diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100755 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100755 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100755 index 0000000..332937f --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,137 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +# Remove this exit command when you are ready to run this Action +#exit 1 + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +echo "REPO=$repo" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) +# Leave $src empty to ignore the asset +case $asset_url in + "v"*".tar.gz") + src="app" + ;; + *"update"*) + src="app-upgrade" + ;; + *) + src="app" + ;; +esac + +# If $src is not empty, let's process the asset +if [ ! -z "$src" ]; then + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Get extension +if [[ $filename == *.tar.gz ]]; then + extension=tar.gz +else + extension=${filename##*.} +fi + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +EOT +echo "... conf/$src.src updated" + +else +echo "... asset ignored" +fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..4363d38 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,50 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + [See upstream release page](https://github.com/${{ env.REPO }}/releases/tag/v${{ env.VERSION }}) + draft: false diff --git a/README.md b/README.md index 6af87b7..0aab674 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ It aims to ease you perform your 2FA authentication steps whatever the device yo - Edit accounts, even the imported ones - Generate TOTP and HOTP security codes -**Shipped version:** 2.1.0~ynh2 +**Shipped version:** 3.0.2~ynh1 **Demo:** https://demo.2fauth.app/login @@ -37,6 +37,7 @@ It aims to ease you perform your 2FA authentication steps whatever the device yo ## Documentation and resources +* Official admin documentation: https://docs.2fauth.app/ * Upstream app code repository: https://github.com/Bubka/2FAuth * YunoHost documentation for this app: https://yunohost.org/app_2fauth * Report a bug: https://github.com/YunoHost-Apps/2fauth_ynh/issues diff --git a/README_fr.md b/README_fr.md index a2689db..532631f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,7 +23,7 @@ It aims to ease you perform your 2FA authentication steps whatever the device yo - Edit accounts, even the imported ones - Generate TOTP and HOTP security codes -**Version incluse :** 2.1.0~ynh2 +**Version incluse :** 3.0.2~ynh1 **Démo :** https://demo.2fauth.app/login @@ -33,6 +33,7 @@ It aims to ease you perform your 2FA authentication steps whatever the device yo ## Documentations et ressources +* Documentation officielle de l'admin : https://docs.2fauth.app/ * Dépôt de code officiel de l'app : https://github.com/Bubka/2FAuth * Documentation YunoHost pour cette app : https://yunohost.org/app_2fauth * Signaler un bug : https://github.com/YunoHost-Apps/2fauth_ynh/issues diff --git a/check_process b/check_process index a55c27f..f3b1686 100644 --- a/check_process +++ b/check_process @@ -11,7 +11,7 @@ setup_private=1 setup_public=1 upgrade=1 - #upgrade=1 from_commit=CommitHash + upgrade=1 from_commit=f883227999b72a9107acf7d353ccb90d2cd791f3 backup_restore=1 multi_instance=1 change_url=1 @@ -19,6 +19,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. + ; commit=f883227999b72a9107acf7d353ccb90d2cd791f3 + name=Merge pull request #1 from YunoHost-Apps/testing manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666& diff --git a/conf/.env.example b/conf/.env.example index f653a51..dd0a5c4 100644 --- a/conf/.env.example +++ b/conf/.env.example @@ -79,7 +79,7 @@ SESSION_DRIVER=file # Refer your email provider documentation to configure your mail settings # Set a value for every available setting to avoid issue -MAIL_DRIVER=log +MAIL_DRIVER=smtp MAIL_HOST=localhost MAIL_PORT=25 MAIL_FROM=admin@__DOMAIN__ @@ -109,4 +109,4 @@ PUSHER_APP_CLUSTER=mt1 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" -MIX_ENV=local \ No newline at end of file +MIX_ENV=local diff --git a/conf/app.src b/conf/app.src index f8ef35c..f0b7889 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/Bubka/2FAuth/archive/refs/tags/v2.1.0.tar.gz -SOURCE_SUM=73d5db48c405d9bb8a98d21f56c5c700d9b64ccb7320ba685695977da92d801d +SOURCE_URL=https://github.com/Bubka/2FAuth/archive/refs/tags/v3.0.2.tar.gz +SOURCE_SUM=608ff18abbdd8a71643fd9a4b7d152a06c749dd8156b8f62162fd4b42e9f8cec SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index acd3d92..080dd5d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,11 +5,15 @@ location / { index index.php; - #client_max_body_size 50M; - location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } + location ~ /\.(?!well-known).