carta-controller 2.0.2 → 2.0.5

package/config/config_schema.json

@@ -187,7 +187,7 @@
                 "ldapOptions": {
                     "description": "Options to path through to the LDAP auth instance",
                     "type": "object",
-                    "additionalProperties": false,
+                    "additionalProperties": true,
                     "required": [
                         "url",
                         "searchBase"
@@ -217,6 +217,39 @@
                             "description": "Whether to automatically reconnect to LDAP",
                             "type": "boolean",
                             "default": true
+                        },
+                        "bindProperty": {
+                            "description": "Property of the LDAP user object to use when binding to verify the password",
+                            "type": "string",
+                            "default": "dn"
+                        },
+                        "searchScope" : {
+                            "description": "Scope of the search",
+                            "type": "string",
+                            "enum": ["base", "one", "sub"],
+                            "default": "sub"
+                        },
+                        "bindDN": {
+                            "description": "Admin connection DN, e.g. uid=myapp,ou=users,dc=example,dc=org. If not given at all, admin client is not bound.",
+                            "type": "string"
+                        },
+                        "bindCredentials": {
+                            "description": "Password for bindDN",
+                            "type": "string"
+                        },
+                        "cache": {
+                            "description": "If true, then up to 100 credentials at a time will be cached for 5 minutes",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "strictDN": {
+                            "description": "Force strict DN parsing for client methods",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        "idleTimeout": {
+                            "description": "Milliseconds after last activity before client emits idle event",
+                            "type": "number"
                         }
                     }
                 }
@@ -422,6 +455,11 @@
             ],
             "default": "/usr/bin/carta_backend"
         },
+        "preserveEnv": {
+            "description": "Use the --preserve-env argument when calling sudo",
+            "type": "boolean",
+            "default": true
+        },
         "killCommand": {
             "description": "Path to CARTA kill script",
             "type": "string",

package/dist/auth/ldap.js

@@ -4,6 +4,7 @@ exports.getLdapLoginHandler = void 0;
 const userid = require("userid");
 const LdapAuth = require("ldapauth-fork");
 const local_1 = require("./local");
+const util_1 = require("../util");
 let ldap;
 function getLdapLoginHandler(authConf) {
     ldap = new LdapAuth(authConf.ldapOptions);
@@ -28,19 +29,20 @@ function getLdapLoginHandler(authConf) {
         const handleAuth = (err, user) => {
             if (err) {
                 console.error(err);
-            }
-            if (err || (user === null || user === void 0 ? void 0 : user.uid) !== username) {
                 return res.status(403).json({ statusCode: 403, message: "Invalid username/password combo" });
             }
-            else {
-                try {
-                    const uid = userid.uid(username);
-                    console.log(`Authenticated as user ${username} with uid ${uid} using LDAP`);
-                    return local_1.addTokensToResponse(authConf, username, res);
-                }
-                catch (e) {
-                    return res.status(403).json({ statusCode: 403, message: "User does not exist" });
-                }
+            if ((user === null || user === void 0 ? void 0 : user.uid) !== username) {
+                console.warn(`Returned user "uid ${user === null || user === void 0 ? void 0 : user.uid}" does not match username "${username}"`);
+                util_1.verboseLog(user);
+            }
+            try {
+                const uid = userid.uid(username);
+                console.log(`Authenticated as user ${username} with uid ${uid} using LDAP`);
+                return local_1.addTokensToResponse(authConf, username, res);
+            }
+            catch (e) {
+                util_1.verboseError(e);
+                return res.status(403).json({ statusCode: 403, message: "User does not exist" });
             }
         };
         ldap.authenticate(username, password, (error, user) => {

