From c8bd78dec5b0deabd9c40b79ca9d54399d6fc39f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 08:36:03 +0200 Subject: [PATCH 01/35] 2024.3.1 --- manifest.toml | 6 +++--- scripts/_common.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest.toml b/manifest.toml index 3db19dc..14fd2d0 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "CryptPad" description.en = "Zero Knowledge realtime collaborative office suite" description.fr = "Suite bureautique chiffrée pour la collaboration en temps réel" -version = "5.3.0~ynh2" +version = "2024.3.1~ynh1" maintainers = ["ddataa"] @@ -45,8 +45,8 @@ ram.runtime = "50M" [resources] [resources.sources.main] - url = "https://github.com/xwiki-labs/cryptpad/archive/refs/tags/5.3.0.tar.gz" - sha256 = "470e75203e7080d19482bacf6216c50ec13070fc7d0ff2e4fc855f57668fb919" + url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.3.1.tar.gz" + sha256 = "9149c55f09b245cde2d295efe1f373c394db7a7652ba32432d05dc11c2ddb697" autoupdate.strategy = "latest_github_tag" [resources.ports] diff --git a/scripts/_common.sh b/scripts/_common.sh index 447f5df..ec0f54e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -nodejs_version="16.14.2" +nodejs_version="20" #================================================= # PERSONAL HELPERS From 905b2ed3f6b6bbad8fd1c27f29181c3d60acf941 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 24 May 2024 06:36:11 +0000 Subject: [PATCH 02/35] Auto-update READMEs --- README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index d007b6e..8c3e349 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ It shall NOT be edited by hand. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Shipped version:** 5.3.0~ynh2 +**Shipped version:** 2024.3.1~ynh1 **Demo:** diff --git a/README_es.md b/README_es.md index 1a6e7d3..d6fb8c4 100644 --- a/README_es.md +++ b/README_es.md @@ -18,7 +18,7 @@ No se debe editar a mano. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Versión actual:** 5.3.0~ynh2 +**Versión actual:** 2024.3.1~ynh1 **Demo:** diff --git a/README_eu.md b/README_eu.md index abccbb0..4f507da 100644 --- a/README_eu.md +++ b/README_eu.md @@ -18,7 +18,7 @@ EZ editatu eskuz. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Paketatutako bertsioa:** 5.3.0~ynh2 +**Paketatutako bertsioa:** 2024.3.1~ynh1 **Demoa:** diff --git a/README_fr.md b/README_fr.md index 6a48c33..c059135 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Il NE doit PAS être modifié à la main. CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké. -**Version incluse :** 5.3.0~ynh2 +**Version incluse :** 2024.3.1~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index 0433612..3bfb9e1 100644 --- a/README_gl.md +++ b/README_gl.md @@ -18,7 +18,7 @@ NON debe editarse manualmente. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Versión proporcionada:** 5.3.0~ynh2 +**Versión proporcionada:** 2024.3.1~ynh1 **Demo:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 2e065c7..993b148 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -18,7 +18,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**分发版本:** 5.3.0~ynh2 +**分发版本:** 2024.3.1~ynh1 **演示:** From 83a730fc74e822b0ba66202b068041f651cb519a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 08:36:38 +0200 Subject: [PATCH 03/35] Update install --- scripts/install | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index 5be5342..85a6f2e 100644 --- a/scripts/install +++ b/scripts/install @@ -91,11 +91,9 @@ ynh_script_progression --message="Building $app... (this will take some time and pushd "$install_dir" ynh_use_nodejs - ynh_exec_warn_less npm install --allow-root - ynh_exec_warn_less npm install -g bower - ynh_exec_warn_less bower install --allow-root - ynh_exec_warn_less bower update --allow-root - ynh_exec_warn_less npm run build + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build popd #================================================= From a45722bf9e9284c1bc8d6995044820498eaa2b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 08:37:18 +0200 Subject: [PATCH 04/35] Update upgrade --- scripts/upgrade | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index e55c805..5364cd0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -101,12 +101,11 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -pushd "$install_dir" - ynh_exec_warn_less npm install --allow-root - ynh_exec_warn_less npm install -g bower - ynh_exec_warn_less bower update --allow-root - ynh_exec_warn_less npm i - ynh_exec_warn_less npm run build +pushd "$install_dir" + ynh_use_nodejs + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build popd #================================================= From 051b091bd6e9c9b27ad0eb5e70e6875f746b0ea5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 09:06:35 +0200 Subject: [PATCH 05/35] Update systemd.service --- conf/systemd.service | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/systemd.service b/conf/systemd.service index 69594fa..deb26df 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -9,6 +9,7 @@ Group=__APP__ WorkingDirectory=__INSTALL_DIR__ Environment=PATH=__YNH_NODE_LOAD_PATH__ Environment=NODE_ENV=production +Environment='PWD="__INSTALL_DIR__"' ExecStart=__YNH_NPM__ start Restart=always From f363b7c4d40b10a8c83b3b7596007a93c6c903fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 09:08:54 +0200 Subject: [PATCH 06/35] cleaning --- scripts/install | 1 - scripts/upgrade | 38 ++++++++++++-------------------------- 2 files changed, 12 insertions(+), 27 deletions(-) diff --git a/scripts/install b/scripts/install index 85a6f2e..af9a07e 100644 --- a/scripts/install +++ b/scripts/install @@ -68,7 +68,6 @@ ynh_script_progression --message="Adding system configurations related to $app.. # Create a dedicated NGINX config ynh_add_nginx_config -env_path="$PATH" # Create a dedicated systemd config ynh_add_systemd_config diff --git a/scripts/upgrade b/scripts/upgrade index 5364cd0..1529f49 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,10 +17,11 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 email=$(ynh_user_get_info --username=$admin --key=mail) #================================================= -# CHECK VERSION +# UPGRADE DEPENDENCIES #================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=6 -upgrade_type=$(ynh_check_app_version_changed) +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # STANDARD UPGRADE STEPS @@ -34,17 +35,13 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Upgrading source files..." --weight=1 -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 - - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" #--keep="config/config.js" +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$install_dir" #--keep="config/config.js" - chmod -R o-rwx "$install_dir" - chown -R $app:$app "$install_dir" -fi +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # APPLY FOLDER GROUP RIGHTS FOR WWW-DATA @@ -88,13 +85,10 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -env_path="$PATH" -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=6 +# Create a dedicated systemd config +ynh_add_systemd_config -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log" #================================================= # INSTALL CRYPTPAD @@ -108,20 +102,12 @@ pushd "$install_dir" ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build popd -#================================================= -# CREATE SYSTEMD SERVICE -#================================================= -# Create a dedicated systemd config -ynh_add_systemd_config - -yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log" - #================================================= # ADD UPGRADED CONFIG WITH SANDBOX #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -ynh_add_config --template="../conf/config.js" --destination="$install_dir/config/config.js" +ynh_add_config --template="config.js" --destination="$install_dir/config/config.js" chmod 600 "$install_dir/config/config.js" chown $app "$install_dir/config/config.js" From d3bb1fd7b99e74bdffc4c9b605e5b2dd5cb70d91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 09:09:46 +0200 Subject: [PATCH 07/35] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 14fd2d0..7af333a 100644 --- a/manifest.toml +++ b/manifest.toml @@ -19,7 +19,7 @@ cpe = "cpe:2.3:a:xwiki:cryptpad" fund = "https://opencollective.com/cryptpad/contribute?language=fr" [integration] -yunohost = ">= 11.1.21" +yunohost = ">= 11.2" architectures = "all" multi_instance = false ldap = false From 3dfab40f3f8d4f4ee100a12122da2c3427f18dc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 09:26:32 +0200 Subject: [PATCH 08/35] set basic NGINX --- conf/config.js | 126 ++++++++++++++++++++++++-------------------- conf/nginx.conf | 111 ++++++++------------------------------ conf/old.nginx.conf | 91 ++++++++++++++++++++++++++++++++ manifest.toml | 1 + scripts/install | 2 +- 5 files changed, 183 insertions(+), 148 deletions(-) create mode 100644 conf/old.nginx.conf diff --git a/conf/config.js b/conf/config.js index 768b0bf..650f5c7 100644 --- a/conf/config.js +++ b/conf/config.js @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2023 XWiki CryptPad Team and contributors +// +// SPDX-License-Identifier: AGPL-3.0-or-later + /* globals module */ /* DISCLAIMER: @@ -11,7 +15,7 @@ Support requests for such setups should be directed to their authors. If you're having difficulty difficulty configuring your instance - we suggest that you join the project's IRC/Matrix channel. + we suggest that you join the project's Matrix channel. If you don't have any difficulty configuring your instance and you'd like to support us for the work that went into making it pain-free we are quite happy @@ -45,21 +49,13 @@ module.exports = { * In such a case this should be also handled by NGINX, as documented in * cryptpad/docs/example.nginx.conf (see the $main_domain variable) * - * Note: you may provide multiple origins for the purpose of accessing - * a development instance via different URLs, like so: - * httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000/', - * - * Such configuration is not recommended for production instances, - * as the development team does not actively test such configuration - * and it may have unintended consequences in practice. - * */ httpUnsafeOrigin: 'https://__DOMAIN__', /* httpSafeOrigin is the URL that is used for the 'sandbox' described above. * If you're testing or developing with CryptPad on your local machine then * it is appropriate to leave this blank. The default behaviour is to serve - * the main domain over port 3000 and to serve the content over port 3001. + * the main domain over port 3000 and to serve the sandbox content over port 3001. * * This is not appropriate in a production environment where invasive networks * may filter traffic going over abnormal ports. @@ -70,14 +66,17 @@ module.exports = { * This value corresponds to the $sandbox_domain variable * in the example nginx file. * + * Note that in order for the sandboxing system to be effective + * httpSafeOrigin must be different from httpUnsafeOrigin. + * * CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS. */ httpSafeOrigin: "https://__SANDBOXDOMAIN__", /* httpAddress specifies the address on which the nodejs server - * should be accessible. By default it will listen on 127.0.0.1 - * (IPv4 localhost on most systems). If you want it to listen on - * all addresses, including IPv6, set this to '::'. + * should be accessible. By default it will listen on localhost + * (IPv4 & IPv6 if enabled). If you want it to listen on + * a specific address, specify it here. e.g '192.168.0.1' * */ httpAddress: '::', @@ -97,6 +96,19 @@ module.exports = { */ httpSafePort: __PORT_PORTI__, +/* Websockets need to be exposed on a separate port from the rest of + * the platform's HTTP traffic. Port 3003 is used by default. + * You can change this to a different port if it is in use by a + * different service, but under most circumstances you can leave this + * commented and it will work. + * + * In production environments, your reverse proxy (usually NGINX) + * will need to forward websocket traffic (/cryptpad_websocket) + * to this port. + * + */ + websocketPort: __PORT_SOCKET__, + /* CryptPad will launch a child process for every core available * in order to perform CPU-intensive tasks in parallel. * Some host environments may have a very large number of cores available @@ -105,6 +117,43 @@ module.exports = { */ // maxWorkers: 4, + /* ===================== + * Sessions + * ===================== */ + + /* Accounts can be protected with an OTP (One Time Password) system + * to add a second authentication layer. Such accounts use a session + * with a given lifetime after which they are logged out and need + * to be re-authenticated. You can configure the lifetime of these + * sessions here. + * + * defaults to 7 days + */ + //otpSessionExpiration: 7*24, // hours + + /* Registered users can be forced to protect their account + * with a Multi-factor Authentication (MFA) tool like a TOTP + * authenticator application. + * + * defaults to false + */ + //enforceMFA: false, + + /* ===================== + * Privacy + * ===================== */ + + /* Depending on where your instance is hosted, you may be required to log IP + * addresses of the users who make a change to a document. This setting allows you + * to do so. You can configure the logging system below in this config file. + * Setting this value to true will include a log for each websocket connection + * including this connection's unique ID, the user public key and the IP. + * NOTE: this option requires a log level of "info" or below. + * + * defaults to false + */ + //logIP: false, + /* ===================== * Admin * ===================== */ @@ -115,52 +164,15 @@ module.exports = { * To give access to the admin panel to a user account, just add their public signing * key, which can be found on the settings page for registered users. * Entries should be strings separated by a comma. + * adminKeys: [ + * "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]", + * "[cryptpad-user2@my.awesome.website/jA-9c5iNuG7SyxzGCjwJXVnk5NPfAOO8fQuQ0dC83RE=]", + * ] + * */ -/* adminKeys: [ - "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]", + ], -*/ - - /* CryptPad's administration panel includes a "support" tab - * wherein administrators with a secret key can view messages - * sent from users via the encrypted forms on the /support/ page - * - * To enable this functionality: - * run `node ./scripts/generate-admin-keys.js` - * save the public key in your config in the value below - * add the private key via the admin panel - * and back it up in a secure manner - * - */ - supportMailboxPublicKey: '', - - /* CryptPad will display a point of contact for your instance on its contact page - * (/contact.html) if you provide it below. - */ - adminEmail: '__EMAIL__', - - /* We're very proud that CryptPad is available to the public as free software! - * We do, however, still need to pay our bills as we develop the platform. - * - * By default CryptPad will prompt users to consider donating to - * our OpenCollective campaign. We publish the state of our finances periodically - * so you can decide for yourself whether our expenses are reasonable. - * - * You can disable any solicitations for donations by setting 'removeDonateButton' to true, - * but we'd appreciate it if you didn't! - */ - removeDonateButton: true, - - /* - * By default, CryptPad contacts one of our servers once a day. - * This check-in will also send some very basic information about your instance including its - * version and the