diff --git a/README.md b/README.md index 64d2728..91c4780 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in [Armadietto](https://github.com/remotestorage/armadietto/) is a [remoteStorage](https://remotestorage.io) server written for Node.js. -Armadietto is maintained by remoteStorage Team [IRC](https://kiwiirc.com/client/irc.freenode.net/#remotestorage) +Armadietto is maintained by the remoteStorage community, ([IRC](https://web.libera.chat/#remotestorage), [forums](https://community.remotestorage.io/)). > ### :warning: WARNING > Please do not consider `armadietto` production ready, this project is still @@ -29,16 +29,18 @@ Armadietto is maintained by remoteStorage Team [IRC](https://kiwiirc.com/client/ **Shipped version:** 0.1.5 +### Installation option + +User registration is not allowed out of the box. +This option can be enabled in the configuration panel. + ### Application for remoteStorage -[Click here](https://remotestorage.io/apps/) to see the list of applications that can be used with RemoteStorage. - -### Features - -- liste des caractéristiques... +[Here](https://remotestorage.io/apps/) is a non-exhaustive list of apps that have integrated remoteStorage as a storage/sync option. -**Shipped version:** 0.0.2~ynh6 + +**Shipped version:** 0.0.6~ynh1 @@ -49,16 +51,15 @@ Armadietto is maintained by remoteStorage Team [IRC](https://kiwiirc.com/client/ ## Disclaimers / important information ### :warning: WARNING -Armadietto_ynh still in develoment: +The Armadietto_ynh package is still under development, so you should expect some undocumented changes before it is labeled stable. -* Security considerations from [Armadietto](https://github.com/remotestorage/armadietto/) : +### :information_source: Security considerations from [Armadietto](https://github.com/remotestorage/armadietto/) : - ->### **Storage security** +> #### **Storage security** > ->In production, we recommend that you restrict access to the files managed by your armadietto server as much as possible. This is particularly true if you host your storage on a machine with other web applications; you need to protect your files in the event that one of those apps is exploited. +> In production, we recommend that you restrict access to the files managed by your armadietto server as much as possible. This is particularly true if you host your storage on a machine with other web applications; you need to protect your files in the event that one of those apps is exploited. > ->You should take these steps to keep your storage safe: +> You should take these steps to keep your storage safe: > > - Pick a unique Unix user to run your server process; no other process on the box should run as this user: sudo useradd armadietto --system --no-create-home > diff --git a/README_fr.md b/README_fr.md index 2486452..d397fb1 100644 --- a/README_fr.md +++ b/README_fr.md @@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour [Armadietto](https://github.com/remotestorage/armadietto/) est un serveur [remoteStorage](https://remotestorage.io) écrit pour Node.js. -Armadietto est maintenu par l'équipe remoteStorage [IRC](https://kiwiirc.com/client/irc.freenode.net/#remotestorage). +Armadietto est maintenu par la communauté remoteStorage, ([IRC](https://web.libera.chat/#remotestorage), [forums](https://community.remotestorage.io/)). > ### :warning: WARNING > Veuillez ne pas considérer `armadietto` comme prêt pour la production, ce projet est toujours @@ -25,11 +25,16 @@ Armadietto est maintenu par l'équipe remoteStorage [IRC](https://kiwiirc.com/cl **Version livrée:** 0.1.5 +### Option d'installation + +L'inscription des utilisateurs n'est pas autorisée par défault. +Cette option peut être activée via le panneau de configutration. + ### Application pour remoteStorage -[Cliquez ici](https://remotestorage.io/apps/) pour voir la liste des applications qui peuvent être utilisées avec RemoteStorage. +[Cliquez ici](https://remotestorage.io/apps/) pour voir une liste non exhaustive d'applications ayant intégré remoteStorage comme option de stockage/synchronisation. -**Version incluse :** 0.0.2~ynh6 +**Version incluse :** 0.0.6~ynh1 @@ -40,13 +45,11 @@ Armadietto est maintenu par l'équipe remoteStorage [IRC](https://kiwiirc.com/cl ## Avertissements / informations importantes ### :warning: WARNING -Armadietto_ynh still in develoment: +Le paquet Armadietto_ynh est toujours en cours de développement, vous devez donc vous attendre à d'éventuels changements non documentés avant qu'il ne soit qualifié de stable. -* l'authentification unique ou l'intégration LDAP ne fonctionne pas ? -* Considérations sur la sécurité de [Armadietto](https://github.com/remotestorage/armadietto/) : +### :information_source: Considérations sur la sécurité de [Armadietto](https://github.com/remotestorage/armadietto/) : - -> ### **Sécurité du stockage** +> #### **Sécurité du stockage** > > En production, nous vous recommandons de restreindre autant que possible