diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..783a4ae --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*~ +*.sw[op] diff --git a/README.md b/README.md new file mode 100644 index 0000000..cb8b617 --- /dev/null +++ b/README.md @@ -0,0 +1,78 @@ + + +# Mongo Express for YunoHost + +[![Integration level](https://dash.yunohost.org/integration/mongo-express.svg)](https://dash.yunohost.org/appci/app/mongo-express) ![Working status](https://ci-apps.yunohost.org/ci/badges/mongo-express.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/mongo-express.maintain.svg) +[![Install Mongo Express with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mongo-express) + +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install Mongo Express quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview + +Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3. +You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want + +### Features +- Optionally installs Mongo server +- Connect to multiple databases +- View/add/delete databases +- View/add/rename/delete collections +- View/add/update/delete documents +- Preview audio/video/image assets inline in collection view +- Nested and/or large objects are collapsible for easy overview +- Async on-demand loading of big document properties (>100KB default) to keep collection view fast +- GridFS support - add/get/delete incredibly large files +- Use BSON data types in documents +- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind +- Connect and authenticate to individual databases +- Authenticate as admin to view all databases +- Database blacklist/whitelist +- Custom CA and CA validation disabling +- Supports replica sets + + +**Shipped version:** 1.0~ynh3 + +## Screenshots + +![Screenshot of Mongo Express](./doc/screenshots/document-edit.png) +![Screenshot of Mongo Express](./doc/screenshots/collection-view.png) +![Screenshot of Mongo Express](./doc/screenshots/databases-view.png) + +## Disclaimers / important information + +* For now, any user that can log to your server will have admin access to all your Mongo databases ! + * Single-sign on or LDAP are not integrated + * It's strongly recommanded you don't enable public access to the application + +* It doesn't backup Mongo databases + * As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them + * However, yYou can view / edit other applications databases with Mongo-Express + * It will just reinstall the Mongo server if you installed it with this script + * Any yunohost applications using Mongo databases should manage the backup and restore + +## Documentation and resources + +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: + +## Developer info + +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing). + +To try the testing branch, please proceed like that. + +``` bash +sudo yunohost app install https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug +or +sudo yunohost app upgrade mongo-express -u https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug +``` + +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..42b703b --- /dev/null +++ b/README_fr.md @@ -0,0 +1,78 @@ + + +# Mongo Express pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/mongo-express.svg)](https://dash.yunohost.org/appci/app/mongo-express) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/mongo-express.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/mongo-express.maintain.svg) +[![Installer Mongo Express avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mongo-express) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer Mongo Express rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3. +You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want + +### Features +- Optionally installs Mongo server +- Connect to multiple databases +- View/add/delete databases +- View/add/rename/delete collections +- View/add/update/delete documents +- Preview audio/video/image assets inline in collection view +- Nested and/or large objects are collapsible for easy overview +- Async on-demand loading of big document properties (>100KB default) to keep collection view fast +- GridFS support - add/get/delete incredibly large files +- Use BSON data types in documents +- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind +- Connect and authenticate to individual databases +- Authenticate as admin to view all databases +- Database blacklist/whitelist +- Custom CA and CA validation disabling +- Supports replica sets + + +**Version incluse :** 1.0~ynh3 + +## Captures d'écran + +![Capture d'écran de Mongo Express](./doc/screenshots/document-edit.png) +![Capture d'écran de Mongo Express](./doc/screenshots/collection-view.png) +![Capture d'écran de Mongo Express](./doc/screenshots/databases-view.png) + +## Avertissements / informations importantes + +* For now, any user that can log to your server will have admin access to all your Mongo databases ! + * Single-sign on or LDAP are not integrated + * It's strongly recommanded you don't enable public access to the application + +* It doesn't backup Mongo databases + * As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them + * However, yYou can view / edit other applications databases with Mongo-Express + * It will just reinstall the Mongo server if you installed it with this script + * Any yunohost applications using Mongo databases should manage the backup and restore + +## Documentations et ressources + +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. + +``` bash +sudo yunohost app install https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug +ou +sudo yunohost app upgrade mongo-express -u https://github.com/YunoHost-Apps/mongo-express_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** diff --git a/cac-proxy_ynh.iml b/cac-proxy_ynh.iml new file mode 100644 index 0000000..8021953 --- /dev/null +++ b/cac-proxy_ynh.iml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/check_process b/check_process new file mode 100644 index 0000000..cf53ac3 --- /dev/null +++ b/check_process @@ -0,0 +1,28 @@ +# See here for more information +# https://github.com/YunoHost/package_check#syntax-check_process-file + +;; Test complet + ; Manifest + domain="domain.tld" + path="/path" + is_public=0 + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=0 + setup_public=1 + upgrade=1 + upgrade=0 from_commit=CommitHash + backup_restore=1 + multi_instance=0 + port_already_use=0 + change_url=1 +;;; Options +Email=ger@shared.collin.best +Notification=Down +;;; Upgrade options + ; commit=CommitHash + name=Name and date of the commit. + manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666& diff --git a/conf/.env b/conf/.env new file mode 100644 index 0000000..85c138e --- /dev/null +++ b/conf/.env @@ -0,0 +1,5 @@ +CACP_PORT=__PORT__ +CACP_REDIRECT_HOST=https://__DOMAIN__ +CACP_REDIRECT_PATH=__PATH_URL__ +CACP_DEBUG=FALSE +CACP_LOG=FALSE diff --git a/conf/amd64.src b/conf/amd64.src new file mode 100644 index 0000000..dce1de5 --- /dev/null +++ b/conf/amd64.