package/dist/auth/ldap.js.map

@@ -1 +1 @@
-{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AACjC,0CAA0C;AAE1C,mCAA4C;AAG5C,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,MAAC,IAAY,0CAAE,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;SAC3C;aAAM;YACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;SACxC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE;gBACL,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;aACtB;YACD,IAAI,GAAG,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE;gBAC/B,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;iBAAM;gBACH,IAAI;oBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;oBAC5E,OAAO,2BAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;iBACvD;gBAAC,OAAO,CAAC,EAAE;oBACR,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;iBAClF;aACJ;QACL,CAAC,CAAA;QAED,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE;gBAC1D,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC1D,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;aACX;iBAAM;gBACH,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aAC3B;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAtDD,kDAsDC"}
+{"version":3,"file":"ldap.js","sourceRoot":"","sources":["../../src/auth/ldap.ts"],"names":[],"mappings":";;;AACA,iCAAiC;AACjC,0CAA0C;AAE1C,mCAA4C;AAC5C,kCAAiD;AAGjD,IAAI,IAAc,CAAC;AAEnB,SAAgB,mBAAmB,CAAC,QAA6B;IAC7D,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1D,UAAU,CAAC,GAAG,EAAE;;QACZ,MAAM,aAAa,GAAG,MAAA,MAAC,IAAY,0CAAE,WAAW,0CAAE,SAAS,CAAC;QAC5D,IAAI,aAAa,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;SAC3C;aAAM;YACH,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;SACxC;IACL,CAAC,EAAE,IAAI,CAAC,CAAC;IAET,OAAO,CAAC,GAAoB,EAAE,GAAqB,EAAE,EAAE;;QACnD,IAAI,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,QAAQ,CAAC;QAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE;YACxB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,yBAAyB,EAAC,CAAC,CAAC;SACtF;QAED,MAAM,UAAU,GAAG,CAAC,GAAmB,EAAE,IAAS,EAAE,EAAE;YAClD,IAAI,GAAG,EAAE;gBACL,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACnB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,iCAAiC,EAAC,CAAC,CAAC;aAC9F;YACD,IAAI,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,MAAK,QAAQ,EAAE;gBACxB,OAAO,CAAC,IAAI,CAAC,sBAAsB,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,GAAG,8BAA8B,QAAQ,GAAG,CAAC,CAAC;gBACvF,iBAAU,CAAC,IAAI,CAAC,CAAC;aACpB;YACD,IAAI;gBACA,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,yBAAyB,QAAQ,aAAa,GAAG,aAAa,CAAC,CAAC;gBAC5E,OAAO,2BAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;aACvD;YAAC,OAAO,CAAC,EAAE;gBACR,mBAAY,CAAC,CAAC,CAAC,CAAC;gBAChB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAC,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,EAAC,CAAC,CAAC;aAClF;QACL,CAAC,CAAA;QAED,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;;YAClD,MAAM,QAAQ,GAAG,KAAc,CAAC;YAChC,oDAAoD;YACpD,IAAI,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,EAAE;gBAC1D,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,IAAI,GAAG,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;gBAC1C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC1D,+CAA+C;gBAC/C,UAAU,CAAC,GAAG,EAAE;oBACZ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;gBACtD,CAAC,EAAE,GAAG,CAAC,CAAC;aACX;iBAAM;gBACH,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aAC3B;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACN,CAAC;AAxDD,kDAwDC"}

package/dist/config.js

@@ -1,7 +1,7 @@
 "use strict";
 var _a, _b;
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.testUser = exports.RuntimeConfig = exports.ServerConfig = void 0;
+exports.verboseOutput = exports.testUser = exports.RuntimeConfig = exports.ServerConfig = void 0;
 const yargs = require("yargs");
 const url = require("url");
 const fs = require("fs");
@@ -23,11 +23,17 @@ const argv = yargs.options({
         alias: "t",
         requiresArg: true,
         description: "Test configuration with the provided user"
+    },
+    verbose: {
+        type: "boolean",
+        alias: "v"
     }
 }).argv;
 const usingCustomConfig = argv.config !== defaultConfigPath;
 const testUser = argv.test;
 exports.testUser = testUser;
+const verboseOutput = argv.verbose;
+exports.verboseOutput = verboseOutput;
 const configSchema = require("../config/config_schema.json");
 const ajv = new ajv_1.default({ useDefaults: false, allowUnionTypes: true });
 const ajvWithDefaults = new ajv_1.default({ useDefaults: true, allowUnionTypes: true });

