Merge 94278ab29e into 4075742998

ALL_README.md

@@ -5,4 +5,6 @@
 - [Irakurri README euskaraz](README_eu.md)
 - [Lire le README en français](README_fr.md)
 - [Le o README en galego](README_gl.md)
+- [Baca README dalam bahasa bahasa Indonesia](README_id.md)
+- [Прочитать README на русский](README_ru.md)
 - [阅读中文（简体）的 README](README_zh_Hans.md)

README.md

@@ -5,7 +5,7 @@ It shall NOT be edited by hand.
 
 # CryptPad for YunoHost
 
-[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Working status](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Working status](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
 
 [![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
 
@@ -18,7 +18,7 @@ It shall NOT be edited by hand.
 
 CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
 
-**Shipped version:** 5.3.0~ynh2
+**Shipped version:** 2024.6.1~ynh1
 
 **Demo:** <https://cryptpad.fr/>
 
@@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source.
 
 - Official app website: <https://cryptpad.fr/>
 - Official admin documentation: <https://docs.cryptpad.fr/en/>
-- Upstream app code repository: <https://github.com/xwiki-labs/cryptpad>
+- Upstream app code repository: <https://github.com/cryptpad/cryptpad>
 - YunoHost Store: <https://apps.yunohost.org/app/cryptpad>
 - Report a bug: <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
 

README_es.md

@@ -5,7 +5,7 @@ No se debe editar a mano.
 
 # CryptPad para Yunohost
 
-[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
 
 [![Instalar CryptPad con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
 
@@ -18,7 +18,7 @@ No se debe editar a mano.
 
 CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
 
-**Versión actual:** 5.3.0~ynh2
+**Versión actual:** 2024.6.1~ynh1
 
 **Demo:** <https://cryptpad.fr/>
 
@@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source.
 
 - Sitio web oficial: <https://cryptpad.fr/>
 - Documentación administrador oficial: <https://docs.cryptpad.fr/en/>
-- Repositorio del código fuente oficial de la aplicación : <https://github.com/xwiki-labs/cryptpad>
+- Repositorio del código fuente oficial de la aplicación : <https://github.com/cryptpad/cryptpad>
 - Catálogo YunoHost: <https://apps.yunohost.org/app/cryptpad>
 - Reportar un error: <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
 

README_eu.md

@@ -5,7 +5,7 @@ EZ editatu eskuz.
 
 # CryptPad YunoHost-erako
 
-[![Integrazio maila](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+[![Integrazio maila](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
 
 [![Instalatu CryptPad YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
 
@@ -18,7 +18,7 @@ EZ editatu eskuz.
 
 CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
 
-**Paketatutako bertsioa:** 5.3.0~ynh2
+**Paketatutako bertsioa:** 2024.6.1~ynh1
 
 **Demoa:** <https://cryptpad.fr/>
 
@@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source.
 
 - Aplikazioaren webgune ofiziala: <https://cryptpad.fr/>
 - Administratzaileen dokumentazio ofiziala: <https://docs.cryptpad.fr/en/>
-- Jatorrizko aplikazioaren kode-gordailua: <https://github.com/xwiki-labs/cryptpad>
+- Jatorrizko aplikazioaren kode-gordailua: <https://github.com/cryptpad/cryptpad>
 - YunoHost Denda: <https://apps.yunohost.org/app/cryptpad>
 - Eman errore baten berri: <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
 

README_fr.md

@@ -5,7 +5,7 @@ Il NE doit PAS être modifié à la main.
 
 # CryptPad pour YunoHost
 
-[![Niveau d’intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+[![Niveau d’intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
 
 [![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
 
@@ -18,7 +18,7 @@ Il NE doit PAS être modifié à la main.
 
 CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké. 
 
-**Version incluse :** 5.3.0~ynh2
+**Version incluse :** 2024.6.1~ynh1
 
 **Démo :** <https://cryptpad.fr/>
 
@@ -30,7 +30,7 @@ CryptPad est une suite de collaboration chiffrée de bout en bout et open source
 
 - Site officiel de l’app : <https://cryptpad.fr/>
 - Documentation officielle de l’admin : <https://docs.cryptpad.fr/en/>
-- Dépôt de code officiel de l’app : <https://github.com/xwiki-labs/cryptpad>
+- Dépôt de code officiel de l’app : <https://github.com/cryptpad/cryptpad>
 - YunoHost Store : <https://apps.yunohost.org/app/cryptpad>
 - Signaler un bug : <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
 

README_gl.md

@@ -5,7 +5,7 @@ NON debe editarse manualmente.
 