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.0.15/cookie-aware-cors-proxy.tgz +SOURCE_SUM=21ba12f3a6fe09d9c934be4ce490a575a955a00a7f6ac82d2715e3e037e6c372 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..cc967da --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,12 @@ +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + # Path to source + proxy_pass http://localhost:__PORT__/proxy/; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + + # Include SSOWAT user panel. + # include conf.d/yunohost_panel.conf.inc; +} diff --git a/conf/systemd.service b/conf/systemd.service new file mode 100644 index 0000000..8417af7 --- /dev/null +++ b/conf/systemd.service @@ -0,0 +1,50 @@ +[Unit] +Description=Cookie-Aware-Cors-Proxy +After=network.target + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +EnvironmentFile=__FINALPATH__/.env +WorkingDirectory=__FINALPATH__/ +ExecStart=__YNH_NODE__ ./src/server.js +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..4693706 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,20 @@ +Mongo Express is a Web-based MongoDB admin interface written with Node.js, Express and Bootstrap3. +You can as well install a Mongo database - version 4, 5 or 6 in your yunohost server if you want + +### Features +- Optionally installs Mongo server +- Connect to multiple databases +- View/add/delete databases +- View/add/rename/delete collections +- View/add/update/delete documents +- Preview audio/video/image assets inline in collection view +- Nested and/or large objects are collapsible for easy overview +- Async on-demand loading of big document properties (>100KB default) to keep collection view fast +- GridFS support - add/get/delete incredibly large files +- Use BSON data types in documents +- Mobile / Responsive - Bootstrap 3 works passably on small screens when you're in a bind +- Connect and authenticate to individual databases +- Authenticate as admin to view all databases +- Database blacklist/whitelist +- Custom CA and CA validation disabling +- Supports replica sets diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..4e3265d --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,9 @@ +* For now, any user that can log to your server will have admin access to all your Mongo databases ! + * Single-sign on or LDAP are not integrated + * It's strongly recommanded you don't enable public access to the application + +* It doesn't backup Mongo databases + * As mongo-express doesn't require any database by itself, it doesn't backup or restore any of them + * However, yYou can view / edit other applications databases with Mongo-Express + * It will just reinstall the Mongo server if you installed it with this script + * Any yunohost applications using Mongo databases should manage the backup and restore diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/screenshots/collection-view.png b/doc/screenshots/collection-view.png new file mode 100644 index 0000000..e25adbc Binary files /dev/null and b/doc/screenshots/collection-view.png differ diff --git a/doc/screenshots/databases-view.png b/doc/screenshots/databases-view.png new file mode 100644 index 0000000..bb53b8a Binary files /dev/null and b/doc/screenshots/databases-view.png differ diff --git a/doc/screenshots/document-edit.png b/doc/screenshots/document-edit.png new file mode 100644 index 0000000..cabfd5b Binary files /dev/null and b/doc/screenshots/document-edit.png differ diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..dd39518 --- /dev/null +++ b/manifest.json @@ -0,0 +1,46 @@ +{ + "name": "Cookie Aware Cors Proxy", + "id": "cac-proxy", + "packaging_format": 1, + "description": { + "en": "An advanced https proxy allowing you to call other websites from your own web application.", + "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web." + }, + "version": "1.0~ynh1", + "url": "https://github.com/gcollin/cookie-aware-cors-proxy", + "upstream": { + "license": "MIT", + "code": "https://github.com/gcollin/cookie-aware-cors-proxy" + }, + "license": "MIT", + "maintainer": { + "name": "Gerard Collin", + "email": "ger@collin.best" + }, + "requirements": { + "yunohost": ">= 11.0.0" + }, + "multi_instance": false, + "services": [ + "nginx" + ], + "arguments": { + "install": [ + { + "name": "domain", + "type": "domain" + }, + { + "name": "path", + "type": "path", + "example": "/proxy", + "default": "/proxy" + }, + { + "name": "is_public", + "type": "boolean", + "default": true + } + ] + } +} diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..fc72584 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= +nodejs_version=16 + +# dependencies used by the app (must be on a single line) +pkg_dependencies="" + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup new file mode 100755 index 0000000..0670178 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,74 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info --message="Loading installation settings..." + +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) + +#================================================= +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + +### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs +### to be backuped and not an actual copy of any file. The actual backup that +### creates and fill the archive with the files happens in the core after this +### script is called. Hence ynh_backups calls takes basically 0 seconds to run. + +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup --src_path="$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup --src_path="/etc/logrotate.d/$app" + +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..cddf3e8 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,140 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +port=$(ynh_app_setting_get --app=$app --key=port) + +#================================================= +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the NGINX config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original NGINX config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for NGINX helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated NGINX config + ynh_add_nginx_config +fi + +# Change the domain for NGINX +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +ynh_script_progression --message="Updating .env configuration..." + +ynh_backup_if_checksum_is_different --file="$final_path/.env" +domain=$new_domain +path_url=$new_path +ynh_add_config --template=".env" --destination="$final_path/.env" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" + +#================================================= +# GENERIC FINALISATION +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install new file mode 100755 index 0000000..343f30d --- /dev/null +++ b/scripts/install @@ -0,0 +1,285 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ynh_clean_check_starting +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +is_public=$YNH_APP_ARG_IS_PUBLIC + +### If it's a multi-instance app, meaning it can be installed several times independently +### The id of the app as stated in the manifest is available as $YNH_APP_ID +### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) +### The app instance name is available as $YNH_APP_INSTANCE_NAME +### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample +### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 +### - ynhexample__{N} for the subsequent installations, with N=3,4... +### The app instance name is probably what interests you most, since this is +### guaranteed to be unique. This is a good unique identifier to define installation path, +### db names... +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +### About --weight and --time +### ynh_script_progression will show to your final users the progression of each scripts. +### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. +### --time is a packager option, it will show you the execution time since the previous call. +### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app. +### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step. +### A common way to do it is to set a weight equal to the execution time in second +1. +### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. +ynh_script_progression --message="Validating installation parameters..." --weight=1 + +# Check machine architecture (in particular, we don't support ARM and 32bit machines) +if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ] || [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "aarch64" ] || [ $YNH_ARCH == "arm64" ] +then + ynh_die --message="Sorry, but this app can only be installed on a x86, 64 bits machine :(" +fi + +### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" +final_path=/opt/yunohost/$app +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" + +# Register (book) web path +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= +ynh_script_progression --message="Storing installation settings..." --weight=1 + +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=is_public --value=$is_public + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_script_progression --message="Finding an available port..." --weight=1 + +### Use these lines if you have to open a port for the application +### `ynh_find_port` will find the first available port starting from the given port. +### If you're not using these lines: +### - Remove the section "CLOSE A PORT" in the remove script + +# Find an available port +port=$(ynh_find_port --port=3000) +ynh_app_setting_set --app=$app --key=port --value=$port + +# Optional: Expose this port publicly +# (N.B.: you only need to do this if the app actually needs to expose the port publicly. +# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) + +# Open the port +# ynh_script_progression --message="Configuring firewall..." --weight=1 +# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port + +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=3 + +### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. +### Those deb packages will be installed as dependencies of this package. +### If you're not using this helper: +### - Remove the section "REMOVE DEPENDENCIES" in the remove script +### - Remove the variable "pkg_dependencies" in _common.sh +### - As well as the section "REINSTALL DEPENDENCIES" in the restore script +### - And the section "UPGRADE DEPENDENCIES" in the upgrade script + +ynh_install_app_dependencies $pkg_dependencies +ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_use_nodejs + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." --weight=6 + +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/amd64.src + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from amd64.src +ynh_setup_source --source_id=amd64 --dest_dir="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 + +### `ynh_add_nginx_config` will use the file conf/nginx.conf + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# ... +#================================================= + + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +ynh_add_config --template=".env" --destination="$final_path/.env" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" + +### For more complex cases where you want to replace stuff using regexes, +### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) +### When doing so, you also need to manually call ynh_store_file_checksum +### +### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" +### ynh_store_file_checksum --file="$final_path/some_config_file" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Configuring a systemd service..." --weight=1 + +### `ynh_systemd_config` is used to configure a systemd script for an app. +### It can be used for apps that use sysvinit (with adaptation) or systemd. +### Have a look at the app to be sure this app needs a systemd script. +### `ynh_systemd_config` will use the file conf/systemd.service +### If you're not using these lines: +### - You can remove those files in conf/. +### - Remove the section "BACKUP SYSTEMD" in the backup script +### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script +### - As well as the section "RESTORE SYSTEMD" in the restore script +### - And the section "SETUP SYSTEMD" in the upgrade script + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --weight=1 + +### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. +### Use this helper only if there is effectively a log file for this app. +### If you're not using this helper: +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 + +### `yunohost service add` integrates a service in YunoHost. It then gets +### displayed in the admin interface and through the others `yunohost service` commands. +### (N.B.: this line only makes sense if the app adds a service to the system!) +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script +### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script +### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script + +yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# SETUP FAIL2BAN +#================================================= +# ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 + +# Create a dedicated Fail2Ban config +# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --weight=1 + +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" +fi + +### N.B. : the following extra permissions only make sense if your app +### does have for example an admin interface or an API. + +# Only the admin can access the admin panel of the app (if the app has an admin panel) +# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin + +# Everyone can access the API part +# We don't want to display the tile in the SSO so we put --show_tile="false" +# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" +# ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove new file mode 100755 index 0000000..a35c8e3 --- /dev/null +++ b/scripts/remove @@ -0,0 +1,127 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE SERVICE INTEGRATION IN YUNOHOST +#================================================= + +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service integration..." --weight=1 + yunohost service remove $app +fi + +#================================================= +# STOP AND REMOVE SERVICE +#================================================= +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 + +# Remove the dedicated systemd config +ynh_remove_systemd_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." --weight=1 + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_script_progression --message="Removing app main directory..." --weight=1 + +# Remove the app directory securely +ynh_secure_remove --file="$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 + +# Remove the dedicated NGINX config +ynh_remove_nginx_config + +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=1 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +# Remove the version of Nodejs used if needed +ynh_remove_nodejs + +#================================================= +# CLOSE A PORT +#================================================= + +if yunohost firewall list | grep -q "\- $port$" +then + ynh_script_progression --message="Closing port $port..." --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $port +fi + +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 + +# Remove the dedicated Fail2Ban config +#ynh_remove_fail2ban_config + +#================================================= +# SPECIFIC REMOVE +#================================================= +# REMOVE VARIOUS FILES +#================================================= +ynh_script_progression --message="Removing various files..." --weight=1 + +# Remove a cron file +#ynh_secure_remove --file="/etc/cron.d/$app" + +# Remove a directory securely +#ynh_secure_remove --file="/etc/$app" + +# Remove the log files +ynh_secure_remove --file="/var/log/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore new file mode 100755 index 0000000..b6f3865 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,137 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +port=$(ynh_app_setting_get --app=$app --key=port) + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=1 + +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= + + +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$final_path" + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=3 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies +ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_use_nodejs + +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE SYSTEMD +#================================================= +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + +mkdir --parents /var/log/$app +chown $app:adm /var/log/$app + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 + +yunohost service add $app --description="Mongo Express to easily administer your Mongo databases" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100644 index 0000000..2af66c8 --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,193 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +port=$(ynh_app_setting_get --app=$app --key=port) + +#================================================= +# CHECK VERSION +#================================================= + +### This helper will compare the version of the currently installed app and the version of the upstream package. +### $upgrade_type can have 2 different values +### - UPGRADE_APP if the upstream app version has changed +### - UPGRADE_PACKAGE if only the YunoHost package has changed +### ynh_check_app_version_changed will stop the upgrade if the app is up to date. +### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=3 + +### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. +### Those deb packages will be installed as dependencies of this package. +### If you're not using this helper: +### - Remove the section "REMOVE DEPENDENCIES" in the remove script +### - Remove the variable "pkg_dependencies" in _common.sh +### - As well as the section "REINSTALL DEPENDENCIES" in the restore script +### - And the section "UPGRADE DEPENDENCIES" in the upgrade script + +ynh_install_app_dependencies $pkg_dependencies +ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_use_nodejs + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=6 + + # Download, check integrity, uncompress and patch the source from amd64.src + ynh_setup_source --source_id=amd64 --dest_dir="$final_path" + +fi + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# ... +#================================================= + +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." --weight=1 + +### Same as during install +### +### The file will automatically be backed-up if it's found to be manually modified (because +### ynh_add_config keeps track of the file's checksum) + +ynh_add_config --template=".env" --destination="$final_path/.env" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" + +### For more complex cases where you want to replace stuff using regexes, +### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) +### When doing so, you also need to manually call ynh_store_file_checksum +### +### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" +### ynh_store_file_checksum --file="$final_path/some_config_file" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 + +yunohost service add $app --description="A Cors proxy letting the browser manages cookies and redirects." --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last diff --git a/sources/extra_files/app/.gitignore b/sources/extra_files/app/.gitignore new file mode 100644 index 0000000..783a4ae --- /dev/null +++ b/sources/extra_files/app/.gitignore @@ -0,0 +1,2 @@ +*~ +*.sw[op] diff --git a/sources/patches/.gitignore b/sources/patches/.gitignore new file mode 100644 index 0000000..783a4ae --- /dev/null +++ b/sources/patches/.gitignore @@ -0,0 +1,2 @@ +*~ +*.sw[op]