAppId,
     delByAppIdAndType: delByAppIdAndType,
 
-    _clear: clear,
-    _addDefaultClients: addDefaultClients
+    _clear: clear
 };
 
 var assert = require('assert'),
-    async = require('async'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 var CLIENTS_FIELDS = [ 'id', 'appId', 'type', 'clientSecret', 'redirectURI', 'scope' ].join(',');
 var CLIENTS_FIELDS_PREFIXED = [ 'clients.id', 'clients.appId', 'clients.type', 'clients.clientSecret', 'clients.redirectURI', 'clients.scope' ].join(',');
@@ -32,8 +30,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, `Client not found: ${id}`));
 
         callback(null, result[0]);
     });
@@ -43,7 +41,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients ORDER BY appId', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -53,7 +51,7 @@ function getAllWithTokenCount(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS_PREFIXED + ',COUNT(tokens.clientId) AS tokenCount FROM clients LEFT OUTER JOIN tokens ON clients.id=tokens.clientId GROUP BY clients.id', [], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -64,7 +62,7 @@ function getAllWithTokenCountByIdentifier(identifier, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS_PREFIXED + ',COUNT(tokens.clientId) AS tokenCount FROM clients LEFT OUTER JOIN tokens ON clients.id=tokens.clientId WHERE tokens.identifier=? GROUP BY clients.id', [ identifier ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -75,8 +73,8 @@ function getByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? LIMIT 1', [ appId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null, result[0]);
     });
@@ -88,8 +86,8 @@ function getByAppIdAndType(appId, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + CLIENTS_FIELDS + ' FROM clients WHERE appId = ? AND type = ? LIMIT 1', [ appId, type ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null, result[0]);
     });
@@ -107,8 +105,8 @@ function add(id, appId, type, clientSecret, redirectURI, scope, callback) {
     var data = [ id, appId, type, clientSecret, redirectURI, scope ];
 
     database.query('INSERT INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -126,8 +124,8 @@ function upsert(id, appId, type, clientSecret, redirectURI, scope, callback) {
     var data = [ id, appId, type, clientSecret, redirectURI, scope ];
 
     database.query('REPLACE INTO clients (id, appId, type, clientSecret, redirectURI, scope) VALUES (?, ?, ?, ?, ?, ?)', data, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS));
-        if (error || result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS));
+        if (error || result.affectedRows === 0) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -138,8 +136,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM clients WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, `Client not found: ${id}`));
 
         callback(null);
     });
@@ -150,8 +148,8 @@ function delByAppId(appId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM clients WHERE appId=?', [ appId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null);
     });
@@ -163,8 +161,8 @@ function delByAppIdAndType(appId, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM clients WHERE appId=? AND type=?', [ appId, type ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Client not found'));
 
         callback(null);
     });
@@ -173,17 +171,9 @@ function delByAppIdAndType(appId, type, callback) {
 function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('DELETE FROM clients WHERE id!="cid-webadmin" AND id!="cid-sdk" AND id!="cid-cli"', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+    database.query('DELETE FROM clients', function (error) {
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
 }
-
-function addDefaultClients(callback) {
-    async.series([
-        add.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', 'https://admin-localhost', '*'),
-        add.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', 'https://admin-localhost', '*'),
-        add.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', 'https://admin-localhost', '*')
-    ], callback);
-}

src/clients.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    ClientsError: ClientsError,
-
     add: add,
     get: get,
     del: del,
@@ -20,6 +18,11 @@ exports = module.exports = {
 
     removeTokenPrivateFields: removeTokenPrivateFields,
 
+    // client ids. we categorize them so we can have different restrictions based on the client
+    ID_WEBADMIN: 'cid-webadmin',    // dashboard oauth
+    ID_SDK: 'cid-sdk',              // created by user via dashboard
+    ID_CLI: 'cid-cli',              // created via cli tool
+
     // client type enums
     TYPE_EXTERNAL: 'external',
     TYPE_BUILT_IN: 'built-in',
@@ -30,54 +33,25 @@ exports = module.exports = {
 var apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     clientdb = require('./clientdb.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:clients'),
     eventlog = require('./eventlog.js'),
     hat = require('./hat.js'),
     accesscontrol = require('./accesscontrol.js'),
     tokendb = require('./tokendb.js'),
     users = require('./users.js'),
-    UsersError = users.UsersError,
-    util = require('util'),
     uuid = require('uuid'),
     _ = require('underscore');
 
-function ClientsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(ClientsError, Error);
-ClientsError.INVALID_SCOPE = 'Invalid scope';
-ClientsError.INVALID_CLIENT = 'Invalid client';
-ClientsError.INVALID_TOKEN = 'Invalid token';
-ClientsError.BAD_FIELD = 'Bad field';
-ClientsError.NOT_FOUND = 'Not found';
-ClientsError.INTERNAL_ERROR = 'Internal Error';
-ClientsError.NOT_ALLOWED = 'Not allowed to remove this client';
-
 function validateClientName(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 1) return new ClientsError(ClientsError.BAD_FIELD, 'Name must be atleast 1 character');
-    if (name.length > 128) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
+    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'name must be atleast 1 character', { field: 'name' });
+    if (name.length > 128) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
 
-    if (/[^a-zA-Z0-9-]/.test(name)) return new ClientsError(ClientsError.BAD_FIELD, 'Username can only contain alphanumerals and dash');
+    if (/[^a-zA-Z0-9-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'name can only contain alphanumerals and dash', { field: 'name' });
 
     return null;
 }
@@ -85,7 +59,7 @@ function validateClientName(name) {
 function validateTokenName(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length > 64) return new ClientsError(ClientsError.BAD_FIELD, 'Name too long');
+    if (name.length > 64) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
 
     return null;
 }
@@ -98,7 +72,7 @@ function add(appId, type, redirectURI, scope, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var error = accesscontrol.validateScopeString(scope);
-    if (error) return callback(new ClientsError(ClientsError.INVALID_SCOPE, error.message));
+    if (error) return callback(error);
 
     error = validateClientName(appId);
     if (error) return callback(error);
@@ -127,8 +101,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
         if (error) return callback(error);
+
         callback(null, result);
     });
 }
@@ -138,8 +112,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.del(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
         if (error) return callback(error);
+
         callback(null, result);
     });
 }
@@ -148,7 +122,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.getAll(function (error, results) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, []);
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, []);
         if (error) return callback(error);
 
         var tmp = [];
@@ -190,8 +164,8 @@ function getByAppIdAndType(appId, type, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     clientdb.getByAppIdAndType(appId, type, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
         if (error) return callback(error);
+
         callback(null, result);
     });
 }
@@ -202,7 +176,7 @@ function getTokensByUserId(clientId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tokendb.getByIdentifierAndClientId(userId, clientId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) {
+        if (error && error.reason === BoxError.NOT_FOUND) {
             // this can mean either that there are no tokens or the clientId is actually unknown
             get(clientId, function (error/*, result*/) {
                 if (error) return callback(error);
@@ -221,7 +195,7 @@ function delTokensByUserId(clientId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tokendb.delByIdentifierAndClientId(userId, clientId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) {
+        if (error && error.reason === BoxError.NOT_FOUND) {
             // this can mean either that there are no tokens or the clientId is actually unknown
             get(clientId, function (error/*, result*/) {
                 if (error) return callback(error);
@@ -243,10 +217,9 @@ function delByAppIdAndType(appId, type, callback) {
         if (error) return callback(error);
 
         tokendb.delByClientId(result.id, function (error) {
-            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
             clientdb.delByAppIdAndType(appId, type, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such client'));
                 if (error) return callback(error);
 
                 callback(null);
@@ -270,11 +243,10 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
         if (error) return callback(error);
 
         users.get(userId, function (error, user) {
-            if (error && error.reason === UsersError.NOT_FOUND) return callback(new ClientsError(ClientsError.NOT_FOUND, 'No such user'));
-            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             accesscontrol.scopesForUser(user, function (error, userScopes) {
-                if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 const scope = accesscontrol.canonicalScopeString(result.scope);
                 const authorizedScopes = accesscontrol.intersectScopes(userScopes, scope.split(','));
@@ -290,7 +262,7 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
                 };
 
                 tokendb.add(token, function (error) {
-                    if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+                    if (error) return callback(error);
 
                     callback(null, {
                         accessToken: token.accessToken,
@@ -305,7 +277,6 @@ function addTokenByUserId(clientId, userId, expiresAt, options, callback) {
     });
 }
 
-// this issues a cid-cli token that does not require a password in various routes
 function issueDeveloperToken(userObject, auditSource, callback) {
     assert.strictEqual(typeof userObject, 'object');
     assert.strictEqual(typeof auditSource, 'object');
@@ -313,7 +284,7 @@ function issueDeveloperToken(userObject, auditSource, callback) {
 
     const expiresAt = Date.now() + constants.DEFAULT_TOKEN_EXPIRATION;
 
-    addTokenByUserId('cid-cli', userObject.id, expiresAt, {}, function (error, result) {
+    addTokenByUserId(exports.ID_CLI, userObject.id, expiresAt, {}, function (error, result) {
         if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_USER_LOGIN, auditSource, { userId: userObject.id, user: users.removePrivateFields(userObject) });
@@ -331,8 +302,7 @@ function delToken(clientId, tokenId, callback) {
         if (error) return callback(error);
 
         tokendb.del(tokenId, function (error) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new ClientsError(ClientsError.INVALID_TOKEN, 'Invalid token'));
-            if (error) return callback(new ClientsError(ClientsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null);
         });
@@ -348,9 +318,9 @@ function addDefaultClients(origin, callback) {
     // The domain might have changed, therefor we have to update the record
     // id, appId, type, clientSecret, redirectURI, scope
     async.series([
-        clientdb.upsert.bind(null, 'cid-webadmin', 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
-        clientdb.upsert.bind(null, 'cid-sdk', 'SDK', 'built-in', 'secret-sdk', origin, '*'),
-        clientdb.upsert.bind(null, 'cid-cli', 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
+        clientdb.upsert.bind(null, exports.ID_WEBADMIN, 'Settings', 'built-in', 'secret-webadmin', origin, '*'),
+        clientdb.upsert.bind(null, exports.ID_SDK, 'SDK', 'built-in', 'secret-sdk', origin, '*'),
+        clientdb.upsert.bind(null, exports.ID_CLI, 'Cloudron Tool', 'built-in', 'secret-cli', origin, '*')
     ], callback);
 }
 

src/cloudron.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    CloudronError: CloudronError,
-
     initialize: initialize,
     uninitialize: uninitialize,
     getConfig: getConfig,
@@ -28,12 +26,12 @@ var apps = require('./apps.js'),
     async = require('async'),
     auditSource = require('./auditsource.js'),
     backups = require('./backups.js'),
+    BoxError = require('./boxerror.js'),
     clients = require('./clients.js'),
     constants = require('./constants.js'),
     cron = require('./cron.js'),
     debug = require('debug')('box:cloudron'),
     domains = require('./domains.js'),
-    DomainsError = require('./domains.js').DomainsError,
     eventlog = require('./eventlog.js'),
     custom = require('./custom.js'),
     fs = require('fs'),
@@ -49,40 +47,12 @@ var apps = require('./apps.js'),
     shell = require('./shell.js'),
     spawn = require('child_process').spawn,
     split = require('split'),
-    sysinfo = require('./sysinfo.js'),
     tasks = require('./tasks.js'),
-    TaskError = require('./tasks.js').TaskError,
-    users = require('./users.js'),
-    util = require('util');
+    users = require('./users.js');
 
 var REBOOT_CMD = path.join(__dirname, 'scripts/reboot.sh');
 
-var NOOP_CALLBACK = function (error) { if (error) debug(error); };
-
-function CloudronError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(CloudronError, Error);
-CloudronError.BAD_FIELD = 'Field error';
-CloudronError.INTERNAL_ERROR = 'Internal Error';
-CloudronError.EXTERNAL_ERROR = 'External Error';
-CloudronError.BAD_STATE = 'Bad state';
-CloudronError.ALREADY_UPTODATE = 'No Update Available';
+const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
 function initialize(callback) {
     assert.strictEqual(typeof callback, 'function');
@@ -119,11 +89,11 @@ function notifyUpdate(callback) {
     const version = safe.fs.readFileSync(paths.VERSION_FILE, 'utf8');
     if (version === constants.VERSION) return callback();
 
-    eventlog.add(eventlog.ACTION_UPDATE_FINISH, auditSource.CRON, { oldVersion: version || 'dev', newVersion: constants.VERSION }, function (error) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+    eventlog.add(eventlog.ACTION_UPDATE_FINISH, auditSource.CRON, { errorMessage: '', oldVersion: version || 'dev', newVersion: constants.VERSION }, function (error) {
+        if (error) return callback(error);
 
         tasks.setCompletedByType(tasks.TASK_UPDATE, { error: null }, function (error) {
-            if (error && error.reason !== TaskError.NOT_FOUND) return callback(error); // when hotfixing, task may not exist
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error); // when hotfixing, task may not exist
 
             safe.fs.writeFileSync(paths.VERSION_FILE, constants.VERSION, 'utf8');
 
@@ -153,7 +123,7 @@ function getConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getAll(function (error, allSettings) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         // be picky about what we send out here since this is sent for 'normal' users as well
         callback(null, {
@@ -165,7 +135,7 @@ function getConfig(callback) {
             version: constants.VERSION,
             isDemo: settings.isDemo(),
             memory: os.totalmem(),
-            provider: sysinfo.provider(),
+            provider: settings.provider(),
             cloudronName: allSettings[settings.CLOUDRON_NAME_KEY],
             uiSpec: custom.uiSpec()
         });
@@ -251,7 +221,7 @@ function getLogs(unit, options, callback) {
     // need to handle box.log without subdir
     if (unit === 'box') args.push(path.join(paths.LOG_DIR, 'box.log'));
     else if (unit.startsWith('crash-')) args.push(path.join(paths.CRASH_LOG_DIR, unit.slice(6) + '.log'));
-    else return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such unit'));
+    else return callback(new BoxError(BoxError.BAD_FIELD, 'No such unit', { field: 'unit' }));
 
     var cp = spawn('/usr/bin/tail', args);
 
@@ -284,19 +254,18 @@ function prepareDashboardDomain(domain, auditSource, callback) {
     debug(`prepareDashboardDomain: ${domain}`);
 
     domains.get(domain, function (error, domainObject) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such domain'));
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
 
         apps.getAll(function (error, result) {
-            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             const conflict = result.filter(app => app.fqdn === fqdn);
-            if (conflict.length) return callback(new CloudronError(CloudronError.BAD_STATE, 'Dashboard location conflicts with an existing app'));
+            if (conflict.length) return callback(new BoxError(BoxError.BAD_STATE, 'Dashboard location conflicts with an existing app'));
 
             tasks.add(tasks.TASK_PREPARE_DASHBOARD_DOMAIN, [ domain, auditSource ], function (error, taskId) {
-                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 tasks.startTask(taskId, {}, NOOP_CALLBACK);
 
@@ -315,11 +284,10 @@ function setDashboardDomain(domain, auditSource, callback) {
     debug(`setDashboardDomain: ${domain}`);
 
     domains.get(domain, function (error, domainObject) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new CloudronError(CloudronError.BAD_FIELD, 'No such domain'));
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         reverseProxy.writeAdminConfig(domain, function (error) {
-            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
 
@@ -327,7 +295,7 @@ function setDashboardDomain(domain, auditSource, callback) {
                 (done) => settings.setAdmin(domain, fqdn, done),
                 (done) => clients.addDefaultClients(settings.adminOrigin(), done)
             ], function (error) {
-                if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 eventlog.add(eventlog.ACTION_DASHBOARD_DOMAIN_UPDATE, auditSource, { domain: domain, fqdn: fqdn });
 
@@ -371,7 +339,7 @@ function renewCerts(options, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     tasks.add(tasks.TASK_RENEW_CERTS, [ options, auditSource ], function (error, taskId) {
-        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         tasks.startTask(taskId, {}, NOOP_CALLBACK);
 

src/custom.js

@@ -38,7 +38,7 @@ const DEFAULT_SPEC = {
     },
     alerts: {
         email: '',
-        notifyCloudronAdmins: false
+        notifyCloudronAdmins: true
     },
     footer: {
         body: '&copy; 2019 [Cloudron](https://cloudron.io) [Forum <i class="fa fa-comments"></i>](https://forum.cloudron.io)'

src/database.js

@@ -105,7 +105,7 @@ function clear(callback) {
 
     async.series([
         child_process.exec.bind(null, cmd),
-        require('./clientdb.js')._addDefaultClients
+        require('./clients.js').addDefaultClients.bind(null, 'https://admin-localhost')
     ], callback);
 }
 

src/databaseerror.js

@@ -1,34 +0,0 @@
-/* jslint node:true */
-
-'use strict';
-
-exports = module.exports = DatabaseError;
-
-var assert = require('assert'),
-    util = require('util');
-
-function DatabaseError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(DatabaseError, Error);
-
-DatabaseError.INTERNAL_ERROR = 'Internal error';
-DatabaseError.ALREADY_EXISTS = 'Entry already exist';
-DatabaseError.NOT_FOUND = 'Record not found';
-DatabaseError.BAD_FIELD = 'Invalid field';
-DatabaseError.IN_USE = 'In Use';

src/disks.js

@@ -8,34 +8,12 @@ exports = module.exports = {
 const apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     debug = require('debug')('box:disks'),
     df = require('@sindresorhus/df'),
     docker = require('./docker.js'),
     notifications = require('./notifications.js'),
-    paths = require('./paths.js'),
-    util = require('util');
-
-function DisksError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(DisksError, Error);
-DisksError.INTERNAL_ERROR = 'Internal Error';
-DisksError.EXTERNAL_ERROR = 'External Error';
+    paths = require('./paths.js');
 
 function getDisks(callback) {
     assert.strictEqual(typeof callback, 'function');
@@ -43,7 +21,7 @@ function getDisks(callback) {
     const dfAsync = async.asyncify(df), dfFileAsync = async.asyncify(df.file);
 
     docker.info(function (error, info) {
-        if (error) return callback(new DisksError(DisksError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.series([
             dfAsync,
@@ -52,7 +30,7 @@ function getDisks(callback) {
             dfFileAsync.bind(null, paths.APPS_DATA_DIR),
             dfFileAsync.bind(null, info.DockerRootDir)
         ], function (error, values) {
-            if (error) return callback(new DisksError(DisksError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.FS_ERROR, error));
 
             // filter by ext4 and then sort to make sure root disk is first
             const ext4Disks = values[0].filter((r) => r.type === 'ext4').sort((a, b) => a.mountpoint.localeCompare(b.mountpoint));
@@ -68,7 +46,7 @@ function getDisks(callback) {
             };
 
             apps.getAll(function (error, allApps) {
-                if (error) return callback(new DisksError(DisksError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 async.eachSeries(allApps, function (app, iteratorDone) {
                     if (!app.dataDir) {
@@ -81,7 +59,7 @@ function getDisks(callback) {
                         iteratorDone();
                     });
                 }, function (error) {
-                    if (error) return callback(new DisksError(DisksError.INTERNAL_ERROR, error));
+                    if (error) return callback(error);
 
                     callback(null, disks);
                 });

src/dns/caas.js

@@ -11,14 +11,18 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/caas'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     settings = require('../settings.js'),
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
 
+function formatError(response) {
+    return util.format('Caas DNS error [%s] %j', response.statusCode, response.body);
+}
+
 function getFqdn(location, domain) {
     assert.strictEqual(typeof location, 'string');
     assert.strictEqual(typeof domain, 'string');
@@ -63,10 +67,10 @@ function upsert(domainObject, location, type, values, callback) {
         .send(data)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-            if (result.statusCode === 420) return callback(new DomainsError(DomainsError.STILL_BUSY));
-            if (result.statusCode !== 201) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+            if (result.statusCode === 420) return callback(new BoxError(BoxError.BUSY));
+            if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -88,8 +92,8 @@ function get(domainObject, location, type, callback) {
         .query({ token: dnsConfig.token, type: type })
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null, result.body.values);
         });
@@ -116,11 +120,11 @@ function del(domainObject, location, type, values, callback) {
         .send(data)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-            if (result.statusCode === 420) return callback(new DomainsError(DomainsError.STILL_BUSY));
-            if (result.statusCode === 404) return callback(new DomainsError(DomainsError.NOT_FOUND));
-            if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+            if (result.statusCode === 420) return callback(new BoxError(BoxError.BUSY));
+            if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -145,7 +149,7 @@ function verifyDnsConfig(domainObject, callback) {
 
     const dnsConfig = domainObject.config;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     const ip = '127.0.0.1';
 

src/dns/cloudflare.js

@@ -12,10 +12,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/cloudflare'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js'),
@@ -37,15 +37,15 @@ function translateRequestError(result, callback) {
     assert.strictEqual(typeof result, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (result.statusCode === 404) return callback(new DomainsError(DomainsError.NOT_FOUND, util.format('%s %j', result.statusCode, 'API does not exist')));
-    if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
+    if (result.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND, util.format('%s %j', result.statusCode, 'API does not exist')));
+    if (result.statusCode === 422) return callback(new BoxError(BoxError.BAD_FIELD, result.body.message));
     if ((result.statusCode === 400 || result.statusCode === 401 || result.statusCode === 403) && result.body.errors.length > 0) {
         let error = result.body.errors[0];
         let message = `message: ${error.message} statusCode: ${result.statusCode} code:${error.code}`;
-        return callback(new DomainsError(DomainsError.ACCESS_DENIED, message));
+        return callback(new BoxError(BoxError.ACCESS_DENIED, message));
     }
 
-    callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
+    callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('%s %j', result.statusCode, result.body)));
 }
 
 function getZoneByName(dnsConfig, zoneName, callback) {
@@ -60,7 +60,7 @@ function getZoneByName(dnsConfig, zoneName, callback) {
         .end(function (error, result) {
             if (error && !error.response) return callback(error);
             if (result.statusCode !== 200 || result.body.success !== true) return translateRequestError(result, callback);
-            if (!result.body.result.length) return callback(new DomainsError(DomainsError.NOT_FOUND, util.format('%s %j', result.statusCode, result.body)));
+            if (!result.body.result.length) return callback(new BoxError(BoxError.NOT_FOUND, util.format('%s %j', result.statusCode, result.body)));
 
             callback(null, result.body.result[0]);
         });
@@ -259,7 +259,7 @@ function wait(domainObject, location, type, value, options, callback) {
 
         getDnsRecords(dnsConfig, zoneId, fqdn, type, function (error, dnsRecords) {
             if (error) return callback(error);
-            if (dnsRecords.length === 0) return callback(new DomainsError(DomainsError.NOT_FOUND, 'Domain not found'));
+            if (dnsRecords.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
 
             if (!dnsRecords[0].proxied) return waitForDns(fqdn, domainObject.zoneName, type, value, options, callback);
 
@@ -277,8 +277,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
-    if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'email must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
+    if (!dnsConfig.email || typeof dnsConfig.email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'email must be a non-empty string', { field: 'email' }));
 
     const ip = '127.0.0.1';
 
@@ -290,15 +290,15 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         getZoneByName(dnsConfig, zoneName, function(error, zone) {
             if (error) return callback(error);
 
             if (!_.isEqual(zone.name_servers.sort(), nameservers.sort())) {
                 debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.name_servers);
-                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Cloudflare'));
+                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Cloudflare', { field: 'nameservers' }));
             }
 
             const location = 'cloudrontestdns';

src/dns/digitalocean.js

@@ -12,10 +12,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/digitalocean'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     safe = require('safetydance'),
     superagent = require('superagent'),
     util = require('util'),
@@ -55,10 +55,10 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {
             .timeout(30 * 1000)
             .retry(5)
             .end(function (error, result) {
-                if (error && !error.response) return iteratorDone(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                if (result.statusCode === 404) return iteratorDone(new DomainsError(DomainsError.NOT_FOUND, formatError(result)));
-                if (result.statusCode === 403 || result.statusCode === 401) return iteratorDone(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return iteratorDone(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (error && !error.response) return iteratorDone(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 404) return iteratorDone(new BoxError(BoxError.NOT_FOUND, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return iteratorDone(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return iteratorDone(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 matchingRecords = matchingRecords.concat(result.body.domain_records.filter(function (record) {
                     return (record.type === type && record.name === name);
@@ -119,10 +119,10 @@ function upsert(domainObject, location, type, values, callback) {
                     .timeout(30 * 1000)
                     .retry(5)
                     .end(function (error, result) {
-                        if (error && !error.response) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                        if (result.statusCode === 422) return iteratorCallback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-                        if (result.statusCode !== 201) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return iteratorCallback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return iteratorCallback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 201) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                         recordIds.push(safe.query(result.body, 'domain_record.id'));
 
@@ -138,10 +138,10 @@ function upsert(domainObject, location, type, values, callback) {
                     // increment, as we have consumed the record
                         ++i;
 
-                        if (error && !error.response) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                        if (result.statusCode === 422) return iteratorCallback(new DomainsError(DomainsError.BAD_FIELD, result.body.message));
-                        if (result.statusCode !== 200) return iteratorCallback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                        if (error && !error.response) return iteratorCallback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                        if (result.statusCode === 403 || result.statusCode === 401) return iteratorCallback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                        if (result.statusCode === 422) return iteratorCallback(new BoxError(BoxError.BAD_FIELD, result.body.message));
+                        if (result.statusCode !== 200) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                         recordIds.push(safe.query(result.body, 'domain_record.id'));
 
@@ -209,10 +209,10 @@ function del(domainObject, location, type, values, callback) {
             .timeout(30 * 1000)
             .retry(5)
             .end(function (error, result) {
-                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
                 if (result.statusCode === 404) return callback(null);
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 debug('del: done');
 
@@ -241,7 +241,7 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     const ip = '127.0.0.1';
 
@@ -252,12 +252,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (nameservers.map(function (n) { return n.toLowerCase(); }).indexOf('ns1.digitalocean.com') === -1) {
             debug('verifyDnsConfig: %j does not contains DO NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to DigitalOcean'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to DigitalOcean', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/gandi.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/gandi'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
@@ -57,10 +57,10 @@ function upsert(domainObject, location, type, values, callback) {
         .timeout(30 * 1000)
         .send(data)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result)));
-            if (result.statusCode !== 201) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result)));
+            if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -82,10 +82,10 @@ function get(domainObject, location, type, callback) {
         .set('X-Api-Key', dnsConfig.token)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
             if (result.statusCode === 404) return callback(null, [ ]);
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             debug('get: %j', result.body);
 
@@ -110,10 +110,10 @@ function del(domainObject, location, type, values, callback) {
         .set('X-Api-Key', dnsConfig.token)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
             if (result.statusCode === 404) return callback(null);
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 204) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 204) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             debug('del: done');
 
@@ -141,7 +141,7 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     var credentials = {
         token: dnsConfig.token
@@ -152,12 +152,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.gandi.net') !== -1; })) {
             debug('verifyDnsConfig: %j does not contain Gandi NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Gandi'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Gandi', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/gcdns.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/gcdns'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     GCDNS = require('@google-cloud/dns').DNS,
     util = require('util'),
     waitForDns = require('./waitfordns.js'),
@@ -49,20 +49,20 @@ function getZoneByName(dnsConfig, zoneName, callback) {
     var gcdns = new GCDNS(getDnsCredentials(dnsConfig));
 
     gcdns.getZones(function (error, zones) {
-        if (error && error.message === 'invalid_grant') return callback(new DomainsError(DomainsError.ACCESS_DENIED, 'The key was probably revoked'));
-        if (error && error.reason === 'No such domain') return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
-        if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-        if (error && error.code === 404) return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+        if (error && error.message === 'invalid_grant') return callback(new BoxError(BoxError.ACCESS_DENIED, 'The key was probably revoked'));
+        if (error && error.reason === 'No such domain') return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+        if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+        if (error && error.code === 404) return callback(new BoxError(BoxError.NOT_FOUND, error.message));
         if (error) {
             debug('gcdns.getZones', error);
-            return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
         }
 
         var zone = zones.filter(function (zone) {
             return zone.metadata.dnsName.slice(0, -1) === zoneName;     // the zone name contains a '.' at the end
         })[0];
 
-        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));
+        if (!zone) return callback(new BoxError(BoxError.NOT_FOUND, 'no such zone'));
 
         callback(null, zone); //zone.metadata ~= {name="", dnsName="", nameServers:[]}
     });
@@ -85,10 +85,10 @@ function upsert(domainObject, location, type, values, callback) {
         if (error) return callback(error);
 
         zone.getRecords({ type: type, name: fqdn + '.' }, function (error, oldRecords) {
-            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
             if (error) {
                 debug('upsert->zone.getRecords', error);
-                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             }
 
             var newRecord = zone.record(type, {
@@ -98,11 +98,11 @@ function upsert(domainObject, location, type, values, callback) {
             });
 
             zone.createChange({ delete: oldRecords, add: newRecord }, function(error /*, change */) {
-                if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-                if (error && error.code === 412) return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+                if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+                if (error && error.code === 412) return callback(new BoxError(BoxError.BUSY, error.message));
                 if (error) {
                     debug('upsert->zone.createChange', error);
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
                 }
 
                 callback(null);
@@ -130,8 +130,8 @@ function get(domainObject, location, type, callback) {
         };
 
         zone.getRecords(params, function (error, records) {
-            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
             if (records.length === 0) return callback(null, [ ]);
 
             return callback(null, records[0].data);
@@ -154,18 +154,18 @@ function del(domainObject, location, type, values, callback) {
         if (error) return callback(error);
 
         zone.getRecords({ type: type, name: fqdn + '.' }, function(error, oldRecords) {
-            if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
             if (error) {
                 debug('del->zone.getRecords', error);
-                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             }
 
             zone.deleteRecords(oldRecords, function (error, change) {
-                if (error && error.code === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-                if (error && error.code === 412) return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+                if (error && error.code === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+                if (error && error.code === 412) return callback(new BoxError(BoxError.BUSY, error.message));
                 if (error) {
                     debug('del->zone.createChange', error);
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
                 }
 
                 callback(null, change.id);
@@ -194,10 +194,10 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (typeof dnsConfig.projectId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'projectId must be a string'));
-    if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials must be an object'));
-    if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.client_email must be a string'));
-    if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'credentials.private_key must be a string'));
+    if (typeof dnsConfig.projectId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'projectId must be a string', { field: 'projectId' }));
+    if (!dnsConfig.credentials || typeof dnsConfig.credentials !== 'object') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials must be an object', { field: 'credentials' }));
+    if (typeof dnsConfig.credentials.client_email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.client_email must be a string', { field: 'client_email' }));
+    if (typeof dnsConfig.credentials.private_key !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.private_key must be a string', { field: 'private_key' }));
 
     var credentials = getDnsCredentials(dnsConfig);
 
@@ -206,8 +206,8 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         getZoneByName(credentials, zoneName, function (error, zone) {
             if (error) return callback(error);
@@ -215,7 +215,7 @@ function verifyDnsConfig(domainObject, callback) {
             var definedNS = zone.metadata.nameServers.sort().map(function(r) { return r.replace(/\.$/, ''); });
             if (!_.isEqual(definedNS, nameservers.sort())) {
                 debug('verifyDnsConfig: %j and %j do not match', nameservers, definedNS);
-                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS'));
+                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Google Cloud DNS', { field: 'nameservers' }));
             }
 
             const location = 'cloudrontestdns';

src/dns/godaddy.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/godaddy'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     superagent = require('superagent'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
@@ -72,11 +72,11 @@ function upsert(domainObject, location, type, values, callback) {
         .timeout(30 * 1000)
         .send(records)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode === 400) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result))); // no such zone
-            if (result.statusCode === 422) return callback(new DomainsError(DomainsError.BAD_FIELD, formatError(result))); // conflict
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result))); // no such zone
+            if (result.statusCode === 422) return callback(new BoxError(BoxError.BAD_FIELD, formatError(result))); // conflict
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -98,10 +98,10 @@ function get(domainObject, location, type, callback) {
         .set('Authorization', `sso-key ${dnsConfig.apiKey}:${dnsConfig.apiSecret}`)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
-            if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
             if (result.statusCode === 404) return callback(null, [ ]);
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             debug('get: %j', result.body);
 
@@ -126,7 +126,7 @@ function del(domainObject, location, type, values, callback) {
 
     debug(`get: ${name} in zone ${zoneName} of type ${type} with values ${JSON.stringify(values)}`);
 
-    if (type !== 'A' && type !== 'TXT') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, new Error('Record deletion is not supported by GoDaddy API')));
+    if (type !== 'A' && type !== 'TXT') return callback(new BoxError(BoxError.EXTERNAL_ERROR, new Error('Record deletion is not supported by GoDaddy API')));
 
     // check if the record exists at all so that we don't insert the "Dead" record for no reason
     get(domainObject, location, type, function (error, values) {
@@ -144,10 +144,10 @@ function del(domainObject, location, type, values, callback) {
             .send(records)
             .timeout(30 * 1000)
             .end(function (error, result) {
-                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, util.format('Network error %s', error.message)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
                 if (result.statusCode === 404) return callback(null);
-                if (result.statusCode === 403 || result.statusCode === 401) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (result.statusCode === 403 || result.statusCode === 401) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 debug('del: done');
 
@@ -176,8 +176,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiKey must be a non-empty string'));
-    if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'apiSecret must be a non-empty string'));
+    if (!dnsConfig.apiKey || typeof dnsConfig.apiKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'apiKey must be a non-empty string', { field: 'apiKey' }));
+    if (!dnsConfig.apiSecret || typeof dnsConfig.apiSecret !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'apiSecret must be a non-empty string', { field: 'apiSecret' }));
 
     const ip = '127.0.0.1';
 
@@ -189,12 +189,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.domaincontrol.com') !== -1; })) {
             debug('verifyDnsConfig: %j does not contain GoDaddy NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to GoDaddy'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to GoDaddy', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/manual.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/manual'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     util = require('util'),
     waitForDns = require('./waitfordns.js');
 
@@ -22,6 +22,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 
 }
@@ -78,8 +79,8 @@ function verifyDnsConfig(domainObject, callback) {
 
     // Very basic check if the nameservers can be fetched
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         callback(null, {});
     });

src/dns/namecheap.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/namecheap'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     safe = require('safetydance'),
     superagent = require('superagent'),
     sysinfo = require('../sysinfo.js'),
@@ -37,8 +37,8 @@ function getQuery(dnsConfig, callback) {
     assert.strictEqual(typeof dnsConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+    sysinfo.getServerIp(function (error, ip) {
+        if (error) return callback(error);
 
         callback(null, {
             ApiUser: dnsConfig.username,
@@ -64,21 +64,21 @@ function getInternal(dnsConfig, zoneName, subdomain, type, callback) {
         query.TLD = zoneName.split('.')[1];
 
         superagent.get(ENDPOINT).query(query).end(function (error, result) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
             var parser = new xml2js.Parser();
             parser.parseString(result.text, function (error, result) {
-                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
                 var tmp = result.ApiResponse;
                 if (tmp['$'].Status !== 'OK') {
                     var errorMessage = safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response');
-                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new DomainsError(DomainsError.ACCESS_DENIED, errorMessage));
+                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new BoxError(BoxError.ACCESS_DENIED, errorMessage));
 
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, errorMessage));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
                 }
-                if (!tmp.CommandResponse[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
 
                 var hosts = result.ApiResponse.CommandResponse[0].DomainDNSGetHostsResult[0].host.map(function (h) {
                     return h['$'];
@@ -118,22 +118,22 @@ function setInternal(dnsConfig, zoneName, hosts, callback) {
         });
 
         superagent.post(ENDPOINT).query(query).end(function (error, result) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
             var parser = new xml2js.Parser();
             parser.parseString(result.text, function (error, result) {
-                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error));
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
                 var tmp = result.ApiResponse;
                 if (tmp['$'].Status !== 'OK') {
                     var errorMessage = safe.query(tmp, 'Errors[0].Error[0]._', 'Invalid response');
-                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new DomainsError(DomainsError.ACCESS_DENIED, errorMessage));
+                    if (errorMessage === 'API Key is invalid or API access has not been enabled') return callback(new BoxError(BoxError.ACCESS_DENIED, errorMessage));
 
-                    return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, errorMessage));
+                    return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
                 }
-                if (!tmp.CommandResponse[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSSetHostsResult[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
-                if (tmp.CommandResponse[0].DomainDNSSetHostsResult[0]['$'].IsSuccess !== 'true') return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (!tmp.CommandResponse[0].DomainDNSSetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
+                if (tmp.CommandResponse[0].DomainDNSSetHostsResult[0]['$'].IsSuccess !== 'true') return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
 
                 callback(null);
             });
@@ -281,8 +281,8 @@ function verifyDnsConfig(domainObject, callback) {
     const zoneName = domainObject.zoneName;
     const ip = '127.0.0.1';
 
