YunoHost-Apps/cac-proxy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cac-proxy_ynh.git synced 2024-09-03 18:16:07 +02:00
Code Issues Activity Actions

Working with ssh support

Browse source
This commit is contained in:
Gérard Collin 2023-01-14 10:17:35 +01:00
parent 3b0e9c4f3e
commit 233b3178cd
11 changed files with 117 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
README.md
View file

@ -3,76 +3,59 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand.
-->
# Mongo Express for YunoHost
# Cookie Aware Cors Proxy for YunoHost
[![Integration level](https://dash.yunohost.org/integration/mongo-express.svg)](https://dash.yunohost.org/appci/app/mongo-express) ![Working status](https://ci-apps.yunohost.org/ci/badges/mongo-express.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/mongo-express.maintain.svg)
[![Install Mongo Express with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mongo-express)
[![Integration level](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Working status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg)
[![Install Cookie Aware Cors Proxy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cac-proxy)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install Mongo Express quickly and simply on a YunoHost server.
> *This package allows you to install Cookie Aware Cors Proxy quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3.
You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want
Cookie Aware Cors Proxy is an http proxy letting the browser itself manages cookies and redirects.
Most other cores proxy directly respond to redirects, and doesn't send cookies, thus breaking the flow.
With Cookie Aware Cors Proxy, you can call a website not supporting CORS from your own web application, and get the html result.
### Features
- Optionally installs Mongo server
- Connect to multiple databases
- View/add/delete databases
- View/add/rename/delete collections
- View/add/update/delete documents
- Preview audio/video/image assets inline in collection view
- Nested and/or large objects are collapsible for easy overview
- Async on-demand loading of big document properties (>100KB default) to keep collection view fast
- GridFS support - add/get/delete incredibly large files
- Use BSON data types in documents
- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind
- Connect and authenticate to individual databases
- Authenticate as admin to view all databases
- Database blacklist/whitelist
- Custom CA and CA validation disabling
- Supports replica sets
- Translates cookies and redirect locations from the target website to have the browser continue to call the proxy and not directly the website
- Extensive and dynamic support for log and debug information
- Two engines: a lightweight and one based on chrome to support websites running javascript
**Shipped version:** 1.0~ynh3
**Shipped version:** 1.0~ynh1
## Screenshots
![Screenshot of Mongo Express](./doc/screenshots/document-edit.png)
![Screenshot of Mongo Express](./doc/screenshots/collection-view.png)
![Screenshot of Mongo Express](./doc/screenshots/databases-view.png)
![Screenshot of Cookie Aware Cors Proxy](./doc/screenshots/document-edit.png)
![Screenshot of Cookie Aware Cors Proxy](./doc/screenshots/databases-view.png)
![Screenshot of Cookie Aware Cors Proxy](./doc/screenshots/collection-view.png)
## Disclaimers / important information
* For now, any user that can log to your server will have admin access to all your Mongo databases !
* About security
* Single-sign on or LDAP are not integrated
* It's strongly recommanded you don't enable public access to the application
* It works only if you define it as public upon installation otherwise the yunohost SSO will interfere
* It doesn't backup Mongo databases
* As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them
* However, yYou can view / edit other applications databases with Mongo-Express
* It will just reinstall the Mongo server if you installed it with this script
* Any yunohost applications using Mongo databases should manage the backup and restore
## Documentation and resources
* Upstream app code repository: <https://github.com/mongo-express/mongo-express>
* YunoHost documentation for this app: <https://yunohost.org/app_mongo-express>
* Report a bug: <https://github.com/YunoHost-Apps/mongo-express_ynh/issues>
* Upstream app code repository: <https://github.com/gcollin/cookie-aware-cors-proxy>
* YunoHost documentation for this app: <https://yunohost.org/app_cac-proxy>
* Report a bug: <https://github.com/YunoHost-Apps/cac-proxy_ynh/issues>
## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing).
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing).
To try the testing branch, please proceed like that.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
or
sudo yunohost app upgrade mongo-express -u https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
sudo yunohost app upgrade cac-proxy -u https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
```
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

61
README_fr.md
View file

@ -3,76 +3,59 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand.
-->
# Mongo Express pour YunoHost
# Cookie Aware Cors Proxy pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/mongo-express.svg)](https://dash.yunohost.org/appci/app/mongo-express) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/mongo-express.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/mongo-express.maintain.svg)
[![Installer Mongo Express avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mongo-express)
[![Niveau d'intégration](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg)
[![Installer Cookie Aware Cors Proxy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cac-proxy)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer Mongo Express rapidement et simplement sur un serveur YunoHost.
> *Ce package vous permet d'installer Cookie Aware Cors Proxy rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3.
You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want
Cookie Aware Cors Proxy is an http proxy letting the browser itself manages cookies and redirects.
Most other cores proxy directly respond to redirects, and doesn't send cookies, thus breaking the flow.
With Cookie Aware Cors Proxy, you can call a website not supporting CORS from your own web application, and get the html result.
### Features
- Optionally installs Mongo server
- Connect to multiple databases
- View/add/delete databases
- View/add/rename/delete collections
- View/add/update/delete documents
- Preview audio/video/image assets inline in collection view
- Nested and/or large objects are collapsible for easy overview