package/dist/controllerTests.js

@@ -40,7 +40,7 @@ function runTests(username) {
         }
         yield testDatabase();
         if (config_1.ServerConfig.logFileTemplate) {
-            testLog(username);
+            yield testLog(username);
         }
         testFrontend();
         const backendProcess = yield testBackendStartup(username);
@@ -49,20 +49,21 @@ function runTests(username) {
 }
 exports.runTests = runTests;
 function testLog(username) {
-    const logLocation = config_1.ServerConfig.logFileTemplate
-        .replace("{username}", username)
-        .replace("{pid}", "9999")
-        .replace("{datetime}", moment().format("YYYYMMDD.h_mm_ss"));
-    try {
-        const logStream = fs.createWriteStream(logLocation, { flags: "a" });
-        logStream.write("test");
-        logStream.close();
-        fs.unlinkSync(logLocation);
-        console.log(logSymbols.success, `Checked log writing for user ${username}`);
-    }
-    catch (err) {
-        throw new Error(`Could not create log file at ${logLocation} for user ${username}. Please check your config file's logFileTemplate option`);
-    }
+    return __awaiter(this, void 0, void 0, function* () {
+        const logLocation = config_1.ServerConfig.logFileTemplate.replace("{username}", username).replace("{pid}", "9999").replace("{datetime}", moment().format("YYYYMMDD.h_mm_ss"));
+        try {
+            const logStream = fs.createWriteStream(logLocation, { flags: "a" });
+            // Transform callbacks into awaits
+            yield new Promise(res => logStream.write("test", res));
+            yield new Promise(res => logStream.end(res));
+            fs.unlinkSync(logLocation);
+            console.log(logSymbols.success, `Checked log writing for user ${username}`);
+        }
+        catch (err) {
+            util_1.verboseError(err);
+            throw new Error(`Could not create log file at ${logLocation} for user ${username}. Please check your config file's logFileTemplate option`);
+        }
+    });
 }
 function testLdap(authConf, username) {
     return new Promise((resolve, reject) => {
@@ -72,12 +73,17 @@ function testLdap(authConf, username) {
                 ldap = new LdapAuth(authConf.ldapOptions);
                 setTimeout(() => {
                     read({ prompt: `Password for user ${username}:`, silent: true }, (er, password) => {
-                        ldap.authenticate(username, password, (error, result) => {
+                        ldap.authenticate(username, password, (error, user) => {
                             if (error) {
+                                util_1.verboseError(error);
                                 reject(new Error(`Could not authenticate as user ${username}. Please check your config file's ldapOptions section!`));
                             }
                             else {
                                 console.log(logSymbols.success, `Checked LDAP connection for user ${username}`);
+                                if ((user === null || user === void 0 ? void 0 : user.uid) !== username) {
+                                    console.warn(logSymbols.warning, `Returned user "uid ${user === null || user === void 0 ? void 0 : user.uid}" does not match username "${username}"`);
+                                    util_1.verboseLog(user);
+                                }
                                 resolve();
                             }
                         });
@@ -85,6 +91,7 @@ function testLdap(authConf, username) {
                 }, 5000);
             }
             catch (e) {
+                util_1.verboseError(e);
                 reject(new Error("Cannot create LDAP object. Please check your config file's ldapOptions section!"));
             }
         }
@@ -97,10 +104,11 @@ function testPam(authConf, username) {
             read({ prompt: `Password for user ${username}:`, silent: true }, (er, password) => {
                 pamAuthenticate({ username, password }, (err, code) => {
                     if (err) {
-                        reject(new Error(`Could not authenticate as user ${username}`));
+                        util_1.verboseError(err);
+                        reject(new Error(`Could not authenticate as user ${username}. Error code ${code}`));
                     }
                     else {
-                        console.log(logSymbols.success, `Checked LDAP connection for user ${username}`);
+                        console.log(logSymbols.success, `Checked PAM connection for user ${username}`);
                         resolve();
                     }
                 });
@@ -116,6 +124,7 @@ function testDatabase() {
             yield db.listCollections({}, { nameOnly: true }).hasNext();