-    if (!dnsConfig.username || typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a non-empty string'));
-    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a non-empty string'));
+    if (!dnsConfig.username || typeof dnsConfig.username !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'username must be a non-empty string', { field: 'username' }));
+    if (!dnsConfig.token || typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a non-empty string', { field: 'token' }));
 
     let credentials = {
         username: dnsConfig.username,
@@ -292,12 +292,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (nameservers.some(function (n) { return n.toLowerCase().indexOf('.registrar-servers.com') === -1; })) {
             debug('verifyDnsConfig: %j does not contains NC NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to NameCheap'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to NameCheap', { field: 'nameservers' }));
         }
 
         const testSubdomain = 'cloudrontestdns';

src/dns/namecom.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/namecom'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     safe = require('safetydance'),
     superagent = require('superagent'),
     util = require('util'),
@@ -63,9 +63,9 @@ function addRecord(dnsConfig, zoneName, name, type, values, callback) {
         .timeout(30 * 1000)
         .send(data)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null, 'unused-id');
         });
@@ -100,9 +100,9 @@ function updateRecord(dnsConfig, zoneName, recordId, name, type, values, callbac
         .timeout(30 * 1000)
         .send(data)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             return callback(null);
         });
@@ -121,9 +121,9 @@ function getInternal(dnsConfig, zoneName, name, type, callback) {
         .auth(dnsConfig.username, dnsConfig.token)
         .timeout(30 * 1000)
         .end(function (error, result) {
-            if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-            if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-            if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+            if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+            if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+            if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
             // name.com does not return the correct content-type
             result.body = safe.JSON.parse(result.text);
@@ -209,9 +209,9 @@ function del(domainObject, location, type, values, callback) {
             .auth(dnsConfig.username, dnsConfig.token)
             .timeout(30 * 1000)
             .end(function (error, result) {
-                if (error && !error.response) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Network error ${error.message}`));
-                if (result.statusCode === 403) return callback(new DomainsError(DomainsError.ACCESS_DENIED, formatError(result)));
-                if (result.statusCode !== 200) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, formatError(result)));
+                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                if (result.statusCode === 403) return callback(new BoxError(BoxError.ACCESS_DENIED, formatError(result)));
+                if (result.statusCode !== 200) return callback(new BoxError(BoxError.EXTERNAL_ERROR, formatError(result)));
 
                 return callback(null);
             });
@@ -238,8 +238,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (typeof dnsConfig.username !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'username must be a string'));
-    if (typeof dnsConfig.token !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'token must be a string'));
+    if (typeof dnsConfig.username !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'username must be a string', { field: 'username' }));
+    if (typeof dnsConfig.token !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'token must be a string', { field: 'token' }));
 
     var credentials = {
         username: dnsConfig.username,
@@ -251,12 +251,12 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         if (!nameservers.every(function (n) { return n.toLowerCase().indexOf('.name.com') !== -1; })) {
             debug('verifyDnsConfig: %j does not contain Name.com NS', nameservers);
-            return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Name.com'));
+            return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to name.com', { field: 'nameservers' }));
         }
 
         const location = 'cloudrontestdns';

src/dns/noop.js

@@ -18,6 +18,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 }
 

src/dns/route53.js

@@ -12,10 +12,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     AWS = require('aws-sdk'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/route53'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     util = require('util'),
     waitForDns = require('./waitfordns.js'),
     _ = require('underscore');
@@ -59,15 +59,15 @@ function getZoneByName(dnsConfig, zoneName, callback) {
     }
 
     listHostedZones(function (error, result) {
-        if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-        if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-        if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+        if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+        if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         var zone = result.HostedZones.filter(function (zone) {
             return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
         })[0];
 
-        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));
+        if (!zone) return callback(new BoxError(BoxError.NOT_FOUND, 'no such zone'));
 
         callback(null, zone);
     });
@@ -83,9 +83,9 @@ function getHostedZone(dnsConfig, zoneName, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.getHostedZone({ Id: zone.Id }, function (error, result) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
             callback(null, result);
         });
@@ -127,11 +127,11 @@ function upsert(domainObject, location, type, values, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.changeResourceRecordSets(params, function(error) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'PriorRequestNotComplete') return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
-            if (error && error.code === 'InvalidChangeBatch') return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'PriorRequestNotComplete') return callback(new BoxError(BoxError.BUSY, error.message));
+            if (error && error.code === 'InvalidChangeBatch') return callback(new BoxError(BoxError.BAD_FIELD, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
             callback(null);
         });
@@ -160,9 +160,9 @@ function get(domainObject, location, type, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.listResourceRecordSets(params, function (error, result) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             if (result.ResourceRecordSets.length === 0) return callback(null, [ ]);
             if (result.ResourceRecordSets[0].Name !== params.StartRecordName || result.ResourceRecordSets[0].Type !== params.StartRecordType) return callback(null, [ ]);
 
@@ -208,23 +208,23 @@ function del(domainObject, location, type, values, callback) {
 
         var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
         route53.changeResourceRecordSets(params, function(error) {
-            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
-            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'AccessDenied') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
+            if (error && error.code === 'InvalidClientTokenId') return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
             if (error && error.message && error.message.indexOf('it was not found') !== -1) {
                 debug('del: resource record set not found.', error);
-                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
             } else if (error && error.code === 'NoSuchHostedZone') {
                 debug('del: hosted zone not found.', error);
-                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
             } else if (error && error.code === 'PriorRequestNotComplete') {
                 debug('del: resource is still busy', error);
-                return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
+                return callback(new BoxError(BoxError.BUSY, error.message));
             } else if (error && error.code === 'InvalidChangeBatch') {
                 debug('del: invalid change batch. No such record to be deleted.');
-                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
+                return callback(new BoxError(BoxError.NOT_FOUND, error.message));
             } else if (error) {
                 debug('del: error', error);
-                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             }
 
             callback(null);
@@ -252,8 +252,8 @@ function verifyDnsConfig(domainObject, callback) {
     const dnsConfig = domainObject.config,
         zoneName = domainObject.zoneName;
 
-    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'accessKeyId must be a non-empty string'));
-    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'secretAccessKey must be a non-empty string'));
+    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'accessKeyId must be a non-empty string', { field: 'accessKeyId' }));
+    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'secretAccessKey must be a non-empty string', { field: 'secretAccessKey' }));
 
     var credentials = {
         accessKeyId: dnsConfig.accessKeyId,
@@ -268,15 +268,15 @@ function verifyDnsConfig(domainObject, callback) {
     if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here
 
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         getHostedZone(credentials, zoneName, function (error, zone) {
             if (error) return callback(error);
 
             if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {
                 debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);
-                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Route53'));
+                return callback(new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Route53', { field: 'nameservers' }));
             }
 
             const location = 'cloudrontestdns';

src/dns/waitfordns.js

@@ -4,9 +4,9 @@ exports = module.exports = waitForDns;
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/waitfordns'),
-    dns = require('../native-dns.js'),
-    DomainsError = require('../domains.js').DomainsError;
+    dns = require('../native-dns.js');
 
 function resolveIp(hostname, options, callback) {
     assert.strictEqual(typeof hostname, 'string');
@@ -92,12 +92,12 @@ function waitForDns(hostname, zoneName, type, value, options, callback) {
         debug(`waitForDns (try ${attempt}): ${hostname} to be ${value} in zone ${zoneName}`);
 
         dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-            if (error || !nameservers) return retryCallback(error || new DomainsError(DomainsError.EXTERNAL_ERROR, 'Unable to get nameservers'));
+            if (error || !nameservers) return retryCallback(error || new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to get nameservers'));
 
             async.every(nameservers, isChangeSynced.bind(null, hostname, type, value), function (error, synced) {
                 debug('waitForDns: %s %s ns: %j', hostname, synced ? 'done' : 'not done', nameservers);
 
-                retryCallback(synced ? null : new DomainsError(DomainsError.EXTERNAL_ERROR, 'ETRYAGAIN'));
+                retryCallback(synced ? null : new BoxError(BoxError.EXTERNAL_ERROR, 'ETRYAGAIN'));
             });
         });
     }, function retryDone(error) {

src/dns/wildcard.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:dns/manual'),
     dns = require('../native-dns.js'),
     domains = require('../domains.js'),
-    DomainsError = require('../domains.js').DomainsError,
     sysinfo = require('../sysinfo.js'),
     util = require('util'),
     waitForDns = require('./waitfordns.js');
@@ -23,6 +23,7 @@ function removePrivateFields(domainObject) {
     return domainObject;
 }
 
+// eslint-disable-next-line no-unused-vars
 function injectPrivateFields(newConfig, currentConfig) {
 }
 
@@ -78,20 +79,20 @@ function verifyDnsConfig(domainObject, callback) {
 
     // Very basic check if the nameservers can be fetched
     dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
-        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
-        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));
+        if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain', { field: 'nameservers' }));
+        if (error || !nameservers) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers', { field: 'nameservers' }));
 
         const location = 'cloudrontestdns';
         const fqdn = domains.fqdn(location, domainObject);
 
         dns.resolve(fqdn, 'A', { server: '127.0.0.1', timeout: 5000 }, function (error, result) {
-            if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, `Unable to resolve ${fqdn}`));
-            if (error || !result) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : `Unable to resolve ${fqdn}`));
+            if (error && error.code === 'ENOTFOUND') return callback(new BoxError(BoxError.BAD_FIELD, `Unable to resolve ${fqdn}`, { field: 'nameservers' }));
+            if (error || !result) return callback(new BoxError(BoxError.BAD_FIELD, error ? error.message : `Unable to resolve ${fqdn}`, { field: 'nameservers' }));
 
-            sysinfo.getPublicIp(function (error, ip) {
-                if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Failed to detect IP of this server: ${error.message}`));
+            sysinfo.getServerIp(function (error, ip) {
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Failed to detect IP of this server: ${error.message}`));
 
-                if (result.length !== 1 || ip !== result[0]) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, `Domain resolves to ${JSON.stringify(result)} instead of ${ip}`));
+                if (result.length !== 1 || ip !== result[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Domain resolves to ${JSON.stringify(result)} instead of ${ip}`));
 
                 callback(null, {});
             });

src/docker.js

@@ -2,7 +2,13 @@
 
 exports = module.exports = {
     connection: connectionInstance(),
+
+    testRegistryConfig: testRegistryConfig,
     setRegistryConfig: setRegistryConfig,
+    injectPrivateFields: injectPrivateFields,
+    removePrivateFields: removePrivateFields,
+
+    SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8),
 
     ping: ping,
 
@@ -23,7 +29,6 @@ exports = module.exports = {
     inspectByName: inspect,
     getEvents: getEvents,
     memoryUsage: memoryUsage,
-    execContainer: execContainer,
     createVolume: createVolume,
     removeVolume: removeVolume,
     clearVolume: clearVolume
@@ -43,12 +48,10 @@ var addons = require('./addons.js'),
     child_process = require('child_process'),
     constants = require('./constants.js'),
     debug = require('debug')('box:docker.js'),
-    once = require('once'),
     path = require('path'),
     settings = require('./settings.js'),
     shell = require('./shell.js'),
     safe = require('safetydance'),
-    spawn = child_process.spawn,
     util = require('util'),
     _ = require('underscore');
 
@@ -61,6 +64,30 @@ function debugApp(app) {
     debug(app.fqdn + ' ' + util.format.apply(util, Array.prototype.slice.call(arguments, 1)));
 }
 
+function testRegistryConfig(auth, callback) {
+    assert.strictEqual(typeof auth, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    let docker = exports.connection;
+    docker.checkAuth(auth, function (error /*, data */) { // this returns a 500 even for auth errors
+        if (error) return callback(new BoxError(BoxError.BAD_FIELD, error, { field: 'serverAddress' }));
+
+        callback();
+    });
+}
+
+function injectPrivateFields(newConfig, currentConfig) {
+    if (newConfig.password === exports.SECRET_PLACEHOLDER) newConfig.password = currentConfig.password;
+}
+
+function removePrivateFields(registryConfig) {
+    assert.strictEqual(typeof registryConfig, 'object');
+
+    if (registryConfig.password) registryConfig.password = exports.SECRET_PLACEHOLDER;
+
+    return registryConfig;
+}
+
 function setRegistryConfig(auth, callback) {
     assert.strictEqual(typeof auth, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -68,7 +95,7 @@ function setRegistryConfig(auth, callback) {
     const isLogin = !!auth.password;
 
     // currently, auth info is not stashed in the db but maybe it should for restore to work?
-    const cmd = isLogin ? `docker login ${auth.serveraddress} --username ${auth.username} --password ${auth.password}` : `docker logout ${auth.serveraddress}`;
+    const cmd = isLogin ? `docker login ${auth.serverAddress} --username ${auth.username} --password ${auth.password}` : `docker logout ${auth.serverAddress}`;
 
     child_process.exec(cmd, { }, function (error /*, stdout, stderr */) {
         if (error) return callback(new BoxError(BoxError.ACCESS_DENIED, error.message));
@@ -91,36 +118,60 @@ function ping(callback) {
     });
 }
 
+function getRegistryConfig(image, callback) {
+    const parts = image.split('/');
+    if (parts.length === 2) return callback(null, null); // public docker registry
+
+    settings.getRegistryConfig(function (error, registryConfig) {
+        if (error) return callback(error);
+
+        // https://github.com/apocas/dockerode#pull-from-private-repos
+        const auth = {
+            username: registryConfig.username,
+            password: registryConfig.password,
+            auth: registryConfig.auth || '', // the auth token at login time
+            email: registryConfig.email || '',
+            serveraddress: registryConfig.serverAddress
+        };
+
+        callback(null, auth);
+    });
+}
+
 function pullImage(manifest, callback) {
     var docker = exports.connection;
 
-    // Use docker CLI here to support downloading of private repos. for dockerode, we have to use
-    // https://github.com/apocas/dockerode#pull-from-private-repos
-    docker.pull(manifest.dockerImage, function (error, stream) {
-        if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to pull image. statusCode: ' + error.statusCode));
+    getRegistryConfig(manifest.dockerImage, function (error, authConfig) {
+        if (error) return callback(error);
 
-        // https://github.com/dotcloud/docker/issues/1074 says each status message
-        // is emitted as a chunk
-        stream.on('data', function (chunk) {
-            var data = safe.JSON.parse(chunk) || { };
-            debug('pullImage %s: %j', manifest.id, data);
+        debug(`pullImage: will pull ${manifest.dockerImage}. auth: ${authConfig ? 'yes' : 'no'}`);
 
-            // The data.status here is useless because this is per layer as opposed to per image
-            if (!data.status && data.error) {
-                debug('pullImage error %s: %s', manifest.id, data.errorDetail.message);
-            }
-        });
+        docker.pull(manifest.dockerImage, { authconfig: authConfig }, function (error, stream) {
+            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Unable to pull image. Please check the network or if the image needs authentication. statusCode: ' + error.statusCode));
 
-        stream.on('end', function () {
-            debug('downloaded image %s of %s successfully', manifest.dockerImage, manifest.id);
+            // https://github.com/dotcloud/docker/issues/1074 says each status message
+            // is emitted as a chunk
+            stream.on('data', function (chunk) {
+                var data = safe.JSON.parse(chunk) || { };
+                debug('pullImage %s: %j', manifest.id, data);
 
-            callback(null);
-        });
+                // The data.status here is useless because this is per layer as opposed to per image
+                if (!data.status && data.error) {
+                    debug('pullImage error %s: %s', manifest.id, data.errorDetail.message);
+                }
+            });
 
-        stream.on('error', function (error) {
-            debug('error pulling image %s of %s: %j', manifest.dockerImage, manifest.id, error);
+            stream.on('end', function () {
+                debug('downloaded image %s of %s successfully', manifest.dockerImage, manifest.id);
 
-            callback(new BoxError(BoxError.DOCKER_ERROR, error.message));
+                callback(null);
+            });
+
+            stream.on('error', function (error) {
+                debug('error pulling image %s of %s: %j', manifest.dockerImage, manifest.id, error);
+
+                callback(new BoxError(BoxError.DOCKER_ERROR, error.message));
+            });
         });
     });
 }
@@ -165,7 +216,6 @@ function createSubcontainer(app, name, cmd, options, callback) {
         'CLOUDRON=1',
         'CLOUDRON_PROXY_IP=172.18.0.1',
         `CLOUDRON_APP_HOSTNAME=${app.id}`,
-        `CLOUDRON_ADMIN_EMAIL=${app.adminEmail}`,
         `${envPrefix}WEBADMIN_ORIGIN=${settings.adminOrigin()}`,
         `${envPrefix}API_ORIGIN=${settings.adminOrigin()}`,
         `${envPrefix}APP_ORIGIN=https://${domain}`,
@@ -180,7 +230,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
     var portEnv = [];
     for (let portName in app.portBindings) {
         const hostPort = app.portBindings[portName];
-        const portType = portName in manifest.tcpPorts ? 'tcp' : 'udp';
+        const portType = (manifest.tcpPorts && portName in manifest.tcpPorts) ? 'tcp' : 'udp';
         const ports = portType == 'tcp' ? manifest.tcpPorts : manifest.udpPorts;
 
         var containerPort = ports[portName].containerPort || hostPort;
@@ -208,7 +258,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
     if (!isAppContainer) memoryLimit *= 2;
 
     addons.getEnvironment(app, function (error, addonEnv) {
-        if (error) return callback(new Error('Error getting addon environment : ' + error));
+        if (error) return callback(error);
 
         // do no set hostname of containers to location as it might conflict with addons names. for example, an app installed in mail
         // location may not reach mail container anymore by DNS. We cannot set hostname to fqdn either as that sets up the dns
@@ -279,7 +329,11 @@ function createSubcontainer(app, name, cmd, options, callback) {
 
         debugApp(app, 'Creating container for %s', app.manifest.dockerImage);
 
-        docker.createContainer(containerOptions, callback);
+        docker.createContainer(containerOptions, function (error, container) {
+            if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+
+            callback(null, container);
+        });
     });
 }
 
@@ -298,6 +352,7 @@ function startContainer(containerId, callback) {
 
     container.start(function (error) {
         if (error && error.statusCode === 404) return callback(new BoxError(BoxError.NOT_FOUND));
+        if (error && error.statusCode === 400) return callback(new BoxError(BoxError.BAD_FIELD, error)); // e.g start.sh is not executable
         if (error && error.statusCode !== 304) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         return callback(null);
@@ -322,12 +377,12 @@ function stopContainer(containerId, callback) {
     };
 
     container.stop(options, function (error) {
-        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error stopping container:' + error));
+        if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error stopping container:' + error.message));
 
         debug('Waiting for container ' + containerId);
 
         container.wait(function (error, data) {
-            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new Error('Error waiting on container:' + error));
+            if (error && (error.statusCode !== 304 && error.statusCode !== 404)) return callback(new BoxError(BoxError.DOCKER_ERROR, 'Error waiting on container:' + error.message));
 
             debug('Container %s stopped with status code [%s]', containerId, data ? String(data.StatusCode) : '');
 
@@ -355,9 +410,12 @@ function deleteContainer(containerId, callback) {
     container.remove(removeOptions, function (error) {
         if (error && error.statusCode === 404) return callback(null);
 
-        if (error) debug('Error removing container %s : %j', containerId, error);
+        if (error) {
+            debug('Error removing container %s : %j', containerId, error);
+            return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        }
 
-        callback(error);
+        callback(null);
     });
 }
 
@@ -421,9 +479,12 @@ function deleteImage(manifest, callback) {
         if (error && error.statusCode === 404) return callback(null); // not found
         if (error && error.statusCode === 409) return callback(null); // another container using the image
 
-        if (error) debug('Error removing image %s : %j', dockerImage, error);
+        if (error) {
+            debug('Error removing image %s : %j', dockerImage, error);
+            return callback(new BoxError(BoxError.DOCKER_ERROR, error));
+        }
 
-        callback(error);
+        callback(null);
     });
 }
 
@@ -491,37 +552,6 @@ function memoryUsage(containerId, callback) {
     });
 }
 
-function execContainer(containerId, cmd, options, callback) {
-    assert.strictEqual(typeof containerId, 'string');
-    assert(util.isArray(cmd));
-    assert.strictEqual(typeof options, 'object');
-    assert.strictEqual(typeof callback, 'function');
-
-    callback = once(callback); // ChildProcess exit may or may not be called after error
-
-    var cp = spawn('/usr/bin/docker', [ 'exec', '-i', containerId  ].concat(cmd));
-
-    var chunks = [ ];
-
-    if (options.stdout) {
-        cp.stdout.pipe(options.stdout);
-    } else if (options.bufferStdout) {
-        cp.stdout.on('data', function (chunk) { chunks.push(chunk); });
-    } else {
-        cp.stdout.pipe(process.stdout);
-    }
-
-    cp.on('error', callback);
-    cp.on('exit', function (code, signal) {
-        debug('execContainer code: %s signal: %s', code, signal);
-        if (!callback.called) callback(code ? 'Failed with status ' + code : null, Buffer.concat(chunks));
-    });
-
-    cp.stderr.pipe(options.stderr || process.stderr);
-
-    if (options.stdin) options.stdin.pipe(cp.stdin).on('error', callback);
-}
-
 function createVolume(app, name, volumeDataDir, callback) {
     assert.strictEqual(typeof app, 'object');
     assert.strictEqual(typeof name, 'string');
@@ -569,7 +599,11 @@ function clearVolume(app, name, options, callback) {
         if (error) return callback(new BoxError(BoxError.DOCKER_ERROR, error));
 
         const volumeDataDir = v.Options.device;
-        shell.sudo('clearVolume', [ CLEARVOLUME_CMD, options.removeDirectory ? 'rmdir' : 'clear', volumeDataDir ], {}, callback);
+        shell.sudo('clearVolume', [ CLEARVOLUME_CMD, options.removeDirectory ? 'rmdir' : 'clear', volumeDataDir ], {}, function (error) {
+            if (error) return callback(new BoxError(BoxError.FS_ERROR, error));
+
+            callback();
+        });
     });
 }
 
@@ -583,7 +617,7 @@ function removeVolume(app, name, callback) {
 
     let volume = docker.getVolume(name);
     volume.remove(function (error) {
-        if (error && error.statusCode !== 404) return callback(new Error(`removeVolume: Error removing volume of ${app.id} ${error.message}`));
+        if (error && error.statusCode !== 404) return callback(new BoxError(BoxError.DOCKER_ERROR, `removeVolume: Error removing volume of ${app.id} ${error.message}`));
 
         callback();
     });

src/dockerproxy.js

@@ -6,8 +6,8 @@ exports = module.exports = {
 };
 
 var apps = require('./apps.js'),
-    AppsError = apps.AppsError,
     assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     express = require('express'),
     debug = require('debug')('box:dockerproxy'),
@@ -35,7 +35,7 @@ function authorizeApp(req, res, next) {
     }
 
     apps.getByIpAddress(req.connection.remoteAddress, function (error, app) {
-        if (error && error.reason === AppsError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(401, 'Unauthorized'));
         if (error) return next(new HttpError(500, error));
 
         if (!('docker' in app.manifest.addons)) return next(new HttpError(401, 'Unauthorized'));
@@ -67,6 +67,7 @@ function attachDockerRequest(req, res, next) {
     next();
 }
 
+// eslint-disable-next-line no-unused-vars
 function containersCreate(req, res, next) {
     safe.set(req.body, 'HostConfig.NetworkMode', 'cloudron'); // overwrite the network the container lives in
     safe.set(req.body, 'NetworkingConfig', {}); // drop any custom network configs
@@ -97,6 +98,7 @@ function containersCreate(req, res, next) {
     req.dockerRequest.end(plainBody);
 }
 
+// eslint-disable-next-line no-unused-vars
 function process(req, res, next) {
     // we have to rebuild the body since we consumed in in the parser
     if (Object.keys(req.body).length !== 0) {
@@ -139,6 +141,7 @@ function start(callback) {
 
     debug(`startDockerProxy: started proxy on port ${constants.DOCKER_PROXY_PORT}`);
 
+    // eslint-disable-next-line no-unused-vars
     gHttpServer.on('upgrade', function (req, client, head) {
         // Create a new tcp connection to the TCP server
         var remote = net.connect('/var/run/docker.sock', function () {

src/domaindb.js

@@ -12,8 +12,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     safe = require('safetydance');
 
 var DOMAINS_FIELDS = [ 'domain', 'zoneName', 'provider', 'configJson', 'tlsConfigJson', 'locked' ].join(',');
@@ -34,8 +34,8 @@ function get(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query(`SELECT ${DOMAINS_FIELDS} FROM domains WHERE domain=?`, [ domain ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
 
         postProcess(result[0]);
 
@@ -45,7 +45,7 @@ function get(domain, callback) {
 
 function getAll(callback) {
     database.query(`SELECT ${DOMAINS_FIELDS} FROM domains ORDER BY domain`, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -63,8 +63,8 @@ function add(name, domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO domains (domain, zoneName, provider, configJson, tlsConfigJson) VALUES (?, ?, ?, ?, ?)', [ name, domain.zoneName, domain.provider, JSON.stringify(domain.config), JSON.stringify(domain.tlsConfig) ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -91,8 +91,8 @@ function update(name, domain, callback) {
     args.push(name);
 
     database.query('UPDATE domains SET ' + fields.join(', ') + ' WHERE domain=?', args, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -103,9 +103,9 @@ function del(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM domains WHERE domain=?', [ domain ], function (error, result) {
-        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new DatabaseError(DatabaseError.IN_USE));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new BoxError(BoxError.CONFLICT));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Domain not found'));
 
         callback(null);
     });
@@ -113,7 +113,7 @@ function del(domain, callback) {
 
 function clear(callback) {
     database.query('DELETE FROM domains', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(error);
     });

src/domains.js

@@ -30,20 +30,17 @@ module.exports = exports = {
 
     prepareDashboardDomain: prepareDashboardDomain,
 
-    DomainsError: DomainsError,
-
     SECRET_PLACEHOLDER: String.fromCharCode(0x25CF).repeat(8)
 };
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:domains'),
     domaindb = require('./domaindb.js'),
     eventlog = require('./eventlog.js'),
     reverseProxy = require('./reverseproxy.js'),
-    ReverseProxyError = reverseProxy.ReverseProxyError,
     safe = require('safetydance'),
     settings = require('./settings.js'),
     sysinfo = require('./sysinfo.js'),
@@ -51,36 +48,6 @@ var assert = require('assert'),
     util = require('util'),
     _ = require('underscore');
 
-function DomainsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(DomainsError, Error);
-
-DomainsError.NOT_FOUND = 'No such domain';
-DomainsError.ALREADY_EXISTS = 'Domain already exists';
-DomainsError.EXTERNAL_ERROR = 'External error';
-DomainsError.BAD_FIELD = 'Bad Field';
-DomainsError.STILL_BUSY = 'Still busy';
-DomainsError.IN_USE = 'In Use';
-DomainsError.INTERNAL_ERROR = 'Internal error';
-DomainsError.ACCESS_DENIED = 'Access Denied';
-DomainsError.INVALID_PROVIDER = 'provider must be route53, gcdns, digitalocean, gandi, cloudflare, namecom, noop, wildcard, manual or caas';
-
 // choose which subdomain backend we use for test purpose we use route53
 function api(provider) {
     assert.strictEqual(typeof provider, 'string');
@@ -115,16 +82,14 @@ function verifyDnsConfig(dnsConfig, domain, zoneName, provider, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     var backend = api(provider);
-    if (!backend) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid provider'));
+    if (!backend) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid provider', { field: 'provider' }));
 
     const domainObject = { config: dnsConfig, domain: domain, zoneName: zoneName };
     api(provider).verifyDnsConfig(domainObject, function (error, result) {
-        if (error && error.reason === DomainsError.ACCESS_DENIED) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Incorrect configuration. Access denied'));
-        if (error && error.reason === DomainsError.NOT_FOUND) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Zone not found'));
-        if (error && error.reason === DomainsError.EXTERNAL_ERROR) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Configuration error: ' + error.message));
-        if (error && error.reason === DomainsError.BAD_FIELD) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
-        if (error && error.reason === DomainsError.INVALID_PROVIDER) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.ACCESS_DENIED) return callback(new BoxError(BoxError.BAD_FIELD, 'Incorrect configuration. Access denied'));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(new BoxError(BoxError.BAD_FIELD, 'Zone not found'));
+        if (error && error.reason === BoxError.EXTERNAL_ERROR) return callback(new BoxError(BoxError.BAD_FIELD, 'Configuration error: ' + error.message));
+        if (error) return callback(error);
 
         result.hyphenatedSubdomains = !!dnsConfig.hyphenatedSubdomains;
 
@@ -150,25 +115,25 @@ function validateHostname(location, domainObject) {
         constants.SMTP_LOCATION,
         constants.IMAP_LOCATION
     ];
-    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');
+    if (RESERVED_LOCATIONS.indexOf(location) !== -1) return new BoxError(BoxError.BAD_FIELD, location + ' is reserved', { field: 'location' });
 
-    if (hostname === settings.adminFqdn()) return new DomainsError(DomainsError.BAD_FIELD, location + ' is reserved');
+    if (hostname === settings.adminFqdn()) return new BoxError(BoxError.BAD_FIELD, location + ' is reserved', { field: 'location' });
 
     // workaround https://github.com/oncletom/tld.js/issues/73
     var tmp = hostname.replace('_', '-');
-    if (!tld.isValid(tmp)) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname is not a valid domain name');
+    if (!tld.isValid(tmp)) return new BoxError(BoxError.BAD_FIELD, 'Hostname is not a valid domain name', { field: 'location' });
 
-    if (hostname.length > 253) return new DomainsError(DomainsError.BAD_FIELD, 'Hostname length exceeds 253 characters');
+    if (hostname.length > 253) return new BoxError(BoxError.BAD_FIELD, 'Hostname length exceeds 253 characters', { field: 'location' });
 
     if (location) {
         // label validation
-        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new DomainsError(DomainsError.BAD_FIELD, 'Invalid subdomain length');
-        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot');
-        if (/^[-.]/.test(location)) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot');
+        if (location.split('.').some(function (p) { return p.length > 63 || p.length < 1; })) return new BoxError(BoxError.BAD_FIELD, 'Invalid subdomain length', { field: 'location' });
+        if (location.match(/^[A-Za-z0-9-.]+$/) === null) return new BoxError(BoxError.BAD_FIELD, 'Subdomain can only contain alphanumeric, hyphen and dot', { field: 'location' });
+        if (/^[-.]/.test(location)) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot start or end with hyphen or dot', { field: 'location' });
     }
 
     if (domainObject.config.hyphenatedSubdomains) {
-        if (location.indexOf('.') !== -1) return new DomainsError(DomainsError.BAD_FIELD, 'Subdomain cannot contain a dot');
+        if (location.indexOf('.') !== -1) return new BoxError(BoxError.BAD_FIELD, 'Subdomain cannot contain a dot', { field: 'location' });
     }
 
     return null;
@@ -185,12 +150,12 @@ function validateTlsConfig(tlsConfig, dnsProvider) {
     case 'caas':
         break;
     default:
-        return new DomainsError(DomainsError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback, letsencrypt-prod/staging');
+        return new BoxError(BoxError.BAD_FIELD, 'tlsConfig.provider must be caas, fallback, letsencrypt-prod/staging', { field: 'tlsProvider' });
     }
 
     if (tlsConfig.wildcard) {
-        if (!tlsConfig.provider.startsWith('letsencrypt')) return new DomainsError(DomainsError.BAD_FIELD, 'wildcard can only be set with letsencrypt');
-        if (dnsProvider === 'manual' || dnsProvider === 'noop' || dnsProvider === 'wildcard') return new DomainsError(DomainsError.BAD_FIELD, 'wildcard cert requires a programmable DNS backend');
+        if (!tlsConfig.provider.startsWith('letsencrypt')) return new BoxError(BoxError.BAD_FIELD, 'wildcard can only be set with letsencrypt', { field: 'wildcard' });
+        if (dnsProvider === 'manual' || dnsProvider === 'noop' || dnsProvider === 'wildcard') return new BoxError(BoxError.BAD_FIELD, 'wildcard cert requires a programmable DNS backend', { field: 'tlsProvider' });
     }
 
     return null;
@@ -207,22 +172,22 @@ function add(domain, data, auditSource, callback) {
 
     let { zoneName, provider, config, fallbackCertificate, tlsConfig } = data;
 
-    if (!tld.isValid(domain)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid domain'));
-    if (domain.endsWith('.')) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid domain'));
+    if (!tld.isValid(domain)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid domain', { field: 'domain' }));
+    if (domain.endsWith('.')) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid domain', { field: 'domain' }));
 
     if (zoneName) {
-        if (!tld.isValid(zoneName)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
-        if (zoneName.endsWith('.')) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
+        if (!tld.isValid(zoneName)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
+        if (zoneName.endsWith('.')) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
     } else {
         zoneName = tld.getDomain(domain) || domain;
     }
 
     if (fallbackCertificate) {
         let error = reverseProxy.validateCertificate('test', { domain, config }, fallbackCertificate);
-        if (error) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+        if (error) return callback(error);
     } else {
         fallbackCertificate = reverseProxy.generateFallbackCertificateSync({ domain, config });
-        if (fallbackCertificate.error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, fallbackCertificate.error));
+        if (fallbackCertificate.error) return callback(error);
     }
 
     let error = validateTlsConfig(tlsConfig, provider);
@@ -232,11 +197,10 @@ function add(domain, data, auditSource, callback) {
         if (error) return callback(error);
 
         domaindb.add(domain, { zoneName: zoneName, provider: provider, config: sanitizedConfig, tlsConfig: tlsConfig }, function (error) {
-            if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new DomainsError(DomainsError.ALREADY_EXISTS));
-            if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             reverseProxy.setFallbackCertificate(domain, fallbackCertificate, function (error) {
-                if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 eventlog.add(eventlog.ACTION_DOMAIN_ADD, auditSource, { domain, zoneName, provider });
 
@@ -252,16 +216,13 @@ function get(domain, callback) {
 
     domaindb.get(domain, function (error, result) {
         // TODO try to find subdomain entries maybe based on zoneNames or so
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
-
-        reverseProxy.getFallbackCertificate(domain, function (error, bundle) {
-            if (error && error.reason !== ReverseProxyError.NOT_FOUND) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
+        reverseProxy.getFallbackCertificate(domain, function (_, bundle) { // never returns an error
             var cert = safe.fs.readFileSync(bundle.certFilePath, 'utf-8');
             var key = safe.fs.readFileSync(bundle.keyFilePath, 'utf-8');
 
-            if (!cert || !key) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, 'unable to read certificates from disk'));
+            if (!cert || !key) return callback(new BoxError(BoxError.FS_ERROR, 'unable to read certificates from disk'));
 
             result.fallbackCertificate = { cert: cert, key: key };
 
@@ -274,7 +235,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domaindb.getAll(function (error, result) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -293,18 +254,17 @@ function update(domain, data, auditSource, callback) {
     let { zoneName, provider, config, fallbackCertificate, tlsConfig } = data;
 
     domaindb.get(domain, function (error, domainObject) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (zoneName) {
-            if (!tld.isValid(zoneName)) return callback(new DomainsError(DomainsError.BAD_FIELD, 'Invalid zoneName'));
+            if (!tld.isValid(zoneName)) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid zoneName', { field: 'zoneName' }));
         } else {
             zoneName = domainObject.zoneName;
         }
 
         if (fallbackCertificate) {
             let error = reverseProxy.validateCertificate('test', domainObject, fallbackCertificate);
-            if (error) return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
+            if (error) return callback(error);
         }
 
         error = validateTlsConfig(tlsConfig, provider);
@@ -323,13 +283,12 @@ function update(domain, data, auditSource, callback) {
             };
 
             domaindb.update(domain, newData, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-                if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 if (!fallbackCertificate) return callback();
 
                 reverseProxy.setFallbackCertificate(domain, fallbackCertificate, function (error) {
-                    if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+                    if (error) return callback(error);
 
                     eventlog.add(eventlog.ACTION_DOMAIN_UPDATE, auditSource, { domain, zoneName, provider });
 
@@ -345,12 +304,10 @@ function del(domain, auditSource, callback) {
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (domain === settings.adminDomain()) return callback(new DomainsError(DomainsError.IN_USE));
+    if (domain === settings.adminDomain()) return callback(new BoxError(BoxError.CONFLICT, 'Cannot remove admin domain'));
 
     domaindb.del(domain, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new DomainsError(DomainsError.NOT_FOUND));
-        if (error && error.reason === DatabaseError.IN_USE) return callback(new DomainsError(DomainsError.IN_USE));
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_DOMAIN_REMOVE, auditSource, { domain });
 
@@ -362,7 +319,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domaindb.clear(function (error) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -414,8 +371,8 @@ function checkDnsRecords(location, domain, callback) {
     getDnsRecords(location, domain, 'A', function (error, values) {
         if (error) return callback(error);
 
-        sysinfo.getPublicIp(function (error, ip) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+        sysinfo.getServerIp(function (error, ip) {
+            if (error) return callback(error);
 
             if (values.length === 0) return callback(null, { needsOverwrite: false }); // does not exist
             if (values[0] === ip) return callback(null, { needsOverwrite: false }); // exists but in sync
@@ -436,7 +393,7 @@ function upsertDnsRecords(location, domain, type, values, callback) {
     debug('upsertDNSRecord: %s on %s type %s values', location, domain, type, values);
 
     get(domain, function (error, domainObject) {
-        if (error) return callback(new DomainsError(DomainsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         api(domainObject.provider).upsert(domainObject, location, type, values, function (error) {
             if (error) return callback(error);
@@ -459,7 +416,7 @@ function removeDnsRecords(location, domain, type, values, callback) {
         if (error) return callback(error);
 
         api(domainObject.provider).del(domainObject, location, type, values, function (error) {
-            if (error && error.reason !== DomainsError.NOT_FOUND) return callback(error);
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
             callback(null);
         });
@@ -516,8 +473,8 @@ function prepareDashboardDomain(domain, auditSource, progressCallback, callback)
 
         const adminFqdn = fqdn(constants.ADMIN_LOCATION, domainObject);
 
