cloudron 5.4.1 → 5.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cloudron",
-  "version": "5.4.1",
+  "version": "5.5.0",
   "license": "MIT",
   "description": "Cloudron Commandline Tool",
   "main": "main.js",
@@ -18,7 +18,7 @@
   "author": "Cloudron Developers <support@cloudron.io>",
   "dependencies": {
     "async": "^3.2.4",
-    "cloudron-manifestformat": "^5.20.0",
+    "cloudron-manifestformat": "^5.22.1",
     "commander": "^9.5.0",
     "debug": "^4.3.4",
     "delay": "^5.0.0",

package/src/actions.js

@@ -109,9 +109,10 @@ async function selectDomain(location, options) {
 
     let domain;
     let subdomain = location;
-    let matchingDomain = domains
+    // find longest matching domain name. this maps to DNS where subdomain is a zone of it's own
+    const matchingDomain = domains
         .map(function (d) { return d.domain; } )
-        .sort(function(a, b) { return a.length < b.length; })
+        .sort(function(a, b) { return b.length - a.length; })
         .find(function (d) { return location.endsWith(d); });
 
     if (matchingDomain) {
@@ -120,7 +121,7 @@ async function selectDomain(location, options) {
     } else { // use the admin domain
         domain = domains
             .map(function (d) { return d.domain; } )
-            .sort(function(a, b) { return a.length < b.length; })
+            .sort(function(a, b) { return b.length - a.length; })
             .find(function (d) { return adminFqdn.endsWith(d); });
     }
 
@@ -346,7 +347,7 @@ async function authenticate(adminFqdn, username, password, options) {
 
     const request = superagent.post(`https://${adminFqdn}/api/v1/auth/login`)
         .timeout(60000)
-        .send({ username, password, totpToken })
+        .send({ username, password, totpToken, type: 'cid-cli' })
         .ok(() => true)
         .set('User-Agent', 'cloudron-cli');
     if (!rejectUnauthorized) request.disableTLSCerts();

package/src/backup-tools.js

@@ -16,6 +16,7 @@ const assert = require('assert'),
     debug = require('debug')('cloudron-backup'),
     fs = require('fs'),
     path = require('path'),
+    readlinePromises = require('readline/promises'),
     safe = require('safetydance'),
     TransformStream = require('stream').Transform;
 
@@ -25,7 +26,7 @@ function encryptFilePath(filePath, encryption) {
 
     const encryptedParts = filePath.split('/').map(function (part) {
         let hmac = crypto.createHmac('sha256', Buffer.from(encryption.filenameHmacKey, 'hex'));
-        const iv = hmac.update(part).digest().slice(0, 16); // iv has to be deterministic, for our sync (copy) logic to work
+        const iv = hmac.update(part).digest().subarray(0, 16); // iv has to be deterministic, for our sync (copy) logic to work
         const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(encryption.filenameKey, 'hex'), iv);
         let crypt = cipher.update(part);
         crypt = Buffer.concat([ iv, crypt, cipher.final() ]);
@@ -49,22 +50,22 @@ function decryptFilePath(filePath, encryption) {
 
         try {
             const buffer = Buffer.from(part, 'base64');
-            const iv = buffer.slice(0, 16);
+            const iv = buffer.subarray(0, 16);
 
             const decrypt = crypto.createDecipheriv('aes-256-cbc', Buffer.from(encryption.filenameKey, 'hex'), iv);
-            const plainText = decrypt.update(buffer.slice(16));
+            const plainText = decrypt.update(buffer.subarray(16));
             const plainTextString = Buffer.concat([ plainText, decrypt.final() ]).toString('utf8');
             const hmac = crypto.createHmac('sha256', Buffer.from(encryption.filenameHmacKey, 'hex'));
-            if (!hmac.update(plainTextString).digest().slice(0, 16).equals(iv)) return { error: new Error(`mac error decrypting part ${part} of path ${filePath}`) };
+            if (!hmac.update(plainTextString).digest().subarray(0, 16).equals(iv)) return { error: new Error(`mac error decrypting part ${part} of path ${filePath}`) };
 
             decryptedParts.push(plainTextString);
         } catch (error) {
             debug(`Error decrypting file ${filePath} part ${part}:`, error);
-            return null;
+            return { error };
         }
     }
 
-    return { decryptedFilePath: decryptedParts.join('/') };
+    return { error: null, decryptedFilePath: decryptedParts.join('/') };
 }
 
 class EncryptStream extends TransformStream {
@@ -131,27 +132,27 @@ class DecryptStream extends TransformStream {
 
         debug('got chunk', chunk.length);
         if (this._header.length !== 20) { // not gotten IV yet
-            this._header = Buffer.concat([this._header, chunk.slice(0, needed)]);
+            this._header = Buffer.concat([this._header, chunk.subarray(0, needed)]);
             if (this._header.length !== 20) return callback();
 
