diff --git a/conf/settings.json b/conf/settings.json index 6c65f50..3535871 100644 --- a/conf/settings.json +++ b/conf/settings.json @@ -55,7 +55,7 @@ * * "password": "${PASSW}" // if PASSW is not defined would result in password === null * "password": "${PASSW:}" // if PASSW is not defined would result in password === '' - + * * If you want to use an empty value (null) as default value for a variable, * simply do not set it, without putting any colons: "${ABIWORD}". * @@ -114,7 +114,7 @@ * a max-width of 900px). */ "skinVariants": "super-light-toolbar super-light-editor light-background", - + /* * IP and port which Etherpad should bind at. * @@ -269,12 +269,6 @@ */ "editOnly": false, - /* - * If set to true, those users who have a valid session will automatically be - * granted access to password protected pads. - */ - "sessionNoPassword": false, - /* * If true, all css & js will be minified before sending to the client. * @@ -345,6 +339,24 @@ */ "trustProxy": false, + /* + * Settings controlling the session cookie issued by Etherpad. + */ + "cookie": { + /* + * Value of the SameSite cookie property. "Lax" is recommended unless + * Etherpad will be embedded in an iframe from another site, in which case + * this must be set to "None". Note: "None" will not work (the browser will + * not send the cookie to Etherpad) unless https is used to access Etherpad + * (either directly or via a reverse proxy with "trustProxy" set to true). + * + * "Strict" is not recommended because it has few security benefits but + * significant usability drawbacks vs. "Lax". See + * https://stackoverflow.com/q/41841880 for discussion. + */ + "sameSite": "Lax" + }, + /* * Privacy: disable IP logging */ @@ -404,6 +416,17 @@ */ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "socketIo": { + /* + * Maximum permitted client message size (in bytes). All messages from + * clients that are larger than this will be rejected. Large values make it + * possible to paste large amounts of text, and plugins may require a larger + * value to work properly, but increasing the value increases susceptibility + * to denial of service attacks (malicious clients can exhaust memory). + */ + "maxHttpBufferSize": 10000 + }, + /* * Allow Load Testing tools to hit the Etherpad Instance. * @@ -421,7 +444,7 @@ */ /* - * From Etherpad 1.8.3 onwards, import and export of pads is always rate + * From Etherpad 1.8.3 onwards, import and export of pads is always rate * limited. * * The default is to allow at most 10 requests per IP in a 90 seconds window. @@ -445,21 +468,8 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 - /* - * From Etherpad 1.8.3 onwards import was restricted to authors who had - * content within the pad. - * - * This setting will override that restriction and allow any user to import - * without the requirement to add content to a pad. - * - * This setting is useful for when you use a plugin for authentication so you - * can already trust each user. - */ - "allowAnyoneToImport": false, - - /* - * From Etherpad 1.9.0 onwards, when Etherpad is in production mode commits from individual users are rate limited + * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * * The default is to allow at most 10 changes per IP in a 1 second window. * After that the change is rejected. @@ -470,7 +480,7 @@ // duration of the rate limit window (seconds) "duration": 1, - // maximum number of chanes per IP to allow during the rate limit window + // maximum number of changes per IP to allow during the rate limit window "points": 10 }, @@ -522,7 +532,7 @@ "logconfig" : { "appenders": [ { "type": "console" - , // "category": "access" // only logs pad access + //, "category": "access"// only logs pad access } /* @@ -566,5 +576,8 @@ }, // logconfig /* Override any strings found in locale directories */ - "customLocaleStrings": {} + "customLocaleStrings": {}, + + /* Disable Admin UI tests */ + "enableAdminUITests": false } diff --git a/conf/systemd.service b/conf/systemd.service index 5d2a89b..a0876d3 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,4 +13,4 @@ ExecStart=__FINALPATH__/node_modules/ep_etherpad-lite/node/server.js Restart=always [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/scripts/config b/scripts/config index 98ab80c..23640bd 100644 --- a/scripts/config +++ b/scripts/config @@ -92,7 +92,7 @@ if [ "$pad_config_skinname" = "no-skin" ]; then pad_config_skinname=noskin fi -# Mypads +# MyPads if [ -d $final_path/node_modules/ep_mypads ] then # Enable @@ -103,7 +103,7 @@ else fi mypads="${YNH_CONFIG_MAIN_MYPADS_CONFIGURATION_MYPADS:-$old_mypads}" -# Ldap for Mypads +# LDAP for MyPads if grep -q "//noldap" $config_file then # Disable @@ -126,7 +126,7 @@ overwrite_settings="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_SETTINGS:-$old_o old_overwrite_credentials="$(ynh_app_setting_get --app=$app --key=overwrite_credentials)" overwrite_credentials="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_CREDENTIALS:-$old_overwrite_credentials}" -# Overwrite nginx configuration +# Overwrite NGINX configuration old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" @@ -259,7 +259,7 @@ apply_config() { then if [ "$export" = "abiword" ] then - # if abiword isn't installed, call the action add_remove_abiword. + # if Abiword isn't installed, call the action add_remove_abiword. if ! which abiword > /dev/null then yunohost app action run $app add_remove_abiword @@ -268,7 +268,7 @@ apply_config() { ynh_replace_string --match_string="\(\"soffice\" *: \).