-        sysinfo.getPublicIp(function (error, ip) {
-            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
+        sysinfo.getServerIp(function (error, ip) {
+            if (error) return callback(error);
 
             async.series([
                 (done) => { progressCallback({ percent: 10, message: `Updating DNS of ${adminFqdn}` }); done(); },

src/dyndns.js

@@ -21,7 +21,7 @@ function sync(auditSource, callback) {
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error);
 
         let info = safe.JSON.parse(safe.fs.readFileSync(paths.DYNDNS_INFO_FILE, 'utf8')) || { ip: null };

src/eventlog.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    EventLogError: EventLogError,
-
     add: add,
     get: get,
     getAllPaged: getAllPaged,
@@ -63,7 +61,6 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:eventlog'),
     eventlogdb = require('./eventlogdb.js'),
     notifications = require('./notifications.js'),
@@ -72,28 +69,6 @@ var assert = require('assert'),
 
 var NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
-function EventLogError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(EventLogError, Error);
-EventLogError.INTERNAL_ERROR = 'Internal error';
-EventLogError.NOT_FOUND = 'Not Found';
-
 function add(action, source, data, callback) {
     assert.strictEqual(typeof action, 'string');
     assert.strictEqual(typeof source, 'object');
@@ -105,10 +80,10 @@ function add(action, source, data, callback) {
     // we do only daily upserts for login actions, so they don't spam the db
     var api = action === exports.ACTION_USER_LOGIN ? eventlogdb.upsert : eventlogdb.add;
     api(uuid.v4(), action, source, data, function (error, id) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifications.onEvent(id, action, source, data, function (error) {
-            if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, { id: id });
         });
@@ -120,8 +95,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     eventlogdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new EventLogError(EventLogError.NOT_FOUND, 'No such event'));
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -135,7 +109,7 @@ function getAllPaged(actions, search, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     eventlogdb.getAllPaged(actions, search, page, perPage, function (error, events) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, events);
     });
@@ -146,7 +120,7 @@ function getByCreationTime(creationTime, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     eventlogdb.getByCreationTime(creationTime, function (error, events) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, events);
     });
@@ -159,7 +133,7 @@ function cleanup(callback) {
     d.setDate(d.getDate() - 10); // 10 days ago
 
     eventlogdb.delByCreationTime(d, function (error) {
-        if (error) return callback(new EventLogError(EventLogError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });

src/eventlogdb.js

@@ -14,8 +14,8 @@ exports = module.exports = {
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     mysql = require('mysql'),
     safe = require('safetydance'),
     util = require('util');
@@ -35,8 +35,8 @@ function get(eventId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + EVENTLOG_FIELDS + ' FROM eventlog WHERE id = ?', [ eventId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Eventlog not found'));
 
         callback(null, postProcess(result[0]));
     });
@@ -68,7 +68,7 @@ function getAllPaged(actions, search, page, perPage, callback) {
     data.push(perPage);
 
     database.query(query, data, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -82,7 +82,7 @@ function getByCreationTime(creationTime, callback) {
 
     var query = 'SELECT ' + EVENTLOG_FIELDS + ' FROM eventlog WHERE creationTime >= ? ORDER BY creationTime DESC';
     database.query(query, [ creationTime ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -98,8 +98,8 @@ function add(id, action, source, data, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO eventlog (id, action, source, data) VALUES (?, ?, ?, ?)', [ id, action, JSON.stringify(source), JSON.stringify(data) ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, id);
     });
@@ -123,7 +123,7 @@ function upsert(id, action, source, data, callback) {
     }];
 
     database.transaction(queries, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         if (result[0].affectedRows >= 1) return callback(null, result[1][0].id);
 
         // no existing eventlog found, create one
@@ -135,7 +135,7 @@ function count(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT COUNT(*) AS total FROM eventlog', function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback(null, result[0].total);
     });
@@ -143,7 +143,7 @@ function count(callback) {
 
 function clear(callback) {
     database.query('DELETE FROM eventlog', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -155,7 +155,7 @@ function delByCreationTime(creationTime, callback) {
 
     // remove notifications that reference the events as well
     database.query('SELECT * FROM eventlog WHERE creationTime <= ?', [ creationTime ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         async.eachSeries(result, function (item, iteratorCallback) {
             async.series([
@@ -163,7 +163,7 @@ function delByCreationTime(creationTime, callback) {
                 database.query.bind(null, 'DELETE FROM eventlog WHERE id=?', [ item.id ])
             ], iteratorCallback);
         }, function (error) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });

src/externalldap.js

@@ -1,89 +1,122 @@
 'use strict';
 
 exports = module.exports = {
-    ExternalLdapError: ExternalLdapError,
-
     verifyPassword: verifyPassword,
 
     testConfig: testConfig,
     startSyncer: startSyncer,
 
+    injectPrivateFields: injectPrivateFields,
+    removePrivateFields: removePrivateFields,
+
     sync: sync
 };
 
 var assert = require('assert'),
     async = require('async'),
-    auditsource = require('./auditsource.js'),
+    auditSource = require('./auditsource.js'),
+    BoxError = require('./boxerror.js'),
+    constants = require('./constants.js'),
     debug = require('debug')('box:externalldap'),
     ldap = require('ldapjs'),
     settings = require('./settings.js'),
     tasks = require('./tasks.js'),
-    users = require('./users.js'),
-    UserError = users.UsersError,
-    util = require('util');
+    users = require('./users.js');
 
-function ExternalLdapError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
+function injectPrivateFields(newConfig, currentConfig) {
+    if (newConfig.bindPassword === constants.SECRET_PLACEHOLDER) newConfig.bindPassword = currentConfig.bindPassword;
+}
+
+function removePrivateFields(ldapConfig) {
+    assert.strictEqual(typeof ldapConfig, 'object');
+    if (ldapConfig.bindPassword) ldapConfig.bindPassword = constants.SECRET_PLACEHOLDER;
+    return ldapConfig;
 }
-util.inherits(ExternalLdapError, Error);
-ExternalLdapError.EXTERNAL_ERROR = 'external error';
-ExternalLdapError.INTERNAL_ERROR = 'internal error';
-ExternalLdapError.INVALID_CREDENTIALS = 'invalid credentials';
-ExternalLdapError.BAD_STATE = 'bad state';
-ExternalLdapError.BAD_FIELD = 'bad field';
-ExternalLdapError.NOT_FOUND = 'not found';
 
 // performs service bind if required
 function getClient(externalLdapConfig, callback) {
+    assert.strictEqual(typeof externalLdapConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     // basic validation to not crash
-    try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid baseDn')); }
-    try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'invalid filter')); }
-    if (externalLdapConfig.bindDn) try { ldap.parseFilter(externalLdapConfig.bindDn); } catch (e) { return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS)); }
+    try { ldap.parseDN(externalLdapConfig.baseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid baseDn')); }
+    try { ldap.parseFilter(externalLdapConfig.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
 
     var client;
     try {
         client = ldap.createClient({ url: externalLdapConfig.url });
     } catch (e) {
-        if (e instanceof ldap.ProtocolError) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'url protocol is invalid'));
-        return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, e));
+        if (e instanceof ldap.ProtocolError) return callback(new BoxError(BoxError.BAD_FIELD, 'url protocol is invalid'));
+        return callback(new BoxError(BoxError.INTERNAL_ERROR, e));
     }
 
     if (!externalLdapConfig.bindDn) return callback(null, client);
 
     client.bind(externalLdapConfig.bindDn, externalLdapConfig.bindPassword, function (error) {
-        if (error instanceof ldap.InvalidCredentialsError) return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS));
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+        if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
         callback(null, client, externalLdapConfig);
     });
 }
 
+function ldapSearch(externalLdapConfig, options, callback) {
+    assert.strictEqual(typeof externalLdapConfig, 'object');
+    assert.strictEqual(typeof options, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    getClient(externalLdapConfig, function (error, client) {
+        if (error) return callback(error);
+
+        let searchOptions = {
+            paged: true,
+            filter: ldap.parseFilter(externalLdapConfig.filter),
+            scope: 'sub'    // We may have to make this configurable
+        };
+
+        if (options.filter) { // https://github.com/ldapjs/node-ldapjs/blob/master/docs/filters.md
+            let extraFilter = ldap.parseFilter(options.filter);
+            searchOptions.filter = new ldap.AndFilter({ filters: [ extraFilter, searchOptions.filter ] });
+        }
+
+        debug(`Listing users at ${externalLdapConfig.baseDn} with filter ${searchOptions.filter.toString()}`);
+
+        client.search(externalLdapConfig.baseDn, searchOptions, function (error, result) {
+            if (error instanceof ldap.NoSuchObjectError) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+
+            let ldapUsers = [];
+
+            result.on('searchEntry', entry => ldapUsers.push(entry.object));
+            result.on('error', error => callback(new BoxError(BoxError.EXTERNAL_ERROR, error)));
+
+            result.on('end', function (result) {
+                client.unbind();
+
+                if (result.status !== 0) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Server returned status ' + result.status));
+
+                callback(null, ldapUsers);
+            });
+        });
+    });
+}
+
 function testConfig(config, callback) {
     assert.strictEqual(typeof config, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!config.enabled) return callback();
+    if (config.provider === 'noop') return callback();
 
-    if (!config.url) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'url must not be empty'));
-    if (!config.baseDn) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'basedn must not be empty'));
-    if (!config.filter) return callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'filter must not be empty'));
+    if (!config.url) return callback(new BoxError(BoxError.BAD_FIELD, 'url must not be empty'));
+    if (!config.url.startsWith('ldap://') && !config.url.startsWith('ldaps://')) return callback(new BoxError(BoxError.BAD_FIELD, 'url is missing ldap:// or ldaps:// prefix'));
+    if (!config.usernameField) config.usernameField = 'uid';
+
+    // bindDn may not be a dn!
+    if (!config.baseDn) return callback(new BoxError(BoxError.BAD_FIELD, 'basedn must not be empty'));
+    try { ldap.parseDN(config.baseDn); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid baseDn')); }
+
+    if (!config.filter) return callback(new BoxError(BoxError.BAD_FIELD, 'filter must not be empty'));
+    try { ldap.parseFilter(config.filter); } catch (e) { return callback(new BoxError(BoxError.BAD_FIELD, 'invalid filter')); }
 
     getClient(config, function (error, client) {
         if (error) return callback(error);
@@ -94,11 +127,11 @@ function testConfig(config, callback) {
         };
 
         client.search(config.baseDn, opts, function (error, result) {
-            if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
-            result.on('searchEntry', function (entry) {});
-            result.on('error', function (error) { callback(new ExternalLdapError(ExternalLdapError.BAD_FIELD, 'Unable to search directory')); });
-            result.on('end', function (result) { callback(); });
+            result.on('searchEntry', function (/* entry */) {});
+            result.on('error', function (error) { client.unbind(); callback(new BoxError(BoxError.BAD_FIELD, `Unable to search directory: ${error.message}`)); });
+            result.on('end', function (/* result */) { client.unbind(); callback(); });
         });
     });
 }
@@ -109,17 +142,20 @@ function verifyPassword(user, password, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
-        if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled'));
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
 
-        getClient(externalLdapConfig, function (error, client) {
+        ldapSearch(externalLdapConfig, { filter: `${externalLdapConfig.usernameField}=${user.username}` }, function (error, ldapUsers) {
             if (error) return callback(error);
+            if (ldapUsers.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
+            if (ldapUsers.length > 1) return callback(new BoxError(BoxError.CONFLICT));
 
-            const dn = `uid=${user.username},${externalLdapConfig.baseDn}`;
+            const userDn = ldapUsers[0].dn;
+            let client = ldap.createClient({ url: externalLdapConfig.url });
 
-            client.bind(dn, password, function (error) {
-                if (error instanceof ldap.InvalidCredentialsError) return callback(new ExternalLdapError(ExternalLdapError.INVALID_CREDENTIALS));
-                if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+            client.bind(userDn, password, function (error) {
+                if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
                 callback();
             });
@@ -131,11 +167,11 @@ function startSyncer(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
-        if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled'));
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
 
         tasks.add(tasks.TASK_SYNC_EXTERNAL_LDAP, [], function (error, taskId) {
-            if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             tasks.startTask(taskId, {}, function (error, result) {
                 debug('sync: done', error, result);
@@ -150,81 +186,70 @@ function sync(progressCallback, callback) {
     assert.strictEqual(typeof progressCallback, 'function');
     assert.strictEqual(typeof callback, 'function');
 
-    debug('Start user syncing ...');
+    progressCallback({ percent: 10, message: 'Starting ldap user sync' });
 
     settings.getExternalLdapConfig(function (error, externalLdapConfig) {
-        if (error) return callback(new ExternalLdapError(ExternalLdapError.INTERNAL_ERROR, error));
-        if (!externalLdapConfig.enabled) return callback(new ExternalLdapError(ExternalLdapError.BAD_STATE, 'not enabled'));
+        if (error) return callback(error);
+        if (externalLdapConfig.provider === 'noop') return callback(new BoxError(BoxError.BAD_STATE, 'not enabled'));
 
-        getClient(externalLdapConfig, function (error, client) {
+        ldapSearch(externalLdapConfig, {}, function (error, ldapUsers) {
             if (error) return callback(error);
 
-            var opts = {
-                paged: true,
-                filter: externalLdapConfig.filter,
-                scope: 'sub'    // We may have to make this configurable
-            };
+            debug(`Found ${ldapUsers.length} users`);
+            let percent = 10;
+            let step = 90/(ldapUsers.length+1); // ensure no divide by 0
 
-            debug(`Listing users at ${externalLdapConfig.baseDn} with filter ${externalLdapConfig.filter}`);
+            // we ignore all errors here and just log them for now
+            async.eachSeries(ldapUsers, function (user, iteratorCallback) {
+const delayedCallback = (error) => setTimeout(iteratorCallback, 40000);
 
-            client.search(externalLdapConfig.baseDn, opts, function (error, result) {
-                if (error) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
+                const username = user[externalLdapConfig.usernameField];
+                const email = user.mail;
+                const displayName = user.cn; // user.giveName + ' ' + user.sn
 
-                var ldapUsers = [];
+                if (!username || !email || !displayName) {
+                    debug(`[empty username/email/displayName] username=${username} email=${email} displayName=${displayName} usernameField=${externalLdapConfig.usernameField}`);
+                    return delayedCallback();
+                }
 
-                result.on('searchEntry', function (entry) {
-                    ldapUsers.push(entry.object);
-                });
+                percent += step;
+                progressCallback({ percent, message: `Syncing... ${username}` });
 
-                result.on('error', function (error) {
-                    callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, error));
-                });
+                users.getByUsername(username, function (error, result) {
+                    if (error && error.reason !== BoxError.NOT_FOUND) {
+                        debug(`Could not find user with username ${username}: ${error.message}`);
+                        return delayedCallback();
+                    }
 
-                result.on('end', function (result) {
-                    if (result.status !== 0) return callback(new ExternalLdapError(ExternalLdapError.EXTERNAL_ERROR, 'Server returned status ' + result.status));
+                    if (error) {
+                        debug(`[adding user] username=${username} email=${email} displayName=${displayName}`);
 
-                    debug(`Found ${ldapUsers.length} users`);
-
-                    // we ignore all errors here and just log them for now
-                    async.eachSeries(ldapUsers, function (user, callback) {
-
-                        // ignore the bindDn user if any
-                        if (user.dn === externalLdapConfig.bindDn) return callback();
-
-                        users.getByUsername(user.uid, function (error, result) {
-                            if (error && error.reason !== UserError.NOT_FOUND) {
-                                console.error(error);
-                                return callback();
-                            }
-
-                            if (error) {
-                                debug('[adding user]     ', user.uid, user.mail, user.cn);
-
-                                users.create(user.uid, null, user.mail, user.cn, { source: 'ldap' }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
-                                    if (error) console.error('Failed to create user', user, error);
-                                    callback();
-                                });
-                            } else if (result.source !== 'ldap') {
-                                debug('[conflicting user]', user.uid, user.mail, user.cn);
-
-                                callback();
-                            } else if (result.email !== user.mail || result.displayName !== user.cn) {
-                                debug('[updating user]   ', user.uid, user.mail, user.cn);
-
-                                users.update(result.id, { email: user.mail, fallbackEmail: user.mail, displayName: user.cn }, auditsource.EXTERNAL_LDAP_TASK, function (error) {
-                                    if (error) console.error('Failed to update user', user, error);
-                                    callback();
-                                });
-                            } else {
-                                // user known and up-to-date
-                                callback();
-                            }
+                        users.create(username, null /* password */, email, displayName, { source: 'ldap' }, auditSource.EXTERNAL_LDAP_TASK, function (error) {
+                            if (error) console.error('Failed to create user', user, error);
+                            delayedCallback();
                         });
-                    }, function () {
-                        debug('User sync done.');
-                        callback();
-                    });
+                    } else if (result.source !== 'ldap') {
+                        debug(`[conflicting user] username=${username} email=${email} displayName=${displayName}`);
+
+                        delayedCallback();
+                    } else if (result.email !== email || result.displayName !== displayName) {
+                        debug(`[updating user] username=${username} email=${email} displayName=${displayName}`);
+
+                        users.update(result.id, { email: email, fallbackEmail: email, displayName: displayName }, auditSource.EXTERNAL_LDAP_TASK, function (error) {
+                            if (error) debug('Failed to update user', user, error);
+
+                            delayedCallback();
+                        });
+                    } else {
+                        // user known and up-to-date
+                        debug(`[up-to-date user] username=${username} email=${email} displayName=${displayName}`);
+
+                        delayedCallback();
+                    }
                 });
+            }, function (error) {
+                debug('sync: ldap sync is done', error);
+                callback(error);
             });
         });
     });

src/groupdb.js

@@ -25,8 +25,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 var GROUPS_FIELDS = [ 'id', 'name' ].join(',');
 
@@ -35,8 +35,8 @@ function get(groupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + GROUPS_FIELDS + ' FROM userGroups WHERE id = ? ORDER BY name', [ groupId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         callback(null, result[0]);
     });
@@ -50,8 +50,8 @@ function getWithMembers(groupId, callback) {
                     ' FROM userGroups LEFT OUTER JOIN groupMembers ON userGroups.id = groupMembers.groupId ' +
                     ' WHERE userGroups.id = ? ' +
                     ' GROUP BY userGroups.id', [ groupId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         var result = results[0];
         result.userIds = result.userIds ? result.userIds.split(',') : [ ];
@@ -64,7 +64,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + GROUPS_FIELDS + ' FROM userGroups', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -74,8 +74,8 @@ function getAllWithMembers(callback) {
     database.query('SELECT ' + GROUPS_FIELDS + ',GROUP_CONCAT(groupMembers.userId) AS userIds ' +
                     ' FROM userGroups LEFT OUTER JOIN groupMembers ON userGroups.id = groupMembers.groupId ' +
                     ' GROUP BY userGroups.id', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         results.forEach(function (result) { result.userIds = result.userIds ? result.userIds.split(',') : [ ]; });
 
@@ -89,8 +89,8 @@ function add(id, name, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO userGroups (id, name) VALUES (?, ?)', [ id, name ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -113,9 +113,9 @@ function update(id, data, callback) {
     args.push(id);
 
     database.query('UPDATE userGroups SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('userGroups_name') !== -1) return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'name already exists'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_DUP_ENTRY' && error.sqlMessage.indexOf('userGroups_name') !== -1) return callback(new BoxError(BoxError.ALREADY_EXISTS, 'name already exists'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         return callback(null);
     });
@@ -131,8 +131,8 @@ function del(id, callback) {
     queries.push({ query: 'DELETE FROM userGroups WHERE id = ?', args: [ id ] });
 
     database.transaction(queries, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result[1].affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result[1].affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         callback(error);
     });
@@ -142,7 +142,7 @@ function count(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT COUNT(*) AS total FROM userGroups', function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         return callback(null, result[0].total);
     });
@@ -150,10 +150,10 @@ function count(callback) {
 
 function clear(callback) {
     database.query('DELETE FROM groupMembers', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         database.query('DELETE FROM userGroups', function (error) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(error);
         });
@@ -165,8 +165,8 @@ function getMembers(groupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT userId FROM groupMembers WHERE groupId=?', [ groupId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        // if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); // need to differentiate group with no members and invalid groupId
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        // if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found')); // need to differentiate group with no members and invalid groupId
 
         callback(error, result.map(function (r) { return r.userId; }));
     });
@@ -184,8 +184,8 @@ function setMembers(groupId, userIds, callback) {
     }
 
     database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(error);
     });
@@ -196,8 +196,8 @@ function getMembership(userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT groupId FROM groupMembers WHERE userId=? ORDER BY groupId', [ userId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        // if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND)); // need to differentiate group with no members and invalid groupId
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        // if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found')); // need to differentiate group with no members and invalid groupId
 
         callback(error, result.map(function (r) { return r.groupId; }));
     });
@@ -215,8 +215,8 @@ function setMembership(userId, groupIds, callback) {
     });
 
     database.transaction(queries, function (error) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, error.message));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, error.message));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -228,9 +228,9 @@ function addMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO groupMembers (groupId, userId) VALUES (?, ?)', [ groupId, userId ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND));
-        if (error || result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
+        if (error || result.affectedRows !== 1) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -242,8 +242,8 @@ function removeMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM groupMembers WHERE groupId = ? AND userId = ?', [ groupId, userId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Group not found'));
 
         callback(null);
     });
@@ -255,7 +255,7 @@ function isMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT 1 FROM groupMembers WHERE groupId=? AND userId=?', [ groupId, userId ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, result.length !== 0);
     });
@@ -267,7 +267,7 @@ function getGroups(userId, callback) {
 
     database.query('SELECT ' + GROUPS_FIELDS + ' ' +
         ' FROM userGroups INNER JOIN groupMembers ON userGroups.id = groupMembers.groupId AND groupMembers.userId = ?', [ userId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });

src/groups.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    GroupsError: GroupsError,
-
     create: create,
     remove: remove,
     get: get,
@@ -26,52 +24,23 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     groupdb = require('./groupdb.js'),
-    util = require('util'),
     uuid = require('uuid'),
     _ = require('underscore');
 
-// http://dustinsenos.com/articles/customErrorsInNode
-// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
-function GroupsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(GroupsError, Error);
-GroupsError.INTERNAL_ERROR = 'Internal Error';
-GroupsError.ALREADY_EXISTS = 'Already Exists';
-GroupsError.NOT_FOUND = 'Not Found';
-GroupsError.BAD_FIELD = 'Field error';
-GroupsError.NOT_EMPTY = 'Not Empty';
-GroupsError.NOT_ALLOWED = 'Not Allowed';
-
 // keep this in sync with validateUsername
 function validateGroupname(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 1) return new GroupsError(GroupsError.BAD_FIELD, 'name must be atleast 1 char');
-    if (name.length >= 200) return new GroupsError(GroupsError.BAD_FIELD, 'name too long');
+    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'name must be atleast 1 char', { field: 'name' });
+    if (name.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'name too long', { field: 'name' });
 
-    if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupsError(GroupsError.BAD_FIELD, 'name is reserved');
+    if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new BoxError(BoxError.BAD_FIELD, 'name is reserved', { field: name });
 
     // need to consider valid LDAP characters here (e.g '+' is reserved)
-    if (/[^a-zA-Z0-9.-]/.test(name)) return new GroupsError(GroupsError.BAD_FIELD, 'name can only contain alphanumerals, hyphen and dot');
+    if (/[^a-zA-Z0-9.-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'name can only contain alphanumerals, hyphen and dot', { field: 'name' });
 
     return null;
 }
@@ -88,8 +57,7 @@ function create(name, callback) {
 
     var id = 'gid-' + uuid.v4();
     groupdb.add(id, name, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new GroupsError(GroupsError.ALREADY_EXISTS));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, { id: id, name: name });
     });
@@ -100,8 +68,7 @@ function remove(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.del(id, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -112,8 +79,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -124,8 +90,7 @@ function getWithMembers(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getWithMembers(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -135,7 +100,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getAll(function (error, result) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -145,7 +110,7 @@ function getAllWithMembers(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getAllWithMembers(function (error, result) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -156,8 +121,7 @@ function getMembers(groupId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getMembers(groupId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -168,8 +132,7 @@ function getMembership(userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getMembership(userId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -181,8 +144,7 @@ function setMembership(userId, groupIds, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.setMembership(userId, groupIds, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -194,8 +156,7 @@ function addMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.addMember(groupId, userId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -207,8 +168,7 @@ function setMembers(groupId, userIds, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.setMembers(groupId, userIds, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND, 'Invalid group or user id'));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -220,8 +180,7 @@ function removeMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.removeMember(groupId, userId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null);
     });
@@ -233,8 +192,7 @@ function isMember(groupId, userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.isMember(groupId, userId, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -253,8 +211,7 @@ function update(groupId, data, callback) {
     }
 
     groupdb.update(groupId, _.pick(data, 'name'), function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -265,7 +222,7 @@ function getGroups(userId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.getGroups(userId, function (error, results) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, results);
     });
@@ -275,7 +232,7 @@ function count(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     groupdb.count(function (error, count) {
-        if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, count);
     });

src/infra_version.js

@@ -18,8 +18,8 @@ exports = module.exports = {
         'mysql': { repo: 'cloudron/mysql', tag: 'cloudron/mysql:2.0.2@sha256:a28320f313785816be60e3f865e09065504170a3d20ed37de675c719b32b01eb' },
         'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:2.0.2@sha256:6dcee0731dfb9b013ed94d56205eee219040ee806c7e251db3b3886eaa4947ff' },
         'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:2.1.0@sha256:6d1bf221cfe6124957e2c58b57c0a47214353496009296acb16adf56df1da9d5' },
-        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.0.0@sha256:8a88dd334b62b578530a014ca1a2425a54cb9df1e475f5d3a36806e5cfa22121' },
-        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.4.0@sha256:209f76833ff8cce58be8a09897c378e3b706e1e318249870afb7294a4ee83cad' },
+        'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.1.0@sha256:f2cda21bd15c21bbf44432df412525369ef831a2d53860b5c5b1675e6f384de2' },
+        'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.5.0@sha256:086ae1c9433d90a820326aa43914a2afe94ad707074ef2bc05a7ef4798e83655' },
         'graphite': { repo: 'cloudron/graphite', tag: 'cloudron/graphite:2.2.0@sha256:fc9ca69d16e6ebdbd98ed53143d4a0d2212eef60cb638dc71219234e6f427a2c' },
         'sftp': { repo: 'cloudron/sftp', tag: 'cloudron/sftp:0.1.0@sha256:e177c5bf5f38c84ce1dea35649c22a1b05f96eec67a54a812c5a35e585670f0f' }
     }

src/ldap.js

@@ -9,18 +9,16 @@ var assert = require('assert'),
     appdb = require('./appdb.js'),
     apps = require('./apps.js'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:ldap'),
     eventlog = require('./eventlog.js'),
     ldap = require('ldapjs'),
     mail = require('./mail.js'),
-    MailError = mail.MailError,
     mailboxdb = require('./mailboxdb.js'),
     path = require('path'),
     safe = require('safetydance'),
-    users = require('./users.js'),
-    UsersError = users.UsersError;
+    users = require('./users.js');
 
 var gServer = null;
 
@@ -261,7 +259,7 @@ function mailboxSearch(req, res, next) {
         if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
         mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+            if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
             if (error) return next(new ldap.OperationsError(error.toString()));
 
             var obj = {
@@ -288,7 +286,7 @@ function mailboxSearch(req, res, next) {
     } else if (req.dn.rdns[0].attrs.domain) {
         var domain = req.dn.rdns[0].attrs.domain.value.toLowerCase();
 
-        mailboxdb.listMailboxes(domain, function (error, result) {
+        mailboxdb.listMailboxes(domain, 1, 1000, function (error, result) {
             if (error) return next(new ldap.OperationsError(error.toString()));
 
             var results = [];
@@ -334,7 +332,7 @@ function mailAliasSearch(req, res, next) {
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
     mailboxdb.getAlias(parts[0], parts[1], function (error, alias) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.toString()));
 
         // https://wiki.debian.org/LDAP/MigrationTools/Examples
@@ -367,12 +365,13 @@ function mailingListSearch(req, res, next) {
 
     if (!req.dn.rdns[0].attrs.cn) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
-    var email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
-    var parts = email.split('@');
+    let email = req.dn.rdns[0].attrs.cn.value.toLowerCase();
+    let parts = email.split('@');
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+    const name = parts[0], domain = parts[1];
 
-    mailboxdb.getList(parts[0], parts[1], function (error, list) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+    mail.resolveList(parts[0], parts[1], function (error, resolvedMembers) {
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.toString()));
 
         // http://ldapwiki.willeke.com/wiki/Original%20Mailgroup%20Schema%20From%20Netscape
@@ -382,9 +381,9 @@ function mailingListSearch(req, res, next) {
             attributes: {
                 objectclass: ['mailGroup'],
                 objectcategory: 'mailGroup',
-                cn: `${list.name}@${list.domain}`, // fully qualified
-                mail: `${list.name}@${list.domain}`,
-                mgrpRFC822MailMember: list.members // fully qualified
+                cn: `${name}@${domain}`, // fully qualified
+                mail: `${name}@${domain}`,
+                mgrpRFC822MailMember: resolvedMembers // fully qualified
             }
         };
 
@@ -421,8 +420,8 @@ function authenticateUser(req, res, next) {
     }
 
     api(commonName, req.credentials || '', function (error, user) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-        if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.message));
 
         req.user = user;
@@ -457,18 +456,18 @@ function authenticateUserMailbox(req, res, next) {
     if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
     mail.getDomain(parts[1], function (error, domain) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.message));
 
         if (!domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));
 
         mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+            if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
             if (error) return next(new ldap.OperationsError(error.message));
 
             users.verify(mailbox.ownerId, req.credentials || '', function (error, result) {
-                if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-                if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+                if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
                 if (error) return next(new ldap.OperationsError(error.message));
 
                 eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', mailboxId: email }, { userId: result.id, user: users.removePrivateFields(result) });
@@ -555,7 +554,7 @@ function authenticateMailAddon(req, res, next) {
     const addonId = req.dn.rdns[1].attrs.ou.value.toLowerCase(); // 'sendmail' or 'recvmail'
 
     mail.getDomain(parts[1], function (error, domain) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
         if (error) return next(new ldap.OperationsError(error.message));
 
         if (addonId === 'recvmail' && !domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));
@@ -567,19 +566,19 @@ function authenticateMailAddon(req, res, next) {
 
         // note: with sendmail addon, apps can send mail without a mailbox (unlike users)
         appdb.getAppIdByAddonConfigValue(addonId, namePattern, req.credentials || '', function (error, appId) {
-            if (error && error.reason !== DatabaseError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
+            if (error && error.reason !== BoxError.NOT_FOUND) return next(new ldap.OperationsError(error.message));
             if (appId) { // matched app password
                 eventlog.add(eventlog.ACTION_APP_LOGIN, { authType: 'ldap', mailboxId: email }, { appId: appId, addonId: addonId });
                 return res.end();
             }
 
             mailboxdb.getMailbox(parts[0], parts[1], function (error, mailbox) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
                 if (error) return next(new ldap.OperationsError(error.message));
 
                 users.verify(mailbox.ownerId, req.credentials || '', function (error, result) {
-                    if (error && error.reason === UsersError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
-                    if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
+                    if (error && error.reason === BoxError.NOT_FOUND) return next(new ldap.NoSuchObjectError(req.dn.toString()));
+                    if (error && error.reason === BoxError.INVALID_CREDENTIALS) return next(new ldap.InvalidCredentialsError(req.dn.toString()));
                     if (error) return next(new ldap.OperationsError(error.message));
 
                     eventlog.add(eventlog.ACTION_USER_LOGIN, { authType: 'ldap', mailboxId: email }, { userId: result.id, user: users.removePrivateFields(result) });

src/mail.js

@@ -26,6 +26,7 @@ exports = module.exports = {
     startMail: restartMail,
     restartMail: restartMail,
     handleCertChanged: handleCertChanged,
+    getMailAuth: getMailAuth,
 
     sendTestMail: sendTestMail,
 
@@ -45,18 +46,18 @@ exports = module.exports = {
     addList: addList,
     updateList: updateList,
     removeList: removeList,
+    resolveList: resolveList,
 
-    _readDkimPublicKeySync: readDkimPublicKeySync,
-
-    MailError: MailError
+    _readDkimPublicKeySync: readDkimPublicKeySync
 };
 
 var assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:mail'),
     dns = require('./native-dns.js'),
+    docker = require('./docker.js'),
     domains = require('./domains.js'),
     eventlog = require('./eventlog.js'),
     hat = require('./hat.js'),
@@ -75,47 +76,20 @@ var assert = require('assert'),
     smtpTransport = require('nodemailer-smtp-transport'),
     sysinfo = require('./sysinfo.js'),
     users = require('./users.js'),
-    util = require('util'),
     validator = require('validator'),
     _ = require('underscore');
 
 const DNS_OPTIONS = { timeout: 5000 };
 var NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
-function MailError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(MailError, Error);
-MailError.INTERNAL_ERROR = 'Internal Error';
-MailError.EXTERNAL_ERROR = 'External Error';
-MailError.BAD_FIELD = 'Bad Field';
-MailError.ALREADY_EXISTS = 'Already Exists';
-MailError.NOT_FOUND = 'Not Found';
-MailError.IN_USE = 'In Use';
-
 function validateName(name) {
     assert.strictEqual(typeof name, 'string');
 
-    if (name.length < 1) return new MailError(MailError.BAD_FIELD, 'mailbox name must be atleast 1 char');
-    if (name.length >= 200) return new MailError(MailError.BAD_FIELD, 'mailbox name too long');
+    if (name.length < 1) return new BoxError(BoxError.BAD_FIELD, 'mailbox name must be atleast 1 char');
+    if (name.length >= 200) return new BoxError(BoxError.BAD_FIELD, 'mailbox name too long');
 
     // also need to consider valid LDAP characters here (e.g '+' is reserved)
-    if (/[^a-zA-Z0-9.-]/.test(name)) return new MailError(MailError.BAD_FIELD, 'mailbox name can only contain alphanumerals and dot');
+    if (/[^a-zA-Z0-9.-]/.test(name)) return new BoxError(BoxError.BAD_FIELD, 'mailbox name can only contain alphanumerals and dot');
 
     return null;
 }
@@ -204,7 +178,7 @@ function verifyRelay(relay, callback) {
     if (relay.provider === 'cloudron-smtp' || relay.provider === 'noop') return callback();
 
     checkSmtpRelay(relay, function (error) {
-        if (error) return callback(new MailError(MailError.BAD_FIELD, error.message));
+        if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message));
 
         callback();
     });
@@ -304,7 +278,7 @@ function checkMx(domain, mailFqdn, callback) {
         dns.resolve(mxRecords[0].exchange, 'A', DNS_OPTIONS, function (error, mxIps) {
             if (error || mxIps.length !== 1) return callback(null, mx);
 
-            sysinfo.getPublicIp(function (error, ip) {
+            sysinfo.getServerIp(function (error, ip) {
                 if (error) return callback(null, mx);
 
                 mx.status = mxIps[0] === ip;
@@ -354,16 +328,18 @@ function checkPtr(mailFqdn, callback) {
 
     var ptr = {
         domain: null,
+        name: null,
         type: 'PTR',
         value: null,
         expected: mailFqdn, // any trailing '.' is added by client software (https://lists.gt.net/spf/devel/7918)
         status: false
     };
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error, ptr);
 
         ptr.domain = ip.split('.').reverse().join('.') + '.in-addr.arpa';
+        ptr.name = ip;
 
         dns.resolve(ptr.domain, 'PTR', DNS_OPTIONS, function (error, ptrRecords) {
             if (error) return callback(error, ptr);
@@ -442,7 +418,7 @@ const RBL_LIST = [
 function checkRblStatus(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    sysinfo.getPublicIp(function (error, ip) {
+    sysinfo.getServerIp(function (error, ip) {
         if (error) return callback(error, ip);
 
         var flippedIp = ip.split('.').reverse().join('.');
@@ -480,7 +456,7 @@ function getStatus(domain, callback) {
 
     // ensure we always have a valid toplevel properties for the api
     var results = {
-        dns: {}, // { mx: { expected, value }, dmarc: { expected, value }, dkim: { expected, value }, spf: { expected, value }, ptr: { expected, value } }
+        dns: {}, // { mx/dmar/dkim/spf/ptr: { expected, value, name, domain, type } }
         rbl: {}, // { status, ip, servers: [{name,site,dns}]} optional. only for cloudron-smtp
         relay: {} // { status, value } always checked
     };
@@ -545,7 +521,7 @@ function checkConfiguration(callback) {
 
                 Object.keys(result.dns).forEach((type) => {
                     const record = result.dns[type];
-                    if (!record.status) message.push(`${type.toUpperCase()} DNS record did not match. Expected: \`${record.expected}\`. Actual: \`${record.value}\``);
+                    if (!record.status) message.push(`${type.toUpperCase()} DNS record (${record.type}) did not match.\n    * Hostname: \`${record.name}\`\n    * Expected: \`${record.expected}\`\n    * Actual: \`${record.value}\``);
                 });
                 if (result.relay && result.relay.status === false) message.push(`Relay error: ${result.relay.value}`);
                 if (result.rbl && result.rbl.status === false) { // rbl field contents is optional
@@ -688,6 +664,31 @@ function configureMail(mailFqdn, mailDomain, callback) {
     });
 }
 
+function getMailAuth(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    docker.inspect('mail', function (error, data) {
+        if (error) return callback(error);
+
+        const ip = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
+        if (!ip) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error querying mail server IP'));
+
+        // extract the relay token for auth
+        const env = safe.query(data, 'Config.Env', null);
+        if (!env) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error getting mail env'));
+        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
+        if (!tmp) return callback(new BoxError(BoxError.MAIL_ERROR, 'Error getting CLOUDRON_RELAY_TOKEN env var'));
+        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
+        if (!relayToken)  return callback(new BoxError(BoxError.MAIL_ERROR, 'Error parsing CLOUDRON_RELAY_TOKEN'));
+
+        callback(null, {
+            ip,
+            port: constants.INTERNAL_SMTP_PORT,
+            relayToken
+        });
+    });
+}
+
 function restartMail(callback) {
     assert.strictEqual(typeof callback, 'function');
 
@@ -701,7 +702,8 @@ function restartMailIfActivated(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     users.isActivated(function (error, activated) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
+
         if (!activated) {
             debug('restartMailIfActivated: skipping restart of mail container since Cloudron is not activated yet');
             return callback(); // not provisioned yet, do not restart container after dns setup
@@ -723,8 +725,7 @@ function getDomain(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.get(domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, result);
     });
@@ -734,7 +735,7 @@ function getDomains(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.list(function (error, results) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         return callback(null, results);
     });
@@ -747,7 +748,7 @@ function txtRecordsWithSpf(domain, mailFqdn, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     domains.getDnsRecords('', domain, 'TXT', function (error, txtRecords) {
-        if (error) return new MailError(MailError.EXTERNAL_ERROR, error.message);
+        if (error) return error;
 
         debug('txtRecordsWithSpf: current txt records - %j', txtRecords);
 