         }
         catch (e) {
+            util_1.verboseError(e);
             throw new Error("Cannot connect to MongoDB. Please check your config file's database section!");
         }
         console.log(logSymbols.success, "Checked database connection");
@@ -127,6 +136,7 @@ function testUid(username) {
         uid = userid.uid(username);
     }
     catch (e) {
+        util_1.verboseError(e);
         throw new Error(`Cannot verify uid of user ${username}`);
     }
     if (!uid) {
@@ -140,7 +150,7 @@ function testToken(authConf, username) {
         token = local_1.generateToken(authConf, username, false);
     }
     catch (e) {
-        console.log(e);
+        util_1.verboseError(e);
         throw new Error(`Cannot generate access token. Please check your config file's ldap auth section!`);
     }
     if (!token) {
@@ -157,6 +167,7 @@ function testFrontend() {
         indexContents = fs.readFileSync(config_1.ServerConfig.frontendPath + "/index.html").toString();
     }
     catch (e) {
+        util_1.verboseError(e);
         throw new Error(`Cannot access frontend at ${config_1.ServerConfig.frontendPath}`);
     }
     if (!indexContents) {
@@ -169,24 +180,36 @@ function testFrontend() {
 function testBackendStartup(username) {
     return __awaiter(this, void 0, void 0, function* () {
         const port = config_1.ServerConfig.backendPorts.max - 1;
-        let args = [
-            "--preserve-env=CARTA_AUTH_TOKEN",
-            "-u", `${username}`,
+        let args = [];
+        if (config_1.ServerConfig.preserveEnv) {
+            args.push("--preserve-env=CARTA_AUTH_TOKEN");
+        }
+        args = args.concat([
+            "-n",
+            "-u",
+            `${username}`,
             config_1.ServerConfig.processCommand,
-            "--no_http", "true",
-            "--debug_no_auth", "true",
-            "--no_log", config_1.ServerConfig.logFileTemplate ? "true" : "false",
-            "--port", `${port}`,
-            "--top_level_folder", config_1.ServerConfig.rootFolderTemplate.replace("{username}", username),
-            config_1.ServerConfig.baseFolderTemplate.replace("{username}", username),
-        ];
+            "--no_http",
+            "--debug_no_auth",
+            "--port",
+            `${port}`,
+            "--top_level_folder",
+            config_1.ServerConfig.rootFolderTemplate.replace("{username}", username)
+        ]);
+        if (config_1.ServerConfig.logFileTemplate) {
+            args.push("--no_log");
+        }
         if (config_1.ServerConfig.additionalArgs) {
             args = args.concat(config_1.ServerConfig.additionalArgs);
         }
-        const backendProcess = child_process_1.spawn("sudo", args);
+        // Finally, add the positional argument for the base folder
+        args.push(config_1.ServerConfig.baseFolderTemplate.replace("{username}", username));
+        util_1.verboseLog(`running sudo ${args.join(" ")}`);
+        // Use same stdout and stderr stream for the backend process
+        const backendProcess = child_process_1.spawn("sudo", args, { stdio: "inherit" });
         yield util_1.delay(2000);
         if (backendProcess.signalCode) {
-            throw new Error("Backend process terminated. Please check your sudoers config, processCommand option and additionalArgs section");
+            throw new Error(`Backend process terminated with code ${backendProcess.signalCode}. Please check your sudoers config, processCommand option and additionalArgs section`);
         }
         else {
             console.log(logSymbols.success, "Backend process started successfully");
@@ -210,11 +233,13 @@ function testBackendStartup(username) {
 function testKillScript(username, existingProcess) {
     return __awaiter(this, void 0, void 0, function* () {
         if (existingProcess.signalCode) {
-            throw new Error("Backend process already killed");
+            throw new Error(`Backend process already killed, signal code ${existingProcess.signalCode}`);
         }
-        const res = child_process_1.spawnSync("sudo", ["-u", `${username}`, config_1.ServerConfig.killCommand, `${existingProcess.pid}`]);
+        const args = ["-u", `${username}`, config_1.ServerConfig.killCommand, `${existingProcess.pid}`];
+        util_1.verboseLog(`running sudo ${args.join(" ")}`);
+        const res = child_process_1.spawnSync("sudo", args);
         if (res.status) {
-            throw new Error("Cannot execute kill script. Please check your killCommand option");
+            throw new Error(`Cannot execute kill script (error status ${res.status}. Please check your killCommand option`);
         }
         // Delay to allow the parent process to exit
         yield util_1.delay(1000);

