YunoHost-Apps/element_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/element_ynh.git synced 2024-09-03 18:36:08 +02:00
Code Issues Activity Actions

Merge pull request #90 from YunoHost-Apps/v2

Browse source 
V2
This commit is contained in:
Éric Gaspar 2023-02-14 11:59:12 +01:00 committed by GitHub
commit c725fb5663
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 116 additions and 370 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.kateproject
View file

@ -1,4 +0,0 @@
{
"name": "Element_ynh"
, "files": [ { "git": 1 } ]
}

23
README.md
View file

@ -6,6 +6,7 @@ It shall NOT be edited by hand.
# Element for YunoHost
[![Integration level](https://dash.yunohost.org/integration/element.svg)](https://dash.yunohost.org/appci/app/element) ![Working status](https://ci-apps.yunohost.org/ci/badges/element.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/element.maintain.svg)
[![Install Element with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=element)
*[Lire ce readme en français.](./README_fr.md)*
@ -25,28 +26,6 @@ Element is a new type of messaging app. You choose where your messages are store
![Screenshot of Element](./doc/screenshots/homepage-all-platforms-1_1.png)
## Disclaimers / important information
## YunoHost specific features
### Multi-users support
This application support the SSO. If you want to use the SSO, you need to define the path to the default homeserver as your homeserver witch is installed on your YunoHost instance.
## Additional informations
### Important Security Note
We do not recommend running Element from the same domain name as your Matrix
homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting)
vulnerabilities that could occur if someone caused Element to load and render
malicious user generated content from a Matrix API which then had trusted
access to Element (or other apps) due to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this
situation, but it's still not good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details.
## Documentation and resources
* Official app website: <https://element.io>

23
README_fr.md
View file

@ -6,6 +6,7 @@ It shall NOT be edited by hand.
# Element pour YunoHost
[![Niveau dintégration](https://dash.yunohost.org/integration/element.svg)](https://dash.yunohost.org/appci/app/element) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/element.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/element.maintain.svg)
[![Installer Element avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=element)
*[Read this readme in english.](./README.md)*
@ -25,28 +26,6 @@ Element est un nouveau type d'application de messagerie. Vous choisissez où vos
![Capture décran de Element](./doc/screenshots/homepage-all-platforms-1_1.png)
## Avertissements / informations importantes
## Fonctionnalités spécifiques à YunoHost
### Prise en charge multi-utilisateurs
Cette application prend en charge le SSO. Si vous souhaitez utiliser le SSO, vous devez définir le chemin d'accès au serveur domestique par défaut car votre serveur domestique est installé sur votre instance YunoHost.
## Informations supplémentaires
### Note de sécurité importante
Nous vous déconseillons d'exécuter Element à partir du même nom de domaine que votre Matrix
serveur domestique (Synapse). La raison en est le risque de XSS (cross-site-scripting)
vulnérabilités qui pourraient survenir si quelqu'un provoquait le chargement et le rendu d'Element
un utilisateur malveillant a généré du contenu à partir d'une API Matrix qui avait alors fait confiance
accès à Element (ou à d'autres applications) en raison du partage du même domaine.
Nous avons mis en place des mesures d'atténuation grossières pour essayer de nous protéger contre ce
situation, mais ce n'est toujours pas une bonne pratique de le faire en premier lieu. Voir
https://github.com/vector-im/riot-web/issues/1977 pour plus de détails.
## Documentations et ressources
* Site officiel de lapp : <https://element.io>

24
check_process
View file

@ -1,24 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
default_home_server="matrix.org"
is_public=1
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=34d457d13e526997fddb8348650674a7db2247be
backup_restore=1
multi_instance=1
change_url=1
;;; Upgrade options
; commit=Sep 13, 2021
name=34d457d13e526997fddb8348650674a7db2247be
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&