adminEmail so we can reach you if we are aware of a serious problem. - * We will never sell it or send you marketing mail. - * - * If you want to block this check-in and remain set 'blockDailyCheck' to true. - */ - blockDailyCheck: true, /* ===================== * STORAGE @@ -180,7 +192,7 @@ module.exports = { * This archived data still takes up space and so you'll probably still want to * remove these files after a brief period. * - * cryptpad/scripts/evict-inactive.js is intended to be run daily + * cryptpad/scripts/evict-archived.js is intended to be run daily * from a crontab or similar scheduling service. * * The intent with this feature is to provide a safety net in case of accidental diff --git a/conf/nginx.conf b/conf/nginx.conf index f3e1778..97ba9b2 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,91 +1,22 @@ -set $main_domain "__DOMAIN__"; -set $sandbox_domain "__SANDBOXDOMAIN__"; -set $allowed_origins "https://${sandbox_domain}"; -set $api_domain "__DOMAIN__"; -set $files_domain "__DOMAIN__"; -ssl_ecdh_curve secp384r1; -more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; -more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; -more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; -root __INSTALL_DIR__/; -index index.html; -error_page 404 /customize.dist/404.html; -if ($uri ~ ^(\/|.*\/|.*\.html)$) { - set $cacheControl no-cache; -} -if ($args ~ ver=) { - set $cacheControl max-age=31536000; -} -more_set_headers "Cache-Control: $cacheControl"; -set $styleSrc "'unsafe-inline' 'self' https://${main_domain}"; -set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}"; -set $fontSrc "'self' data: https://${main_domain}"; -set $imgSrc "'self' data: blob: https://${main_domain}"; -set $frameSrc "'self' https://${sandbox_domain} blob:"; -set $mediaSrc "blob:"; -set $childSrc "https://${main_domain}"; -set $workerSrc "'self'"; -set $scriptSrc "'self' resource: https://${main_domain}"; -set $frameAncestors "'self' https://${main_domain}"; -set $unsafe 0; -if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; } -if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; } -if ($host != $sandbox_domain) { set $unsafe 0; } -if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; } -if ($unsafe) { - set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}"; -} -more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors"; -location ^~ /cryptpad_websocket { - proxy_pass http://127.0.0.1:__PORT__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; -} -location ^~ /customize.dist/ { - # This is needed in order to prevent infinite recursion between /customize/ and the root -} -location ^~ /customize/ { - rewrite ^/customize/(.*)$ $1 break; - try_files /customize/$uri /customize.dist/$uri; -} -location ~ ^/api/.*$ { - proxy_pass http://127.0.0.1:__PORT__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_hide_header Cross-Origin-Resource-Policy; - more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; - proxy_hide_header Cross-Origin-Embedder-Policy; - more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; -} -location ^~ /blob/ { - if ($request_method = 'OPTIONS') { - more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; - more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; - more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"; - more_set_headers "Access-Control-Max-Age: 1728000"; - more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'"; - more_set_headers "Content-Length: 0"; - return 204; +location / { + proxy_pass http://127.0.0.1:__PORT__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + client_max_body_size 150m; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; } - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "Cache-Control: max-age=31536000'"; - more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; - more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; - more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; - more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; - try_files $uri =404; -} -location ^~ /block/ { - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "Cache-Control: max-age=0"; - try_files $uri =404; -} -location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ { - rewrite ^(.*)$ $1/ redirect; -} -try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri; + + location ^~ /cryptpad_websocket { + proxy_pass http://127.0.0.1:__PORT_SOCKET__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; + } \ No newline at end of file diff --git a/conf/old.nginx.conf b/conf/old.nginx.conf new file mode 100644 index 0000000..f3e1778 --- /dev/null +++ b/conf/old.nginx.conf @@ -0,0 +1,91 @@ +set $main_domain "__DOMAIN__"; +set $sandbox_domain "__SANDBOXDOMAIN__"; +set $allowed_origins "https://${sandbox_domain}"; +set $api_domain "__DOMAIN__"; +set $files_domain "__DOMAIN__"; +ssl_ecdh_curve secp384r1; +more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; +more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; +more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; +root __INSTALL_DIR__/; +index index.html; +error_page 404 /customize.dist/404.html; +if ($uri ~ ^(\/|.*\/|.*\.html)$) { + set $cacheControl no-cache; +} +if ($args ~ ver=) { + set $cacheControl max-age=31536000; +} +more_set_headers "Cache-Control: $cacheControl"; +set $styleSrc "'unsafe-inline' 'self' https://${main_domain}"; +set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}"; +set $fontSrc "'self' data: https://${main_domain}"; +set $imgSrc "'self' data: blob: https://${main_domain}"; +set $frameSrc "'self' https://${sandbox_domain} blob:"; +set $mediaSrc "blob:"; +set $childSrc "https://${main_domain}"; +set $workerSrc "'self'"; +set $scriptSrc "'self' resource: https://${main_domain}"; +set $frameAncestors "'self' https://${main_domain}"; +set $unsafe 0; +if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; } +if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; } +if ($host != $sandbox_domain) { set $unsafe 0; } +if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; } +if ($unsafe) { + set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}"; +} +more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors"; +location ^~ /cryptpad_websocket { + proxy_pass http://127.0.0.1:__PORT__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; +} +location ^~ /customize.dist/ { + # This is needed in order to prevent infinite recursion between /customize/ and the root +} +location ^~ /customize/ { + rewrite ^/customize/(.*)$ $1 break; + try_files /customize/$uri /customize.dist/$uri; +} +location ~ ^/api/.*$ { + proxy_pass http://127.0.0.1:__PORT__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_hide_header Cross-Origin-Resource-Policy; + more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; + proxy_hide_header Cross-Origin-Embedder-Policy; + more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; +} +location ^~ /blob/ { + if ($request_method = 'OPTIONS') { + more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; + more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; + more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"; + more_set_headers "Access-Control-Max-Age: 1728000"; + more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'"; + more_set_headers "Content-Length: 0"; + return 204; + } + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "Cache-Control: max-age=31536000'"; + more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; + more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; + more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; + more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; + try_files $uri =404; +} +location ^~ /block/ { + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "Cache-Control: max-age=0"; + try_files $uri =404; +} +location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ { + rewrite ^(.