diff --git a/.gitignore b/.gitignore deleted file mode 100644 index b72f9be..0000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.swp diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 94722ed..0000000 --- a/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: python - -before_install: - - git clone https://github.com/YunoHost/package_linter /tmp/package_linter - -script: -- /tmp/package_linter/package_linter.py ./ diff --git a/README.md b/README.md index 7013ae0..907bebb 100644 --- a/README.md +++ b/README.md @@ -1,51 +1,43 @@ + + # Lstu for YunoHost [![Integration level](https://dash.yunohost.org/integration/lstu.svg)](https://dash.yunohost.org/appci/app/lstu) ![](https://ci-apps.yunohost.org/ci/badges/lstu.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lstu.maintain.svg) [![Install Lstu with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lstu) -> *This package allows you to install Lstu quickly and simply on a YunoHost server. +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install Lstu quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -Lstu means Let's Shorten That URL. -**Shipped version:** 0.22-0 +URL Shortener + +**Shipped version:** 0.23-0~ynh1 + +**Demo:** https://lstu.fr ## Screenshots -![](LSTU_screenshot.png) +![](./doc/screenshots/LSTU_screenshot.png) -## Demo - -* [Official demo](https://lstu.fr) +## Disclaimers / important information ## Configuration How to configure this app: a plain file at `/var/www/lstu/lstu.conf` with SSH. -## Documentation +## Documentation and resources - * Official documentation: https://framagit.org/fiat-tux/hat-softwares/lstu/wikis/home - -## YunoHost specific features - -#### Multi-user support - -* Are LDAP and HTTP auth supported? **Yes** -* Can the app be used by multiple users? **Yes** - -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lstu%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/lstu/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lstu%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lstu/) - -## Links - - * Report a bug: https://github.com/YunoHost-Apps/lstu_ynh/issues - * Upstream app repository: https://framagit.org/fiat-tux/hat-softwares/lstu - * YunoHost website: https://yunohost.org/ - ---- +* Official app website: https://lstu.fr +* Official admin documentation: https://framagit.org/fiat-tux/hat-softwares/lstu/wikis/home +* Upstream app code repository: https://framagit.org/fiat-tux/hat-softwares/lstu +* YunoHost documentation for this app: https://yunohost.org/app_lstu +* Report a bug: https://github.com/YunoHost-Apps/lstu_ynh/issues ## Developer info @@ -58,8 +50,4 @@ or sudo yunohost app upgrade lstu -u https://github.com/YunoHost-Apps/lstu_ynh/tree/testing --debug ``` -## Todo - -- [ ] Allow to choose the database (sqlite or PostgreSQL) -- [ ] Allow to choose to use Minion -- [ ] Add CI stuff +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..59725e8 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,49 @@ +# Lstu pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/lstu.svg)](https://dash.yunohost.org/appci/app/lstu) ![](https://ci-apps.yunohost.org/ci/badges/lstu.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lstu.maintain.svg) +[![Installer Lstu avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lstu) + +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* + +> *Ce package vous permet d'installer Lstu rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Raccourcisseur d'URL + +**Version incluse :** 0.23-0~ynh1 + +**Démo :** https://lstu.fr + +## Captures d'écran + +![](./doc/screenshots/LSTU_screenshot.png) + +## Avertissements / informations importantes + +## Configuration + +Comment configurer cette application : un fichier simple à `/var/www/lstu/lstu.conf` avec SSH. + +## Documentations et ressources + +* Site officiel de l'app : https://lstu.fr +* Documentation officielle de l'admin : https://framagit.org/fiat-tux/hat-softwares/lstu/wikis/home +* Dépôt de code officiel de l'app : https://framagit.org/fiat-tux/hat-softwares/lstu +* Documentation YunoHost pour cette app : https://yunohost.org/app_lstu +* Signaler un bug : https://github.com/YunoHost-Apps/lstu_ynh/issues + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/lstu_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/lstu_ynh/tree/testing --debug +ou +sudo yunohost app upgrade lstu -u https://github.com/YunoHost-Apps/lstu_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/check_process b/check_process index 2306c4b..63e98a0 100644 --- a/check_process +++ b/check_process @@ -1,11 +1,11 @@ ;; Nom du test auto_remove=1 ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - is_public=1 (PUBLIC|public=1|private=0) - theme="milligram" (THEME) - password="verysecretpassword" (PASSWORD) + domain="domain.tld" + path="/path" + is_public=1 + theme="milligram" + password="verysecretpassword" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -14,11 +14,11 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=2d33783907d6de4486ac9e954ebc4b4028e11de8 + #Merge pull request #52 + upgrade=1 from_commit=469fb267ebc496d2c63b10de35aaf3493ce8124f backup_restore=1 multi_instance=1 - port_already_use=1 (8095) change_url=1 ;;; Upgrade options - ; commit=2d33783907d6de4486ac9e954ebc4b4028e11de8 - name=0.21-4~ynh4 + ; commit=469fb267ebc496d2c63b10de35aaf3493ce8124f + name=Merge pull request #52 diff --git a/conf/app.src b/conf/app.src index bb87301..36cf4e6 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lstu/-/archive/0.22-0/lstu-0.22-0.tar.gz -SOURCE_SUM=644315d3a5af0fb5ec1e44c62fdb4f57d8985db75f70e4055eab5993dd405313 +SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lstu/-/archive/0.23-0/lstu-0.23-0.tar.gz +SOURCE_SUM=77bbe521403da22db2753fbeb4939a2decb220e0a21e88b4754a774a9a217c6d SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/lstu.conf.ldap b/conf/lstu.conf.ldap new file mode 100644 index 0000000..2aac266 --- /dev/null +++ b/conf/lstu.conf.ldap @@ -0,0 +1,268 @@ +# vim:set sw=4 ts=4 sts=4 ft=perl expandtab: +{ + #################### + # Hypnotoad settings + #################### + # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings + hypnotoad => { + # array of IP addresses and ports you want to listen to + listen => ['http://127.0.0.1:__PORT__'], + # if you use Lstu behind a reverse proxy like Nginx, you want to set proxy to 1 + # if you use Lstu directly, let it commented + #proxy => 1, + }, + + # put a way to contact you here and uncomment it + # MANDATORY + contact => 'webmaster@__DOMAIN__', + + # array of random strings used to encrypt cookies + # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT + secrets => ['__SECRET__'], + + # secret passphrase to access some admin features + # If you don't want to have a plain text password in configuration, + # use hashed_adminpwd instead + # optional, but you won't have access to admin /stats if not set and if hashed_adminpwd is not set either + #adminpwd => 's3cr3T', + + # secret hashed passphrase to access some admin features + # Hash your password by issuing `echo -n s3cr3T | sha256sum` on your terminal + # optional, but you won't have access to admin /stats if not set and if adminpwd is not set either + hashed_adminpwd => '__HASHED_PASSWORD__', + + # choose a theme. See the available themes in `themes` directory + # optional, default is 'default' + theme => '__THEME__', # default or milligram + + # number of URLs to be displayed per page in /stats + # optional, default is 10 + page_offset => 10, + + # length of the random URL + # optional, default is 8 + length => 8, + + # how many URLs will be provisioned in a batch ? + # optional, default is 5 + #provis_step => 5, + + # max number of URLs to be provisioned + # optional, default is 100 + #provisioning => 100, + + # URL sub-directory in which you want Lstu to be accessible + # example: you want to have Lstu under https://example.org/lstu/ + # => set prefix to '/lstu' or to '/lstu/', it doesn't matter + # optional, defaut is / + prefix => '__PATH__', + + # array of authorized domains for API calls. + # if you want to authorize everyone to use the API: ['*'] + # optional, no domains allowed by default + #allowed_domains => ['http://1.example.com', 'http://2.example.com'], + + # if set, the shortened URLs will use this domain + # optional + #fixed_domain => 'example.org', + + # choose what database you want to use + # valid choices are sqlite, postgresql and mysql (all lowercase) + # optional, default is sqlite + dbtype => 'postgresql', + + # SQLite ONLY - only used if dbtype is set to sqlite + # define a path to the SQLite database + # you can define it relative to lstu directory or set an absolute path + # remember that it has to be in a directory writable by Lstu user + # optional, default is lstu.db + #db_path => 'lstu.db', + + # PostgreSQL ONLY - only used if dbtype is set to postgresql + # these are the credentials to access the PostgreSQL database + # mandatory if you choosed postgresql as dbtype + pgdb => { + database => '__DB_NAME__', + host => 'localhost', + # optional, default is 5432 + #port => 5432, + user => '__DB_USER__', + pwd => '__DB_PWD__', + # optional, default is 1 + #max_connections => 1, + }, + + # MySQL ONLY - only used if dbtype is set to mysql + # these are the credentials to access the MySQL database + # mandatory if you choosed mysql as dbtype + #mysqldb => { + # database => 'lstu', + # host => 'localhost', + # # optional, default is 3306 + # #port => 3306, + # user => 'DBUSER', + # pwd => 'DBPASSWORD', + # # optional, default is 5 (set to 