*," --replace_string="\1null," --target_file="$config_file" elif [ "$export" = "libreoffice" ] then - # if libreoffice isn't installed, call the action add_remove_libreoffice. + # if LibreOffice isn't installed, call the action add_remove_libreoffice. if ! which soffice > /dev/null then yunohost app action run $app add_remove_libreoffice @@ -285,7 +285,7 @@ apply_config() { restart_etherpad=1 fi - # Mypads + # MyPads if [ "$mypads" != "$old_mypads" ] then ynh_use_nodejs @@ -304,7 +304,7 @@ apply_config() { restart_etherpad=1 fi - # Ldap for Mypads + # LDAP for MyPads if [ "$useldap" != "$old_useldap" ] then if [ "$useldap" = "1" ] @@ -322,7 +322,7 @@ apply_config() { if [ $restart_etherpad -eq 1 ] then - # Wait for etherpad to be fully started + # Wait for Etherpad to be fully started ynh_systemd_action --action=restart --line_match="You can access your Etherpad instance at" --log_path="/var/log/$app/etherpad.log" --timeout="120" fi diff --git a/scripts/install b/scripts/install index 7475424..9849b5f 100644 --- a/scripts/install +++ b/scripts/install @@ -147,7 +147,7 @@ ynh_script_progression --message="Configuring log rotation..." # Create log directory mkdir -p /var/log/$app -touch /var/log/$app/etherpad.log +touch /var/log/$app/$app.log install_log=/var/log/$app/installation.log touch $install_log chown $app -R /var/log/$app @@ -174,7 +174,6 @@ ynh_script_progression --message="Configuring Etherpad..." --weight=6 cp ../conf/settings.json "$final_path/settings.json" cp ../conf/credentials.json "$final_path/credentials.json" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/settings.json" ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_name" --target_file="$final_path/credentials.json" ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/credentials.json" ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/credentials.json" @@ -193,8 +192,9 @@ then ynh_replace_string --match_string="\"soffice\" : null" --replace_string="\"soffice\" : \"$soffice_path\"" --target_file="$final_path/settings.json" fi ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/settings.json" +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/settings.json" -# Use ldap for mypads +# Use LDAP for MyPads if [ $mypads -eq 1 ] && [ $useldap -eq 1 ] then ynh_replace_string --match_string="//noldap\(.*\)" --replace_string="\1 //useldap" --target_file="$final_path/settings.json" @@ -225,7 +225,7 @@ ynh_add_systemd_config --others_var="ynh_node_load_PATH" # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app --log="/var/log/$app/etherpad.log" +yunohost service add $app --description="Collaborative editor" --log="/var/log/$app/etherpad.log" #================================================= # INSTALL FRAMAPAD'S PLUGINS @@ -233,39 +233,40 @@ yunohost service add $app --log="/var/log/$app/etherpad.log" ynh_script_progression --message="Installing Etherpad plugins..." --weight=90 pushd "$final_path" -# Add Left/Center/Right/Justify to lines of text in a pad -npm install ep_align@${ep_align_version} >> $install_log 2>&1 -# Framapad - Adds author names to span titles -npm install ep_author_hover@${ep_author_hover_version} >> $install_log 2>&1 -# Automatically disconnects user after some period of time (Prevent server overload) -npm install ep_automatic_logut@${ep_automatic_logut_version} >> $install_log 2>&1 -# Framapad - Adds comments on sidebar and link it to the text. -npm install ep_comments_page@${ep_comments_page_version} >> $install_log 2>&1 -# Framapad - Displays paragraphs, sentences, words and characters counts. -npm install ep_countable@${ep_countable_version} >> $install_log 2>&1 -# Framapad - Delete pads which were never edited -npm install ep_delete_empty_pads@${ep_delete_empty_pads_version} >> $install_log 2>&1 -# Framapad - Apply colors to fonts -npm install ep_font_color@${ep_font_color_version} >> $install_log 2>&1 -# Framapad - User Pad Contents font size can be set in settings, this does not effect other peoples views -npm install ep_font_size@${ep_font_size_version} >> $install_log 2>&1 -# Framapad - Adds heading support to Etherpad Lite. -npm install ep_headings2@${ep_headings2_version} >> $install_log 2>&1 -# Framapad - Edit and Export as Markdown in Etherpad -npm install ep_markdown@${ep_markdown_version} >> $install_log 2>&1 -if [ $mypads -eq 1 ]; then - # Framapad - Groups and private pads for etherpad - npm install ep_mypads@${mypads_version} >> $install_log 2>&1 -fi -# Framapad - Add support to do 'page view', with a toggle on/off option in Settings, also Page Breaks with Control Enter -npm install