From 535d23a56d2bb9976a39fdaeb24e2c463a8fbd43 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:04:16 +0100 Subject: [PATCH 01/16] check_process update --- check_process | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/check_process b/check_process index db2a351..7a44d79 100644 --- a/check_process +++ b/check_process @@ -4,8 +4,7 @@ domain="domain.tld" (DOMAIN) path="/path" (PATH) is_public="Yes" (PUBLIC|public=Yes|private=No) - admin="john" (USER) - + max_file_size=100 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -14,24 +13,20 @@ setup_private=1 setup_public=1 upgrade=1 + upgrade=1 from_commit=1d53901957efcf8861b10efc8d3f081cadd2ba9e backup_restore=1 - multi_instance=0 - wrong_user=1 - wrong_path=1 + multi_instance=1 incorrect_path=1 - corrupt_source=1 - fail_download_source=1 - port_already_use=1 - final_path_already_use=1 + port_already_use=1 (8095) + change_url=1 ;;; Levels Level 1=auto Level 2=auto Level 3=auto - Level 4=na - Level 5=1 -# level 5: le test ne semble pas tout à fait savoir ce qu'est vraiment un "exit". + Level 4=1 + Level 5=auto Level 6=auto Level 7=auto Level 8=0 Level 9=0 - Level 10=0 + Level 10=0 From 26d226f65af056fc625cc5be8947ce10f227a119 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:04:26 +0100 Subject: [PATCH 02/16] manifest update --- manifest.json | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/manifest.json b/manifest.json index 59aeedc..eddf33a 100644 --- a/manifest.json +++ b/manifest.json @@ -3,13 +3,13 @@ "id": "lufi", "packaging_format": 1, "requirements": { - "yunohost": ">= 2.4" + "yunohost": ">= 3.2" }, "description": { "en": "Self hosting files and sharing anonymous application", "fr": "Application d'hébergement et de partage de fichiers anonyme" }, - "version": "0.6 dev", + "version": "0.03.5", "url": "https://git.framasoft.org/luc/lufi", "license": "AGPL", "maintainer": { @@ -21,7 +21,7 @@ "nginx" ], "arguments": { - "install" : [ + "install": [ { "name": "domain", "type": "domain", @@ -42,23 +42,24 @@ "default": "/lufi" }, { - "name": "admin", - "type": "user", + "name": "max_file_size", + "type": "int", "ask": { - "en": "Choose the Lufi administrator (must be an existing YunoHost user)", - "fr": "Choisissez un administrateur Lufi (doit être un utilisateur YunoHost)" + "en": "Choose a max file size, in Mo", + "fr": "Choisissez une taille de fichier maximum chemin, en Mo" }, - "example": "john" + "example": "100", + "default": 100 }, - { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, - "default": true - } + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Is it a public application?", + "fr": "Est-ce une application publique ?" + }, + "default": true + } ] } -} +} \ No newline at end of file From fd1da4c7ae2b3dd8ceaf030e2a7bf1119774a830 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:04:44 +0100 Subject: [PATCH 03/16] conf files update --- conf/app.src | 7 +- conf/lufi.conf.template | 139 ++++++++++++++++++++++--- conf/nginx.conf | 21 ++-- conf/{lufi.service => systemd.service} | 8 +- 4 files changed, 137 insertions(+), 38 deletions(-) rename conf/{lufi.service => systemd.service} (51%) diff --git a/conf/app.src b/conf/app.src index 5901248..50cce5a 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,5 @@ -SOURCE_URL=https://framagit.org/luc/lufi/-/archive/7efebff4bfa3722796a80a783fb332d6e50d41de/lufi-7efebff4bfa3722796a80a783fb332d6e50d41de.tar.gz -SOURCE_SUM=cf69c08ae7aa2e696b5c275fc7d3bedf74946361e0114f819266c43ce33fac72 +SOURCE_URL=https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/0.03.5/lufi-0.03.5.tar.gz +SOURCE_SUM=aeb4bb4e7b4d5a7a12a7b8a49578e98c4ef8b6cb606b266b4531767a6ea6debe SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip +SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/lufi.conf.template b/conf/lufi.conf.template index 7052d31..4fc1e86 100644 --- a/conf/lufi.conf.template +++ b/conf/lufi.conf.template @@ -6,19 +6,31 @@ # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings hypnotoad => { # array of IP addresses and ports you want to listen to + # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock' listen => ['http://127.0.0.1:__PORT__'], - # if you use Lufi behind a reverse proxy like Nginx, you want ro set proxy to 1 + # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1 # if you use Lufi directly, let it commented - proxy => 1, + proxy => 1, + + # Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers + # to adjust this to your server + workers => 30, + clients => 1, }, # put a way to contact you here and uncomment it + # you can put some HTML in it # MANDATORY - contact => 'webmaster@__DOMAIN__', + contact => 'Contact page', + + # put an URL or an email address to receive file reports and uncomment it + # it's for make reporting illegal files easy for users + # MANDATORY + report => 'webmaster@__DOMAIN__', # array of random strings used to encrypt