diff --git a/README.md b/README.md index b66fc23..584e58b 100644 --- a/README.md +++ b/README.md @@ -22,20 +22,20 @@ Be aware, Redis database backup and restore is not fully implemented. If you want to install Etherpad with plugins and mysql database: https://github.com/YunoHost-Apps/etherpad_mypads_ynh", -**Shipped version:** 1.9.3~ynh1 +**Shipped version:** 1.9.6~ynh1 **Demo:** https://video.etherpad.com/ ## Screenshots -![Screenshot of Etherpad](./doc/screenshots/etherpad.gif) +![Screenshot of Etherpad](./doc/screenshots/screenshot.png) ## Documentation and resources * Official app website: * Official admin documentation: * Upstream app code repository: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index 66e4db6..2bcacd8 100644 --- a/README_fr.md +++ b/README_fr.md @@ -22,20 +22,20 @@ Attention, la sauvegarde et la restauration de la base de données Redis ne sont Si vous souhaitez installer Etherpad avec les plugins et la base de données mysql : https://github.com/YunoHost-Apps/etherpad_mypads_ynh", -**Version incluse :** 1.9.3~ynh1 +**Version incluse :** 1.9.6~ynh1 **Démo :** https://video.etherpad.com/ ## Captures d’écran -![Capture d’écran de Etherpad](./doc/screenshots/etherpad.gif) +![Capture d’écran de Etherpad](./doc/screenshots/screenshot.png) ## Documentations et ressources * Site officiel de l’app : * Documentation officielle de l’admin : * Dépôt de code officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs diff --git a/conf/credentials.json b/conf/credentials.json index 11f1dba..bd8a3ea 100644 --- a/conf/credentials.json +++ b/conf/credentials.json @@ -41,6 +41,8 @@ "users": { "__ADMIN__": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created "password": "__PASSWORD__", "is_admin": true } diff --git a/conf/nginx.conf b/conf/nginx.conf index 7c00030..8ae2f3e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,21 +1,24 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - proxy_pass http://127.0.0.1:__PORT__/; - proxy_set_header Host $host; - proxy_pass_header Server; + proxy_pass http://127.0.0.1:__PORT__/; + proxy_set_header Host $host; + proxy_pass_header Server; - proxy_buffering off; - more_set_headers "X-Frame-Options : ALLOWALL"; - proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule - proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP - proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used - proxy_set_header Host $host; # pass the host header - proxy_http_version 1.1; # recommended with keepalive connections + proxy_buffering off; + more_set_headers "X-Frame-Options : ALLOWALL"; + proxy_set_header X-Real-IP $remote_addr; # http://wiki.nginx.org/HttpProxyModule + proxy_set_header X-Forwarded-For $remote_addr; # EP logs to show the actual remote IP + proxy_set_header X-Forwarded-Proto $scheme; # for EP to set secure cookie flag when https is used + proxy_set_header Host $host; # pass the host header + proxy_http_version 1.1; # recommended with keepalive connections - # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; + # WebSocket proxying - from http://nginx.org/en/docs/http/websocket.html + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } location ~* __PATH__/p/[^/]*(_|%|\*)[^/]*/export/etherpad { diff --git a/conf/settings.json b/conf/settings.json index c82ad66..7941a35 100644 --- a/conf/settings.json +++ b/conf/settings.json @@ -204,8 +204,8 @@ "showChat": true, "showLineNumbers": true, "useMonospaceFont": false, - "userName": false, - "userColor": false, + "userName": null, + "userColor": null, "rtl": false, "alwaysShowChat": false, "chatAndUsers": false, @@ -333,6 +333,22 @@ * Settings controlling the session cookie issued by Etherpad. */ "cookie": { + /* + * How often (in milliseconds) the key used to sign the express_sid cookie + * should be rotated. Long rotation intervals reduce signature verification + * overhead (because there are fewer historical keys to check) and database + * load (fewer historical keys to store, and less frequent queries to + * get/update the keys). Short rotation intervals are slightly more secure. + * + * Multiple Etherpad processes sharing the same database (table) is + * supported as long as the clock sync error is significantly less than this + * value. + * + * Key