 # CryptPad para YunoHost
 
-[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
 
 [![Instalar CryptPad con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
 
@@ -18,7 +18,7 @@ NON debe editarse manualmente.
 
 CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
 
-**Versión proporcionada:** 5.3.0~ynh2
+**Versión proporcionada:** 2024.6.1~ynh1
 
 **Demo:** <https://cryptpad.fr/>
 
@@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source.
 
 - Web oficial da app: <https://cryptpad.fr/>
 - Documentación oficial para admin: <https://docs.cryptpad.fr/en/>
-- Repositorio de orixe do código: <https://github.com/xwiki-labs/cryptpad>
+- Repositorio de orixe do código: <https://github.com/cryptpad/cryptpad>
 - Tenda YunoHost: <https://apps.yunohost.org/app/cryptpad>
 - Informar dun problema: <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
 

README_id.md

@@ -0,0 +1,49 @@
+<!--
+N.B.: README ini dibuat secara otomatis oleh <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
+Ini TIDAK boleh diedit dengan tangan.
+-->
+
+# CryptPad untuk YunoHost
+
+[![Tingkat integrasi](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Status kerja](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Status pemeliharaan](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+
+[![Pasang CryptPad dengan YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
+
+*[Baca README ini dengan bahasa yang lain.](./ALL_README.md)*
+
+> *Paket ini memperbolehkan Anda untuk memasang CryptPad secara cepat dan mudah pada server YunoHost.*  
+> *Bila Anda tidak mempunyai YunoHost, silakan berkonsultasi dengan [panduan](https://yunohost.org/install) untuk mempelajari bagaimana untuk memasangnya.*
+
+## Ringkasan
+
+CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
+
+**Versi terkirim:** 2024.6.1~ynh1
+
+**Demo:** <https://cryptpad.fr/>
+
+## Tangkapan Layar
+
+![Tangkapan Layar pada CryptPad](./doc/screenshots/screenshot.png)
+
+## Dokumentasi dan sumber daya
+
+- Website aplikasi resmi: <https://cryptpad.fr/>
+- Dokumentasi admin resmi: <https://docs.cryptpad.fr/en/>
+- Depot kode aplikasi hulu: <https://github.com/cryptpad/cryptpad>
+- Gudang YunoHost: <https://apps.yunohost.org/app/cryptpad>
+- Laporkan bug: <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
+
+## Info developer
+
+Silakan kirim pull request ke [`testing` branch](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing).
+
+Untuk mencoba branch `testing`, silakan dilanjutkan seperti:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
+atau
+sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
+```
+
+**Info lebih lanjut mengenai pemaketan aplikasi:** <https://yunohost.org/packaging_apps>

README_ru.md

@@ -0,0 +1,49 @@
+<!--
+Важно: этот README был автоматически сгенерирован <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
+Он НЕ ДОЛЖЕН редактироваться вручную.
+-->
+
+# CryptPad для YunoHost
+
+[![Уровень интеграции](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Состояние работы](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Состояние сопровождения](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+
+[![Установите CryptPad с YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
+
+*[Прочтите этот README на других языках.](./ALL_README.md)*
+
+> *Этот пакет позволяет Вам установить CryptPad быстро и просто на YunoHost-сервер.*  
+> *Если у Вас нет YunoHost, пожалуйста, посмотрите [инструкцию](https://yunohost.org/install), чтобы узнать, как установить его.*
+
+## Обзор
+
+CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
+
+**Поставляемая версия:** 2024.6.1~ynh1
+
+**Демо-версия:** <https://cryptpad.fr/>
+
+## Снимки экрана
+
+![Снимок экрана CryptPad](./doc/screenshots/screenshot.png)
+
+## Документация и ресурсы
+
+- Официальный веб-сайт приложения: <https://cryptpad.fr/>
+- Официальная документация администратора: <https://docs.cryptpad.fr/en/>
+- Репозиторий кода главной ветки приложения: <https://github.com/cryptpad/cryptpad>
+- Магазин YunoHost: <https://apps.yunohost.org/app/cryptpad>
+- Сообщите об ошибке: <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
+
+## Информация для разработчиков
+
+Пришлите Ваш запрос на слияние в [ветку `testing`](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing).
+
+Чтобы попробовать ветку `testing`, пожалуйста, сделайте что-то вроде этого:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
+или
+sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
+```
+
+**Больше информации о пакетировании приложений:** <https://yunohost.org/packaging_apps>