0 to disable persistent connections) + # #max_connections => 5, + #}, + + # Rate-limiting for the API + # After ban_min_strike requests in a second, the IP address will be + # banned for one hour. + # If it continues to query the API during this ban time at least + # ban_min_strike times, it will be banned for a month. + # optional, default is 3 + ban_min_strike => 3, + + # Ban whitelist + # You can whitelist IP addresses to prevent you from being banned + # Be careful, the IP addresses are compared as string, not as IP addresses + # a network range will not work + # Example of valid input: ban_whitelist => ['198.51.100.42', '2001:0DB8::42'],¬ + # optional, default is an empty array + #ban_whitelist => [], + + # Ban blacklist + # You can blacklist IP addresses to always ban those IP addresses + # Be careful, the IP addresses are compared as string, not as IP addresses + # a network range will not work + # Example of valid input: ban_blacklist => ['198.51.100.42', '2001:0DB8::42'],¬ + # optional, default is an empty array + #ban_blacklist => [], + + # define an URL to the Piwik instance and the ID of a website to track + # set if you want to track views in Piwik + # optional, Piwik tracking is disabled by default + #piwik => { + # url => 'http://piwik.example.com', + # idsite => '1', + #}, + + # use Minion instead of directly increase counters + # need to launch a minion worker service if enabled + # optional, Minion is disabled by default + # It will use the same DB type as Lstu: sqlite if you choose sqlite for `dbtype`, + # postgresql for postgresql, etc. + #minion => { + # enabled => 0, + # # SQLite ONLY - only used if if you choose sqlite as DB type, + # # define the path to the minion database + # # you can define it relative to lstu directory or set an absolute path + # # remember that it has to be in a directory writable by Lutim user + # # optional, default is minion.db + # db_path => 'minion.db', + # # PostgreSQL ONLY - only used if you choose postgresql as DB type + # # these are the credentials to access the Minion's PostgreSQL database + # # mandatory if you choosed postgresql as DB type, no default + # pgdb => { + # database => 'lstu_minion', + # host => 'localhost', + # # optional, default is 5432 + # #port => 5432, + # user => 'DBUSER', + # pwd => 'DBPASSWORD' + # }, + # # MySQL ONLY - only used if you choose mysql as DB type + # # these are the credentials to access the Minion's MySQL database + # # mandatory if you choosed mysql as DB type, no default + # mysqldb => { + # database => 'lstu_minion', + # host => 'localhost', + # # optional, default is 3306 + # #port => 3306, + # user => 'DBUSER', + # pwd => 'DBPASSWORD', + # }, + #}, + + # set `ldap` if you want that only authenticated users can shorten URLs + # please note that everybody can still use shortend URLs + # optional, no default + ldap => { + uri => 'ldap://localhost:389', # server URI + user_tree => 'dc=yunohost,dc=org', # search base DN + bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN + # bind_pwd => '', # search bind password + user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) + # user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) + }, + + # set `htpasswd` if you want to use an htpasswd file instead of ldap + # create the file with `htpasswd -c lstu.passwd user`, update it with `htpasswd lstu.passwd user2` + # make sure that lstu can read the file! + # optional, no default + #htpasswd => 'lstu.passwd', + + # if you've set ldap or htpasswd above, the session will last `session_duration` seconds before + # the user needs to reauthenticate + # optional, default is 3600 + #session_duration => 3600, + + # how many redirections are allowed for the shortened URL before considering it as a spam? + # optional, default is 2. Set to -1 to allow infinite redirections (not recommended) + #max_redir => 2, + + # spam blacklist regex. All URLs (or redirection) whose host part matches this regex are considered as spam + # optional, no default + #spam_blacklist_regex => 'foo|bar', + + # spam path blacklist regex. All URLs (or redirection) whose path part matches this regex are considered as spam + # optional, no default + #spam_path_blacklist_regex => 'foo|bar', + + # spam whitelist regex. All URLs (or redirection) whose host part matches this regex will never be considered as spam + # optional, no default + #spam_whitelist_regex => 'foo|bar', + + # set to 1 to skip SpamHaus check (not recommended) + # optional, default is 0 + #skip_spamhaus => 0, + + # put your Google API key to enable Google safebrowsing check + # This will allow Lstu to download the Google safebrowsing database and use a local copy to check the URLs. + # Google does not get the URLs that are checked. + # Instructions to get a key: