Merge pull request #1 from YunoHost-Apps/master

g

conf/nginx.conf

@@ -1,22 +1,22 @@
 location ^~ YNH_WWW_PATH {
-    root /var/www;
-    try_files $uri $uri/ /YNH_WWW_APP/index.php?$query_string;
-    index /YNH_WWW_APP/index.php;
+    alias YNH_WWW_FINALPATH/ ;
+    try_files $uri $uri/ /YNH_WWW_ROOTAPP/index.php?$query_string;
+    index /YNH_WWW_ROOTAPP/index.php;
     
-    location YNH_WWW_PATH/ { try_files $uri $uri/ /YNH_WWW_APP/index.php?$query_string; }
-    location YNH_WWW_PATH/api { try_files $uri $uri/ /YNH_WWW_APP/api.php?$query_string; }
-    location YNH_WWW_PATH/admin { try_files $uri $uri/ /YNH_WWW_APP/admin.php?$query_string; }
+    location YNH_WWW_ROOTPATH/ { try_files $uri $uri/ /YNH_WWW_ROOTAPP/index.php?$query_string; }
+    location YNH_WWW_ROOTPATH/api { try_files $uri $uri/ /YNH_WWW_ROOTAPP/api.php?$query_string; }
+    location YNH_WWW_ROOTPATH/admin { try_files $uri $uri/ /YNH_WWW_ROOTAPP/admin.php?$query_string; }
 
-    location YNH_WWW_PATH/flarum {
+    location YNH_WWW_ROOTPATH/flarum {
         deny all;
         return 404;
     }
 
     location ~* \.php$ {
         fastcgi_split_path_info ^(.+.php)(/.+)$;
-        fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock;
+        fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_ROOTAPP.sock;
         include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_FILENAME $request_filename;
         fastcgi_param HTTP_PROXY ""; # Fix for https://httpoxy.org/ vulnerability
         fastcgi_index index.php;
         fastcgi_read_timeout 600;
@@ -56,5 +56,5 @@ location ^~ YNH_WWW_PATH {
 
 
   # Include SSOWAT user panel.
-  include conf.d/yunohost_panel.conf.inc;
+  # include conf.d/yunohost_panel.conf.inc;
 }

conf/nginx_root.conf

@@ -1,60 +0,0 @@
-root /var/www/YNH_WWW_APP;
-location ^~ / {
-    try_files $uri $uri/ /index.php?$query_string;
-    index /index.php;
-
-    location / { try_files $uri $uri/ /index.php?$query_string; }    
-    location /api { try_files $uri $uri/ /api.php?$query_string; }
-    location /admin { try_files $uri $uri/ /admin.php?$query_string; }
-
-    location /flarum {
-        deny all;
-        return 404;
-    }
-
-    location ~* \.php$ {
-        fastcgi_split_path_info ^(.+.php)(/.+)$;
-        fastcgi_pass unix:/var/run/php5-fpm-YNH_WWW_APP.sock;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param HTTP_PROXY ""; # Fix for https://httpoxy.org/ vulnerability
-        fastcgi_index index.php;
-        fastcgi_read_timeout 600;
-    }
-    
-    location ~* \.html$ {
-        expires -1;
-    }
-
-    location ~* \.(css|js|gif|jpe?g|png)$ {
-        expires 1M;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
-    }
-
-    gzip on;
-    gzip_http_version 1.1;
-    gzip_vary on;
-    gzip_comp_level 6;
-    gzip_proxied any;
-    gzip_types application/atom+xml
-               application/javascript
-               application/json
-               application/vnd.ms-fontobject
-               application/x-font-ttf
-               application/x-web-app-manifest+json
-               application/xhtml+xml
-               application/xml
-               font/opentype
-               image/svg+xml
-               image/x-icon
-               text/css
-               text/plain
-               text/xml;
-    gzip_buffers 16 8k;
-    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
-
-
-  # Include SSOWAT user panel.
-  include conf.d/yunohost_panel.conf.inc;
-}