package/dist/database.js

@@ -66,7 +66,7 @@ function initDB() {
                 console.log(`Connected to server ${config_1.ServerConfig.database.uri} and database ${config_1.ServerConfig.database.databaseName}`);
             }
             catch (err) {
-                console.log(err);
+                util_1.verboseError(err);
                 console.error("Error connecting to database");
                 process.exit(1);
             }
@@ -96,7 +96,7 @@ function handleGetPreferences(req, res, next) {
             }
         }
         catch (err) {
-            console.log(err);
+            util_1.verboseError(err);
             return next({ statusCode: 500, message: "Problem retrieving preferences" });
         }
     });
@@ -131,7 +131,7 @@ function handleSetPreferences(req, res, next) {
             }
         }
         catch (err) {
-            console.log(err.errmsg);
+            util_1.verboseError(err);
             return next({ statusCode: 500, message: err.errmsg });
         }
     });
@@ -164,7 +164,7 @@ function handleClearPreferences(req, res, next) {
             }
         }
         catch (err) {
-            console.log(err);
+            util_1.verboseError(err);
             return next({ statusCode: 500, message: "Problem clearing preferences" });
         }
     });
@@ -188,7 +188,7 @@ function handleGetLayouts(req, res, next) {
             res.json({ success: true, layouts });
         }
         catch (err) {
-            console.log(err);
+            util_1.verboseError(err);
             return next({ statusCode: 500, message: "Problem retrieving layouts" });
         }
     });
@@ -223,7 +223,7 @@ function handleSetLayout(req, res, next) {
             }
         }
         catch (err) {
-            console.log(err.errmsg);
+            util_1.verboseError(err);
             return next({ statusCode: 500, message: err.errmsg });
         }
     });

package/dist/serverHandlers.js

@@ -81,6 +81,7 @@ function nextAvailablePort() {
                     }
                 }
                 catch (err) {
+                    util_1.verboseError(err);
                     console.log(`Error checking status for port ${p}: ${err.message}`);
                 }
             }
@@ -146,6 +147,7 @@ function handleStartServer(req, res, next) {
                     }
                 }
                 catch (e) {
+                    util_1.verboseError(e);
                     console.log(`Error killing existing process belonging to user ${username}`);
                     return next({ statusCode: 400, message: "Problem killing existing process" });
                 }
@@ -160,6 +162,7 @@ function handleStartServer(req, res, next) {
                 return res.json({ success: true });
             }
             catch (e) {
+                util_1.verboseError(e);
                 return next(e);
             }
         }
@@ -173,19 +176,29 @@ function startServer(username) {
             if (port < 0) {
                 throw { statusCode: 500, message: "No available ports for the backend process" };
             }
-            let args = [
-                "--preserve-env=CARTA_AUTH_TOKEN",
-                "-u", `${username}`,
+            let args = [];
+            if (config_1.ServerConfig.preserveEnv) {
+                args.push("--preserve-env=CARTA_AUTH_TOKEN");
+            }
+            args = args.concat([
+                "-n",
+                "-u",
+                `${username}`,
                 config_1.ServerConfig.processCommand,
-                "--no_http", "true",
-                "--no_log", config_1.ServerConfig.logFileTemplate ? "true" : "false",
-                "--port", `${port}`,
-                "--top_level_folder", config_1.ServerConfig.rootFolderTemplate.replace("{username}", username),
-                config_1.ServerConfig.baseFolderTemplate.replace("{username}", username),
-            ];
+                "--no_http",
+                "--port",
+                `${port}`,
+                "--top_level_folder",
+                config_1.ServerConfig.rootFolderTemplate.replace("{username}", username)
+            ]);
+            if (config_1.ServerConfig.logFileTemplate) {
+                args.push("--no_log");
+            }
             if (config_1.ServerConfig.additionalArgs) {
                 args = args.concat(config_1.ServerConfig.additionalArgs);
             }
+            // Finally, add the positional argument for the base folder
+            args.push(config_1.ServerConfig.baseFolderTemplate.replace("{username}", username));
             const headerToken = uuid_1.v4();
             const child = child_process_1.spawn("sudo", args, { env: { CARTA_AUTH_TOKEN: headerToken } });
             setPendingProcess(username, port, headerToken, child);
@@ -209,6 +222,7 @@ function startServer(username) {
                     });
                 }
                 catch (err) {
+                    util_1.verboseError(err);
                     console.error(`Could not create log file at ${logLocation}. Please ensure folder exists and permissions are set correctly`);
                 }
             }
@@ -228,7 +242,7 @@ function startServer(username) {
             child.on("exit", code => {
                 console.log(`Process ${child.pid} exited with code ${code} and signal ${child.signalCode}`);
                 deleteProcess(username);
-                logStream === null || logStream === void 0 ? void 0 : logStream.close();
+                logStream === null || logStream === void 0 ? void 0 : logStream.end();
             });
             // Check for early exit of backend process
             yield util_1.delay(config_1.ServerConfig.startDelay);
@@ -242,8 +256,9 @@ function startServer(username) {
             }
         }
         catch (e) {
+            util_1.verboseError(e);
             console.log(`Problem starting process for user ${username}`);
-            logStream === null || logStream === void 0 ? void 0 : logStream.close();
+            logStream === null || logStream === void 0 ? void 0 : logStream.end();
             if (e.statusCode && e.message) {
                 throw e;
             }
@@ -276,6 +291,7 @@ function handleStopServer(req, res, next) {
             }
         }
         catch (e) {
+            util_1.verboseError(e);
             console.log(`Error killing existing process belonging to user ${req.username}`);
             return next({ statusCode: 500, message: "Problem killing existing process" });
         }