README_zh_Hans.md

@@ -5,7 +5,7 @@
 
 # YunoHost 上的 CryptPad
 
-[![集成程度](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![工作状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
+[![集成程度](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![工作状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
 
 [![使用 YunoHost 安装 CryptPad](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
 
@@ -18,7 +18,7 @@
 
 CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
 
-**分发版本：** 5.3.0~ynh2
+**分发版本：** 2024.6.1~ynh1
 
 **演示：** <https://cryptpad.fr/>
 
@@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source.
 
 - 官方应用网站： <https://cryptpad.fr/>
 - 官方管理文档： <https://docs.cryptpad.fr/en/>
-- 上游应用代码库： <https://github.com/xwiki-labs/cryptpad>
+- 上游应用代码库： <https://github.com/cryptpad/cryptpad>
 - YunoHost 商店： <https://apps.yunohost.org/app/cryptpad>
 - 报告 bug： <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
 

conf/config.js

@@ -1,3 +1,7 @@
+// SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
 /* globals module */
 
 /*  DISCLAIMER:
@@ -11,7 +15,7 @@
     Support requests for such setups should be directed to their authors.
 
     If you're having difficulty difficulty configuring your instance
-    we suggest that you join the project's IRC/Matrix channel.
+    we suggest that you join the project's Matrix channel.
 
     If you don't have any difficulty configuring your instance and you'd like to
     support us for the work that went into making it pain-free we are quite happy
@@ -45,21 +49,13 @@ module.exports = {
  *  In such a case this should be also handled by NGINX, as documented in
  *  cryptpad/docs/example.nginx.conf (see the $main_domain variable)
  *
- *  Note: you may provide multiple origins for the purpose of accessing
- *  a development instance via different URLs, like so:
- *  httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000/',
- *
- *  Such configuration is not recommended for production instances,
- *  as the development team does not actively test such configuration
- *  and it may have unintended consequences in practice.
- *
  */
     httpUnsafeOrigin: 'https://__DOMAIN__',
 
 /*  httpSafeOrigin is the URL that is used for the 'sandbox' described above.
  *  If you're testing or developing with CryptPad on your local machine then
  *  it is appropriate to leave this blank. The default behaviour is to serve
- *  the main domain over port 3000 and to serve the content over port 3001.
+ *  the main domain over port 3000 and to serve the sandbox content over port 3001.
  *
  *  This is not appropriate in a production environment where invasive networks
  *  may filter traffic going over abnormal ports.
@@ -70,17 +66,20 @@ module.exports = {
  *  This value corresponds to the $sandbox_domain variable
  *  in the example nginx file.
  *
+ *  Note that in order for the sandboxing system to be effective
+ *  httpSafeOrigin must be different from httpUnsafeOrigin.
+ *
  *  CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
  */
     httpSafeOrigin: "https://__SANDBOXDOMAIN__",
 
 /*  httpAddress specifies the address on which the nodejs server
- *  should be accessible. By default it will listen on 127.0.0.1
- *  (IPv4 localhost on most systems). If you want it to listen on
- *  all addresses, including IPv6, set this to '::'.
+ *  should be accessible. By default it will listen on localhost
+ *  (IPv4 & IPv6 if enabled). If you want it to listen on
+ *  a specific address, specify it here. e.g '192.168.0.1'
  *
  */
-    httpAddress: '::',
+    httpAddress: '127.0.0.1',
 