hooks/post_user_create

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -e
+
+# Retrieve arguments
+username=$1
+app=#APP#
+
+# Source app helpers
+source /usr/share/yunohost/helpers
+
+domain=$(</etc/yunohost/current_host)
+path=$(ynh_app_setting_get $app path)
+
+# Adding trailing slash to path
+len=${#path}-1
+if [ "${path:len}" != "/" ]; then
+  path=$path"/"
+fi
+
+userpass=$(ynh_string_random 16)
+usermail=$(ynh_user_get_info $username 'mail')
+data='{"data":{"attributes":{"username":"'$username'","email":"'$usermail'","password":"'$userpass'","ssowat_id":"'$username'"}}}'
+curl -k -i \
+     -H "Content-Type: application/json" \
+     -H "Authentication: Token $roottoken" \
+     -X POST -d "$data" \
+     -L https://${domain}${path}api/users
+usersql="UPDATE users SET ssowat_id = '$username' WHERE username = '$username'"
+ynh_mysql_execute_as_root "$usersql" $dbname

manifest.json

@@ -9,7 +9,7 @@
     },
     "url": "http://flarum.org/",
     "license": "MIT",
-    "version": "0.1.0-beta.5",
+    "version": "0.1.0-beta.6",
     "maintainer": {
         "name": "Titus PiJean",
         "email": "tituspijean@outlook.com"
@@ -50,24 +50,13 @@
                 "name": "admin",
                 "type": "user",
                 "ask": {
-                    "en": "Choose an admin user",
+                    "en": "Choose the admin user",
                     "fr": "Choisissez l’administrateur",
                     "de": "Wählen einen Administrator"
                 },
                 "example": "johndoe",
                 "optional": true
             },
-            {
-                "name": "adminpass",
-                "type": "password",
-                "ask": {
-                    "en": "Put your password",
-                    "fr": "Insérez votre mot de passe",
-                    "de": "Einfügen eure Passwort"
-                },
-                "example": "******",
-                "optional": true
-            },
             {
                 "name": "title",
                 "ask": {

