Fix

conf/lstu.conf.ldap

@@ -0,0 +1,268 @@
+# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
+{
+    ####################
+    # Hypnotoad settings
+    ####################
+    # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
+    hypnotoad => {
+        # array of IP addresses and ports you want to listen to
+        listen => ['http://127.0.0.1:__PORT__'],
+        # if you use Lstu behind a reverse proxy like Nginx, you want to set proxy to 1
+        # if you use Lstu directly, let it commented
+        #proxy  => 1,
+    },
+
+    # put a way to contact you here and uncomment it
+    # MANDATORY
+    contact => 'webmaster@__DOMAIN__',
+
+    # array of random strings used to encrypt cookies
+    # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
+    secrets => ['__SECRET__'],
+
+    # secret passphrase to access some admin features
+    # If you don't want to have a plain text password in configuration,
+    # use hashed_adminpwd instead
+    # optional, but you won't have access to admin /stats if not set and if hashed_adminpwd is not set either
+    #adminpwd      => 's3cr3T',
+
+    # secret hashed passphrase to access some admin features
+    # Hash your password by issuing `echo -n s3cr3T | sha256sum` on your terminal
+    # optional, but you won't have access to admin /stats if not set and if adminpwd is not set either
+    hashed_adminpwd => '__HASHED_PASSWORD__',
+
+    # choose a theme. See the available themes in `themes` directory
+    # optional, default is 'default'
+    theme         => '__THEME__', # default or milligram
+
+    # number of URLs to be displayed per page in /stats
+    # optional, default is 10
+    page_offset   => 10,
+
+    # length of the random URL
+    # optional, default is 8
+    length            => 8,
+
+    # how many URLs will be provisioned in a batch ?
+    # optional, default is 5
+    #provis_step       => 5,
+
+    # max number of URLs to be provisioned
+    # optional, default is 100
+    #provisioning      => 100,
+
+    # URL sub-directory in which you want Lstu to be accessible
+    # example: you want to have Lstu under https://example.org/lstu/
+    # => set prefix to '/lstu' or to '/lstu/', it doesn't matter
+    # optional, defaut is /
+    prefix       => '__PATH__',
+
+    # array of authorized domains for API calls.
+    # if you want to authorize everyone to use the API: ['*']
+    # optional, no domains allowed by default
+    #allowed_domains   => ['http://1.example.com', 'http://2.example.com'],
+
+    # if set, the shortened URLs will use this domain
+    # optional
+    #fixed_domain => 'example.org',
+
+    # choose what database you want to use
+    # valid choices are sqlite, postgresql and mysql (all lowercase)
+    # optional, default is sqlite
+    dbtype => 'postgresql',
+
+    # SQLite ONLY - only used if dbtype is set to sqlite
+    # define a path to the SQLite database
+    # you can define it relative to lstu directory or set an absolute path
+    # remember that it has to be in a directory writable by Lstu user
+    # optional, default is lstu.db
+    #db_path           => 'lstu.db',
+
+    # PostgreSQL ONLY - only used if dbtype is set to postgresql
+    # these are the credentials to access the PostgreSQL database
+    # mandatory if you choosed postgresql as dbtype
+    pgdb => {
+        database => '__DB_NAME__',
+        host     => 'localhost',
+        # optional, default is 5432
+        #port     => 5432,
+        user     => '__DB_USER__',
+        pwd      => '__DB_PWD__',
+        # optional, default is 1
+        #max_connections => 1,
+    },
+
+    # MySQL ONLY - only used if dbtype is set to mysql
+    # these are the credentials to access the MySQL database
+    # mandatory if you choosed mysql as dbtype
+    #mysqldb => {
+    #    database => 'lstu',
+    #    host     => 'localhost',
+    #    # optional, default is 3306
+    #    #port     => 3306,
+    #    user     => 'DBUSER',
+    #    pwd      => 'DBPASSWORD',
+    #    # optional, default is 5 (set to 0 to disable persistent connections)
+    #    #max_connections => 5,
+    #},
+
+    # Rate-limiting for the API
+    # After ban_min_strike requests in a second, the IP address will be
+    # banned for one hour.
+    # If it continues to query the API during this ban time at least
+    # ban_min_strike times, it will be banned for a month.
+    # optional, default is 3
+    ban_min_strike    => 3,
+
+    # Ban whitelist
+    # You can whitelist IP addresses to prevent you from being banned
+    # Be careful, the IP addresses are compared as string, not as IP addresses
+    # a network range will not work
+    # Example of valid input: ban_whitelist => ['198.51.100.42', '2001:0DB8::42'],¬
+    # optional, default is an empty array
+    #ban_whitelist => [],
+
+    # Ban blacklist
+    # You can blacklist IP addresses to always ban those IP addresses
+    # Be careful, the IP addresses are compared as string, not as IP addresses
+    # a network range will not work
+    # Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬
+    # optional, default is an empty array
+    #ban_blacklist => [],
+
+    # define an URL to the Piwik instance and the ID of a website to track
+    # set if you want to track views in Piwik
+    # optional, Piwik tracking is disabled by default
+    #piwik => {
+    #    url    => 'http://piwik.example.com',
+    #    idsite => '1',
+    #},
+
+    # use Minion instead of directly increase counters
+    # need to launch a minion worker service if enabled
+    # optional, Minion is disabled by default
+    # It will use the same DB type as Lstu: sqlite if you choose sqlite for `dbtype`,