 /*  httpPort specifies on which port the nodejs server should listen.
  *  By default it will serve content over port 3000, which is suitable
@@ -95,7 +94,20 @@ module.exports = {
  *  that of your httpPort + 1. You probably don't need to change this.
  *
  */
-    httpSafePort: __PORT_PORTI__,
+    // httpSafePort: 3001,
+
+/*  Websockets need to be exposed on a separate port from the rest of
+ *  the platform's HTTP traffic. Port 3003 is used by default.
+ *  You can change this to a different port if it is in use by a
+ *  different service, but under most circumstances you can leave this
+ *  commented and it will work.
+ *
+ *  In production environments, your reverse proxy (usually NGINX)
+ *  will need to forward websocket traffic (/cryptpad_websocket)
+ *  to this port.
+ *
+ */
+    websocketPort: __PORT_SOCKET__,
 
 /*  CryptPad will launch a child process for every core available
  *  in order to perform CPU-intensive tasks in parallel.
@@ -105,6 +117,43 @@ module.exports = {
  */
     // maxWorkers: 4,
 
+    /* =====================
+     *       Sessions
+     * ===================== */
+
+    /*  Accounts can be protected with an OTP (One Time Password) system
+     *  to add a second authentication layer. Such accounts use a session
+     *  with a given lifetime after which they are logged out and need
+     *  to be re-authenticated. You can configure the lifetime of these
+     *  sessions here.
+     *
+     *  defaults to 7 days
+     */
+    //otpSessionExpiration: 7*24, // hours
+
+    /*  Registered users can be forced to protect their account
+     *  with a Multi-factor Authentication (MFA) tool like a TOTP
+     *  authenticator application.
+     *
+     *  defaults to false
+     */
+    //enforceMFA: false,
+
+    /* =====================
+     *       Privacy
+     * ===================== */
+
+    /*  Depending on where your instance is hosted, you may be required to log IP
+     *  addresses of the users who make a change to a document. This setting allows you
+     *  to do so. You can configure the logging system below in this config file.
+     *  Setting this value to true will include a log for each websocket connection
+     *  including this connection's unique ID, the user public key and the IP.
+     *  NOTE: this option requires a log level of "info" or below.
+     *
+     *  defaults to false
+     */
+    //logIP: false,
+
     /* =====================
      *         Admin
      * ===================== */
@@ -115,52 +164,15 @@ module.exports = {
      *  To give access to the admin panel to a user account, just add their public signing
      *  key, which can be found on the settings page for registered users.
      *  Entries should be strings separated by a comma.
+     *  adminKeys: [
+     *      "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
+     *      "[cryptpad-user2@my.awesome.website/jA-9c5iNuG7SyxzGCjwJXVnk5NPfAOO8fQuQ0dC83RE=]",
+     *  ]
+     *
      */
-/*
     adminKeys: [
-        "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
+
     ],
-*/
-
-    /*  CryptPad's administration panel includes a "support" tab
-     *  wherein administrators with a secret key can view messages
-     *  sent from users via the encrypted forms on the /support/ page
-     *
-     *  To enable this functionality:
-     *    run `node ./scripts/generate-admin-keys.js`
-     *    save the public key in your config in the value below
-     *    add the private key via the admin panel
-     *    and back it up in a secure manner
-     *
-     */
-    supportMailboxPublicKey: '',
-
-    /*  CryptPad will display a point of contact for your instance on its contact page
-     *  (/contact.html) if you provide it below.
-     */
-    adminEmail: '__EMAIL__',
-
-    /*  We're very proud that CryptPad is available to the public as free software!
-     *  We do, however, still need to pay our bills as we develop the platform.
-     *
-     *  By default CryptPad will prompt users to consider donating to
-     *  our OpenCollective campaign. We publish the state of our finances periodically
-     *  so you can decide for yourself whether our expenses are reasonable.
-     *
-     *  You can disable any solicitations for donations by setting 'removeDonateButton' to true,
-     *  but we'd appreciate it if you didn't!
-     */
-    removeDonateButton: true,
-
-    /*
-     *  By default, CryptPad contacts one of our servers once a day.
-     *  This check-in will also send some very basic information about your instance including its
-     *  version and the adminEmail so we can reach you if we are aware of a serious problem.
-     *  We will never sell it or send you marketing mail.
-     *
-     *  If you want to block this check-in and remain set 'blockDailyCheck' to true.
-     */
-    blockDailyCheck: true,
 