scripts/.functions

@@ -0,0 +1,227 @@
+#!/bin/bash
+
+CHECK_VAR () {	# Vérifie que la variable n'est pas vide.
+# $1 = Variable à vérifier
+# $2 = Texte à afficher en cas d'erreur
+	test -n "$1" || (echo "$2" >&2 && false)
+}
+
+EXIT_PROPERLY () {	# Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus.
+	exit_code=$?
+	if [ "$exit_code" -eq 0 ]; then
+			exit 0	# Quitte sans erreur si le script se termine correctement.
+	fi
+	trap '' EXIT
+	set +eu
+	echo -e "\e[91m \e[1m"	# Shell in light red bold
+	echo -e "!!\n  $app install's script has encountered an error. Installation was cancelled.\n!!" >&2
+
+	if type -t CLEAN_SETUP > /dev/null; then	# Vérifie l'existance de la fonction avant de l'exécuter.
+		CLEAN_SETUP	# Appel la fonction de nettoyage spécifique du script install.
+	fi
+
+	# Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation.
+	sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json
+
+	ynh_die
+}
+
+TRAP_ON () {	# Activate signal capture
+	set -eu	# Exit if a command fail, and if a variable is used unset.
+	trap EXIT_PROPERLY EXIT	# Capturing exit signals on shell script
+}
+
+# Ignore the yunohost-cli log to prevent errors with conditionals commands
+# usage: NO_LOG COMMAND
+# Simply duplicate the log, execute the yunohost command and replace the log without the result of this command
+# It's a very badly hack...
+# Petite copie perso à mon usage ;)
+NO_LOG() {
+  ynh_cli_log=/var/log/yunohost/yunohost-cli.log
+  sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move
+  eval $@
+  exit_code=$?
+  sudo mv ${ynh_cli_log}-move ${ynh_cli_log}
+  return $?
+}
+
+CHECK_USER () {	# Vérifie la validité de l'user admin
+# $1 = Variable de l'user admin.
+	ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false)
+}
+
+CHECK_PATH () {	# Vérifie la présence du / en début de path. Et son absence à la fin.
+	if [ "${path:0:1}" != "/" ]; then    # Si le premier caractère n'est pas un /
+		path="/$path"    # Ajoute un / en début de path
+	fi
+	if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then    # Si le dernier caractère est un / et que ce n'est pas le seul caractère.
+		path="${path:0:${#path}-1}"	# Supprime le dernier caractère
+	fi
+}
+
+CHECK_DOMAINPATH () {	# Vérifie la disponibilité du path et du domaine.
+	sudo yunohost app checkurl $domain$path -a $app
+}
+
+CHECK_FINALPATH () {	# Vérifie que le dossier de destination n'est pas déjà utilisé.
+	final_path=/var/www/$app
+	if [ -e "$final_path" ]
+	then
+		echo "This path already contains a folder" >&2
+		false
+	fi
+}
+
+GENERATE_DB () {	# Créer une base de données et un utilisateur dédié au nom de l'app.
+# $1 = Nom de la base de donnée
+	db_user=$1
+	db_user=${db_user//-/_}	# mariadb ne supporte pas les - dans les noms de base de données. Ils sont donc remplacé par des _
+	# Génère un mot de passe aléatoire.
+# 	db_pwd=$(head -n20 /dev/urandom | tr -c -d 'A-Za-z0-9' | head -c20)
+	db_pwd=$(ynh_string_random)
+	CHECK_VAR "$db_pwd" "db_pwd empty"
+	# Utilise '$app' comme nom d'utilisateur et de base de donnée
+	# Initialise la base de donnée et stocke le mot de passe mysql.
+	ynh_mysql_create_db "$db_user" "$db_user" $db_pwd
+	ynh_app_setting_set $app mysqlpwd $db_pwd
+}
+
+SETUP_SOURCE () {	# Télécharge la source, décompresse et copie dans $final_path
+# $1 = Nom de l'archive téléchargée.
+	wget -nv -i ../sources/source_url -O $1
+	# Vérifie la somme de contrôle de la source téléchargée.
+	md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false)
+	# Décompresse la source
+	if [ "$(echo ${1##*.})" == "gz" ]; then
+		tar -x -f $1
+	elif [ "$(echo ${1##*.})" == "zip" ]; then
+		unzip -q $1
+	else
+		false	# Format d'archive non pris en charge.
+	fi
+	# Copie les fichiers sources
+	sudo cp -a $(cat ../sources/source_dir)/. "$final_path"
+	# Copie les fichiers additionnels ou modifiés.
+	if test -e "../sources/ajouts"; then
+		sudo cp -a ../sources/ajouts/. "$final_path"
+	fi
+}
+
+ADD_SYS_USER () {   # Créer un utilisateur système dédié à l'app
+        if ! ynh_system_user_exists "$app"	# Test l'existence de l'utilisateur
+        then
+            sudo useradd -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin || (echo "Unable to create $app system account" >&2 && false)
+        fi
+}
+
+POOL_FPM () {	# Créer le fichier de configuration du pool php-fpm et le configure.
+	sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf
+	sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf
+	sed -i "s@__USER__@$app@g" ../conf/php-fpm.conf
+	finalphpconf=/etc/php5/fpm/pool.d/$app.conf
+	sudo cp ../conf/php-fpm.conf $finalphpconf
+	sudo chown root: $finalphpconf
+	finalphpini=/etc/php5/fpm/conf.d/20-$app.ini
+	sudo cp ../conf/php-fpm.ini $finalphpini
+	sudo chown root: $finalphpini
+	sudo service php5-fpm reload
+}
+
+STORE_MD5_CONFIG () {	# Enregistre la somme de contrôle du fichier de config
+# $1 = Nom du fichier de conf pour le stockage dans settings.yml
+# $2 = Nom complet et chemin du fichier de conf.
+	ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1)
+}
+
+CHECK_MD5_CONFIG () {	# Créé un backup du fichier de config si il a été modifié.
+# $1 = Nom du fichier de conf pour le stockage dans settings.yml
+# $2 = Nom complet et chemin du fichier de conf.
+	if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then
+		sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"	# Si le fichier de config a été modifié, créer un backup.
+	fi
+}
+
+FIND_PORT () {	# Cherche un port libre.
+# $1 = Numéro de port pour débuter la recherche.
+	port=$1
+	while ! sudo yunohost app checkport $port ; do
+		port=$((port+1))
+	done
+	CHECK_VAR "$port" "port empty"
+}
+
+
+### REMOVE SCRIPT
+
+REMOVE_NGINX_CONF () {	# Suppression de la configuration nginx
+	if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then	# Delete nginx config
+		echo "Delete nginx config"
+		sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
+#		sudo service nginx reload
+	fi
+}
+
+REMOVE_FPM_CONF () {	# Suppression de la configuration du pool php-fpm
+	if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then	# Delete fpm config
+		echo "Delete fpm config"
+		sudo rm "/etc/php5/fpm/pool.d/$app.conf"
+	fi
+	if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then	# Delete php config
+		echo "Delete php config"
+		sudo rm "/etc/php5/fpm/conf.d/20-$app.ini"
+	fi
+#	sudo service php5-fpm reload
+}
+
+REMOVE_LOGROTATE_CONF () {	# Suppression de la configuration de logrotate
+	if [ -e "/etc/logrotate.d/$app" ]; then
+		echo "Delete logrotate config"
+		sudo rm "/etc/logrotate.d/$app"
+	fi
+}
+
+SECURE_REMOVE () {      # Suppression de dossier avec vérification des variables
+	chaine="$1"	# L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables.
+	no_var=0
+	while (echo "$chaine" | grep -q '\$')	# Boucle tant qu'il y a des $ dans la chaine
+	do
+		no_var=1
+		global_var=$(echo "$chaine" | cut -d '$' -f 2)	# Isole la première variable trouvée.
+		only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)')	# Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse surtout du / et d'un éventuel chemin derrière.
+		real_var=$(eval "echo ${only_var}")		# `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable.
+		if test -z "$real_var" || [ "$real_var" = "/" ]; then
+			echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
+			return 1
+		fi
+		chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@")	# remplace la variable par sa valeur dans la chaine.
+	done
+	if [ "$no_var" -eq 1 ]
+	then
+		if [ -e "$chaine" ]; then
+			echo "Delete directory $chaine"
+			sudo rm -r "$chaine"
+		fi
+		return 0
+	else
+		echo "No detected variable." >&2
+		return 1
+	fi
+}
+
+REMOVE_BDD () {	# Suppression de la base de donnée et de l'utilisateur associé.
+# $1 = Nom de la base de donnée
+	# Utilise '$app' comme nom d'utilisateur et de base de donnée
+	db_user=$1
+	if mysqlshow -u root -p$(sudo cat $MYSQL_ROOT_PWD_FILE) | grep -q "^| $db_user"; then
+		echo "Delete db"
+		ynh_mysql_drop_db $db_user
+		ynh_mysql_drop_user $db_user
+	fi
+}
+
+REMOVE_SYS_USER () {   # Supprime l'utilisateur système dédié à l'app
+    if ynh_system_user_exists "$app"	# Test l'existence de l'utilisateur
+    then
+    	sudo userdel $app
+    fi
+}