*)$ $1/ redirect; +} +try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri; diff --git a/manifest.toml b/manifest.toml index 7af333a..930bfec 100644 --- a/manifest.toml +++ b/manifest.toml @@ -52,6 +52,7 @@ ram.runtime = "50M" [resources.ports] main.default = 3000 porti.default = 3001 + socket.default = 3003 [resources.system_user] diff --git a/scripts/install b/scripts/install index af9a07e..c5be7ad 100644 --- a/scripts/install +++ b/scripts/install @@ -78,7 +78,7 @@ yunohost service add $app --description="Zero Knowledge realtime collaborative e #================================================= ynh_script_progression --message="Adding a configuration file..." -ynh_add_config --template="../conf/config.js" --destination="$install_dir/config/config.js" +ynh_add_config --template="config.js" --destination="$install_dir/config/config.js" chmod 600 "$install_dir/config/config.js" chown $app "$install_dir/config/config.js" From 7677bb6ca2eb5d6590c7a4dd49dd1381d1c9ae12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 09:27:28 +0200 Subject: [PATCH 09/35] Update nginx.conf --- conf/nginx.conf | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 97ba9b2..6aaa9e9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,22 +1,22 @@ location / { - proxy_pass http://127.0.0.1:__PORT__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - client_max_body_size 150m; + proxy_pass http://127.0.0.1:__PORT__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + client_max_body_size 150m; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; - } + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; +} - location ^~ /cryptpad_websocket { - proxy_pass http://127.0.0.1:__PORT_SOCKET__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +location ^~ /cryptpad_websocket { + proxy_pass http://127.0.0.1:__PORT_SOCKET__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; - } \ No newline at end of file + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; +} \ No newline at end of file From 3221aea763a01786eefe216b55b52b91ff4559ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 09:33:25 +0200 Subject: [PATCH 10/35] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 930bfec..dc9da7f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -14,7 +14,7 @@ license = "AGPL-3.0-only" website = "https://cryptpad.fr/" demo = "https://cryptpad.fr/" admindoc = "https://docs.cryptpad.fr/en/" -code = "https://github.com/xwiki-labs/cryptpad" +code = "https://github.com/cryptpad/cryptpad" cpe = "cpe:2.3:a:xwiki:cryptpad" fund = "https://opencollective.com/cryptpad/contribute?language=fr" From 518cd6c0d8ff94eb80300ca6a8f454652f0bc16d Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 24 May 2024 07:33:31 +0000 Subject: [PATCH 11/35] Auto-update READMEs --- README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_zh_Hans.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 8c3e349..c6a1dc4 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. - Official app website: - Official admin documentation: -- Upstream app code repository: +- Upstream app code repository: - YunoHost Store: - Report a bug: diff --git a/README_es.md b/README_es.md index d6fb8c4..a1ad567 100644 --- a/README_es.md +++ b/README_es.md @@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. - Sitio web oficial: - Documentación administrador oficial: -- Repositorio del código fuente oficial de la aplicación : +- Repositorio del código fuente oficial de la aplicación : - Catálogo YunoHost: - Reportar un error: diff --git a/README_eu.md b/README_eu.md index 4f507da..cf850a5 100644 --- a/README_eu.md +++ b/README_eu.md @@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. - Aplikazioaren webgune ofiziala: - Administratzaileen dokumentazio ofiziala: -- Jatorrizko aplikazioaren kode-gordailua: +- Jatorrizko aplikazioaren kode-gordailua: - YunoHost Denda: - Eman errore baten berri: diff --git a/README_fr.md b/README_fr.md index c059135..45ce780 100644 --- a/README_fr.md +++ b/README_fr.md @@ -30,7 +30,7 @@ CryptPad est une suite de collaboration chiffrée de bout en bout et open source - Site officiel de l’app : - Documentation officielle de l’admin : -- Dépôt de code officiel de l’app : +- Dépôt de code officiel de l’app : - YunoHost Store : - Signaler un bug : diff --git a/README_gl.md b/README_gl.md index 3bfb9e1..6949d4e 100644 --- a/README_gl.md +++ b/README_gl.md @@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. - Web oficial da app: - Documentación oficial para admin: -- Repositorio de orixe do código: +- Repositorio de orixe do código: - Tenda YunoHost: - Informar dun problema: diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 993b148..37782ab 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -30,7 +30,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. - 官方应用网站: - 官方管理文档: -- 上游应用代码库: +- 上游应用代码库: - YunoHost 商店: - 报告 bug: From 29641fcf01494636950fc3ef0be4432635dbf4e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 11:10:41 +0200 Subject: [PATCH 12/35] Update config.js --- conf/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.js b/conf/config.js index 650f5c7..8ab8811 100644 --- a/conf/config.js +++ b/conf/config.js @@ -79,7 +79,7 @@ module.exports = { * a specific address, specify it here. e.g '192.168.0.1' * */ - httpAddress: '::', + httpAddress: 'localhost', /* httpPort specifies on which port the nodejs server should listen. * By default it will serve content over port 3000, which is suitable From c04fb7bc833404aac0f4fc1493be2f218e343f95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 11:16:11 +0200 Subject: [PATCH 13/35] Update config.js --- conf/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.js b/conf/config.js index 8ab8811..2e155e0 100644 --- a/conf/config.js +++ b/conf/config.js @@ -79,7 +79,7 @@ module.exports = { * a specific address, specify it here. e.g '192.168.0.1' * */ - httpAddress: 'localhost', + httpAddress: '127.0.0.1', /* httpPort specifies on which port the nodejs server should listen. * By default it will serve content over port 3000, which is suitable From 5b234a4506f8d4475bb0fa98b452366e2b753450 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 13:25:08 +0200 Subject: [PATCH 14/35] remove port --- conf/config.js | 2 +- manifest.toml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/conf/config.js b/conf/config.js index 2e155e0..1d7ea56 100644 --- a/conf/config.js +++ b/conf/config.js @@ -94,7 +94,7 @@ module.exports = { * that of your httpPort + 1. You probably don't need to change this. * */ - httpSafePort: __PORT_PORTI__, + // httpSafePort: 3001, /* Websockets need to be exposed on a separate port from the rest of * the platform's HTTP traffic. Port 3003 is used by default. diff --git a/manifest.toml b/manifest.toml index f7d53e6..408d3d0 100644 --- a/manifest.toml +++ b/manifest.toml @@ -54,7 +54,6 @@ ram.runtime = "50M" [resources.ports] main.default = 3000 - porti.default = 3001 socket.default = 3003 [resources.system_user] From a46d7ee5ee48b6be8aca41befe8149a561cc65fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 14:06:47 +0200 Subject: [PATCH 15/35] Update old.nginx.conf --- conf/old.nginx.conf | 68 ++++++++++++++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 23 deletions(-) diff --git a/conf/old.nginx.conf b/conf/old.nginx.conf index f3e1778..a55f371 100644 --- a/conf/old.nginx.conf +++ b/conf/old.nginx.conf @@ -4,18 +4,27 @@ set $allowed_origins "https://${sandbox_domain}"; set $api_domain "__DOMAIN__"; set $files_domain "__DOMAIN__"; ssl_ecdh_curve secp384r1; + +more_set_headers "X-XSS-Protection: '1; mode=block'"; +more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'"; +more_set_headers "Access-Control-Allow-Credentials: true"; + more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; + root __INSTALL_DIR__/; index index.html; error_page 404 /customize.dist/404.html; + if ($uri ~ ^(\/|.