10
conf/config.json
View file

@ -1,7 +1,11 @@
{
"default_server_config": {
"m.homeserver": { "base_url": "https://__DEFAULT_HOME_SERVER__" },
"m.identity_server": {"base_url": "https://vector.im"}
"m.homeserver": {
"base_url": "https://__DEFAULT_HOME_SERVER__"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
@ -17,6 +21,6 @@
"https://matrix-client.matrix.org": false
},
"embedded_pages": {
"login_for_welcome": __LOGIN_FOR_WELCOME__
"login_for_welcome": "__LOGIN_FOR_WELCOME__"
}
}

2
conf/nginx.conf
View file

@ -1,7 +1,7 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
alias __FINALPATH__/;
alias __INSTALL_DIR__/;
index index.html;

19
doc/DISCLAIMER.md
View file

@ -1,19 +0,0 @@
## YunoHost specific features
### Multi-users support
This application support the SSO. If you want to use the SSO, you need to define the path to the default homeserver as your homeserver witch is installed on your YunoHost instance.
## Additional informations
### Important Security Note
We do not recommend running Element from the same domain name as your Matrix
homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting)
vulnerabilities that could occur if someone caused Element to load and render
malicious user generated content from a Matrix API which then had trusted
access to Element (or other apps) due to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this
situation, but it's still not good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details.

19
doc/DISCLAIMER_fr.md
View file

@ -1,19 +0,0 @@
## Fonctionnalités spécifiques à YunoHost
### Prise en charge multi-utilisateurs
Cette application prend en charge le SSO. Si vous souhaitez utiliser le SSO, vous devez définir le chemin d'accès au serveur domestique par défaut car votre serveur domestique est installé sur votre instance YunoHost.
## Informations supplémentaires
### Note de sécurité importante
Nous vous déconseillons d'exécuter Element à partir du même nom de domaine que votre Matrix
serveur domestique (Synapse). La raison en est le risque de XSS (cross-site-scripting)
vulnérabilités qui pourraient survenir si quelqu'un provoquait le chargement et le rendu d'Element
un utilisateur malveillant a généré du contenu à partir d'une API Matrix qui avait alors fait confiance
accès à Element (ou à d'autres applications) en raison du partage du même domaine.
Nous avons mis en place des mesures d'atténuation grossières pour essayer de nous protéger contre ce
situation, mais ce n'est toujours pas une bonne pratique de le faire en premier lieu. Voir
https://github.com/vector-im/riot-web/issues/1977 pour plus de détails.

63
manifest.json
View file

@ -1,63 +0,0 @@
{
"name": "Element",
"id": "element",
"packaging_format": 1,
"description": {
"en": "Web client for Matrix",
"fr": "Client web pour Matrix"
},
"version": "1.11.22~ynh1",
"url": "https://element.io",
"upstream": {
"license": "Apache-2.0",
"website": "https://element.io",
"demo": "https://app.element.io/",
"admindoc": "https://element.io/help",
"code": "https://github.com/vector-im/element-web/"
},
"license": "Apache-2.0",
"maintainer": {
"name": "Josué Tille",
"email": "josue@tille.ch"
},
"requirements": {
"yunohost": ">= 11.0.9"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install" : [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/element",
"default": "/element"
},
{
"name": "default_home_server",
"type": "string",
"ask": {
"en": "Choose a default home server",
"fr": "Choisissez un serveur par défault"
},
"example": "my-own-homeserver.tld",
"default": "matrix.org"
},
{
"name": "is_public",
"type": "boolean",
"help": {
"en": "A public application means that anyone can access it. Note that this application provides just files (html, javascript, images, etc.)",
"fr": "Une application publique signifie que n'importe qui peut y accéder. Notez que cette application ne fournit que des fichiers (html, javascript, images, etc.)"
},
"default": false
}
]
}
}

