diff --git a/README.md b/README.md index 05827eb..622a17f 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ It shall NOT be edited by hand. Fab-manager is the Fab Lab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks, and document your marker's projects. -**Shipped version:** 5.6.5~ynh2 +**Shipped version:** 6.3.22~ynh1 **Demo:** diff --git a/README_es.md b/README_es.md index be55229..84b4725 100644 --- a/README_es.md +++ b/README_es.md @@ -19,7 +19,7 @@ No se debe editar a mano. Fab-manager is the Fab Lab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks, and document your marker's projects. -**Versión actual:** 5.6.5~ynh2 +**Versión actual:** 6.3.22~ynh1 **Demo:** diff --git a/README_eu.md b/README_eu.md index 18763ae..9df1ddb 100644 --- a/README_eu.md +++ b/README_eu.md @@ -19,7 +19,7 @@ EZ editatu eskuz. Fab-manager is the Fab Lab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks, and document your marker's projects. -**Paketatutako bertsioa:** 5.6.5~ynh2 +**Paketatutako bertsioa:** 6.3.22~ynh1 **Demoa:** diff --git a/README_fr.md b/README_fr.md index 1830161..6a86652 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Il NE doit PAS être modifié à la main. Fab-manager is the Fab Lab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks, and document your marker's projects. -**Version incluse :** 5.6.5~ynh2 +**Version incluse :** 6.3.22~ynh1 **Démo :** diff --git a/README_gl.md b/README_gl.md index eaf9af8..7860523 100644 --- a/README_gl.md +++ b/README_gl.md @@ -19,7 +19,7 @@ NON debe editarse manualmente. Fab-manager is the Fab Lab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks, and document your marker's projects. -**Versión proporcionada:** 5.6.5~ynh2 +**Versión proporcionada:** 6.3.22~ynh1 **Demo:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 02824a4..3247869 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -19,7 +19,7 @@ Fab-manager is the Fab Lab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks, and document your marker's projects. -**分发版本:** 5.6.5~ynh2 +**分发版本:** 6.3.22~ynh1 **演示:** diff --git a/conf/dot_env b/conf/dot_env new file mode 100644 index 0000000..2f94fc1 --- /dev/null +++ b/conf/dot_env @@ -0,0 +1,76 @@ +# Add application configuration variables here, as shown below. +# This file is read by dotenv + +# Databases +POSTGRES_HOST=localhost +POSTGRES_PASSWORD=__DB_PWD__ +REDIS_HOST=localhost +ELASTICSEARCH_HOST=localhost + +SECRET_KEY_BASE=__SECRET_KEY_BASE__ + +# Stripe keys for tests +STRIPE_API_KEY= +STRIPE_PUBLISHABLE_KEY= + +# oAuth SSO keys for tests +OAUTH_CLIENT_ID=github-oauth-app-id +OAUTH_CLIENT_SECRET=github-oauth-app-secret +OIDC_CLIENT_ID=oidc-client-id +OIDC_CLIENT_SECRET=oidc-client-secret + +# Configure carefully! +DEFAULT_HOST=__DOMAIN__ +DEFAULT_PROTOCOL=https + +# Email config +DELIVERY_METHOD=smtp +SMTP_ADDRESS=localhost +SMTP_PORT=25 +SMTP_USER_NAME=__APP__ +SMTP_PASSWORD=__MAIL_PWD__ +SMTP_AUTHENTICATION=plain +SMTP_ENABLE_STARTTLS_AUTO=false +SMTP_OPENSSL_VERIFY_MODE= +SMTP_TLS=false + +# I18N configuration +RAILS_LOCALE=fr +APP_LOCALE=fr +MOMENT_LOCALE=fr +SUMMERNOTE_LOCALE=fr-FR +ANGULAR_LOCALE=fr-fr +FULLCALENDAR_LOCALE=fr +INTL_LOCALE=fr-FR +INTL_CURRENCY=EUR +FORCE_VERSION_CHECK=false +ALLOW_INSECURE_HTTP=false + +POSTGRESQL_LANGUAGE_ANALYZER=french + +TIME_ZONE=Paris +WEEK_STARTING_DAY=monday +D3_DATE_FORMAT=%d/%m/%y +UIB_DATE_FORMAT=dd/MM/yyyy +EXCEL_DATE_FORMAT=dd/mm/yyyy + +# OpenLab Projects +# do not change this URL +OPENLAB_BASE_URI=https://openprojects.fab-manager.com +OPENLAB_SSL_VERIFY=true + +# System settings +LOG_LEVEL=debug +RAILS_LOG_TO_STDOUT=true +DISK_SPACE_MB_ALERT=1024 +ADMINSYS_EMAIL=__ADMIN_MAIL__ +ENABLE_SENTRY=false + +# 5242880 = 5 megabytes +MAX_IMPORT_SIZE=5242880 +# 10485760 = 10 megabytes +MAX_IMAGE_SIZE=10485760 +# 20971520 = 20 megabytes +MAX_CAO_SIZE=20971520 +# 5242880 = 5 megabytes +MAX_SUPPORTING_DOCUMENT_FILE_SIZE=5242880 diff --git a/conf/fab-manager-app.service b/conf/fab-manager-app.service index 0df694a..1c319d7 100644 --- a/conf/fab-manager-app.service +++ b/conf/fab-manager-app.service @@ -8,9 +8,11 @@ User=__APP__ WorkingDirectory=__INSTALL_DIR__ Environment="__LD_PRELOAD__" Environment="__YNH_RUBY_LOAD_PATH__" +EnvironmentFile=__INSTALL_DIR__/.env Environment="RAILS_ENV=production" + ExecStartPre=-rm -f __INSTALL_DIR__/tmp/pids/server.pid -ExecStart=__INSTALL_DIR__/bin/bundle exec rails s puma -p __PORT__ -b 127.0.0.1 +ExecStart=__INSTALL_DIR__/bin/bundle exec rails server -u puma -p __PORT__ -b 127.0.0.1 ExecReload=/bin/kill -SIGUSR1 $MAINPID TimeoutSec=15 Restart=always diff --git a/conf/fab-manager-worker.service b/conf/fab-manager-worker.service index 8254fc8..5760b90 100644 --- a/conf/fab-manager-worker.service +++ b/conf/fab-manager-worker.service @@ -8,7 +8,9 @@ User=__APP__ WorkingDirectory=__INSTALL_DIR__ Environment="__LD_PRELOAD__" Environment="__YNH_RUBY_LOAD_PATH__" +EnvironmentFile=__INSTALL_DIR__/.env Environment="RAILS_ENV=production" + ExecStart=__INSTALL_DIR__/bin/bundle exec sidekiq -C __INSTALL_DIR__/config/sidekiq.yml TimeoutSec=15 Restart=always diff --git a/conf/secrets.yml b/conf/secrets.yml index bdc877a..36e4da1 100644 --- a/conf/secrets.yml +++ b/conf/secrets.yml @@ -40,4 +40,3 @@ production: disk_space_mb_alert: 1024 adminsys_email: '__ADMIN_MAIL__' allow_insecure_http: false - locked_settings: <%= ENV.fetch("LOCKED_SETTINGS", 'uuid,origin').split(/,/) %> diff --git a/manifest.toml b/manifest.toml index 7192848..dae3160 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Fab-manager" description.en = "Fab Lab management solution" description.fr = "Solution de gestion de Fab Lab" -version = "5.6.5~ynh2" +version = "6.3.22~ynh1" maintainers = [] @@ -22,8 +22,10 @@ code = "https://github.com/sleede/fab-manager" yunohost = ">= 11.2.12" architectures = "all" multi_instance = false + ldap = false sso = false + disk = "50M" ram.build = "50M" ram.runtime = "50M" @@ -46,8 +48,8 @@ ram.runtime = "50M" [resources] [resources.sources.main] - url = "https://api.github.com/repos/sleede/fab-manager/tarball/v5.6.5" - sha256 = "dc6ae9fefd893975ee2b70c5b327a37b3d585dcf223ddffe75cc0b570771102d" + url = "https://github.com/sleede/fab-manager/archive/refs/tags/v6.3.22.tar.gz" + sha256 = "5ba874b2c9a80c80dcea2af51d8e8ece3fbacd43de3f359bea8f6612194b62c4" autoupdate.strategy = "latest_github_tag" @@ -83,6 +85,8 @@ ram.runtime = "50M" # For Ruby "libjemalloc-dev", + "libffi-dev", + "libyaml-dev", "curl", "build-essential", "libreadline-dev", diff --git a/scripts/_common.sh b/scripts/_common.sh index 375c5cf..2dc6fb7 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,10 +4,8 @@ # COMMON VARIABLES #================================================= -ruby_version="2.6.10" -bundler_version=2.1.4 - -nodejs_version="14" +ruby_version="3.2.2" +nodejs_version="18" # Workaround for Mastodon on Bullseye # See https://github.com/mastodon/mastodon/issues/15751#issuecomment-873594463 @@ -27,30 +25,44 @@ fi # PERSONAL HELPERS #================================================= +check_password_policy() { + password="$1" + # 12 caractères minimum, au moins une lettre majuscule, une lettre minuscule, un chiffre et un caractère spécial + + msg="" + if (( ${#password} < 10 )); then + msg="is too short" + elif [[ $password != *[[:digit:]]* ]]; then + msg="does not contain any digit" + elif [[ $password != *[[:lower:]]* ]]; then + msg="does not contain any lower case letter" + elif [[ $password != *[[:upper:]]* ]]; then + msg="does not contain any upper case letter" + elif [[ "$password" =~ ^[0-9a-zA-Z]*$ ]]; then + msg="does not contain any special character" + fi + + if [ -n "$msg" ]; then + ynh_die "Password should have min 12 chars, at least one lowercase, one uppercase, one digit and one special character, but it $msg." + fi +} + +env_ruby() { + ynh_exec_as "$app" "$ynh_ruby_load_path" "$@" +} + + fabmanager_build_ruby() { pushd "$install_dir" ynh_use_ruby - ynh_exec_warn_less $ynh_gem install "bundler:$bundler_version" - ynh_exec_warn_less bin/bundle config --global frozen 1 - ynh_exec_warn_less bin/bundle config set --local without 'development test doc' - ynh_exec_warn_less bin/bundle install - ynh_exec_warn_less bin/bundle binstubs --all - popd -} + $ynh_gem update --system --no-document + $ynh_gem install bundler rake --no-document -fabmanager_seed_db() { - pushd "$install_dir" - ynh_replace_string --match_string="DateTime.current" --replace_string="DateTime.current - 1.days" --target_file="$install_dir/db/seeds.rb" - ynh_exec_warn_less ynh_exec_as "$app" env RAILS_ENV=production "$ynh_ruby_load_path" $ld_preload \ - bin/bundle exec rake db:seed ADMIN_EMAIL="$admin_mail" ADMIN_PASSWORD="$password" - popd -} - -fabmanager_migrate_db() { - pushd "$install_dir" - ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH SUPERUSER;" - ynh_exec_warn_less ynh_exec_as "$app" env RAILS_ENV=production "$ynh_ruby_load_path" $ld_preload bin/bundle exec rake db:migrate - ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH NOSUPERUSER;" + env_ruby bin/bundle config --global frozen 1 + env_ruby bin/bundle config set without 'development test doc' + env_ruby bin/bundle config set path 'vendor/bundle' + env_ruby bin/bundle install + env_ruby bin/bundle binstubs --all popd } @@ -58,13 +70,30 @@ fabmanager_build_ui() { pushd "$install_dir" ynh_use_nodejs ynh_exec_warn_less ynh_exec_as "$app" env "$ynh_node_load_PATH" yarn install - #ynh_exec_warn_less ynh_exec_as "$app" env RAILS_ENV=production "$ynh_ruby_load_path" $ld_preload yarn install - #ynh_exec_warn_less ynh_exec_as "$app" env RAILS_ENV=production "$ynh_ruby_load_path" $ld_preload bin/webpack - ynh_exec_warn_less ynh_exec_as "$app" env RAILS_ENV=production "$ynh_ruby_load_path" $ld_preload bin/bundle exec rake assets:precompile + env_ruby bash -c "set -a; source '$install_dir/.env'; set +a ; RAILS_ENV=production bin/bundle exec rake assets:precompile" ynh_exec_warn_less ynh_exec_as "$app" env "$ynh_node_load_PATH" yarn cache clean --all popd } +fabmanager_seed_db() { + pushd "$install_dir" + ynh_replace_string --match_string="DateTime.current" --replace_string="DateTime.current - 1.days" --target_file="$install_dir/db/seeds.rb" + # Need superuser for the extensions configuration… + ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH SUPERUSER;" + env_ruby bash -c "set -a; source '$install_dir/.env'; set +a ; RAILS_ENV=production ADMIN_EMAIL='$admin_mail' ADMIN_PASSWORD='$password' bin/bundle exec rails db:schema:load" + ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH NOSUPERUSER;" + env_ruby bash -c "set -a; source '$install_dir/.env'; set +a ; RAILS_ENV=production ADMIN_EMAIL='$admin_mail' ADMIN_PASSWORD='$password' bin/bundle exec rails db:seed" + popd +} + +fabmanager_migrate_db() { + pushd "$install_dir" + ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH SUPERUSER;" + env_ruby bash -c "set -a; source '$install_dir/.env'; set +a ; RAILS_ENV=production bin/bundle exec rails db:migrate" + ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH NOSUPERUSER;" + popd +} + #================================================= # EXPERIMENTAL HELPERS diff --git a/scripts/install b/scripts/install index df39714..a8e77ae 100755 --- a/scripts/install +++ b/scripts/install @@ -16,6 +16,8 @@ admin_mail=$(ynh_user_get_info --username="$admin" --key=mail) secret_key_base=$(ynh_string_random --length=30) ynh_app_setting_set --app="$app" --key="secret_key_base" --value="$secret_key_base" +check_password_policy "$password" + #================================================= # INSTALL DEPENDENCIES #================================================= @@ -25,17 +27,6 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version="$nodejs_version" ynh_script_progression --message="Installing Ruby..." --weight=4 ynh_exec_warn_less ynh_install_ruby --ruby_version="$ruby_version" -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Configuring $app's PostgreSQL database..." --weight=1 - -ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH SUPERUSER;" -ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS unaccent;" -ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" -ynh_psql_execute_as_root --database="$db_name" --sql="CREATE EXTENSION IF NOT EXISTS fuzzystrmatch;" -ynh_psql_execute_as_root --database="$db_name" --sql="ALTER USER $db_user WITH NOSUPERUSER;" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -55,9 +46,13 @@ chown -R "$app:www-data" "$data_dir" #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="secrets.yml" --destination="$install_dir/config/secrets.yml" -chmod 400 "$install_dir/config/secrets.yml" -chown "$app:$app" "$install_dir/config/secrets.yml" +# ynh_add_config --template="secrets.yml" --destination="$install_dir/config/secrets.yml" +# chmod 400 "$install_dir/config/secrets.yml" +# chown "$app:$app" "$install_dir/config/secrets.yml" + +ynh_add_config --template="dot_env" --destination="$install_dir/.env" +chmod 400 "$install_dir/.env" +chown "$app:$app" "$install_dir/.env" ynh_add_config --template="database.yml" --destination="$install_dir/config/database.yml" chmod 400 "$install_dir/config/database.yml" @@ -69,12 +64,11 @@ chown "$app:$app" "$install_dir/config/database.yml" ynh_script_progression --message="Building app..." --weight=7 fabmanager_build_ruby - -fabmanager_migrate_db -fabmanager_seed_db - fabmanager_build_ui +fabmanager_seed_db +# fabmanager_migrate_db + ynh_secure_remove --file="$install_dir/.cache" #=================================================