cookies # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT - secrets => ['__SECRET__'], + secrets => ['__SECRET__'], # choose a theme. See the available themes in `themes` directory # optional, default is 'default' @@ -43,7 +55,7 @@ # max file size, in octets # you can write it 100*1024*1024 # optional, no default - #max_file_size => 104857600, + max_file_size => __MAX_FILE_SIZE__*1024*1024, # if you want to have piwik statistics, provide a piwik image tracker # only the image tracker is allowed, no javascript @@ -78,7 +90,7 @@ # example: you want to have Lufi under https://example.org/lufi/ # => set prefix to '/lufi' or to '/lufi/', it doesn't matter # optional, defaut is / - prefix => '__PATH__', + prefix => '__PATH__', # array of authorized domains for API calls. # if you want to authorize everyone to use the API: ['*'] @@ -102,12 +114,48 @@ # Optional, default to no-reply@lufi.io #mail_sender => 'no-reply@lufi.io', + # choose what database you want to use + # valid choices are sqlite, postgresql and mysql (all lowercase) + # optional, default is sqlite + dbtype => 'postgresql', + + # SQLite ONLY - only used if dbtype is set to sqlite # define a path to the SQLite database # you can define it relative to lufi directory or set an absolute path # remember that it has to be in a directory writable by Lufi user # optional, default is lufi.db #db_path => 'lufi.db', + # PostgreSQL ONLY - only used if dbtype is set to postgresql + # these are the credentials to access the PostgreSQL database + # mandatory if you choosed postgresql as dbtype + pgdb => { + database => '__DB_NAME__', + host => 'localhost', + # optional, default is 5432 + #port => 5432, + user => '__DB_USER__', + pwd => '__DB_PWD__', + # https://mojolicious.org/perldoc/Mojo/Pg#max_connections + # optional, default is 1 + #max_connections => 1, + }, + + # MySQL ONLY - only used if dbtype is set to mysql + # these are the credentials to access the MySQL database + # mandatory if you choosed mysql as dbtype + #mysqldb => { + # database => 'lufi', + # host => 'localhost', + # # optional, default is 3306 + # #port => 3306, + # user => 'DBUSER', + # pwd => 'DBPASSWORD', + # # https://metacpan.org/pod/Mojo::mysql#max_connections + # # optional, default is 5 (set to 0 to disable persistent connections) + # #max_connections => 5, + #}, + # define a path to the upload directory, where the uploaded files will be stored # you can define it relative to lufi directory or set an absolute path # remember that it has to be in a directory writable by Lufi user @@ -118,20 +166,79 @@ # set `ldap` if you want that only authenticated users can upload files # please note that everybody can still download files # optional, no default - #ldap => { - # uri => 'ldaps://ldap.example.org', - # user_tree => 'ou=users,dc=example,dc=org', - # bind_dn => ',ou=users,dc=example,dc=org', - # bind_user => 'uid=ldap_user', - # bind_pwd => 'secr3t', - # user_filter => '!(uid=ldap_user)' - #}, + __IS_PUBLIC__ldap => { + __IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI + __IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN + __IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN + __IS_PUBLIC__ #bind_pwd => 'secr3t', # search bind password + __IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) + __IS_PUBLIC__ #user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) + __IS_PUBLIC__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls + __IS_PUBLIC__ # don't set or uncomment if you don't want to configure it + __IS_PUBLIC__ #start_tls => { + __IS_PUBLIC__ # verify => 'optional', + __IS_PUBLIC__ # clientcert => '/etc/ssl/certs/ca-bundle.pem' + __IS_PUBLIC__ #} + __IS_PUBLIC__}, + + # set `htpasswd` if you want to use an htpasswd file instead of ldap + # see 'man htpasswd' to know how to create such file + #htpasswd => 'lufi.passwd', # if you've set ldap above, the session will last `session_duration` seconds before # the user needs to reauthenticate # optional, default is 3600 #session_duration => 3600, + # allow to add a password on files, asked before allowing to download files + # optional, default is 0 + allow_pwd_on_files => 1, + + # force all files to be in "Burn after reading mode" + # optional, default is 0 + #force_burn_after_reading => 0, + + # if set, the files' URLs will always use this domain + # optional, no default + #fixed_domain => 'example.org', + + # abuse reasons + # set an integer in the abuse field of a file in the database and it will not be downloadable anymore + # the reason will be displayed to the downloader, according to the reasons you will configure here. + # optional, no default + #abuse => { + # 0 => 'Copyright infringment', + # 1 => 'Illegal content', + #}, + + # Content-Security-Policy header that will be sent by Lufi + # Set to '' to disable CSP header + # https://content-security-policy.com/ provides a