+    # postgresql for postgresql, etc.
+    #minion => {
+    #    enabled => 0,
+    #    # SQLite ONLY - only used if if you choose sqlite as DB type,
+    #    # define the path to the minion database
+    #    # you can define it relative to lstu directory or set an absolute path
+    #    # remember that it has to be in a directory writable by Lutim user
+    #    # optional, default is minion.db
+    #    db_path => 'minion.db',
+    #    # PostgreSQL ONLY - only used if you choose postgresql as DB type
+    #    # these are the credentials to access the Minion's PostgreSQL database
+    #    # mandatory if you choosed postgresql as DB type, no default
+    #    pgdb => {
+    #        database => 'lstu_minion',
+    #        host     => 'localhost',
+    #        # optional, default is 5432
+    #        #port     => 5432,
+    #        user     => 'DBUSER',
+    #        pwd      => 'DBPASSWORD'
+    #    },
+    #    # MySQL ONLY - only used if you choose mysql as DB type
+    #    # these are the credentials to access the Minion's MySQL database
+    #    # mandatory if you choosed mysql as DB type, no default
+    #    mysqldb => {
+    #        database => 'lstu_minion',
+    #        host     => 'localhost',
+    #        # optional, default is 3306
+    #        #port     => 3306,
+    #        user     => 'DBUSER',
+    #        pwd      => 'DBPASSWORD',
+    #    },
+    #},
+
+    # set `ldap` if you want that only authenticated users can shorten URLs
+    # please note that everybody can still use shortend URLs
+    # optional, no default
+    ldap => {
+        uri         => 'ldap://localhost:389',          # server URI
+        user_tree   => 'dc=yunohost,dc=org',            # search base DN
+        bind_dn     => 'ou=users,dc=yunohost,dc=org',   # search bind DN
+    #   bind_pwd    => '',                              # search bind password
+        user_attr   => 'uid',                           # user attribute (uid, mail, sAMAccountName, etc.)
+    #   user_filter => '(!(uid=ldap_user))',           # user filter (to exclude some users, etc.)
+    },
+
+    # set `htpasswd` if you want to use an htpasswd file instead of ldap
+    # create the file with `htpasswd -c lstu.passwd user`, update it with `htpasswd lstu.passwd user2`
+    # make sure that lstu can read the file!
+    # optional, no default
+    #htpasswd => 'lstu.passwd',
+
+    # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before
+    # the user needs to reauthenticate
+    # optional, default is 3600
+    #session_duration => 3600,
+
+    # how many redirections are allowed for the shortened URL before considering it as a spam?
+    # optional, default is 2. Set to -1 to allow infinite redirections (not recommended)
+    #max_redir => 2,
+
+    # spam blacklist regex. All URLs (or redirection) whose host part matches this regex are considered as spam
+    # optional, no default
+    #spam_blacklist_regex => 'foo|bar',
+
+    # spam path blacklist regex. All URLs (or redirection) whose path part matches this regex are considered as spam
+    # optional, no default
+    #spam_path_blacklist_regex => 'foo|bar',
+
+    # spam whitelist regex. All URLs (or redirection) whose host part matches this regex will never be considered as spam
+    # optional, no default
+    #spam_whitelist_regex => 'foo|bar',
+
+    # set to 1 to skip SpamHaus check (not recommended)
+    # optional, default is 0
+    #skip_spamhaus => 0,
+
+    # put your Google API key to enable Google safebrowsing check
+    # This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs.
+    # Google does not get the URLs that are checked.
+    # Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started
+    # TL;DR: https://console.developers.google.com/projectselector/apis/library
+    # optional, no default
+    #safebrowsing_api_key => '',
+
+    # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL.
+    # If set to [], the cache is disabled
+    # optional, default is []
+    #memcached_servers => [],
+
+    # Content-Security-Policy header that will be sent by Lstu
+    # Set to '' to disable CSP header
+    # https://content-security-policy.com/ provides a good documentation about CSP.
+    # https://report-uri.com/home/generate provides a tool to generate a CSP header.
+    # optional, default is "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'"
+    # the default value is good for `default` and `milligram` themes
+    #csp => "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'",
+
+    # X-Frame-Options header that will be sent by Lstu
+    # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/'
+    # Set to '' to disable X-Frame-Options header
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+    # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly
+    # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors)
+    # optional, default is 'DENY'
+    #x_frame_options => 'DENY',
+
+    # X-Content-Type-Options that will be sent by Lstu
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+    # Set to '' to disable X-Content-Type-Options header
+    # optional, default is 'nosniff'
+    #x_content_type_options => 'nosniff',
+
+    # X-XSS-Protection that will be sent by Lstu
+    # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+    # Set to '' to disable X-XSS-Protection header
+    # optional, default is '1; mode=block'
+    #x_xss_protection => '1; mode=block',
+
+    # Log creator's IP address
+    # Set to 1 if you want to register the IP addresses of URL creators
+    # optional, default is 0
+    #log_creator_ip => 0,
+};
+

