diff --git a/.idea/cac-proxy_ynh.iml b/.idea/cac-proxy_ynh.iml new file mode 100644 index 0000000..bdf896d --- /dev/null +++ b/.idea/cac-proxy_ynh.iml @@ -0,0 +1,9 @@ + + + + + + + + + diff --git a/README.md b/README.md index 49bbacb..f2079dc 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Cors Proxy for YunoHost -[![Integration level](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Working status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Working status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg) + [![Install Cors Proxy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cac-proxy) *[Lire ce readme en français.](./README_fr.md)* @@ -26,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo - Two engines: a lightweight and one based on chrome to support websites running javascript -**Shipped version:** 1.0~ynh1 +**Shipped version:** 1.0~ynh2 ## Screenshots diff --git a/README_fr.md b/README_fr.md index c0f7d68..29aa749 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Cors Proxy pour YunoHost -[![Niveau d’intégration](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/cac-proxy.svg)](https://dash.yunohost.org/appci/app/cac-proxy) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cac-proxy.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cac-proxy.maintain.svg) + [![Installer Cors Proxy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cac-proxy) *[Read this readme in english.](./README.md)* @@ -26,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo - Two engines: a lightweight and one based on chrome to support websites running javascript -**Version incluse :** 1.0~ynh1 +**Version incluse :** 1.0~ynh2 ## Captures d’écran diff --git a/check_process b/check_process index cf53ac3..f071cd3 100644 --- a/check_process +++ b/check_process @@ -6,6 +6,7 @@ domain="domain.tld" path="/path" is_public=0 + install_chromium=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -14,7 +15,7 @@ setup_private=0 setup_public=1 upgrade=1 - upgrade=0 from_commit=CommitHash + upgrade=1 from_commit=b446048d123428f5260c5757245e8ed5ad454fb0 backup_restore=1 multi_instance=0 port_already_use=0 diff --git a/conf/amd64.src b/conf/amd64.src index dce1de5..f9c125c 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.0.15/cookie-aware-cors-proxy.tgz -SOURCE_SUM=21ba12f3a6fe09d9c934be4ce490a575a955a00a7f6ac82d2715e3e037e6c372 +SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.4/cookie-aware-cors-proxy.tgz +SOURCE_SUM=c56ca989233d4d2f3a2304ec96d979445f97232c8be63d5910d819af66f83ab9 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/systemd.service b/conf/systemd.service index 8417af7..b26c0df 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ EnvironmentFile=__FINALPATH__/.env -WorkingDirectory=__FINALPATH__/ +WorkingDirectory=__FINALPATH__/package/ ExecStart=__YNH_NODE__ ./src/server.js StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit diff --git a/manifest.json b/manifest.json index f032941..02f8680 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "An advanced https proxy allowing you to call other websites from your own web application.", "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web." }, - "version": "1.0~ynh1", + "version": "1.0~ynh2", "url": "https://github.com/gcollin/cookie-aware-cors-proxy", "upstream": { "license": "MIT", @@ -36,6 +36,16 @@ "example": "/proxy", "default": "/proxy" }, + { + "name": "install_chromium", + "type": "boolean", + "default": false, + "optional": true, + "ask": { + "en": "Install Chromium for advanced website support (+480 MB).", + "fr": "Installer Chromium pour supporter les sites web complexes (+480 MB)." + } + }, { "name": "public_key", "type": "string", diff --git a/scripts/install b/scripts/install index b516307..d64af45 100755 --- a/scripts/install +++ b/scripts/install @@ -27,6 +27,7 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH public_key=$YNH_APP_ARG_PUBLIC_KEY is_public=$YNH_APP_ARG_IS_PUBLIC +install_chromium=$YNH_APP_ARG_INSTALL_CHROMIUM ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID @@ -74,6 +75,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=install_chromium --value=$install_chromium #================================================= # STANDARD MODIFICATIONS @@ -122,7 +124,7 @@ ynh_use_nodejs ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --use_shell --home_dir="$final_path" --groups="ssh.app" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -135,7 +137,8 @@ ynh_script_progression --message="Setting up source files..." --weight=6 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from amd64.src -ynh_setup_source --source_id=amd64 --dest_dir="$final_path" +mkdir --parents $final_path/package +ynh_setup_source --source_id=amd64 --dest_dir="$final_path/package" chmod 750 "$final_path" chmod -R o-rwx "$final_path" @@ -170,6 +173,19 @@ then fi +#================================================= +# Install chromium +#================================================= +if [ $install_chromium -eq 1 ] +then + ynh_script_progression --message="Installing Chromium..." --weight=8 + + cd "$final_path/package" + ynh_exec_as $app $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" + + cd - +fi + #================================================= # NGINX CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c096160..14e7d60 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,6 +21,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) public_key=$(ynh_app_setting_get --app=$app --key=public_key) +install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium) #================================================= # CHECK VERSION @@ -83,19 +84,39 @@ ynh_use_nodejs #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" + #Recreate the user to enable shell if needed +user_shell=$(grep "^$app:" /etc/passwd | cut -d: -f7) +if [ "$user_shell" == "/usr/sbin/nologin" ]; then + chsh --shell /bin/sh $app +fi + # Ensure the use can connect through ssh +user_groups=$(groups "$app") +if [[ "$user_groups" != *"ssh.app"* ]]; then + ynh_system_user_create --username=$app --groups="ssh.app" +fi + + +#================================================= +# SPECIFIC UPGRADE +#================================================= +complete_install=false + +# Check if we need to clean up old bad installs +if [ -f "$final_path/package.json" ]; then + complete_install=true + ynh_secure_remove --file="$final_path/*" +fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] +if [ "$upgrade_type" == "UPGRADE_APP" ] || [ "$complete_install" == "true" ] then ynh_script_progression --message="Upgrading source files..." --weight=6 # Download, check integrity, uncompress and patch the source from amd64.src - ynh_setup_source --source_id=amd64 --dest_dir="$final_path" + mkdir --parents $final_path/package + ynh_setup_source --source_id=amd64 --dest_dir="$final_path/package" fi @@ -109,6 +130,49 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" +if [ -n "$public_key" ] && [ "$complete_install" == "true" ] +then + ynh_script_progression --message="Enabling ssh access for dev..." --weight=1 + #enable ssh access to the files for updates + #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh + mkdir --parents $final_path/.ssh + ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys" + ynh_app_setting_set --app=$app --key=public_key --value=$public_key + chown -R $app:$app "$final_path/.ssh" + chmod 700 "$final_path/.ssh" + chmod 600 "$final_path/.ssh/authorized_keys" + + #================================================= + # Create restart services file + #================================================= + + # Enable restarting of services from ssh + ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh" + + # Enable root ownership to be able to call systemctl + chown $app:$app "$final_path/restart-proxy.sh" + chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh" + + ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers" + chown root:root "/etc/sudoers.d/$app-sudoers" + chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers" + +fi + +#================================================= +# Install chromium +#================================================= +if [ $install_chromium -eq 1 ] +then + ynh_script_progression --message="Upgrading Chromium..." --weight=8 + # Remove old versions of chrome + ynh_secure_remove --file="$final_path/.cache/puppeteer/chrome" + # And install the latest one + cd "$final_path/package" + ynh_exec_as $app $ynh_node_load_PATH $ynh_node "./node_modules/puppeteer/install.js" + +fi + #================================================= # NGINX CONFIGURATION #================================================= @@ -117,10 +181,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SPECIFIC UPGRADE -#================================================= -# ... #================================================= #=================================================