     /* =====================
      *        STORAGE
@@ -180,7 +192,7 @@ module.exports = {
      *  This archived data still takes up space and so you'll probably still want to
      *  remove these files after a brief period.
      *
-     *  cryptpad/scripts/evict-inactive.js is intended to be run daily
+     *  cryptpad/scripts/evict-archived.js is intended to be run daily
      *  from a crontab or similar scheduling service.
      *
      *  The intent with this feature is to provide a safety net in case of accidental

conf/nginx.conf

@@ -1,91 +1,23 @@
-set $main_domain "__DOMAIN__";
-set $sandbox_domain "__SANDBOXDOMAIN__";
-set $allowed_origins "https://${sandbox_domain}";
-set $api_domain "__DOMAIN__";
-set $files_domain "__DOMAIN__";
-ssl_ecdh_curve secp384r1;
-more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
-more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
-more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
-root __INSTALL_DIR__/;
-index index.html;
-error_page 404 /customize.dist/404.html;
-if ($uri ~ ^(\/|.*\/|.*\.html)$) {
-    set $cacheControl no-cache;
+
+location / {
+    proxy_pass            http://127.0.0.1:__PORT__;
+    proxy_set_header      X-Real-IP $remote_addr;
+    proxy_set_header      Host $host;
+    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+    client_max_body_size  150m;
+
+    proxy_http_version    1.1;
+    proxy_set_header      Upgrade $http_upgrade;
+    proxy_set_header      Connection upgrade;
 }
-if ($args ~ ver=) {
-    set $cacheControl max-age=31536000;
-}
-more_set_headers "Cache-Control: $cacheControl";
-set $styleSrc   "'unsafe-inline' 'self' https://${main_domain}";
-set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
-set $fontSrc    "'self' data: https://${main_domain}";
-set $imgSrc     "'self' data: blob: https://${main_domain}";
-set $frameSrc   "'self' https://${sandbox_domain} blob:";
-set $mediaSrc   "blob:";
-set $childSrc   "https://${main_domain}";
-set $workerSrc  "'self'";
-set $scriptSrc  "'self' resource: https://${main_domain}";
-set $frameAncestors "'self' https://${main_domain}";
-set $unsafe 0;
-if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
-if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
-if ($host != $sandbox_domain) { set $unsafe 0; }
-if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
-if ($unsafe) {
-    set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
-}
-more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
+
 location ^~ /cryptpad_websocket {
-    proxy_pass http://127.0.0.1:__PORT__;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection upgrade;
-}
-location ^~ /customize.dist/ {
-    # This is needed in order to prevent infinite recursion between /customize/ and the root
-}
-location ^~ /customize/ {
-    rewrite ^/customize/(.*)$ $1 break;
-    try_files /customize/$uri /customize.dist/$uri;
-}
-location ~ ^/api/.*$ {
-    proxy_pass http://127.0.0.1:__PORT__;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_hide_header Cross-Origin-Resource-Policy;
-    more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
-    proxy_hide_header Cross-Origin-Embedder-Policy;
-    more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
-}
-location ^~ /blob/ {
-    if ($request_method = 'OPTIONS') {
-        more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
-        more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
-        more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range";
-        more_set_headers "Access-Control-Max-Age: 1728000";
-        more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'";
-        more_set_headers "Content-Length: 0";
-        return 204;
-    }
-    more_set_headers "X-Content-Type-Options: nosniff";
-    more_set_headers "Cache-Control: max-age=31536000'";
-    more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
-    more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
-    more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length";
-    more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length";
-    try_files $uri =404;
-}
-location ^~ /block/ {
-    more_set_headers "X-Content-Type-Options: nosniff";
-    more_set_headers "Cache-Control: max-age=0";
-    try_files $uri =404;
-}
-location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ {
-    rewrite ^(.*)$ $1/ redirect;
-}
-try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri;
+    proxy_pass            http://127.0.0.1:__PORT_SOCKET__;
+    proxy_set_header      X-Real-IP $remote_addr;
+    proxy_set_header      Host $host;
+    proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    proxy_http_version    1.1;
+    proxy_set_header      Upgrade $http_upgrade;
+    proxy_set_header      Connection upgrade;
+}

