YunoHost-Apps/dendrite_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dendrite_ynh.git synced 2024-09-03 18:25:58 +02:00
Code Issues Activity Actions

Merge pull request #105 from Gredin67/patch-1

Browse source 
Expose shared secret and add instructions for registering users
This commit is contained in:
tituspijean 2023-08-18 20:24:34 +02:00 committed by GitHub
commit 207f912788
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 157 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
conf/dendrite.yaml
View file

@ -81,7 +81,7 @@ global:
# Disables federation. Dendrite will not be able to communicate with other servers # Disables federation. Dendrite will not be able to communicate with other servers
# in the Matrix federation and the federation API will not be exposed. # in the Matrix federation and the federation API will not be exposed.
disable_federation: false disable_federation: __DISABLE_FEDERATION__
# Configures the handling of presence events. Inbound controls whether we receive # Configures the handling of presence events. Inbound controls whether we receive
# presence events from other servers, outbound controls whether we send presence # presence events from other servers, outbound controls whether we send presence
@ -164,16 +164,16 @@ client_api:
# Prevents new guest accounts from being created. Guest registration is also # Prevents new guest accounts from being created. Guest registration is also
# disabled implicitly by setting 'registration_disabled' above. # disabled implicitly by setting 'registration_disabled' above.
guests_disabled: true guests_disabled: __GUESTS_DISABLED__
# If set, allows registration by anyone who knows the shared secret, regardless # If set, allows registration by anyone who knows the shared secret, regardless
# of whether registration is otherwise disabled. # of whether registration is otherwise disabled.
registration_shared_secret: "" registration_shared_secret: __REGISTRATION_SHARED_SECRET__
# Whether to require reCAPTCHA for registration. If you have enabled registration # Whether to require reCAPTCHA for registration. If you have enabled registration
# then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used # then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used
# for coordinated spam attacks. # for coordinated spam attacks.
enable_registration_captcha: false enable_registration_captcha: __ENABLE_REGISTRATION_CAPTCHA__
# Settings for ReCAPTCHA. # Settings for ReCAPTCHA.
recaptcha_public_key: "" recaptcha_public_key: ""

52
config_panel.toml
View file

@ -2,11 +2,57 @@ version = "1.0"
[main] [main]
name = "Dendrite configuration" name = "Dendrite configuration"
services = ["__APP__"]
[main.registration] [main.registration]
name = "User registration" name = "User registration"
[main.registration.registration] [main.registration.registration_shared_secret]
ask = "Should registration be enabled?" ask = "Shared Secret for Registration."
type = "string"
help = "Allows registration of default user or admin accounts, even if Registration disabled. See instructions https://matrix-org.github.io/synapse/latest/admin_api/register_api.html"
bind = ":/opt/yunohost/__APP__/dendrite.yaml"
[main.registration.helptext]
ask = '''
HOW TO REGISTER AN ACCOUNT ?
* Provide a Registration Shared Secret.
* To register an **admin** account for the user `USERNAME`, connect to your server with ssh and type :
`/opt/yunohost/dendrite/bin/create-account -config /opt/yunohost/dendrite/dendrite.yaml -username USERNAME -admin`
* Remove `-admin` to register a default user account
'''
type = "markdown"
[main.registration.registration_disabled]
ask = "Disable Registration from Element ?"
type = "boolean" type = "boolean"
default = false yes = "true"
no = "false"
help = "If True, Registration of default user accounts from a Client App is disabled. If false and your server is federated, reCAPTCHA verification should be activated to avoid spamming the whole Matrix network."
[main.registration.enable_registration_captcha]
ask = "Require CAPTCHA verification for Registration."
type = "boolean"
yes = "true"
no = "false"
help = "ReCAPTCHA API should be configured. See instructions https://matrix-org.github.io/dendrite/administration/registration#recaptcha-verification"
bind = ":/opt/yunohost/__APP__/dendrite.yaml"
visible = "!registration_disabled"
[main.registration.guests_disabled]
ask = "Disable guests registration."
type = "boolean"
yes = "true"
no = "false"
help = "Guest registration is also disabled implicitly if Registration from Element is disabled."
bind = ":/opt/yunohost/__APP__/dendrite.yaml"
visible = "!registration_disabled"
[main.registration.disable_federation]
ask = "Disable Federation."
type = "boolean"
yes = "true"
no = "false"
help = "Do not communicate with other homeservers of the Matrix Federation."
bind = ":/opt/yunohost/__APP__/dendrite.yaml"
visible = "enable_registration_captcha"

2
manifest.toml
View file

@ -43,6 +43,8 @@ ram.runtime = "50M"
ask.en = "Should the server allow any visitor to register as a user?" ask.en = "Should the server allow any visitor to register as a user?"
ask.fr = "Le serveur doit-il permettre à quiconque de s'enregistrer comme utilisateur ?" ask.fr = "Le serveur doit-il permettre à quiconque de s'enregistrer comme utilisateur ?"
type = "boolean" type = "boolean"
help.en = "If no, accounts should be registered by an admin after defining a secret. If yes, to protect your server and the federation from spammer, federation will be deactived by default. You must Activate CAPTCHA verification before federation reactivation. See Config Panel for instructions"
help.fr = "Si non, les comptes seront créés par un admin après avoir défini un secret. Si oui, la fédération sera désactivée pour protéger la fédération et vous des spammeurs. Activez la vérification par CAPTCHA avant de réactiver la fédération ! Voir les instructions dans le Config Panel"
default = false default = false
[resources] [resources]