https://developers.google.com/safe-browsing/v4/get-started + # TL;DR: https://console.developers.google.com/projectselector/apis/library + # optional, no default + #safebrowsing_api_key => '', + + # array of memcached servers to cache URL in order to accelerate responses to often-viewed URL. + # If set to [], the cache is disabled + # optional, default is [] + #memcached_servers => [], + + # Content-Security-Policy header that will be sent by Lstu + # Set to '' to disable CSP header + # https://content-security-policy.com/ provides a good documentation about CSP. + # https://report-uri.com/home/generate provides a tool to generate a CSP header. + # optional, default is "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'" + # the default value is good for `default` and `milligram` themes + #csp => "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; form-action 'self'; base-uri 'self'", + + # X-Frame-Options header that will be sent by Lstu + # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/' + # Set to '' to disable X-Frame-Options header + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly + # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) + # optional, default is 'DENY' + #x_frame_options => 'DENY', + + # X-Content-Type-Options that will be sent by Lstu + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + # Set to '' to disable X-Content-Type-Options header + # optional, default is 'nosniff' + #x_content_type_options => 'nosniff', + + # X-XSS-Protection that will be sent by Lstu + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + # Set to '' to disable X-XSS-Protection header + # optional, default is '1; mode=block' + #x_xss_protection => '1; mode=block', + + # Log creator's IP address + # Set to 1 if you want to register the IP addresses of URL creators + # optional, default is 0 + #log_creator_ip => 0, +}; + diff --git a/conf/lstu.conf.template b/conf/lstu.conf.template index 2a70fbd..1020da4 100644 --- a/conf/lstu.conf.template +++ b/conf/lstu.conf.template @@ -29,11 +29,11 @@ # secret hashed passphrase to access some admin features # Hash your password by issuing `echo -n s3cr3T | sha256sum` on your terminal # optional, but you won't have access to admin /stats if not set and if adminpwd is not set either - hashed_adminpwd => '__PASSWORD_HASHED__', + hashed_adminpwd => '__HASHED_PASSWORD__', # choose a theme. See the available themes in `themes` directory # optional, default is 'default' - theme => '__SELECTED_THEME__', # default or milligram + theme => '__THEME__', # default or milligram # number of URLs to be displayed per page in /stats # optional, default is 10 @@ -178,14 +178,14 @@ # set `ldap` if you want that only authenticated users can shorten URLs # please note that everybody can still use shortend URLs # optional, no default - __IS_PUBLIC__ldap => { - __IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI - __IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN - __IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN - __IS_PUBLIC__# bind_pwd => '', # search bind password - __IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) - __IS_PUBLIC__# user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) - __IS_PUBLIC__}, + #ldap => { + # uri => 'ldap://localhost:389', # server URI + # user_tree => 'dc=yunohost,dc=org', # search base DN + # bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN + # bind_pwd => '', # search bind password + # user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) + # user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) + #}, # set `htpasswd` if you want to use an htpasswd file instead of ldap # create the file with `htpasswd -c lstu.passwd user`, update it with `htpasswd lstu.passwd user2` diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..2d34b90 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,3 @@ +## Configuration + +How to configure this app: a plain file at `/var/www/lstu/lstu.conf` with SSH. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..9c5d939 --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,3 @@ +## Configuration + +Comment configurer cette application : un fichier simple à `/var/www/lstu/lstu.conf` avec SSH. diff --git a/LSTU_screenshot.png b/doc/screenshots/LSTU_screenshot.png similarity index 100% rename from LSTU_screenshot.png rename to doc/screenshots/LSTU_screenshot.png diff --git a/manifest.json b/manifest.json index a0a80a1..9fc2577 100644 --- a/manifest.json +++ b/manifest.json @@ -6,15 +6,22 @@ "en": "URL Shortener", "fr": "Raccourcisseur d'URL" }, - "version": "0.22-0~ynh2", + "version": "0.23-0~ynh1", "url": "https://lstu.fr", + "upstream": { + "license": "WTFPL", + "website": "https://lstu.fr", + "demo": "https://lstu.fr", + "admindoc": "https://framagit.org/fiat-tux/hat-softwares/lstu/wikis/home", + "code": "https://framagit.org/fiat-tux/hat-softwares/lstu" + }, "license": "WTFPL", "maintainer": { "name": "frju365", "email": "abld@abld.info" }, "requirements": { - "yunohost": ">= 