Working with ssh support

README.md

@@ -3,76 +3,59 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
 It shall NOT be edited by hand.
 -->
 
-# Mongo Express for YunoHost
+# Cookie Aware Cors Proxy for YunoHost
 
-[![Integration level](https://dash.yunohost.org/integration/mongo-express.svg)](https://dash.yunohost.org/appci/app/mongo-express) ![Working status](https://ci-apps.yunohost.org/ci/badges/mongo-express.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/mongo-express.maintain.svg)  
+[![Integration level](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Working status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg)  
-[![Install Mongo Express with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mongo-express)
+[![Install Cookie Aware Cors Proxy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cac-proxy)
 
 *[Lire ce readme en français.](./README_fr.md)*
 
-> *This package allows you to install Mongo Express quickly and simply on a YunoHost server.
+> *This package allows you to install Cookie Aware Cors Proxy quickly and simply on a YunoHost server.
 If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
 
 ## Overview
 
-Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3.
+Cookie Aware Cors Proxy is an http proxy letting the browser itself manages cookies and redirects.
-You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want 
+Most other cores proxy directly respond to redirects, and doesn't send cookies, thus breaking the flow.
+With Cookie Aware Cors Proxy, you can call a website not supporting CORS from your own web application, and get the html result.
 
 ### Features
-- Optionally installs Mongo server
+- Translates cookies and redirect locations from the target website to have the browser continue to call the proxy and not directly the website 
-- Connect to multiple databases
+- Extensive and dynamic support for log and debug information
-- View/add/delete databases
+- Two engines: a lightweight and one based on chrome to support websites running javascript
-- View/add/rename/delete collections
-- View/add/update/delete documents
-- Preview audio/video/image assets inline in collection view
-- Nested and/or large objects are collapsible for easy overview
-- Async on-demand loading of big document properties (>100KB default) to keep collection view fast
-- GridFS support - add/get/delete incredibly large files
-- Use BSON data types in documents
-- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind
-- Connect and authenticate to individual databases
-- Authenticate as admin to view all databases
-- Database blacklist/whitelist
-- Custom CA and CA validation disabling
-- Supports replica sets
 
 
-**Shipped version:** 1.0~ynh3
+**Shipped version:** 1.0~ynh1
 
 ## Screenshots
 
-![Screenshot of Mongo Express](./doc/screenshots/document-edit.png)
+![Screenshot of Cookie Aware Cors Proxy](./doc/screenshots/document-edit.png)
-![Screenshot of Mongo Express](./doc/screenshots/collection-view.png)
+![Screenshot of Cookie Aware Cors Proxy](./doc/screenshots/databases-view.png)
-![Screenshot of Mongo Express](./doc/screenshots/databases-view.png)
+![Screenshot of Cookie Aware Cors Proxy](./doc/screenshots/collection-view.png)
 
 ## Disclaimers / important information
 
-* For now, any user that can log to your server will have admin access to all your Mongo databases !
+* About security
     * Single-sign on or LDAP are not integrated
-    * It's strongly recommanded you don't enable public access to the application
+    * It works only if you define it as public upon installation otherwise the yunohost SSO will interfere
 
-* It doesn't backup Mongo databases
-    * As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them
-    * However, yYou can view / edit other applications databases with Mongo-Express
-    * It will just reinstall the Mongo server if you installed it with this script 
-    * Any yunohost applications using Mongo databases should manage the backup and restore
 
 ## Documentation and resources
 
-* Upstream app code repository: <https://github.com/mongo-express/mongo-express>
+* Upstream app code repository: <https://github.com/gcollin/cookie-aware-cors-proxy>
-* YunoHost documentation for this app: <https://yunohost.org/app_mongo-express>
+* YunoHost documentation for this app: <https://yunohost.org/app_cac-proxy>
-* Report a bug: <https://github.com/YunoHost-Apps/mongo-express_ynh/issues>
+* Report a bug: <https://github.com/YunoHost-Apps/cac-proxy_ynh/issues>
 
 ## Developer info
 
-Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing).
+Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing).
 