scripts/backup

@@ -13,6 +13,12 @@ source /usr/share/yunohost/helpers
 # Note: the last argument is where to save this path, see the restore script.
 ynh_backup "/var/www/${app}" "sources"
 
+# Backup of composer
+#
+# TO BE VALIDATED AND TESTED
+ynh_backup "/opt/flarum_composer" "flarum_composer" 
+ynh_backup "/usr/local/bin/composer" "local_composer" 
+
 ### MySQL ###
 # If a MySQL database is used:
 # # Dump the database

scripts/install

@@ -1,7 +1,10 @@
 #!/bin/bash
 
-# Exit on command errors and treat unset variables as an error
-set -eu
+# Load extra functions
+source .functions       
+
+# Activate TRAP to stop the script if an error is detected
+TRAP_ON
 
 # This is a multi-instance app, meaning it can be installed several times independently
 # The id of the app as stated in the manifest is available as $YNH_APP_ID
@@ -19,21 +22,35 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$YNH_APP_ARG_DOMAIN
 path=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
-adminpass=$YNH_APP_ARG_ADMINPASS
 title=$YNH_APP_ARG_TITLE
 is_public=$YNH_APP_ARG_IS_PUBLIC
-final_path=/var/www/$app
+www_path=/var/www
+final_path=$www_path/$app
 
