updates

2024-09-03 18:26:22 +02:00 · 2022-03-24 13:34:47 +07:00 · 2022-03-24 13:34:47 +07:00 · 8a87cfd22c
commit 8a87cfd22c
parent 77d10f78f5
8 changed files with 53 additions and 262 deletions
--- a/conf/config.yaml
+++ b/conf/config.yaml
@ -7,6 +7,12 @@ storage:
 web:
  http: 127.0.0.1:__PORT__
 frontend:
  issuer: dex
  logoURL: /usr/share/yunohost/admin/img/logo.08bab97e.png
  dir: web/
  theme: light
 connectors:
 - type: ldap
  name: OpenLDAP
@ -46,4 +52,3 @@ staticClients:
  - __OIDC_CALLBACK__
  name: __OIDC_NAME__
  secret: __OIDC_SECRET__
--- a/scripts/backup
+++ b/scripts/backup
@ -28,34 +28,25 @@ ynh_print_info --message="Loading installation settings..."
 app=$YNH_APP_INSTANCE_NAME
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+path_url=$(ynh_app_setting_get --app=$app --key=path)
-phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
+final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+port=$(ynh_app_setting_get --app=$app --key=port)
 oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
 oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
 oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
 #=================================================
 # DECLARE DATA AND CONF FILES TO BACKUP
 #=================================================
 ynh_print_info --message="Declaring files to be backed up..."
 ### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
 ### to be backuped and not an actual copy of any file. The actual backup that
 ### creates and fill the archive with the files happens in the core after this
 ### script is called. Hence ynh_backups calls takes basically 0 seconds to run.
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================
 ynh_backup --src_path="$final_path"
 #=================================================
 # BACKUP THE DATA DIR
 #=================================================
 ynh_backup --src_path="$datadir" --is_big
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================
@ -84,14 +75,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 #=================================================
 # BACKUP VARIOUS FILES
 #=================================================
 ynh_backup --src_path="/etc/cron.d/$app"
 ynh_backup --src_path="/etc/$app/"
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 # Add settings here as needed by your application
 #db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 #db_user=$db_name
 #db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
 #=================================================
 # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
 #=================================================
@ -108,9 +103,17 @@ fi
 #=================================================
 # SPECIFIC MODIFICATIONS
 #=================================================
-# ...
+# MODIFY URL IN YAML CONF
 #=================================================
 # Make a backup of the original YAML config file if modified
 ynh_backup_if_checksum_is_different --file="$final_path/config.yaml"
 # Set global variables for YAML helper
 domain="$new_domain"
 path_url="$new_path"
 # Create a dedicated YAML config
 ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml"
 #=================================================
 # GENERIC FINALISATION
 #=================================================
--- a/scripts/config
+++ b/scripts/config
@ -1,102 +0,0 @@
 #!/bin/bash
 # In simple cases, you don't need a config script. 
 # With a simple config_panel.toml, you can write in the app settings, in the 
 # upstream config file or replace complete files (logo ...) and restart services.
 # The config scripts allows you to go further, to handle specific cases 
 # (validation of several interdependent fields, specific getter/setter for a value,
 # display dynamic informations or choices, pre-loading of config type .cube... ).
 #=================================================
 # GENERIC STARTING
 #=================================================
 # IMPORT GENERIC HELPERS
 #=================================================
 source /usr/share/yunohost/helpers
 ynh_abort_if_errors
 #=================================================
 # RETRIEVE ARGUMENTS
 #=================================================
 final_path=$(ynh_app_setting_get $app final_path)
 #=================================================
 # SPECIFIC GETTERS FOR TOML SHORT KEY
 #=================================================
 get__amount() {
    # Here we can imagine to have an API call to stripe to know the amount of donation during a month
    local amount = 200
    # It's possible to change some properties of the question by overriding it:
    if [ $amount -gt 100 ]
    then
    cat << EOF
 style: success
 value: $amount
 ask:
  en: A lot of donation this month: **$amount €**
 EOF
    else
    cat << EOF
 style: danger
 value: $amount
 ask:
  en: Not so much donation this month: $amount €
 EOF
    fi
 }
 get__prices() {
    local prices = "$(grep "DONATION\['" "$final_path/settings.py" | sed -r "s@^DONATION\['([^']*)'\]\['([^']*)'\] = '([^']*)'@\1/\2/\3@g" | sed -z 's/\n/,/g;s/,$/\n/')"
    if [ "$prices" == "," ];
