1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cops_ynh.git synced 2024-09-03 18:25:57 +02:00

Add Basic Auth capability for public OPDS/HTML Library

This commit is contained in:
polytan02 2016-12-22 12:01:20 +00:00
parent 37262c1bad
commit 2931e82588
5 changed files with 102 additions and 0 deletions

View file

@ -1,6 +1,10 @@
location PATHTOCHANGE { location PATHTOCHANGE {
alias ALIASTOCHANGE; alias ALIASTOCHANGE;
# auth_basic "Reason for being private";
# auth_basic_user_file /path/to/htpasswd;
if ($scheme = http) { if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent; rewrite ^ https://$server_name$request_uri? permanent;
} }

View file

@ -68,7 +68,38 @@
}, },
"choices": ["Yes", "No"], "choices": ["Yes", "No"],
"default": "Yes" "default": "Yes"
},
{
"name": "basicauthcreate",
"ask": {
"en": "Create a basic auth access ? This is required if the app is public so that ereaders to access the OPDS server, for example",
"fr": "Créer un accès par authentification basique ? Ceci est requis si votre bibliothèque est publique et vous voulez accéder au serveur OPDS avec votre liseuse ou application mobile"
},
"choices": ["Yes", "No"],
"default": "Yes"
},
{
"name": "basciauthuser",
"type": "user",
"ask": {
"en": "Choose the username to access the OPDS/HTML server (unrelated to YunoHost users)",
"fr": "Indiquez le nom d'utilisateur pour accéder au serveur OPDS/HTML (non lié utilisateurs YunoHost)",
},
"example": "Gutenberg",
"default": "Gutenberg"
},
{
"name": "basicauthpass",
"type": "password",
"ask": {
"en": "Choose the password to access the OPDS/HTML server",
"fr": "Renseignez le mot de passe pour accéder au serveur OPDS/HTML"
},
"example": "knowledge is power",
"default": "knowledge is power"
} }
] ]
} }
} }

View file

@ -17,6 +17,9 @@ path=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
runninguser=$YNH_APP_ARG_RUNNINGUSER runninguser=$YNH_APP_ARG_RUNNINGUSER
calibrepath=$YNH_APP_ARG_CALIBREPATH calibrepath=$YNH_APP_ARG_CALIBREPATH
basicauthcreate=$YNH_APP_ARG_BASICAUTHCREATE
basicauthuser=$YNH_APP_ARG_BASICAUTHUSER
basicauthpass=$YNH_APP_ARG_BASICAUTHPASS
# We check variables are not empty # We check variables are not empty
CHECK_VAR "$app" "app name not set" CHECK_VAR "$app" "app name not set"
@ -55,11 +58,36 @@ sudo mkdir -p $final_path
sudo cp ../conf/config_local.php ../sources/ sudo cp ../conf/config_local.php ../sources/
sed -i "s@CALIBRETOCHANGE@$calibrepath@g" ../sources/config_local.php sed -i "s@CALIBRETOCHANGE@$calibrepath@g" ../sources/config_local.php
# To be done : make it an if loop
# Add basic auth if requested
if [ "$basicauthcreate" = "Yes" ];
then
ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate"
ynh_app_setting_set "$app" basicauthuser "$basicauthuser"
ynh_app_setting_set "$app" basicauthpass "$basicauthpass"
# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/
SALT="$(openssl rand -base64 3)"
(SHA1=$(printf "$basicauthpass$SALT" |
openssl dgst -binary -sha1 | xxd -ps |
sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
xxd -r -ps |
base64);printf "$basicauthuser:{SSHA}$SHA1\n" >> ../sources/htpasswd)
# Modif nginx
sed -i "s|^.*\bauth_basic\b.*$| auth_basic "Private Library";|" ../conf/nginx.conf;
sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
echo "No basic auth";
fi
# Base site # Base site
sudo cp -a ../sources/* $final_path/ sudo cp -a ../sources/* $final_path/
# Set permissions # Set permissions
sudo chmod 775 -R $final_path sudo chmod 775 -R $final_path
sudo chmod 600 $final_path/htpasswd
sudo chown -hR $runninguser:$runninguser $final_path sudo chown -hR $runninguser:$runninguser $final_path
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
@ -84,6 +112,7 @@ then
ynh_app_setting_set $app skipped_uris "/" ynh_app_setting_set $app skipped_uris "/"
fi fi
# Reload Nginx and regenerate SSOwat conf # Reload Nginx and regenerate SSOwat conf
sudo service php5-fpm reload sudo service php5-fpm reload
sudo service nginx reload sudo service nginx reload

View file

@ -21,6 +21,7 @@ is_public=$(ynh_app_setting_get $app is_public)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf) finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf) finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$(ynh_app_setting_get $app runninguser) runninguser=$(ynh_app_setting_get $app runninguser)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
# Check domain/path availability # Check domain/path availability
#sudo yunohost app checkurl "${domain}${path}" -a "$app" \ #sudo yunohost app checkurl "${domain}${path}" -a "$app" \
@ -36,6 +37,14 @@ sudo cp -a ./sources/* $final_path/
# Restore permissions to app files # Restore permissions to app files
# you may need to make some file and/or directory writeable by www-data (nginx user) # you may need to make some file and/or directory writeable by www-data (nginx user)
sudo chown -R $runninguser:$runninguser $final_path sudo chown -R $runninguser:$runninguser $final_path
if [ "$basicauthcreate" = "Yes" ];
then
sudo chmod 600 $final_path/htpasswd
else
echo "Nothing to do"
fi
### MySQL (remove if not used) ### ### MySQL (remove if not used) ###
# If a MySQL database is used: # If a MySQL database is used:

View file

@ -24,7 +24,28 @@ finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf) finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$(ynh_app_setting_get $app runninguser) runninguser=$(ynh_app_setting_get $app runninguser)
calibrepath=$(ynh_app_setting_get $app calibrepath) calibrepath=$(ynh_app_setting_get $app calibrepath)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
# Add basic auth if requested
if [ "$basicauthcreate" = "Yes" ];
then
basicauthuser=$(ynh_app_setting_get $app basicauthuser)
basicauthpass=$(ynh_app_setting_get $app basicauthpass)
# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/
SALT="$(openssl rand -base64 3)"
(SHA1=$(printf "$basicauthpass$SALT" |
openssl dgst -binary -sha1 | xxd -ps |
sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
xxd -r -ps |
base64);printf "$basicauthuser:{SSHA}$SHA1\n" >> ../sources/htpasswd)
# Modif nginx
sed -i "s|^.*\bauth_basic\b.*$| auth_basic "Private Library";|" ../conf/nginx.conf;
sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
echo "No basic auth";
fi
# We install dependencies # We install dependencies
@ -58,6 +79,14 @@ sudo cp -a ../sources/* $final_path/
# We adjust permissions # We adjust permissions
sudo chmod 775 -R $final_path sudo chmod 775 -R $final_path
if [ "$basicauthcreate" = "Yes" ];
then
sudo chmod 600 $final_path/htpasswd
else
echo "Nothing to do"
fi
sudo chown -hR $runninguser:$runninguser $final_path sudo chown -hR $runninguser:$runninguser $final_path