@@ -796,16 +797,16 @@ function ensureDkimKeySync(mailDomain) {
 
     if (!safe.fs.mkdirSync(dkimPath) && safe.error.code !== 'EEXIST') {
         debug('Error creating dkim.', safe.error);
-        return new MailError(MailError.INTERNAL_ERROR, safe.error);
+        return new BoxError(BoxError.FS_ERROR, safe.error);
     }
 
-    if (!safe.child_process.execSync('openssl genrsa -out ' + dkimPrivateKeyFile + ' 1024')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
-    if (!safe.child_process.execSync('openssl rsa -in ' + dkimPrivateKeyFile + ' -out ' + dkimPublicKeyFile + ' -pubout -outform PEM')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.child_process.execSync('openssl genrsa -out ' + dkimPrivateKeyFile + ' 1024')) return new BoxError(BoxError.OPENSSL_ERROR, safe.error);
+    if (!safe.child_process.execSync('openssl rsa -in ' + dkimPrivateKeyFile + ' -out ' + dkimPublicKeyFile + ' -pubout -outform PEM')) return new BoxError(BoxError.OPENSSL_ERROR, safe.error);
 
-    if (!safe.fs.writeFileSync(dkimSelectorFile, mailDomain.dkimSelector, 'utf8')) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.fs.writeFileSync(dkimSelectorFile, mailDomain.dkimSelector, 'utf8')) return new BoxError(BoxError.FS_ERROR, safe.error);
 
     // if the 'yellowtent' user of OS and the 'cloudron' user of mail container don't match, the keys become inaccessible by mail code
-    if (!safe.fs.chmodSync(dkimPrivateKeyFile, 0o644)) return new MailError(MailError.INTERNAL_ERROR, safe.error);
+    if (!safe.fs.chmodSync(dkimPrivateKeyFile, 0o644)) return new BoxError(BoxError.FS_ERROR, safe.error);
 
     return null;
 }
@@ -837,8 +838,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
     debug(`upsertDnsRecords: updating mail dns records of domain ${domain} and mail fqdn ${mailFqdn}`);
 
     maildb.get(domain, function (error, mailDomain) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         error = ensureDkimKeySync(mailDomain);
         if (error) return callback(error);
@@ -846,7 +846,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
         if (process.env.BOX_ENV === 'test') return callback();
 
         var dkimKey = readDkimPublicKeySync(domain);
-        if (!dkimKey) return callback(new MailError(MailError.INTERNAL_ERROR, new Error('Failed to read dkim public key')));
+        if (!dkimKey) return callback(new BoxError(BoxError.FS_ERROR, new Error('Failed to read dkim public key')));
 
         // t=s limits the domainkey to this domain and not it's subdomains
         var dkimRecord = { subdomain: `${mailDomain.dkimSelector}._domainkey`, domain: domain, type: 'TXT', values: [ '"v=DKIM1; t=s; p=' + dkimKey + '"' ] };
@@ -870,7 +870,7 @@ function upsertDnsRecords(domain, mailFqdn, callback) {
             }, function (error, changeIds) {
                 if (error) {
                     debug(`upsertDnsRecords: failed to update: ${error}`);
-                    return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+                    return callback(error);
                 }
 
                 debug('upsertDnsRecords: records %j added with changeIds %j', records, changeIds);
@@ -895,12 +895,12 @@ function onMailFqdnChanged(callback) {
         mailDomain = settings.adminDomain();
 
     domains.getAll(function (error, allDomains) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.eachOfSeries(allDomains, function (domainObject, idx, iteratorDone) {
             upsertDnsRecords(domainObject.domain, mailFqdn, iteratorDone);
         }, function (error) {
-            if (error) return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+            if (error) return callback(error);
 
             configureMail(mailFqdn, mailDomain, callback);
         });
@@ -914,9 +914,7 @@ function addDomain(domain, callback) {
     const dkimSelector = domain === settings.adminDomain() ? 'cloudron' : ('cloudron-' + settings.adminDomain().replace(/\./g, ''));
 
     maildb.add(domain, { dkimSelector }, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, 'Domain already exists'));
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'No such domain'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         async.series([
             upsertDnsRecords.bind(null, domain, settings.mailFqdn()), // do this first to ensure DKIM keys
@@ -931,12 +929,10 @@ function removeDomain(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (domain === settings.adminDomain()) return callback(new MailError(MailError.IN_USE));
+    if (domain === settings.adminDomain()) return callback(new BoxError(BoxError.CONFLICT));
 
     maildb.del(domain, function (error) {
-        if (error && error.reason === DatabaseError.IN_USE) return callback(new MailError(MailError.IN_USE));
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK);
 
@@ -948,7 +944,7 @@ function clearDomains(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.clear(function (error) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback();
     });
@@ -970,8 +966,7 @@ function setMailFromValidation(domain, enabled, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.update(domain, { mailFromValidation: enabled }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK); // have to restart mail container since haraka cannot watch symlinked config files (mail.ini)
 
@@ -985,8 +980,7 @@ function setCatchAllAddress(domain, addresses, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.update(domain, { catchAll: addresses }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK); // have to restart mail container since haraka cannot watch symlinked config files (mail.ini)
 
@@ -1012,8 +1006,7 @@ function setMailRelay(domain, relay, callback) {
             if (error) return callback(error);
 
             maildb.update(domain, { relay: relay }, function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-                if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 restartMail(NOOP_CALLBACK);
 
@@ -1030,8 +1023,7 @@ function setMailEnabled(domain, enabled, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     maildb.update(domain, { enabled: enabled }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         restartMail(NOOP_CALLBACK);
 
@@ -1050,19 +1042,21 @@ function sendTestMail(domain, to, callback) {
         if (error) return callback(error);
 
         mailer.sendTestMail(result.domain, to, function (error) {
-            if (error) return callback(new MailError(MailError.EXTERNAL_ERROR, error.message));
+            if (error) return callback(error);
 
             callback();
         });
     });
 }
 
-function listMailboxes(domain, callback) {
+function listMailboxes(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    mailboxdb.listMailboxes(domain, function (error, result) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+    mailboxdb.listMailboxes(domain, page, perPage, function (error, result) {
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1073,7 +1067,7 @@ function removeMailboxes(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.delByDomain(domain, function (error) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback();
     });
@@ -1085,8 +1079,7 @@ function getMailbox(name, domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.getMailbox(name, domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1105,8 +1098,7 @@ function addMailbox(name, domain, userId, auditSource, callback) {
     if (error) return callback(error);
 
     mailboxdb.addMailbox(name, domain, userId, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, `mailbox ${name} already exists`));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_MAILBOX_ADD, auditSource, { name, domain, userId });
 
@@ -1123,8 +1115,7 @@ function updateMailboxOwner(name, domain, userId, callback) {
     name = name.toLowerCase();
 
     mailboxdb.updateMailboxOwner(name, domain, userId, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -1137,8 +1128,7 @@ function removeMailbox(name, domain, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.del(name, domain, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_MAILBOX_REMOVE, auditSource, { name, domain });
 
@@ -1146,13 +1136,14 @@ function removeMailbox(name, domain, auditSource, callback) {
     });
 }
 
-function listAliases(domain, callback) {
+function listAliases(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    mailboxdb.listAliases(domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, error.message));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+    mailboxdb.listAliases(domain, page, perPage, function (error, result) {
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1167,8 +1158,7 @@ function getAliases(name, domain, callback) {
         if (error) return callback(error);
 
         mailboxdb.getAliasesForName(name, domain, function (error, aliases) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-            if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, aliases);
         });
@@ -1189,14 +1179,7 @@ function setAliases(name, domain, aliases, callback) {
     }
 
     mailboxdb.setAliasesForName(name, domain, aliases, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS && error.message.indexOf('mailboxes_name_domain_unique_index') !== -1) {
-            var aliasMatch = error.message.match(new RegExp(`^ER_DUP_ENTRY: Duplicate entry '(.*)-${domain}' for key 'mailboxes_name_domain_unique_index'$`));
-            if (!aliasMatch) return callback(new MailError(MailError.ALREADY_EXISTS, error.message));
-            return callback(new MailError(MailError.ALREADY_EXISTS, `Mailbox, mailinglist or alias for ${aliasMatch[1]} already exists`));
-        }
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, error.message));
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -1207,7 +1190,7 @@ function getLists(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.getLists(domain, function (error, result) {
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1219,8 +1202,7 @@ function getList(domain, listName, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.getList(listName, domain, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such list'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -1239,12 +1221,11 @@ function addList(name, domain, members, auditSource, callback) {
     if (error) return callback(error);
 
     for (var i = 0; i < members.length; i++) {
-        if (!validator.isEmail(members[i])) return callback(new MailError(MailError.BAD_FIELD, 'Invalid mail member: ' + members[i]));
+        if (!validator.isEmail(members[i])) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid mail member: ' + members[i]));
     }
 
     mailboxdb.addList(name, domain, members, function (error) {
-        if (error && error.reason === DatabaseError.ALREADY_EXISTS) return callback(new MailError(MailError.ALREADY_EXISTS, 'list already exits'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_LIST_ADD, auditSource, { name, domain });
 
@@ -1264,12 +1245,11 @@ function updateList(name, domain, members, callback) {
     if (error) return callback(error);
 
     for (var i = 0; i < members.length; i++) {
-        if (!validator.isEmail(members[i])) return callback(new MailError(MailError.BAD_FIELD, 'Invalid email: ' + members[i]));
+        if (!validator.isEmail(members[i])) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid email: ' + members[i]));
     }
 
     mailboxdb.updateList(name, domain, members, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such mailbox'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -1282,11 +1262,57 @@ function removeList(name, domain, auditSource, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mailboxdb.del(name, domain, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new MailError(MailError.NOT_FOUND, 'no such list'));
-        if (error) return callback(new MailError(MailError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         eventlog.add(eventlog.ACTION_MAIL_LIST_ADD, auditSource, { name, domain });
 
         callback();
     });
 }
+
+function resolveList(listName, listDomain, callback) {
+    assert.strictEqual(typeof listName, 'string');
+    assert.strictEqual(typeof listDomain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    getDomains(function (error, mailDomains) {
+        if (error) return callback(error);
+
+        const mailInDomains = mailDomains.filter(function (d) { return d.enabled; }).map(function (d) { return d.domain; }).join(',');
+
+        mailboxdb.getList(listName, listDomain, function (error, list) {
+            if (error) return callback(error);
+
+            let result = [], toResolve = list.members.slice(), visited = []; // slice creates a copy of array
+
+            async.whilst(() => toResolve.length != 0, function (iteratorCallback) {
+                const toProcess = toResolve.shift();
+                const parts = toProcess.split('@');
+                const memberName = parts[0].split('+')[0], memberDomain = parts[1];
+
+                if (!mailInDomains.includes(memberDomain)) { result.push(toProcess); return iteratorCallback(); } // external domain
+
+                const member =`${memberName}@${memberDomain}`; // cleaned up without any '+' subaddress
+                if (visited.includes(member)) {
+                    debug(`resolveList: list ${listName}@${listDomain} has a recursion at member ${member}`);
+                    return iteratorCallback();
+                }
+                visited.push(member);
+
+                mailboxdb.get(memberName, memberDomain, function (error, entry) {
+                    if (error && error.reason == BoxError.NOT_FOUND) { result.push(member); return iteratorCallback(); }
+                    if (error) return iteratorCallback(error);
+
+                    if (entry.type === mailboxdb.TYPE_MAILBOX) { result.push(member); return iteratorCallback(); }
+                    // no need to resolve alias because we only allow one level and within same domain
+                    if (entry.type === mailboxdb.TYPE_ALIAS) { result.push(`${entry.aliasTarget}@${entry.domain}`); return iteratorCallback(); }
+
+                    toResolve = toResolve.concat(entry.members);
+                    iteratorCallback();
+                });
+            }, function (error) {
+                callback(error, result);
+            });
+        });
+    });
+}

src/mail_templates/box_update_error.ejs

@@ -0,0 +1,20 @@
+<%if (format === 'text') { %>
+
+Dear Cloudron Admin,
+
+Cloudron update failed because of the following reason:
+
+-------------------------------------
+
+<%- message %>
+
+-------------------------------------
+
+
+Powered by https://cloudron.io
+
+Sent at: <%= new Date().toUTCString() %>
+
+<% } else { %>
+
+<% } %>

src/mailboxdb.js

@@ -12,6 +12,7 @@ exports = module.exports = {
     listMailboxes: listMailboxes,
     getLists: getLists,
 
+    get: get,
     getMailbox: getMailbox,
     getList: getList,
     getAlias: getAlias,
@@ -33,8 +34,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     safe = require('safetydance'),
     util = require('util');
 
@@ -54,8 +55,8 @@ function addMailbox(name, domain, ownerId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO mailboxes (name, type, domain, ownerId) VALUES (?, ?, ?, ?)', [ name, exports.TYPE_MAILBOX, domain, ownerId ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -68,8 +69,8 @@ function updateMailboxOwner(name, domain, ownerId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('UPDATE mailboxes SET ownerId = ? WHERE name = ? AND domain = ?', [ ownerId, name, domain ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         callback(null);
     });
@@ -83,8 +84,8 @@ function addList(name, domain, members, callback) {
 
     database.query('INSERT INTO mailboxes (name, type, domain, ownerId, membersJson) VALUES (?, ?, ?, ?, ?)',
         [ name, exports.TYPE_LIST, domain, 'admin', JSON.stringify(members) ], function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });
@@ -98,8 +99,8 @@ function updateList(name, domain, members, callback) {
 
     database.query('UPDATE mailboxes SET membersJson = ? WHERE name = ? AND domain = ?',
         [ JSON.stringify(members), name, domain ], function (error, result) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             callback(null);
         });
@@ -109,7 +110,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('TRUNCATE TABLE mailboxes', [], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }
@@ -121,8 +122,8 @@ function del(name, domain, callback) {
 
     // deletes aliases as well
     database.query('DELETE FROM mailboxes WHERE (name=? OR aliasTarget = ?) AND domain = ?', [ name, name, domain ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         callback(null);
     });
@@ -133,7 +134,7 @@ function delByDomain(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM mailboxes WHERE domain = ?', [ domain ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -144,7 +145,7 @@ function delByOwnerId(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM mailboxes WHERE ownerId=?', [ id ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -161,14 +162,28 @@ function updateName(oldName, oldDomain, newName, newDomain, callback) {
     if (oldName === newName && oldDomain === newDomain) return callback(null);
 
     database.query('UPDATE mailboxes SET name=?, domain=? WHERE name=? AND domain = ?', [ newName, newDomain, oldName, oldDomain ], function (error, result) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mailbox already exists'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mailbox already exists'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         callback(null);
     });
 }
 
+function get(name, domain, callback) {
+    assert.strictEqual(typeof name, 'string');
+    assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND domain = ?',
+        [ name, domain ], function (error, results) {
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
+
+            callback(null, postProcess(results[0]));
+        });
+}
+
 function getMailbox(name, domain, callback) {
     assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof domain, 'string');
@@ -176,20 +191,22 @@ function getMailbox(name, domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND type = ? AND domain = ?',
         [ name, exports.TYPE_MAILBOX, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             callback(null, postProcess(results[0]));
         });
 }
 
-function listMailboxes(domain, callback) {
+function listMailboxes(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND domain = ? ORDER BY name',
+    database.query(`SELECT ${MAILBOX_FIELDS} FROM mailboxes WHERE type = ? AND domain = ? ORDER BY name LIMIT ${(page-1)*perPage},${perPage}`,
         [ exports.TYPE_MAILBOX, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -203,7 +220,7 @@ function getLists(domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND domain = ?',
         [ exports.TYPE_LIST, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -218,8 +235,8 @@ function getList(name, domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE type = ? AND name = ? AND domain = ?',
         [ exports.TYPE_LIST, name, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             callback(null, postProcess(results[0]));
         });
@@ -230,8 +247,8 @@ function getByOwnerId(ownerId, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE ownerId = ? ORDER BY name', [ ownerId ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         results.forEach(function (result) { postProcess(result); });
 
@@ -246,8 +263,8 @@ function setAliasesForName(name, domain, aliases, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND domain = ?', [ name, domain ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
         var queries = [];
         // clear existing aliases
@@ -258,8 +275,14 @@ function setAliasesForName(name, domain, aliases, callback) {
         });
 
         database.transaction(queries, function (error) {
-            if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, error.message));
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error && error.code === 'ER_DUP_ENTRY' && error.message.indexOf('mailboxes_name_domain_unique_index') !== -1) {
+                var aliasMatch = error.message.match(new RegExp(`^ER_DUP_ENTRY: Duplicate entry '(.*)-${domain}' for key 'mailboxes_name_domain_unique_index'$`));
+                if (!aliasMatch) return callback(new BoxError(BoxError.ALREADY_EXISTS, error));
+
+                return callback(new BoxError(BoxError.ALREADY_EXISTS, `Mailbox, mailinglist or alias for ${aliasMatch[1]} already exists`));
+            }
+
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             callback(null);
         });
@@ -273,20 +296,22 @@ function getAliasesForName(name, domain, callback) {
 
     database.query('SELECT name FROM mailboxes WHERE type = ? AND aliasTarget = ? AND domain = ? ORDER BY name',
         [ exports.TYPE_ALIAS, name, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results = results.map(function (r) { return r.name; });
             callback(null, results);
         });
 }
 
-function listAliases(domain, callback) {
+function listAliases(domain, page, perPage, callback) {
     assert.strictEqual(typeof domain, 'string');
+    assert.strictEqual(typeof page, 'number');
+    assert.strictEqual(typeof perPage, 'number');
     assert.strictEqual(typeof callback, 'function');
 
-    database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE domain = ? AND type = ? ORDER BY name',
+    database.query(`SELECT ${MAILBOX_FIELDS} FROM mailboxes WHERE domain = ? AND type = ? ORDER BY name LIMIT ${(page-1)*perPage},${perPage}`,
         [ domain, exports.TYPE_ALIAS ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
             results.forEach(function (result) { postProcess(result); });
 
@@ -301,8 +326,8 @@ function getAlias(name, domain, callback) {
 
     database.query('SELECT ' + MAILBOX_FIELDS + ' FROM mailboxes WHERE name = ? AND type = ? AND domain = ?',
         [ name, exports.TYPE_ALIAS, domain ], function (error, results) {
-            if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-            if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+            if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+            if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mailbox not found'));
 
             results.forEach(function (result) { postProcess(result); });
 

src/maildb.js

@@ -15,8 +15,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror.js'),
     safe = require('safetydance');
 
 var MAILDB_FIELDS = [ 'domain', 'enabled', 'mailFromValidation', 'catchAllJson', 'relayJson', 'dkimSelector' ].join(',');
@@ -40,9 +40,9 @@ function add(domain, data, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO mail (domain, dkimSelector) VALUES (?, ?)', [ domain, data.dkimSelector || 'cloudron' ], function (error) {
-        if (error && error.code === 'ER_DUP_ENTRY') return callback(new DatabaseError(DatabaseError.ALREADY_EXISTS, 'mail domain already exists'));
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND), 'no such domain');
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_DUP_ENTRY') return callback(new BoxError(BoxError.ALREADY_EXISTS, 'mail domain already exists'));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND), 'no such domain');
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });
@@ -53,7 +53,7 @@ function clear(callback) {
 
     // using TRUNCATE makes it fail foreign key check
     database.query('DELETE FROM mail', [], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
         callback(null);
     });
 }
@@ -64,9 +64,9 @@ function del(domain, callback) {
 
     // deletes aliases as well
     database.query('DELETE FROM mail WHERE domain=?', [ domain ], function (error, result) {
-        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new DatabaseError(DatabaseError.IN_USE));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error && error.code === 'ER_ROW_IS_REFERENCED_2') return callback(new BoxError(BoxError.CONFLICT));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
 
         callback(null);
     });
@@ -77,8 +77,8 @@ function get(domain, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILDB_FIELDS + ' FROM mail WHERE domain = ?', [ domain ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
 
         callback(null, postProcess(results[0]));
     });
@@ -88,7 +88,7 @@ function list(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + MAILDB_FIELDS + ' FROM mail ORDER BY domain', function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(function (result) { postProcess(result); });
 
@@ -118,8 +118,8 @@ function update(domain, data, callback) {
     args.push(domain);
 
     database.query('UPDATE mail SET ' + fields.join(', ') + ' WHERE domain=?', args, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Mail domain not found'));
 
         callback(null);
     });

src/mailer.js

@@ -17,6 +17,7 @@ exports = module.exports = {
     backupFailed: backupFailed,
 
     certificateRenewalError: certificateRenewalError,
+    boxUpdateError: boxUpdateError,
 
     sendTestMail: sendTestMail,
 
@@ -24,11 +25,11 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    constants = require('./constants.js'),
+    BoxError = require('./boxerror.js'),
     custom = require('./custom.js'),
     debug = require('debug')('box:mailer'),
-    docker = require('./docker.js').connection,
     ejs = require('ejs'),
+    mail = require('./mail.js'),
     nodemailer = require('nodemailer'),
     path = require('path'),
     safe = require('safetydance'),
@@ -68,31 +69,20 @@ function sendMail(mailOptions, callback) {
         return callback();
     }
 
-    docker.getContainer('mail').inspect(function (error, data) {
+    mail.getMailAuth(function (error, data) {
         if (error) return callback(error);
 
-        var mailServerIp = safe.query(data, 'NetworkSettings.Networks.cloudron.IPAddress');
-        if (!mailServerIp) return callback('Error querying mail server IP');
-
-        // extract the relay token for auth
-        const env = safe.query(data, 'Config.Env', null);
-        if (!env) return callback(new Error('Error getting mail env'));
-        const tmp = env.find(function (e) { return e.indexOf('CLOUDRON_RELAY_TOKEN') === 0; });
-        if (!tmp) return callback(new Error('Error getting CLOUDRON_RELAY_TOKEN env var'));
-        const relayToken = tmp.slice('CLOUDRON_RELAY_TOKEN'.length + 1); // +1 for the = sign
-        if (!relayToken)  return callback(new Error('Error parsing CLOUDRON_RELAY_TOKEN'));
-
         var transport = nodemailer.createTransport(smtpTransport({
-            host: mailServerIp,
-            port: constants.INTERNAL_SMTP_PORT,
+            host: data.ip,
+            port: data.port,
             auth: {
                 user: mailOptions.authUser || `no-reply@${settings.adminDomain()}`,
-                pass: relayToken
+                pass: data.relayToken
             }
         }));
 
         transport.sendMail(mailOptions, function (error) {
-            if (error) return callback(error);
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
             debug(`Email "${mailOptions.subject}" sent to ${mailOptions.to}`);
 
@@ -411,6 +401,24 @@ function certificateRenewalError(mailTo, domain, message) {
     });
 }
 
+function boxUpdateError(mailTo, message) {
+    assert.strictEqual(typeof mailTo, 'string');
+    assert.strictEqual(typeof message, 'string');
+
+    getMailConfig(function (error, mailConfig) {
+        if (error) return debug('Error getting mail details:', error);
+
+        var mailOptions = {
+            from: mailConfig.notificationFrom,
+            to: mailTo,
+            subject: util.format('[%s] Cloudron update error', mailConfig.cloudronName),
+            text: render('box_update_error.ejs', { message: message, format: 'text' })
+        };
+
+        sendMail(mailOptions);
+    });
+}
+
 function oomEvent(mailTo, program, event) {
     assert.strictEqual(typeof mailTo, 'string');
     assert.strictEqual(typeof program, 'string');

src/nginxconfig.ejs

@@ -97,6 +97,14 @@ server {
 <% if ( endpoint === 'admin' ) { -%>
     # CSP headers for the admin/dashboard resources
     add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
+<% } else { %>
+    <% if (cspQuoted) { %>
+    add_header Content-Security-Policy <%- cspQuoted %>;
+    <% } %>
+
+    <% for (var i = 0; i < hideHeaders.length; i++) { -%>
+    proxy_hide_header <%- hideHeaders[i] %>;
+    <% } %>
 <% } -%>
 
     proxy_http_version 1.1;

src/notificationdb.js

@@ -13,8 +13,8 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 const NOTIFICATION_FIELDS = [ 'id', 'userId', 'eventId', 'title', 'message', 'creationTime', 'acknowledged' ];
 
@@ -34,8 +34,8 @@ function add(notification, callback) {
     const args = [ notification.userId, notification.eventId, notification.title, notification.message, notification.acknowledged ];
 
     database.query(query, args, function (error, result) {
-        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new DatabaseError(DatabaseError.NOT_FOUND, 'no such eventlog entry'));
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error && error.code === 'ER_NO_REFERENCED_ROW_2') return callback(new BoxError(BoxError.NOT_FOUND, 'no such eventlog entry'));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, String(result.insertId));
     });
@@ -47,8 +47,8 @@ function getByUserIdAndTitle(userId, title, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + NOTIFICATION_FIELDS + ' from notifications WHERE userId = ? AND title = ? ORDER BY creationTime LIMIT 1', [ userId, title ], function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (results.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (results.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         postProcess(results[0]);
 
@@ -70,8 +70,8 @@ function update(id, data, callback) {
     args.push(id);
 
     database.query('UPDATE notifications SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         callback(null);
     });
@@ -82,8 +82,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + NOTIFICATION_FIELDS + ' FROM notifications WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         postProcess(result[0]);
 
@@ -96,8 +96,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM notifications WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Notification not found'));
 
         callback(null);
     });
@@ -118,7 +118,7 @@ function listByUserIdPaged(userId, page, perPage, callback) {
     data.push(perPage);
 
     database.query(query, data, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 
@@ -130,7 +130,7 @@ function clear(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM notifications', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null);
     });

src/notifications.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    NotificationsError: NotificationsError,
-
     get: get,
     ack: ack,
     getAllPaged: getAllPaged,
@@ -24,39 +22,16 @@ exports = module.exports = {
 
 let assert = require('assert'),
     async = require('async'),
-    auditsource = require('./auditsource.js'),
+    auditSource = require('./auditsource.js'),
+    BoxError = require('./boxerror.js'),
     changelog = require('./changelog.js'),
     custom = require('./custom.js'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:notifications'),
     eventlog = require('./eventlog.js'),
     mailer = require('./mailer.js'),
     notificationdb = require('./notificationdb.js'),
     settings = require('./settings.js'),
-    users = require('./users.js'),
-    util = require('util');
-
-function NotificationsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(NotificationsError, Error);
-NotificationsError.INTERNAL_ERROR = 'Internal Error';
-NotificationsError.NOT_FOUND = 'Not Found';
+    users = require('./users.js');
 
 function add(userId, eventId, title, message, callback) {
     assert.strictEqual(typeof userId, 'string');
@@ -74,8 +49,7 @@ function add(userId, eventId, title, message, callback) {
         message: message,
         acknowledged: false
     }, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND, error.message));
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, { id: result });
     });
@@ -86,8 +60,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     notificationdb.get(id, function (error, result) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND));
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, result);
     });
@@ -98,8 +71,7 @@ function ack(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     notificationdb.update(id, { acknowledged: true }, function (error) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND));
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null);
     });
@@ -114,7 +86,7 @@ function getAllPaged(userId, acknowledged, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     notificationdb.listByUserIdPaged(userId, page, perPage, function (error, result) {
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         if (acknowledged === null) return callback(null, result);
 
@@ -129,7 +101,7 @@ function actionForAllAdmins(skippingUserIds, iterator, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     users.getAllAdmins(function (error, result) {
-        if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         // filter out users we want to skip (like the user who did the action or the user the action was performed on)
         result = result.filter(function (r) { return skippingUserIds.indexOf(r.id) === -1; });
@@ -255,7 +227,8 @@ function appUpdated(eventId, app, callback) {
     }, callback);
 }
 
-function boxUpdated(oldVersion, newVersion, callback) {
+function boxUpdated(eventId, oldVersion, newVersion, callback) {
+    assert.strictEqual(typeof eventId, 'string');
     assert.strictEqual(typeof oldVersion, 'string');
     assert.strictEqual(typeof newVersion, 'string');
     assert.strictEqual(typeof callback, 'function');
@@ -264,7 +237,21 @@ function boxUpdated(oldVersion, newVersion, callback) {
     const changelogMarkdown = changes.map((m) => `* ${m}\n`).join('');
 
     actionForAllAdmins([], function (admin, done) {
-        add(admin.id, null, `Cloudron updated to v${newVersion}`, `Cloudron was updated from v${oldVersion} to v${newVersion}.\n\nChangelog:\n${changelogMarkdown}\n`, done);
+        add(admin.id, eventId, `Cloudron updated to v${newVersion}`, `Cloudron was updated from v${oldVersion} to v${newVersion}.\n\nChangelog:\n${changelogMarkdown}\n`, done);
+    }, callback);
+}
+
+function boxUpdateError(eventId, errorMessage, callback) {
+    assert.strictEqual(typeof eventId, 'string');
+    assert.strictEqual(typeof errorMessage, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (custom.spec().alerts.email) mailer.boxUpdateError(custom.spec().alerts.email, errorMessage);
+    if (!custom.spec().alerts.notifyCloudronAdmins) return callback();
+
+    actionForAllAdmins([], function (admin, done) {
+        mailer.boxUpdateError(admin.email, errorMessage);
+        add(admin.id, eventId, 'Cloudron update failed', `Failed to update Cloudron: ${errorMessage}. Update will be retried in 4 hours`, done);
     }, callback);
 }
 
@@ -294,7 +281,7 @@ function backupFailed(eventId, taskId, errorMessage, callback) {
 
     actionForAllAdmins([], function (admin, callback) {
         mailer.backupFailed(admin.email, errorMessage, `${settings.adminOrigin()}/logs.html?taskId=${taskId}`);
-        add(admin.id, eventId, 'Failed to backup', `Backup failed: ${errorMessage}. Logs are available [here](/logs.html?taskId=${taskId}). Will be retried in 4 hours`, callback);
+        add(admin.id, eventId, 'Backup failed', `Backup failed: ${errorMessage}. Logs are available [here](/logs.html?taskId=${taskId}). Will be retried in 4 hours`, callback);
     }, callback);
 }
 
@@ -319,15 +306,14 @@ function alert(id, title, message, callback) {
         };
 
         notificationdb.getByUserIdAndTitle(admin.id, title, function (error, result) {
-            if (error && error.reason !== DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+            if (error && error.reason !== BoxError.NOT_FOUND) return callback(error);
 
             if (!result && acknowledged) return callback(); // do not add acked alerts
 
             let updateFunc = !result ? notificationdb.add.bind(null, data) : notificationdb.update.bind(null, result.id, data);
 
             updateFunc(function (error) {
-                if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new NotificationsError(NotificationsError.NOT_FOUND, error.message));
-                if (error) return callback(new NotificationsError(NotificationsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 callback(null);
             });
@@ -347,7 +333,7 @@ function onEvent(id, action, source, data, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     // external ldap syncer does not generate notifications - FIXME username might be an issue here
-    if (source.username === auditsource.EXTERNAL_LDAP_TASK.username) return callback();
+    if (source.username === auditSource.EXTERNAL_LDAP_TASK.username) return callback();
 
     switch (action) {
     case eventlog.ACTION_USER_ADD:
@@ -379,11 +365,15 @@ function onEvent(id, action, source, data, callback) {
         return certificateRenewalError(id, data.domain, data.errorMessage, callback);
 
     case eventlog.ACTION_BACKUP_FINISH:
-        if (!data.errorMessage || source.username !== 'cron') return callback();
-        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups
+        if (!data.errorMessage) return callback();
+        if (source.username !== auditSource.CRON.username && !data.timedOut) return callback(); // manual stop by user
+
+        return backupFailed(id, data.taskId, data.errorMessage, callback); // only notify for automated backups or timedout
 
     case eventlog.ACTION_UPDATE_FINISH:
-        return boxUpdated(data.oldVersion, data.newVersion, callback);
+        if (!data.errorMessage) return boxUpdated(id, data.oldVersion, data.newVersion, callback);
+        if (data.timedOut) return boxUpdateError(id, data.errorMessage, callback);
+        return callback();
 
     default:
         return callback();

src/provision.js

@@ -6,23 +6,19 @@ exports = module.exports = {
     activate: activate,
     getStatus: getStatus,
 
-    autoRegister: autoRegister,
-
-    ProvisionError: ProvisionError
+    autoRegister: autoRegister
 };
 
 var appstore = require('./appstore.js'),
-    AppstoreError = require('./appstore.js').AppstoreError,
     assert = require('assert'),
     async = require('async'),
     backups = require('./backups.js'),
-    BackupsError = require('./backups.js').BackupsError,
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     clients = require('./clients.js'),
     cloudron = require('./cloudron.js'),
     debug = require('debug')('box:provision'),
     domains = require('./domains.js'),
-    DomainsError = domains.DomainsError,
     eventlog = require('./eventlog.js'),
     fs = require('fs'),
     mail = require('./mail.js'),
@@ -30,12 +26,10 @@ var appstore = require('./appstore.js'),
     safe = require('safetydance'),
     semver = require('semver'),
     settings = require('./settings.js'),
-    superagent = require('superagent'),
     sysinfo = require('./sysinfo.js'),
+    superagent = require('superagent'),
     users = require('./users.js'),
-    UsersError = users.UsersError,
     tld = require('tldjs'),
-    util = require('util'),
     _ = require('underscore');
 
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
@@ -54,33 +48,6 @@ let gProvisionStatus = {
     }
 };
 
-function ProvisionError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(ProvisionError, Error);
-ProvisionError.BAD_FIELD = 'Field error';
-ProvisionError.BAD_STATE = 'Bad State';
-ProvisionError.ALREADY_SETUP = 'Already Setup';
-ProvisionError.INTERNAL_ERROR = 'Internal Error';
-ProvisionError.EXTERNAL_ERROR = 'External Error';
-ProvisionError.LICENSE_ERROR = 'License Error';
-ProvisionError.ALREADY_PROVISIONED = 'Already Provisioned';
-
 function setProgress(task, message, callback) {
     debug(`setProgress: ${task} - ${message}`);
     gProvisionStatus[task].message = message;
@@ -94,14 +61,14 @@ function autoRegister(domain, callback) {
     if (!fs.existsSync(paths.LICENSE_FILE)) return callback();
 
     const license = safe.fs.readFileSync(paths.LICENSE_FILE, 'utf8');
-    if (!license) return callback(new ProvisionError(ProvisionError.EXTERNAL_ERROR, 'Cannot read license'));
+    if (!license) return callback(new BoxError(BoxError.LICENSE_ERROR, 'Cannot read license'));
 
     debug('Auto-registering cloudron');
 
     appstore.registerWithLicense(license.trim(), domain, function (error) {
-        if (error && error.reason !== AppstoreError.ALREADY_REGISTERED) {
+        if (error && error.reason !== BoxError.CONFLICT) { // not already registered
             debug('Failed to auto-register cloudron', error);
-            return callback(new ProvisionError(ProvisionError.LICENSE_ERROR, 'Failed to auto-register Cloudron with license. Please contact support@cloudron.io'));
+            return callback(new BoxError(BoxError.LICENSE_ERROR, 'Failed to auto-register Cloudron with license. Please contact support@cloudron.io'));
         }
 
         callback();
@@ -122,13 +89,13 @@ function unprovision(callback) {
 }
 
 
-function setup(dnsConfig, backupConfig, auditSource, callback) {
+function setup(dnsConfig, sysinfoConfig, auditSource, callback) {
     assert.strictEqual(typeof dnsConfig, 'object');
-    assert.strictEqual(typeof backupConfig, 'object');
+    assert.strictEqual(typeof sysinfoConfig, 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new ProvisionError(ProvisionError.BAD_STATE, 'Already setting up or restoring'));
+    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new BoxError(BoxError.BAD_STATE, 'Already setting up or restoring'));
 
     gProvisionStatus.setup = { active: true, errorMessage: '', message: 'Adding domain' };
 
@@ -139,11 +106,11 @@ function setup(dnsConfig, backupConfig, auditSource, callback) {
     }
 
     users.isActivated(function (error, activated) {
-        if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
-        if (activated) return done(new ProvisionError(ProvisionError.ALREADY_SETUP));
+        if (error) return done(error);
+        if (activated) return done(new BoxError(BoxError.CONFLICT, 'Already activated', { activate: true }));
 
         unprovision(function (error) {
-            if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return done(error);
 
             const domain = dnsConfig.domain.toLowerCase();
             const zoneName = dnsConfig.zoneName ? dnsConfig.zoneName : (tld.getDomain(domain) || domain);
@@ -159,23 +126,25 @@ function setup(dnsConfig, backupConfig, auditSource, callback) {
             };
 
             domains.add(domain, data, auditSource, function (error) {
-                if (error && error.reason === DomainsError.BAD_FIELD) return done(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-                if (error && error.reason === DomainsError.ALREADY_EXISTS) return done(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-                if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+                if (error) return done(error);
 
-                callback(); // now that args are validated run the task in the background
+                sysinfo.testConfig(sysinfoConfig, function (error) {
+                    if (error) return done(error);
 