    then
        # Return YNH_NULL if you prefer to not return a value at all.
        echo YNH_NULL
    else
        echo $prices
    fi
 }
 #=================================================
 # SPECIFIC VALIDATORS FOR TOML SHORT KEYS
 #=================================================
 validate__publishable_key() {
    # We can imagine here we test if the key is really a publisheable key
    (is_secret_key $publishable_key) &&
        echo 'This key seems to be a secret key'
 }
 #=================================================
 # SPECIFIC SETTERS FOR TOML SHORT KEYS
 #=================================================
 set__prices() {
    #---------------------------------------------
    # IMPORTANT: setter are trigger only if a change is detected
    #---------------------------------------------
    for price in $(echo $prices | sed "s/,/ /"); do
        frequency=$(echo $price | cut -d/ -f1)
        currency=$(echo $price | cut -d/ -f2)
        price_id=$(echo $price | cut -d/ -f3)
        sed "d/DONATION\['$frequency'\]\['$currency'\]" "$final_path/settings.py"
        echo "DONATION['$frequency']['$currency'] = '$price_id'" >> "$final_path/settings.py"
    done
    #---------------------------------------------
    # IMPORTANT: to be able to upgrade properly, you have to saved the value in settings too
    #---------------------------------------------
    ynh_app_setting_set $app prices $prices
 }
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 ynh_app_config_run $1
--- a/scripts/install
+++ b/scripts/install
@ -172,8 +172,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
 ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1
 # Create a dedicated Fail2Ban config
-### FIX ME 
+ynh_add_fail2ban_config --logpath="/var/log/dex/dex.log" --failregex="ldap: invalid password for user"
 # ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 #=================================================
 # SETUP SSOWAT
--- a/scripts/remove
+++ b/scripts/remove
@ -17,11 +17,12 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
 app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-port=$(ynh_app_setting_get --app=$app --key=port)
+path_url=$(ynh_app_setting_get --app=$app --key=path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+port=$(ynh_app_setting_get --app=$app --key=port)
 oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
 oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
 oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
 #=================================================
 # STANDARD REMOVE
--- a/scripts/restore
+++ b/scripts/restore
@ -31,10 +31,10 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+port=$(ynh_app_setting_get --app=$app --key=port)
-db_user=$db_name
+oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
-phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
+oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@ -68,35 +68,10 @@ ynh_script_progression --message="Restoring the app main directory..." --time --
 ynh_restore_file --origin_path="$final_path"
 # FIXME: this should be managed by the core in the future
 # Here, as a packager, you may have to tweak the ownerhsip/permissions
 # such that the appropriate users (e.g. maybe www-data) can access
 # files in some cases.
 # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
 # this will be treated as a security issue.
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 #=================================================
 # RESTORE THE DATA DIRECTORY
 #=================================================
 ynh_script_progression --message="Restoring the data directory..." --time --weight=1
