diff --git a/conf/nginx.conf b/conf/nginx.conf index b190757..867d5ef 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/static/ { # Service static files by nginx # e.g.: /var/www/$app/static - alias __FINALPATH__/static/; + alias __PUBLIC_PATH__/static/; expires 30d; } diff --git a/conf/settings.py b/conf/settings.py index f2f3539..2ce83fe 100644 --- a/conf/settings.py +++ b/conf/settings.py @@ -19,9 +19,12 @@ DEBUG = False # Don't turn DEBUG on in production! # ----------------------------------------------------------------------------- -FINALPATH = __Path('__FINALPATH__') # /var/www/$app +FINALPATH = __Path('__FINALPATH__') # /opt/yunohost/$app assert FINALPATH.is_dir(), f'Directory not exists: {FINALPATH}' +PUBLIC_PATH = __Path('__PUBLIC_PATH__') # /var/www/$app +assert PUBLIC_PATH.is_dir(), f'Directory not exists: {PUBLIC_PATH}' + LOG_FILE = __Path('__LOG_FILE__') # /var/log/$app/django_example_ynh.log assert LOG_FILE.is_file(), f'File not exists: {LOG_FILE}' @@ -37,6 +40,26 @@ SECRET_KEY = __get_or_create_secret(FINALPATH / 'secret.txt') # /opt/yunohost/$ # INSTALLED_APPS.append('') +MIDDLEWARE.insert( + MIDDLEWARE.index('django.contrib.auth.middleware.AuthenticationMiddleware') + 1, + # login a user via HTTP_REMOTE_USER header from SSOwat: + 'django_yunohost_integration.sso_auth.auth_middleware.SSOwatRemoteUserMiddleware', +) + +# Keep ModelBackend around for per-user permissions and superuser +AUTHENTICATION_BACKENDS = ( + # Authenticate via SSO and nginx 'HTTP_REMOTE_USER' header: + 'django_yunohost_integration.sso_auth.auth_backend.SSOwatUserBackend', + # + # Fallback to normal Django model backend: + 'django.contrib.auth.backends.ModelBackend', +) + +LOGIN_REDIRECT_URL = None +LOGIN_URL = '/yunohost/sso/' +LOGOUT_REDIRECT_URL = '/yunohost/sso/' +# /yunohost/sso/?action=logout + # ----------------------------------------------------------------------------- @@ -103,9 +126,8 @@ else: STATIC_URL = '/static/' MEDIA_URL = '/media/' -STATIC_ROOT = str(FINALPATH / 'static') -MEDIA_ROOT = str(FINALPATH / 'media') - +STATIC_ROOT = str(PUBLIC_PATH / 'static') +MEDIA_ROOT = str(PUBLIC_PATH / 'media') # ----------------------------------------------------------------------------- diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index b895b29..2be4e0e 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -75,6 +75,9 @@ These projects used `django_example_ynh`: # Developer info +The App project will be stored under `__FINALPATH__` (e.g.: `/opt/yunohost/$app`) that's Django's `settings.FINALPATH` +"static" / "media" files to serve via nginx are under `__PUBLIC_PATH__` (e.g.: `/var/www/$app`) that's `settings.PUBLIC_PATH` + ## package installation / debugging This app is not in YunoHost app catalog. Test install, e.g.: diff --git a/scripts/_common.sh b/scripts/_common.sh index 3d25ad6..b95ce9c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -15,7 +15,8 @@ app=$YNH_APP_INSTANCE_NAME # SET CONSTANTS #================================================= -final_path=/var/www/$app +public_path=/var/www/$app +final_path=/opt/yunohost/$app log_path=/var/log/$app log_file="${log_path}/django_example_ynh.log" diff --git a/scripts/backup b/scripts/backup index f24714a..308ba1c 100755 --- a/scripts/backup +++ b/scripts/backup @@ -18,7 +18,7 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) +public_path=$(ynh_app_setting_get --app="$app" --key=public_path) final_path=$(ynh_app_setting_get --app="$app" --key=final_path) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) @@ -34,7 +34,7 @@ ynh_print_info --message="Declaring files to be backed up..." #================================================= ynh_backup --src_path="$final_path" -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$public_path" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 3d29b34..98f98d6 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -25,7 +25,7 @@ new_path=$YNH_APP_NEW_PATH ynh_script_progression --message="Loading installation settings..." admin=$(ynh_app_setting_get --app="$app" --key=admin) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) +public_path=$(ynh_app_setting_get --app="$app" --key=public_path) final_path=$(ynh_app_setting_get --app="$app" --key=final_path) log_path=$(ynh_app_setting_get --app="$app" --key=log_path) @@ -94,7 +94,7 @@ then domain="$old_domain" path_url="$new_path" # Create a dedicated nginx config - ynh_add_nginx_config "final_path" "port" + ynh_add_nginx_config "public_path" "port" fi # Change the domain for nginx @@ -112,7 +112,7 @@ fi #================================================= # MODIFY SETTINGS #================================================= -ynh_script_progression --message="Modify django_example_ynh's config file..." +ynh_script_progression --message="Modify django-fmd's config file..." ynh_add_config --template="settings.py" --destination="$final_path/settings.py" diff --git a/scripts/install b/scripts/install index c7ac1ec..a808194 100755 --- a/scripts/install +++ b/scripts/install @@ -20,7 +20,7 @@ ynh_abort_if_errors ynh_script_progression --message="Validating installation parameters..." # Path for e.g. "static" files, served by nginx: -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +test ! -e "$public_path" || ynh_die --message="This path already contains a folder" # Path for own config files, e.g.: Django's settings.py: test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -28,7 +28,7 @@ test ! -e "$final_path" || ynh_die --message="This path already contains a folde # Register (book) web path ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" -mkdir -p "$final_path/media" "$final_path/static" +mkdir -p "$public_path/media" "$public_path/static" mkdir -p "$final_path" mkdir -p "$log_path" @@ -40,7 +40,7 @@ touch "${log_file}" ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app="$app" --key=admin --value="$admin" -ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" +ynh_app_setting_set --app="$app" --key=public_path --value="$public_path" ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" ynh_app_setting_set --app="$app" --key=log_path --value="$log_file" @@ -92,7 +92,7 @@ ynh_script_progression --message="Configuring nginx web server..." # Create a dedicated nginx config # https://github.com/YunoHost/yunohost/blob/dev/data/helpers.d/nginx -ynh_add_nginx_config "final_path" "port" +ynh_add_nginx_config "public_path" "port" #================================================= # CREATE DEDICATED USER @@ -186,11 +186,11 @@ yunohost service add $app --description="Web based management to catalog things" # Set permissions to app files chown -R "$app:" "$log_path" -chown -R "$app:www-data" "$final_path" +chown -R "$app:www-data" "$public_path" chown -R "$app:" "$final_path" chmod o-rwx "$log_path" -chmod o-rwx "$final_path" +chmod o-rwx "$public_path" chmod o-rwx "$final_path" #================================================= diff --git a/scripts/remove b/scripts/remove index 213b7ba..5e630a4 100755 --- a/scripts/remove +++ b/scripts/remove @@ -17,7 +17,7 @@ ynh_script_progression --message="Loading installation settings..." domain=$(ynh_app_setting_get --app="$app" --key=domain) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) db_user=$db_name -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) +public_path=$(ynh_app_setting_get --app="$app" --key=public_path) final_path=$(ynh_app_setting_get --app="$app" --key=final_path) #================================================= @@ -68,7 +68,7 @@ ynh_exec_warn_less ynh_remove_app_dependencies ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely -ynh_secure_remove --file="$final_path" +ynh_secure_remove --file="$public_path" ynh_secure_remove --file="$final_path" #================================================= diff --git a/scripts/restore b/scripts/restore index fcc7dbb..34d464f 100755 --- a/scripts/restore +++ b/scripts/restore @@ -21,7 +21,7 @@ ynh_abort_if_errors ynh_script_progression --message="Loading settings..." final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) +public_path=$(ynh_app_setting_get --app="$app" --key=public_path) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) db_user=$db_name db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd) @@ -51,9 +51,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -ynh_restore_file --origin_path="$final_path" - -touch "$final_path/local_settings.py" +ynh_restore_file --origin_path="$public_path" #================================================= # RECREATE THE DEDICATED USER @@ -68,7 +66,7 @@ ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell #================================================= # Restore permissions on app files -chown -R "$app:www-data" "$final_path" +chown -R "$app:www-data" "$public_path" chown -R "$app:" "$final_path" #================================================= @@ -144,11 +142,11 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" # Set permissions to app files chown -R "$app:" "$log_path" -chown -R "$app:www-data" "$final_path" +chown -R "$app:www-data" "$public_path" chown -R "$app:" "$final_path" chmod o-rwx "$log_path" -chmod o-rwx "$final_path" +chmod o-rwx "$public_path" chmod o-rwx "$final_path" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 5ef4cc0..de9ec43 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -13,7 +13,7 @@ source /usr/share/yunohost/helpers ynh_script_progression --message="Loading installation settings..." admin=$(ynh_app_setting_get --app="$app" --key=admin) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) +public_path=$(ynh_app_setting_get --app="$app" --key=public_path) final_path=$(ynh_app_setting_get --app="$app" --key=final_path) log_path=$(ynh_app_setting_get --app="$app" --key=log_path) @@ -68,7 +68,7 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config # https://github.com/YunoHost/yunohost/blob/dev/data/helpers.d/nginx -ynh_add_nginx_config "final_path" "port" +ynh_add_nginx_config "public_path" "port" #================================================= # SPECIFIC UPGRADE @@ -178,11 +178,11 @@ yunohost service add $app --description="Web based management to catalog things" # Set permissions to app files chown -R "$app:" "$log_path" -chown -R "$app:www-data" "$final_path" +chown -R "$app:www-data" "$public_path" chown -R "$app:" "$final_path" chmod o-rwx "$log_path" -chmod o-rwx "$final_path" +chmod o-rwx "$public_path" chmod o-rwx "$final_path" #================================================= diff --git a/tests/test_django_project.py b/tests/test_django_project.py index 5aeaadd..91ad6ab 100644 --- a/tests/test_django_project.py +++ b/tests/test_django_project.py @@ -21,9 +21,8 @@ class DjangoYnhTestCase(HtmlAssertionMixin, TestCase): def test_settings(self): assert settings.PATH_URL == 'app_path' - # TODO: Switch to: assert str(settings.FINALPATH).endswith('/local_test/var_www') assert str(settings.FINALPATH).endswith('/local_test/opt_yunohost') - + assert str(settings.PUBLIC_PATH).endswith('/local_test/var_www') assert str(settings.LOG_FILE).endswith('/local_test/var_log_django_example_ynh.log') assert settings.ROOT_URLCONF == 'urls'