- Async on-demand loading of big document properties (>100KB default) to keep collection view fast
- GridFS support - add/get/delete incredibly large files
- Use BSON data types in documents
- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind
- Connect and authenticate to individual databases
- Authenticate as admin to view all databases
- Database blacklist/whitelist
- Custom CA and CA validation disabling
- Supports replica sets
- Translates cookies and redirect locations from the target website to have the browser continue to call the proxy and not directly the website
- Extensive and dynamic support for log and debug information
- Two engines: a lightweight and one based on chrome to support websites running javascript
**Version incluse :** 1.0~ynh3
**Version incluse :** 1.0~ynh1
## Captures d'écran
![Capture d'écran de Mongo Express](./doc/screenshots/document-edit.png)
![Capture d'écran de Mongo Express](./doc/screenshots/collection-view.png)
![Capture d'écran de Mongo Express](./doc/screenshots/databases-view.png)
![Capture d'écran de Cookie Aware Cors Proxy](./doc/screenshots/document-edit.png)
![Capture d'écran de Cookie Aware Cors Proxy](./doc/screenshots/databases-view.png)
![Capture d'écran de Cookie Aware Cors Proxy](./doc/screenshots/collection-view.png)
## Avertissements / informations importantes
* For now, any user that can log to your server will have admin access to all your Mongo databases !
* About security
* Single-sign on or LDAP are not integrated
* It's strongly recommanded you don't enable public access to the application
* It works only if you define it as public upon installation otherwise the yunohost SSO will interfere
* It doesn't backup Mongo databases
* As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them
* However, yYou can view / edit other applications databases with Mongo-Express
* It will just reinstall the Mongo server if you installed it with this script
* Any yunohost applications using Mongo databases should manage the backup and restore
## Documentations et ressources
* Dépôt de code officiel de l'app : <https://github.com/mongo-express/mongo-express>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_mongo-express>
* Signaler un bug : <https://github.com/YunoHost-Apps/mongo-express_ynh/issues>
* Dépôt de code officiel de l'app : <https://github.com/gcollin/cookie-aware-cors-proxy>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_cac-proxy>
* Signaler un bug : <https://github.com/YunoHost-Apps/cac-proxy_ynh/issues>
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing).
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
ou
sudo yunohost app upgrade mongo-express -u https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
sudo yunohost app upgrade cac-proxy -u https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

1
conf/authorized_keys Normal file
View file

@ -0,0 +1 @@
__PUBLIC_KEY__

1
conf/cac-proxy-sudoers Normal file
View file

@ -0,0 +1 @@
%__APP__ ALL=(root) NOPASSWD: /usr/bin/systemctl restart __APP__

4
conf/restart-proxy.sh Normal file
View file

@ -0,0 +1,4 @@
#!/bin/bash
# Restart all dont-code services
sudo systemctl restart "__APP__"

9
manifest.json
View file

@ -36,6 +36,15 @@
"example": "/proxy",
"default": "/proxy"
},
{
"name": "public_key",
"type": "string",
"optional": true,
"ask": {
"en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.",
"fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
}
},
{
"name": "is_public",
"type": "boolean",

2
scripts/backup
View file

@ -56,6 +56,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
ynh_backup --src_path="/etc/sudoers.d/$app-sudoers"
# BACKUP LOGROTATE
#=================================================

30
scripts/install
View file

@ -25,6 +25,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
public_key=$YNH_APP_ARG_PUBLIC_KEY
is_public=$YNH_APP_ARG_IS_PUBLIC
### If it's a multi-instance app, meaning it can be installed several times independently
@ -140,6 +141,35 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
if [ -n "$public_key" ]
then
ynh_script_progression --message="Enabling ssh access for dev..." --weight=1
#enable ssh access to the files for updates
#todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
mkdir --parents $final_path/.ssh
ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys"
ynh_app_setting_set --app=$app --key=public_key --value=$public_key
chown -R $app:$app "$final_path/.ssh"
chmod 700 "$final_path/.ssh"
chmod 600 "$final_path/.ssh/authorized_keys"
#=================================================
# Create restart services file
#=================================================
# Enable restarting of services from ssh
ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh"
# Enable root ownership to be able to call systemctl
chown $app:$app "$final_path/restart-proxy.sh"
chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
chown root:root "/etc/sudoers.d/$app-sudoers"
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
fi
#=================================================
# NGINX CONFIGURATION
#=================================================

8
scripts/remove
View file

@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
#=================================================
# STANDARD REMOVE
@ -110,6 +111,13 @@ ynh_script_progression --message="Removing various files..." --weight=1
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
if [ -n "$public_key" ]
then
ynh_script_progression --message="Removing ssh dev access" --weight=1
ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers"
fi
#=================================================
# GENERIC FINALIZATION
#=================================================

17
scripts/restore
View file

@ -32,6 +32,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
@ -70,6 +71,22 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#Make sure the .ssh and files have the correct access rights
if [ -n "$public_key" ]
then
chown -R $app:$app "$final_path/.ssh"
chmod 700 "$final_path/.ssh"
chmod 600 "$final_path/.ssh/authorized_keys"
# Enable restart of services for the dont-code user
chown $app:$app "$final_path/restart-proxy.sh"
chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
ynh_restore_file --origin_path="/etc/sudoers.d/$app-sudoers"
chown root:root "/etc/sudoers.d/$app-sudoers"
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
fi
#=================================================
# SPECIFIC RESTORATION
#=================================================

1
scripts/upgrade
View file

@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
#=================================================
# CHECK VERSION