 To try the testing branch, please proceed like that.
 
 ``` bash
-sudo yunohost app install https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
+sudo yunohost app install https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
 or
-sudo yunohost app upgrade mongo-express -u https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
+sudo yunohost app upgrade cac-proxy -u https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
 ```
 
 **More info regarding app packaging:** <https://yunohost.org/packaging_apps>

README_fr.md

@@ -3,76 +3,59 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
 It shall NOT be edited by hand.
 -->
 
-# Mongo Express pour YunoHost
+# Cookie Aware Cors Proxy pour YunoHost
 
-[![Niveau d'intégration](https://dash.yunohost.org/integration/mongo-express.svg)](https://dash.yunohost.org/appci/app/mongo-express) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/mongo-express.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/mongo-express.maintain.svg)  
+[![Niveau d'intégration](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg)  
-[![Installer Mongo Express avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mongo-express)
+[![Installer Cookie Aware Cors Proxy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cac-proxy)
 
 *[Read this readme in english.](./README.md)*
 
-> *Ce package vous permet d'installer Mongo Express rapidement et simplement sur un serveur YunoHost.
+> *Ce package vous permet d'installer Cookie Aware Cors Proxy rapidement et simplement sur un serveur YunoHost.
 Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
 
 ## Vue d'ensemble
 
-Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3.
+Cookie Aware Cors Proxy is an http proxy letting the browser itself manages cookies and redirects.
-You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want 
+Most other cores proxy directly respond to redirects, and doesn't send cookies, thus breaking the flow.
+With Cookie Aware Cors Proxy, you can call a website not supporting CORS from your own web application, and get the html result.
 
 ### Features
-- Optionally installs Mongo server
+- Translates cookies and redirect locations from the target website to have the browser continue to call the proxy and not directly the website 
-- Connect to multiple databases
+- Extensive and dynamic support for log and debug information
-- View/add/delete databases
+- Two engines: a lightweight and one based on chrome to support websites running javascript
-- View/add/rename/delete collections
-- View/add/update/delete documents
-- Preview audio/video/image assets inline in collection view
-- Nested and/or large objects are collapsible for easy overview
-- Async on-demand loading of big document properties (>100KB default) to keep collection view fast
-- GridFS support - add/get/delete incredibly large files
-- Use BSON data types in documents
-- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind
-- Connect and authenticate to individual databases
-- Authenticate as admin to view all databases
-- Database blacklist/whitelist
-- Custom CA and CA validation disabling
-- Supports replica sets
 
 
-**Version incluse :** 1.0~ynh3
+**Version incluse :** 1.0~ynh1
 
 ## Captures d'écran
 
-![Capture d'écran de Mongo Express](./doc/screenshots/document-edit.png)
+![Capture d'écran de Cookie Aware Cors Proxy](./doc/screenshots/document-edit.png)
-![Capture d'écran de Mongo Express](./doc/screenshots/collection-view.png)
+![Capture d'écran de Cookie Aware Cors Proxy](./doc/screenshots/databases-view.png)
-![Capture d'écran de Mongo Express](./doc/screenshots/databases-view.png)
+![Capture d'écran de Cookie Aware Cors Proxy](./doc/screenshots/collection-view.png)
 
 ## Avertissements / informations importantes
 
-* For now, any user that can log to your server will have admin access to all your Mongo databases !
+* About security
     * Single-sign on or LDAP are not integrated
-    * It's strongly recommanded you don't enable public access to the application
+    * It works only if you define it as public upon installation otherwise the yunohost SSO will interfere
 
-* It doesn't backup Mongo databases
-    * As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them
-    * However, yYou can view / edit other applications databases with Mongo-Express
-    * It will just reinstall the Mongo server if you installed it with this script 
-    * Any yunohost applications using Mongo databases should manage the backup and restore
 
 ## Documentations et ressources
 
-* Dépôt de code officiel de l'app : <https://github.com/mongo-express/mongo-express>
+* Dépôt de code officiel de l'app : <https://github.com/gcollin/cookie-aware-cors-proxy>
-* Documentation YunoHost pour cette app : <https://yunohost.org/app_mongo-express>
+* Documentation YunoHost pour cette app : <https://yunohost.org/app_cac-proxy>
-* Signaler un bug : <https://github.com/YunoHost-Apps/mongo-express_ynh/issues>
+* Signaler un bug : <https://github.com/YunoHost-Apps/cac-proxy_ynh/issues>
 
 ## Informations pour les développeurs
 
-Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing).
+Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing).
 