conf/old.nginx.conf

@@ -0,0 +1,117 @@
+set $main_domain "__DOMAIN__";
+set $sandbox_domain "__SANDBOXDOMAIN__";
+set $allowed_origins "https://${sandbox_domain}";
+set $api_domain "__DOMAIN__";
+set $files_domain "__DOMAIN__";
+ssl_ecdh_curve secp384r1;
+
+more_set_headers "X-XSS-Protection: '1; mode=block'";
+more_set_headers "X-Content-Type-Options: nosniff";
+more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
+more_set_headers "Access-Control-Allow-Credentials: true";
+
+more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
+more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
+
+root __INSTALL_DIR__/;
+index index.html;
+error_page 404 /customize.dist/404.html;
+
+if ($uri ~ ^(\/|.*\/|.*\.html)$) {
+    set $cacheControl no-cache;
+}
+
+if ($args ~ ver=) {
+    set $cacheControl max-age=31536000;
+}
+
+if ($uri ~ ^(\/|.*\/|.*\.html)$) {
+    set $cacheControl no-cache;
+}
+
+more_set_headers "Cache-Control: $cacheControl";
+set $styleSrc   "'unsafe-inline' 'self' https://${main_domain}";
+set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
+set $fontSrc    "'self' data: https://${main_domain}";
+set $imgSrc     "'self' data: blob: https://${main_domain}";
+set $frameSrc   "'self' https://${sandbox_domain} blob:";
+set $mediaSrc   "blob:";
+set $childSrc   "https://${main_domain}";
+set $workerSrc  "'self'";
+set $scriptSrc  "'self' resource: https://${main_domain}";
+set $frameAncestors "'self' https://${main_domain}";
+set $unsafe 0;
+if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
+if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
+if ($host != $sandbox_domain) { set $unsafe 0; }
+if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
+
+if ($unsafe) {
+    set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
+}
+
+more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
+
+
+types {
+    application/javascript mjs;
+}
+
+location ^~ /cryptpad_websocket {
+    proxy_pass http://127.0.0.1:__PORT_SOCKET__;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # WebSocket support (nginx 1.4)
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+}
+
+location ^~ /customize.dist/ {
+    # This is needed in order to prevent infinite recursion between /customize/ and the root
+}
+
+location ^~ /customize/ {
+    rewrite ^/customize/(.*)$ $1 break;
+    try_files /customize/$uri /customize.dist/$uri;
+}
+
+location ~ ^/api/.*$ {
+    proxy_pass http://127.0.0.1:__PORT__;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    proxy_hide_header Cross-Origin-Resource-Policy;
+    more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
+    proxy_hide_header Cross-Origin-Embedder-Policy;
+    more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
+}
+location ~ ^/(blob|block)/.*$ {
+    if ($request_method = 'OPTIONS') {
+        more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
+        more_set_headers "Access-Control-Allow-Credentials: true";
+        more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
+        more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range";
+        more_set_headers "Access-Control-Max-Age: 1728000";
+        more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'";
+        more_set_headers "Content-Length: 0";
+        return 204;
+    }
+    proxy_hide_header 'X-Content-Type-Options';
+    proxy_hide_header 'Access-Control-Allow-Origin';
+    proxy_hide_header 'Permissions-Policy';
+    proxy_hide_header 'X-XSS-Protection';
+    proxy_hide_header 'Cross-Origin-Resource-Policy';
+    proxy_hide_header 'Cross-Origin-Embedder-Policy';
+    proxy_pass http://127.0.0.1:__PORT__;
+}
+
+location ~ ^/(register|login|recovery|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup|diagram)$ {
+    rewrite ^(.*)$ $1/ redirect;
+}
+
+# Finally, serve anything the above exceptions don't govern.
+try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri;

conf/systemd.service

@@ -8,9 +8,12 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__
 Environment=PATH=__YNH_NODE_LOAD_PATH__
-Environment=NODE_ENV=production
+#Environment=NODE_ENV=production
+Environment='PWD="__INSTALL_DIR__"'
 ExecStart=__YNH_NPM__ start
+#ExecStart=__YNH_NPM__ __INSTALL_DIR__/server.js
 Restart=always
+LimitNOFILE=1000000
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 

manifest.toml

@@ -5,7 +5,7 @@ name = "CryptPad"
 description.en = "Zero Knowledge realtime collaborative office suite"
 description.fr = "Suite bureautique chiffrée pour la collaboration en temps réel"
 
-version = "5.3.0~ynh2"
+version = "2024.6.1~ynh1"
 
 maintainers = ["ddataa"]
 
