1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cryptpad_ynh.git synced 2024-09-03 18:26:14 +02:00

Merge pull request #145 from YunoHost-Apps/testing

Testing
This commit is contained in:
Éric Gaspar 2023-02-13 10:56:44 +01:00 committed by GitHub
commit bc01a4026c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 295 additions and 47 deletions

View file

@ -6,6 +6,7 @@ It shall NOT be edited by hand.
# CryptPad for YunoHost
[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Working status](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
[![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
*[Lire ce readme en français.](./README_fr.md)*
@ -17,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
**Shipped version:** 4.12.0~ynh2
**Shipped version:** 5.2.1~ynh1
**Demo:** https://cryptpad.fr/

View file

@ -5,25 +5,26 @@ It shall NOT be edited by hand.
# CryptPad pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
[![Niveau dintégration](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
[![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=cryptpad)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer CryptPad rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
> *Ce package vous permet dinstaller CryptPad rapidement et simplement sur un serveur YunoHost.
Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment linstaller et en profiter.*
## Vue d'ensemble
## Vue densemble
CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké.
**Version incluse :** 4.12.0~ynh2
**Version incluse :** 5.2.1~ynh1
**Démo :** https://cryptpad.fr/
## Captures d'écran
## Captures décran
![Capture d'écran de CryptPad](./doc/screenshots/screenshot.png)
![Capture décran de CryptPad](./doc/screenshots/screenshot.png)
## Avertissements / informations importantes
@ -43,9 +44,9 @@ adminKeys: [
## Documentations et ressources
* Site officiel de l'app : <https://cryptpad.fr/>
* Documentation officielle de l'admin : <https://docs.cryptpad.fr/en/>
* Dépôt de code officiel de l'app : <https://github.com/xwiki-labs/cryptpad>
* Site officiel de lapp : <https://cryptpad.fr/>
* Documentation officielle de ladmin : <https://docs.cryptpad.fr/en/>
* Dépôt de code officiel de lapp : <https://github.com/xwiki-labs/cryptpad>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_cryptpad>
* Signaler un bug : <https://github.com/YunoHost-Apps/cryptpad_ynh/issues>
@ -61,4 +62,4 @@ ou
sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>
**Plus dinfos sur le packaging dapplications :** <https://yunohost.org/packaging_apps>

View file

@ -13,6 +13,8 @@
upgrade=1
#4.10.0
upgrade=1 from_commit=2a54cd03f90c93b07150a64644ffc7f208110a18
#4.12.0
upgrade=1 from_commit=1e36039893dc35533b320257ca7f93ef1d07a164
backup_restore=1
multi_instance=0
port_already_use=0
@ -23,3 +25,6 @@ Notification=none
;;; Upgrade options
; commit=2a54cd03f90c93b07150a64644ffc7f208110a18
name=update to 4.10.0
;;; Upgrade options
; commit=1e36039893dc35533b320257ca7f93ef1d07a164
name=update to 4.12.0

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/4.11.0.tar.gz
SOURCE_SUM=e529b484c297f73227f991971189c51f64da1ab53fc78334d1fb08e320d4385e
SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/5.2.1.tar.gz
SOURCE_SUM=945abe5bae0da25a4e2ef8e02730aaa5bb5e5a0b8bfd7a23a09ec38422d7c47f
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

View file

@ -72,7 +72,7 @@ module.exports = {
*
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
*/
// httpSafeOrigin: "https://some-other-domain.xyz",
httpSafeOrigin: "https://__SANDBOXDOMAIN__",
/* httpAddress specifies the address on which the nodejs server
* should be accessible. By default it will listen on 127.0.0.1
@ -324,5 +324,5 @@ module.exports = {
* such as Docker.
*
*/
installMethod: 'unspecified',
installMethod: 'yunohost',
};

