From 51fb7e692d6971c2db8a464ce440aacd45c16a45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Tue, 1 Feb 2022 16:43:20 +0100
Subject: [PATCH] Testing (#52)

- Define admin during install
- Add LDAP
- Add config panel
---
 README.md            |  9 +++--
 README_fr.md         |  4 +-
 check_process        |  6 ++-
 conf/.env.example    | 14 +++++--
 conf/app.src         |  4 +-
 config_panel.toml    | 35 ++++++++++++++++
 doc/DISCLAIMER.md    |  7 +++-
 doc/DISCLAIMER_fr.md |  2 -
 manifest.json        | 12 +++++-
 scripts/config       | 95 ++++++++++++++++++++++++++++++++++++++++++++
 scripts/install      | 21 +++++++---
 scripts/restore      |  6 +++
 scripts/upgrade      | 41 +++++++++++++++++--
 13 files changed, 228 insertions(+), 28 deletions(-)
 create mode 100644 config_panel.toml
 create mode 100644 scripts/config

diff --git a/README.md b/README.md
index 617a8f5..8bf9e0c 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 BookStack is an opinionated wiki system that provides a pleasant and simple out of the box experience. New users to an instance should find the experience intuitive and only basic word-processing skills should be required to get involved in creating content on BookStack. The platform should provide advanced power features to those that desire it but they should not interfere with the core simple user experience.
 
 
-**Shipped version:** 21.12.3~ynh1
+**Shipped version:** 21.12.4~ynh1
 
 **Demo:** https://demo.bookstackapp.com
 
@@ -30,9 +30,12 @@ BookStack is an opinionated wiki system that provides a pleasant and simple out
 
 ## Configuration
 
-For the first time Login, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
+BookStack uses LDAP authentication by default.
 
-* How to configure this app: From an admin panel, a plain file with SSH, or any other way.
+You can switch to standard authentication in the webadmin -> bookstack -> config panel setting
+For the first time Login with standard authentication, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
+
+* How to configure this app: From an admin panel, a plain file with SSH, or config panel.
 
 ## Documentation and resources
 
diff --git a/README_fr.md b/README_fr.md
index 59bd315..3849387 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 BookStack is an opinionated wiki system that provides a pleasant and simple out of the box experience. New users to an instance should find the experience intuitive and only basic word-processing skills should be required to get involved in creating content on BookStack. The platform should provide advanced power features to those that desire it but they should not interfere with the core simple user experience.
 
 
-**Version incluse :** 21.12.3~ynh1
+**Version incluse :** 21.12.4~ynh1
 
 **Démo :** https://demo.bookstackapp.com
 
@@ -24,9 +24,7 @@ BookStack is an opinionated wiki system that provides a pleasant and simple out
 
 ## Avertissements / informations importantes
 
-## Configuration
 
-Login using the default admin details `admin@admin.com` with a password of `password`. You should change these details immediately after logging in for the first time.
 
 ## Documentations et ressources
 
diff --git a/check_process b/check_process
index ba78743..e0ee37e 100644
--- a/check_process
+++ b/check_process
@@ -2,6 +2,8 @@
 	; Manifest
 		domain="domain.tld"
 		path="/path"
+		admin="john"
+		password="1Strong-Password"
 		language="fr"
 		is_public=1
 	; Checks
@@ -12,8 +14,8 @@
 		setup_private=1
 		setup_public=1
 		upgrade=1
-		#Testing
 		upgrade=1	from_commit=aaa9c9534b01a210989aceb4ad4d2b9c585be6df
+		upgrade=1	from_commit=12ee6097f4f48e6fb765afbe25dd10345e9c8adb
 		backup_restore=1
 		multi_instance=0
 		change_url=1
@@ -23,4 +25,6 @@ Notification=none
 ;;; Upgrade options
 	; commit=aaa9c9534b01a210989aceb4ad4d2b9c585be6df
 		name=Testing (#35)
+	; commit=12ee6097f4f48e6fb765afbe25dd10345e9c8adb
+		name=Testing (#38)
 		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
diff --git a/conf/.env.example b/conf/.env.example
index 5c09d5f..7a89b8c 100644
--- a/conf/.env.example
+++ b/conf/.env.example
@@ -45,11 +45,11 @@ MAIL_FROM=bookstack@__DOMAIN__
 MAIL_HOST=localhost
 MAIL_PORT=25
 MAIL_USERNAME=bookstack
-MAIL_PASSWORD="__MAIL_PWD__"
+MAIL_PASSWORD=__MAIL_PWD__
 MAIL_ENCRYPTION=null
 