good documentation about CSP. + # https://report-uri.com/home/generate provides a tool to generate a CSP header. + # optional, default is "base-uri 'self'; connect-src 'self' ws://YOUR_HOST; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'" + #csp => "", + + # X-Frame-Options header that will be sent by Lufi + # Valid values are: 'DENY', 'SAMEORIGIN', 'ALLOW-FROM https://example.com/' + # Set to '' to disable X-Frame-Options header + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + # Please note that this will add a "frame-ancestors" directive to the CSP header (see above) accordingly + # to the chosen setting (See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) + # optional, default is 'DENY' + #x_frame_options => 'DENY', + + # X-Content-Type-Options that will be sent by Lufi + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + # Set to '' to disable X-Content-Type-Options header + # optional, default is 'nosniff' + #x_content_type_options => 'nosniff', + + # X-XSS-Protection that will be sent by Lufi + # See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + # Set to '' to disable X-XSS-Protection header + # optional, default is '1; mode=block' + #x_xss_protection => '1; mode=block', + ######################### # Lufi cron jobs settings ######################### @@ -144,13 +251,13 @@ # max size of the files directory, in octets # used by script/lufi cron watch to trigger an action # optional, no default - max_total_size => 1024*1024*1024, + #max_total_size => 10*1024*1024*1024, # default action when files directory is over max_total_size (used with script/lufi cron watch) # valid values are 'warn', 'stop-upload' and 'delete' # please, see readme # optional, default is 'warn' - policy_when_full => 'stop-upload', + #policy_when_full => 'warn', # images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task # if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted diff --git a/conf/nginx.conf b/conf/nginx.conf index d761ca3..5c1fa5b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -3,37 +3,30 @@ location __PATH__ { rewrite ^ https://$server_name$request_uri? permanent; } - # This is important for user's privacy ! - access_log off; + access_log /var/log/nginx/lufi.access.log; error_log /var/log/nginx/lufi.error.log; # This is important ! Make it OK with your Lutim configuration - client_max_body_size 40M; + client_max_body_size __MAX_FILE_SIZE__M; - if ($request_uri ~* ^/(img|css|font|js)/) { - add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT"; - add_header Cache-Control "public, max-age=315360000"; - } - - proxy_pass http://127.0.0.1:__PORT____PATH__; + proxy_pass http://127.0.0.1:__PORT__; # Really important ! Lufi uses WebSocket, it won't work without this proxy_set_header Upgrade $http_upgrade ; proxy_set_header Connection "upgrade" ; - proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Remote-Port $remote_port; + proxy_set_header X-Forwarded-Proto $scheme; # If you want to log the remote port of the file senders, you'll need that proxy_set_header X-Remote-Port $remote_port; - proxy_set_header X-Forwarded-Proto $scheme; - # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$ proxy_redirect off; - #--PRIVATE--# Include SSOWAT user panel. - #--PRIVATE--include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/lufi.service b/conf/systemd.service similarity index 51% rename from conf/lufi.service rename to conf/systemd.service index 67afd49..a8b2a68 100644 --- a/conf/lufi.service +++ b/conf/systemd.service @@ -5,15 +5,15 @@ Requires=network.target After=network.target [Service] -Type=forking +Type=simple User=__APP__ Group=__APP__ RemainAfterExit=yes WorkingDirectory=__FINALPATH__ PIDFile=__FINALPATH__script/hypnotoad.pid -ExecStart=/usr/local/bin/carton exec hypnotoad script/lufi >> /var/log/lufi/production.log 2>&1 -ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lufi >> /var/log/lufi/production.log 2>&1 -ExecReload=/usr/local/bin/carton exec hypnotoad script/lufi >> /var/log/lufi/production.log 2>&1 +ExecStart=/usr/local/bin/carton exec hypnotoad script/lufi +ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lufi +ExecReload=/usr/local/bin/carton exec hypnotoad script/lufi [Install] WantedBy=multi-user.target From 2f74be5d4fa1265d823863ee25d7ad2ca2e6963d Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:04:55 +0100 Subject: [PATCH 04/16] scripts update --- scripts/_common.sh | 94 +++++++++++++++++++++++ scripts/backup | 91 +++++++++++++++++----- scripts/change_url | 144 ++++++++++++++++++++++++++++++++++ scripts/install | 171 +++++++++++++++++++++++------------------ scripts/remove | 65 +++++++++++----- scripts/restore | 187 +++++++++++++++++++++++++++------------------ scripts/upgrade | 181 ++++++++++++++++++++++++++++++------------- 7 files changed, 693 insertions(+), 240 deletions(-) create mode 100644 scripts/change_url diff --git a/scripts/_common.sh b/scripts/_common.sh index a9bf588..7034463 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1 +1,95 @@ #!