View file

@ -1,19 +1,94 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect off;
proxy_set_header Host $host;
set $main_domain "__DOMAIN__";
set $sandbox_domain "__SANDBOXDOMAIN__";
set $allowed_origins "https://${sandbox_domain}";
set $api_domain "__DOMAIN__";
set $files_domain "__DOMAIN__";
ssl_ecdh_curve secp384r1;
more_set_headers "Strict-Transport-Security: 'max-age=31536000; includeSubDomains' always";
more_set_headers "X-XSS-Protection: '1; mode=block'";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
root /var/www/cryptpad;
index index.html;
error_page 404 /customize.dist/404.html;
if ($uri ~ ^(\/|.*\/|.*\.html)$) {
set $cacheControl no-cache;
}
if ($args ~ ver=) {
set $cacheControl max-age=31536000;
}
more_set_headers "Cache-Control: $cacheControl";
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
set $connectSrc "'self' blob: https://${main_domain} https://${sandbox_domain} wss://${main_domain}";
set $fontSrc "'self' data: https://${main_domain}";
set $imgSrc "'self' data: blob: https://${main_domain}";
set $frameSrc "'self' https://${sandbox_domain} blob:";
set $mediaSrc "blob:";
set $childSrc "https://${main_domain}";
set $workerSrc "'self'";
set $scriptSrc "'self' resource: https://${main_domain}";
set $frameAncestors "'self' https://${main_domain}";
set $unsafe 0;
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
if ($host != $sandbox_domain) { set $unsafe 0; }
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
}
more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
location ^~ /cryptpad_websocket {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding';
proxy_set_header Connection upgrade;
}
location ^~ /customize.dist/ {
# This is needed in order to prevent infinite recursion between /customize/ and the root
}
location ^~ /customize/ {
rewrite ^/customize/(.*)$ $1 break;
try_files /customize/$uri /customize.dist/$uri;
}
location ~ ^/api/.*$ {
proxy_pass http://localhost:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Cross-Origin-Resource-Policy;
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
proxy_hide_header Cross-Origin-Embedder-Policy;
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
}
location ^~ /blob/ {
if ($request_method = 'OPTIONS') {
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'";
more_set_headers "Access-Control-Max-Age: 1728000";
more_set_headers "Content-Type: 'application/octet-stream; charset=utf-8'";
more_set_headers "Content-Length: 0";
return 204;
}
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Cache-Control: max-age=31536000'";
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
more_set_headers "Access-Control-Allow-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'";
more_set_headers "Access-Control-Expose-Headers: 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'";
try_files $uri =404;
}
location ^~ /block/ {
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Cache-Control: max-age=0";
try_files $uri =404;
}
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ {
rewrite ^(.*)$ $1/ redirect;
}
try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri;

View file

@ -3,17 +3,18 @@
"id": "cryptpad",
"packaging_format": 1,
"description": {
"en": "Zero Knowledge realtime collaborative editor",
"fr": "Éditeur chiffré collaboratif en temps réel"
"en": "Zero Knowledge realtime collaborative office suite",
"fr": "Suite bureautique chiffrée pour la collaboration en temps réel"
},
"version": "4.12.0~ynh2",
"version": "5.2.1~ynh1",
"url": "https://cryptpad.fr/",
"upstream": {
"license": "AGPL-3.0-only",
"website": "https://cryptpad.fr/",
"demo": "https://cryptpad.fr/",
"admindoc": "https://docs.cryptpad.fr/en/",
"code": "https://github.com/xwiki-labs/cryptpad"
"code": "https://github.com/xwiki-labs/cryptpad",
"cpe": "cpe:2.3:a:xwiki:cryptpad"
},
"license": "AGPL-3.0-only",
"maintainer": {
@ -22,7 +23,7 @@
"url": "https://frju365.yunohost.support"
},
"requirements": {
"yunohost": ">= 4.3.0"
"yunohost": ">= 11.1.6"
},
"multi_instance": false,
"services": [

View file

@ -4,7 +4,7 @@
# COMMON VARIABLES
#=================================================
nodejs_version="14"
nodejs_version="16.14.2"
#=================================================
# PERSONAL HELPERS

View file

@ -66,6 +66,31 @@ ynh_app_setting_set --app=$app --key=port --value=$port
porti=$(ynh_find_port --port=$(($port + 1)))
ynh_app_setting_set --app=$app --key=porti --value=$porti
#=================================================
# CREATE A SANDBOX DOMAIN
#=================================================
# if the main domain for the app is a root domain, we create a correct sandbox subdomain
if [[ $domain == *"."* ]]; then
sandboxdomain=sandbox.$domain
fi
# if the main domain for the app is already a sub-domain, we create a correct sandbox domain
if [[ $domain == *"."*"."* ]]; then
sandboxdomain=sandbox-$domain
fi
# if the main domain for the app is a .local root domain, we create a correct sandbox subdomain
if [[ $domain == *".local" ]]; then
sandboxdomain=sandbox-$domain
fi
ynh_script_progression --message="Setting up sandobx domain : $sandboxdomain" --weight=1
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain add $sandboxdomain
yunohost domain config set $sandboxdomain -a "mail_in=0&mail_out=0"
fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
@ -131,6 +156,8 @@ pushd "$final_path"
ynh_exec_warn_less npm install --allow-root
ynh_exec_warn_less npm install -g bower
ynh_exec_warn_less bower install --allow-root
ynh_exec_warn_less bower update --allow-root
ynh_exec_warn_less npm run build
popd
#=================================================
@ -161,6 +188,30 @@ then
ynh_permission_update --permission="main" --add="visitors"
fi
# We authorize access to sandbox domain
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
ynh_permission_url --permission="main" --add_url=$sandboxdomain --auth_header=true
fi
#=================================================
# APPLY FOLDER RIGHTS
#=================================================
chgrp -R www-data $final_path
#=================================================
# COPY NGINX CONF IN SANDBOX DOMAIN
#=================================================
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
ynh_add_config --template="/etc/nginx/conf.d/$domain.d/cryptpad.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/cryptpad.conf"
fi
#=================================================
# RELOAD YUNOHOST-API to refresh web admin domains after domain creation (normal?)
#=================================================
ynh_systemd_action --service_name=yunohost-api --action=reload
#=================================================
# RELOAD NGINX
#=================================================
@ -175,9 +226,14 @@ ynh_script_progression --message="Sending a readme for the admin..." --weight=1
message="CryptPad was successfully installed :)
Please open your $app domain: https://$domain$path_url
READ CAREFULLY !!
Once CryptPad is installed, create an account via the Register button on the home page. To make this account an instance administrator:
We have added a sandbox domain : $sandboxdomain for you but you still need to configure your DNS and generate the Let's Encrypt Certificates for it.
You will need also to restart CryptPad service after this is done.
Then you can please open your $app domain: https://$domain$path_url
Once CryptPad is installed, create an account via the Sign Up button on the home page which will take you to the Register page.
To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder):