 # General auth
-AUTH_METHOD=standard
+AUTH_METHOD=__AUTH_METHOD__
 
 # LDAP authentication configuration
 # Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
@@ -57,7 +57,7 @@ LDAP_SERVER=ldap://127.0.0.1:389
 LDAP_BASE_DN=ou=users,dc=yunohost,dc=org
 LDAP_DN=false
 LDAP_PASS=false
-LDAP_USER_FILTER=(&(|(objectclass=posixAccount))(uid={{username}})(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))
+LDAP_USER_FILTER=(&(uid=${user}))
 LDAP_VERSION=3
 LDAP_TLS_INSECURE=false
 LDAP_ID_ATTRIBUTE=uid
@@ -76,3 +76,11 @@ REDIS_SERVERS=127.0.0.1:6379:__REDIS_DB__
 # Storage system to use
 # Can be 'local', 'local_secure' or 's3'
 STORAGE_TYPE=local
+
+# Default item listing view
+# Used for public visitors and user's without a preference
+# Can be 'list' or 'grid'
+APP_VIEWS_BOOKS=list
+APP_VIEWS_BOOKSHELVES=grid
+
+
diff --git a/conf/app.src b/conf/app.src
index 3c6c530..61b5b8c 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/BookStackApp/BookStack/archive/refs/tags/v21.12.3.tar.gz
-SOURCE_SUM=c6182009052069b62e1c70307bc030cc22439ef1da29baf6a315690093693557
+SOURCE_URL=https://github.com/BookStackApp/BookStack/archive/refs/tags/v21.12.4.tar.gz
+SOURCE_SUM=3af6ee1dbcdcd519dc2e42b277c845678162154f7f15d37457d62e6e8f7eea5a
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
diff --git a/config_panel.toml b/config_panel.toml
new file mode 100644
index 0000000..6638fe3
--- /dev/null
+++ b/config_panel.toml
@@ -0,0 +1,35 @@
+version = "1.0"
+
+[main]
+name = "BookStack configuration"
+
+    [main.auth_config]
+    name = "Authentication configuration"
+
+        [main.auth_config.auth_method]
+        ask = "General authentication"
+        choices = ["standard", "ldap"]
+        default = "ldap"
+        help = "Select an authentication method to connect to BookStack."
+        bind = "AUTH_METHOD:__FINALPATH__/.env"
+
+    [main.php_fpm_config]
+    name = "PHP-FPM configuration"
+
+        [main.php_fpm_config.fpm_footprint]
+        ask = "Memory footprint of the service?"
+        choices = ["low", "medium", "high", "specific"]
+        default = "low"
+        help = "low <= 20Mb per pool. medium between 20Mb and 40Mb per pool. high > 40Mb per pool.<br>Use specific to set a value with the following option."
+
+        [main.php_fpm_config.free_footprint]
+        ask = "Memory footprint of the service?"
+        type = "number"
+        default = "0"
+        help = "Free field to specify exactly the footprint in Mb if you don't want to use one of the three previous values."
+
+        [main.php_fpm_config.fpm_usage]
+        ask = "Expected usage of the service?"
+        choices = ["low", "medium", "high"]
+        default = "low"
+        help = "low: Personal usage, behind the SSO. No RAM footprint when not used, but the impact on the processor can be high if many users are using the service.<br>medium: Low usage, few people or/and publicly accessible. Low RAM footprint, medium processor footprint when used.<br>high: High usage, frequently visited website. High RAM footprint, but lower on processor usage and quickly responding."
diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md
index 489555a..feca101 100644
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@@ -1,5 +1,8 @@
 ## Configuration
 
-For the first time Login, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
+BookStack uses LDAP authentication by default.
 
