Set mqtt permission

doc/PRE_INSTALL.md

@@ -1,4 +1,6 @@
 ## Mosquitto Broker
 
-During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. It's an optional setting: during install if you set the same domain as your main app domain, it won't be installed.
+During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. 
 This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite.
+It's an optional setting: during install if you set, for the MQTT domain, the same domain as your main app domain or enter an empty domain, the broker won't be installed.
+

doc/PRE_INSTALL_fr.md

@@ -1,4 +1,6 @@
 ## Broker MQTT Mosquitto
 
-À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé.
+À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz.
 Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
+Il est optionnel et si vous indiquez lors de l'installation un domaine vide ou le même domaine que le domaine principal pour le domaine MQTT, le broker ne sera pas installé.
+

manifest.toml

@@ -43,11 +43,15 @@ ram.runtime = "50M"
     type = "group"
     default = "all_users"
 
+#    [install.init_mqtt_domain_permission]
+#    type="group"
+#    default="visitor"
+	
     [install.mqtt_domain]
     ask.fr = "Domaine MQTT"
     ask.en = "MQTT domain"
-    help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations"
-    help.en = "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info"
+    help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal ou à vide si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations"
+    help.en = "MQTT server domain. Set blank or the main domain if you don't wish to use it. See the doc for more info"
     type = "domain"
     optional = true
 
@@ -75,12 +79,17 @@ ram.runtime = "50M"
 
         [resources.permissions]
         main.url = "/"
-        main.auth_header=false
+        main.auth_header = false
 
-        api.url = "/_api/__APP_"
+        api.url = "__DOMAIN__/api_/__APP__"
         api.show_tile = false
         api.allowed = "visitors"
 
+        #Permission will be removed by the install script if not needed
+        mqtt.url = "__MQTT_DOMAIN__/"
+        mqtt.show_tile = false
+        mqtt.allowed = "visitors"
+
         [resources.ports]
         main.default = 8080
         #to be checked if it can become conditionnal

scripts/install

@@ -160,8 +160,6 @@ fi
 
 # Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
-#Not required in 2023.1 anymore
-#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
 
 #=================================================
 # SETUP SSOWAT
@@ -169,10 +167,8 @@ ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed logi
 ynh_script_progression --message="Configuring permissions..."
 
 
-#API & MQTT should stay publicly accessible.  
-#ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
-[[ "$domain" != "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
-
+#If no MQTT have been set, we delete the mqtt permission.
+[[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt"
 
 #=================================================
 # END OF SCRIPT

scripts/remove

@@ -23,8 +23,6 @@ if [ "$domain" != "$mqtt_domain" ]; then
 	ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
 	yunohost tools regen-conf postfix
 	ynh_secure_remove --file="/var/log/mosquitto"
-
-
 fi
 
 ynh_script_progression --message="Removing system configurations related to $app..." --weight=1

scripts/upgrade

@@ -61,15 +61,6 @@ if [[ -z "${mqtt_domain+x}" ]]; then
 	ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain"
 fi
 
-# Create the permission "domoticz_MQTT" only if it doesn't exist.
-if [ "$domain" != "$mqtt_domain"  ]; then
-	if ! ynh_permission_exists --permission="domoticz_MQTT"
-	then
-		# API Authorization with dedicated URL
-		ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
-	fi
-fi
-
 #remove unwanted log folder
 if [ -d "/var/log/$app/$app" ]; then
 	ynh_secure_remove "/var/log/$app/$app"
@@ -131,6 +122,9 @@ if [ "$domain" != "$mqtt_domain"  ]; then
 
 		ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
 	fi
+else
+	#If no MQTT have been set, we delete the mqtt permission.
+	[[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt"
 fi
 
 #=================================================
@@ -190,8 +184,6 @@ fi
 
 # Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
-#not required in 2023.1 anymore
-#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST