From 67e49bfb1ea60c01bafc08c9d5ed1b63fb1e509d Mon Sep 17 00:00:00 2001 From: Moul Date: Thu, 1 Apr 2021 22:05:49 +0200 Subject: [PATCH] [fix] #89: Use new permission system: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Requires YnH v4.1 which implements this new permission system Use ynh_permission_create helper Set Duniter admin interface accessible to the selected admin BMA is set as accessible to visitors by default Remove / −> /webui redirection, since this change adds a tile to the admin Remove deprecated permission system settings Re-enable the web admin since it is protected again Rename f() name --- README.md | 4 ++-- conf/duniter.service | 2 +- manifest.json | 2 +- scripts/functions.sh | 21 ++++++++++----------- scripts/install | 2 +- scripts/upgrade | 2 +- 6 files changed, 16 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index aa76c13..5b25cf3 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ - [YunoHost project](https://yunohost.org) ## Requirements -- Debian Stretch -- YunoHost ≥ 3.7 +- Debian Buster +- YunoHost ≥ v4.1 - `x64` or `armlv7` architecture - 200Mo free RAM - A dedicated domain name to install the app on root path. For instance, `duniter.domain.tld`. diff --git a/conf/duniter.service b/conf/duniter.service index 5452e11..f40c546 100644 --- a/conf/duniter.service +++ b/conf/duniter.service @@ -3,7 +3,7 @@ Description=Duniter node After=network.target [Service] -Environment="DUNITER_WEB=" +Environment="DUNITER_WEB=web" Group=root User=root Type=forking diff --git a/manifest.json b/manifest.json index 43f957f..bcb879c 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "url": "https://moul.re" }, "requirements": { - "yunohost": ">> 3.7.0" + "yunohost": ">> 4.1.7" }, "multi_instance": false, "services": [ diff --git a/scripts/functions.sh b/scripts/functions.sh index 547cf8c..da27162 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -30,18 +30,17 @@ CONFIGURE_DUNITER () { duniter config --ws2p-host 127.0.0.1 --ws2p-port 20901 --ws2p-remote-host $domain --ws2p-remote-port 443 --ws2p-noupnp } -CONFIG_SSOWAT () { - # Add admin to the allowed users - yunohost app addaccess $app -u $admin +CONFIG_PERMISSIONS () { + # Protect senstive sub-routes to Duniter web admin interface, give access to choosen admin + ynh_permission_delete --permission "admin" + ynh_permission_create --permission "admin" --url "/webui" --additional_urls "/webmin" --allowed "$admin" --label "Administration" --show_tile=true - # Protect senstive sub-routes - ynh_app_setting_set "$app" protected_uris "/webui","/webmin" - - # Duniter is public app, with only some parts restricted in nginx.conf - ynh_app_setting_set "$app" unprotected_uris "/" - - # Set URL redirection from root to webadmin - ynh_app_setting_set "$app" redirected_urls "{'$domain/':'$domain/webui'}" + # Remove deprecated permission system settings to remove their effects + if [ ! -z "$(ynh_app_setting_get --app=$app --key=protected_uris)" ]; then + ynh_app_setting_delete --app=$app --key=protected_uris + ynh_app_setting_delete --app=$app --key=unprotected_uris + ynh_app_setting_delete --app=$app --key=redirected_urls + fi } CONFIG_NGINX () { diff --git a/scripts/install b/scripts/install index 95f0c26..a83b560 100755 --- a/scripts/install +++ b/scripts/install @@ -54,5 +54,5 @@ systemctl start duniter # Add Duniter service to the YunoHost monitoring yunohost service add $app --log /root/.config/$app/"$app"_default/"$app".log -CONFIG_SSOWAT +CONFIG_PERMISSIONS CONFIG_NGINX diff --git a/scripts/upgrade b/scripts/upgrade index ceef533..95890c0 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,5 +22,5 @@ CONFIGURE_DUNITER # Start duniter service systemctl start duniter -CONFIG_SSOWAT +CONFIG_PERMISSIONS CONFIG_NGINX