-# Source YunoHost helpers
+# Source YunoHost helpers$
 source /usr/share/yunohost/helpers
 
+# Check variables are not empty
+CHECK_VAR "$app" "app name not set"
+
+# Check validity of admin user
+CHECK_USER "$admin"
+
+# Check and correct path syntax
+CHECK_PATH
+
+# Check availibility of path and domain
+CHECK_DOMAINPATH
+
 # Save app settings
 ynh_app_setting_set "$app" admin "$admin"
 ynh_app_setting_set "$app" is_public "$is_public"
+ynh_app_setting_set "$app" path "$path"
 
-# Check domain/path availability
-sudo yunohost app checkurl "${domain}${path}" -a "$app" \
-    || ynh_die "Path not available: ${domain}${path}"
+
+# Check final_path availibility. Installation stops if it already exists
+CHECK_FINALPATH
+sudo mkdir "$final_path"
 
 tmp=/tmp/flaruminstall
 sudo rm -rf $tmp
@@ -42,9 +59,9 @@ sudo chown -R www-data:www-data $tmp
 sudo chmod -R 755 $tmp
 
 # Prepare composer and cache directories
-sudo mkdir -p /var/www/.composer/cache
-sudo chown -R www-data:www-data /var/www/.composer
-sudo chmod -R 755 /var/www/.composer
+sudo mkdir -p /opt/flarum_composer/cache
+sudo chown -R www-data:www-data /opt/flarum_composer
+sudo chmod -R 755 /opt/flarum_composer
 
 ### composer ###
 if ! type "composer" > /dev/null; then
@@ -54,7 +71,7 @@ if ! type "composer" > /dev/null; then
   ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', '$tmp/composer-setup.php');")
   if [ "$EXPECTED_SIGNATURE" = "$ACTUAL_SIGNATURE" ]
   then
-      sudo su - root -c "grep -q -F 'env[COMPOSER_HOME]= /var/www/.composer' /etc/php5/fpm/php-fpm.conf || sudo echo 'env[COMPOSER_HOME]= /var/www/.composer' >> /etc/php5/fpm/php-fpm.conf"
+      sudo su - root -c "grep -q -F 'env[COMPOSER_HOME]= /opt/flarum_composer' /etc/php5/fpm/php-fpm.conf || sudo echo 'env[COMPOSER_HOME]= /opt/flarum_composer' >> /etc/php5/fpm/php-fpm.conf"
       sudo service php5-fpm reload
       sudo su - www-data -s /bin/bash -c "php $tmp/composer-setup.php --install-dir=$tmp --filename=composer"
       sudo mv $tmp/composer /usr/local/bin
@@ -75,8 +92,7 @@ fi
 ### Install flarum
 cwd=$(pwd)
 sudo su - www-data -s /bin/bash -c "mkdir -p $tmp/$app && cd $tmp/$app && php -d memory_limit=-1 /usr/local/bin/composer create-project flarum/flarum . --stability=beta"
-sudo mkdir $final_path
-sudo mv $tmp/$app $final_path/..
+sudo cp -Rf $tmp/$app $www_path/
 sudo chown -R www-data:www-data $final_path
 cd $cwd
 sudo rm -rf $tmp
@@ -89,15 +105,17 @@ ynh_app_setting_set "$app" mysqlpwd "$dbpass"
 ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
 
 ### Nginx ###
+nginxconf="../conf/nginx.conf"
 if [ $path = "/" ]; then
-nginx_conf=../conf/nginx_root.conf
+    sed -i "s@YNH_WWW_ROOTPATH@@g" ../conf/nginx.conf
+    sed -i "s@/YNH_WWW_ROOTAPP@@g" ../conf/nginx.conf
 else
-nginx_conf=../conf/nginx.conf
+    sed -i "s@YNH_WWW_ROOTPATH@$path@g" ../conf/nginx.conf
+    sed -i "s@YNH_WWW_ROOTAPP@$app@g" ../conf/nginx.conf
 fi
-sed -i "s@YNH_WWW_PATH@$path@g" $nginx_conf
-sed -i "s@YNH_WWW_ALIAS@$app/@g" $nginx_conf
-sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf
-sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf
+sed -i "s@YNH_WWW_PATH@$path@g" $nginxconf
+sed -i "s@YNH_WWW_FINALPATH@$final_path@g" $nginxconf
+sudo cp $nginxconf /etc/nginx/conf.d/$domain.d/$app.conf
 
