YunoHost-Apps/cac-proxy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cac-proxy_ynh.git synced 2024-09-03 18:16:07 +02:00
Code Issues Activity Actions

Merge pull request #8 from YunoHost-Apps/main

Browse source 
Support for chrome secure bypass
This commit is contained in:
Gérard Collin 2023-04-18 10:27:14 +02:00 committed by GitHub
commit b0429990ad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 53 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo
- Two engines: a lightweight and one based on chrome to support websites running javascript
**Shipped version:** 1.0~ynh2
**Shipped version:** 1.1.11~ynh1
## Screenshots

2
README_fr.md
View file

@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo
- Two engines: a lightweight and one based on chrome to support websites running javascript
**Version incluse :** 1.0~ynh2
**Version incluse :** 1.1.11~ynh1
## Captures décran

1
conf/.env
View file

@ -3,3 +3,4 @@ CACP_REDIRECT_HOST=https://__DOMAIN__
CACP_REDIRECT_PATH=__PATH_URL__
CACP_DEBUG=FALSE
CACP_LOG=FALSE
CACP_BYPASS_SANDBOX=__BYPASS_SANDBOX__

4
conf/amd64.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.4/cookie-aware-cors-proxy.tgz
SOURCE_SUM=c56ca989233d4d2f3a2304ec96d979445f97232c8be63d5910d819af66f83ab9
SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.11/cookie-aware-cors-proxy.tgz
SOURCE_SUM=93a2564a9d244c0087a8103f68be31ef48d592180f37dd3e496feb438cc7e1c8
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

3
conf/systemd.service
View file

@ -32,7 +32,8 @@ ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# We need to allow priviledged to enable chromium access to gpu
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html

2
manifest.json
View file

@ -6,7 +6,7 @@
"en": "An advanced https proxy allowing you to call other websites from your own web application.",
"fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web."
},
"version": "1.0~ynh2",
"version": "1.1.11~ynh1",
"url": "https://github.com/gcollin/cookie-aware-cors-proxy",
"upstream": {
"license": "MIT",

15
scripts/change_url
View file

@ -29,6 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
@ -109,6 +110,20 @@ ynh_script_progression --message="Updating .env configuration..."
ynh_backup_if_checksum_is_different --file="$final_path/.env"
domain=$new_domain
path_url=$new_path
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]
then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]
then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future

13
scripts/install
View file

@ -208,6 +208,19 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]
then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]
then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future

22
scripts/upgrade
View file

@ -104,7 +104,11 @@ complete_install=false
# Check if we need to clean up old bad installs
if [ -f "$final_path/package.json" ]; then
complete_install=true
ynh_secure_remove --file="$final_path/*"
ynh_secure_remove --file="$final_path"
mkdir "$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
fi
#=================================================
@ -188,10 +192,18 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
### Same as during install
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
kernel_release=$(uname -r)
if [[ $kernel_release == 5.* ]]
then
bypass_sandbox="TRUE"
if [ $install_chromium -eq 1 ]
then
ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
fi
else
bypass_sandbox="FALSE"
fi
ynh_add_config --template=".env" --destination="$final_path/.env"