package/dist/util.js

@@ -9,7 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.noCache = exports.delay = void 0;
+exports.verboseError = exports.verboseLog = exports.noCache = exports.delay = void 0;
+const config_1 = require("./config");
 // Delay for the specified number of milliseconds
 function delay(delay) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -26,4 +27,16 @@ function noCache(req, res, next) {
     next();
 }
 exports.noCache = noCache;
+function verboseLog(...args) {
+    if (config_1.verboseOutput) {
+        console.log(args);
+    }
+}
+exports.verboseLog = verboseLog;
+function verboseError(...args) {
+    if (config_1.verboseOutput) {
+        console.error(args);
+    }
+}
+exports.verboseError = verboseError;
 //# sourceMappingURL=util.js.map

package/docs/_build/html/.buildinfo

@@ -1,4 +1,4 @@
 # Sphinx build info version 1
 # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
-config: b9e9ea0b4abf5f06de7b98cc0b9165b2
+config: cab4ab9f21bbbaa15a42a39a8e17d156
 tags: 645f666f9bcd5a90fca523b33c5a78b7

package/docs/_build/html/_sources/configuration.rst.txt

@@ -26,7 +26,10 @@ To provide the ``carta`` user with these privileges, you must make modifications
 
 .. warning::
     Please only edit your sudoers configuration with ``visudo`` or equivalent.
-    
+
+.. note::
+    Older versions of ``sudo`` do not support the ``--preserve-env=VARIABLE`` argument. If your version of ``sudo`` is too old, set ``"preserveEnv"`` to ``false`` in your controller configuration, and add ``Defaults env_keep += "CARTA_AUTH_TOKEN"`` to your sudoers configuration.
+
 .. _config-authentication:
 
 Authentication

package/docs/_build/html/_sources/index.rst.txt

@@ -22,9 +22,9 @@ Detailed :ref:`step-by-step instructions<focal_instructions>` are provided for U
    ubuntu_focal_instructions
    schema
 
-.. |backend-github| image:: https://img.shields.io/badge/CARTA%20Version-2.0.0--beta.0-brightgreen
+.. |backend-github| image:: https://img.shields.io/badge/CARTA%20Version-3.0.0--beta.1c-brightgreen
         :alt: View this backend version on GitHub
-        :target: https://github.com/CARTAvis/carta-backend/releases/tag/v2.0.0-beta.0
+        :target: https://github.com/CARTAvis/carta-backend/releases/tag/v3.0.0-beta.1c
 