 ### PHP ###
 sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf
@@ -113,12 +131,18 @@ if [[ $is_public -eq 1 ]]; then
   # unprotected_uris allows SSO credentials to be passed anyway.
   ynh_app_setting_set "$app" unprotected_uris "/"
 fi
+  ynh_app_setting_set "$app" skipped_uris "/api"
+  sudo yunohost app ssowatconf
 
 # Reload services
 sudo service nginx reload
 
+# Install the SSOwat auth extension
+sudo su - www-data -s /bin/bash -c "cd $final_path && composer require 'tituspijean/flarum-ext-auth-ssowat:*@dev'"
+
 ### POST-INSTALL ###
-if [[ -n $adminpass && -n $title ]]; then
+if [[ -n $admin && -n $title ]]; then
+adminpass=$(ynh_string_random 8)
 sed -i "s@YNH_APP_DOMAIN@$domain@g" ../sources/configuration.yml
 sed -i "s@/YNH_WWW_PATH@$path@g" ../sources/configuration.yml
 sed -i "s@YNH_WWW_APP@$app@g" ../sources/configuration.yml
@@ -134,7 +158,58 @@ sudo rm $final_path/configuration.yml
 
 # Generate and add root token for user creation and deletion
 roottoken=$(ynh_string_random 40)
+apitablesql="CREATE TABLE IF NOT EXISTS api_keys (api_key TEXT(40) NOT NULL UNIQUE)"
 rootsql="INSERT INTO api_keys VALUES ('"$roottoken"')"
+ynh_mysql_execute_as_root "$apitablesql" $dbname
 ynh_mysql_execute_as_root "$rootsql" $dbname
 ynh_app_setting_set "$app" root_token "$roottoken"
 fi
+
+# Configure SSOwat auth extension
+ssowatdomain=$(</etc/yunohost/current_host)
+data='{"flarum-ext-auth-ssowat.address": "'$ssowatdomain'"}'
+rep=$(curl -s -o /dev/null -w "%{http_code}" -k -i \
+    -H "Content-Type: application/json" \
+    -H "Authorization: Token $roottoken; userId=1" \
+    -X POST -d "$data" \
+    -L https://${domain}${path}/api/settings )
+echo $path
+exit 0
+if [[ $rep != 204 ]]; then
+    echo "SSOwat domain setting failed"
+    exit 1
+fi
+data='{"flarum-ext-auth-ssowat.onlyUse": true}'
+rep=$(curl -s -o /dev/null -w "%{http_code}" -k -i \
+    -H "Content-Type: application/json" \
+    -H "Authorization: Token $roottoken; userId=1" \
+    -X POST -d "$data" \
+    -L https://${domain}${path}/api/settings )
+if [[ $rep != 204 ]]; then
+    echo "SSOwat auth exclusivity failed"
+    exit 1
+fi
+
+# Enable the selected admin to login with SSOwat
+adminsql="UPDATE users SET ssowat_id = '$admin' WHERE username = '$admin'"
+ynh_mysql_execute_as_root "$adminsql" $dbname
+
+# Create missing users
+for username in $(ynh_user_list); do
+    if [ "$username" == "$admin" ]; then continue; else
+        userpass=$(ynh_string_random 16)
+        usermail=$(ynh_user_get_info $username 'mail')
+        data='{"data":{"attributes":{"username":"'$username'","email":"'$usermail'","password":"'$userpass'"}}}'
+        rep=$(curl -s -o /dev/null -w "%{http_code}" -k -i \
+                   -H "Content-Type: application/json" \
+                   -H "Authentication: Token $roottoken" \
+                   -X POST -d "$data" \
+                   -L https://${domain}${path}/api/users )
+        if [[ $rep != 201 ]]; then
+            echo "Flarum account creation failed for $username"
+            exit 1
+        fi
+    usersql="UPDATE users SET ssowat_id = '$username' WHERE username = '$username'"
+    ynh_mysql_execute_as_root "$usersql" $dbname
+    fi
+done