*\/|.*\.html)$) { set $cacheControl no-cache; } + if ($args ~ ver=) { set $cacheControl max-age=31536000; } + more_set_headers "Cache-Control: $cacheControl"; set $styleSrc "'unsafe-inline' 'self' https://${main_domain}"; set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}"; @@ -32,39 +41,54 @@ if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; } if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; } if ($host != $sandbox_domain) { set $unsafe 0; } if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; } + if ($unsafe) { set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}"; } + more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors"; -location ^~ /cryptpad_websocket { - proxy_pass http://127.0.0.1:__PORT__; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; + + +types { + application/javascript mjs; } + +location ^~ /cryptpad_websocket { + proxy_pass http://127.0.0.1:__PORT_SOCKET__; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # WebSocket support (nginx 1.4) + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; +} + location ^~ /customize.dist/ { # This is needed in order to prevent infinite recursion between /customize/ and the root } + location ^~ /customize/ { rewrite ^/customize/(.*)$ $1 break; try_files /customize/$uri /customize.dist/$uri; } + location ~ ^/api/.*$ { proxy_pass http://127.0.0.1:__PORT__; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_hide_header Cross-Origin-Resource-Policy; more_set_headers "Cross-Origin-Resource-Policy: cross-origin"; proxy_hide_header Cross-Origin-Embedder-Policy; more_set_headers "Cross-Origin-Embedder-Policy: require-corp"; } -location ^~ /blob/ { +location ~ ^/(blob|block)/.*$ { if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; + more_set_headers add_header "Access-Control-Allow-Credentials: true"; more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"; more_set_headers "Access-Control-Max-Age: 1728000"; @@ -72,20 +96,18 @@ location ^~ /blob/ { more_set_headers "Content-Length: 0"; return 204; } - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "Cache-Control: max-age=31536000'"; - more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; - more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; - more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; - more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length"; - try_files $uri =404; + proxy_hide_header 'X-Content-Type-Options'; + proxy_hide_header 'Access-Control-Allow-Origin'; + proxy_hide_header 'Permissions-Policy'; + proxy_hide_header 'X-XSS-Protection'; + proxy_hide_header 'Cross-Origin-Resource-Policy'; + proxy_hide_header 'Cross-Origin-Embedder-Policy'; + proxy_pass http://127.0.0.1:__PORT__; } -location ^~ /block/ { - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "Cache-Control: max-age=0"; - try_files $uri =404; -} -location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ { + +location ~ ^/(register|login|recovery|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup|diagram)$ { rewrite ^(.*)$ $1/ redirect; } -try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri; + +# Finally, serve anything the above exceptions don't govern. +try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri; \ No newline at end of file From 008c6c4ce6047ea94a68eea3304413517b7308e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 14:08:03 +0200 Subject: [PATCH 16/35] Update remove --- scripts/remove | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index a7f6a3e..b5667bc 100644 --- a/scripts/remove +++ b/scripts/remove @@ -51,7 +51,7 @@ if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then sandboxdomain=sandbox-$domain fi - ynh_script_progression --message="Removing sandbox domain : $sandboxdomain" --weight=1 + ynh_script_progression --message="Removing sandbox domain: $sandboxdomain" --weight=1 if yunohost domain list | grep -q $sandboxdomain then #if domain exist we remove it From 6624ac0fd9f2aa0a9628430a752861143829b71f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 15:33:22 +0200 Subject: [PATCH 17/35] remove admin setting --- manifest.toml | 3 --- 1 file changed, 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 408d3d0..f40b329 100644 --- a/manifest.toml +++ b/manifest.toml @@ -43,9 +43,6 @@ ram.runtime = "50M" type = "group" default = "visitors" - [install.admin] - type = "user" - [resources] [resources.sources.main] url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.3.1.tar.gz" From 54bfd70200caf07e116ddb5fdd028863926746a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 16:10:56 +0200 Subject: [PATCH 18/35] Update nginx.conf --- conf/nginx.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 6aaa9e9..af07665 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,3 +1,7 @@ +server_name __DOMAIN__ __SANDBOXDOMAIN__; + +more_set_headers "Strict-Transport-Security: 'max-age=63072000; includeSubDomains' always"; + location / { proxy_pass http://127.0.0.1:__PORT__; proxy_set_header X-Real-IP $remote_addr; From 96750c2cd4b50b5a69e68b0225e316432e29ebf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 16:27:35 +0200 Subject: [PATCH 19/35] Update install --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index 683eee5..0bce2d1 100644 --- a/scripts/install +++ b/scripts/install @@ -93,6 +93,7 @@ pushd "$install_dir" ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build + ./install-onlyoffice.sh popd #================================================= From 220668b21b85bb0978b1003c33207718b5923c2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 16:40:30 +0200 Subject: [PATCH 20/35] Update upgrade --- scripts/upgrade | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/upgrade b/scripts/upgrade index 1529f49..3aa4013 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -100,6 +100,7 @@ pushd "$install_dir" ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build + ./install-onlyoffice.sh popd #================================================= From 6a5385780269286365c0a1c997ff26a8706dda8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 17:00:27 +0200 Subject: [PATCH 21/35] fix --- scripts/install | 6 ------ scripts/upgrade | 7 ------- 2 files changed, 13 deletions(-) diff --git a/scripts/install b/scripts/install index 0bce2d1..1cefa62 100644 --- a/scripts/install +++ b/scripts/install @@ -9,12 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -email=$(ynh_user_get_info --username=$admin --key=mail) - #================================================= # CREATE A SANDBOX DOMAIN #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 3aa4013..3be642b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,13 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -email=$(ynh_user_get_info --username=$admin --key=mail) - #================================================= # UPGRADE DEPENDENCIES #================================================= From f3493bced6c29bac4798d4b83474ff50133cb321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 17:11:17 +0200 Subject: [PATCH 22/35] Update manifest.toml --- manifest.