ep_page_view@${ep_page_view_version} >> $install_log 2>&1 -# Framapad - Add support to do 'Spell checking' -npm install ep_spellcheck@${ep_spellcheck_version} >> $install_log 2>&1 -# Framapad - Add support for Subscript and Superscript -npm install ep_subscript_and_superscript@${ep_subscript_and_superscript_version} >> $install_log 2>&1 -# Framapad - View a table of contents for your pad -npm install ep_table_of_contents@${ep_table_of_contents_version} >> $install_log 2>&1 + # Add Left/Center/Right/Justify to lines of text in a pad + npm install ep_align@${ep_align_version} >> $install_log 2>&1 + # Framapad - Adds author names to span titles + npm install ep_author_hover@${ep_author_hover_version} >> $install_log 2>&1 + # Automatically disconnects user after some period of time (Prevent server overload) + npm install ep_automatic_logut@${ep_automatic_logut_version} >> $install_log 2>&1 + # Framapad - Adds comments on sidebar and link it to the text. + npm install ep_comments_page@${ep_comments_page_version} >> $install_log 2>&1 + # Framapad - Displays paragraphs, sentences, words and characters counts. + npm install ep_countable@${ep_countable_version} >> $install_log 2>&1 + # Framapad - Delete pads which were never edited + npm install ep_delete_empty_pads@${ep_delete_empty_pads_version} >> $install_log 2>&1 + # Framapad - Apply colors to fonts + npm install ep_font_color@${ep_font_color_version} >> $install_log 2>&1 + # Framapad - User Pad Contents font size can be set in settings, this does not effect other peoples views + npm install ep_font_size@${ep_font_size_version} >> $install_log 2>&1 + # Framapad - Adds heading support to Etherpad Lite. + npm install ep_headings2@${ep_headings2_version} >> $install_log 2>&1 + # Framapad - Edit and Export as Markdown in Etherpad + npm install ep_markdown@${ep_markdown_version} >> $install_log 2>&1 + if [ $mypads -eq 1 ]; then + # Framapad - Groups and private pads for Etherpad + npm install ep_mypads@${mypads_version} >> $install_log 2>&1 + fi + # Framapad - Add support to do 'page view', with a toggle on/off option in Settings, also Page Breaks with Control Enter + npm install ep_page_view@${ep_page_view_version} >> $install_log 2>&1 + # Framapad - Add support to do 'Spell checking' + npm install ep_spellcheck@${ep_spellcheck_version} >> $install_log 2>&1 + # Framapad - Add support for Subscript and Superscript + npm install ep_subscript_and_superscript@${ep_subscript_and_superscript_version} >> $install_log 2>&1 + # Framapad - View a table of contents for your pad + npm install ep_table_of_contents@${ep_table_of_contents_version} >> $install_log 2>&1 popd + chown -R $app: $final_path/node_modules #================================================= @@ -322,6 +323,7 @@ ynh_script_progression --message="Restarting Etherpad..." --weight=20 # Wait for Etherpad to be fully started ynh_systemd_action --action=restart --line_match="You can access your Etherpad instance at" --log_path="/var/log/$app/etherpad.log" #--timeout="120" sleep 120 + if [ $mypads -eq 1 ] then ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="../conf/lang_mypads.sql" diff --git a/scripts/remove b/scripts/remove index 5507df8..af7535d 100755 --- a/scripts/remove +++ b/scripts/remove @@ -30,7 +30,7 @@ export=$(ynh_app_setting_get --app=$app --key=export) # Remove a service from the admin panel, added by `yunohost service add` if ynh_exec_fully_quiet yunohost service status $app then - ynh_script_progression --message="Removing $app service..." + ynh_script_progression --message="Removing Etherpad service..." yunohost service remove $app fi @@ -97,7 +97,7 @@ ynh_remove_logrotate #================================================= ynh_script_progression --message="Removing Fail2ban configuration..." --weight=7 -# Remove the dedicated fail2ban config +# Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config #================================================= diff --git a/scripts/restore b/scripts/restore index 8c75195..83bb8aa 100644 --- a/scripts/restore +++ b/scripts/restore @@ -95,7 +95,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= mkdir -p /var/log/$app -touch /var/log/$app/etherpad.log +touch /var/log/$app/$app.log install_log=/var/log/$app/installation.log touch $install_log chown $app -R /var/log/$app @@ -141,7 +141,7 @@ chown -R $app: $final_path # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app --log="/var/log/$app/etherpad.log" +yunohost service add $app --description="Collaborative editor" --log="/var/log/$app/etherpad.log" #================================================= # RESTORE SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index d407b45..acdfec4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -344,7 +344,7 @@ chown $app -R /var/log/$app/etherpad.log # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app --log="/var/log/$app/etherpad.log" +yunohost service add $app --description="Collaborative editor" --log="/var/log/$app/etherpad.log" #================================================= # UPGRADE FAIL2BAN