@@ -14,12 +14,12 @@ license = "AGPL-3.0-only"
 website = "https://cryptpad.fr/"
 demo = "https://cryptpad.fr/"
 admindoc = "https://docs.cryptpad.fr/en/"
-code = "https://github.com/xwiki-labs/cryptpad"
+code = "https://github.com/cryptpad/cryptpad"
 cpe = "cpe:2.3:a:xwiki:cryptpad"
 fund = "https://opencollective.com/cryptpad/contribute?language=fr"
 
 [integration]
-yunohost = ">= 11.2"
+yunohost = ">= 11.2.20"
 architectures = "all"
 multi_instance = false
 
@@ -43,18 +43,15 @@ ram.runtime = "50M"
     type = "group"
     default = "visitors"
 
-    [install.admin]
-    type = "user"
-
 [resources]
         [resources.sources.main]
-        url = "https://github.com/xwiki-labs/cryptpad/archive/refs/tags/5.3.0.tar.gz"
-        sha256 = "470e75203e7080d19482bacf6216c50ec13070fc7d0ff2e4fc855f57668fb919"
+        url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.6.1.tar.gz"
+        sha256 = "318ff90668e4acfa46dbfa31d0074d8b672571169ac2ef846251e08e9b5f424a"
         autoupdate.strategy = "latest_github_tag"
 
     [resources.ports]
     main.default = 3000
-    porti.default = 3001
+    socket.default = 3003
 
     [resources.system_user]
 

scripts/_common.sh

@@ -4,7 +4,7 @@
 # COMMON VARIABLES
 #=================================================
 
-nodejs_version="16.14.2"
+nodejs_version="20"
 
 #=================================================
 # PERSONAL HELPERS

scripts/install

@@ -9,12 +9,6 @@
 source _common.sh
 source /usr/share/yunohost/helpers
 
-#=================================================
-# RETRIEVE ARGUMENTS FROM THE MANIFEST
-#=================================================
-
-email=$(ynh_user_get_info --username=$admin --key=mail)
-
 #=================================================
 # CREATE A SANDBOX DOMAIN
 #=================================================
@@ -90,11 +84,10 @@ ynh_script_progression --message="Building $app... (this will take some time and
 
 pushd "$install_dir"
 	ynh_use_nodejs
-	ynh_exec_warn_less npm install --allow-root
-	ynh_exec_warn_less npm install -g bower
-	ynh_exec_warn_less bower install --allow-root
-	ynh_exec_warn_less bower update --allow-root
-	ynh_exec_warn_less npm run build
+	ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci
+	ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components
+	ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build
+	#./install-onlyoffice.sh
 popd
 
 #=================================================

scripts/remove

@@ -51,7 +51,7 @@ if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
 		sandboxdomain=sandbox-$domain
 	fi
 	
-	ynh_script_progression --message="Removing sandbox domain : $sandboxdomain" --weight=1
+	ynh_script_progression --message="Removing sandbox domain: $sandboxdomain" --weight=1
 	
 	if yunohost domain list | grep -q $sandboxdomain
 	then #if domain exist we remove it

scripts/upgrade

@@ -9,13 +9,6 @@
 source _common.sh
 source /usr/share/yunohost/helpers
 
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
-
-email=$(ynh_user_get_info --username=$admin --key=mail)
-
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
@@ -95,12 +88,12 @@ yunohost service add $app --description="Zero Knowledge realtime collaborative e
 #=================================================
 ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
 
-pushd "$install_dir" 
-	ynh_exec_warn_less npm install --allow-root
-	ynh_exec_warn_less npm install -g bower
-	ynh_exec_warn_less bower update --allow-root
-	ynh_exec_warn_less npm i
-	ynh_exec_warn_less npm run build
+pushd "$install_dir"
+	ynh_use_nodejs
+	ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci
+	ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components
+	ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build
+	#./install-onlyoffice.sh
 popd
 
 #=================================================

tests.toml

@@ -2,6 +2,14 @@ test_format = 1.0
 
 [default]
 
+    # ------------
+    # Tests to run
+    # ------------
+
+    exclude = ["install.subdir"]
+
+    args.admin = "john"
+
     # -------------------------------
     # Commits to test upgrade from
     # -------------------------------