scripts/remove

@@ -12,6 +12,8 @@ domain=$(ynh_app_setting_get "$app" domain)
 # Remove sources
 sudo rm -rf /tmp/composerinstall
 sudo rm -rf /var/www/$app
+sudo rm -rf /opt/flarum_composer
+sudo rm -rf /usr/local/bin/composer
 
 # Remove nginx configuration file
 sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf

scripts/restore

@@ -24,6 +24,13 @@ sudo yunohost app checkurl "${domain}${path}" -a "$app" \
 src_path="/var/www/${app}"
 sudo cp -a ./sources "$src_path"
 
+# Restore composer
+#
+# TO BE TESTED AND VALIDATED
+#
+cp -a ./flarum_composer /opt/flarum_composer
+cp -a ./local_composer /usr/local/bin/composer
+
 # Restore permissions to app files
 # you may need to make some file and/or directory writeable by www-data (nginx user)
 sudo chown -R root: "$src_path"

scripts/upgrade

@@ -3,6 +3,8 @@
 # Exit on command errors and treat unset variables as an error
 set -eu
 
+source .functions
+
 # See comments in install script
 app=$YNH_APP_INSTANCE_NAME
 
@@ -14,10 +16,9 @@ domain=$(ynh_app_setting_get "$app" domain)
 path=$(ynh_app_setting_get "$app" path)
 admin=$(ynh_app_setting_get "$app" admin)
 is_public=$(ynh_app_setting_get "$app" is_public)
-language=$(ynh_app_setting_get "$app" language)
 
-# Remove trailing "/" for next commands
-path=${path%/}
+# Check path and correct if required
+CHECK_PATH
 
 # Copy source files
 src_path=/var/www/$app
@@ -26,16 +27,29 @@ sudo cp -a ../sources/. $src_path
 
 # Set permissions to app files
 # you may need to make some file and/or directory writeable by www-data (nginx user)
-sudo chown -R root: $src_path
+sudo chown -R www-data:www-data $src_path
+sudo chmod -R 755 $src_path 
 
 # Modify Nginx configuration file and copy it to Nginx conf directory
-nginx_conf=../conf/nginx.conf
-sed -i "s@YNH_WWW_PATH@$path@g" $nginx_conf
-sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf
+### Nginx ###
+if [ $path = "/" ]; then
+nginxconf="../conf/nginx.conf"
+if [ $path = "/" ]; then
+    sed -i "s@YNH_WWW_ROOTPATH@@g" ../conf/nginx.conf
+    sed -i "s@/YNH_WWW_ROOTAPP@@g" ../conf/nginx.conf
+else
+    sed -i "s@YNH_WWW_ROOTPATH@$path@g" ../conf/nginx.conf
+    sed -i "s@YNH_WWW_ROOTAPP@$app@g" ../conf/nginx.conf
+fi
+sed -i "s@YNH_WWW_PATH@$path@g" $nginxconf
+sed -i "s@YNH_WWW_FINALPATH@$final_path@g" $nginxconf
+sudo cp $nginxconf /etc/nginx/conf.d/$domain.d/$app.conf
+
 # If a dedicated php-fpm process is used:
 #
 sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf
 sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf
+sudo chmod 644 /etc/nginx/conf.d/$domain.d/$app.conf
 
 ### PHP ###
 # If a dedicated php-fpm process is used:
@@ -46,7 +60,7 @@ finalphpconf=/etc/php5/fpm/pool.d/$app.conf
 sudo cp ../conf/php-fpm.conf $finalphpconf
 sudo chown root: $finalphpconf
 sudo chmod 644 $finalphpconf
-sudo service php5-fpm restart
+sudo service php5-fpm reload
 ### PHP end ###
 
 # If app is public, add url to SSOWat conf as skipped_uris