57
manifest.toml Normal file
View file

@ -0,0 +1,57 @@
packaging_format = 2
id = "element"
name = "Element"
description.en = "Web client for Matrix"
description.fr = "Client web pour Matrix"
version = "1.11.22~ynh1"
maintainers = ["Josué Tille"]
[upstream]
license = "Apache-2.0"
website = "https://element.io"
demo = "https://app.element.io/"
admindoc = "https://element.io/help"
code = "https://github.com/vector-im/element-web/"
cpe = "cpe:2.3:a:matrix:element"
[integration]
yunohost = ">= 11.1.6"
architectures = "all"
multi_instance = true
ldap = false
sso = true
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/element"
[install.default_home_server]
ask.en = "Choose a default home server"
ask.fr = "Choisissez un serveur par défault"
type = "string"
example = "my-own-homeserver.tld"
default = "matrix.org"
[install.init_main_permission]
help.en = "A public application means that anyone can access it. Note that this application provides just files (html, javascript, images, etc.)"
help.fr = "Une application publique signifie que n'importe qui peut y accéder. Notez que cette application ne fournit que des fichiers (html, javascript, images, etc.)"
type = "group"
default = "visitors"
[resources]
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"

19
scripts/backup
View file

@ -10,23 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -36,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION

9
scripts/change_url
View file

@ -21,14 +21,6 @@ new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
@ -90,6 +82,7 @@ then
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# RELOAD NGINX
#=================================================

60
scripts/install
View file

@ -9,64 +9,29 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
default_home_server=$YNH_APP_ARG_DEFAULT_HOME_SERVER
app=$YNH_APP_INSTANCE_NAME
login_for_welcome=true
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=default_home_server --value=$default_home_server
ynh_app_setting_set --app=$app --key=login_for_welcome --value=$login_for_welcome
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=4
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$install_dir"
#=================================================
# NGINX CONFIGURATION
@ -81,28 +46,15 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="../conf/config.json" --destination="$final_path/config.json"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json"
#=================================================
# SETUP SSOWAT
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
# Set permissions to app files
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# END OF SCRIPT

28
scripts/remove
View file

@ -9,24 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
@ -35,16 +17,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

46
scripts/restore
View file

@ -10,31 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Stop script if errors
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
@ -44,23 +19,12 @@ ynh_script_progression --message="Restoring the NGINX configuration..." --weight
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
ynh_restore_file --origin_path="$install_dir"
#=================================================
# GENERIC FINALIZATION
@ -71,6 +35,14 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions to app files
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# END OF SCRIPT
#=================================================

59
scripts/upgrade
View file

@ -12,16 +12,10 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
#ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
default_home_server=$(ynh_app_setting_get --app=$app --key=default_home_server)
login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome)
#default_home_server=$(ynh_app_setting_get --app=$app --key=default_home_server)
#login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome)
#=================================================
# CHECK VERSION
@ -29,51 +23,22 @@ login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome)
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If default_home_server doesn't exist, create it
if [ -z "$default_home_server" ]; then
if [ -z "${default_home_server:-}" ]; then
default_home_server="matrix.org"
ynh_app_setting_set --app=$app --key=default_home_server --value=$default_home_server
fi
if [ -z "$login_for_welcome" ]; then
if [ -z "${login_for_welcome:-}" ]; then
login_for_welcome=true
ynh_app_setting_set --app=$app --key=login_for_welcome --value=$login_for_welcome
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -83,7 +48,7 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$install_dir" #--keep="config.json"
fi
#=================================================
@ -91,10 +56,7 @@ fi
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="../conf/config.json" --destination="$final_path/config.json"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json"
#=================================================
# NGINX CONFIGURATION
@ -105,11 +67,12 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
ynh_add_nginx_config
#=================================================
# RELOAD NGINX
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
# Set permissions to app files
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# END OF SCRIPT

21
tests.toml Normal file
View file

@ -0,0 +1,21 @@
test_format = 1.0
[default]
# ------------
# Tests to run
# ------------
exclude ="install.nourl"
# -------------------------------
# Default args to use for install
# -------------------------------
args.default_home_server="matrix.org"
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.d653976.name = "Upgrade from 23.01"