-            if (!this._header.slice(0, 4).equals(new Buffer.from('CBV2'))) return callback(new Error('Invalid magic in header'));
+            if (!this._header.subarray(0, 4).equals(new Buffer.from('CBV2'))) return callback(new Error('Invalid magic in header'));
 
-            const iv = this._header.slice(4);
+            const iv = this._header.subarray(4);
             this._decipher = crypto.createDecipheriv('aes-256-cbc', this._key, iv);
             this._hmac.update(this._header);
         }
 
         debug('needed is', needed);
-        this._buffer = Buffer.concat([ this._buffer, chunk.slice(needed) ]);
+        this._buffer = Buffer.concat([ this._buffer, chunk.subarray(needed) ]);
         debug('buffer is ', this._buffer.length);
         if (this._buffer.length < 32) return callback();
 
         try {
-            const cipherText = this._buffer.slice(0, -32);
+            const cipherText = this._buffer.subarray(0, -32);
             debug('Got:', cipherText.toString('hex'));
             this._hmac.update(cipherText);
             const plainText = this._decipher.update(cipherText);
-            this._buffer = this._buffer.slice(-32);
+            this._buffer = this._buffer.subarray(-32);
             callback(null, plainText);
         } catch (error) {
             callback(error);
@@ -185,15 +186,20 @@ function exit(msgOrError) {
 function aesKeysFromPassword(password) {
     const derived = crypto.scryptSync(password, Buffer.from('CLOUDRONSCRYPTSALT', 'utf8'), 128);
     return {
-        dataKey: derived.slice(0, 32).toString('hex'),
-        dataHmacKey: derived.slice(32, 64).toString('hex'),
-        filenameKey: derived.slice(64, 96).toString('hex'),
-        filenameHmacKey: derived.slice(96).toString('hex')
+        dataKey: derived.subarray(0, 32).toString('hex'),
+        dataHmacKey: derived.subarray(32, 64).toString('hex'),
+        filenameKey: derived.subarray(64, 96).toString('hex'),
+        filenameHmacKey: derived.subarray(96).toString('hex')
     };
 }
 
-function encrypt(input, options) {
-    if (!options.password) return exit('--password is needed');
+async function encrypt(input, options) {
+    if (!options.password) {
+        const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
+        options.password = rl.question('Enter encryption password: ');
+        rl.close();
+        if (!options.password) return exit('--password is needed');
+    }
 
     const encryption = aesKeysFromPassword(options.password);
 
@@ -207,16 +213,26 @@ function encrypt(input, options) {
     inStream.pipe(encryptStream).pipe(outStream);
 }
 
-function encryptFilename(filePath, options) {
-    if (!options.password) return exit('--password is needed');
+async function encryptFilename(filePath, options) {
+    if (!options.password) {
+        const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
+        options.password = await rl.question('Enter encryption password: ');
+        rl.close();
+        if (!options.password) return exit('--password is needed');
+    }
 
     const encryption = aesKeysFromPassword(options.password);
 
     console.log(encryptFilePath(filePath, encryption));
 }
 
-function decrypt(input, options) {
-    if (!options.password) return exit('--password is needed');
+async function decrypt(input, options) {
+    if (!options.password) {
+        const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
+        options.password = await rl.question('Enter encryption password: ');
+        rl.close();
+        if (!options.password) return exit('--password is needed');
+    }
 
     const fd = safe.fs.openSync(input, 'r');
     if (!fd) return exit(safe.error);
@@ -237,8 +253,13 @@ function decrypt(input, options) {
     inStream.pipe(decryptStream).pipe(outStream);
 }
 
-function decryptDir(inDir, outDir, options) {
-    if (!options.password) return exit('--password is needed');
+async function decryptDir(inDir, outDir, options) {
+    if (!options.password) {
+        const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
+        options.password = await rl.question('Enter encryption password: ');
+        rl.close();
+        if (!options.password) return exit('--password is needed');
+    }
 
     const encryption = aesKeysFromPassword(options.password);
 
@@ -274,8 +295,13 @@ function decryptDir(inDir, outDir, options) {
     }, exit);
 }
 
-function decryptFilename(filePath, options) {
-    if (!options.password) return exit('--password is needed');
+async function decryptFilename(filePath, options) {
+    if (!options.password) {
+        const rl = readlinePromises.createInterface({ input: process.stdin, output: process.stdout });
+        options.password = await rl.question('Enter encryption password: ');
+        rl.close();
+        if (!options.password) return exit('--password is needed');
+    }
 
     const encryption = aesKeysFromPassword(options.password);