rotation can be disabled (not recommended) by setting this to 0 or + * null, or by disabling session expiration (see sessionLifetime). + */ + "keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s + /* * Value of the SameSite cookie property. "Lax" is recommended unless * Etherpad will be embedded in an iframe from another site, in which case @@ -344,7 +360,51 @@ * significant usability drawbacks vs. "Lax". See * https://stackoverflow.com/q/41841880 for discussion. */ - "sameSite": "Lax" + "sameSite": "Lax", + + /* + * How long (in milliseconds) after navigating away from Etherpad before the + * user is required to log in again. (The express_sid cookie is set to + * expire at time now + sessionLifetime when first created, and its + * expiration time is periodically refreshed to a new now + sessionLifetime + * value.) If requireAuthentication is false then this value does not really + * matter. + * + * The "best" value depends on your users' usage patterns and the amount of + * convenience you desire. A long lifetime is more convenient (users won't + * have to log back in as often) but has some drawbacks: + * - It increases the amount of state kept in the database. + * - It might weaken security somewhat: The cookie expiration is refreshed + * indefinitely without consulting authentication or authorization + * hooks, so once a user has accessed a pad, the user can continue to + * use the pad until the user leaves for longer than sessionLifetime. + * - More historical keys (sessionLifetime / keyRotationInterval) must be + * checked when verifying signatures. + * + * Session lifetime can be set to infinity (not recommended) by setting this + * to null or 0. Note that if the session does not expire, most browsers + * will delete the cookie when the browser exits, but a session record is + * kept in the database forever. + */ + "sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s + + /* + * How long (in milliseconds) before the expiration time of an active user's + * session is refreshed (to now + sessionLifetime). This setting affects the + * following: + * - How often a new session expiration time will be written to the + * database. + * - How often each user's browser will ping the Etherpad server to + * refresh the expiration time of the session cookie. + * + * High values reduce the load on the database and the load from browsers, + * but can shorten the effective session lifetime if Etherpad is restarted + * or the user navigates away. + * + * Automatic session refreshes can be disabled (not recommended) by setting + * this to null. + */ + "sessionRefreshInterval": 86400000 // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s }, /* @@ -519,7 +579,6 @@ "points": 10 }, - /* * Toolbar buttons configuration. * @@ -563,5 +622,10 @@ "customLocaleStrings": {}, /* Disable Admin UI tests */ - "enableAdminUITests": false + "enableAdminUITests": false, + + /* + * Enable/Disable case-insensitive pad names. + */ + "lowerCasePadIds": false } diff --git a/conf/systemd.service b/conf/systemd.service index 8c75ab4..e419287 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,12 +1,13 @@ [Unit] -Description=Etherpad-lite: Collaborative editor -After=syslog.target network.target postgresql.service +Description=Etherpad-lite: collaborative editor +After=syslog.target network.target [Service] Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__INSTALL_DIR__ +WorkingDirectory=__INSTALL_DIR__/ +Environment=ETHERPAD_PRODUCTION=true Environment="NODE_ENV=production" Environment="__YNH_NODE_LOAD_PATH__" ExecStart=__INSTALL_DIR__/src/bin/run.sh diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 4dfb47b..02204a0 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -1,3 +1,3 @@ You can access Etherpad's admin panel at `__DOMAIN____PATH__/admin`. The configuration file for Etherpad is at the path `__INSTALL_DIR__/settings.json`. -*Skin Builder* (accessible at this address `domain.tld/pad/p/test#skinvariantsbuilder`) allows you to customize the skin of your pad. It will give you a parameter to copy into your configuration file `__INSTALL_DIR__/settings.json`. +*Skin Builder* (accessible at this address `__DOMAIN____PATH__/pad/p/test#skinvariantsbuilder`) allows you to customize