From a662e63c994652365284f6ea477f2a958655ebab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A9rard=20Collin?= <gerard.collin@appliweb.net>
Date: Wed, 15 Feb 2023 16:25:40 +0100
Subject: [PATCH] Removed unnecessary installed files and new version of
 cac-proxy

---
 conf/amd64.src  |  4 ++--
 scripts/upgrade | 48 ++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/conf/amd64.src b/conf/amd64.src
index dce1de5..93c0350 100644
--- a/conf/amd64.src
+++ b/conf/amd64.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.0.15/cookie-aware-cors-proxy.tgz
-SOURCE_SUM=21ba12f3a6fe09d9c934be4ce490a575a955a00a7f6ac82d2715e3e037e6c372
+SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.0/cookie-aware-cors-proxy.tgz
+SOURCE_SUM=473df2664fe560b525a8a4d4d9edd4ffefa544dabfd37a25e199f2a37270a6e0
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
diff --git a/scripts/upgrade b/scripts/upgrade
index 21742ea..3a221f3 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -94,11 +94,22 @@ if [[ "$user_groups" != *"ssh.app"* ]]; then
   ynh_system_user_create --username=$app --groups="ssh.app"
 fi
 
+
+#=================================================
+# SPECIFIC UPGRADE
+#=================================================
+complete_install=false
+
+# Check if we need to clean up old bad installs
+if [ -f "$final_path/" ]; then
+  complete_install=true
+  rm -rf "$final_path/*"
+fi
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
-
-if [ "$upgrade_type" == "UPGRADE_APP" ]
+if [ "$upgrade_type" == "UPGRADE_APP" ] || [ "$complete_install" == "true" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --weight=6
 
@@ -117,6 +128,35 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:$app "$final_path"
 
+if [ -n "$public_key" ] && [ "$complete_install" == "true" ]
+then
+  ynh_script_progression --message="Enabling ssh access for dev..." --weight=1
+  #enable ssh access to the files for updates
+  #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
+  mkdir --parents $final_path/.ssh
+  ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys"
+  ynh_app_setting_set --app=$app --key=public_key --value=$public_key
+  chown -R $app:$app "$final_path/.ssh"
+  chmod 700 "$final_path/.ssh"
+  chmod 600 "$final_path/.ssh/authorized_keys"
+
+  #=================================================
+  # Create restart services file
+  #=================================================
+
+  # Enable restarting of services from ssh
+  ynh_add_config --template="restart-proxy.sh" --destination="$final_path/restart-proxy.sh"
+
+  # Enable root ownership to be able to call systemctl
+  chown $app:$app "$final_path/restart-proxy.sh"
+  chmod o-rwx,gu=rwx "$final_path/restart-proxy.sh"
+
+  ynh_add_config --template="cac-proxy-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
+  chown root:root "/etc/sudoers.d/$app-sudoers"
+  chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
+
+fi
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -125,10 +165,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# SPECIFIC UPGRADE
-#=================================================
-# ...
 #=================================================
 
 #=================================================