 .. |npm-package| image:: https://img.shields.io/npm/v/carta-controller/dev.svg?style=flat
         :alt: View this project on npm

package/docs/_build/html/_sources/introduction.rst.txt

@@ -10,7 +10,7 @@ The CARTA controller provides a simple dashboard which authenticates users and a
 Dependencies
 ------------
 
-To allow the controller to serve CARTA sessions, you must give it access to an executable CARTA backend, which can be either a compiled executable or a container. If you want to use a non-standard version of the CARTA frontend, you must also build it, and adjust the controller configuration to point to it. You should use the ``v2.0.0-beta.0`` tag of `the CARTA backend <https://github.com/CARTAvis/carta-backend>`_.
+To allow the controller to serve CARTA sessions, you must give it access to an executable CARTA backend, which can be either a compiled executable or a container. If you want to use a non-standard version of the CARTA frontend, you must also build it, and adjust the controller configuration to point to it. You should use the ``v3.0.0-beta.1c`` tag of `the CARTA backend <https://github.com/CARTAvis/carta-backend>`_.
 
 By default, the controller runs on port 8000. It should be run behind a proxy, so that it can be accessed via HTTP and HTTPS. 
 

package/docs/_build/html/_sources/ubuntu_focal_instructions.rst.txt

@@ -63,7 +63,7 @@ Install CARTA controller
 
 .. note::
 
-    Currently supported versions of NodeJS are v12, v14 and v16. In the example below we install the latest LTS version of NodeJS from the NodeSource repo. Do not pass the ``--unsafe-perm`` flag to ``npm`` if using a local install.
+    Currently supported versions of NodeJS are v12, v14 and v16. In the example below we install the latest LTS version of NodeJS from the `NodeSource repo <https://github.com/nodesource/distributions>`_. Do not pass the ``--unsafe-perm`` flag to ``npm`` if using a local install.
 
 .. code-block:: shell
 

package/docs/_build/html/_static/config/config_schema.json

@@ -187,7 +187,7 @@
                 "ldapOptions": {
                     "description": "Options to path through to the LDAP auth instance",
                     "type": "object",
-                    "additionalProperties": false,
+                    "additionalProperties": true,
                     "required": [
                         "url",
                         "searchBase"
@@ -217,6 +217,39 @@
                             "description": "Whether to automatically reconnect to LDAP",
                             "type": "boolean",
                             "default": true
+                        },
+                        "bindProperty": {
+                            "description": "Property of the LDAP user object to use when binding to verify the password",
+                            "type": "string",
+                            "default": "dn"
+                        },
+                        "searchScope" : {
+                            "description": "Scope of the search",
+                            "type": "string",
+                            "enum": ["base", "one", "sub"],
+                            "default": "sub"
+                        },
+                        "bindDN": {
+                            "description": "Admin connection DN, e.g. uid=myapp,ou=users,dc=example,dc=org. If not given at all, admin client is not bound.",
+                            "type": "string"
+                        },
+                        "bindCredentials": {
+                            "description": "Password for bindDN",
+                            "type": "string"
+                        },
+                        "cache": {
+                            "description": "If true, then up to 100 credentials at a time will be cached for 5 minutes",
+                            "type": "boolean",
+                            "default": false
+                        },
+                        "strictDN": {
+                            "description": "Force strict DN parsing for client methods",
+                            "type": "boolean",
+                            "default": true
+                        },
+                        "idleTimeout": {
+                            "description": "Milliseconds after last activity before client emits idle event",
+                            "type": "number"
                         }
                     }
                 }
@@ -366,6 +399,11 @@
             "type": "string",
             "examples": ["localhost", "127.0.0.1"]
         },
+        "httpOnly": {
+            "description": "Allow HTTP-only connections. For testing or internal networks only",
+            "type": "boolean",
+            "default": false
+        },
         "serverAddress": {
             "description": "Public-facing server address",
             "type": "string",
@@ -422,6 +460,11 @@
             ],
             "default": "/usr/bin/carta_backend"
         },
+        "preserveEnv": {
+            "description": "Use the --preserve-env argument when calling sudo",
+            "type": "boolean",
+            "default": true
+        },
         "killCommand": {
             "description": "Path to CARTA kill script",
             "type": "string",