conf/lstu.conf.template

@@ -178,14 +178,14 @@
     # set `ldap` if you want that only authenticated users can shorten URLs
     # please note that everybody can still use shortend URLs
     # optional, no default
-    __IS_PUBLIC__ldap => {
-    __IS_PUBLIC__    uri         => 'ldap://localhost:389',          # server URI
-    __IS_PUBLIC__    user_tree   => 'dc=yunohost,dc=org',            # search base DN
-    __IS_PUBLIC__    bind_dn     => 'ou=users,dc=yunohost,dc=org',   # search bind DN
-    __IS_PUBLIC__#   bind_pwd    => '',                              # search bind password
-    __IS_PUBLIC__    user_attr   => 'uid',                           # user attribute (uid, mail, sAMAccountName, etc.)
-    __IS_PUBLIC__#    user_filter => '(!(uid=ldap_user))',           # user filter (to exclude some users, etc.)
-    __IS_PUBLIC__},
+    #ldap => {
+    #   uri         => 'ldap://localhost:389',          # server URI
+    #    user_tree   => 'dc=yunohost,dc=org',            # search base DN
+    #    bind_dn     => 'ou=users,dc=yunohost,dc=org',   # search bind DN
+    #    bind_pwd    => '',                              # search bind password
+    #    user_attr   => 'uid',                           # user attribute (uid, mail, sAMAccountName, etc.)
+    #    user_filter => '(!(uid=ldap_user))',           # user filter (to exclude some users, etc.)
+    #},
 
     # set `htpasswd` if you want to use an htpasswd file instead of ldap
     # create the file with `htpasswd -c lstu.passwd user`, update it with `htpasswd lstu.passwd user2`

scripts/install

@@ -122,27 +122,13 @@ ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Configuring Lstu..."
 
-config="${final_path}/lstu.conf"
-cp ../conf/lstu.conf.template "$config"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
-ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
-ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
-ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
-ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
-ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
-ynh_replace_string --match_string="__THEME__" --replace_string="$theme" --target_file="$config"
-ynh_replace_string --match_string="__HASHED_PASSWORD__" --replace_string="$hashed_password" --target_file="$config"
-ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
-
 if [ $is_public -eq 0 ];
 then
-	ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
+	ynh_add_config --template="../conf/lstu.conf.ldap" --destination="$final_path/lstu.conf"
 else
-	ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
+	ynh_add_config --template="../conf/lstu.conf.template" --destination="$final_path/lstu.conf"
 fi
 
-ynh_store_file_checksum --file="$config"
-
 #=================================================
 # INSTALL LSTU
 #=================================================

scripts/upgrade

@@ -158,35 +158,6 @@ ynh_script_progression --message="Upgrading dependencies..."
 
 ynh_install_app_dependencies $pkg_dependencies
 
-#=================================================
-# SPECIFIC UPGRADE
-#=================================================
-# UPGRADE LSTU CONFIGURATION
-#=================================================
-# ynh_script_progression --message="Upgrading lstu configuration..."
-
-# config="${final_path}/lstu.conf"
-# ynh_backup_if_checksum_is_different --file="$config"
-# cp ../conf/lstu.conf.template "$config"
-# ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
-# ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
-# ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
-# ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name"  --target_file="$config"
-# ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user"  --target_file="$config"
-# ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
-# ynh_replace_string --match_string="__THEME__" --replace_string="$theme" --target_file="$config"
-# ynh_replace_string --match_string="__HASHED_PASSWORD__" --replace_string="$hashed_password" --target_file="$config"
-# ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
-
-# if [ $is_public -eq 0 ];
-# then
-# 	ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
-# else
-# 	ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
-# fi
-
-# ynh_store_file_checksum --file="$config"
-
 #=================================================
 # BUILD LSU
 #=================================================