-                async.series([
-                    autoRegister.bind(null, domain),
-                    domains.prepareDashboardDomain.bind(null, domain, auditSource, (progress) => setProgress('setup', progress.message, NOOP_CALLBACK)),
-                    cloudron.setDashboardDomain.bind(null, domain, auditSource),
-                    mail.addDomain.bind(null, domain), // this relies on settings.mailFqdn() and settings.adminDomain()
-                    (next) => { if (!backupConfig) return next(); settings.setBackupConfig(backupConfig, next); },
-                    setProgress.bind(null, 'setup', 'Done'),
-                    eventlog.add.bind(null, eventlog.ACTION_PROVISION, auditSource, { })
-                ], function (error) {
-                    gProvisionStatus.setup.active = false;
-                    gProvisionStatus.setup.errorMessage = error ? error.message : '';
+                    callback(); // now that args are validated run the task in the background
+
+                    async.series([
+                        autoRegister.bind(null, domain),
+                        settings.setSysinfoConfig.bind(null, sysinfoConfig),
+                        domains.prepareDashboardDomain.bind(null, domain, auditSource, (progress) => setProgress('setup', progress.message, NOOP_CALLBACK)),
+                        cloudron.setDashboardDomain.bind(null, domain, auditSource),
+                        mail.addDomain.bind(null, domain), // this relies on settings.mailFqdn() and settings.adminDomain()
+                        setProgress.bind(null, 'setup', 'Done'),
+                        eventlog.add.bind(null, eventlog.ACTION_PROVISION, auditSource, { })
+                    ], function (error) {
+                        gProvisionStatus.setup.active = false;
+                        gProvisionStatus.setup.errorMessage = error ? error.message : '';
+                    });
                 });
             });
         });
@@ -221,12 +190,11 @@ function activate(username, password, email, displayName, ip, auditSource, callb
     setTimeZone(ip, function () { }); // TODO: get this from user. note that timezone is detected based on the browser location and not the cloudron region
 
     users.createOwner(username, password, email, displayName, auditSource, function (error, userObject) {
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return callback(new ProvisionError(ProvisionError.ALREADY_PROVISIONED, 'Already activated'));
-        if (error && error.reason === UsersError.BAD_FIELD) return callback(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-        if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.ALREADY_EXISTS) return callback(new BoxError(BoxError.CONFLICT, 'Already activated'));
+        if (error) return callback(error);
 
         clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
-            if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             eventlog.add(eventlog.ACTION_ACTIVATE, auditSource, { });
 
@@ -241,17 +209,18 @@ function activate(username, password, email, displayName, ip, auditSource, callb
     });
 }
 
-function restore(backupConfig, backupId, version, auditSource, callback) {
+function restore(backupConfig, backupId, version, sysinfoConfig, auditSource, callback) {
     assert.strictEqual(typeof backupConfig, 'object');
     assert.strictEqual(typeof backupId, 'string');
     assert.strictEqual(typeof version, 'string');
+    assert.strictEqual(typeof sysinfoConfig, 'object');
     assert.strictEqual(typeof auditSource, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!semver.valid(version)) return callback(new ProvisionError(ProvisionError.BAD_STATE, 'version is not a valid semver'));
-    if (semver.major(constants.VERSION) !== semver.major(version) || semver.minor(constants.VERSION) !== semver.minor(version)) return callback(new ProvisionError(ProvisionError.BAD_STATE, `Run cloudron-setup with --version ${version} to restore from this backup`));
+    if (!semver.valid(version)) return callback(new BoxError(BoxError.BAD_FIELD, 'version is not a valid semver', { field: 'version' }));
+    if (semver.major(constants.VERSION) !== semver.major(version) || semver.minor(constants.VERSION) !== semver.minor(version)) return callback(new BoxError(BoxError.BAD_STATE, `Run cloudron-setup with --version ${version} to restore from this backup`));
 
-    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new ProvisionError(ProvisionError.BAD_STATE, 'Already setting up or restoring'));
+    if (gProvisionStatus.setup.active || gProvisionStatus.restore.active) return callback(new BoxError(BoxError.BAD_STATE, 'Already setting up or restoring'));
 
     gProvisionStatus.restore = { active: true, errorMessage: '', message: 'Testing backup config' };
 
@@ -262,29 +231,32 @@ function restore(backupConfig, backupId, version, auditSource, callback) {
     }
 
     users.isActivated(function (error, activated) {
-        if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
-        if (activated) return done(new ProvisionError(ProvisionError.ALREADY_PROVISIONED, 'Already activated. Restore with a fresh Cloudron installation.'));
+        if (error) return done(error);
+        if (activated) return done(new BoxError(BoxError.CONFLICT, 'Already activated. Restore with a fresh Cloudron installation.'));
 
         backups.testConfig(backupConfig, function (error) {
-            if (error && error.reason === BackupsError.BAD_FIELD) return done(new ProvisionError(ProvisionError.BAD_FIELD, error.message));
-            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return done(new ProvisionError(ProvisionError.EXTERNAL_ERROR, error.message));
-            if (error) return done(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return done(error);
 
-            debug(`restore: restoring from ${backupId} from provider ${backupConfig.provider} with format ${backupConfig.format}`);
+            sysinfo.testConfig(sysinfoConfig, function (error) {
+                if (error) return done(error);
 
-            callback(); // now that the fields are validated, continue task in the background
+                debug(`restore: restoring from ${backupId} from provider ${backupConfig.provider} with format ${backupConfig.format}`);
 
-            async.series([
-                setProgress.bind(null, 'restore', 'Downloading backup'),
-                backups.restore.bind(null, backupConfig, backupId, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
-                cloudron.setupDashboard.bind(null, auditSource, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
-                settings.setBackupConfig.bind(null, backupConfig), // update with the latest backupConfig
-                eventlog.add.bind(null, eventlog.ACTION_RESTORE, auditSource, { backupId }),
-            ], function (error) {
-                gProvisionStatus.restore.active = false;
-                gProvisionStatus.restore.errorMessage = error ? error.message : '';
+                callback(); // now that the fields are validated, continue task in the background
 
-                if (!error) cloudron.onActivated(NOOP_CALLBACK);
+                async.series([
+                    setProgress.bind(null, 'restore', 'Downloading backup'),
+                    backups.restore.bind(null, backupConfig, backupId, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
+                    settings.setSysinfoConfig.bind(null, sysinfoConfig),
+                    cloudron.setupDashboard.bind(null, auditSource, (progress) => setProgress('restore', progress.message, NOOP_CALLBACK)),
+                    settings.setBackupConfig.bind(null, backupConfig), // update with the latest backupConfig
+                    eventlog.add.bind(null, eventlog.ACTION_RESTORE, auditSource, { backupId }),
+                ], function (error) {
+                    gProvisionStatus.restore.active = false;
+                    gProvisionStatus.restore.errorMessage = error ? error.message : '';
+
+                    if (!error) cloudron.onActivated(NOOP_CALLBACK);
+                });
             });
         });
     });
@@ -294,15 +266,15 @@ function getStatus(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     users.isActivated(function (error, activated) {
-        if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         settings.getCloudronName(function (error, cloudronName) {
-            if (error) return callback(new ProvisionError(ProvisionError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback(null, _.extend({
                 version: constants.VERSION,
                 apiServerOrigin: settings.apiServerOrigin(), // used by CaaS tool
-                provider: sysinfo.provider(),
+                provider: settings.provider(),
                 cloudronName: cloudronName,
                 adminFqdn: settings.adminDomain() ? settings.adminFqdn() : null,
                 activated: activated,

src/reverseproxy.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    ReverseProxyError: ReverseProxyError,
-
     setFallbackCertificate: setFallbackCertificate,
     getFallbackCertificate: getFallbackCertificate,
 
@@ -36,6 +34,7 @@ var acme2 = require('./cert/acme2.js'),
     apps = require('./apps.js'),
     assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     caas = require('./cert/caas.js'),
     constants = require('./constants.js'),
     crypto = require('crypto'),
@@ -57,32 +56,9 @@ var acme2 = require('./cert/acme2.js'),
     users = require('./users.js'),
     util = require('util');
 
-var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/appconfig.ejs', { encoding: 'utf8' }),
+var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/nginxconfig.ejs', { encoding: 'utf8' }),
     RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh');
 
-function ReverseProxyError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(ReverseProxyError, Error);
-ReverseProxyError.INTERNAL_ERROR = 'Internal Error';
-ReverseProxyError.INVALID_CERT = 'Invalid certificate';
-ReverseProxyError.NOT_FOUND = 'Not Found';
-
 function getCertApi(domainObject, callback) {
     assert.strictEqual(typeof domainObject, 'object');
     assert.strictEqual(typeof callback, 'function');
@@ -164,29 +140,29 @@ function validateCertificate(location, domainObject, certificate) {
     const cert = certificate.cert, key = certificate.key;
 
     // check for empty cert and key strings
-    if (!cert && key) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'missing cert');
-    if (cert && !key) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'missing key');
+    if (!cert && key) return new BoxError(BoxError.BAD_FIELD, 'missing cert', { field: 'cert' });
+    if (cert && !key) return new BoxError(BoxError.BAD_FIELD, 'missing key', { field: 'key' });
 
     // -checkhost checks for SAN or CN exclusively. SAN takes precedence and if present, ignores the CN.
     const fqdn = domains.fqdn(location, domainObject);
 
     var result = safe.child_process.execSync(`openssl x509 -noout -checkhost "${fqdn}"`, { encoding: 'utf8', input: cert });
-    if (result === null) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'Unable to get certificate subject:' + safe.error.message);
+    if (result === null) return new BoxError(BoxError.BAD_FIELD, 'Unable to get certificate subject:' + safe.error.message, { field: 'cert' });
 
-    if (result.indexOf('does match certificate') === -1) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, `Certificate is not valid for this domain. Expecting ${fqdn}`);
+    if (result.indexOf('does match certificate') === -1) return new BoxError(BoxError.BAD_FIELD, `Certificate is not valid for this domain. Expecting ${fqdn}`, { field: 'cert' });
 
     // http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#verify
     var certModulus = safe.child_process.execSync('openssl x509 -noout -modulus', { encoding: 'utf8', input: cert });
-    if (certModulus === null) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, `Unable to get cert modulus: ${safe.error.message}`);
+    if (certModulus === null) return new BoxError(BoxError.BAD_FIELD, `Unable to get cert modulus: ${safe.error.message}`, { field: 'cert' });
 
     var keyModulus = safe.child_process.execSync('openssl rsa -noout -modulus', { encoding: 'utf8', input: key });
-    if (keyModulus === null) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, `Unable to get key modulus: ${safe.error.message}`);
+    if (keyModulus === null) return new BoxError(BoxError.BAD_FIELD, `Unable to get key modulus: ${safe.error.message}`, { field: 'cert' });
 
-    if (certModulus !== keyModulus) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'Key does not match the certificate.');
+    if (certModulus !== keyModulus) return new BoxError(BoxError.BAD_FIELD, 'Key does not match the certificate.', { field: 'cert' });
 
     // check expiration
     result = safe.child_process.execSync('openssl x509 -checkend 0', { encoding: 'utf8', input: cert });
-    if (!result) return new ReverseProxyError(ReverseProxyError.INVALID_CERT, 'Certificate has expired.');
+    if (!result) return new BoxError(BoxError.BAD_FIELD, 'Certificate has expired.', { field: 'cert' });
 
     return null;
 }
@@ -194,7 +170,11 @@ function validateCertificate(location, domainObject, certificate) {
 function reload(callback) {
     if (process.env.BOX_ENV === 'test') return callback();
 
-    shell.sudo('reload', [ RELOAD_NGINX_CMD ], {}, callback);
+    shell.sudo('reload', [ RELOAD_NGINX_CMD ], {}, function (error) {
+        if (error) return callback(new BoxError(BoxError.NGINX_ERROR, error));
+
+        callback();
+    });
 }
 
 function generateFallbackCertificateSync(domainObject) {
@@ -215,15 +195,15 @@ function generateFallbackCertificateSync(domainObject) {
     let configFile = path.join(os.tmpdir(), 'openssl-' + crypto.randomBytes(4).readUInt32LE(0) + '.conf');
     safe.fs.writeFileSync(configFile, opensslConfWithSan, 'utf8');
     let certCommand = util.format(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 3650 -subj /CN=*.${cn} -extensions SAN -config ${configFile} -nodes`);
-    if (!safe.child_process.execSync(certCommand)) return { error: new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message) };
+    if (!safe.child_process.execSync(certCommand)) return { error: new BoxError(BoxError.OPENSSL_ERROR, safe.error.message) };
     safe.fs.unlinkSync(configFile);
 
     const cert = safe.fs.readFileSync(certFilePath, 'utf8');
-    if (!cert) return { error: safe.error };
+    if (!cert) return { error: new BoxError(BoxError.FS_ERROR, safe.error.message) };
     safe.fs.unlinkSync(certFilePath);
 
     const key = safe.fs.readFileSync(keyFilePath, 'utf8');
-    if (!key) return { error: safe.error };
+    if (!key) return { error: new BoxError(BoxError.FS_ERROR, safe.error.message) };
     safe.fs.unlinkSync(keyFilePath);
 
     return { cert: cert, key: key, error: null };
@@ -237,17 +217,17 @@ function setFallbackCertificate(domain, fallback, callback) {
 
     if (fallback.restricted) { // restricted certs are not backed up
         debug(`setFallbackCertificate: setting restricted certs for domain ${domain}`);
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
-        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), fallback.key)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
     } else {
         debug(`setFallbackCertificate: setting certs for domain ${domain}`);
-        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
-        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
+        if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
     }
 
     // TODO: maybe the cert is being used by the mail container
     reload(function (error) {
-        if (error) return callback(new ReverseProxyError(ReverseProxyError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.NGINX_ERROR, error));
 
         return callback(null);
     });
@@ -414,7 +394,7 @@ function writeAdminNginxConfig(bundle, configFileName, vhost, callback) {
     var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
     var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, configFileName);
 
-    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(safe.error);
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
 
     reload(callback);
 }
@@ -464,6 +444,15 @@ function writeAppNginxConfig(app, bundle, callback) {
     var sourceDir = path.resolve(__dirname, '..');
     var endpoint = 'app';
 
+    let robotsTxtQuoted = null, hideHeaders = [], cspQuoted = null;
+    const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
+    if (reverseProxyConfig.robotsTxt) robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
+    if (reverseProxyConfig.csp) {
+        cspQuoted = `"${app.reverseProxyConfig.csp}"`;
+        hideHeaders = [ 'Content-Security-Policy' ];
+        if (reverseProxyConfig.csp.includes('frame-ancestors ')) hideHeaders.push('X-Frame-Options');
+    }
+
     var data = {
         sourceDir: sourceDir,
         adminOrigin: settings.adminOrigin(),
@@ -473,7 +462,9 @@ function writeAppNginxConfig(app, bundle, callback) {
         endpoint: endpoint,
         certFilePath: bundle.certFilePath,
         keyFilePath: bundle.keyFilePath,
-        robotsTxtQuoted: app.robotsTxt ? JSON.stringify(app.robotsTxt) : null
+        robotsTxtQuoted,
+        cspQuoted,
+        hideHeaders
     };
     var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
@@ -482,7 +473,7 @@ function writeAppNginxConfig(app, bundle, callback) {
 
     if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
         debug('Error creating nginx config for "%s" : %s', app.fqdn, safe.error.message);
-        return callback(safe.error);
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
     }
 
     reload(callback);
@@ -502,7 +493,9 @@ function writeAppRedirectNginxConfig(app, fqdn, bundle, callback) {
         endpoint: 'redirect',
         certFilePath: bundle.certFilePath,
         keyFilePath: bundle.keyFilePath,
-        robotsTxtQuoted: null
+        robotsTxtQuoted: null,
+        cspQuoted: null,
+        hideHeaders: []
     };
     var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
 
@@ -512,7 +505,7 @@ function writeAppRedirectNginxConfig(app, fqdn, bundle, callback) {
 
     if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
         debug('Error creating nginx redirect config for "%s" : %s', app.fqdn, safe.error.message);
-        return callback(safe.error);
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
     }
 
     reload(callback);
@@ -621,7 +614,7 @@ function renewCerts(options, auditSource, progressCallback, callback) {
                 if (appDomain.type === 'webadmin') configureFunc = writeAdminNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn());
                 else if (appDomain.type === 'main') configureFunc = writeAppNginxConfig.bind(null, appDomain.app, bundle);
                 else if (appDomain.type === 'alternate') configureFunc = writeAppRedirectNginxConfig.bind(null, appDomain.app, appDomain.fqdn, bundle);
-                else return iteratorCallback(new Error(`Unknown domain type for ${appDomain.fqdn}. This should never happen`));
+                else return iteratorCallback(new BoxError(BoxError.INTERNAL_ERROR, `Unknown domain type for ${appDomain.fqdn}. This should never happen`));
 
                 configureFunc(iteratorCallback);
             });
@@ -657,7 +650,7 @@ function writeDefaultConfig(callback) {
         var cn = 'cloudron-' + (new Date()).toISOString(); // randomize date a bit to keep firefox happy
         if (!safe.child_process.execSync(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 3650 -subj /CN=${cn} -nodes`)) {
             debug(`writeDefaultConfig: could not generate certificate: ${safe.error.message}`);
-            return callback(safe.error);
+            return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
         }
     }
 

src/routes/accesscontrol.js

@@ -12,14 +12,13 @@ var accesscontrol = require('../accesscontrol.js'),
     assert = require('assert'),
     BasicStrategy = require('passport-http').BasicStrategy,
     BearerStrategy = require('passport-http-bearer').Strategy,
+    BoxError = require('../boxerror.js'),
     clients = require('../clients.js'),
     ClientPasswordStrategy = require('passport-oauth2-client-password').Strategy,
-    ClientsError = clients.ClientsError,
     HttpError = require('connect-lastmile').HttpError,
     LocalStrategy = require('passport-local').Strategy,
     passport = require('passport'),
-    users = require('../users.js'),
-    UsersError = users.UsersError;
+    users = require('../users.js');
 
 function initialize(callback) {
     assert.strictEqual(typeof callback, 'function');
@@ -42,16 +41,16 @@ function initialize(callback) {
     passport.use(new LocalStrategy(function (username, password, callback) {
         if (username.indexOf('@') === -1) {
             users.verifyWithUsername(username, password, function (error, result) {
-                if (error && error.reason === UsersError.NOT_FOUND) return callback(null, false);
-                if (error && error.reason === UsersError.WRONG_PASSWORD) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
                 if (error) return callback(error);
                 if (!result) return callback(null, false);
                 callback(null, result);
             });
         } else {
             users.verifyWithEmail(username, password, function (error, result) {
-                if (error && error.reason === UsersError.NOT_FOUND) return callback(null, false);
-                if (error && error.reason === UsersError.WRONG_PASSWORD) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
+                if (error && error.reason === BoxError.INVALID_CREDENTIALS) return callback(null, false);
                 if (error) return callback(error);
                 if (!result) return callback(null, false);
                 callback(null, result);
@@ -62,7 +61,7 @@ function initialize(callback) {
     // Used to authenticate a OAuth2 client which uses clientId and clientSecret in the Authorization header
     passport.use(new BasicStrategy(function (clientId, clientSecret, callback) {
         clients.get(clientId, function (error, client) {
-            if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
             if (error) return callback(error);
             if (client.clientSecret !== clientSecret) return callback(null, false);
             callback(null, client);
@@ -72,7 +71,7 @@ function initialize(callback) {
     // Used to authenticate a OAuth2 client which uses clientId and clientSecret in the request body (client_id, client_secret)
     passport.use(new ClientPasswordStrategy(function (clientId, clientSecret, callback) {
         clients.get(clientId, function(error, client) {
-            if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
             if (error) { return callback(error); }
             if (client.clientSecret !== clientSecret) { return callback(null, false); }
             callback(null, client);

src/routes/apps.js

@@ -7,6 +7,7 @@ exports = module.exports = {
     installApp: installApp,
     uninstallApp: uninstallApp,
     restoreApp: restoreApp,
+    importApp: importApp,
     backupApp: backupApp,
     updateApp: updateApp,
     getLogs: getLogs,
@@ -21,7 +22,7 @@ exports = module.exports = {
     setMemoryLimit: setMemoryLimit,
     setAutomaticBackup: setAutomaticBackup,
     setAutomaticUpdate: setAutomaticUpdate,
-    setRobotsTxt: setRobotsTxt,
+    setReverseProxyConfig: setReverseProxyConfig,
     setCertificate: setCertificate,
     setDebugMode: setDebugMode,
     setEnvironment: setEnvironment,
@@ -41,9 +42,9 @@ exports = module.exports = {
 };
 
 var apps = require('../apps.js'),
-    AppsError = apps.AppsError,
     assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:routes/apps'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -51,30 +52,11 @@ var apps = require('../apps.js'),
     util = require('util'),
     WebSocket = require('ws');
 
-function toHttpError(appError) {
-    switch (appError.reason) {
-    case AppsError.NOT_FOUND:
-        return new HttpError(404, appError);
-    case AppsError.ALREADY_EXISTS:
-    case AppsError.BAD_STATE:
-        return new HttpError(409, appError);
-    case AppsError.BAD_FIELD:
-        return new HttpError(400, appError);
-    case AppsError.PLAN_LIMIT:
-        return new HttpError(402, appError);
-    case AppsError.EXTERNAL_ERROR:
-        return new HttpError(424, appError);
-    case AppsError.INTERNAL_ERROR:
-    default:
-        return new HttpError(500, appError);
-    }
-}
-
 function getApp(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
     apps.get(req.params.id, function (error, app) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, apps.removeInternalFields(app)));
     });
@@ -84,7 +66,7 @@ function getApps(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     apps.getAllByUser(req.user, function (error, allApps) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         allApps = allApps.map(apps.removeRestrictedFields);
 
@@ -96,7 +78,7 @@ function getAppIcon(req, res, next) {
     assert.strictEqual(typeof req.params.id, 'string');
 
     apps.getIconPath(req.params.id, { original: req.query.original }, function (error, iconPath) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.sendFile(iconPath);
     });
@@ -121,9 +103,6 @@ function installApp(req, res, next) {
     if (('portBindings' in data) && typeof data.portBindings !== 'object') return next(new HttpError(400, 'portBindings must be an object'));
     if ('icon' in data && typeof data.icon !== 'string') return next(new HttpError(400, 'icon is not a string'));
 
-    if (data.backupId && typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string or null'));
-    if (data.backupFormat && typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string or null'));
-
     if ('label' in data && typeof data.label !== 'string') return next(new HttpError(400, 'label must be a string'));
 
     // falsy values in cert and key unset the cert
@@ -140,8 +119,6 @@ function installApp(req, res, next) {
 
     if (('debugMode' in data) && typeof data.debugMode !== 'object') return next(new HttpError(400, 'debugMode must be an object'));
 
-    if (data.robotsTxt && typeof data.robotsTxt !== 'string') return next(new HttpError(400, 'robotsTxt must be a string'));
-
     if ('alternateDomains' in data) {
         if (!Array.isArray(data.alternateDomains)) return next(new HttpError(400, 'alternateDomains must be an array'));
         if (data.alternateDomains.some(function (d) { return (typeof d.domain !== 'string' || typeof d.subdomain !== 'string'); })) return next(new HttpError(400, 'alternateDomains array must contain objects with domain and subdomain strings'));
@@ -157,7 +134,7 @@ function installApp(req, res, next) {
     debug('Installing app :%j', data);
 
     apps.install(data, req.user, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { id: result.id, taskId: result.taskId }));
     });
@@ -170,7 +147,7 @@ function setAccessRestriction(req, res, next) {
     if (typeof req.body.accessRestriction !== 'object') return next(new HttpError(400, 'accessRestriction must be an object'));
 
     apps.setAccessRestriction(req.params.id, req.body.accessRestriction, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -183,7 +160,7 @@ function setLabel(req, res, next) {
     if (typeof req.body.label !== 'string') return next(new HttpError(400, 'label must be a string'));
 
     apps.setLabel(req.params.id, req.body.label, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -197,7 +174,7 @@ function setTags(req, res, next) {
     if (req.body.tags.some((t) => typeof t !== 'string')) return next(new HttpError(400, 'tags array must contain strings'));
 
     apps.setTags(req.params.id, req.body.tags, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -210,7 +187,7 @@ function setIcon(req, res, next) {
     if (req.body.icon !== null && typeof req.body.icon !== 'string') return next(new HttpError(400, 'icon is null or a base-64 image string'));
 
     apps.setIcon(req.params.id, req.body.icon, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -223,7 +200,7 @@ function setMemoryLimit(req, res, next) {
     if (typeof req.body.memoryLimit !== 'number') return next(new HttpError(400, 'memoryLimit is not a number'));
 
     apps.setMemoryLimit(req.params.id, req.body.memoryLimit, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -236,7 +213,7 @@ function setAutomaticBackup(req, res, next) {
     if (typeof req.body.enable !== 'boolean') return next(new HttpError(400, 'enable must be a boolean'));
 
     apps.setAutomaticBackup(req.params.id, req.body.enable, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -249,20 +226,22 @@ function setAutomaticUpdate(req, res, next) {
     if (typeof req.body.enable !== 'boolean') return next(new HttpError(400, 'enable must be a boolean'));
 
     apps.setAutomaticUpdate(req.params.id, req.body.enable, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
 }
 
-function setRobotsTxt(req, res, next) {
+function setReverseProxyConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
     assert.strictEqual(typeof req.params.id, 'string');
 
     if (req.body.robotsTxt !== null && typeof req.body.robotsTxt !== 'string') return next(new HttpError(400, 'robotsTxt is not a string'));
 
-    apps.setRobotsTxt(req.params.id, req.body.robotsTxt, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+    if (req.body.csp !== null && typeof req.body.csp !== 'string') return next(new HttpError(400, 'csp is not a string'));
+
+    apps.setReverseProxyConfig(req.params.id, req.body, auditSource.fromRequest(req), function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -278,7 +257,7 @@ function setCertificate(req, res, next) {
     if (!req.body.cert && req.body.key) return next(new HttpError(400, 'cert must be provided'));
 
     apps.setCertificate(req.params.id, req.body, auditSource.fromRequest(req), function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -292,7 +271,7 @@ function setEnvironment(req, res, next) {
     if (Object.keys(req.body.env).some((key) => typeof req.body.env[key] !== 'string')) return next(new HttpError(400, 'env must contain values as strings'));
 
     apps.setEnvironment(req.params.id, req.body.env, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -305,7 +284,7 @@ function setDebugMode(req, res, next) {
     if (req.body.debugMode !== null && typeof req.body.debugMode !== 'object') return next(new HttpError(400, 'debugMode must be an object'));
 
     apps.setDebugMode(req.params.id, req.body.debugMode, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -318,7 +297,7 @@ function setMailbox(req, res, next) {
     if (req.body.mailboxName !== null && typeof req.body.mailboxName !== 'string') return next(new HttpError(400, 'mailboxName must be a string'));
 
     apps.setMailbox(req.params.id, req.body.mailboxName, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -342,7 +321,7 @@ function setLocation(req, res, next) {
     if ('overwriteDns' in req.body && typeof req.body.overwriteDns !== 'boolean') return next(new HttpError(400, 'overwriteDns must be boolean'));
 
     apps.setLocation(req.params.id, req.body, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -355,7 +334,7 @@ function setDataDir(req, res, next) {
     if (req.body.dataDir !== null && typeof req.body.dataDir !== 'string') return next(new HttpError(400, 'dataDir must be a string'));
 
     apps.setDataDir(req.params.id, req.body.dataDir, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -383,7 +362,7 @@ function repairApp(req, res, next) {
     if ('overwriteDns' in req.body && typeof req.body.overwriteDns !== 'boolean') return next(new HttpError(400, 'overwriteDns must be boolean'));
 
     apps.repair(req.params.id, data, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -401,7 +380,25 @@ function restoreApp(req, res, next) {
     if (data.backupId !== null && typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string or null'));
 
     apps.restore(req.params.id, data, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(202, { taskId: result.taskId }));
+    });
+}
+
+function importApp(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+    assert.strictEqual(typeof req.params.id, 'string');
+
+    var data = req.body;
+
+    debug('Importing app id:%s', req.params.id);
+
+    if (typeof data.backupId !== 'string') return next(new HttpError(400, 'backupId must be string'));
+    if (typeof data.backupFormat !== 'string') return next(new HttpError(400, 'backupFormat must be string'));
+
+    apps.importApp(req.params.id, data, auditSource.fromRequest(req), function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -423,7 +420,7 @@ function cloneApp(req, res, next) {
     if ('overwriteDns' in req.body && typeof req.body.overwriteDns !== 'boolean') return next(new HttpError(400, 'overwriteDns must be boolean'));
 
     apps.clone(req.params.id, data, req.user, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { id: result.id, taskId: result.taskId }));
     });
@@ -435,7 +432,7 @@ function backupApp(req, res, next) {
     debug('Backup app id:%s', req.params.id);
 
     apps.backup(req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -447,7 +444,7 @@ function uninstallApp(req, res, next) {
     debug('Uninstalling app id:%s', req.params.id);
 
     apps.uninstall(req.params.id, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -459,7 +456,7 @@ function startApp(req, res, next) {
     debug('Start app id:%s', req.params.id);
 
     apps.start(req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -471,7 +468,7 @@ function stopApp(req, res, next) {
     debug('Stop app id:%s', req.params.id);
 
     apps.stop(req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -494,7 +491,7 @@ function updateApp(req, res, next) {
     debug('Update app id:%s to manifest:%j', req.params.id, data.manifest);
 
     apps.update(req.params.id, req.body, auditSource.fromRequest(req), function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId: result.taskId }));
     });
@@ -520,7 +517,7 @@ function getLogStream(req, res, next) {
     };
 
     apps.getLogs(req.params.id, options, function (error, logStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',
@@ -555,7 +552,7 @@ function getLogs(req, res, next) {
     };
 
     apps.getLogs(req.params.id, options, function (error, logStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -609,7 +606,7 @@ function exec(req, res, next) {
     var tty = req.query.tty === 'true' ? true : false;
 
     apps.exec(req.params.id, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         if (req.headers['upgrade'] !== 'tcp') return next(new HttpError(404, 'exec requires TCP upgrade'));
 
@@ -649,7 +646,7 @@ function execWebSocket(req, res, next) {
     var tty = req.query.tty === 'true' ? true : false;
 
     apps.exec(req.params.id, { cmd: cmd, rows: rows, columns: columns, tty: tty }, function (error, duplexStream) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         debug('Connected to terminal');
 
@@ -689,7 +686,7 @@ function listBackups(req, res, next) {
     if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
 
     apps.listBackups(page, perPage, req.params.id, function (error, result) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { backups: result }));
     });
@@ -704,7 +701,7 @@ function uploadFile(req, res, next) {
     if (!req.files.file) return next(new HttpError(400, 'file must be provided as multipart'));
 
     apps.uploadFile(req.params.id, req.files.file.path, req.query.file, function (error) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         debug('uploadFile: done');
 
@@ -720,7 +717,7 @@ function downloadFile(req, res, next) {
     if (typeof req.query.file !== 'string' || !req.query.file) return next(new HttpError(400, 'file query argument must be provided'));
 
     apps.downloadFile(req.params.id, req.query.file, function (error, stream, info) {
-        if (error) return next(toHttpError(error));
+        if (error) return next(BoxError.toHttpError(error));
 
         var headers = {
             'Content-Type': 'application/octet-stream',

src/routes/appstore.js

@@ -10,8 +10,8 @@ exports = module.exports = {
 };
 
 var appstore = require('../appstore.js'),
-    AppstoreError = appstore.AppstoreError,
     assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     custom = require('../custom.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
@@ -27,10 +27,7 @@ function isAppAllowed(appstoreId) {
 
 function getApps(req, res, next) {
     appstore.getApps(function (error, apps) {
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.LICENSE_ERROR) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         let filteredApps = apps.filter((app) => !custom.spec().appstore.blacklist.includes(app.id));
         if (custom.spec().appstore.whitelist) filteredApps = filteredApps.filter((app) => app.id in custom.spec().appstore.whitelist);
@@ -45,11 +42,7 @@ function getApp(req, res, next) {
     if (!isAppAllowed(req.params.appstoreId)) return next(new HttpError(405, 'feature disabled by admin'));
 
     appstore.getApp(req.params.appstoreId, function (error, app) {
-        if (error && error.reason === AppstoreError.NOT_FOUND) return next(new HttpError(404, 'No such app'));
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.LICENSE_ERROR) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, app));
     });
@@ -62,11 +55,7 @@ function getAppVersion(req, res, next) {
     if (!isAppAllowed(req.params.appstoreId)) return next(new HttpError(405, 'feature disabled by admin'));
 
     appstore.getAppVersion(req.params.appstoreId, req.params.versionId, function (error, manifest) {
-        if (error && error.reason === AppstoreError.NOT_FOUND) return next(new HttpError(404, 'No such app or version'));
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.LICENSE_ERROR) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, manifest));
     });
@@ -81,11 +70,7 @@ function registerCloudron(req, res, next) {
     if (typeof req.body.signup !== 'boolean') return next(new HttpError(400, 'signup must be a boolean'));
 
     appstore.registerWithLoginCredentials(req.body, function (error) {
-        if (error && error.reason === AppstoreError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === AppstoreError.ACCESS_DENIED) return next(new HttpError(412, error.message));
-        if (error && error.reason === AppstoreError.ALREADY_REGISTERED) return next(new HttpError(422, error.message));
-        if (error && error.reason === AppstoreError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -95,10 +80,7 @@ function getSubscription(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
     appstore.getSubscription(function (error, result) {
-        if (error && error.reason === AppstoreError.INVALID_TOKEN) return next(new HttpError(402, error.message));
-        if (error && error.reason === AppstoreError.NOT_REGISTERED) return next(new HttpError(412, error.message));
-        if (error && error.reason === AppstoreError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, result)); // { email, cloudronId, plan, cancel_at, status }
     });

src/routes/backups.js

@@ -9,7 +9,7 @@ exports = module.exports = {
 let auditSource = require('../auditsource.js'),
     backupdb = require('../backupdb.js'),
     backups = require('../backups.js'),
-    BackupsError = require('../backups.js').BackupsError,
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
@@ -21,8 +21,7 @@ function list(req, res, next) {
     if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
 
     backups.getByStatePaged(backupdb.BACKUP_STATE_NORMAL, page, perPage, function (error, result) {
-        if (error && error.reason === BackupsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { backups: result }));
     });
@@ -30,8 +29,7 @@ function list(req, res, next) {
 
 function startBackup(req, res, next) {
     backups.startBackupTask(auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === BackupsError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });
@@ -39,7 +37,7 @@ function startBackup(req, res, next) {
 
 function cleanup(req, res, next) {
     backups.startCleanupTask(auditSource.fromRequest(req), function (error, taskId) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });

src/routes/clients.js

@@ -12,8 +12,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     clients = require('../clients.js'),
-    ClientsError = clients.ClientsError,
     constants = require('../constants.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
@@ -29,9 +29,8 @@ function add(req, res, next) {
     if (!validUrl.isWebUri(data.redirectURI)) return next(new HttpError(400, 'redirectURI must be a valid uri'));
 
     clients.add(data.appId, clients.TYPE_EXTERNAL, data.redirectURI, data.scope, function (error, result) {
-        if (error && error.reason === ClientsError.INVALID_SCOPE) return next(new HttpError(400, error.message));
-        if (error && error.reason === ClientsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(201, result));
     });
 }
@@ -40,8 +39,8 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.clientId, 'string');
 
     clients.get(req.params.clientId, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(200, result));
     });
 }
@@ -50,16 +49,14 @@ function del(req, res, next) {
     assert.strictEqual(typeof req.params.clientId, 'string');
 
     clients.get(req.params.clientId, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         // we do not allow to use the REST API to delete addon clients
         if (result.type !== clients.TYPE_EXTERNAL) return next(new HttpError(405, 'Deleting app addon clients is not allowed.'));
 
         clients.del(req.params.clientId, function (error, result) {
-            if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-            if (error && error.reason === ClientsError.NOT_ALLOWED) return next(new HttpError(405, error.message));
-            if (error) return next(new HttpError(500, error));
+            if (error) return next(BoxError.toHttpError(error));
+
             next(new HttpSuccess(204, result));
         });
     });
@@ -67,7 +64,8 @@ function del(req, res, next) {
 
 function getAll(req, res, next) {
     clients.getAll(function (error, result) {
-        if (error && error.reason !== ClientsError.NOT_FOUND) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(200, { clients: result }));
     });
 }
@@ -83,8 +81,8 @@ function addToken(req, res, next) {
     if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
 
     clients.addTokenByUserId(req.params.clientId, req.user.id, expiresAt, { name: req.body.name || '' }, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(201, { token: result }));
     });
 }
@@ -94,8 +92,7 @@ function getTokens(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     clients.getTokensByUserId(req.params.clientId, req.user.id, function (error, result) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         result = result.map(clients.removeTokenPrivateFields);
 
@@ -108,8 +105,8 @@ function delTokens(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     clients.delTokensByUserId(req.params.clientId, req.user.id, function (error) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(204));
     });
 }
@@ -120,9 +117,7 @@ function delToken(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     clients.delToken(req.params.clientId, req.params.tokenId, function (error) {
-        if (error && error.reason === ClientsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === ClientsError.INVALID_TOKEN) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/routes/cloudron.js

@@ -13,22 +13,23 @@ exports = module.exports = {
     setDashboardAndMailDomain: setDashboardAndMailDomain,
     prepareDashboardDomain: prepareDashboardDomain,
     renewCerts: renewCerts,
+    getServerIp: getServerIp,
     syncExternalLdap: syncExternalLdap
 };
 
 let assert = require('assert'),
     async = require('async'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     cloudron = require('../cloudron.js'),
-    CloudronError = cloudron.CloudronError,
     custom = require('../custom.js'),
     disks = require('../disks.js'),
-    externalldap = require('../externalldap.js'),
+    externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
+    sysinfo = require('../sysinfo.js'),
     updater = require('../updater.js'),
-    updateChecker = require('../updatechecker.js'),
-    UpdaterError = require('../updater.js').UpdaterError;
+    updateChecker = require('../updatechecker.js');
 
 function reboot(req, res, next) {
     // Finish the request, to let the appstore know we triggered the reboot
@@ -39,7 +40,7 @@ function reboot(req, res, next) {
 
 function isRebootRequired(req, res, next) {
     cloudron.isRebootRequired(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { rebootRequired: result }));
     });
@@ -47,7 +48,7 @@ function isRebootRequired(req, res, next) {
 
 function getConfig(req, res, next) {
     cloudron.getConfig(function (error, cloudronConfig) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, cloudronConfig));
     });
@@ -55,7 +56,8 @@ function getConfig(req, res, next) {
 
 function getDisks(req, res, next) {
     disks.getDisks(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
+
         next(new HttpSuccess(200, result));
     });
 }
@@ -65,8 +67,8 @@ function update(req, res, next) {
 