/bin/bash + +# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started +# +# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] +# | arg: -n, --service_name= - Name of the service to reload. Default : $app +# | arg: -a, --action= - Action to perform with systemctl. Default: start +# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot. +# If not defined it don't wait until the service is completely started. +# WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your +# `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure +# of the script. The script will then hang forever. +# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log +# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds. +# | arg: -e, --length= - Length of the error log : Default : 20 +ynh_systemd_action() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= ) + local service_name + local action + local line_match + local length + local log_path + local timeout + + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local service_name="${service_name:-$app}" + local action=${action:-start} + local log_path="${log_path:-/var/log/$service_name/$service_name.log}" + local length=${length:-20} + local timeout=${timeout:-300} + + # Start to read the log + if [[ -n "${line_match:-}" ]] + then + local templog="$(mktemp)" + # Following the starting of the app in its log + if [ "$log_path" == "systemd" ] ; then + # Read the systemd journal + journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" & + # Get the PID of the journalctl command + local pid_tail=$! + else + # Read the specified log file + tail -F -n0 "$log_path" > "$templog" & + # Get the PID of the tail command + local pid_tail=$! + fi + fi + + echo "${action^} the service $service_name" >&2 + systemctl $action $service_name \ + || ( journalctl --no-pager --lines=$length -u $service_name >&2 \ + ; test -e "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 \ + ; false ) + + # Start the timeout and try to find line_match + if [[ -n "${line_match:-}" ]] + then + local i=0 + for i in $(seq 1 $timeout) + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_match" "$templog" + then + echo "The service $service_name has correctly started." >&2 + break + fi + echo -n "." >&2 + sleep 1 + done + if [ $i -eq $timeout ] + then + echo "The service $service_name didn't fully started before the timeout." >&2 + echo "Please find here an extract of the end of the log of the service $service_name:" + journalctl --no-pager --lines=$length -u $service_name >&2 + test -e "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 + fi + + echo "" + ynh_clean_check_starting + fi +} + +# Clean temporary process and file used by ynh_check_starting +# (usually used in ynh_clean_setup scripts) +# +# usage: ynh_clean_check_starting +ynh_clean_check_starting () { + # Stop the execution of tail. + kill -s 15 $pid_tail 2>&1 + ynh_secure_remove "$templog" 2>&1 +} \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 719e11f..15c84e6 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,27 +1,84 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# Get multi-instances specific variables +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + app=$YNH_APP_INSTANCE_NAME -# Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) -# Copy the app files -final_path="/var/www/${app}" -ynh_backup "${final_path}" "sources" 1 +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= +ynh_print_info "Backing up the main app directory..." -# Copy the nginx conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" +ynh_backup "$final_path" -# Copy the lufi conf file -ynh_backup "${final_path}/lufi.conf" "lufi.conf" -ynh_backup "/etc/systemd/system/lufi.service" "systemd_lufi.service" -ynh_backup "/etc/cron.d/${app}" "cron_lufi" -ynh_backup "/etc/logrotate.d/${app}" "logrotate_lufi" -ynh_backup "/var/log/${app}/production.log" "production.log" \ No newline at end of file +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= +ynh_print_info "Backing up nginx web server configuration..." + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE POSTGRESQL DATABASE +#================================================= +ynh_print_info "Backing up the PostgreSQL database..." + +ynh_psql_dump_db "$db_name" > db.sql + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= +ynh_print_info "Backing up logrotate configuration..." + +ynh_backup "/etc/logrotate.d/$app" + +#================================================= +# BACKUP SYSTEMD +#================================================= +ynh_print_info "Backing up systemd configuration..." + +ynh_backup "/etc/systemd/system/$app.service" + +#================================================= +# BACKUP CRON +#================================================= +ynh_print_info "Backing up cron configuration..." + +ynh_backup "/etc/cron.d/${app}" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..a58390a --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,144 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get $app final_path) + +# Needed for lufi conf +port=$(ynh_app_setting_get $app port) +is_public=$(ynh_app_setting_get $app is_public) +db_name=$(ynh_app_setting_get "$app" db_name) +db_pwd=$(ynh_app_setting_get $app psqlpwd) +db_user=$db_name +secret=$(ynh_app_setting_get $app secret) +max_file_size=$(ynh_app_setting_get $app max_file_size) + +#================================================= +# CHECK THE SYNTAX OF THE PATHS +#================================================= + +test -n "$old_path" || old_path="/" +test -n "$new_path" || new_path="/" +new_path=$(ynh_normalize_url_path $new_path) +old_path=$(ynh_normalize_url_path $old_path) + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_print_info "Updating nginx web server configuration..." + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different "$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config max_file_size +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +# SETUP LUFI +#================================================= +ynh_print_info "Configuring lufi..." + +domain="$new_domain" +path_url="$new_path" + +cp ../conf/lufi.conf.template "${final_path}/lufi.conf" +ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lufi.conf" +ynh_replace_string "__PATH__" "$path_url" "${final_path}/lufi.conf" +ynh_replace_string "__PORT__" "$port" "${final_path}/lufi.conf" +ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" +ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" +ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" +ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" + +ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf" +if [ $is_public -eq 0 ]; +then + ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lufi.conf" +else + ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lufi.conf" +fi +ynh_store_file_checksum "${final_path}/lufi.conf" + +#================================================= +# GENERIC FINALISATION +#================================================= +# RESTART LUFI +#================================================= + +ynh_systemd_action -n $app -a reload -l "Creating process id file" -p "$final_path/log/production.log" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_print_info "Reloading nginx web server..." + +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index f2d2732..850b828 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,8 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. + ynh_clean_check_starting + true } # Exit if an error occurs during the execution of the script @@ -26,23 +27,19 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE app=$YNH_APP_INSTANCE_NAME -secret=$(ynh_string_random 24) - -script_dir=$PWD #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -domain_regex=$(echo "$domain" | sed 's@-@.@g') - # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) @@ -51,36 +48,56 @@ ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url +#================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_print_info "Configuring firewall..." + +# Find a free port +port=$(ynh_find_port 8095) +# Open this port +yunohost firewall allow --no-upnp TCP $port 2>&1 + #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." -ynh_app_setting_set $app admin $admin ynh_app_setting_set $app domain $domain ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app secret $secret +ynh_app_setting_set $app port $port +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app max_file_size $max_file_size #================================================= # STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= - -# Find a free port -port=$(ynh_find_port 8096) -# Open this port -yunohost firewall allow --no-upnp TCP $port 2>&1 -ynh_app_setting_set $app port $port - #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." -ynh_install_app_dependencies build-essential cpanminus +ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev cpanminus +# Install Carton +echo yes | cpanm Carton + +#================================================= +# CREATE A POSTGRESQL DATABASE +#================================================= +ynh_print_info "Creating a PostgreSQL database..." + +# Create postgresql database +ynh_psql_test_if_first_run +db_name=$(ynh_sanitize_dbid "$app") +db_user=$db_name +ynh_app_setting_set "$app" db_name "$db_name" +# Initialize database and store postgres password for upgrade +ynh_psql_setup_db "$db_name" "$db_user" +db_pwd=$(ynh_app_setting_get $app psqlpwd) # Password created in ynh_psql_setup_db function #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Setting up source files..." ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src @@ -89,17 +106,15 @@ ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config -ynh_add_nginx_config -if [ "$is_public" = true ]; -then - sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf -fi +ynh_add_nginx_config max_file_size #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user ynh_system_user_create $app @@ -107,49 +122,30 @@ ynh_system_user_create $app #================================================= # Copy and fix variable into lufi config #================================================= +ynh_print_info "Configuring lufi..." -sudo cp ../conf/lufi.conf.template "${final_path}/lufi.conf" +cp ../conf/lufi.conf.template "${final_path}/lufi.conf" ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lufi.conf" ynh_replace_string "__PATH__" "$path_url" "${final_path}/lufi.conf" ynh_replace_string "__PORT__" "$port" "${final_path}/lufi.conf" +ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" +ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" +ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" +ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" + +secret=$(ynh_string_random 24) +ynh_app_setting_set $app secret $secret ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf" - -#================================================= -# Set right permissions on new files created at first start -#================================================= - -sudo chown -R $app:$app "$final_path" - -#================================================= -# Install Carton -#================================================= - -echo yes | sudo cpanm Carton - -#================================================= -# Install lufi via carton -#================================================= - -mkdir -p /var/log/$app/ -pushd $final_path -carton install 2>&1 | sudo tee -a "/var/log/$app/setup_carton.log" -popd - -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - +if [ $is_public -eq 0 ]; +then + ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lufi.conf" +else + ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lufi.conf" +fi ynh_store_file_checksum "${final_path}/lufi.conf" #================================================= -# SETUP SYSTEMD -#================================================= - -# Create a dedicated systemd config -ynh_add_systemd_config - -#================================================= -## Install cron +# SETUP CRON #================================================= cp ../conf/cron_lufi /etc/cron.d/$app @@ -157,22 +153,26 @@ ynh_replace_string "__FINALPATH__" "$final_path/" "/etc/cron.d/$app" chmod +x $final_path/script/lufi #================================================= -# Making log symbolic link to /var/log +# SETUP SYSTEMD #================================================= +ynh_print_info "Configuring a systemd service..." -touch /var/log/$app/production.log -chown www-data: /var/log/$app/production.log -ln -s /var/log/$app/production.log "$final_path/log/production.log" +# Create a dedicated systemd config +ynh_add_systemd_config #================================================= -# Start lufi +# Install lufi's dependencies via carton #================================================= +ynh_print_info "Installing lufi..." -sudo systemctl start $app.service +pushd $final_path +carton install --deployment --without=sqlite --without=mysql +popd #================================================= # SETUP LOGROTATE #================================================= +ynh_print_info "Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -181,26 +181,47 @@ ynh_use_logrotate # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add NAME_INIT.D --log "/var/log/FILE.log" +yunohost service add $app --log "/var/log/$app.log" --log "$final_path/log/production.log" +ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." -# Make app public if necessary -if [ $is_public -eq 1 ] +# Make app public or private +ynh_app_setting_set $app unprotected_uris "/" +if [ $is_public -eq 0 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set $app unprotected_uris "/" + ynh_app_setting_set $app protected_regex "/stats$","/manifest.webapp$","/$","/d/.*$","/m/.*$" else - if [ "$path_url" == "/" ]; then - path_url="" - fi - ynh_app_setting_set $app protected_regex "$domain_regex$path/stats$","$domain_regex$path/manifest.webapp$","$domain_regex$path/$","$domain_regex$path/d/.*$","$domain_regex$path/m/.