the skin of your pad. It will give you a parameter to copy into your configuration file `__INSTALL_DIR__/settings.json`. diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..01d67e0 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1 @@ +Please note, this package is only intended to test Etherpad with redis database. It should not be used for production. \ No newline at end of file diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..ceddbb3 --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1 @@ +Attention, ce package est uniquement destiné à tester Etherpad avec la base de données Redis. Il ne doit pas être utilisé en production. \ No newline at end of file diff --git a/doc/screenshots/etherpad.gif b/doc/screenshots/etherpad.gif deleted file mode 100644 index 2fa8464..0000000 Binary files a/doc/screenshots/etherpad.gif and /dev/null differ diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png new file mode 100644 index 0000000..6a9eace Binary files /dev/null and b/doc/screenshots/screenshot.png differ diff --git a/manifest.toml b/manifest.toml index 653c7ef..5d1aadc 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Etherpad" description.en = "Online editor providing collaborative editing in real-time" description.fr = "Éditeur en ligne fournissant l'édition collaborative en temps réel" -version = "1.9.3~ynh1" +version = "1.9.6~ynh1" maintainers = ["eric_G"] @@ -20,9 +20,12 @@ code = "https://github.com/ether/etherpad-lite" yunohost = ">= 11.2" architectures = "all" multi_instance = true + ldap = true + sso = true -disk = "50M" + +disk = "200M" ram.build = "2G" ram.runtime = "50M" @@ -50,7 +53,7 @@ ram.runtime = "50M" ask.fr = "Choisissez la langue de l'application" type = "select" choices = ["ca", "de", "en", "es", "fr", "gl", "hu", "it", "nl", "pt"] - default = "en" + default = "fr" [install.admin] type = "user" @@ -60,8 +63,8 @@ ram.runtime = "50M" [resources] [resources.sources.main] - url = "https://github.com/ether/etherpad-lite/archive/1.9.3.tar.gz" - sha256 = "cbc2f7c42b4a1fead1f23c2b3e0a62b80c5b3d2a5c361948b8b223397c692023" + url = "https://github.com/ether/etherpad-lite/archive/refs/tags/v1.9.6.tar.gz" + sha256 = "cd0cb2c9c2c4a8f93972b3f5913ff00cd3733c732195df293c8f56f3ce0a018f" autoupdate.strategy = "latest_github_tag" [resources.ports] @@ -75,6 +78,7 @@ ram.runtime = "50M" admin.url = "/admin" admin.allowed = ["admins"] admin.auth_header = false + admin.show_tile = false [resources.apt] packages = "postgresql" diff --git a/scripts/change_url b/scripts/change_url index 6898805..3f4d2ab 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -32,7 +32,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=6 # Start a systemd service ynh_systemd_action --service_name=$app --action=restart --log_path=systemd --line_match="Your Etherpad version is" -sleep 120 #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 8ce6257..ad5393c 100644 --- a/scripts/install +++ b/scripts/install @@ -81,6 +81,41 @@ ynh_use_logrotate yunohost service add $app --description="Collaborative editor" --log="/var/log/$app/$app.log" +#================================================= +# MODIFY A CONFIG FILE +#================================================= +ynh_script_progression --message="Configuring $app..." --weight=6 + +abiword_path="null" +soffice_path="null" + +if [[ "$export" == "abiword" ]] +then + abiword_path="\"$(which abiword)\"" +elif [[ "$export" == "libreoffice" ]] +then + soffice_path="\"$(which soffice)\"" +fi + +ynh_add_config --template="settings.json" --destination="$install_dir/settings.json" +ynh_add_config --template="credentials.json" --destination="$install_dir/credentials.json" + +chmod 600 "$install_dir/settings.json" +chown $app:$app "$install_dir/settings.json" + +chmod 600 "$install_dir/credentials.json" +chown $app:$app "$install_dir/credentials.json" + +#================================================= +# INSTALL ETHERPAD +#================================================= +ynh_script_progression --message="Installing $app..." --weight=10 + +pushd $install_dir + ynh_use_nodejs + ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH ETHERPAD_PRODUCTION=true src/bin/installDeps.sh +popd + #================================================= # START