YunoHost-Apps/dont-code_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dont-code_ynh.git synced 2024-09-03 18:26:34 +02:00
Code Issues Activity Actions

v.0.3.1 & Multitenant & secured mongo access

Browse source
This commit is contained in:
Gérard Collin 2024-04-01 11:42:02 +02:00
parent 7cf8eb2eab
commit ebb2bf66d0
10 changed files with 49 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
conf/.env
View file

@ -1,9 +1,7 @@
quarkus_http_host=127.0.0.1 quarkus_http_host=127.0.0.1
quarkus_mongodb_projects_connection_string=mongodb://__DB_USER__:__DB_PWD__@localhost:27017/?authSource=dontCode__TENANT__Projects
quarkus_mongodb_projects_connection_string=mongodb://localhost:27017 projects_database_name=dontCode__TENANT__Projects
projects_database_name=dontCodeProjects quarkus_mongodb_data_connection_string=mongodb://__DB_USER__:__DB_PWD__@localhost:27017/?authSource=dontCode__TENANT__Data
data_database_name=dontCode__TENANT__Data
quarkus_mongodb_data_connection_string=mongodb://localhost:27017
data_database_name=dontCodeData
document_directory=__DOCUMENT_DIR__ document_directory=__DOCUMENT_DIR__
document_external_url=__DOCUMENT_URL__ document_external_url=__DOCUMENT_URL__

7
conf/nginx.conf
View file

@ -50,11 +50,4 @@ location __PATH__/ {
client_max_body_size 15M; client_max_body_size 15M;
} }
location __PATH__/demo_project {
proxy_pass http://localhost:__PORT_PROJECT__/project;
proxy_set_header Host $host;
proxy_set_header DbName "dontCodeDemoProjects";
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
} }

14
manifest.toml
View file

@ -7,7 +7,7 @@ name = "Dont-code Services"
description.en = "Install services and databases needed to support Dont-code platform" description.en = "Install services and databases needed to support Dont-code platform"
description.fr = "Installe les services et base de données nécessaires pour utiliser la plateforme Dont-code" description.fr = "Installe les services et base de données nécessaires pour utiliser la plateforme Dont-code"
version = "0.2.10~ynh6" version = "0.3.1~ynh1"
maintainers = ["Dont-code Team"] maintainers = ["Dont-code Team"]
@ -22,7 +22,7 @@ code = "https://github.com/dont-code"
[integration] [integration]
yunohost = ">= 11.0.0" yunohost = ">= 11.0.0"
architectures = "all" architectures = "all"
multi_instance = false multi_instance = true
ldap = false ldap = false
sso = false sso = false
disk = "50M" disk = "50M"
@ -39,6 +39,12 @@ ram.runtime = "400M"
type = "path" type = "path"
default = "/dont-code" default = "/dont-code"
[install.tenant]
ask.en = "The name of the tenant these services will support. This configures database name to use. Can be empty if non necessary."
ask.fr = "Le nom du tenant associé a ces services. Permet de configurer une base de donnée séparée. Peut-être vide si non nécessaire."
type = "string"
optional = true
[install.public_key] [install.public_key]
ask.en = "SSH Public key to allow service updates as part of delivery process, leave empty to disable." ask.en = "SSH Public key to allow service updates as part of delivery process, leave empty to disable."
ask.fr = "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné." ask.fr = "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
@ -51,8 +57,8 @@ ram.runtime = "400M"
[resources] [resources]
[resources.sources.main] [resources.sources.main]
url = "https://github.com/dont-code/release/releases/download/v0.2.10/dont-code-release-runners.zip" url = "https://github.com/dont-code/release/releases/download/v0.3.1/dont-code-release-runners.zip"
sha256 = "f20bfa0423d48015a3507b0555d30d57fa594657a4bca55ad869fca8fbad125d" sha256 = "b69361f5383c904e30d551efd7a64cc155459af6a25e32fd5ca41633bcfb3658"
in_subdir = false in_subdir = false
autoupdate.strategy = "latest_github_release" autoupdate.strategy = "latest_github_release"
autoupdate.asset = "dont-code-release-runners.zip" autoupdate.asset = "dont-code-release-runners.zip"

2
scripts/_common.sh
View file

@ -10,7 +10,7 @@ mongo_version=6.0
SERVICES_LIST=(ide preview project data) SERVICES_LIST=(ide preview project data)
# List of Mongo databases to manage # List of Mongo databases to manage
MONGO_DB_LIST=(dontCodeProjects dontCodeDemoProjects dontCodeData dontCodeTestProjects) MONGO_DB_LIST=(Projects Data)
# The list of port in the same order than the list of services # The list of port in the same order than the list of services
PORT_LIST=("$port_ide" "$port_preview" "$port_project" "$port_data") PORT_LIST=("$port_ide" "$port_preview" "$port_project" "$port_data")

4
scripts/backup
View file

@ -63,11 +63,11 @@ fi
ynh_print_info --message="Backing up the Mongo databases..." ynh_print_info --message="Backing up the Mongo databases..."
for db_name in "${MONGO_DB_LIST[@]}"; do for db_name in "${MONGO_DB_LIST[@]}"; do
ynh_mongo_dump_db --database=$db_name > ./dump-${db_name}.bson ynh_mongo_dump_db --database="dontCode$tenant$db_name" > ./dump-${tenant}${db_name}.bson
done done
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." ynh_print_info --message="Backup script completed for $app with tenant $tenant. (YunoHost will then actually copy those files to the archive)."

