From 0a8e8a77d337fcc7fed6f70162006f7cfcbfc67f Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 20 Oct 2017 14:51:27 +0200 Subject: [PATCH] Add is_public, use ynh_system_user_create --- check_process | 17 ++++++------ conf/nginx.conf | 62 +++++++++++++++++++++---------------------- manifest.json | 8 ++++++ scripts/_common.sh | 4 ++- scripts/install | 66 +++++++++++++++++++++++++++++++--------------- scripts/upgrade | 56 +++++++++++++++++++++++++-------------- 6 files changed, 131 insertions(+), 82 deletions(-) diff --git a/check_process b/check_process index 2f63183..f2f497d 100644 --- a/check_process +++ b/check_process @@ -3,22 +3,21 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + is_public=1 (PUBLIC|public=1|private=0) language="fr" ; Checks pkg_linter=1 setup_sub_dir=1 setup_root=1 setup_nourl=0 - setup_private=0 - setup_public=0 - upgrade=0 - backup_restore=0 - multi_instance=0 - incorrect_path=0 - corrupt_source=0 - fail_download_source=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + incorrect_path=1 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/nginx.conf b/conf/nginx.conf index baeceae..e611ce7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,41 +1,41 @@ location {PATH}/ { - alias {DESTDIR}/web/public/; - index index.php; + alias {DESTDIR}/web/public/; + index index.php; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - # The seemingly weird syntax is due to a long-standing bug in nginx, - # see: https://trac.nginx.org/nginx/ticket/97 - try_files $uri {PATH}/{PATH}/index.php$is_args$args; + # The seemingly weird syntax is due to a long-standing bug in nginx, + # see: https://trac.nginx.org/nginx/ticket/97 + try_files $uri {PATH}/{PATH}/index.php$is_args$args; - # Another alternative to the weird try_files is to use a rewrite, like this : - # - #  if (-f $request_filename) { - # break; - # } - #  rewrite (.*) {LOCATION}/index.php$request_uri; - # - # But remember that if-is-evil : - # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists + # Another alternative to the weird try_files is to use a rewrite, like this : + # + #  if (-f $request_filename) { + # break; + # } + #  rewrite (.*) {LOCATION}/index.php$request_uri; + # + # But remember that if-is-evil : + # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#check-if-file-exists - location ~ ^{PATH}/index\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } + location ~ ^{PATH}/index\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } - location ~ \.php$ { - return 404; - } + location ~ \.php$ { + return 404; + } - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } # append trailing slash in case of a subpath diff --git a/manifest.json b/manifest.json index 2c57fe1..63dd6d8 100644 --- a/manifest.json +++ b/manifest.json @@ -43,6 +43,14 @@ "example": "/agendav", "default": "/agendav" }, + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Should Agendav be publicly accessible?" + }, + "default": "0" + }, { "name": "language", "ask": { diff --git a/scripts/_common.sh b/scripts/_common.sh index f3afb88..65e9d26 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -17,4 +17,6 @@ declare -A LANGUAGES=( # Common helpers # - +agendav_app_check_installation() { + echo $(yunohost app list --installed -f "$1" | grep "id:") +} diff --git a/scripts/install b/scripts/install index f444aeb..a9d51a0 100644 --- a/scripts/install +++ b/scripts/install @@ -13,21 +13,27 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path=$YNH_APP_ARG_PATH language=$YNH_APP_ARG_LANGUAGE +is_public=$YNH_APP_ARG_IS_PUBLIC # Set app specific variables app=$YNH_APP_INSTANCE_NAME dbname=$app dbuser=$app +path=$(ynh_normalize_url_path "$path") + +# Set and store language +language=${LANGUAGES[$language]} + +ynh_app_setting_set "$app" language "$language" +ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set "$app" path "$path" + # Check web path availability ynh_webpath_available "$domain" "$path" # Register (book) web path ynh_webpath_register "$app" "$domain" "$path" -# Set and store language -language=${LANGUAGES[$3]} -ynh_app_setting_set "$app" language "$language" - # Define LOGDIR (create it later when user is created) LOGDIR=/var/log/$app @@ -37,23 +43,27 @@ DESTDIR="/var/www/${app}" "The destination directory '${DESTDIR}' already exists.\ You should safely delete it before installing this app." +mkdir -p "$DESTDIR" + # Check whether Baïkal or Radicale is installed -if yunohost app list --installed -f baikal | grep -q id ; then +baikal_install=$(agendav_app_check_installation "baikal") +radicale_install=$(agendav_app_check_installation "radicale") +if [[ -n "$baikal_install" ]] +then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif yunohost app list --installed -f radicale | grep -q id ; then +elif [[ -n "$radicale_install" ]] +then caldav_app="radicale" caldav_baseurl="/" else - ynh_die "You must install Baïkal or Radicale before" + ynh_die "Baikal or Radicale is mandatory" fi # Install dependencies -ynh_install_app_dependencies "php5-cli" +ynh_install_app_dependencies php5-cli -# Create tmp directory and fetch app inside -TMPDIR=$(mktemp -d) -ynh_setup_source "$TMPDIR" +ynh_setup_source "$DESTDIR" # Generate random password and encryption key dbpass=$(ynh_string_random) @@ -62,7 +72,7 @@ ynh_app_setting_set "$app" encryptkey "$encryptkey" ynh_app_setting_set "$app" mysqlpwd "$dbpass" # Copy and set AgenDAV configuration -conf_path="${TMPDIR}/web/config/settings.php" +conf_path="${DESTDIR}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -79,12 +89,7 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -# Install files and set permissions -mv "$TMPDIR" "$DESTDIR" - -useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" +ynh_system_user_create "$app" "$DESTDIR" # Protect source code against modifications find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; @@ -104,9 +109,12 @@ install -m 750 -o $app -g adm -d "$LOGDIR" # Initialize database ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -(cd "$DESTDIR" && -u $app \ - php agendavcli migrations:migrate --no-interaction) \ - || ynh_die "Unable to create AgenDAV tables" + +# Run database migrations +( + cd $DESTDIR + php agendavcli migrations:migrate --no-interaction +) # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -126,6 +134,22 @@ sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf cp ../conf/php-fpm.conf "$phpfpm_conf" +if [ "$is_public" -eq 0 ] +then # Remove the public access + ynh_app_setting_delete "$app" skipped_uris +fi +# Make app public if necessary +if [ "$is_public" -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set "$app" unprotected_uris "/" + + # ynh panel is not needed + ynh_replace_string " include conf.d/" " #include conf.d/" "$nginx_conf" + + ynh_store_file_checksum "$nginx_conf" +fi + # Reload services service php5-fpm restart service nginx reload diff --git a/scripts/upgrade b/scripts/upgrade index 25019f6..d454aec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,10 +17,10 @@ dbuser=$app # Retrieve arguments domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) -path=${path%/} dbpass=$(ynh_app_setting_get "$app" mysqlpwd) encryptkey=$(ynh_app_setting_get "$app" encryptkey) language=$(ynh_app_setting_get "$app" language) +is_public=$(ynh_app_setting_get "$app" is_public) # Set and store language if [[ -z "$language" ]]; then @@ -42,26 +42,30 @@ DESTDIR="/var/www/$app" "The destination directory '$DESTDIR' does not exist.\ The app is not correctly installed, you should remove it first." +mkdir -p "$DESTDIR" + # Check whether Baïkal or Radicale is installed -if yunohost app list --installed -f baikal | grep -q id ; then +baikal_install=$(agendav_app_check_installation "baikal") +radicale_install=$(agendav_app_check_installation "radicale") +if [[ -n "$baikal_install" ]] +then caldav_app="baikal" caldav_baseurl="/cal.php/" -elif yunohost app list --installed -f radicale | grep -q id ; then +elif [[ -n "$radicale_install" ]] +then caldav_app="radicale" caldav_baseurl="/" else - ynh_die "You must install Baïkal or Radicale before" + ynh_die "Baikal or Radicale is mandatory" fi # Install dependencies -ynh_install_app_dependencies "php5-cli" +ynh_install_app_dependencies php5-cli -# Create tmp directory and fetch app inside -TMPDIR=$(mktemp -d) -ynh_setup_source "$TMPDIR" +ynh_setup_source "$DESTDIR" # Copy and set AgenDAV configuration -conf_path="${TMPDIR}/web/config/settings.php" +conf_path="${DESTDIR}/web/config/settings.php" cp ../conf/settings.php "$conf_path" sed -i "s/{DBUSER}/${dbuser}/g" "$conf_path" sed -i "s/{DBPASS}/${dbpass}/g" "$conf_path" @@ -78,14 +82,7 @@ caldav_url="https://${caldav_domain}${caldav_path%/}" sed -i "s@{CALDAV_BASEURL}@${caldav_url}${caldav_baseurl}@g" "$conf_path" sed -i "s@{CALDAV_DOMAIN}@${caldav_domain}@g" "$conf_path" -# Replace files and set permissions -rm -rf "$DESTDIR" -mv "$TMPDIR" "$DESTDIR" -if ! id -u $app > /dev/null 2>&1 ; then - useradd -c "$app system account" \ - -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin \ - || ynh_die "Unable to create $app system account" -fi +ynh_system_user_create "$app" "$DESTDIR" # Protect source code against modifications find "${DESTDIR}" -type f -exec chown root:root {} \; -exec chmod 644 {} \; @@ -104,9 +101,11 @@ find "${DESTDIR}/web/config" -type d -exec chown root:$app {} \; -exec chmod 750 install -m 750 -o $app -g adm -d "$LOGDIR" # Run database migrations -(cd "$DESTDIR" && -u $app \ - php agendavcli migrations:migrate --no-interaction) \ - || ynh_die "Unable to run AgenDAV database migration" +( + cd $DESTDIR + php agendavcli migrations:migrate --no-interaction +) + # Copy and set nginx configuration nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" @@ -126,6 +125,23 @@ sed -i "s@{USER}@${app}@g" ../conf/php-fpm.conf sed -i "s@{GROUP}@${app}@g" ../conf/php-fpm.conf cp ../conf/php-fpm.conf "$phpfpm_conf" + +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete "$app" skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set "$app" unprotected_uris "/" + + # ynh panel is not needed + ynh_replace_string " include conf.d/" " #include conf.d/" "$nginx_conf" + + ynh_store_file_checksum "$nginx_conf" +fi + # Reload services service php5-fpm restart || true service nginx reload || true