-* How to configure this app: From an admin panel, a plain file with SSH, or any other way.
+You can switch to standard authentication in the webadmin -> bookstack -> config panel setting
+For the first time Login with standard authentication, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
+
+* How to configure this app: From an admin panel, a plain file with SSH, or config panel.
diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md
index 447f108..8b13789 100644
--- a/doc/DISCLAIMER_fr.md
+++ b/doc/DISCLAIMER_fr.md
@@ -1,3 +1 @@
-## Configuration
 
-Login using the default admin details `admin@admin.com` with a password of `password`. You should change these details immediately after logging in for the first time.
diff --git a/manifest.json b/manifest.json
index e442dbc..fd6f598 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Platform to create documentation/wiki content",
         "fr": "Plateforme pour créer du contenu de documentation/wiki"
     },
-    "version": "21.12.3~ynh1",
+    "version": "21.12.4~ynh1",
     "url": "https://www.bookstackapp.com/",
     "upstream": {
         "license": "MIT",
@@ -26,7 +26,7 @@
     "multi_instance": false,
     "services": [
         "nginx",
-        "php7.3-fpm",
+        "php8.0-fpm",
         "mysql"
     ],
     "arguments": {
@@ -40,6 +40,14 @@
                 "example": "/bookstack",
                 "default": "/bookstack"
             },
+            {
+                "name": "admin",
+                "type": "user"
+            },
+            {
+                "name": "password",
+                "type": "password"
+            },
             {
                 "name": "language",
                 "type": "string",
diff --git a/scripts/config b/scripts/config
new file mode 100644
index 0000000..8a9110c
--- /dev/null
+++ b/scripts/config
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC STARTING
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+ynh_abort_if_errors
+
+#=================================================
+# RETRIEVE ARGUMENTS
+#=================================================
+
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
+current_fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
+
+#=================================================
+# SPECIFIC GETTERS FOR TOML SHORT KEY
+#=================================================
+
+get__fpm_footprint() {
+    # Free footprint value for php-fpm
+    # Check if current_fpm_footprint is an integer
+    if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null
+    then
+        echo "specific"
+    else
+        echo "$current_fpm_footprint"
+    fi
+}
+
+get__free_footprint() {
+    # Free footprint value for php-fpm
+    # Check if current_fpm_footprint is an integer
+    if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null
+    then
+        # If current_fpm_footprint is an integer, that's a numeric value for the footprint
+        echo "$current_fpm_footprint"
+    else
+        echo "0"
+    fi
+}
+
+#=================================================
+# SPECIFIC SETTERS FOR TOML SHORT KEYS
+#=================================================
+
+set__fpm_footprint() {
+    if [ "$fpm_footprint" != "specific" ]
+    then
+        ynh_app_setting_set --app=$app --key=fpm_footprint --value="$fpm_footprint"
+    fi
+}
+
+set__free_footprint() {
+    if [ "$fpm_footprint" == "specific" ]
+    then
+        ynh_app_setting_set --app=$app --key=fpm_footprint --value="$free_footprint"
+    fi
+}
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+
+ynh_app_config_validate() {
+    _ynh_app_config_validate
+
+    if [ "${changed[fpm_usage]}" == "true" ] || [ "${changed[fpm_footprint]}" == "true" ] || [ "${changed[free_footprint]}" == "true" ]; then
+        # If fpm_footprint is set to 'specific', use $free_footprint value.
+        if [ "$fpm_footprint" == "specific" ]
+        then
+            fpm_footprint=$free_footprint
+        fi
+
+        if [ "$fpm_footprint" == "0" ]
+        then
+            ynh_print_err --message="When selecting 'specific', you have to set a footprint value into the field below."
+
+            exit 0
+        fi
+    fi
+}
+
+ynh_app_config_apply() {
+    _ynh_app_config_apply
+
+    ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint
+}
+
+ynh_app_config_run $1
diff --git a/scripts/install b/scripts/install
index e431cb4..236d625 100644
--- a/scripts/install
+++ b/scripts/install
@@ -28,9 +28,14 @@ phpversion=$YNH_PHP_VERSION
 timezone="$(cat /etc/timezone)"
 redis_db=$(ynh_redis_get_free_db)
 mail_pwd=$(ynh_string_random --length=12)
+admin=$YNH_APP_ARG_ADMIN
+email=$(ynh_user_get_info --username=$admin --key=mail)
+password=$YNH_APP_ARG_PASSWORD
 
 app=$YNH_APP_INSTANCE_NAME
 
+auth_method="ldap"
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@@ -50,7 +55,9 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=language --value=$language
+ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
+ynh_app_setting_set --app=$app --key=auth_method --value=$auth_method
 