     // this only initiates the update, progress can be checked via the progress route
     updater.updateToLatest(req.body, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === UpdaterError.ALREADY_UPTODATE) return next(new HttpError(422, error.message));
-        if (error && error.reason === UpdaterError.BAD_STATE) return next(new HttpError(409, error.message));
+        if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(422, error.message));
+        if (error && error.reason === BoxError.BAD_STATE) return next(new HttpError(409, error.message));
         if (error) return next(new HttpError(500, error));
 
         next(new HttpSuccess(202, { taskId }));
@@ -102,8 +104,7 @@ function getLogs(req, res, next) {
     };
 
     cloudron.getLogs(req.params.unit, options, function (error, logStream) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, 'Invalid type'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -132,8 +133,7 @@ function getLogStream(req, res, next) {
     };
 
     cloudron.getLogs(req.params.unit, options, function (error, logStream) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, 'Invalid type'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',
@@ -159,8 +159,7 @@ function setDashboardAndMailDomain(req, res, next) {
     if (!custom.spec().domains.changeDashboardDomain) return next(new HttpError(405, 'feature disabled by admin'));
 
     cloudron.setDashboardAndMailDomain(req.body.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });
@@ -172,9 +171,7 @@ function prepareDashboardDomain(req, res, next) {
     if (!custom.spec().domains.changeDashboardDomain) return next(new HttpError(405, 'feature disabled by admin'));
 
     cloudron.prepareDashboardDomain(req.body.domain, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === CloudronError.BAD_FIELD) return next(new HttpError(404, error.message));
-        if (error && error.reason === CloudronError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });
@@ -182,17 +179,24 @@ function prepareDashboardDomain(req, res, next) {
 
 function renewCerts(req, res, next) {
     cloudron.renewCerts({ domain: req.body.domain || null }, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === CloudronError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, { taskId }));
     });
 }
 
 function syncExternalLdap(req, res, next) {
-    externalldap.startSyncer(function (error, taskId) {
+    externalLdap.startSyncer(function (error, taskId) {
         if (error) return next(new HttpError(500, error.message));
 
         next(new HttpSuccess(202, { taskId: taskId }));
     });
 }
+
+function getServerIp(req, res, next) {
+    sysinfo.getServerIp(function (error, ip) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, { ip }));
+    });
+}

src/routes/domains.js

@@ -14,8 +14,8 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     domains = require('../domains.js'),
-    DomainsError = domains.DomainsError,
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
@@ -23,8 +23,7 @@ function verifyDomainLock(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     domains.get(req.params.domain, function (error, domain) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, 'No such domain'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         if (domain.locked) return next(new HttpError(423, 'This domain is locked'));
 
@@ -68,10 +67,7 @@ function add(req, res, next) {
     };
 
     domains.add(req.body.domain, data, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === DomainsError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { domain: req.body.domain, config: req.body.config }));
     });
@@ -81,8 +77,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     domains.get(req.params.domain, function (error, result) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, domains.removePrivateFields(result)));
     });
@@ -134,10 +129,7 @@ function update(req, res, next) {
     };
 
     domains.update(req.params.domain, data, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === DomainsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === DomainsError.INVALID_PROVIDER) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });
@@ -147,9 +139,7 @@ function del(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     domains.del(req.params.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === DomainsError.IN_USE) return next(new HttpError(409, 'Domain is still in use. Remove all apps and mailboxes using this domain'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -164,10 +154,8 @@ function checkDnsRecords(req, res, next) {
     req.clearTimeout();
 
     domains.checkDnsRecords(req.query.subdomain, req.params.domain, function (error, result) {
-        if (error && error.reason === DomainsError.NOT_FOUND) return next(new HttpError(404, error.message)); // domain (and not record!) not found
-        if (error && error.reason === DomainsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error && error.reason === DomainsError.ACCESS_DENIED) return next(new HttpSuccess(200, { error: { reason: error.reason, message: error.message }}));
-        if (error) return next(new HttpError(500, error));
+        if (error && error.reason === BoxError.ACCESS_DENIED) return next(new HttpSuccess(200, { error: { reason: error.reason, message: error.message }}));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { needsOverwrite: result.needsOverwrite }));
     });

src/routes/eventlog.js

@@ -5,15 +5,14 @@ exports = module.exports = {
     list: list
 };
 
-var eventlog = require('../eventlog.js'),
-    EventLogError = eventlog.EventLogError,
+var BoxError = require('../boxerror.js'),
+    eventlog = require('../eventlog.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
 
 function get(req, res, next) {
     eventlog.get(req.params.eventId, function (error, result) {
-        if (error && error.reason === EventLogError.NOT_FOUND) return next(new HttpError(404, 'no such eventlog'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { event: result }));
     });
@@ -34,7 +33,7 @@ function list(req, res, next) {
     if (req.query.action) actions.push(req.query.action);
 
     eventlog.getAllPaged(actions, req.query.search || null, page, perPage, function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { eventlogs: result }));
     });

src/routes/groups.js

@@ -10,10 +10,10 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     groups = require('../groups.js'),
     HttpError = require('connect-lastmile').HttpError,
-    HttpSuccess = require('connect-lastmile').HttpSuccess,
-    GroupsError = groups.GroupsError;
+    HttpSuccess = require('connect-lastmile').HttpSuccess;
 
 function create(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
@@ -21,9 +21,7 @@ function create(req, res, next) {
     if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be string'));
 
     groups.create(req.body.name, function (error, group) {
-        if (error && error.reason === GroupsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === GroupsError.ALREADY_EXISTS) return next(new HttpError(409, 'Already exists'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         var groupInfo = {
             id: group.id,
@@ -38,8 +36,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.groupId, 'string');
 
     groups.getWithMembers(req.params.groupId, function (error, result) {
-        if (error && error.reason === GroupsError.NOT_FOUND) return next(new HttpError(404, 'No such group'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, result));
     });
@@ -52,8 +49,7 @@ function update(req, res, next) {
     if ('name' in req.body && typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
 
     groups.update(req.params.groupId, req.body, function (error) {
-        if (error && error.reason === GroupsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { }));
     });
@@ -66,8 +62,7 @@ function updateMembers(req, res, next) {
     if (!Array.isArray(req.body.userIds)) return next(new HttpError(404, 'userIds must be an array'));
 
     groups.setMembers(req.params.groupId, req.body.userIds, function (error) {
-        if (error && error.reason === GroupsError.NOT_FOUND) return next(new HttpError(404, 'Invalid group or user id'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { }));
     });
@@ -75,7 +70,7 @@ function updateMembers(req, res, next) {
 
 function list(req, res, next) {
     groups.getAll(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { groups: result }));
     });
@@ -85,9 +80,7 @@ function remove(req, res, next) {
     assert.strictEqual(typeof req.params.groupId, 'string');
 
     groups.remove(req.params.groupId, function (error) {
-        if (error && error.reason === GroupsError.NOT_FOUND) return next(new HttpError(404, 'Group not found'));
-        if (error && error.reason === GroupsError.NOT_ALLOWED) return next(new HttpError(409, 'Group deletion not allowed'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/routes/mail.js

@@ -36,8 +36,8 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     mail = require('../mail.js'),
-    MailError = mail.MailError,
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     middleware = require('../middleware/index.js'),
@@ -49,8 +49,7 @@ function getDomain(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     mail.getDomain(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, mail.removePrivateFields(result)));
     });
@@ -62,9 +61,7 @@ function addDomain(req, res, next) {
     if (typeof req.body.domain !== 'string') return next(new HttpError(400, 'domain must be a string'));
 
     mail.addDomain(req.body.domain, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, 'domain already exists'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { domain: req.body.domain }));
     });
@@ -92,9 +89,7 @@ function setDnsRecords(req, res, next) {
     req.clearTimeout();
 
     mail.setDnsRecords(req.params.domain, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201));
     });
@@ -104,9 +99,7 @@ function removeDomain(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     mail.removeDomain(req.params.domain, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.IN_USE) return next(new HttpError(409, 'Mail domain is still in use. Remove existing mailboxes'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -119,8 +112,7 @@ function getStatus(req, res, next) {
     req.clearTimeout();
 
     mail.getStatus(req.params.domain, function (error, records) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, records));
     });
@@ -133,9 +125,7 @@ function setMailFromValidation(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled is required'));
 
     mail.setMailFromValidation(req.params.domain, req.body.enabled, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -153,9 +143,7 @@ function setCatchAllAddress(req, res, next) {
     }
 
     mail.setCatchAllAddress(req.params.domain, req.body.addresses, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -173,9 +161,7 @@ function setMailRelay(req, res, next) {
     if ('acceptSelfSignedCerts' in req.body && typeof req.body.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'acceptSelfSignedCerts must be a boolean'));
 
     mail.setMailRelay(req.params.domain, req.body, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -188,9 +174,7 @@ function setMailEnabled(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled is required'));
 
     mail.setMailEnabled(req.params.domain, !!req.body.enabled, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -203,9 +187,7 @@ function sendTestMail(req, res, next) {
     if (!req.body.to || typeof req.body.to !== 'string') return next(new HttpError(400, 'to must be a non-empty string'));
 
     mail.sendTestMail(req.params.domain, req.body.to, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -214,9 +196,14 @@ function sendTestMail(req, res, next) {
 function listMailboxes(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
-    mail.listMailboxes(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+    var page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
+    if (!page || page < 0) return next(new HttpError(400, 'page query param has to be a postive number'));
+
+    var perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
+    if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
+
+    mail.listMailboxes(req.params.domain, page, perPage, function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { mailboxes: result }));
     });
@@ -227,8 +214,7 @@ function getMailbox(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.getMailbox(req.params.name, req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { mailbox: result }));
     });
@@ -241,10 +227,7 @@ function addMailbox(req, res, next) {
     if (typeof req.body.userId !== 'string') return next(new HttpError(400, 'userId must be a string'));
 
     mail.addMailbox(req.body.name, req.params.domain, req.body.userId, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -257,9 +240,7 @@ function updateMailbox(req, res, next) {
     if (typeof req.body.userId !== 'string') return next(new HttpError(400, 'userId must be a string'));
 
     mail.updateMailboxOwner(req.params.name, req.params.domain, req.body.userId, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -270,8 +251,7 @@ function removeMailbox(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.removeMailbox(req.params.name, req.params.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -280,9 +260,14 @@ function removeMailbox(req, res, next) {
 function listAliases(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
-    mail.listAliases(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+    var page = typeof req.query.page !== 'undefined' ? parseInt(req.query.page) : 1;
+    if (!page || page < 0) return next(new HttpError(400, 'page query param has to be a postive number'));
+
+    var perPage = typeof req.query.per_page !== 'undefined'? parseInt(req.query.per_page) : 25;
+    if (!perPage || perPage < 0) return next(new HttpError(400, 'per_page query param has to be a postive number'));
+
+    mail.listAliases(req.params.domain, page, perPage, function (error, result) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { aliases: result }));
     });
@@ -293,8 +278,7 @@ function getAliases(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.getAliases(req.params.name, req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { aliases: result }));
     });
@@ -312,10 +296,7 @@ function setAliases(req, res, next) {
     }
 
     mail.setAliases(req.params.name, req.params.domain, req.body.aliases, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202));
     });
@@ -325,8 +306,7 @@ function getLists(req, res, next) {
     assert.strictEqual(typeof req.params.domain, 'string');
 
     mail.getLists(req.params.domain, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { lists: result }));
     });
@@ -337,8 +317,7 @@ function getList(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.getList(req.params.domain, req.params.name, function (error, result) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { list: result }));
     });
@@ -357,10 +336,7 @@ function addList(req, res, next) {
     }
 
     mail.addList(req.body.name, req.params.domain, req.body.members, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.ALREADY_EXISTS) return next(new HttpError(409, 'list already exists'));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, {}));
     });
@@ -378,9 +354,7 @@ function updateList(req, res, next) {
     }
 
     mail.updateList(req.params.name, req.params.domain, req.body.members, function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error && error.reason === MailError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -391,8 +365,7 @@ function removeList(req, res, next) {
     assert.strictEqual(typeof req.params.name, 'string');
 
     mail.removeList(req.params.name, req.params.domain, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/routes/notifications.js

@@ -8,17 +8,16 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
-    notifications = require('../notifications.js'),
-    NotificationsError = notifications.NotificationsError;
+    notifications = require('../notifications.js');
 
 function verifyOwnership(req, res, next) {
     if (!req.params.notificationId) return next();  // skip for listing
 
     notifications.get(req.params.notificationId, function (error, result) {
-        if (error && error.reason === NotificationsError.NOT_FOUND) return next(new HttpError(404, 'No such notification'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         if (result.userId !== req.user.id) return next(new HttpError(403, 'User is not owner'));
 
@@ -46,7 +45,7 @@ function list(req, res, next) {
     else if (req.query.acknowledged) acknowledged = req.query.acknowledged === 'true' ? true : false;
 
     notifications.getAllPaged(req.user.id, acknowledged, page, perPage, function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { notifications: result }));
     });
@@ -56,8 +55,7 @@ function ack(req, res, next) {
     assert.strictEqual(typeof req.params.notificationId, 'string');
 
     notifications.ack(req.params.notificationId, function (error) {
-        if (error && error.reason === NotificationsError.NOT_FOUND) return next(new HttpError(404, 'No such notification'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });

src/routes/oauth2.js

@@ -21,11 +21,11 @@ exports = module.exports = {
 
 var apps = require('../apps.js'),
     assert = require('assert'),
+    async = require('async'),
     authcodedb = require('../authcodedb.js'),
+    BoxError = require('../boxerror.js'),
     clients = require('../clients'),
-    ClientsError = clients.ClientsError,
     constants = require('../constants.js'),
-    DatabaseError = require('../databaseerror.js'),
     debug = require('debug')('box:routes/oauth2'),
     eventlog = require('../eventlog.js'),
     hat = require('../hat.js'),
@@ -39,7 +39,6 @@ var apps = require('../apps.js'),
     speakeasy = require('speakeasy'),
     url = require('url'),
     users = require('../users.js'),
-    UsersError = users.UsersError,
     util = require('util'),
     _ = require('underscore');
 
@@ -89,7 +88,7 @@ function initialize() {
     // exchange authorization codes for access tokens. this is used by external oauth clients
     gServer.exchange(oauth2orize.exchange.code(function (client, code, redirectURI, callback) {
         authcodedb.get(code, function (error, authCode) {
-            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, false);
+            if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
             if (error) return callback(error);
             if (client.id !== authCode.clientId) return callback(null, false);
 
@@ -255,7 +254,9 @@ function login(req, res) {
     var failureQuery = querystring.stringify({ error: 'Invalid username or password', returnTo: returnTo });
     passport.authenticate('local', {
         failureRedirect: '/api/v1/session/login?' + failureQuery
-    })(req, res, function () {
+    })(req, res, function (error) {
+        if (error) return res.redirect('/api/v1/session/login?' + failureQuery); // on some exception in the handlers
+
         if (!req.user.ghost && req.user.twoFactorAuthenticationEnabled) {
             if (!req.body.totpToken) {
                 let failureQuery = querystring.stringify({ error: 'A 2FA token is required', returnTo: returnTo });
@@ -275,10 +276,45 @@ function login(req, res) {
 
 // -> GET /api/v1/session/logout
 function logout(req, res) {
-    req.logout();
+    function done() {
+        req.logout();
 
-    if (req.query && req.query.redirect) res.redirect(req.query.redirect);
-    else res.redirect('/');
+        if (req.query && req.query.redirect) res.redirect(req.query.redirect);
+        else res.redirect('/');
+    }
+
+    if (!req.query.all) return done();
+
+    // find and destroy all login sessions by this user - this got rather complex quickly
+    req.sessionStore.list(function (error, result) {
+        if (error) {
+            console.error('Error listing sessions', error);
+            return done();
+        }
+
+        // WARNING fix this if we change the storage backend - Great stuff!
+        var sessionIds = result.map(function(s) { return s.replace('.json', ''); });
+
+        async.each(sessionIds, function (id, callback) {
+            req.sessionStore.get(id, function (error, result) {
+                if (error) {
+                    console.error(`Error getting session ${id}`, error);
+                    return callback();
+                }
+
+                // ignore empty or non passport sessions
+                if (!result || !result.passport || !result.passport.user) return callback();
+
+                // not this user
+                if (result.passport.user !== req.user.id) return callback();
+
+                req.sessionStore.destroy(id, function (error) {
+                    if (error) console.error(`Unable to destroy session ${id}`, error);
+                    callback();
+                });
+            });
+        }, done);
+    });
 }
 
 // Form to enter email address to send a password reset request mail
@@ -302,7 +338,7 @@ function passwordResetRequest(req, res, next) {
     debug('passwordResetRequest: email or username %s.', req.body.identifier);
 
     users.resetPasswordByIdentifier(req.body.identifier, function (error) {
-        if (error && error.reason !== UsersError.NOT_FOUND) {
+        if (error && error.reason !== BoxError.NOT_FOUND) {
             console.error(error);
             return sendErrorPageOrRedirect(req, res, 'User not found');
         }
@@ -356,9 +392,9 @@ function accountSetup(req, res, next) {
 
         var data = _.pick(req.body, 'username', 'displayName');
         users.update(userObject.id, data, auditSource(req), function (error) {
-            if (error && error.reason === UsersError.ALREADY_EXISTS) return renderAccountSetupSite(res, req, userObject, 'Username already exists');
-            if (error && error.reason === UsersError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
-            if (error && error.reason === UsersError.NOT_FOUND) return renderAccountSetupSite(res, req, userObject, 'No such user');
+            if (error && error.reason === BoxError.ALREADY_EXISTS) return renderAccountSetupSite(res, req, userObject, 'Username already exists');
+            if (error && error.reason === BoxError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
+            if (error && error.reason === BoxError.NOT_FOUND) return renderAccountSetupSite(res, req, userObject, 'No such user');
             if (error) return next(new HttpError(500, error));
 
             userObject.username = req.body.username;
@@ -366,7 +402,7 @@ function accountSetup(req, res, next) {
 
             // setPassword clears the resetToken
             users.setPassword(userObject.id, req.body.password, function (error) {
-                if (error && error.reason === UsersError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
+                if (error && error.reason === BoxError.BAD_FIELD) return renderAccountSetupSite(res, req, userObject, error.message);
                 if (error) return next(new HttpError(500, error));
 
                 clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
@@ -414,7 +450,7 @@ function passwordReset(req, res, next) {
 
         // setPassword clears the resetToken
         users.setPassword(userObject.id, req.body.password, function (error) {
-            if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(406, error.message));
+            if (error && error.reason === BoxError.BAD_FIELD) return next(new HttpError(406, error.message));
             if (error) return next(new HttpError(500, error));
 
             clients.addTokenByUserId('cid-webadmin', userObject.id, Date.now() + constants.DEFAULT_TOKEN_EXPIRATION, {}, function (error, result) {
@@ -463,7 +499,7 @@ function authorization() {
             debug('authorization: client %s with callback to %s.', clientId, redirectURI);
 
             clients.get(clientId, function (error, client) {
-                if (error && error.reason === ClientsError.NOT_FOUND) return callback(null, false);
+                if (error && error.reason === BoxError.NOT_FOUND) return callback(null, false);
                 if (error) return callback(error);
 
                 // ignore the origin passed into form the client, but use the one from the clientdb

src/routes/profile.js

@@ -11,10 +11,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     users = require('../users.js'),
-    UsersError = users.UsersError,
     _ = require('underscore');
 
 function get(req, res, next) {
@@ -43,10 +43,7 @@ function update(req, res, next) {
     var data = _.pick(req.body, 'email', 'fallbackEmail', 'displayName');
 
     users.update(req.user.id, data, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -59,9 +56,7 @@ function changePassword(req, res, next) {
     if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string'));
 
     users.setPassword(req.user.id, req.body.newPassword, function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -71,8 +66,7 @@ function setTwoFactorAuthenticationSecret(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     users.setTwoFactorAuthenticationSecret(req.user.id, function (error, result) {
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is enabled, disable first'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, { secret: result.secret, qrcode: result.qrcode }));
     });
@@ -85,10 +79,7 @@ function enableTwoFactorAuthentication(req, res, next) {
     if (!req.body.totpToken || typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a nonempty string'));
 
     users.enableTwoFactorAuthentication(req.user.id, req.body.totpToken, function (error) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error && error.reason === UsersError.BAD_TOKEN) return next(new HttpError(412, 'Invalid token'));
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is already enabled'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -98,7 +89,7 @@ function disableTwoFactorAuthentication(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     users.disableTwoFactorAuthentication(req.user.id, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });

src/routes/provision.js

@@ -9,19 +9,19 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    auditSource = require('../auditsource'),
+    auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:routes/setup'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     provision = require('../provision.js'),
-    ProvisionError = require('../provision.js').ProvisionError,
-    sysinfo = require('../sysinfo.js'),
+    settings = require('../settings.js'),
     superagent = require('superagent');
 
 function providerTokenAuth(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (sysinfo.provider() === 'ami') {
+    if (settings.provider() === 'ami') {
         if (typeof req.body.providerToken !== 'string' || !req.body.providerToken) return next(new HttpError(400, 'providerToken must be a non empty string'));
 
         superagent.get('http://169.254.169.254/latest/meta-data/instance-id').timeout(30 * 1000).end(function (error, result) {
@@ -53,16 +53,13 @@ function setup(req, res, next) {
     if ('tlsConfig' in dnsConfig && typeof dnsConfig.tlsConfig !== 'object') return next(new HttpError(400, 'tlsConfig must be an object'));
     if (dnsConfig.tlsConfig && (!dnsConfig.tlsConfig.provider || typeof dnsConfig.tlsConfig.provider !== 'string')) return next(new HttpError(400, 'tlsConfig.provider must be a string'));
 
-    if ('backupConfig' in req.body && typeof req.body.backupConfig !== 'object') return next(new HttpError(400, 'backupConfig must be an object'));
+    if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));
 
     // it can take sometime to setup DNS, register cloudron
     req.clearTimeout();
 
-    provision.setup(dnsConfig, req.body.backupConfig || null, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === ProvisionError.ALREADY_SETUP) return next(new HttpError(409, error.message));
-        if (error && error.reason === ProvisionError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === ProvisionError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+    provision.setup(dnsConfig, req.body.sysinfoConfig || { provider: 'generic' }, auditSource.fromRequest(req), function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -85,9 +82,7 @@ function activate(req, res, next) {
     debug('activate: username:%s ip:%s', username, ip);
 
     provision.activate(username, password, email, displayName, ip, auditSource.fromRequest(req), function (error, info) {
-        if (error && error.reason === ProvisionError.ALREADY_PROVISIONED) return next(new HttpError(409, 'Already setup'));
-        if (error && error.reason === ProvisionError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(201, info));
     });
@@ -107,12 +102,10 @@ function restore(req, res, next) {
     if (typeof req.body.backupId !== 'string') return next(new HttpError(400, 'backupId must be a string or null'));
     if (typeof req.body.version !== 'string') return next(new HttpError(400, 'version must be a string'));
 
-    provision.restore(backupConfig, req.body.backupId, req.body.version, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === ProvisionError.ALREADY_SETUP) return next(new HttpError(409, error.message));
-        if (error && error.reason === ProvisionError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === ProvisionError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error && error.reason === ProvisionError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+    if ('sysinfoConfig' in req.body && typeof req.body.sysinfoConfig !== 'object') return next(new HttpError(400, 'sysinfoConfig must be an object'));
+
+    provision.restore(backupConfig, req.body.backupId, req.body.version, req.body.sysinfoConfig || { provider: 'generic' }, auditSource.fromRequest(req), function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -120,7 +113,7 @@ function restore(req, res, next) {
 
 function getStatus(req, res, next) {
     provision.getStatus(function (error, status) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, status));
     });

src/routes/services.js

@@ -10,8 +10,8 @@ exports = module.exports = {
 };
 
 var addons = require('../addons.js'),
-    AddonsError = addons.AddonsError,
     assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:routes/addons'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess;
@@ -20,7 +20,7 @@ function getAll(req, res, next) {
     req.clearTimeout(); // can take a while to get status of all services
 
     addons.getServices(function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { services: result }));
     });
@@ -30,8 +30,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.service, 'string');
 
     addons.getService(req.params.service, function (error, result) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { service: result }));
     });
@@ -48,8 +47,7 @@ function configure(req, res, next) {
     };
 
     addons.configureService(req.params.service, data, function (error) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -70,8 +68,7 @@ function getLogs(req, res, next) {
     };
 
     addons.getServiceLogs(req.params.service, options, function (error, logStream) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -103,8 +100,7 @@ function getLogStream(req, res, next) {
     };
 
     addons.getServiceLogs(req.params.service, options, function (error, logStream) {
-        if (error && error.reason === AddonsError.NOT_FOUND) return next(new HttpError(404, 'No such service'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',
@@ -130,7 +126,7 @@ function restart(req, res, next) {
     debug(`Restarting service ${req.params.service}`);
 
     addons.restartService(req.params.service, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });

src/routes/settings.js

@@ -9,18 +9,18 @@ exports = module.exports = {
 
 var assert = require('assert'),
     backups = require('../backups.js'),
+    BoxError = require('../boxerror.js'),
     custom = require('../custom.js'),
     docker = require('../docker.js'),
-    BoxError = require('../boxerror.js'),
+    externalLdap = require('../externalldap.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
     safe = require('safetydance'),
-    settings = require('../settings.js'),
-    SettingsError = settings.SettingsError;
+    settings = require('../settings.js');
 
 function getAppAutoupdatePattern(req, res, next) {
     settings.getAppAutoupdatePattern(function (error, pattern) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { pattern: pattern }));
     });
@@ -32,8 +32,7 @@ function setAppAutoupdatePattern(req, res, next) {
     if (typeof req.body.pattern !== 'string') return next(new HttpError(400, 'pattern is required'));
 
     settings.setAppAutoupdatePattern(req.body.pattern, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -41,7 +40,7 @@ function setAppAutoupdatePattern(req, res, next) {
 
 function getBoxAutoupdatePattern(req, res, next) {
     settings.getBoxAutoupdatePattern(function (error, pattern) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { pattern: pattern }));
     });
@@ -53,8 +52,7 @@ function setBoxAutoupdatePattern(req, res, next) {
     if (typeof req.body.pattern !== 'string') return next(new HttpError(400, 'pattern is required'));
 
     settings.setBoxAutoupdatePattern(req.body.pattern, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -66,8 +64,7 @@ function setCloudronName(req, res, next) {
     if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name is required'));
 
     settings.setCloudronName(req.body.name, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -75,7 +72,7 @@ function setCloudronName(req, res, next) {
 
 function getCloudronName(req, res, next) {
     settings.getCloudronName(function (error, name) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { name: name }));
     });
@@ -83,7 +80,7 @@ function getCloudronName(req, res, next) {
 
 function getTimeZone(req, res, next) {
     settings.getTimeZone(function (error, tz) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { timeZone: tz }));
     });
@@ -95,8 +92,7 @@ function setTimeZone(req, res, next) {
     if (typeof req.body.timeZone !== 'string') return next(new HttpError(400, 'timeZone is required'));
 
     settings.setTimeZone(req.body.timeZone, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -109,7 +105,7 @@ function setCloudronAvatar(req, res, next) {
     var avatar = safe.fs.readFileSync(req.files.avatar.path);
 
     settings.setCloudronAvatar(avatar, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(202, {}));
     });
@@ -117,7 +113,7 @@ function setCloudronAvatar(req, res, next) {
 
 function getCloudronAvatar(req, res, next) {
     settings.getCloudronAvatar(function (error, avatar) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         // avoid caching the avatar on the client to see avatar changes immediately
         res.set('Cache-Control', 'no-cache');
@@ -129,7 +125,7 @@ function getCloudronAvatar(req, res, next) {
 
 function getBackupConfig(req, res, next) {
     settings.getBackupConfig(function (error, backupConfig) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         // always send provider as it is used by the UI to figure if backups are disabled ('noop' backend)
         if (!custom.spec().backups.configurable) {
@@ -160,9 +156,7 @@ function setBackupConfig(req, res, next) {
     req.clearTimeout();
 
     settings.setBackupConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -170,7 +164,7 @@ function setBackupConfig(req, res, next) {
 
 function getPlatformConfig(req, res, next) {
     settings.getPlatformConfig(function (error, config) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, config));
     });
@@ -188,9 +182,7 @@ function setPlatformConfig(req, res, next) {
     }
 
     settings.setPlatformConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -198,26 +190,25 @@ function setPlatformConfig(req, res, next) {
 
 function getExternalLdapConfig(req, res, next) {
     settings.getExternalLdapConfig(function (error, config) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
-        next(new HttpSuccess(200, config));
+        next(new HttpSuccess(200, externalLdap.removePrivateFields(config)));
     });
 }
 
 function setExternalLdapConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled must be a boolean'));
-    if (typeof req.body.url !== 'string' || req.body.url === '') return next(new HttpError(400, 'url must be a non empty string'));
-    if (typeof req.body.baseDn !== 'string' || req.body.baseDn === '') return next(new HttpError(400, 'baseDn must be a non empty string'));
-    if (typeof req.body.filter !== 'string' || req.body.filter === '') return next(new HttpError(400, 'filter must be a non empty string'));
-    if ('bindDn' in req.body && (typeof req.body.bindDn !== 'string' || req.body.bindDn === '')) return next(new HttpError(400, 'bindDn must be a non empty string'));
+    if (!req.body.provider || typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider must be a string'));
+    if ('url' in req.body && typeof req.body.url !== 'string') return next(new HttpError(400, 'url must be a string'));
+    if ('baseDn' in req.body && typeof req.body.baseDn !== 'string') return next(new HttpError(400, 'baseDn must be a string'));
+    if ('usernameField' in req.body && typeof req.body.usernameField !== 'string') return next(new HttpError(400, 'usernameField must be a string'));
+    if ('filter' in req.body && typeof req.body.filter !== 'string') return next(new HttpError(400, 'filter must be a string'));
+    if ('bindDn' in req.body && typeof req.body.bindDn !== 'string') return next(new HttpError(400, 'bindDn must be a non empty string'));
     if ('bindPassword' in req.body && typeof req.body.bindPassword !== 'string') return next(new HttpError(400, 'bindPassword must be a string'));
 
     settings.setExternalLdapConfig(req.body, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === SettingsError.EXTERNAL_ERROR) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -225,7 +216,7 @@ function setExternalLdapConfig(req, res, next) {
 
 function getDynamicDnsConfig(req, res, next) {
     settings.getDynamicDnsConfig(function (error, enabled) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { enabled: enabled }));
     });
@@ -239,8 +230,7 @@ function setDynamicDnsConfig(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled boolean is required'));
 
     settings.setDynamicDnsConfig(req.body.enabled, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
@@ -248,7 +238,7 @@ function setDynamicDnsConfig(req, res, next) {
 
 function getUnstableAppsConfig(req, res, next) {
     settings.getUnstableAppsConfig(function (error, enabled) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { enabled: enabled }));
     });
@@ -260,28 +250,55 @@ function setUnstableAppsConfig(req, res, next) {
     if (typeof req.body.enabled !== 'boolean') return next(new HttpError(400, 'enabled boolean is required'));
 
     settings.setUnstableAppsConfig(req.body.enabled, function (error) {
-        if (error && error.reason === SettingsError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, {}));
     });
 }
 
+function getRegistryConfig(req, res, next) {
+    settings.getRegistryConfig(function (error, registryConfig) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, docker.removePrivateFields(registryConfig)));
+    });
+}
+
 function setRegistryConfig(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (typeof req.body.serveraddress !== 'string') return next(new HttpError(400, 'serveraddress is required'));
+    if (typeof req.body.serverAddress !== 'string') return next(new HttpError(400, 'serverAddress is required'));
     if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username is required'));
+    if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email is required'));
     if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password is required'));
 
-    docker.setRegistryConfig(req.body, function (error) {
-        if (error && error.reason === BoxError.ACCESS_DENIED) return next(new HttpError(424, error.message));
-        if (error) return next(new HttpError(500, error));
+    settings.setRegistryConfig(req.body, function (error) {
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200));
     });
 }
 
+function getSysinfoConfig(req, res, next) {
+    settings.getSysinfoConfig(function (error, sysinfoConfig) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, sysinfoConfig));
+    });
+}
+
+function setSysinfoConfig(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+
+    if (!req.body.provider || typeof req.body.provider !== 'string') return next(new HttpError(400, 'provider is required'));
+
+    settings.setSysinfoConfig(req.body, function (error) {
+        if (error) return next(BoxError.toHttpError(error));
+
+        next(new HttpSuccess(200, {}));
+    });
+}
+
 function get(req, res, next) {
     assert.strictEqual(typeof req.params.setting, 'string');
 
@@ -291,6 +308,8 @@ function get(req, res, next) {
     case settings.PLATFORM_CONFIG_KEY: return getPlatformConfig(req, res, next);
     case settings.EXTERNAL_LDAP_KEY: return getExternalLdapConfig(req, res, next);
     case settings.UNSTABLE_APPS_KEY: return getUnstableAppsConfig(req, res, next);
+    case settings.REGISTRY_CONFIG_KEY: return getRegistryConfig(req, res, next);
+    case settings.SYSINFO_CONFIG_KEY: return getSysinfoConfig(req, res, next);
 
     case settings.APP_AUTOUPDATE_PATTERN_KEY: return getAppAutoupdatePattern(req, res, next);
     case settings.BOX_AUTOUPDATE_PATTERN_KEY: return getBoxAutoupdatePattern(req, res, next);
@@ -312,6 +331,8 @@ function set(req, res, next) {
     case settings.PLATFORM_CONFIG_KEY: return setPlatformConfig(req, res, next);
     case settings.EXTERNAL_LDAP_KEY: return setExternalLdapConfig(req, res, next);
     case settings.UNSTABLE_APPS_KEY: return setUnstableAppsConfig(req, res, next);
+    case settings.REGISTRY_CONFIG_KEY: return setRegistryConfig(req, res, next);
+    case settings.SYSINFO_CONFIG_KEY: return setSysinfoConfig(req, res, next);
 
     case settings.APP_AUTOUPDATE_PATTERN_KEY: return setAppAutoupdatePattern(req, res, next);
     case settings.BOX_AUTOUPDATE_PATTERN_KEY: return setBoxAutoupdatePattern(req, res, next);

src/routes/support.js

@@ -20,13 +20,14 @@ function createTicket(req, res, next) {
 
     if (!custom.spec().support.submitTickets) return next(new HttpError(405, 'feature disabled by admin'));
 
-    const VALID_TYPES = [ 'feedback', 'ticket', 'app_missing', 'app_error', 'upgrade_request' ];
+    const VALID_TYPES = [ 'feedback', 'ticket', 'app_missing', 'app_error', 'upgrade_request', 'email_error' ];
 
     if (typeof req.body.type !== 'string' || !req.body.type) return next(new HttpError(400, 'type must be string'));
     if (VALID_TYPES.indexOf(req.body.type) === -1) return next(new HttpError(400, 'unknown type'));
     if (typeof req.body.subject !== 'string' || !req.body.subject) return next(new HttpError(400, 'subject must be string'));
     if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));
     if (req.body.appId && typeof req.body.appId !== 'string') return next(new HttpError(400, 'appId must be string'));
+    if (req.body.altEmail && typeof req.body.altEmail !== 'string') return next(new HttpError(400, 'altEmail must be string'));
 
     appstore.createTicket(_.extend({ }, req.body, { email: req.user.email, displayName: req.user.displayName }), function (error) {
         if (error) return next(new HttpError(503, `Error contacting cloudron.io: ${error.message}. Please email ${custom.spec().support.email}`));
@@ -43,7 +44,7 @@ function enableRemoteSupport(req, res, next) {
     if (typeof req.body.enable !== 'boolean') return next(new HttpError(400, 'enabled is required'));
 
     support.enableRemoteSupport(req.body.enable, function (error) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(new HttpError(503, 'Error enabling remote support. Try running "cloudron-support --enable-ssh" on the server'));
 
         next(new HttpSuccess(202, {}));
     });

src/routes/tasks.js

@@ -10,18 +10,16 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
-    TaskError = require('../tasks.js').TaskError,
     tasks = require('../tasks.js');
 
 function stopTask(req, res, next) {
     assert.strictEqual(typeof req.params.taskId, 'string');
 
     tasks.stopTask(req.params.taskId, function (error) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error && error.reason === TaskError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204, {}));
     });
@@ -31,8 +29,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.params.taskId, 'string');
 
     tasks.get(req.params.taskId, function (error, task) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, tasks.removePrivateFields(task)));
     });
@@ -48,7 +45,7 @@ function list(req, res, next) {
     if (req.query.type && typeof req.query.type !== 'string') return next(new HttpError(400, 'type must be a string'));
 
     tasks.listByTypePaged(req.query.type || null, page, perPage, function (error, result) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         result = result.map(tasks.removePrivateFields);
 
@@ -69,8 +66,7 @@ function getLogs(req, res, next) {
     };
 
     tasks.getLogs(req.params.taskId, options, function (error, logStream) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'application/x-logs',
@@ -100,8 +96,7 @@ function getLogStream(req, res, next) {
     };
 
     tasks.getLogs(req.params.taskId, options, function (error, logStream) {
-        if (error && error.reason === TaskError.NOT_FOUND) return next(new HttpError(404, 'No such task'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         res.writeHead(200, {
             'Content-Type': 'text/event-stream',

src/routes/test/apps-test.js

@@ -211,7 +211,7 @@ function startBox(done) {
                     token_1 = hat(8 * 32);
 
                     // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                    tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: 'cid-sdk', expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback); // cid-sdk means we don't need to send password
+                    tokendb.add({ id: 'tid-1', accessToken: token_1, identifier: user_1_id, clientId: clients.ID_SDK, expires: Date.now() + 1000000, scope: 'apps', name: '' }, callback);
                 });
         },
 
@@ -432,7 +432,7 @@ describe('App API', function () {
                 .query({ access_token: token })
                 .send({ appStoreId: APP_STORE_ID, location: APP_LOCATION, domain: DOMAIN_0.domain, portBindings: null, accessRestriction: null })
                 .end(function (err, res) {
-                    expect(res.statusCode).to.equal(424);
+                    expect(res.statusCode).to.equal(402);
                     expect(fake1.isDone()).to.be.ok();
                     done();
                 });
@@ -1040,18 +1040,9 @@ describe('App API', function () {
         });
     });
 