* { + deny all; + } + + error_page 404 /index.php; + try_files $uri $uri/ /index.php; location ~ [^/]\.php(/|$) { @@ -20,6 +24,6 @@ location / { include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; } } diff --git a/manifest.json b/manifest.json index e1b8b3f..b1af93a 100644 --- a/manifest.json +++ b/manifest.json @@ -4,13 +4,14 @@ "packaging_format": 1, "description": { "en": "self-hosted alternative to One Time Passcode", - "fr": "self-hosted alternative to One Time Passcode" + "fr": "Alternative auto-hébergée a One Time Passcode" }, - "version": "2.1.0~ynh2", + "version": "3.0.2~ynh1", "url": "https://github.com/Bubka/2FAuth", "upstream": { "license": "AGPL-3.0", "demo": "https://demo.2fauth.app/login", + "admindoc": "https://docs.2fauth.app/", "code": "https://github.com/Bubka/2FAuth" }, "license": "AGPL-3.0", @@ -24,7 +25,7 @@ "multi_instance": true, "services": [ "nginx", - "php7.3-fpm", + "php8.0-fpm", "mysql" ], "arguments": { diff --git a/scripts/_common.sh b/scripts/_common.sh index b990244..3b24e4d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,12 +4,12 @@ # COMMON VARIABLES #================================================= -YNH_PHP_VERSION="7.3" +YNH_PHP_VERSION="8.0" # Composer version -YNH_COMPOSER_VERSION="2.1.3" +YNH_COMPOSER_VERSION="2.3.5" -pkg_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-mysql" +pkg_dependencies="php${YNH_PHP_VERSION}-bcmath php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-mysql" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index be5962a..ed1fc44 100755 --- a/scripts/install +++ b/scripts/install @@ -108,11 +108,11 @@ ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 ynh_add_fpm_config #================================================= -# INSTALL LYCHEE WITH COMPOSER +# INSTALL 2FAUTH WITH COMPOSER #================================================= ynh_script_progression --message="Installing $app with Composer..." --weight=15 -ynh_install_composer #--install_args="--ignore-platform-reqs" +ynh_install_composer --install_args="--prefer-dist --no-scripts --no-dev" #================================================= # ADD A CONFIGURATION @@ -122,13 +122,13 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 # Setup application config ynh_add_config --template="../conf/.env.example" --destination="$final_path/.env" -chmod 400 "$final_path/.env" +chmod 644 "$final_path/.env" chown $app:$app "$final_path/.env" #================================================= # BUILDING #================================================= -ynh_script_progression --message="Building..." --weight=10 +ynh_script_progression --message="Building $app..." --weight=10 # Setup application config pushd $final_path @@ -136,9 +136,13 @@ pushd $final_path php$phpversion artisan passport:install -n php$phpversion artisan storage:link -n php$phpversion artisan config:cache -n - php$phpversion artisan key:generate + php$phpversion artisan key:generate -n popd +chmod 775 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # SETUP SSOWAT #================================================= @@ -150,6 +154,8 @@ then ynh_permission_update --permission="main" --add="visitors" fi +ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 247af25..5706240 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,7 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +phpversion=$YNH_PHP_VERSION #================================================= # CHECK VERSION @@ -55,6 +55,11 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +fi + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -100,27 +105,34 @@ ynh_add_nginx_config ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated PHP-FPM config -ynh_add_fpm_config +ynh_add_fpm_config --phpversion=$phpversion #================================================= # INSTALL LYCHEE WITH COMPOSER #================================================= ynh_script_progression --message="Installing $app with Composer..." --weight=15 -ynh_install_composer +#rm $final_path/package-lock.json + +ynh_install_composer --install_args="--ignore-platform-reqs --prefer-dist --no-scripts --no-dev" #================================================= # BUILDING #================================================= ynh_script_progression --message="Building..." --weight=10 +ynh_exec_warn_less ynh_composer_exec --commands="update" + # Setup application config pushd $final_path - php$phpversion artisan migrate:refresh -n + php$phpversion artisan cache:clear + php$phpversion artisan config:clear + php$phpversion artisan migrate -n php$phpversion artisan passport:install -n - php$phpversion artisan storage:link -n php$phpversion artisan config:cache -n + php$phpversion artisan route:cache popd + #================================================= # RELOAD NGINX #=================================================