l'accès aux fichiers gérés par votre serveur armadietto. Ceci est particulièrement vrai si vous hébergez votre stockage sur une machine avec d'autres applications web ; vous devez protéger vos fichiers dans le cas où l'une de ces applications serait exploitée. > diff --git a/check_process b/check_process index 9444bd9..b6eb2da 100644 --- a/check_process +++ b/check_process @@ -10,26 +10,22 @@ admin="armadietto" language="fr" is_public=1 - is_signup=true + is_signup=0 port="8008" ; Checks pkg_linter=1 - setup_sub_dir=0 setup_root=1 - setup_nourl=0 setup_private=1 setup_public=1 upgrade=1 # 0.0.2~ynh5 upgrade=1 from_commit=d185b84698a9f7e83eff6bf6dd5606f35282a536 backup_restore=1 - multi_instance=0 - port_already_use=0 change_url=1 ;;; Options Email= Notification=none ;;; Upgrade options ; commit=d185b84698a9f7e83eff6bf6dd5606f35282a536 - name= Upgrade to version 0.0.2~ynh6 - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&is_signup=true&port=8008& + name= Upgrade from version 0.0.2~ynh6 + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&is_signup=0&port=8008& diff --git a/conf/config.sample.yml b/conf/config.sample.yml deleted file mode 100644 index 94a2890..0000000 --- a/conf/config.sample.yml +++ /dev/null @@ -1,11 +0,0 @@ -#================================================= -# ARMADIETTO CONFIGURATION -#================================================= - - -final_path: __FINALPATH__ -datadir: __DATADIR__ -port: __PORT__ -domain: __DOMAIN__ -is_signup: __IS_SIGNUP__ - diff --git a/conf/nginx.conf b/conf/nginx.conf index 55e8ecd..bc145c9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,9 +1,5 @@ location __PATH__ { - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://127.0.0.1:__PORT__; proxy_set_header Host $host; diff --git a/conf/systemd.service b/conf/systemd.service index 5fc0dcf..9ced78c 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,8 +6,8 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__YNH_NODE__ __FINALPATH__/server +WorkingDirectory=__FINAL_PATH__/ +ExecStart=__YNH_NODE__ __FINAL_PATH__/server Restart=always Environment=__YNH_NODE_LOAD_PATH__ Environment=NODE_ENV=production diff --git a/config_panel.toml b/config_panel.toml index d703689..b13bd5c 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -1,16 +1,17 @@ version = "1.0" -name= "Armadietto configuration panel" [main] -name = "Armadietto signup configuration" +name = "Settings" [main.is_signup] name = "Signup configuration" - [main.is_signup.signup] - ask.en = "Allow signups?" - ask.fr = "Accepter les inscriptions ?" + services = ["__APP__"] + + [main.is_signup.is_signup] + ask = "Allow signups?" type = "boolean" - default = true - help.en = "Would you like to allow visitors to register and create an account?" - help.fr = "Souhaitez-vous autoriser les visiteurs à s'inscrire et créer un compte ?" + yes = '1' + no = '' + help = "Would you like to allow visitors to register and create an account?" + bind = "signup:/opt/yunohost/__APP__/server.js" \ No newline at end of file diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index b305f9b..d5dea9d 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,7 +1,7 @@ [Armadietto](https://github.com/remotestorage/armadietto/) is a [remoteStorage](https://remotestorage.io) server written for Node.js. -Armadietto is maintained by remoteStorage Team [IRC](https://kiwiirc.com/client/irc.freenode.net/#remotestorage) +Armadietto is maintained by the remoteStorage community, ([IRC](https://web.libera.chat/#remotestorage), [forums](https://community.remotestorage.io/)). > ### :warning: WARNING > Please do not consider `armadietto` production ready, this project is still @@ -12,10 +12,12 @@ Armadietto is maintained by remoteStorage Team [IRC](https://kiwiirc.com/client/ **Shipped version:** 0.1.5 +### Installation option + +User registration is not allowed out of the box. +This option can be enabled in the configuration panel. + ### Application for remoteStorage -[Click here](https://remotestorage.io/apps/) to see the list of applications that can be used with RemoteStorage. +[Here](https://remotestorage.io/apps/) is a non-exhaustive list of apps that have integrated remoteStorage as a storage/sync option. -### Features - -- liste des caractéristiques... diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 7fd6c07..a5fc1f9 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1,7 +1,7 @@ [Armadietto](https://github.com/remotestorage/armadietto/) est un serveur [remoteStorage](https://remotestorage.io) écrit pour Node.js. -Armadietto est maintenu par l'équipe remoteStorage [IRC](https://kiwiirc.com/client/irc.freenode.net/#remotestorage). +Armadietto est maintenu par la communauté remoteStorage, ([IRC](https://web.libera.chat/#remotestorage), [forums](https://community.remotestorage.io/)). > ### :warning: WARNING > Veuillez ne pas considérer `armadietto` comme prêt pour la production, ce projet est toujours @@ -12,6 +12,11 @@ Armadietto est maintenu par l'équipe remoteStorage [IRC](https://kiwiirc.com/cl **Version livrée:** 0.1.5 +### Option d'installation + +L'inscription des utilisateurs n'est pas autorisée par défault. +Cette option peut être activée via le panneau de configutration. + ### Application pour remoteStorage -[Cliquez ici](https://remotestorage.io/apps/) pour voir la liste des applications qui peuvent être utilisées avec RemoteStorage. \ No newline at end of file +[Cliquez ici](https://remotestorage.io/apps/) pour voir une liste non exhaustive d'applications ayant intégré remoteStorage comme option de stockage/synchronisation. \ No newline at end of file diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 62f67a7..75d177a 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,14 +1,13 @@ ### :warning: WARNING -Armadietto_ynh still in develoment: +The Armadietto_ynh package is still under development, so you should expect some undocumented changes before it is labeled stable. -* Security considerations from [Armadietto](https://github.com/remotestorage/armadietto/) : +### :information_source: Security considerations from [Armadietto](https://github.com/remotestorage/armadietto/) : - ->### **Storage security** +> #### **Storage security** > ->In production, we recommend that you restrict access to the files managed by your armadietto server as much as possible. This is particularly true if you host your storage on a machine with other web applications; you need to protect your files in the event that one of those apps is exploited. +> In production, we recommend that you restrict access to the files managed by your armadietto server as much as possible. This is particularly true if you host your storage on a machine with other web applications; you need to protect your files in the event that one of those apps is exploited. > ->You should take these steps to keep your storage safe: +> You should take these steps to keep your storage safe: > > - Pick a unique Unix user to run your server process; no other process on the box should run as this user: sudo useradd armadietto --system --no-create-home > diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 0fbb563..26068a0 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,11 +1,9 @@ ### :warning: WARNING -Armadietto_ynh still in develoment: +Le paquet Armadietto_ynh est toujours en cours de développement, vous devez donc vous attendre à d'éventuels changements non documentés avant qu'il ne soit qualifié de stable. -* l'authentification unique ou l'intégration LDAP ne fonctionne pas ? -* Considérations sur la sécurité de [Armadietto](https://github.com/remotestorage/armadietto/) : +### :information_source: Considérations sur la sécurité de [Armadietto](https://github.com/remotestorage/armadietto/) : - -> ### **Sécurité du stockage** +> #### **Sécurité du stockage** > > En production, nous vous recommandons de restreindre autant que possible l'accès aux fichiers gérés par votre serveur armadietto. Ceci est particulièrement vrai si vous hébergez votre stockage sur une machine avec d'autres applications web ; vous devez protéger vos fichiers dans le cas où l'une de ces applications serait exploitée. > diff --git a/manifest.json b/manifest.json index 40fe531..ca06a07 100644 --- a/manifest.json +++ b/manifest.json @@ -3,10 +3,10 @@ "id": "armadietto", "packaging_format": 1, "description": { - "en": "A remoteStorage server written for Node.js.", - "fr": "Un serveur remoteStorage écrit pour node.js." + "en": "A remoteStorage server running as a nodejs web service with systemd", + "fr": "Un serveur remoteStorage excécuté en tant que service web nodejs par systemd" }, - "version": "0.0.2~ynh6", + "version": "0.0.6~ynh1", "url": "https://github.com/remotestorage/armadietto", "upstream": { "license": "MIT", @@ -32,12 +32,6 @@ "name": "domain", "type": "domain" }, - { - "name": "path", - "type": "path", - "example": "/", - "default": "/" - }, { "name": "is_public", "type": "boolean", @@ -58,7 +52,7 @@ "en": "Would you like to allow visitors to register and create an account?", "fr": "Souhaitez-vous autoriser les visiteurs à s'inscrire et créer un compte ?" }, - "default": true + "default": false } ] } diff --git a/scripts/change_url b/scripts/change_url index 5b25c6c..6645cc7 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..." --weight=2 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= diff --git a/scripts/install b/scripts/install index c3ea003..2cad7d1 100755 --- a/scripts/install +++ b/scripts/install @@ -25,7 +25,7 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH +path_url="/" is_public=$YNH_APP_ARG_IS_PUBLIC is_signup=$YNH_APP_ARG_IS_SIGNUP @@ -43,11 +43,6 @@ final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" -# Only on / directory -if [ "$path_url" != "/" ]; then - ynh_die "Only / is allowed" -fi - # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url @@ -58,7 +53,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=final_path --value=final_path ynh_app_setting_set --app=$app --key=is_signup --value=$is_signup ynh_app_setting_set --app=$app --key=datadir --value=$datadir @@ -86,7 +80,7 @@ ynh_use_nodejs #================================================= ynh_script_progression --message="Setting up and create final app path..." --weight=1 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Create final_path mkdir -p "$final_path" @@ -107,16 +101,6 @@ ynh_script_progression --message="Configuring system user..." --weight=2 # Create a system user ynh_system_user_create --username=$app -#================================================= -# ADD A CONFIGURATION -#================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 - -ynh_add_config --template="../conf/config.sample.yml" --destination="$final_path/config.yml" - -chmod 400 "$final_path/config.yml" -chown $app:$app "$final_path/config.yml" - #================================================= # SETUP SYSTEMD #================================================= diff --git a/scripts/remove b/scripts/remove index c9da9b2..beec3c8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -77,7 +77,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config - #================================================= # REMOVE DEPENDENCIES #================================================= @@ -85,34 +84,6 @@ ynh_script_progression --message="Removing dependencies..." --weight=2 ynh_remove_nodejs --nodejs_version=$NODEJS_VERSION -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -# ynh_script_progression --message="Removing Fail2ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -# ynh_remove_fail2ban_config - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - -# Remove a cron file -# ynh_secure_remove --file="" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index d825274..3f33626 100755 --- a/scripts/restore +++ b/scripts/restore @@ -114,7 +114,8 @@ ynh_script_progression --message="Secure files and directories" --weight=1 # Set permissions to app files chown -R $app:$app "$final_path" -chmod 0700 $datadir && chown $app:$app $datadir +chmod 0700 $datadir +chown $app:$app $datadir #================================================= # INTEGRATE SERVICE IN YUNOHOST diff --git a/scripts/upgrade b/scripts/upgrade index a406661..0e09d5d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,13 +29,6 @@ ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -64,10 +57,15 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +# If is_signup doesn't exist, create it +if [ -z "$is_signup" ]; then + is_signup="true" + ynh_app_setting_set --app=$app --key=is_signup --value=$is_signup +fi + # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all - ynh_app_setting_delete --app=$app --key=is_public fi @@ -100,8 +98,6 @@ ynh_system_user_create --username=$app ynh_script_progression --message="Setting up and create final app path..." --weight=1 ynh_app_setting_set $app final_path $final_path -# Download, check integrity, uncompress and patch the source from app.src -# ynh_setup_source --dest_dir="$final_path" # Create final_path mkdir -p "$final_path" @@ -116,19 +112,10 @@ ynh_use_nodejs #================================================= # SPECIFIC UPGRADE -#================================================= -# ADD A CONFIGURATION -#================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=2 - -ynh_add_config --template="../conf/config.sample.yml" --destination="$final_path/config.yml" - -chmod 400 "$final_path/config.yml" -chown $app:$app "$final_path/config.yml" - #================================================= # CREATE DATA DIRECTORY #================================================= + if [ -z "$datadir" ]; then ynh_script_progression --message="Creating a data directory..." --weight=1 @@ -163,36 +150,6 @@ then popd fi -#================================================= -# UPDATE A CONFIG FILE -#================================================= -ynh_script_progression --message="Updating a configuration file..." --weight=2 - -ynh_add_config --template="../conf/config.sample.yml" --destination="$final_path/config.yml" - -chmod 400 "$final_path/config.yml" -chown $app:$app "$final_path/config.yml" - -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) - -# ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -# chmod 400 "$final_path/some_config_file" -# chown $app:$app "$final_path/some_config_file" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" - #================================================= # SETUP SYSTEMD #================================================= @@ -218,7 +175,8 @@ ynh_script_progression --message="Secure files and directories" --weight=1 # Set permissions to app files chown -R $app:$app "$final_path" -chmod 0700 $datadir && chown $app:$app $datadir +chmod 0700 "$datadir" +chown $app:$app "$datadir" #================================================= # INTEGRATE SERVICE IN YUNOHOST