47
scripts/config
View file

@ -9,30 +9,33 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
get_registration_disabled() {
registration_disabled=$(ynh_app_setting_get --app $app --key registration_disabled)
echo "${registration_disabled}"
}
set__registration_disabled() {
if [ "$registration_disabled" -eq "1" ]
then
really_enable_open_registration=""
else
really_enable_open_registration="--really-enable-open-registration"
fi
ynh_write_var_in_file --file=$install_dir/dendrite.yaml --key=registration_disabled --value="${registration_disabled}"
domain=$(ynh_app_setting_get --app $app --key domain)
port_tls=$(ynh_app_setting_get --app $app --key port_tls)
port=$(ynh_app_setting_get --app $app --key port)
psql_version=$(ynh_app_setting_get --app $app --key psql_version)
ynh_add_systemd_config
ynh_systemd_action --service_name=$app --action="restart" --line_match="Starting external listener" --log_path="systemd"
ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
}
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
ynh_app_config_apply() {
_ynh_app_config_apply
if [ "${changed[registration]}" == "true" ]
then
if [ $registration -eq 1 ]
then
registration_disabled="false"
really_enable_open_registration="--really-enable-open-registration"
else
registration_disabled="true"
really_enable_open_registration=""
fi
ynh_add_config --template="../conf/dendrite.yaml" --destination="$install_dir/dendrite.yaml"
ynh_add_systemd_config
ynh_systemd_action --service_name=$app --action="restart" --line_match="Starting external listener" --log_path="systemd"
ynh_app_setting_set --app=$app --key=registration --value=$registration
fi
}
ynh_app_config_run $1 ynh_app_config_run $1

18
scripts/install
View file

@ -15,13 +15,15 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
# Allow or deny registration based on is_public # Allow or deny registration based on is_public
if [ $registration -eq 1 ] if [ "$registration" -eq "1" ]
then then
registration_disabled="false" registration_disabled="false"
really_enable_open_registration="--really-enable-open-registration" really_enable_open_registration="--really-enable-open-registration"
disable_federation="true"
else else
registration_disabled="true" registration_disabled="true"
really_enable_open_registration="" really_enable_open_registration=""
disable_federation="false"
fi fi
#================================================= #=================================================
@ -29,7 +31,7 @@ fi
#================================================= #=================================================
ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=registration --value=$registration ynh_app_setting_set --app=$app --key=domain --value=$domain
#================================================= #=================================================
# ADD USER TO THE SSL-CERT GROUP # ADD USER TO THE SSL-CERT GROUP
@ -103,6 +105,18 @@ popd
# Set permissions to app files # Set permissions to app files
chown -R $app:root "$install_dir" chown -R $app:root "$install_dir"
#=================================================
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
#=================================================
guests_disabled="true"
registration_shared_secret=""
enable_registration_captcha="false"
ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation
ynh_app_setting_set --app=$app --key=guests_disabled --value=$guests_disabled
ynh_app_setting_set --app=$app --key=registration_shared_secret --value=$registration_shared_secret
ynh_app_setting_set --app=$app --key=enable_registration_captcha --value=$enable_registration_captcha
#================================================= #=================================================
# ADD A CONFIGURATION # ADD A CONFIGURATION
#================================================= #=================================================

62
scripts/upgrade
View file

@ -34,21 +34,75 @@ if ! groups $app | grep -q 'ssl-cert'; then
adduser $app ssl-cert adduser $app ssl-cert
fi fi
#=================================================
# GET CONFIG PANEL SETTINGS
#=================================================
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
domain=$(ynh_app_setting_get --app=$app --key=domain)
registration_disabled=$(ynh_app_setting_get --app=$app --key=registration_disabled)
disable_federation=$(ynh_app_setting_get --app=$app --key=disable_federation)
guests_disabled=$(ynh_app_setting_get --app=$app --key=guests_disabled)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
enable_registration_captcha=$(ynh_app_setting_get --app=$app --key=enable_registration_captcha)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# MIGRATION : Manage old settings
#=================================================
# Define $server_name if not already defined # Define $server_name if not already defined
if [ -z $server_name ]; then if [ -z $server_name ]; then
server_name=$domain server_name=$domain
ynh_app_setting_set --app=$app --key=server_name --value=$domain ynh_app_setting_set --app=$app --key=server_name --value=$domain
fi fi
# Define $disable_federation if not already defined
if [ -z $enable_registration_captcha ]; then
enable_registration_captcha="false"
ynh_app_setting_set --app=$app --key=enable_registration_captcha --value=$enable_registration_captcha
fi
# Define $guests_disabled if not already defined
if [ -z $guests_disabled ]; then
guests_disabled="true"
ynh_app_setting_set --app=$app --key=guests_disabled --value=$guests_disabled
fi
# Define $registration_shared_secret if not already defined
if [ -z $registration_shared_secret ]; then
registration_shared_secret=""
ynh_app_setting_set --app=$app --key=registration_shared_secret --value=$registration_shared_secret
fi
# Load up registration variables # Load up registration variables
if [[ $registration -eq 1 ]] registration=$(ynh_app_setting_get --app=$app --key=registration)
then if [ -z $registration ]; then
if [ "$registration_disabled" -eq "1" ]
then
really_enable_open_registration="--really-enable-open-registration"
else
really_enable_open_registration=""
fi
else
ynh_app_setting_delete --app=$app --key=registration
if [[ "$registration" -eq "1" ]]
then
registration_disabled="false" registration_disabled="false"
really_enable_open_registration="--really-enable-open-registration" really_enable_open_registration="--really-enable-open-registration"
else disable_federation="true"
ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation
else
registration_disabled="true" registration_disabled="true"
really_enable_open_registration="" really_enable_open_registration=""
ynh_app_setting_set --app=$app --key=registration --value=0 disable_federation="false"
ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation
fi
fi fi
#================================================= #=================================================