 #=================================================
 # INSTALL DEPENDENCIES
@@ -86,11 +93,6 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
-# Set permissions to app files
-chmod 755 $final_path
-chmod -R o-rwx $final_path
-chown -R $app:www-data $final_path
-
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -105,7 +107,7 @@ ynh_add_nginx_config
 ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
 
 # Create a dedicated PHP-FPM config
-ynh_add_fpm_config
+ynh_add_fpm_config --usage=low --footprint=low
 
 #=================================================
 # INSTALL LYCHEE WITH COMPOSER
@@ -133,8 +135,15 @@ ynh_script_progression --message="Install BookStack" --weight=5
 pushd $final_path
 	php$phpversion artisan key:generate --no-interaction --force
 	php$phpversion artisan migrate --no-interaction --force
+	php$phpversion artisan bookstack:create-admin --email="$email" --name="$admin" --external-auth-id="$admin"
 popd
 
+# Set permissions to app files
+chmod 755 $final_path
+chmod -R o-rwx $final_path
+chown -R $app:www-data $final_path
+chown $app:$app $final_path/.env
+
 #=================================================
 # SETUP SSOWAT
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index fde38c3..2264171 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -29,6 +29,9 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 phpversion=$YNH_PHP_VERSION
 
+fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
+fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
+
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
@@ -80,6 +83,9 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
 
 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
+# Recreate a dedicated php-fpm config
+ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion
+
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index b9e2380..6db94bf 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -24,9 +24,14 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 phpversion=$YNH_PHP_VERSION
+timezone="$(cat /etc/timezone)"
 redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
 mail_pwd=$(ynh_string_random --length=12)
 
+fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
+fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
+auth_method=$(ynh_app_setting_get --app=$app --key=auth_method)
+
 #=================================================
 # CHECK VERSION
 #=================================================
@@ -52,6 +57,24 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 
+# If fpm_footprint doesn't exist, create it
+if [ -z "$fpm_footprint" ]; then
+	fpm_footprint=low
+	ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
+fi
+
+# If fpm_usage doesn't exist, create it
+if [ -z "$fpm_usage" ]; then
+	fpm_usage=low
+	ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
+fi
+
+# If auth_method doesn't exist, create it
+if [ -z "$auth_method" ]; then
+	auth_method="standard"
+	ynh_app_setting_set --app=$app --key=auth_method --value=$auth_method
+fi
+
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
 	ynh_legacy_permissions_delete_all
@@ -76,7 +99,7 @@ then
 	ynh_script_progression --message="Upgrading source files..." --weight=1
 
 	# Download, check integrity, uncompress and patch the source from app.src
-	ynh_setup_source --dest_dir="$final_path" --keep="$final_path/.env $final_path/public/uploads $final_path/storage/uploads"
+	ynh_setup_source --dest_dir="$final_path" --keep="$final_path/public/uploads $final_path/storage/uploads"
 fi
 
 #=================================================
@@ -100,7 +123,7 @@ ynh_install_app_dependencies $pkg_dependencies
 ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
 
 # Create a dedicated PHP-FPM config
-ynh_add_fpm_config
+ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
 
 #=================================================
 # INSTALL LYCHEE WITH COMPOSER
@@ -108,7 +131,17 @@ ynh_add_fpm_config
 ynh_script_progression --message="Installing BookStack with Composer..." --weight=5
 
 # Install composer
-ynh_install_composer --install_args="--no-dev"
+ynh_install_composer --phpversion=$phpversion --workdir=$final_path --install_args="--no-dev"
+
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
+
+app_url_domain="https://$domain${path_url%/}"
+
+ynh_add_config --template=../conf/.env.example --destination=$final_path/.env
+chmod 600 $final_path/.env
 
 #=================================================
 # FINAL BOOKSTACK INSTALL
@@ -126,7 +159,7 @@ popd
 chmod 755 $final_path
 chmod -R o-rwx $final_path
 chown -R $app:www-data $final_path
-#chmod 600 $final_path/.env
+chown $app:$app $final_path/.env
 
 #=================================================
 # RELOAD NGINX