SYSTEMD SERVICE #================================================= diff --git a/scripts/restore b/scripts/restore index f7b9fca..f57e676 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,7 +19,12 @@ ynh_restore_file --origin_path="$install_dir" # Restore permissions on app files chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" -chmod 400 $install_dir/credentials.json + +chmod 600 "$install_dir/settings.json" +chown $app:$app "$install_dir/settings.json" + +chmod 600 "$install_dir/credentials.json" +chown $app:$app "$install_dir/credentials.json" #================================================= # REINSTALL DEPENDENCIES @@ -56,7 +61,6 @@ yunohost service add $app --description="Collaborative editor" --log="/var/log/$ ynh_script_progression --message="Starting a systemd service..." --weight=8 ynh_systemd_action --service_name=$app --action=restart --log_path=systemd --line_match="Your Etherpad version is" -sleep 60 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 5ce9018..ada6dca 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,6 +24,32 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=42 ynh_systemd_action --service_name=$app --action=stop --log_path="systemd" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=2 + +if [ -z "${language:-}" ]; then + # If upgrading from a version which doesn't support translations, set language to English by default + language=en + ynh_app_setting_set --app=$app --key=language --value=$language +fi + +if [ -z "${export:-}" ]; then + export=none + ynh_app_setting_set --app=$app --key=export --value=$export +fi + +if [ -z "${path:-}" ]; then + path="/" + ynh_app_setting_set --app=$app --key=path --value=$path +fi + +if [ -z "${password:-}" ]; then + password=$(ynh_string_random --length=32) + ynh_app_setting_set --app=$app --key=password --value="$password" +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -31,7 +57,7 @@ ynh_systemd_action --service_name=$app --action=stop --log_path="systemd" if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=1 - # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$install_dir" --keep="settings.json credentials.json" fi @@ -56,14 +82,39 @@ ynh_use_logrotate --non-append yunohost service add $app --description="Collaborative editor" --log="/var/log/$app/$app.log" +#================================================= +# CONFIGURE ETHERPAD +#================================================= +ynh_script_progression --message="Configure $app..." --weight=3 + +abiword_path="null" +soffice_path="null" + +if [[ "$export" == "abiword" ]] +then + abiword_path="\"$(which abiword)\"" +elif [[ "$export" == "libreoffice" ]] +then + soffice_path="\"$(which soffice)\"" +fi + +ynh_add_config --template="settings.json" --destination="$install_dir/settings.json" +ynh_add_config --template="credentials.json" --destination="$install_dir/credentials.json" + +chmod 600 "$install_dir/settings.json" +chown $app:$app "$install_dir/settings.json" + +chmod 600 "$install_dir/credentials.json" +chown $app:$app "$install_dir/credentials.json" + #================================================= # INSTALL ETHERPAD #================================================= -ynh_script_progression --message="Installing $app..." --weight=90 +ynh_script_progression --message="Installing $app..." --weight=60 pushd $install_dir ynh_use_nodejs - ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh + ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH ETHERPAD_PRODUCTION=true src/bin/installDeps.sh popd #================================================= diff --git a/tests.toml b/tests.toml index ab97358..412e10e 100644 --- a/tests.toml +++ b/tests.toml @@ -6,4 +6,15 @@ test_format = 1.0 # Commits to test upgrade from # ------------------------------- - #test_upgrade_from.96653aee9379d579a655777ac274355f4afca61c.name = "Upgrade from 5.4" \ No newline at end of file + args.export = "none" + args.password = "##SuperAdminPassword##" + + #test_upgrade_from.96653aee9379d579a655777ac274355f4afca61c.name = "Upgrade from 5.4" + + [with_abiword] + args.export = "abiword" + only = ["install.root"] + + [with_libreoffice] + args.export = "libreoffice" + only = ["install.root"] \ No newline at end of file