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest.toml b/manifest.toml index f40b329..89a008b 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,10 +44,10 @@ ram.runtime = "50M" default = "visitors" [resources] - [resources.sources.main] - url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.3.1.tar.gz" - sha256 = "9149c55f09b245cde2d295efe1f373c394db7a7652ba32432d05dc11c2ddb697" - autoupdate.strategy = "latest_github_tag" + [resources.sources.main] + url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.3.1.tar.gz" + sha256 = "9149c55f09b245cde2d295efe1f373c394db7a7652ba32432d05dc11c2ddb697" + autoupdate.strategy = "latest_github_tag" [resources.ports] main.default = 3000 From 8b12f931a608c889601a1cbc9c4ed79919d1373f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 17:12:31 +0200 Subject: [PATCH 23/35] Update tests.toml --- tests.toml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests.toml b/tests.toml index c9ccc0e..d0f9ac3 100644 --- a/tests.toml +++ b/tests.toml @@ -2,6 +2,12 @@ test_format = 1.0 [default] + # ------------ + # Tests to run + # ------------ + + exclude = ["install.subdir"] + # ------------------------------- # Commits to test upgrade from # ------------------------------- From 87275a7ad7e11ff5aefe5255134f721ce71c8dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 17:20:30 +0200 Subject: [PATCH 24/35] Update old.nginx.conf --- conf/old.nginx.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/conf/old.nginx.conf b/conf/old.nginx.conf index a55f371..620f6bf 100644 --- a/conf/old.nginx.conf +++ b/conf/old.nginx.conf @@ -25,6 +25,10 @@ if ($args ~ ver=) { set $cacheControl max-age=31536000; } +if ($uri ~ ^(\/|.*\/|.*\.html)$) { + set $cacheControl no-cache; +} + more_set_headers "Cache-Control: $cacheControl"; set $styleSrc "'unsafe-inline' 'self' https://${main_domain}"; set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}"; From 4192b4d789bca5228cdb20143101e110044b7b71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 17:27:40 +0200 Subject: [PATCH 25/35] Update nginx.conf --- conf/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index af07665..4b14d26 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ -server_name __DOMAIN__ __SANDBOXDOMAIN__; +#server_name __DOMAIN__ __SANDBOXDOMAIN__; -more_set_headers "Strict-Transport-Security: 'max-age=63072000; includeSubDomains' always"; +#more_set_headers "Strict-Transport-Security: 'max-age=63072000; includeSubDomains' always"; location / { proxy_pass http://127.0.0.1:__PORT__; From ee60baeaf176d9e23cc30eabfedf7a102ef65e18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 17:54:40 +0200 Subject: [PATCH 26/35] Update nginx.conf --- conf/nginx.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 4b14d26..53638fa 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,3 @@ -#server_name __DOMAIN__ __SANDBOXDOMAIN__; - -#more_set_headers "Strict-Transport-Security: 'max-age=63072000; includeSubDomains' always"; location / { proxy_pass http://127.0.0.1:__PORT__; From 5c80e0f924c59c64f0865b38fdef32057e5f068a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 19:22:47 +0200 Subject: [PATCH 27/35] Update old.nginx.conf --- conf/old.nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/old.nginx.conf b/conf/old.nginx.conf index 620f6bf..da97825 100644 --- a/conf/old.nginx.conf +++ b/conf/old.nginx.conf @@ -92,7 +92,7 @@ location ~ ^/api/.*$ { location ~ ^/(blob|block)/.*$ { if ($request_method = 'OPTIONS') { more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}"; - more_set_headers add_header "Access-Control-Allow-Credentials: true"; + more_set_headers "Access-Control-Allow-Credentials: true"; more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'"; more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range"; more_set_headers "Access-Control-Max-Age: 1728000"; From 64e128baf099ce7f28c99ba6e67eae1e1d20b2a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 24 May 2024 19:23:22 +0200 Subject: [PATCH 28/35] fix --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 1cefa62..eb7a771 100644 --- a/scripts/install +++ b/scripts/install @@ -87,7 +87,7 @@ pushd "$install_dir" ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build - ./install-onlyoffice.sh + #./install-onlyoffice.sh popd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 3be642b..003397f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -93,7 +93,7 @@ pushd "$install_dir" ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build - ./install-onlyoffice.sh + #./install-onlyoffice.sh popd #================================================= From 1ff19ca33f808d4ba2d80b12edd48d54c35e27bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 29 May 2024 17:37:46 +0200 Subject: [PATCH 29/35] Update manifest.toml --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 89a008b..5c18f79 100644 --- a/manifest.toml +++ b/manifest.toml @@ -11,9 +11,9 @@ maintainers = ["ddataa"] [upstream] license = "AGPL-3.0-only" -website = "https://cryptpad.fr/" -demo = "https://cryptpad.fr/" -admindoc = "https://docs.cryptpad.fr/en/" +website = "https://cryptpad.org" +demo = "https://cryptpad.fr" +admindoc = "https://docs.cryptpad.org/en/" code = "https://github.com/cryptpad/cryptpad" cpe = "cpe:2.3:a:xwiki:cryptpad" fund = "https://opencollective.com/cryptpad/contribute?language=fr" From d547891f0ac6967953644b5cae24eceee439fa60 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 29 May 2024 15:37:51 +0000 Subject: [PATCH 30/35] Auto-update READMEs --- README.md | 6 +++--- README_es.md | 6 +++--- README_eu.md | 6 +++--- README_fr.md | 6 +++--- README_gl.md | 6 +++--- README_zh_Hans.md | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index c6a1dc4..c3d8a24 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. **Shipped version:** 2024.3.1~ynh1 -**Demo:** +**Demo:** ## Screenshots @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Documentation and resources -- Official app website: -- Official admin documentation: +- Official app website: +- Official admin documentation: - Upstream app code repository: - YunoHost Store: - Report a bug: diff --git a/README_es.md b/README_es.md index a1ad567..f5898b7 100644 --- a/README_es.md +++ b/README_es.md @@ -20,7 +20,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. **Versión actual:** 2024.3.1~ynh1 -**Demo:** +**Demo:** ## Capturas @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Documentaciones y recursos -- Sitio web oficial: -- Documentación administrador oficial: +- Sitio web oficial: +- Documentación administrador oficial: - Repositorio del código fuente oficial de la aplicación : - Catálogo YunoHost: - Reportar un error: diff --git a/README_eu.md b/README_eu.md index cf850a5..84bb177 100644 --- a/README_eu.md +++ b/README_eu.md @@ -20,7 +20,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. **Paketatutako bertsioa:** 2024.3.1~ynh1 -**Demoa:** +**Demoa:** ## Pantaila-argazkiak @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Dokumentazioa eta baliabideak -- Aplikazioaren webgune ofiziala: -- Administratzaileen dokumentazio ofiziala: +- Aplikazioaren webgune ofiziala: +- Administratzaileen dokumentazio ofiziala: - Jatorrizko aplikazioaren kode-gordailua: - YunoHost Denda: - Eman errore baten berri: diff --git a/README_fr.md b/README_fr.md index 45ce780..be2dac3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ CryptPad est une suite de collaboration chiffrée de bout en bout et open source **Version incluse :** 2024.3.1~ynh1 -**Démo :** +**Démo :** ## Captures d’écran @@ -28,8 +28,8 @@ CryptPad est une suite de collaboration chiffrée de bout en bout et open source ## Documentations et ressources -- Site officiel de l’app : -- Documentation officielle de l’admin : +- Site officiel de l’app : +- Documentation officielle de l’admin : - Dépôt de code officiel de l’app : - YunoHost Store : - Signaler un bug : diff --git a/README_gl.md b/README_gl.md index 6949d4e..2923e36 100644 --- a/README_gl.md +++ b/README_gl.md @@ -20,7 +20,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. **Versión proporcionada:** 2024.3.1~ynh1 -**Demo:** +**Demo:** ## Capturas de pantalla @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Documentación e recursos -- Web oficial da app: -- Documentación oficial para admin: +- Web oficial da app: +- Documentación oficial para admin: - Repositorio de orixe do código: - Tenda YunoHost: - Informar dun problema: diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 37782ab..617dad4 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -20,7 +20,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. **分发版本:** 2024.3.1~ynh1 -**演示:** +**演示:** ## 截图 @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## 文档与资源 -- 官方应用网站: -- 官方管理文档: +- 官方应用网站: +- 官方管理文档: - 上游应用代码库: - YunoHost 商店: - 报告 bug: From 60272efae3076b8298eb264fa3aacf5bd130f9b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 29 May 2024 17:48:13 +0200 Subject: [PATCH 31/35] Update systemd.service --- conf/systemd.service | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index deb26df..7ec4693 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,10 +8,12 @@ User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__ Environment=PATH=__YNH_NODE_LOAD_PATH__ -Environment=NODE_ENV=production +#Environment=NODE_ENV=production Environment='PWD="__INSTALL_DIR__"' ExecStart=__YNH_NPM__ start +#ExecStart=__YNH_NPM__ __INSTALL_DIR__/server.js Restart=always +LimitNOFILE=1000000 # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these From 4a889b5aa37ebda746d9565713c8cde90db008d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 29 May 2024 19:16:24 +0200 Subject: [PATCH 32/35] Update tests.toml --- tests.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests.toml b/tests.toml index d0f9ac3..93550a6 100644 --- a/tests.toml +++ b/tests.toml @@ -8,6 +8,8 @@ test_format = 1.0 exclude = ["install.subdir"] + args.admin = "john" + # ------------------------------- # Commits to test upgrade from # ------------------------------- From fd4011c78937292484076f84588f91ae3eb0dd7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 3 Jul 2024 11:46:42 +0200 Subject: [PATCH 33/35] Update manifest.toml --- manifest.toml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifest.toml b/manifest.toml index 5c18f79..1e23c91 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "CryptPad" description.en = "Zero Knowledge realtime collaborative office suite" description.fr = "Suite bureautique chiffrée pour la collaboration en temps réel" -version = "2024.3.1~ynh1" +version = "2024.6.0~ynh1" maintainers = ["ddataa"] @@ -19,7 +19,7 @@ cpe = "cpe:2.3:a:xwiki:cryptpad" fund = "https://opencollective.com/cryptpad/contribute?language=fr" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.20" architectures = "all" multi_instance = false @@ -45,8 +45,8 @@ ram.runtime = "50M" [resources] [resources.sources.main] - url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.3.1.tar.gz" - sha256 = "9149c55f09b245cde2d295efe1f373c394db7a7652ba32432d05dc11c2ddb697" + url = "https://github.com/xwiki-labs/cryptpad/archive/refs/tags/2024.6.0.tar.gz" + sha256 = "b8694fc5f76c47204e012956a0af64e8c19968ae479da00cfd9d371d4185d2da" autoupdate.strategy = "latest_github_tag" [resources.ports] From be9c61ed43b36dd9712905c03cf48207b90f1e79 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 3 Jul 2024 09:46:47 +0000 Subject: [PATCH 34/35] Auto-update READMEs --- README.md | 4 ++-- README_es.md | 4 ++-- README_eu.md | 4 ++-- README_fr.md | 4 ++-- README_gl.md | 4 ++-- README_zh_Hans.md | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c3d8a24..3609aee 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # CryptPad for YunoHost -[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Working status](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Working status](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) [![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) @@ -18,7 +18,7 @@ It shall NOT be edited by hand. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Shipped version:** 2024.3.1~ynh1 +**Shipped version:** 2024.6.0~ynh1 **Demo:** diff --git a/README_es.md b/README_es.md index f5898b7..50e0153 100644 --- a/README_es.md +++ b/README_es.md @@ -5,7 +5,7 @@ No se debe editar a mano. # CryptPad para Yunohost -[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) [![Instalar CryptPad con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) @@ -18,7 +18,7 @@ No se debe editar a mano. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Versión actual:** 2024.3.1~ynh1 +**Versión actual:** 2024.6.0~ynh1 **Demo:** diff --git a/README_eu.md b/README_eu.md index 84bb177..9466de3 100644 --- a/README_eu.md +++ b/README_eu.md @@ -5,7 +5,7 @@ EZ editatu eskuz. # CryptPad YunoHost-erako -[![Integrazio maila](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Integrazio maila](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) [![Instalatu CryptPad YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) @@ -18,7 +18,7 @@ EZ editatu eskuz. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Paketatutako bertsioa:** 2024.3.1~ynh1 +**Paketatutako bertsioa:** 2024.6.0~ynh1 **Demoa:** diff --git a/README_fr.md b/README_fr.md index be2dac3..c5f03c6 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,7 @@ Il NE doit PAS être modifié à la main. # CryptPad pour YunoHost -[![Niveau d’intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) [![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) @@ -18,7 +18,7 @@ Il NE doit PAS être modifié à la main. CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké. -**Version incluse :** 2024.3.1~ynh1 +**Version incluse :** 2024.6.0~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index 2923e36..30b73de 100644 --- a/README_gl.md +++ b/README_gl.md @@ -5,7 +5,7 @@ NON debe editarse manualmente. # CryptPad para YunoHost -[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Nivel de integración](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) [![Instalar CryptPad con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) @@ -18,7 +18,7 @@ NON debe editarse manualmente. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Versión proporcionada:** 2024.3.1~ynh1 +**Versión proporcionada:** 2024.6.0~ynh1 **Demo:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 617dad4..4480991 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -5,7 +5,7 @@ # YunoHost 上的 CryptPad -[![集成程度](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![工作状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![集成程度](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![工作状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) [![使用 YunoHost 安装 CryptPad](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) @@ -18,7 +18,7 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**分发版本:** 2024.3.1~ynh1 +**分发版本:** 2024.6.0~ynh1 **演示:** From 94278ab29e214367080c6623c777ef0e253aae22 Mon Sep 17 00:00:00 2001 From: YunoHost Bot Date: Fri, 16 Aug 2024 11:51:47 +0200 Subject: [PATCH 35/35] Upgrade to v2024.6.1 (#223) Co-authored-by: tituspijean --- ALL_README.md | 2 ++ README.md | 8 ++++---- README_es.md | 8 ++++---- README_eu.md | 8 ++++---- README_fr.md | 8 ++++---- README_gl.md | 8 ++++---- README_id.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++ README_ru.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++ README_zh_Hans.md | 8 ++++---- manifest.toml | 16 ++++++++-------- 10 files changed, 132 insertions(+), 32 deletions(-) create mode 100644 README_id.md create mode 100644 README_ru.md diff --git a/ALL_README.md b/ALL_README.md index 152f2e7..e3c80d2 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -5,4 +5,6 @@ - [Irakurri README euskaraz](README_eu.md) - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) +- [Baca README dalam bahasa bahasa Indonesia](README_id.md) +- [Прочитать README на русский](README_ru.md) - [阅读中文(简体)的 README](README_zh_Hans.md) diff --git a/README.md b/README.md index 3609aee..28a93fc 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ It shall NOT be edited by hand. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Shipped version:** 2024.6.0~ynh1 +**Shipped version:** 2024.6.1~ynh1 -**Demo:** +**Demo:** ## Screenshots @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Documentation and resources -- Official app website: -- Official admin documentation: +- Official app website: +- Official admin documentation: - Upstream app code repository: - YunoHost Store: - Report a bug: diff --git a/README_es.md b/README_es.md index 50e0153..c2376e4 100644 --- a/README_es.md +++ b/README_es.md @@ -18,9 +18,9 @@ No se debe editar a mano. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Versión actual:** 2024.6.0~ynh1 +**Versión actual:** 2024.6.1~ynh1 -**Demo:** +**Demo:** ## Capturas @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Documentaciones y recursos -- Sitio web oficial: -- Documentación administrador oficial: +- Sitio web oficial: +- Documentación administrador oficial: - Repositorio del código fuente oficial de la aplicación : - Catálogo YunoHost: - Reportar un error: diff --git a/README_eu.md b/README_eu.md index 9466de3..f5a9d0d 100644 --- a/README_eu.md +++ b/README_eu.md @@ -18,9 +18,9 @@ EZ editatu eskuz. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Paketatutako bertsioa:** 2024.6.0~ynh1 +**Paketatutako bertsioa:** 2024.6.1~ynh1 -**Demoa:** +**Demoa:** ## Pantaila-argazkiak @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Dokumentazioa eta baliabideak -- Aplikazioaren webgune ofiziala: -- Administratzaileen dokumentazio ofiziala: +- Aplikazioaren webgune ofiziala: +- Administratzaileen dokumentazio ofiziala: - Jatorrizko aplikazioaren kode-gordailua: - YunoHost Denda: - Eman errore baten berri: diff --git a/README_fr.md b/README_fr.md index c5f03c6..1eba149 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,9 +18,9 @@ Il NE doit PAS être modifié à la main. CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké. -**Version incluse :** 2024.6.0~ynh1 +**Version incluse :** 2024.6.1~ynh1 -**Démo :** +**Démo :** ## Captures d’écran @@ -28,8 +28,8 @@ CryptPad est une suite de collaboration chiffrée de bout en bout et open source ## Documentations et ressources -- Site officiel de l’app : -- Documentation officielle de l’admin : +- Site officiel de l’app : +- Documentation officielle de l’admin : - Dépôt de code officiel de l’app : - YunoHost Store : - Signaler un bug : diff --git a/README_gl.md b/README_gl.md index 30b73de..ccca8c4 100644 --- a/README_gl.md +++ b/README_gl.md @@ -18,9 +18,9 @@ NON debe editarse manualmente. CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**Versión proporcionada:** 2024.6.0~ynh1 +**Versión proporcionada:** 2024.6.1~ynh1 -**Demo:** +**Demo:** ## Capturas de pantalla @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## Documentación e recursos -- Web oficial da app: -- Documentación oficial para admin: +- Web oficial da app: +- Documentación oficial para admin: - Repositorio de orixe do código: - Tenda YunoHost: - Informar dun problema: diff --git a/README_id.md b/README_id.md new file mode 100644 index 0000000..35e3409 --- /dev/null +++ b/README_id.md @@ -0,0 +1,49 @@ + + +# CryptPad untuk YunoHost + +[![Tingkat integrasi](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Status kerja](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Status pemeliharaan](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) + +[![Pasang CryptPad dengan YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) + +*[Baca README ini dengan bahasa yang lain.](./ALL_README.md)* + +> *Paket ini memperbolehkan Anda untuk memasang CryptPad secara cepat dan mudah pada server YunoHost.* +> *Bila Anda tidak mempunyai YunoHost, silakan berkonsultasi dengan [panduan](https://yunohost.org/install) untuk mempelajari bagaimana untuk memasangnya.* + +## Ringkasan + +CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. + +**Versi terkirim:** 2024.6.1~ynh1 + +**Demo:** + +## Tangkapan Layar + +![Tangkapan Layar pada CryptPad](./doc/screenshots/screenshot.png) + +## Dokumentasi dan sumber daya + +- Website aplikasi resmi: +- Dokumentasi admin resmi: +- Depot kode aplikasi hulu: +- Gudang YunoHost: +- Laporkan bug: + +## Info developer + +Silakan kirim pull request ke [`testing` branch](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +Untuk mencoba branch `testing`, silakan dilanjutkan seperti: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +atau +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` + +**Info lebih lanjut mengenai pemaketan aplikasi:** diff --git a/README_ru.md b/README_ru.md new file mode 100644 index 0000000..0bfaba9 --- /dev/null +++ b/README_ru.md @@ -0,0 +1,49 @@ + + +# CryptPad для YunoHost + +[![Уровень интеграции](https://dash.yunohost.org/integration/cryptpad.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) ![Состояние работы](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Состояние сопровождения](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) + +[![Установите CryptPad с YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad) + +*[Прочтите этот README на других языках.](./ALL_README.md)* + +> *Этот пакет позволяет Вам установить CryptPad быстро и просто на YunoHost-сервер.* +> *Если у Вас нет YunoHost, пожалуйста, посмотрите [инструкцию](https://yunohost.org/install), чтобы узнать, как установить его.* + +## Обзор + +CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. + +**Поставляемая версия:** 2024.6.1~ynh1 + +**Демо-версия:** + +## Снимки экрана + +![Снимок экрана CryptPad](./doc/screenshots/screenshot.png) + +## Документация и ресурсы + +- Официальный веб-сайт приложения: +- Официальная документация администратора: +- Репозиторий кода главной ветки приложения: +- Магазин YunoHost: +- Сообщите об ошибке: + +## Информация для разработчиков + +Пришлите Ваш запрос на слияние в [ветку `testing`](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +Чтобы попробовать ветку `testing`, пожалуйста, сделайте что-то вроде этого: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +или +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` + +**Больше информации о пакетировании приложений:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 4480991..bf0bd12 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -18,9 +18,9 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored. -**分发版本:** 2024.6.0~ynh1 +**分发版本:** 2024.6.1~ynh1 -**演示:** +**演示:** ## 截图 @@ -28,8 +28,8 @@ CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. ## 文档与资源 -- 官方应用网站: -- 官方管理文档: +- 官方应用网站: +- 官方管理文档: - 上游应用代码库: - YunoHost 商店: - 报告 bug: diff --git a/manifest.toml b/manifest.toml index 1e23c91..89333a5 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,15 +5,15 @@ name = "CryptPad" description.en = "Zero Knowledge realtime collaborative office suite" description.fr = "Suite bureautique chiffrée pour la collaboration en temps réel" -version = "2024.6.0~ynh1" +version = "2024.6.1~ynh1" maintainers = ["ddataa"] [upstream] license = "AGPL-3.0-only" -website = "https://cryptpad.org" -demo = "https://cryptpad.fr" -admindoc = "https://docs.cryptpad.org/en/" +website = "https://cryptpad.fr/" +demo = "https://cryptpad.fr/" +admindoc = "https://docs.cryptpad.fr/en/" code = "https://github.com/cryptpad/cryptpad" cpe = "cpe:2.3:a:xwiki:cryptpad" fund = "https://opencollective.com/cryptpad/contribute?language=fr" @@ -44,10 +44,10 @@ ram.runtime = "50M" default = "visitors" [resources] - [resources.sources.main] - url = "https://github.com/xwiki-labs/cryptpad/archive/refs/tags/2024.6.0.tar.gz" - sha256 = "b8694fc5f76c47204e012956a0af64e8c19968ae479da00cfd9d371d4185d2da" - autoupdate.strategy = "latest_github_tag" + [resources.sources.main] + url = "https://github.com/cryptpad/cryptpad/archive/refs/tags/2024.6.1.tar.gz" + sha256 = "318ff90668e4acfa46dbfa31d0074d8b672571169ac2ef846251e08e9b5f424a" + autoupdate.strategy = "latest_github_tag" [resources.ports] main.default = 3000