YunoHost-Apps/cops_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cops_ynh.git synced 2024-09-03 18:25:57 +02:00
Code Issues Activity Actions

Add Basic Auth capability for public OPDS/HTML Library

Browse source
This commit is contained in:
polytan02 2016-12-22 12:01:20 +00:00
parent 37262c1bad
commit 2931e82588
5 changed files with 102 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
conf/nginx.conf
View file

@ -1,6 +1,10 @@
location PATHTOCHANGE {
alias ALIASTOCHANGE;
# auth_basic "Reason for being private";
# auth_basic_user_file /path/to/htpasswd;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}

31
manifest.json
View file

@ -68,7 +68,38 @@
},
"choices": ["Yes", "No"],
"default": "Yes"
},
{
"name": "basicauthcreate",
"ask": {
"en": "Create a basic auth access ? This is required if the app is public so that ereaders to access the OPDS server, for example",
"fr": "Créer un accès par authentification basique ? Ceci est requis si votre bibliothèque est publique et vous voulez accéder au serveur OPDS avec votre liseuse ou application mobile"
},
"choices": ["Yes", "No"],
"default": "Yes"
},
{
"name": "basciauthuser",
"type": "user",
"ask": {
"en": "Choose the username to access the OPDS/HTML server (unrelated to YunoHost users)",
"fr": "Indiquez le nom d'utilisateur pour accéder au serveur OPDS/HTML (non lié utilisateurs YunoHost)",
},
"example": "Gutenberg",
"default": "Gutenberg"
},
{
"name": "basicauthpass",
"type": "password",
"ask": {
"en": "Choose the password to access the OPDS/HTML server",
"fr": "Renseignez le mot de passe pour accéder au serveur OPDS/HTML"
},
"example": "knowledge is power",
"default": "knowledge is power"
}
]
}
}

29
scripts/install
View file

@ -17,6 +17,9 @@ path=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
runninguser=$YNH_APP_ARG_RUNNINGUSER
calibrepath=$YNH_APP_ARG_CALIBREPATH
basicauthcreate=$YNH_APP_ARG_BASICAUTHCREATE
basicauthuser=$YNH_APP_ARG_BASICAUTHUSER
basicauthpass=$YNH_APP_ARG_BASICAUTHPASS
# We check variables are not empty
CHECK_VAR "$app" "app name not set"
@ -55,11 +58,36 @@ sudo mkdir -p $final_path
sudo cp ../conf/config_local.php ../sources/
sed -i "s@CALIBRETOCHANGE@$calibrepath@g" ../sources/config_local.php
# To be done : make it an if loop
# Add basic auth if requested
if [ "$basicauthcreate" = "Yes" ];
then
ynh_app_setting_set "$app" basicauthcreate "$basicauthcreate"
ynh_app_setting_set "$app" basicauthuser "$basicauthuser"
ynh_app_setting_set "$app" basicauthpass "$basicauthpass"
# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/
SALT="$(openssl rand -base64 3)"
(SHA1=$(printf "$basicauthpass$SALT" |
openssl dgst -binary -sha1 | xxd -ps |
sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
xxd -r -ps |
base64);printf "$basicauthuser:{SSHA}$SHA1\n" >> ../sources/htpasswd)
# Modif nginx
sed -i "s|^.*\bauth_basic\b.*$| auth_basic "Private Library";|" ../conf/nginx.conf;
sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
echo "No basic auth";
fi
# Base site
sudo cp -a ../sources/* $final_path/
# Set permissions
sudo chmod 775 -R $final_path
sudo chmod 600 $final_path/htpasswd
sudo chown -hR $runninguser:$runninguser $final_path
# Modify Nginx configuration file and copy it to Nginx conf directory
@ -84,6 +112,7 @@ then
ynh_app_setting_set $app skipped_uris "/"
fi
# Reload Nginx and regenerate SSOwat conf
sudo service php5-fpm reload
sudo service nginx reload

9
scripts/restore
View file

@ -21,6 +21,7 @@ is_public=$(ynh_app_setting_get $app is_public)
finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$(ynh_app_setting_get $app runninguser)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
# Check domain/path availability
#sudo yunohost app checkurl "${domain}${path}" -a "$app" \
@ -36,6 +37,14 @@ sudo cp -a ./sources/* $final_path/
# Restore permissions to app files
# you may need to make some file and/or directory writeable by www-data (nginx user)
sudo chown -R $runninguser:$runninguser $final_path
if [ "$basicauthcreate" = "Yes" ];
then
sudo chmod 600 $final_path/htpasswd
else
echo "Nothing to do"
fi
### MySQL (remove if not used) ###
# If a MySQL database is used:

29
scripts/upgrade
View file

@ -24,7 +24,28 @@ finalnginxconf=$(ynh_app_setting_get $app finalnginxconf)
finalphpconf=$(ynh_app_setting_get $app finalphpconf)
runninguser=$(ynh_app_setting_get $app runninguser)
calibrepath=$(ynh_app_setting_get $app calibrepath)
basicauthcreate=$(ynh_app_setting_get $app basicauthcreate)
# Add basic auth if requested
if [ "$basicauthcreate" = "Yes" ];
then
basicauthuser=$(ynh_app_setting_get $app basicauthuser)
basicauthpass=$(ynh_app_setting_get $app basicauthpass)
# Generation of the htpasswd file according https://www.nginx.com/resources/wiki/community/faq/
SALT="$(openssl rand -base64 3)"
(SHA1=$(printf "$basicauthpass$SALT" |
openssl dgst -binary -sha1 | xxd -ps |
sed 's#$#'"`echo -n $SALT | xxd -ps`"'#' |
xxd -r -ps |
base64);printf "$basicauthuser:{SSHA}$SHA1\n" >> ../sources/htpasswd)
# Modif nginx
sed -i "s|^.*\bauth_basic\b.*$| auth_basic "Private Library";|" ../conf/nginx.conf;
sed -i "s|^.*\bauth_basic_user_file\b.*$| auth_basic_user_file $final_path/htpasswd;|" ../conf/nginx.conf;
else
echo "No basic auth";
fi
# We install dependencies
@ -58,6 +79,14 @@ sudo cp -a ../sources/* $final_path/
# We adjust permissions
sudo chmod 775 -R $final_path
if [ "$basicauthcreate" = "Yes" ];
then
sudo chmod 600 $final_path/htpasswd
else
echo "Nothing to do"
fi
sudo chown -hR $runninguser:$runninguser $final_path