-    describe('configure robotsTxt', function () {
-        it('fails with missing robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
-                .query({ access_token: token })
-                .end(function (err, res) {
-                    expect(res.statusCode).to.equal(400);
-                    done();
-                });
-        });
-
+    describe('configure reverseProxy - robotsTxt', function () {
         it('fails with bad robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
                 .query({ access_token: token })
                 .send({ robotsTxt: 34 })
                 .end(function (err, res) {
@@ -1061,9 +1052,9 @@ describe('App API', function () {
         });
 
         it('can set robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
                 .query({ access_token: token })
-                .send({ robotsTxt: 'any string is good' })
+                .send({ robotsTxt: 'any string is good', csp: null })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(200);
                     done();
@@ -1071,9 +1062,39 @@ describe('App API', function () {
         });
 
         it('can reset robotsTxt', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/robots_txt')
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
                 .query({ access_token: token })
-                .send({ robotsTxt: null })
+                .send({ robotsTxt: null, csp: null })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(200);
+                    done();
+                });
+        });
+
+        it('fails with bad csp', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
+                .query({ access_token: token })
+                .send({ robotsTxt: null, csp: 34 })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(400);
+                    done();
+                });
+        });
+
+        it('can set frame-ancestors', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
+                .query({ access_token: token })
+                .send({ robotsTxt: null, csp: 'frame-ancestors \'self\'' })
+                .end(function (err, res) {
+                    expect(res.statusCode).to.equal(200);
+                    done();
+                });
+        });
+
+        it('can reset frame-ancestors', function (done) {
+            superagent.post(SERVER_URL + '/api/v1/apps/' + APP_ID + '/configure/reverse_proxy')
+                .query({ access_token: token })
+                .send({ robotsTxt: null, csp: null })
                 .end(function (err, res) {
                     expect(res.statusCode).to.equal(200);
                     done();

src/routes/test/appstore-test.js

@@ -63,7 +63,7 @@ describe('Appstore Apps API', function () {
         superagent.get(SERVER_URL + '/api/v1/appstore/apps')
             .query({ access_token: token })
             .end(function (error, result) {
-                expect(result.statusCode).to.equal(412); // not registered yet
+                expect(result.statusCode).to.equal(402); // not registered yet; invalid credentials
                 done();
             });
     });
@@ -72,7 +72,7 @@ describe('Appstore Apps API', function () {
         superagent.get(SERVER_URL + '/api/v1/appstore/apps/org.wordpress.cloudronapp')
             .query({ access_token: token })
             .end(function (error, result) {
-                expect(result.statusCode).to.equal(412); // not registered yet
+                expect(result.statusCode).to.equal(402); // not registered yet; invalid credentials
                 done();
             });
     });
@@ -99,7 +99,7 @@ describe('Appstore Apps API', function () {
 
     it('can list apps', function (done) {
         var scope1 = nock(settings.apiServerOrigin())
-            .get(`/api/v1/apps?accessToken=CLOUDRON_TOKEN&boxVersion=${constants.VERSION}&unstable=false`, () => true)
+            .get(`/api/v1/apps?accessToken=CLOUDRON_TOKEN&boxVersion=${constants.VERSION}&unstable=true`, () => true)
             .reply(200, { apps: [] });
 
         superagent.get(SERVER_URL + '/api/v1/appstore/apps')
@@ -170,7 +170,7 @@ describe('Subscription API - no signup', function () {
             .send({ email: 'test@cloudron.io', password: 'secret', signup: false })
             .query({ access_token: token })
             .end(function (error, result) {
-                expect(result.statusCode).to.equal(422);
+                expect(result.statusCode).to.equal(409);
                 done();
             });
     });

src/routes/test/developer-test.js

@@ -245,52 +245,4 @@ describe('Developer API', function () {
             });
         });
     });
-
-    describe('sdk tokens are valid without password checks', function () {
-        var token_normal, token_sdk;
-
-        before(function (done) {
-            async.series([
-                setup,
-                function (callback) {
-                    superagent.post(SERVER_URL + '/api/v1/cloudron/activate')
-                        .query({ setupToken: 'somesetuptoken' })
-                        .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
-                        .end(function (error, result) {
-                            expect(result).to.be.ok();
-
-                            token_normal = result.body.accessToken;
-
-                            superagent.post(SERVER_URL + '/api/v1/developer/login')
-                                .send({ username: USERNAME, password: PASSWORD })
-                                .end(function (error, result) {
-                                    expect(result.statusCode).to.equal(200);
-                                    expect(new Date(result.body.expires).toString()).to.not.be('Invalid Date');
-                                    expect(result.body.accessToken).to.be.a('string');
-
-                                    token_sdk = result.body.accessToken;
-
-                                    callback();
-                                });
-                        });
-                },
-            ], done);
-        });
-
-        after(cleanup);
-
-        it('fails with non sdk token', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/profile/password').query({ access_token: token_normal }).send({ newPassword: 'Some?$123' }).end(function (error, result) {
-                expect(result.statusCode).to.equal(401);
-                done();
-            });
-        });
-
-        it('succeeds', function (done) {
-            superagent.post(SERVER_URL + '/api/v1/profile/password').query({ access_token: token_sdk }).send({ newPassword: 'Some?$123' }).end(function (error, result) {
-                expect(result.statusCode).to.equal(204);
-                done();
-            });
-        });
-    });
 });

src/routes/users.js

@@ -15,10 +15,10 @@ exports = module.exports = {
 
 var assert = require('assert'),
     auditSource = require('../auditsource.js'),
+    BoxError = require('../boxerror.js'),
     HttpError = require('connect-lastmile').HttpError,
     HttpSuccess = require('connect-lastmile').HttpSuccess,
-    users = require('../users.js'),
-    UsersError = users.UsersError;
+    users = require('../users.js');
 
 function create(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
@@ -35,9 +35,7 @@ function create(req, res, next) {
     var displayName = req.body.displayName || '';
 
     users.create(username, password, email, displayName, { invitor: req.user, admin: req.body.admin }, auditSource.fromRequest(req), function (error, user) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         var userInfo = {
             id: user.id,
@@ -72,10 +70,7 @@ function update(req, res, next) {
     if ('active' in req.body && typeof req.body.active !== 'boolean') return next(new HttpError(400, 'active must be a boolean'));
 
     users.update(req.params.userId, req.body, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -91,7 +86,7 @@ function list(req, res, next) {
     if (req.query.search && typeof req.query.search !== 'string') return next(new HttpError(400, 'search must be a string'));
 
     users.getAllPaged(req.query.search || null, page, perPage, function (error, results) {
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         results = results.map(users.removeRestrictedFields);
 
@@ -104,8 +99,7 @@ function get(req, res, next) {
     assert.strictEqual(typeof req.user, 'object');
 
     users.get(req.params.userId, function (error, result) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, users.removePrivateFields(result)));
     });
@@ -117,9 +111,7 @@ function remove(req, res, next) {
     if (req.user.id === req.params.userId) return next(new HttpError(409, 'Not allowed to remove yourself.'));
 
     users.remove(req.params.userId, auditSource.fromRequest(req), function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -128,14 +120,10 @@ function remove(req, res, next) {
 function verifyPassword(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
-    if (req.authInfo.skipPasswordVerification) return next(); // using an 'sdk' token we skip password checks
-
     if (typeof req.body.password !== 'string') return next(new HttpError(400, 'API call requires user password'));
 
     users.verifyWithUsername(req.user.username, req.body.password, function (error) {
-        if (error && error.reason === UsersError.WRONG_PASSWORD) return next(new HttpError(412, 'Password incorrect'));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'No such user'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         req.body.password = '<redacted>'; // this will prevent logs from displaying plain text password
 
@@ -147,8 +135,7 @@ function createInvite(req, res, next) {
     assert.strictEqual(typeof req.params.userId, 'string');
 
     users.createInvite(req.params.userId, function (error, resetToken) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { resetToken: resetToken }));
     });
@@ -158,9 +145,7 @@ function sendInvite(req, res, next) {
     assert.strictEqual(typeof req.params.userId, 'string');
 
     users.sendInvite(req.params.userId, { invitor: req.user }, function (error) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(409, 'Call createInvite API first'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(200, { }));
     });
@@ -173,8 +158,7 @@ function setGroups(req, res, next) {
     if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
 
     users.setMembership(req.params.userId, req.body.groupIds, function (error) {
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });
@@ -187,9 +171,7 @@ function changePassword(req, res, next) {
     if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string'));
 
     users.setPassword(req.params.userId, req.body.password, function (error) {
-        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
-        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
-        if (error) return next(new HttpError(500, error));
+        if (error) return next(BoxError.toHttpError(error));
 
         next(new HttpSuccess(204));
     });

src/server.js

@@ -149,6 +149,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/cloudron/eventlog', cloudronScope, routes.eventlog.list);
     router.get ('/api/v1/cloudron/eventlog/:eventId', cloudronScope, routes.eventlog.get);
     router.post('/api/v1/cloudron/sync_external_ldap', cloudronScope, routes.cloudron.syncExternalLdap);
+    router.get ('/api/v1/cloudron/server_ip', cloudronScope, routes.cloudron.getServerIp);
 
     // tasks
     router.get ('/api/v1/tasks', settingsScope, routes.tasks.list);
@@ -247,7 +248,7 @@ function initializeExpressSync() {
     router.post('/api/v1/apps/:id/configure/memory_limit', appsManageScope, routes.apps.setMemoryLimit);
     router.post('/api/v1/apps/:id/configure/automatic_backup', appsManageScope, routes.apps.setAutomaticBackup);
     router.post('/api/v1/apps/:id/configure/automatic_update', appsManageScope, routes.apps.setAutomaticUpdate);
-    router.post('/api/v1/apps/:id/configure/robots_txt', appsManageScope, routes.apps.setRobotsTxt);
+    router.post('/api/v1/apps/:id/configure/reverse_proxy', appsManageScope, routes.apps.setReverseProxyConfig);
     router.post('/api/v1/apps/:id/configure/cert', appsManageScope, routes.apps.setCertificate);
     router.post('/api/v1/apps/:id/configure/debug_mode', appsManageScope, routes.apps.setDebugMode);
     router.post('/api/v1/apps/:id/configure/mailbox', appsManageScope, routes.apps.setMailbox);
@@ -258,6 +259,7 @@ function initializeExpressSync() {
 
     router.post('/api/v1/apps/:id/update',    appsManageScope, routes.apps.updateApp);
     router.post('/api/v1/apps/:id/restore',   appsManageScope, routes.apps.restoreApp);
+    router.post('/api/v1/apps/:id/import',    appsManageScope, routes.apps.importApp);
     router.post('/api/v1/apps/:id/backup',    appsManageScope, routes.apps.backupApp);
     router.get ('/api/v1/apps/:id/backups',   appsManageScope, routes.apps.listBackups);
     router.post('/api/v1/apps/:id/stop',      appsManageScope, routes.apps.stopApp);

src/settings.js

@@ -1,8 +1,6 @@
 'use strict';
 
 exports = module.exports = {
-    SettingsError: SettingsError,
-
     getAppAutoupdatePattern: getAppAutoupdatePattern,
     setAppAutoupdatePattern: setAppAutoupdatePattern,
 
@@ -33,6 +31,9 @@ exports = module.exports = {
     getExternalLdapConfig: getExternalLdapConfig,
     setExternalLdapConfig: setExternalLdapConfig,
 
+    getRegistryConfig: getRegistryConfig,
+    setRegistryConfig: setRegistryConfig,
+
     getLicenseKey: getLicenseKey,
     setLicenseKey: setLicenseKey,
 
@@ -42,6 +43,11 @@ exports = module.exports = {
     getCloudronToken: getCloudronToken,
     setCloudronToken: setCloudronToken,
 
+    getSysinfoConfig: getSysinfoConfig,
+    setSysinfoConfig: setSysinfoConfig,
+
+    provider: provider,
+
     getAll: getAll,
 
     initCache: initCache,
@@ -67,6 +73,8 @@ exports = module.exports = {
     BACKUP_CONFIG_KEY: 'backup_config',
     PLATFORM_CONFIG_KEY: 'platform_config',
     EXTERNAL_LDAP_KEY: 'external_ldap_config',
+    REGISTRY_CONFIG_KEY: 'registry_config',
+    SYSINFO_CONFIG_KEY: 'sysinfo_config',
 
     // strings
     APP_AUTOUPDATE_PATTERN_KEY: 'app_autoupdate_pattern',
@@ -93,18 +101,18 @@ exports = module.exports = {
 var addons = require('./addons.js'),
     assert = require('assert'),
     backups = require('./backups.js'),
-    BackupsError = backups.BackupsError,
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     cron = require('./cron.js'),
     CronJob = require('cron').CronJob,
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:settings'),
-    externalldap = require('./externalldap.js'),
-    ExternalLdapError = externalldap.ExternalLdapError,
+    docker = require('./docker.js'),
+    externalLdap = require('./externalldap.js'),
     moment = require('moment-timezone'),
     paths = require('./paths.js'),
     safe = require('safetydance'),
     settingsdb = require('./settingsdb.js'),
+    sysinfo = require('./sysinfo.js'),
     util = require('util'),
     _ = require('underscore');
 
@@ -115,7 +123,7 @@ let gDefaults = (function () {
     result[exports.TIME_ZONE_KEY] = 'America/Los_Angeles';
     result[exports.CLOUDRON_NAME_KEY] = 'Cloudron';
     result[exports.DYNAMIC_DNS_KEY] = false;
-    result[exports.UNSTABLE_APPS_KEY] = false;
+    result[exports.UNSTABLE_APPS_KEY] = true;
     result[exports.LICENSE_KEY] = '';
     result[exports.CLOUDRON_ID_KEY] = '';
     result[exports.CLOUDRON_TOKEN_KEY] = '';
@@ -128,7 +136,13 @@ let gDefaults = (function () {
         intervalSecs: 24 * 60 * 60 // ~1 day
     };
     result[exports.PLATFORM_CONFIG_KEY] = {};
-    result[exports.EXTERNAL_LDAP_KEY] = {};
+    result[exports.EXTERNAL_LDAP_KEY] = {
+        provider: 'noop'
+    };
+    result[exports.REGISTRY_CONFIG_KEY] = {};
+    result[exports.SYSINFO_CONFIG_KEY] = {
+        provider: 'generic'
+    };
     result[exports.ADMIN_DOMAIN_KEY] = '';
     result[exports.ADMIN_FQDN_KEY] = '';
     result[exports.API_SERVER_ORIGIN_KEY] = 'https://api.cloudron.io';
@@ -140,31 +154,6 @@ let gDefaults = (function () {
 
 let gCache = {};
 
-function SettingsError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(SettingsError, Error);
-SettingsError.INTERNAL_ERROR = 'Internal Error';
-SettingsError.EXTERNAL_ERROR = 'External Error';
-SettingsError.NOT_FOUND = 'Not Found';
-SettingsError.BAD_FIELD = 'Bad Field';
-
-
 function notifyChange(key, value) {
     assert.strictEqual(typeof key, 'string');
     // value is a variant
@@ -177,11 +166,11 @@ function setAppAutoupdatePattern(pattern, callback) {
 
     if (pattern !== constants.AUTOUPDATE_PATTERN_NEVER) { // check if pattern is valid
         var job = safe.safeCall(function () { return new CronJob(pattern); });
-        if (!job) return callback(new SettingsError(SettingsError.BAD_FIELD, 'Invalid pattern'));
+        if (!job) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid pattern', { field: 'pattern' }));
     }
 
     settingsdb.set(exports.APP_AUTOUPDATE_PATTERN_KEY, pattern, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.APP_AUTOUPDATE_PATTERN_KEY, pattern);
 
@@ -193,8 +182,8 @@ function getAppAutoupdatePattern(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.APP_AUTOUPDATE_PATTERN_KEY, function (error, pattern) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.APP_AUTOUPDATE_PATTERN_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.APP_AUTOUPDATE_PATTERN_KEY]);
+        if (error) return callback(error);
 
         callback(null, pattern);
     });
@@ -206,11 +195,11 @@ function setBoxAutoupdatePattern(pattern, callback) {
 
     if (pattern !== constants.AUTOUPDATE_PATTERN_NEVER) { // check if pattern is valid
         var job = safe.safeCall(function () { return new CronJob(pattern); });
-        if (!job) return callback(new SettingsError(SettingsError.BAD_FIELD, 'Invalid pattern'));
+        if (!job) return callback(new BoxError(BoxError.BAD_FIELD, 'Invalid pattern', { field: 'pattern' }));
     }
 
     settingsdb.set(exports.BOX_AUTOUPDATE_PATTERN_KEY, pattern, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.BOX_AUTOUPDATE_PATTERN_KEY, pattern);
 
@@ -222,8 +211,8 @@ function getBoxAutoupdatePattern(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.BOX_AUTOUPDATE_PATTERN_KEY, function (error, pattern) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.BOX_AUTOUPDATE_PATTERN_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.BOX_AUTOUPDATE_PATTERN_KEY]);
+        if (error) return callback(error);
 
         callback(null, pattern);
     });
@@ -233,10 +222,10 @@ function setTimeZone(tz, callback) {
     assert.strictEqual(typeof tz, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (moment.tz.names().indexOf(tz) === -1) return callback(new SettingsError(SettingsError.BAD_FIELD, 'Bad timeZone'));
+    if (moment.tz.names().indexOf(tz) === -1) return callback(new BoxError(BoxError.BAD_FIELD, 'Bad timeZone', { field: 'timezone' }));
 
     settingsdb.set(exports.TIME_ZONE_KEY, tz, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.TIME_ZONE_KEY, tz);
 
@@ -248,8 +237,8 @@ function getTimeZone(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.TIME_ZONE_KEY, function (error, tz) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.TIME_ZONE_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.TIME_ZONE_KEY]);
+        if (error) return callback(error);
 
         callback(null, tz);
     });
@@ -259,8 +248,9 @@ function getCloudronName(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.CLOUDRON_NAME_KEY, function (error, name) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.CLOUDRON_NAME_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.CLOUDRON_NAME_KEY]);
+        if (error) return callback(error);
+
         callback(null, name);
     });
 }
@@ -269,13 +259,13 @@ function setCloudronName(name, callback) {
     assert.strictEqual(typeof name, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!name) return callback(new SettingsError(SettingsError.BAD_FIELD, 'name is empty'));
+    if (!name) return callback(new BoxError(BoxError.BAD_FIELD, 'name is empty', { field: 'name' }));
 
     // some arbitrary restrictions (for sake of ui layout)
-    if (name.length > 32) return callback(new SettingsError(SettingsError.BAD_FIELD, 'name cannot exceed 32 characters'));
+    if (name.length > 32) return callback(new BoxError(BoxError.BAD_FIELD, 'name cannot exceed 32 characters', { field: 'name' }));
 
     settingsdb.set(exports.CLOUDRON_NAME_KEY, name, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.CLOUDRON_NAME_KEY, name);
 
@@ -293,7 +283,7 @@ function getCloudronAvatar(callback) {
     avatar = safe.fs.readFileSync(paths.CLOUDRON_DEFAULT_AVATAR_FILE);
     if (avatar) return callback(null, avatar);
 
-    callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error));
+    callback(new BoxError(BoxError.FS_ERROR, safe.error));
 }
 
 function setCloudronAvatar(avatar, callback) {
@@ -301,7 +291,7 @@ function setCloudronAvatar(avatar, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     if (!safe.fs.writeFileSync(paths.CLOUDRON_AVATAR_FILE, avatar)) {
-        return callback(new SettingsError(SettingsError.INTERNAL_ERROR, safe.error));
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
     }
 
     return callback(null);
@@ -311,8 +301,8 @@ function getDynamicDnsConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.DYNAMIC_DNS_KEY, function (error, enabled) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.DYNAMIC_DNS_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.DYNAMIC_DNS_KEY]);
+        if (error) return callback(error);
 
         callback(null, !!enabled); // settingsdb holds string values only
     });
@@ -324,7 +314,7 @@ function setDynamicDnsConfig(enabled, callback) {
 
     // settingsdb takes string values only
     settingsdb.set(exports.DYNAMIC_DNS_KEY, enabled ? 'enabled' : '', function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.DYNAMIC_DNS_KEY, enabled);
 
@@ -336,8 +326,8 @@ function getUnstableAppsConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.UNSTABLE_APPS_KEY, function (error, enabled) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.UNSTABLE_APPS_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.UNSTABLE_APPS_KEY]);
+        if (error) return callback(error);
 
         callback(null, !!enabled); // settingsdb holds string values only
     });
@@ -349,7 +339,7 @@ function setUnstableAppsConfig(enabled, callback) {
 
     // settingsdb takes string values only
     settingsdb.set(exports.UNSTABLE_APPS_KEY, enabled ? 'enabled' : '', function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.UNSTABLE_APPS_KEY, enabled);
 
@@ -361,8 +351,8 @@ function getBackupConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.BACKUP_CONFIG_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.BACKUP_CONFIG_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.BACKUP_CONFIG_KEY]);
+        if (error) return callback(error);
 
         callback(null, JSON.parse(value)); // provider, token, key, region, prefix, bucket
     });
@@ -378,14 +368,12 @@ function setBackupConfig(backupConfig, callback) {
         backups.injectPrivateFields(backupConfig, curentConfig);
 
         backups.testConfig(backupConfig, function (error) {
-            if (error && error.reason === BackupsError.BAD_FIELD) return callback(new SettingsError(SettingsError.BAD_FIELD, error.message));
-            if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new SettingsError(SettingsError.EXTERNAL_ERROR, error.message));
-            if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             backups.cleanupCacheFilesSync();
 
             settingsdb.set(exports.BACKUP_CONFIG_KEY, JSON.stringify(backupConfig), function (error) {
-                if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+                if (error) return callback(error);
 
                 notifyChange(exports.BACKUP_CONFIG_KEY, backupConfig);
 
@@ -399,8 +387,8 @@ function getPlatformConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.PLATFORM_CONFIG_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.PLATFORM_CONFIG_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.PLATFORM_CONFIG_KEY]);
+        if (error) return callback(error);
 
         callback(null, JSON.parse(value));
     });
@@ -411,11 +399,11 @@ function setPlatformConfig(platformConfig, callback) {
 
     for (let addon of [ 'mysql', 'postgresql', 'mail', 'mongodb' ]) {
         if (!platformConfig[addon]) continue;
-        if (platformConfig[addon].memorySwap < platformConfig[addon].memory) return callback(new SettingsError(SettingsError.BAD_FIELD, 'memorySwap must be larger than memory'));
+        if (platformConfig[addon].memorySwap < platformConfig[addon].memory) return callback(new BoxError(BoxError.BAD_FIELD, 'memorySwap must be larger than memory', { field: 'memory', addon }));
     }
 
     settingsdb.set(exports.PLATFORM_CONFIG_KEY, JSON.stringify(platformConfig), function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         addons.updateServiceConfig(platformConfig, callback);
     });
@@ -425,8 +413,8 @@ function getExternalLdapConfig(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.EXTERNAL_LDAP_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.EXTERNAL_LDAP_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.EXTERNAL_LDAP_KEY]);
+        if (error) return callback(error);
 
         callback(null, JSON.parse(value));
     });
@@ -436,16 +424,81 @@ function setExternalLdapConfig(externalLdapConfig, callback) {
     assert.strictEqual(typeof externalLdapConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    externalldap.testConfig(externalLdapConfig, function (error) {
-        if (error && error.reason === ExternalLdapError.BAD_FIELD) return callback(new SettingsError(SettingsError.BAD_FIELD, error.message));
-        if (error && error.reason === ExternalLdapError.EXTERNAL_ERROR) return callback(new SettingsError(SettingsError.EXTERNAL_ERROR, error.message));
-        if (error && error.reason === ExternalLdapError.INVALID_CREDENTIALS) return callback(new SettingsError(SettingsError.BAD_FIELD, 'invalid bind credentials'));
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+    getExternalLdapConfig(function (error, curentConfig) {
+        if (error) return callback(error);
 
-        settingsdb.set(exports.EXTERNAL_LDAP_KEY, JSON.stringify(externalLdapConfig), function (error) {
-            if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        externalLdap.injectPrivateFields(externalLdapConfig, curentConfig);
 
-            notifyChange(exports.EXTERNAL_LDAP_KEY, externalLdapConfig);
+        externalLdap.testConfig(externalLdapConfig, function (error) {
+            if (error) return callback(error);
+
+            settingsdb.set(exports.EXTERNAL_LDAP_KEY, JSON.stringify(externalLdapConfig), function (error) {
+                if (error) return callback(error);
+
+                notifyChange(exports.EXTERNAL_LDAP_KEY, externalLdapConfig);
+
+                callback(null);
+            });
+        });
+    });
+}
+
+function getRegistryConfig(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    settingsdb.get(exports.REGISTRY_CONFIG_KEY, function (error, value) {
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.REGISTRY_CONFIG_KEY]);
+        if (error) return callback(error);
+
+        callback(null, JSON.parse(value));
+    });
+}
+
+function setRegistryConfig(registryConfig, callback) {
+    assert.strictEqual(typeof registryConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    getRegistryConfig(function (error, curentConfig) {
+        if (error) return callback(error);
+
+        docker.injectPrivateFields(registryConfig, curentConfig);
+
+        docker.testRegistryConfig(registryConfig, function (error) {
+            if (error) return callback(error);
+
+            settingsdb.set(exports.REGISTRY_CONFIG_KEY, JSON.stringify(registryConfig), function (error) {
+                if (error) return callback(error);
+
+                notifyChange(exports.REGISTRY_CONFIG_KEY, registryConfig);
+
+                callback(null);
+            });
+        });
+    });
+}
+
+function getSysinfoConfig(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    settingsdb.get(exports.SYSINFO_CONFIG_KEY, function (error, value) {
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.SYSINFO_CONFIG_KEY]);
+        if (error) return callback(error);
+
+        callback(null, JSON.parse(value));
+    });
+}
+
+function setSysinfoConfig(sysinfoConfig, callback) {
+    assert.strictEqual(typeof sysinfoConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    sysinfo.testConfig(sysinfoConfig, function (error) {
+        if (error) return callback(error);
+
+        settingsdb.set(exports.SYSINFO_CONFIG_KEY, JSON.stringify(sysinfoConfig), function (error) {
+            if (error) return callback(error);
+
+            notifyChange(exports.SYSINFO_CONFIG_KEY, sysinfoConfig);
 
             callback(null);
         });
@@ -456,8 +509,8 @@ function getLicenseKey(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.LICENSE_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.LICENSE_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.LICENSE_KEY]);
+        if (error) return callback(error);
 
         callback(null, value);
     });
@@ -468,7 +521,7 @@ function setLicenseKey(licenseKey, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.set(exports.LICENSE_KEY, licenseKey, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.LICENSE_KEY, licenseKey);
 
@@ -480,8 +533,8 @@ function getCloudronId(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.CLOUDRON_ID_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.CLOUDRON_ID_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.CLOUDRON_ID_KEY]);
+        if (error) return callback(error);
 
         callback(null, value);
     });
@@ -492,7 +545,7 @@ function setCloudronId(cid, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.set(exports.CLOUDRON_ID_KEY, cid, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.CLOUDRON_ID_KEY, cid);
 
@@ -504,8 +557,8 @@ function getCloudronToken(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.get(exports.CLOUDRON_TOKEN_KEY, function (error, value) {
-        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(null, gDefaults[exports.CLOUDRON_TOKEN_KEY]);
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error && error.reason === BoxError.NOT_FOUND) return callback(null, gDefaults[exports.CLOUDRON_TOKEN_KEY]);
+        if (error) return callback(error);
 
         callback(null, value);
     });
@@ -516,7 +569,7 @@ function setCloudronToken(token, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.set(exports.CLOUDRON_TOKEN_KEY, token, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         notifyChange(exports.CLOUDRON_TOKEN_KEY, token);
 
@@ -528,7 +581,7 @@ function getAll(callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.getAll(function (error, settings) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         var result = _.extend({ }, gDefaults);
         settings.forEach(function (setting) { result[setting.name] = setting.value; });
@@ -539,7 +592,7 @@ function getAll(callback) {
         result[exports.DEMO_KEY] = !!result[exports.DEMO_KEY];
 
         // convert JSON objects
-        [exports.BACKUP_CONFIG_KEY, exports.PLATFORM_CONFIG_KEY, exports.EXTERNAL_LDAP_KEY ].forEach(function (key) {
+        [exports.BACKUP_CONFIG_KEY, exports.PLATFORM_CONFIG_KEY, exports.EXTERNAL_LDAP_KEY, exports.REGISTRY_CONFIG_KEY, exports.SYSINFO_CONFIG_KEY ].forEach(function (key) {
             result[key] = typeof result[key] === 'object' ? result[key] : safe.JSON.parse(result[key]);
         });
 
@@ -553,12 +606,15 @@ function initCache(callback) {
     getAll(function (error, allSettings) {
         if (error) return callback(error);
 
+        const provider = safe.fs.readFileSync(paths.PROVIDER_FILE, 'utf8');
+
         gCache = {
             apiServerOrigin: allSettings[exports.API_SERVER_ORIGIN_KEY],
             webServerOrigin: allSettings[exports.WEB_SERVER_ORIGIN_KEY],
             adminDomain: allSettings[exports.ADMIN_DOMAIN_KEY],
             adminFqdn: allSettings[exports.ADMIN_FQDN_KEY],
-            isDemo: allSettings[exports.DEMO_KEY]
+            isDemo: allSettings[exports.DEMO_KEY],
+            provider: provider ? provider.trim() : 'generic'
         };
 
         callback();
@@ -572,10 +628,10 @@ function setAdmin(adminDomain, adminFqdn, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.set(exports.ADMIN_DOMAIN_KEY, adminDomain, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         settingsdb.set(exports.ADMIN_FQDN_KEY, adminFqdn, function (error) {
-            if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             gCache.adminDomain = adminDomain;
             gCache.adminFqdn = adminFqdn;
@@ -590,7 +646,7 @@ function setApiServerOrigin(origin, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     settingsdb.set(exports.API_SERVER_ORIGIN_KEY, origin, function (error) {
-        if (error) return callback(new SettingsError(SettingsError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         gCache.apiServerOrigin = origin;
         notifyChange(exports.API_SERVER_ORIGIN_KEY, origin);
@@ -599,6 +655,7 @@ function setApiServerOrigin(origin, callback) {
     });
 }
 
+function provider() { return gCache.provider; }
 function apiServerOrigin() { return gCache.apiServerOrigin; }
 function webServerOrigin() { return gCache.webServerOrigin; }
 function adminDomain() { return gCache.adminDomain; }

src/settingsdb.js

@@ -10,8 +10,8 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    database = require('./database.js'),
-    DatabaseError = require('./databaseerror');
+    BoxError = require('./boxerror.js'),
+    database = require('./database.js');
 
 const SETTINGS_FIELDS = [ 'name', 'value' ].join(',');
 
@@ -20,8 +20,8 @@ function get(key, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query(`SELECT ${SETTINGS_FIELDS} FROM settings WHERE name = ?`, [ key ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Setting not found'));
 
         callback(null, result[0].value);
     });
@@ -29,7 +29,7 @@ function get(key, callback) {
 
 function getAll(callback) {
     database.query(`SELECT ${SETTINGS_FIELDS} FROM settings ORDER BY name`, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, results);
     });
@@ -41,7 +41,7 @@ function set(key, value, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('INSERT INTO settings (name, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value=VALUES(value)', [ key, value ], function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error)); // don't rely on affectedRows here since it gives 2
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error)); // don't rely on affectedRows here since it gives 2
 
         callback(null);
     });
@@ -49,7 +49,7 @@ function set(key, value, callback) {
 
 function clear(callback) {
     database.query('DELETE FROM settings', function (error) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(error);
     });

src/storage/filesystem.js

@@ -17,7 +17,7 @@ exports = module.exports = {
 };
 
 var assert = require('assert'),
-    BackupsError = require('../backups.js').BackupsError,
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:storage/filesystem'),
     EventEmitter = require('events'),
     fs = require('fs'),
@@ -35,7 +35,7 @@ function upload(apiConfig, backupFilePath, sourceStream, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     mkdirp(path.dirname(backupFilePath), function (error) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         safe.fs.unlinkSync(backupFilePath); // remove any hardlink
 
@@ -48,15 +48,15 @@ function upload(apiConfig, backupFilePath, sourceStream, callback) {
 
         fileStream.on('error', function (error) {
             debug('[%s] upload: out stream error.', backupFilePath, error);
-            callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
         });
 
         fileStream.on('finish', function () {
             // in test, upload() may or may not be called via sudo script
             const BACKUP_UID = parseInt(process.env.SUDO_UID, 10) || process.getuid();
 
-            if (!safe.fs.chownSync(backupFilePath, BACKUP_UID, BACKUP_UID)) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Unable to chown:' + safe.error.message));
-            if (!safe.fs.chownSync(path.dirname(backupFilePath), BACKUP_UID, BACKUP_UID)) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Unable to chown:' + safe.error.message));
+            if (!safe.fs.chownSync(backupFilePath, BACKUP_UID, BACKUP_UID)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to chown:' + safe.error.message));
+            if (!safe.fs.chownSync(path.dirname(backupFilePath), BACKUP_UID, BACKUP_UID)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to chown:' + safe.error.message));
 
             debug('upload %s: done.', backupFilePath);
 
@@ -72,7 +72,7 @@ function download(apiConfig, sourceFilePath, callback) {
 
     debug(`download: ${sourceFilePath}`);
 
-    if (!safe.fs.existsSync(sourceFilePath)) return callback(new BackupsError(BackupsError.NOT_FOUND, `File not found: ${sourceFilePath}`));
+    if (!safe.fs.existsSync(sourceFilePath)) return callback(new BoxError(BoxError.NOT_FOUND, `File not found: ${sourceFilePath}`));
 
     var fileStream = fs.createReadStream(sourceFilePath);
     callback(null, fileStream);
@@ -116,14 +116,14 @@ function copy(apiConfig, oldFilePath, newFilePath) {
     var events = new EventEmitter();
 
     mkdirp(path.dirname(newFilePath), function (error) {
-        if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return events.emit('done', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         events.emit('progress', `Copying ${oldFilePath} to ${newFilePath}`);
 
         // this will hardlink backups saving space
         var cpOptions = apiConfig.noHardlinks ? '-a' : '-al';
         shell.spawn('copy', '/bin/cp', [ cpOptions, oldFilePath, newFilePath ], { }, function (error) {
-            if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            if (error) return events.emit('done', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
             events.emit('done', null);
         });
@@ -141,9 +141,9 @@ function remove(apiConfig, filename, callback) {
     if (!stat) return callback();
 
     if (stat.isFile()) {
-        if (!safe.fs.unlinkSync(filename)) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.unlinkSync(filename)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, safe.error.message));
     } else if (stat.isDirectory()) {
-        if (!safe.fs.rmdirSync(filename)) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, safe.error.message));
+        if (!safe.fs.rmdirSync(filename)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, safe.error.message));
     }
 
     callback(null);
@@ -158,7 +158,7 @@ function removeDir(apiConfig, pathPrefix) {
     process.nextTick(() => events.emit('progress', `Removing directory ${pathPrefix}`));
 
     shell.spawn('removeDir', '/bin/rm', [ '-rf', pathPrefix ], { }, function (error) {
-        if (error) return events.emit('done', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        if (error) return events.emit('done', new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
         events.emit('done', null);
     });
@@ -170,21 +170,21 @@ function testConfig(apiConfig, callback) {
     assert.strictEqual(typeof apiConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (typeof apiConfig.backupFolder !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'backupFolder must be string'));
+    if (typeof apiConfig.backupFolder !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'backupFolder must be string', { field: 'backupFolder' }));
 
-    if (!apiConfig.backupFolder) return callback(new BackupsError(BackupsError.BAD_FIELD, 'backupFolder is required'));
+    if (!apiConfig.backupFolder) return callback(new BoxError(BoxError.BAD_FIELD, 'backupFolder is required', { field: 'backupFolder' }));
 
-    if ('noHardlinks' in apiConfig && typeof apiConfig.noHardlinks !== 'boolean') return callback(new BackupsError(BackupsError.BAD_FIELD, 'noHardlinks must be boolean'));
+    if ('noHardlinks' in apiConfig && typeof apiConfig.noHardlinks !== 'boolean') return callback(new BoxError(BoxError.BAD_FIELD, 'noHardlinks must be boolean', { field: 'noHardLinks' }));
 