 Pour essayer la branche testing, procédez comme suit.
 
 ``` bash
-sudo yunohost app install https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
+sudo yunohost app install https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
 ou
-sudo yunohost app upgrade mongo-express -u https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug
+sudo yunohost app upgrade cac-proxy -u https://github.com/YunoHost-Apps/cac-proxy_ynh/tree/testing --debug
 ```
 
 **Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

conf/authorized_keys

@@ -0,0 +1 @@
+__PUBLIC_KEY__

conf/cac-proxy-sudoers

@@ -0,0 +1 @@
+%__APP__ ALL=(root) NOPASSWD: /usr/bin/systemctl restart __APP__

conf/restart-proxy.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Restart all dont-code services
+sudo systemctl restart "__APP__"

manifest.json

@@ -36,6 +36,15 @@
                 "example": "/proxy",
                 "default": "/proxy"
             },
+            {
+                "name": "public_key",
+                "type": "string",
+                "optional": true,
+                "ask": {
+                    "en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.",
+                    "fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
+                }
+            },
             {
                 "name": "is_public",
                 "type": "boolean",

scripts/backup

@@ -56,6 +56,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
+ynh_backup --src_path="/etc/sudoers.d/$app-sudoers"
+
 # BACKUP LOGROTATE
 #=================================================
 

scripts/install

@@ -25,6 +25,7 @@ ynh_abort_if_errors
 
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
+public_key=$YNH_APP_ARG_PUBLIC_KEY
 is_public=$YNH_APP_ARG_IS_PUBLIC
 
 ### If it's a multi-instance app, meaning it can be installed several times independently
@@ -140,6 +141,35 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:$app "$final_path"
 
+if [ -n "$public_key" ]
+then
+  ynh_script_progression --message="Enabling ssh access for dev..." --weight=1
+  #enable ssh access to the files for updates
+  #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
+  mkdir --parents $final_path/.ssh
+  ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys"
+  ynh_app_setting_set --app=$app --key=public_key --value=$public_key
+  chown -R $app:$app "$final_path/.ssh"
+  chmod 700 "$final_path/.ssh"
+  chmod 600 "$final_path/.ssh/authorized_keys"
+
+  #=================================================
+  # Create restart services file
+  #=================================================
+
+  # Enable restarting of services from ssh
+  ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh"
+
+  # Enable root ownership to be able to call systemctl
+  chown $app:$app "$final_path/restart-proxy.sh"
+  chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
+
+  ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
+  chown root:root "/etc/sudoers.d/$app-sudoers"
+  chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
+
+fi
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================

scripts/remove

@@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 port=$(ynh_app_setting_get --app=$app --key=port)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+public_key=$(ynh_app_setting_get --app=$app --key=public_key)
 
 #=================================================
 # STANDARD REMOVE
@@ -110,6 +111,13 @@ ynh_script_progression --message="Removing various files..." --weight=1
 # Remove the log files
 ynh_secure_remove --file="/var/log/$app"
 
+if [ -n "$public_key" ]
+then
+  ynh_script_progression --message="Removing ssh dev access" --weight=1
+  ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers"
+
+fi
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/restore

@@ -32,6 +32,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
+public_key=$(ynh_app_setting_get --app=$app --key=public_key)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@@ -70,6 +71,22 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:$app "$final_path"
 
+#Make sure the .ssh and files have the correct access rights
+if [ -n "$public_key" ]
+then
+  chown -R $app:$app "$final_path/.ssh"
+  chmod 700 "$final_path/.ssh"
+  chmod 600 "$final_path/.ssh/authorized_keys"
+  # Enable restart of services for the dont-code user
+  chown $app:$app "$final_path/restart-proxy.sh"
+  chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
+
+  ynh_restore_file --origin_path="/etc/sudoers.d/$app-sudoers"
+
+  chown root:root "/etc/sudoers.d/$app-sudoers"
+  chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
+fi
+
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================

scripts/upgrade

@@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
+public_key=$(ynh_app_setting_get --app=$app --key=public_key)
 
 #=================================================
 # CHECK VERSION