4.0" + "yunohost": ">= 4.2.4" }, "multi_instance": true, "services": [ @@ -25,29 +32,17 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Lstu", - "fr": "Choisissez un domaine pour Lstu" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Lstu", - "fr": "Choisissez un chemin pour Lstu" - }, "example": "/lstu", "default": "/lstu" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": false }, { @@ -66,10 +61,7 @@ { "name": "password", "type": "password", - "ask": { - "en": "Choose a password", - "fr": "Choisissez un mot de passe" - } + "example": "Choose a password" } ] } diff --git a/scripts/actions/change_password b/scripts/actions/change_password index 7c00784..dbd4551 100755 --- a/scripts/actions/change_password +++ b/scripts/actions/change_password @@ -49,7 +49,7 @@ ynh_app_setting_set $app hashed_password $hashed_password # RELOAD NGINX #================================================= -ynh_systemd_action -n $app -a reload -l "Reloaded Shortened URLs service." -p "systemd" +ynh_systemd_action --service_name=$app --action="reload" --log_path="systemd" --line_match="Server available at" #================================================= # END OF SCRIPT diff --git a/scripts/actions/change_theme b/scripts/actions/change_theme index b806867..6c72973 100755 --- a/scripts/actions/change_theme +++ b/scripts/actions/change_theme @@ -48,7 +48,7 @@ ynh_app_setting_set $app theme $theme # RELOAD NGINX #================================================= -ynh_systemd_action -n $app -a reload -l "Reloaded Shortened URLs service." -p "systemd" +ynh_systemd_action --service_name=$app --action="reload" --log_path="systemd" --line_match="Server available at" #================================================= # END OF SCRIPT diff --git a/scripts/actions/public_private b/scripts/actions/public_private index 72f7555..4091fa5 100755 --- a/scripts/actions/public_private +++ b/scripts/actions/public_private @@ -50,25 +50,12 @@ fi # MOVE TO PUBLIC OR PRIVATE #================================================= -ynh_backup_if_checksum_is_different "$final_path/lstu.conf" -cp conf/lstu.conf.template "${final_path}/lstu.conf" -ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lstu.conf" -ynh_replace_string "__PATH__" "$path_url" "${final_path}/lstu.conf" -ynh_replace_string "__PORT__" "$port" "${final_path}/lstu.conf" -ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lstu.conf" -ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lstu.conf" -ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lstu.conf" -ynh_replace_string "__SELECTED_THEME__" "$theme" "${final_path}/lstu.conf" -ynh_replace_string "__PASSWORD_HASHED__" "$hashed_password" "${final_path}/lstu.conf" - -ynh_replace_string "__SECRET__" "$secret" "${final_path}/lstu.conf" if [ $is_public -eq 0 ]; then - ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lstu.conf" + ynh_add_config --template="../conf/lstu.conf.ldap" --destination="$final_path/lstu.conf" else - ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lstu.conf" + ynh_add_config --template="../conf/lstu.conf.template" --destination="$final_path/lstu.conf" fi -ynh_store_file_checksum "${final_path}/lstu.conf" if [ $is_public -eq 0 ]; then public_private="private" @@ -100,7 +87,7 @@ ynh_app_setting_set $app is_public $is_public # RELOAD NGINX #================================================= -ynh_systemd_action -n $app -a reload -l "Reloaded Shortened URLs service." -p "systemd" +ynh_systemd_action --service_name=$app --action="reload" --log_path="systemd" --line_match="Server available at" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 7549132..cc17ea1 100644 --- a/scripts/install +++ b/scripts/install @@ -85,7 +85,14 @@ db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) # Password created in ynh_psql_setup_db function + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -96,6 +103,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -104,14 +115,6 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # SPECIFIC SETUP #================================================= @@ -119,27 +122,13 @@ ynh_system_user_create --username=$app #================================================= ynh_script_progression --message="Configuring Lstu..." -config="${final_path}/lstu.conf" -cp ../conf/lstu.conf.template "$config" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" -ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config" -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config" -ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config" -ynh_replace_string --match_string="__SELECTED_THEME__" --replace_string="$theme" --target_file="$config" -ynh_replace_string --match_string="__PASSWORD_HASHED__" --replace_string="$hashed_password" --target_file="$config" -ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config" - if [ $is_public -eq 0 ]; then - ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" + ynh_add_config --template="../conf/lstu.conf.ldap" --destination="$final_path/lstu.conf" else - ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config" + ynh_add_config --template="../conf/lstu.conf.template" --destination="$final_path/lstu.conf" fi -ynh_store_file_checksum --file="$config" - #================================================= # INSTALL LSTU #================================================= @@ -157,16 +146,6 @@ ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -chown -R $app: $final_path - #================================================= # SETUP LOGROTATE #================================================= @@ -193,9 +172,10 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --l #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." + +ynh_permission_update --permission="main" --add="visitors" -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" if [ $is_public -eq 0 ] then # If the app is private, only the shortened URLs are publics. diff --git a/scripts/restore b/scripts/restore index 4696e08..5267ba7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -53,6 +53,14 @@ ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -60,21 +68,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= -ynh_script_progression --message="Restoring user rights..." - -# Restore permissions on app files -chown -R $app: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # SPECIFIC RESTORATION @@ -115,7 +111,7 @@ yunohost service add $app --log="/var/log/$app.log" --log="/var/www/$app/log/pro #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server available at" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Server available at" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index bc04e31..7cd33f4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -40,15 +40,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app @@ -97,6 +88,13 @@ then ynh_exec_warn_less yunohost firewall disallow TCP $port fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -121,6 +119,14 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -130,9 +136,13 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$final_path" #--keep="$final_path/lstu.conf" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -149,42 +159,17 @@ ynh_script_progression --message="Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= -# CREATE DEDICATED USER +# CONFIGURE LSTU #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# SPECIFIC UPGRADE -#================================================= -# UPGRADE LSTU CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading lstu configuration..." - -config="${final_path}/lstu.conf" -ynh_backup_if_checksum_is_different --file="$config" -cp ../conf/lstu.conf.template "$config" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" -ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config" -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config" -ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config" -ynh_replace_string --match_string="__SELECTED_THEME__" --replace_string="$theme" --target_file="$config" -ynh_replace_string --match_string="__PASSWORD_HASHED__" --replace_string="$hashed_password" --target_file="$config" -ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config" +ynh_script_progression --message="Configuring Lstu..." if [ $is_public -eq 0 ]; then - ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" + ynh_add_config --template="../conf/lstu.conf.ldap" --destination="$final_path/lstu.conf" else - ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config" + ynh_add_config --template="../conf/lstu.conf.template" --destination="$final_path/lstu.conf" fi -ynh_store_file_checksum --file="$config" - #================================================= # BUILD LSU #================================================= @@ -210,16 +195,6 @@ ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions on app files -chown -R $app: $final_path - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -232,7 +207,8 @@ yunohost service add $app --log="/var/log/$app.log" --log="/var/www/$app/log/pro #================================================= ynh_script_progression --message="Upgrading SSOwat configuration..." -ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_permission_update --permission="main" --add="visitors" + if [ $is_public -eq 0 ] then # If the app is private, only the shortened URLs are publics.