 ynh_restore_file --origin_path="$datadir" --not_mandatory
 mkdir -p $datadir
 # FIXME: this should be managed by the core in the future
 # Here, as a packager, you may have to tweak the ownerhsip/permissions
 # such that the appropriate users (e.g. maybe www-data) can access
 # files in some cases.
 # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
 # this will be treated as a security issue.
 chmod 750 "$datadir"
 chmod -R o-rwx "$datadir"
 chown -R $app:www-data "$datadir"
 #=================================================
 # RESTORE FAIL2BAN CONFIGURATION
 #=================================================
@ -116,15 +91,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --time --weight=
 # Define and install dependencies
 ynh_install_app_dependencies $pkg_dependencies
 #=================================================
 # RESTORE VARIOUS FILES
 #=================================================
 ynh_script_progression --message="Restoring various files..." --time --weight=1
 ynh_restore_file --origin_path="/etc/cron.d/$app"
 ynh_restore_file --origin_path="/etc/$app/"
 #=================================================
 # RESTORE SYSTEMD
 #=================================================
@ -159,9 +125,8 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
 #=================================================
 # RELOAD NGINX AND PHP-FPM
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1
+ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
 ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -18,21 +18,16 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+port=$(ynh_app_setting_get --app=$app --key=port)
 oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
 oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
 oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
 #=================================================
 # CHECK VERSION
 #=================================================
 ### This helper will compare the version of the currently installed app and the version of the upstream package.
 ### $upgrade_type can have 2 different values
 ### - UPGRADE_APP if the upstream app version has changed
 ### - UPGRADE_PACKAGE if only the YunoHost package has changed
 ### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
 ### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
 upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
@ -58,49 +53,6 @@ ynh_script_progression --message="Stopping a systemd service..." --time --weight
 ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
 #
 # N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
 # of what you may want to do in some cases (e.g. a setting was not defined on
 # some legacy installs and you therefore want to initiaze stuff during upgrade)
 #
 # If db_name doesn't exist, create it
 #if [ -z "$db_name" ]; then
 #	db_name=$(ynh_sanitize_dbid --db_name=$app)
 #	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 #fi
 # If final_path doesn't exist, create it
 #if [ -z "$final_path" ]; then
 #	final_path=/var/www/$app
 #	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 #fi
 ### If nobody installed your app before 4.1,
 ### then you may safely remove these lines
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
 	ynh_legacy_permissions_delete_all
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 if ! ynh_permission_exists --permission="admin"; then
 	# Create the required permissions
 	ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
 fi
 # Create a permission if needed
 if ! ynh_permission_exists --permission="api"; then
 	ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
 fi
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
@ -121,12 +73,6 @@ then
 	ynh_setup_source --dest_dir="$final_path"
 fi
 # FIXME: this should be managed by the core in the future
 # Here, as a packager, you may have to tweak the ownerhsip/permissions
 # such that the appropriate users (e.g. maybe www-data) can access
 # files in some cases.
 # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
 # this will be treated as a security issue.
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
@ -139,13 +85,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
 ynh_install_app_dependencies $pkg_dependencies
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@ -157,34 +96,32 @@ ynh_add_fpm_config
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-# ...
+# BUILDING SOURCES AND SETTING UP THE SERVER
 #=================================================
 ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
 ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION
 pushd "$final_path"
 	# Build the sources
 	ynh_use_go
 	unset GOPATH
 	make build
 popd
 ynh_remove_go
 #=================================================
 # UPDATE A CONFIG FILE
 #=================================================
 ynh_script_progression --message="Updating a configuration file..." --time --weight=1
-### Same as during install
+ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml"
 ###
 ### The file will automatically be backed-up if it's found to be manually modified (because
 ### ynh_add_config keeps track of the file's checksum)
-ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
+chmod 400 "$final_path/config.yaml"
 # FIXME: this should be handled by the core in the future
 # You may need to use chmod 600 instead of 400,
 # for example if the app is expected to be able to modify its own config
 chmod 400 "$final_path/some_config_file"
 chown $app:$app "$final_path/some_config_file"
 ### For more complex cases where you want to replace stuff using regexes,
 ### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
 ### When doing so, you also need to manually call ynh_store_file_checksum
 ###
 ### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
 ### ynh_store_file_checksum --file="$final_path/some_config_file"
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@ -223,7 +160,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
 ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1
 # Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+ynh_add_fail2ban_config --logpath="/var/log/dex/dex.log" --failregex="ldap: invalid password for user"
 #=================================================
 # RELOAD NGINX