-    if ('externalDisk' in apiConfig && typeof apiConfig.externalDisk !== 'boolean') return callback(new BackupsError(BackupsError.BAD_FIELD, 'externalDisk must be boolean'));
+    if ('externalDisk' in apiConfig && typeof apiConfig.externalDisk !== 'boolean') return callback(new BoxError(BoxError.BAD_FIELD, 'externalDisk must be boolean', { field: 'externalDisk' }));
 
     fs.stat(apiConfig.backupFolder, function (error, result) {
-        if (error) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Directory does not exist or cannot be accessed: ' + error.message));
-        if (!result.isDirectory()) return callback(new BackupsError(BackupsError.BAD_FIELD, 'Backup location is not a directory'));
+        if (error) return callback(new BoxError(BoxError.BAD_FIELD, 'Directory does not exist or cannot be accessed: ' + error.message), { field: 'backupFolder' });
+        if (!result.isDirectory()) return callback(new BoxError(BoxError.BAD_FIELD, 'Backup location is not a directory', { field: 'backupFolder' }));
 
         mkdirp(path.join(apiConfig.backupFolder, 'snapshot'), function (error) {
-            if (error && error.code === 'EACCES') return callback(new BackupsError(BackupsError.BAD_FIELD, `Access denied. Run "chown yellowtent:yellowtent ${apiConfig.backupFolder}" on the server`));
-            if (error) return callback(new BackupsError(BackupsError.BAD_FIELD, error.message));
+            if (error && error.code === 'EACCES') return callback(new BoxError(BoxError.BAD_FIELD, `Access denied. Run "chown yellowtent:yellowtent ${apiConfig.backupFolder}" on the server`, { field: 'backupFolder' }));
+            if (error) return callback(new BoxError(BoxError.BAD_FIELD, error.message, { field: 'backupFolder' }));
 
             callback(null);
         });

src/storage/gcs.js

@@ -22,7 +22,7 @@ exports = module.exports = {
 var assert = require('assert'),
     async = require('async'),
     backups = require('../backups.js'),
-    BackupsError = require('../backups.js').BackupsError,
+    BoxError = require('../boxerror.js'),
     debug = require('debug')('box:storage/gcs'),
     EventEmitter = require('events'),
     GCS = require('@google-cloud/storage').Storage,
@@ -68,7 +68,7 @@ function upload(apiConfig, backupFilePath, sourceStream, callback) {
     function done(error) {
         if (error) {
             debug('[%s] upload: gcp upload error.', backupFilePath, error);
-            return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error uploading ${backupFilePath}. Message: ${error.message} HTTP Code: ${error.code}`));
+            return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Error uploading ${backupFilePath}. Message: ${error.message} HTTP Code: ${error.code}`));
         }
 
         callback(null);
@@ -95,10 +95,10 @@ function download(apiConfig, backupFilePath, callback) {
     var readStream = file.createReadStream()
         .on('error', function(error) {
             if (error && error.code == 404){
-                ps.emit('error', new BackupsError(BackupsError.NOT_FOUND));
+                ps.emit('error', new BoxError(BoxError.NOT_FOUND));
             } else {
                 debug('[%s] download: gcp stream error.', backupFilePath, error);
-                ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error));
+                ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error));
             }
         })
     ;
@@ -143,7 +143,7 @@ function copy(apiConfig, oldFilePath, newFilePath) {
     assert.strictEqual(typeof oldFilePath, 'string');
     assert.strictEqual(typeof newFilePath, 'string');
 
-    var events = new EventEmitter(), retryCount = 0;
+    var events = new EventEmitter();
 
     function copyFile(entry, iteratorCallback) {
         var relativePath = path.relative(oldFilePath, entry.fullPath);
@@ -151,24 +151,20 @@ function copy(apiConfig, oldFilePath, newFilePath) {
         getBucket(apiConfig).file(entry.fullPath).copy(path.join(newFilePath, relativePath), function(error) {
             if (error) debug('copyBackup: gcs copy error', error);
 
-            if (error && error.code === 404) return iteratorCallback(new BackupsError(BackupsError.NOT_FOUND, 'Old backup not found'));
-            if (error) return iteratorCallback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            if (error && error.code === 404) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, 'Old backup not found'));
+            if (error) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
 
             iteratorCallback(null);
         });
-
-        events.emit('progress', `Copying ${relativePath}...`);
     }
 
-    const batchSize = -1;
-    var total = 0, concurrency = 4;
+    const batchSize = 1000, concurrency = 10;
+    var total = 0;
 
     listDir(apiConfig, oldFilePath, batchSize, function (entries, done) {
         total += entries.length;
 
-        if (retryCount === 0) concurrency = Math.min(concurrency + 1, 10); else concurrency = Math.max(concurrency - 1, 5);
-        events.emit('progress', `${retryCount} errors. concurrency set to ${concurrency}`);
-        retryCount = 0;
+        events.emit('progress', `Copying ${entries.length} files from ${entries[0].fullPath} to ${entries[entries.length-1].fullPath}. total: ${total}`);
 
         async.eachLimit(entries, concurrency, copyFile, done);
     }, function (error) {
@@ -197,17 +193,15 @@ function removeDir(apiConfig, pathPrefix) {
     assert.strictEqual(typeof apiConfig, 'object');
     assert.strictEqual(typeof pathPrefix, 'string');
 
-    var events = new EventEmitter(), retryCount = 0;
+    var events = new EventEmitter();
 
-    const batchSize = 1;
-    var total = 0, concurrency = 4;
+    const batchSize = 1000, concurrency = 10; // https://googleapis.dev/nodejs/storage/latest/Bucket.html#deleteFiles
+    var total = 0;
 
     listDir(apiConfig, pathPrefix, batchSize, function (entries, done) {
         total += entries.length;
 
-        if (retryCount === 0) concurrency = Math.min(concurrency + 1, 10); else concurrency = Math.max(concurrency - 1, 5);
-        events.emit('progress', `${retryCount} errors. concurrency set to ${concurrency}`);
-        retryCount = 0;
+        events.emit('progress', `Removing ${entries.length} files from ${entries[0].fullPath} to ${entries[entries.length-1].fullPath}. total: ${total}`);
 
         async.eachLimit(entries, concurrency, function (entry, iteratorCallback) {
             remove(apiConfig, entry.fullPath, iteratorCallback);
@@ -225,13 +219,13 @@ function testConfig(apiConfig, callback) {
     assert.strictEqual(typeof apiConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (typeof apiConfig.projectId !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'projectId must be a string'));
-    if (!apiConfig.credentials || typeof apiConfig.credentials !== 'object') return callback(new BackupsError(BackupsError.BAD_FIELD, 'credentials must be an object'));
-    if (typeof apiConfig.credentials.client_email !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'credentials.client_email must be a string'));
-    if (typeof apiConfig.credentials.private_key !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'credentials.private_key must be a string'));
+    if (typeof apiConfig.projectId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'projectId must be a string'));
+    if (!apiConfig.credentials || typeof apiConfig.credentials !== 'object') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials must be an object'));
+    if (typeof apiConfig.credentials.client_email !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.client_email must be a string'));
+    if (typeof apiConfig.credentials.private_key !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'credentials.private_key must be a string'));
 
-    if (typeof apiConfig.bucket !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'bucket must be a string'));
-    if (typeof apiConfig.prefix !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'prefix must be a string'));
+    if (typeof apiConfig.bucket !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'bucket must be a string'));
+    if (typeof apiConfig.prefix !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'prefix must be a string'));
 
     // attempt to upload and delete a file with new credentials
     var bucket = getBucket(apiConfig);
@@ -245,16 +239,16 @@ function testConfig(apiConfig, callback) {
     uploadStream.on('error', function(error) {
         debug('testConfig: failed uploading cloudron-testfile', error);
         if (error && error.code && (error.code == 403 || error.code == 404)) {
-            return callback(new BackupsError(BackupsError.BAD_FIELD, error.message));
+            return callback(new BoxError(BoxError.BAD_FIELD, error.message));
         }
 
-        return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+        return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
     });
 
     uploadStream.on('finish', function() {
         debug('testConfig: uploaded cloudron-testfile ' + JSON.stringify(arguments));
         bucket.file(path.join(apiConfig.prefix, 'cloudron-testfile')).delete(function(error) {
-            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message));
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message));
             debug('testConfig: deleted cloudron-testfile');
             callback();
         });

src/storage/s3.js

@@ -23,7 +23,7 @@ var assert = require('assert'),
     async = require('async'),
     AWS = require('aws-sdk'),
     backups = require('../backups.js'),
-    BackupsError = require('../backups.js').BackupsError,
+    BoxError = require('../boxerror.js'),
     chunk = require('lodash.chunk'),
     debug = require('debug')('box:storage/s3'),
     EventEmitter = require('events'),
@@ -101,7 +101,7 @@ function upload(apiConfig, backupFilePath, sourceStream, callback) {
         s3.upload(params, { partSize, queueSize: 1 }, function (error, data) {
             if (error) {
                 debug('Error uploading [%s]: s3 upload error.', backupFilePath, error);
-                return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error uploading ${backupFilePath}. Message: ${error.message} HTTP Code: ${error.code}`));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Error uploading ${backupFilePath}. Message: ${error.message} HTTP Code: ${error.code}`));
             }
 
             debug(`Uploaded ${backupFilePath}: ${JSON.stringify(data)}`);
@@ -131,10 +131,10 @@ function download(apiConfig, backupFilePath, callback) {
 
         multipartDownload.on('error', function (error) {
             if (S3_NOT_FOUND(error)) {
-                ps.emit('error', new BackupsError(BackupsError.NOT_FOUND, `Backup not found: ${backupFilePath}`));
+                ps.emit('error', new BoxError(BoxError.NOT_FOUND, `Backup not found: ${backupFilePath}`));
             } else {
                 debug(`download: ${apiConfig.bucket}:${backupFilePath} s3 stream error.`, error);
-                ps.emit('error', new BackupsError(BackupsError.EXTERNAL_ERROR, error.message || error.code)); // DO sets 'code'
+                ps.emit('error', new BoxError(BoxError.EXTERNAL_ERROR, error.message || error.code)); // DO sets 'code'
             }
         });
 
@@ -219,8 +219,8 @@ function copy(apiConfig, oldFilePath, newFilePath) {
             function done(error) {
                 if (error) debug(`copy: s3 copy error when copying ${entry.fullPath}: ${error}`);
 
-                if (error && S3_NOT_FOUND(error)) return iteratorCallback(new BackupsError(BackupsError.NOT_FOUND, `Old backup not found: ${entry.fullPath}`));
-                if (error) return iteratorCallback(new BackupsError(BackupsError.EXTERNAL_ERROR, `Error copying ${entry.fullPath} : ${error.code} ${error}`));
+                if (error && S3_NOT_FOUND(error)) return iteratorCallback(new BoxError(BoxError.NOT_FOUND, `Old backup not found: ${entry.fullPath}`));
+                if (error) return iteratorCallback(new BoxError(BoxError.EXTERNAL_ERROR, `Error copying ${entry.fullPath} : ${error.code} ${error}`));
 
                 iteratorCallback(null);
             }
@@ -405,13 +405,13 @@ function testConfig(apiConfig, callback) {
     assert.strictEqual(typeof apiConfig, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    if (typeof apiConfig.accessKeyId !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'accessKeyId must be a string'));
-    if (typeof apiConfig.secretAccessKey !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'secretAccessKey must be a string'));
+    if (typeof apiConfig.accessKeyId !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'accessKeyId must be a string', { field: 'accessKeyId' }));
+    if (typeof apiConfig.secretAccessKey !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'secretAccessKey must be a string', { field: 'secretAccessKey' }));
 
-    if (typeof apiConfig.bucket !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'bucket must be a string'));
-    if (typeof apiConfig.prefix !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'prefix must be a string'));
-    if ('signatureVersion' in apiConfig && typeof apiConfig.signatureVersion !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'signatureVersion must be a string'));
-    if ('endpoint' in apiConfig && typeof apiConfig.endpoint !== 'string') return callback(new BackupsError(BackupsError.BAD_FIELD, 'endpoint must be a string'));
+    if (typeof apiConfig.bucket !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'bucket must be a string', { field: 'bucket' }));
+    if (typeof apiConfig.prefix !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'prefix must be a string', { field: 'prefix' }));
+    if ('signatureVersion' in apiConfig && typeof apiConfig.signatureVersion !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'signatureVersion must be a string', { field: 'signatureVersion' }));
+    if ('endpoint' in apiConfig && typeof apiConfig.endpoint !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'endpoint must be a string', { field: 'endpoint' }));
 
     // attempt to upload and delete a file with new credentials
     getS3Config(apiConfig, function (error, credentials) {
@@ -425,7 +425,7 @@ function testConfig(apiConfig, callback) {
 
         var s3 = new AWS.S3(credentials);
         s3.putObject(params, function (error) {
-            if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message || error.code)); // DO sets 'code'
+            if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message || error.code)); // DO sets 'code'
 
             var params = {
                 Bucket: apiConfig.bucket,
@@ -433,7 +433,7 @@ function testConfig(apiConfig, callback) {
             };
 
             s3.deleteObject(params, function (error) {
-                if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error.message || error.code)); // DO sets 'code'
+                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error.message || error.code)); // DO sets 'code'
 
                 callback();
             });

src/support.js

@@ -2,47 +2,37 @@
 
 exports = module.exports = {
     getRemoteSupport: getRemoteSupport,
-    enableRemoteSupport: enableRemoteSupport,
-
-    SupportError: SupportError
+    enableRemoteSupport: enableRemoteSupport
 };
 
 let assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     constants = require('./constants.js'),
     shell = require('./shell.js'),
     once = require('once'),
     path = require('path'),
     paths = require('./paths.js'),
-    sysinfo = require('./sysinfo.js'),
-    util = require('util');
+    settings = require('./settings.js');
 
 // the logic here is also used in the cloudron-support tool
-var AUTHORIZED_KEYS_FILEPATH = constants.TEST ? path.join(paths.baseDir(), 'authorized_keys') : ((sysinfo.provider() === 'ec2' || sysinfo.provider() === 'lightsail' || sysinfo.provider() === 'ami') ? '/home/ubuntu/.ssh/authorized_keys' : '/root/.ssh/authorized_keys'),
-    AUTHORIZED_KEYS_USER = constants.TEST ? process.getuid() : ((sysinfo.provider() === 'ec2' || sysinfo.provider() === 'lightsail' || sysinfo.provider() === 'ami') ? 'ubuntu' : 'root'),
-    AUTHORIZED_KEYS_CMD = path.join(__dirname, 'scripts/remotesupport.sh');
+const AUTHORIZED_KEYS_CMD = path.join(__dirname, 'scripts/remotesupport.sh');
 
-function SupportError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+function sshInfo() {
+    let filePath, user;
 
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
+    if (constants.TEST) {
+        filePath = path.join(paths.baseDir(), 'authorized_keys');
+        user = process.getuid();
+    } else if (settings.provider() === 'ec2' || settings.provider() === 'lightsail' || settings.provider() === 'ami') {
+        filePath = '/home/ubuntu/.ssh/authorized_keys';
+        user = 'ubuntu';
     } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
+        filePath = '/root/.ssh/authorized_keys';
+        user = 'root';
     }
+
+    return { filePath, user };
 }
-util.inherits(SupportError, Error);
-SupportError.NOT_FOUND = 'Not found';
-SupportError.INVALID_KEY = 'Invalid key';
-SupportError.INTERNAL_ERROR = 'Internal Error';
 
 function getRemoteSupport(callback) {
     assert.strictEqual(typeof callback, 'function');
@@ -50,8 +40,8 @@ function getRemoteSupport(callback) {
     callback = once(callback); // exit may or may not be called after an 'error'
 
     let result = '';
-    let cp = shell.sudo('support', [ AUTHORIZED_KEYS_CMD, 'is-enabled', AUTHORIZED_KEYS_FILEPATH ], {}, function (error) {
-        if (error) callback(new SupportError(SupportError.INTERNAL_ERROR, error));
+    let cp = shell.sudo('support', [ AUTHORIZED_KEYS_CMD, 'is-enabled', sshInfo().filePath ], {}, function (error) {
+        if (error) callback(new BoxError(BoxError.FS_ERROR, error));
 
         callback(null, { enabled: result.trim() === 'true' });
     });
@@ -61,8 +51,9 @@ function getRemoteSupport(callback) {
 function enableRemoteSupport(enable, callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    shell.sudo('support', [ AUTHORIZED_KEYS_CMD, enable ? 'enable' : 'disable', AUTHORIZED_KEYS_FILEPATH, AUTHORIZED_KEYS_USER ], {}, function (error) {
-        if (error) callback(new SupportError(SupportError.INTERNAL_ERROR, error));
+    let si = sshInfo();
+    shell.sudo('support', [ AUTHORIZED_KEYS_CMD, enable ? 'enable' : 'disable', si.filePath, si.user ], {}, function (error) {
+        if (error) callback(new BoxError(BoxError.FS_ERROR, error));
 
         callback();
     });

src/sysinfo.js

@@ -1,76 +1,33 @@
 'use strict';
 
 exports = module.exports = {
-    SysInfoError: SysInfoError,
+    getServerIp: getServerIp,
+    testConfig: testConfig,
 
-    getPublicIp: getPublicIp,
-
-    hasIPv6: hasIPv6,
-    provider: provider
+    hasIPv6: hasIPv6
 };
 
 var assert = require('assert'),
-    ec2 = require('./sysinfo/ec2.js'),
     fs = require('fs'),
-    generic = require('./sysinfo/generic.js'),
-    paths = require('./paths.js'),
-    scaleway = require('./sysinfo/scaleway.js'),
-    safe = require('safetydance'),
-    util = require('util');
+    settings = require('./settings.js');
 
-function SysInfoError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+function api(provider) {
+    assert.strictEqual(typeof provider, 'string');
 
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(SysInfoError, Error);
-SysInfoError.INTERNAL_ERROR = 'Internal Error';
-SysInfoError.EXTERNAL_ERROR = 'External Error';
-
-let gProvider = null;
-
-
-function provider() {
-    if (gProvider) return gProvider;
-
-    gProvider = safe.fs.readFileSync(paths.PROVIDER_FILE, 'utf8');
-    if (!gProvider) return gProvider = 'generic';
-
-    return gProvider.trim();
-}
-
-function getApi(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    switch (provider()) {
-    case 'ec2': return callback(null, ec2);
-    case 'lightsail': return callback(null, ec2);
-    case 'ami': return callback(null, ec2);
-    case 'scaleway': return callback(null, scaleway);
-    default: return callback(null, generic);
+    switch (provider) {
+    case 'fixed': return require('./sysinfo/fixed.js');
+    case 'network-interface': return require('./sysinfo/network-interface.js');
+    default: return require('./sysinfo/generic.js');
     }
 }
 
-function getPublicIp(callback) {
+function getServerIp(callback) {
     assert.strictEqual(typeof callback, 'function');
 
-    getApi(function (error, api) {
+    settings.getSysinfoConfig(function (error, config) {
         if (error) return callback(error);
 
-        api.getPublicIp(callback);
+        api(config.provider).getServerIp(config, callback);
     });
 }
 
@@ -79,3 +36,10 @@ function hasIPv6() {
     // on contabo, /proc/net/if_inet6 is an empty file. so just exists is not enough
     return fs.existsSync(IPV6_PROC_FILE) && fs.readFileSync(IPV6_PROC_FILE, 'utf8').trim().length !== 0;
 }
+
+function testConfig(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    api(config.provider).testConfig(config, callback);
+}

src/sysinfo/ec2.js

@@ -1,21 +0,0 @@
-'use strict';
-
-exports = module.exports = {
-    getPublicIp: getPublicIp
-};
-
-var assert = require('assert'),
-    superagent = require('superagent'),
-    SysInfoError = require('../sysinfo.js').SysInfoError,
-    util = require('util');
-
-function getPublicIp(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    superagent.get('http://169.254.169.254/latest/meta-data/public-ipv4').timeout(30 * 1000).end(function (error, result) {
-        if (error) return callback(new SysInfoError(SysInfoError.INTERNAL_ERROR, error.status ? 'Request failed: ' + error.status : 'Network failure'));
-        if (result.statusCode !== 200) return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
-
-        callback(null, result.text);
-    });
-}

src/sysinfo/fixed.js

@@ -0,0 +1,27 @@
+'use strict';
+
+exports = module.exports = {
+    getServerIp,
+    testConfig
+};
+
+var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
+    validator = require('validator');
+
+function getServerIp(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    callback(null, config.ip);
+}
+
+function testConfig(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (typeof config.ip !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'ip must be a string'));
+    if (!validator.isIP(config.ip, 4)) return callback(new BoxError(BoxError.BAD_FIELD, 'ip is not a valid ipv4'));
+
+    callback(null);
+}

src/sysinfo/generic.js

@@ -1,15 +1,17 @@
 'use strict';
 
 exports = module.exports = {
-    getPublicIp: getPublicIp
+    getServerIp,
+    testConfig
 };
 
 var assert = require('assert'),
     async = require('async'),
-    superagent = require('superagent'),
-    SysInfoError = require('../sysinfo.js').SysInfoError;
+    BoxError = require('../boxerror.js'),
+    superagent = require('superagent');
 
-function getPublicIp(callback) {
+function getServerIp(config, callback) {
+    assert.strictEqual(typeof config, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     if (process.env.BOX_ENV === 'test') return callback(null, '127.0.0.1');
@@ -18,11 +20,11 @@ function getPublicIp(callback) {
         superagent.get('https://api.cloudron.io/api/v1/helper/public_ip').timeout(30 * 1000).end(function (error, result) {
             if (error || result.statusCode !== 200) {
                 console.error('Error getting IP', error);
-                return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, 'Unable to detect IP. API server unreachable'));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to detect IP. API server unreachable'));
             }
             if (!result.body && !result.body.ip) {
                 console.error('Unexpected answer. No "ip" found in response body.', result.body);
-                return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, 'Unable to detect IP. No IP found in response'));
+                return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Unable to detect IP. No IP found in response'));
             }
 
             callback(null, result.body.ip);
@@ -33,3 +35,10 @@ function getPublicIp(callback) {
         callback(null, result);
     });
 }
+
+function testConfig(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    callback(null);
+}

src/sysinfo/interface.js

@@ -7,14 +7,22 @@
 // -------------------------------------------
 
 exports = module.exports = {
-    getPublicIp: getPublicIp
+    getServerIp,
+    testConfig
 };
 
 var assert = require('assert');
 
-function getPublicIp(callback) {
+function getServerIp(config, callback) {
+    assert.strictEqual(typeo config, 'object');
     assert.strictEqual(typeof callback, 'function');
 
     callback(new Error('not implemented'));
 }
 
+function testConfig(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    callback(null);
+}

src/sysinfo/network-interface.js

@@ -0,0 +1,39 @@
+'use strict';
+
+exports = module.exports = {
+    getServerIp,
+    testConfig
+};
+
+var assert = require('assert'),
+    BoxError = require('../boxerror.js'),
+    debug = require('debug')('box:sysinfo/network-interface'),
+    os = require('os');
+
+function getServerIp(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    const ifaces = os.networkInterfaces();
+    const iface = ifaces[config.ifname]; // array of addresses
+    if (!iface) return callback(new BoxError(BoxError.NETWORK_ERROR, `No interface named ${config.ifname}`));
+
+    const addresses = iface.filter(i => i.family === 'IPv4').map(i => i.address);
+    if (addresses.length === 0) return callback(new BoxError(BoxError.NETWORK_ERROR, `${config.ifname} does not have any IPv4 address`));
+    if (addresses.length > 1) debug(`${config.ifname} has multiple ipv4 - ${JSON.stringify(addresses)}. choosing the first one.`);
+
+    return callback(null, addresses[0]);
+}
+
+function testConfig(config, callback) {
+    assert.strictEqual(typeof config, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (typeof config.ifname !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'ifname is not a string'));
+
+    getServerIp(config, function (error) {
+        if (error) return callback(error);
+
+        callback(null);
+    });
+}

src/sysinfo/scaleway.js

@@ -1,25 +0,0 @@
-'use strict';
-
-exports = module.exports = {
-    getPublicIp: getPublicIp
-};
-
-var assert = require('assert'),
-    superagent = require('superagent'),
-    SysInfoError = require('../sysinfo.js').SysInfoError,
-    util = require('util');
-
-function getPublicIp(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    superagent.get('http://169.254.42.42/conf').timeout(30 * 1000).end(function (error, result) {
-        if (error) return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, error.status ? 'Request failed: ' + error.status : 'Network failure'));
-        if (result.statusCode !== 200) return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
-
-        var kv = result.text.split('\n').filter(function (line) { return line.startsWith('PUBLIC_IP_ADDRESS='); });
-        if (kv.length !== 1) return callback(new SysInfoError(SysInfoError.EXTERNAL_ERROR, util.format('%s %j', result.status, result.body)));
-
-        callback(null, kv[0].split('=')[1]);
-    });
-}
-

src/taskdb.js

@@ -9,8 +9,8 @@ exports = module.exports = {
 };
 
 let assert = require('assert'),
+    BoxError = require('./boxerror.js'),
     database = require('./database.js'),
-    DatabaseError = require('./databaseerror'),
     safe = require('safetydance');
 
 const TASKS_FIELDS = [ 'id', 'type', 'argsJson', 'percent', 'message', 'errorJson', 'creationTime', 'resultJson', 'ts' ];
@@ -39,7 +39,7 @@ function add(task, callback) {
     const args = [ task.type, JSON.stringify(task.args), task.percent, task.message ];
 
     database.query(query, args, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         callback(null, String(result.insertId));
     });
@@ -64,8 +64,8 @@ function update(id, data, callback) {
     args.push(id);
 
     database.query('UPDATE tasks SET ' + fields.join(', ') + ' WHERE id = ?', args, function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Task not found'));
 
         return callback(null);
     });
@@ -76,8 +76,8 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('SELECT ' + TASKS_FIELDS + ' FROM tasks WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.length === 0) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.length === 0) return callback(new BoxError(BoxError.NOT_FOUND, 'Task not found'));
 
         postProcess(result[0]);
 
@@ -90,8 +90,8 @@ function del(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     database.query('DELETE FROM tasks WHERE id = ?', [ id ], function (error, result) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
-        if (result.affectedRows !== 1) return callback(new DatabaseError(DatabaseError.NOT_FOUND));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
+        if (result.affectedRows !== 1) return callback(new BoxError(BoxError.NOT_FOUND, 'Task not found'));
 
         callback(null);
     });
@@ -117,7 +117,7 @@ function listByTypePaged(type, page, perPage, callback) {
     data.push(perPage);
 
     database.query(query, data, function (error, results) {
-        if (error) return callback(new DatabaseError(DatabaseError.INTERNAL_ERROR, error));
+        if (error) return callback(new BoxError(BoxError.DATABASE_ERROR, error));
 
         results.forEach(postProcess);
 

src/tasks.js

@@ -16,8 +16,6 @@ exports = module.exports = {
 
     removePrivateFields: removePrivateFields,
 
-    TaskError: TaskError,
-
     // task types. if you add a task here, fill up the function table in taskworker
     TASK_APP: 'app',
     TASK_BACKUP: 'backup',
@@ -30,6 +28,7 @@ exports = module.exports = {
     // error codes
     ESTOPPED: 'stopped',
     ECRASHED: 'crashed',
+    ETIMEOUT: 'timeout',
 
     // testing
     _TASK_IDENTITY: '_identity',
@@ -40,44 +39,20 @@ exports = module.exports = {
 
 let assert = require('assert'),
     async = require('async'),
+    BoxError = require('./boxerror.js'),
     child_process = require('child_process'),
-    DatabaseError = require('./databaseerror.js'),
     debug = require('debug')('box:tasks'),
     paths = require('./paths.js'),
     safe = require('safetydance'),
     spawn = require('child_process').spawn,
     split = require('split'),
     taskdb = require('./taskdb.js'),
-    util = require('util'),
     _ = require('underscore');
 
 let gTasks = {}; // indexed by task id
 
 const NOOP_CALLBACK = function (error) { if (error) debug(error); };
 
-function TaskError(reason, errorOrMessage) {
-    assert.strictEqual(typeof reason, 'string');
-    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
-
-    Error.call(this);
-    Error.captureStackTrace(this, this.constructor);
-
-    this.name = this.constructor.name;
-    this.reason = reason;
-    if (typeof errorOrMessage === 'undefined') {
-        this.message = reason;
-    } else if (typeof errorOrMessage === 'string') {
-        this.message = errorOrMessage;
-    } else {
-        this.message = 'Internal error';
-        this.nestedError = errorOrMessage;
-    }
-}
-util.inherits(TaskError, Error);
-TaskError.INTERNAL_ERROR = 'Internal Error';
-TaskError.BAD_STATE = 'Bad State';
-TaskError.NOT_FOUND = 'Not Found';
-
 function postProcess(result) {
     assert.strictEqual(typeof result, 'object');
 
@@ -96,8 +71,7 @@ function get(id, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     taskdb.get(id, function (error, task) {
-        if (error && error.reason == DatabaseError.NOT_FOUND) return callback(new TaskError(TaskError.NOT_FOUND));
-        if (error) return callback(new TaskError(TaskError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         postProcess(task);
 
@@ -113,8 +87,7 @@ function update(id, task, callback) {
     debug(`${id}: ${JSON.stringify(task)}`);
 
     taskdb.update(id, task, function (error) {
-        if (error && error.reason == DatabaseError.NOT_FOUND) return callback(new TaskError(TaskError.NOT_FOUND));
-        if (error) return callback(new TaskError(TaskError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback();
     });
@@ -136,11 +109,11 @@ function setCompletedByType(type, task, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     listByTypePaged(type, 1, 1, function (error, results) {
-        if (error) return callback(new TaskError(TaskError.INTERNAL_ERROR, error));
-        if (results.length !== 1) return callback(new TaskError(TaskError.NOT_FOUND));
+        if (error) return callback(error);
+        if (results.length !== 1) return callback(new BoxError(BoxError.NOT_FOUND));
 
         setCompleted(results[0].id, task, function (error) {
-            if (error) return callback(new TaskError(TaskError.INTERNAL_ERROR, error));
+            if (error) return callback(error);
 
             callback();
         });
@@ -153,7 +126,7 @@ function add(type, args, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     taskdb.add({ type: type, percent: 0, message: 'Starting ...', args: args }, function (error, taskId) {
-        if (error) return callback(new TaskError(TaskError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         callback(null, taskId);
     });
@@ -168,21 +141,25 @@ function startTask(taskId, options, callback) {
     let fd = safe.fs.openSync(logFile, 'a'); // will autoclose. append is for apptask logs
     if (!fd) {
         debug(`startTask: unable to get log filedescriptor ${safe.error.message}`);
-        return callback(new TaskError(TaskError.INTERNAL_ERROR, safe.error));
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
     }
 
     debug(`startTask - starting task ${taskId}. logs at ${logFile}`);
 
+    let killTimerId = null, timedOut = false;
+
     gTasks[taskId] = child_process.fork(`${__dirname}/taskworker.js`, [ taskId ], { stdio: [ 'pipe', fd, fd, 'ipc' ]}); // fork requires ipc
     gTasks[taskId].once('exit', function (code, signal) {
         debug(`startTask: ${taskId} completed with code ${code} and signal ${signal}`);
 
+        if (options.timeout) clearTimeout(killTimerId);
+
         get(taskId, function (error, task) {
             let taskError;
             if (!error && task.percent !== 100) { // task crashed or was killed by us
                 taskError = {
-                    message: code === 0 ? `Task ${taskId} stopped` : `Task ${taskId} crashed with code ${code} and signal ${signal}`,
-                    code: code === 0 ? exports.ESTOPPED : exports.ECRASHED
+                    message: code === 0 ? `Task ${taskId} ${timedOut ? 'timed out' : 'stopped'}` : `Task ${taskId} crashed with code ${code} and signal ${signal}`,
+                    code: code === 0 ? (timedOut ? exports.ETIMEOUT : exports.ESTOPPED) : exports.ECRASHED
                 };
                 // note that despite the update() here, we should handle the case where the box code was restarted and never got taskworker exit
                 setCompleted(taskId, { error: taskError }, NOOP_CALLBACK);
@@ -199,13 +176,21 @@ function startTask(taskId, options, callback) {
             debug(`startTask: ${taskId} done`);
         });
     });
+
+    if (options.timeout) {
+        killTimerId = setTimeout(function () {
+            debug(`startTask: task ${taskId} took too long. killing`);
+            timedOut = true;
+            stopTask(taskId, NOOP_CALLBACK);
+        }, options.timeout);
+    }
 }
 
 function stopTask(id, callback) {
     assert.strictEqual(typeof id, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    if (!gTasks[id]) return callback(new TaskError(TaskError.BAD_STATE, 'task is not active'));
+    if (!gTasks[id]) return callback(new BoxError(BoxError.BAD_STATE, 'task is not active'));
 
     debug(`stopTask: stopping task ${id}`);
 
@@ -229,7 +214,7 @@ function listByTypePaged(type, page, perPage, callback) {
     assert.strictEqual(typeof callback, 'function');
 
     taskdb.listByTypePaged(type, page, perPage, function (error, tasks) {
-        if (error) return callback(new TaskError(TaskError.INTERNAL_ERROR, error));
+        if (error) return callback(error);
 
         tasks.forEach(postProcess);
 

src/taskworker.js

@@ -9,7 +9,7 @@ var apptask = require('./apptask.js'),
     database = require('./database.js'),
     debug = require('debug')('box:taskworker'),
     domains = require('./domains.js'),
-    externalldap = require('./externalldap.js'),
+    externalLdap = require('./externalldap.js'),
     reverseProxy = require('./reverseproxy.js'),
     settings = require('./settings.js'),
     tasks = require('./tasks.js'),
@@ -24,7 +24,7 @@ const TASKS = { // indexed by task type
     renewcerts: reverseProxy.renewCerts,
     prepareDashboardDomain: domains.prepareDashboardDomain,
     cleanBackups: backups.cleanup,
-    syncExternalLdap: externalldap.sync,
+    syncExternalLdap: externalLdap.sync,
 
     _identity: (arg, progressCallback, callback) => callback(null, arg),
     _error: (arg, progressCallback, callback) => callback(new Error(`Failed for arg: ${arg}`)),

src/test/apps-test.js

@@ -7,8 +7,8 @@
 
 var appdb = require('../appdb.js'),
     apps = require('../apps.js'),
-    AppsError = apps.AppsError,
     async = require('async'),
+    BoxError = require('../boxerror.js'),
     database = require('../database.js'),
     domains = require('../domains.js'),
     expect = require('expect.js'),
@@ -113,7 +113,7 @@ describe('Apps', function () {
         portBindings: { PORT: 5678 },
         accessRestriction: null,
         memoryLimit: 0,
-        robotsTxt: null,
+        reverseProxyConfig: null,
         sso: false,
         env: {
             'CUSTOM_KEY': 'CUSTOM_VALUE'
@@ -155,7 +155,7 @@ describe('Apps', function () {
         portBindings: {},
         accessRestriction: { users: [ 'someuser', USER_0.id ], groups: [ GROUP_1.id ] },
         memoryLimit: 0,
-        robotsTxt: null,
+        reverseProxyConfig: null,
         sso: false,
         env: {},
         dataDir: '',
@@ -217,7 +217,7 @@ describe('Apps', function () {
         it('cannot get invalid app', function (done) {
             apps.get('nope', function (error) {
                 expect(error).to.be.ok();
-                expect(error.reason).to.be(AppsError.NOT_FOUND);
+                expect(error.reason).to.be(BoxError.NOT_FOUND);
                 done();
             });
         });

src/test/appstore-test.js

@@ -9,7 +9,7 @@
 
 var async = require('async'),
     appstore = require('../appstore.js'),
-    AppstoreError = appstore.AppstoreError,
+    BoxError = require('../boxerror.js'),
     database = require('../database.js'),
     expect = require('expect.js'),
     nock = require('nock'),
@@ -31,6 +31,7 @@ function setup(done) {
         database._clear,
         settings._setApiServerOrigin.bind(null, MOCK_API_SERVER_ORIGIN),
         settings.setAdmin.bind(null, ADMIN_DOMAIN, 'my.' + ADMIN_DOMAIN),
+        settings.initCache
     ], done);
 }
 
@@ -52,7 +53,7 @@ describe('Appstore', function () {
     it('cannot send alive status without registering', function (done) {
         appstore.sendAliveStatus(function (error) {
             expect(error).to.be.ok();
-            expect(error.reason).to.equal(AppstoreError.NOT_REGISTERED);
+            expect(error.reason).to.equal(BoxError.LICENSE_ERROR); // missing token
             done();
         });
     });
@@ -81,6 +82,7 @@ describe('Appstore', function () {
                 expect(body.backendSettings.mailConfig.relayProviders).to.be.an('array');
                 expect(body.backendSettings.appAutoupdatePattern).to.be.a('string');
                 expect(body.backendSettings.boxAutoupdatePattern).to.be.a('string');
+                expect(body.backendSettings.sysinfoProvider).to.be.a('string');
                 expect(body.backendSettings.timeZone).to.be.a('string');
                 expect(body.machine).to.be.an('object');
                 expect(body.machine.cpus).to.be.an('array');

src/test/backups-test.js

@@ -9,9 +9,9 @@
 var async = require('async'),
     backupdb = require('../backupdb.js'),
     backups = require('../backups.js'),
+    BoxError = require('../boxerror.js'),
     createTree = require('./common.js').createTree,
     database = require('../database'),
-    DatabaseError = require('../databaseerror.js'),
     DataLayout = require('../datalayout.js'),
     expect = require('expect.js'),
     fs = require('fs'),
@@ -20,7 +20,6 @@ var async = require('async'),
     path = require('path'),
     rimraf = require('rimraf'),
     settings = require('../settings.js'),
-    SettingsError = require('../settings.js').SettingsError,
     tasks = require('../tasks.js');
 
 function createBackup(callback) {
@@ -171,8 +170,8 @@ describe('backups', function () {
 
                         // check that app backups are gone as well
                         backupdb.get(BACKUP_0_APP_0.id, function (error) {
-                            expect(error).to.be.a(DatabaseError);
-                            expect(error.reason).to.equal(DatabaseError.NOT_FOUND);
+                            expect(error).to.be.a(BoxError);
+                            expect(error.reason).to.equal(BoxError.NOT_FOUND);
 
                             done();
                         });
@@ -291,8 +290,8 @@ describe('backups', function () {
 
         it('fails to set backup config for non-existing folder', function (done) {
             settings.setBackupConfig(gBackupConfig, function (error) {
-                expect(error).to.be.a(SettingsError);
-                expect(error.reason).to.equal(SettingsError.BAD_FIELD);
+                expect(error).to.be.a(BoxError);
+                expect(error.reason).to.equal(BoxError.BAD_FIELD);
 
                 done();
             });
@@ -313,7 +312,6 @@ describe('backups', function () {
             if (require('child_process').execSync('/usr/bin/mysqldump --version').toString().indexOf('MariaDB') !== -1) return done();
 
             createBackup(function (error, result) {
-console.dir(error);
                 expect(error).to.be(null);
                 expect(fs.statSync(path.join(gBackupConfig.backupFolder, 'snapshot/box.tar.gz')).nlink).to.be(2); // hard linked to a rotated backup
                 expect(fs.statSync(path.join(gBackupConfig.backupFolder, `${result.id}.tar.gz`)).nlink).to.be(2);