View file

@ -64,6 +64,42 @@ ynh_script_progression --message="Removing dependencies..." --weight=3
ynh_remove_nodejs
#=================================================
# REMOVE SANDBOX DOMAIN
#=================================================
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
# if the main domain for the app is a root domain, we create a correct sandbox subdomain
if [[ $domain == *"."* ]]; then
sandboxdomain=sandbox.$domain
fi
# if the main domain for the app is already a sub-domain, we create a correct sandbox domain
if [[ $domain == *"."*"."* ]]; then
sandboxdomain=sandbox-$domain
fi
# if the main domain for the app is a .local root domain, we create a correct sandbox subdomain
if [[ $domain == *".local" ]]; then
sandboxdomain=sandbox-$domain
fi
ynh_script_progression --message="Removing sandbox domain : $sandboxdomain" --weight=1
if yunohost domain list | grep -q $sandboxdomain
then #if domain exist we remove it
yunohost domain remove $sandboxdomain
# we clean the nginx configuration we added
ynh_secure_remove --file="/etc/nginx/conf.d/$sandboxdomain.d/"
fi
fi
#=================================================
# RELOAD YUNOHOST-API to refresh web admin domains after domain creation (bug core?)
#=================================================
#ynh_systemd_action --service_name=yunohost-api --action=reload
#=================================================
# GENERIC FINALIZATION
#=================================================

View file

@ -68,6 +68,11 @@ chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
chmod 600 "$final_path/config/config.js"
#=================================================
# APPLY FOLDER GROUP RIGHTS FOR WWW-DATA
#=================================================
chgrp -R www-data $final_path
#=================================================
# REINSTALL DEPENDENCIES
#=================================================

View file

@ -90,13 +90,42 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --keep="$final_path/config/config.js"
ynh_setup_source --dest_dir="$final_path" --keep="config/config.js customize/"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
fi
#=================================================
# APPLY FOLDER GROUP RIGHTS FOR WWW-DATA
#=================================================
chgrp -R www-data $final_path
#=================================================
# CREATE A SANDBOX DOMAIN
#=================================================
# if the main domain for the app is a root domain, we create a correct sandbox subdomain
if [[ $domain == *"."* ]]; then
sandboxdomain=sandbox.$domain
fi
# if the main domain for the app is already a sub-domain, we create a correct sandbox domain
if [[ $domain == *"."*"."* ]]; then
sandboxdomain=sandbox-$domain
fi
# if the main domain for the app is a .local root domain, we create a correct sandbox subdomain
if [[ $domain == *".local" ]]; then
sandboxdomain=sandbox-$domain
fi
ynh_script_progression --message="Setting up sandobx domain : $sandboxdomain" --weight=1
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
yunohost domain add $sandboxdomain
yunohost domain config set $sandboxdomain -a "mail_in=0&mail_out=0"
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -122,6 +151,7 @@ pushd "$final_path"
ynh_exec_warn_less npm install -g bower
ynh_exec_warn_less bower update --allow-root
ynh_exec_warn_less npm i
ynh_exec_warn_less npm run build
popd
#=================================================
@ -142,6 +172,11 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log"
#=================================================
# ADD UPGRADED CONFIG WITH SANDBOX
#=================================================
ynh_add_config --template="../conf/config.js" --destination="$final_path/config/config.js"
#=================================================
# START SYSTEMD SERVICE
#=================================================
@ -149,6 +184,20 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available"
#=================================================
# COPY NGINX CONF IN SANDBOX DOMAIN
#=================================================
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
ynh_add_config --template="/etc/nginx/conf.d/$domain.d/cryptpad.conf" --destination="/etc/nginx/conf.d/$sandboxdomain.d/cryptpad.conf"
fi
# We authorize access to sandbox domain
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
ynh_permission_url --permission="main" --add_url=$sandboxdomain --auth_header=true
fi
#=================================================
# RELOAD NGINX
#=================================================
@ -156,6 +205,25 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
ynh_script_progression --message="Sending a readme for the admin..." --weight=1
message="CryptPad was successfully upgraded :)
We have added a sandbox domain for you but you still need to configure your DNS and generate Let's Encrypt Certificates for it !!
If not already done, then you can please open your $app domain: https://$domain$path_url
Create an account via the Register button on the home page. To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder):
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],
If you are facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/cryptpad_ynh"
ynh_send_readme_to_admin "$message"
#=================================================
# END OF SCRIPT
#=================================================