8
scripts/install
View file

@ -85,9 +85,11 @@ ynh_script_progression --message="Creating the Mongo databases..." --weight=1
db_user=$(ynh_sanitize_dbid --db_name="${app}") db_user=$(ynh_sanitize_dbid --db_name="${app}")
ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" ynh_app_setting_set --app="$app" --key=db_user --value="$db_user"
# We should probably enable databases to the user, but for now, we connect through admin # Let's create all databases needed, and assign them to the user
# No need to create other databases: Mongo creates them on the fly
ynh_mongo_setup_db --db_user="$db_user" --db_name="${MONGO_DB_LIST[0]}" for db_name in "${MONGO_DB_LIST[@]}"; do
ynh_mongo_setup_db --db_user="$db_user" --db_pwd="$db_pwd" --db_name="dontCode$tenant${db_name}"
done
#================================================= #=================================================
# SYSTEM CONFIGURATION # SYSTEM CONFIGURATION

2
scripts/remove
View file

@ -36,7 +36,7 @@ ynh_remove_logrotate
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
for db_name in "${MONGO_DB_LIST[@]}"; do for db_name in "${MONGO_DB_LIST[@]}"; do
ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name ynh_mongo_remove_db --db_user=$db_user --db_name="dontCode$tenant$db_name"
done done
# Remove mongo itself if not used anymore # Remove mongo itself if not used anymore

5
scripts/restore
View file

@ -64,10 +64,9 @@ ynh_install_mongo --mongo_version=$mongo_version
#================================================= #=================================================
ynh_script_progression --message="Restoring the Mongo databases..." --weight=1 ynh_script_progression --message="Restoring the Mongo databases..." --weight=1
ynh_mongo_setup_db --db_user=$db_user --db_name=${MONGO_DB_LIST[0]} --db_pwd=$db_pwd
for db_name in "${MONGO_DB_LIST[@]}"; do for db_name in "${MONGO_DB_LIST[@]}"; do
ynh_mongo_restore_db --database="$db_name" < "./dump-${db_name}.bson" ynh_mongo_setup_db --db_user="$db_user" --db_pwd="$db_pwd" --db_name="dontCode$tenant${db_name}"
ynh_mongo_restore_db --database="dontCode$tenant$db_name" < "./dump-${tenant}${db_name}.bson"
done done
#================================================= #=================================================

31
scripts/upgrade
View file

@ -34,6 +34,13 @@ if [ -z "${public_key+x}" ]; then
ynh_app_setting_set --app="$app" --key=public_key --value="$public_key" ynh_app_setting_set --app="$app" --key=public_key --value="$public_key"
fi fi
# Set default tenant to empty if needed
if [ -z "${tenant+x}" ]; then
tenant=""
ynh_app_setting_set --app="$app" --key=tenant --value="$tenant"
fi
if [[ -n "${document_path:-}" ]]; then if [[ -n "${document_path:-}" ]]; then
# Renamed setting key # Renamed setting key
document_dir="$document_path" document_dir="$document_path"
@ -66,7 +73,7 @@ if [[ -n "${html_path:-}" ]]; then
fi fi
# Regenerate the .env file if the document_url was incorrectly set before # Recalculate the document_url if it was incorrectly set before
correct_document_url=$(append_uri "https://${domain}${path}" "docs") correct_document_url=$(append_uri "https://${domain}${path}" "docs")
if [ "$correct_document_url" != "$document_url" ]; then if [ "$correct_document_url" != "$document_url" ]; then
ynh_script_progression --message="Updading url for documents" --weight=1 ynh_script_progression --message="Updading url for documents" --weight=1
@ -74,13 +81,6 @@ if [ "$correct_document_url" != "$document_url" ]; then
document_url=$correct_document_url document_url=$correct_document_url
ynh_app_setting_set --app=$app --key=document_url --value=$document_url ynh_app_setting_set --app=$app --key=document_url --value=$document_url
ynh_add_config --template=".env" --destination="$install_dir/.env"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$install_dir/.env"
chown $app:$app "$install_dir/.env"
fi fi
#================================================= #=================================================
@ -92,6 +92,16 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]; then
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep ".env .ssh/authorized_keys restart_services.sh" ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep ".env .ssh/authorized_keys restart_services.sh"
# Always update .env
ynh_add_config --template=".env" --destination="$install_dir/.env"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$install_dir/.env"
chown $app:$app "$install_dir/.env"
fi fi
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
@ -124,6 +134,11 @@ ynh_script_progression --message="Upgrading MongoDB..." --weight=1
# Install the required version of Mongo # Install the required version of Mongo
ynh_install_mongo --mongo_version=$mongo_version ynh_install_mongo --mongo_version=$mongo_version
# We are now assigning the user to the database, so update the user's rights
for db_name in "${MONGO_DB_LIST[@]}"; do
ynh_mongo_setup_db --db_user="$db_user" --db_pwd="$db_pwd" --db_name="dontCode$tenant${db_name}"
done
#================================================= #=================================================
# REAPPLY SYSTEM CONFIGURATIONS # REAPPLY SYSTEM CONFIGURATIONS
#================================================= #=================================================

1
tests.toml
View file

@ -11,4 +11,5 @@ test_format = 1.0
test_upgrade_from.7852cc4bf44ff20ee51fe35f3f53dc105e0f6d79.name= "2023-01-07 - Added Ssh support for dev." test_upgrade_from.7852cc4bf44ff20ee51fe35f3f53dc105e0f6d79.name= "2023-01-07 - Added Ssh support for dev."
test_upgrade_from.e89eebdac9f59202202d07972e274ebe6fc7c51c.name= "Before Manifest v2." test_upgrade_from.e89eebdac9f59202202d07972e274ebe6fc7c51c.name= "Before Manifest v2."
test_upgrade_from.13b9ba1eb3ccad38329ee2c7dadad00c18fe5e83.name= "Switching to multi_instance."