*$" + ynh_app_setting_delete $app protected_regex fi +#================================================= +# Configure owner +#================================================= + +chown -R $app:$app "$final_path" + +#================================================= +# Start lufi +#================================================= + +systemctl enable $app.service +ynh_systemd_action -n $app -a start -l "Creating process id file" -p "$final_path/log/production.log" + #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." +# Reload Nginx systemctl reload nginx +yunohost app ssowatconf + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 1c13343..8377d9d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,20 +12,18 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME +final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) +port=$(ynh_app_setting_get $app port) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$db_name #================================================= # STANDARD REMOVE -#================================================= -# STOP AND REMOVE SERVICE -#================================================= - -# Remove the dedicated systemd config -ynh_remove_systemd_config - #================================================= # REMOVE SERVICE FROM ADMIN PANEL #================================================= @@ -38,15 +36,17 @@ then fi #================================================= -# REMOVE DEPENDENCIES +# STOP AND REMOVE SERVICE #================================================= +ynh_print_info "Stopping and removing the systemd service" -# Remove metapackage and its dependencies -ynh_remove_app_dependencies +# Remove the dedicated systemd config +ynh_remove_systemd_config #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -54,13 +54,21 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config +#================================================= +# DELETE LOG +#================================================= + +ynh_secure_remove "/var/log/$app/" + #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= +ynh_print_info "Removing logrotate configuration" # Remove the app-specific logrotate config ynh_remove_logrotate @@ -71,10 +79,35 @@ ynh_remove_logrotate if yunohost firewall list | grep -q "\- $port$" then - echo "Close port $port" >&2 + echo "Close port $port" yunohost firewall disallow TCP $port 2>&1 fi +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_print_info "Removing dependencies" + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +#================================================= +# REMOVE THE POSTGRESQL DATABASE +#================================================= +ynh_print_info "Removing the PostgreSQL database" + +ynh_psql_remove_db $db_name $db_user + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_print_info "Removing the dedicated system user" + +# Delete a system user +ynh_system_user_delete $app + #================================================= # SPECIFIC REMOVE #================================================= @@ -84,14 +117,8 @@ fi # Remove a cron file ynh_secure_remove "/etc/cron.d/$app" -# Remove the log files -ynh_secure_remove "/var/log/$app/" - #================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER +# END OF SCRIPT #================================================= -# Delete a system user -ynh_system_user_delete $app +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 63933bd..9cd5408 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,101 +1,140 @@ #!/bin/bash -# This restore script is adapted to Yunohost >=2.4 -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -# The parameter $app is the id of the app instance ex: ynhexample__2 +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ynh_clean_check_starting + + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading settings..." + app=$YNH_APP_INSTANCE_NAME -# Get old parameter of the app domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) +db_name=$(ynh_app_setting_get $app db_name) -ynh_package_update -ynh_package_install carton +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_print_info "Validating restoration parameters..." -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "${app}" \ - || ynh_die "Path not available: ${domain}${path}" +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -# Check $final_path -final_path="/var/www/${app}" -if [ -d "${final_path}" ]; then - ynh_die "There is already a directory: ${final_path}" -fi +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_print_info "Reinstalling dependencies..." -# Check configuration files nginx -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -if [ -f "${nginx_conf}" ]; then - ynh_die "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app." -fi +# Define and install dependencies +ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev cpanminus +# Install Carton +echo yes | cpanm Carton -# Check configuration files lufi -lufi_conf="${final_path}/${app}.conf" -if [ -f "${lufi_conf}" ]; then - ynh_die "The LUFI CONF configuration already exists at '${lufi_conf}'. You should safely delete it before restoring this app." -fi +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -lufi_systemd="/etc/systemd/system/${app}.service" -if [ -f "${lufi_systemd}" ]; then - ynh_die "The LUFI SYSTEMD configuration already exists at '${lufi_systemd}'. You should safely delete it before restoring this app." -fi +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" -lufi_cron="/etc/cron.d/${app}" -if [ -f "${lufi_cron}" ]; then - ynh_die "The LUFI CRONTAB configuration already exists at '${lufi_cron}'. You should safely delete it before restoring this app." -fi +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_print_info "Restoring the app main directory..." -lufi_logrotate="/etc/logrotate.d/${app}" -if [ -f "${lufi_logrotate}" ]; then - ynh_die "The LUFI LOGROTATE configuration already exists at '${lufi_logrotate}'. You should safely delete it before restoring this app." -fi +ynh_restore_file "$final_path" -lufi_log="/var/log/${app}/production.log" -if [ -f "${lufi_log}" ]; then - ynh_die "The LUFI LOG configuration already exists at '${lufi_log}'. You should safely delete it before restoring this app." -fi +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_print_info "Recreating the dedicated system user..." - # Restore sources & data -sudo cp -a ./sources "${final_path}" +# Create the dedicated user (if not existing) +ynh_system_user_create $app -# Set permissions -sudo chown -R www-data: "${final_path}" +#================================================= +# RESTORE THE POSTGRESQL DATABASE +#================================================= +ynh_print_info "Restoring the PostregSQL database..." -# Restore nginx configuration files -sudo cp -a ./nginx.conf "${nginx_conf}" +db_pwd=$(ynh_app_setting_get $app psqlpwd) +ynh_psql_test_if_first_run +ynh_psql_setup_db $db_name $db_name $db_pwd +ynh_psql_connect_as $db_name $db_pwd $db_name < ./db.sql -# Restore lufi configuration files -sudo cp -a ./lufi.conf "${lufi_conf}" +#================================================= +# RESTORE USER RIGHTS +#================================================= -# Restore service -sudo cp -a ./systemd_lufi.service "${lufi_systemd}" +# Restore permissions on app files +chown -R $app:$app "$final_path" -sudo cp -a ./cron_lufi "${lufi_cron}" -sudo cp -a ./logrotate_lufi "${lufi_logrotate}" +#================================================= +# SPECIFIC RESTORATION +#================================================= +# RESTORE SYSTEMD +#================================================= +ynh_print_info "Restoring the systemd configuration..." -# Create log production -sudo mkdir "/var/log/${app}/" -sudo cp -a ./production.log "${lufi_log}" -# Delete symbolic link and restore -sudo rm -fr "${final_path}/log/production.log" -sudo ln -s "/var/log/${app}/production.log" "${final_path}/log/production.log" +ynh_restore_file "/etc/systemd/system/$app.service" +systemctl enable $app.service +ynh_systemd_action -n $app -a start -l "Creating process id file" -p "$final_path/log/production.log" -# Reload lufi service -sudo systemctl daemon-reload -sudo systemctl start lufi.service -sudo systemctl enable lufi.service +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= -# Set ssowat config -if [ "$is_public" = "No" ]; -then - ynh_app_setting_delete $app skipped_uris -fi +yunohost service add $app --log "/var/log/$app.log" --log "/var/www/$app/log/production.log" +ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" -# Reload services -sudo systemctl reload nginx -sudo yunohost app ssowatconf \ No newline at end of file +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file "/etc/logrotate.d/$app" + +#================================================= +# RESTORE THE CRON CONFIGURATION +#================================================= + +ynh_restore_file "/etc/cron.d/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_print_info "Reloading nginx web server..." + +systemctl reload nginx +yunohost app ssowatconf + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index adcf977..d2be926 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,28 +1,31 @@ #!/bin/bash -set -eu - #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -source .fonctions +source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +path_url=$(ynh_app_setting_get $app path) is_public=$(ynh_app_setting_get $app is_public) port=$(ynh_app_setting_get $app port) final_path=$(ynh_app_setting_get $app final_path) secret=$(ynh_app_setting_get $app secret) +db_name=$(ynh_app_setting_get $app db_name) +db_user=$db_name +db_pwd=$(ynh_app_setting_get $app psqlpwd) +max_file_size=$(ynh_app_setting_get $app max_file_size) #================================================= # FIX OLD THINGS @@ -41,95 +44,163 @@ then # Si final_path n'est pas renseigné dans la config yunohost, cas d'ancien final_path=/var/www/$app fi -CHECK_PATH # Checks and corrects the syntax of the path. +if [ -z "$db_pwd" ]; then + # Create postgresql database + ynh_psql_test_if_first_run + db_name=$(ynh_sanitize_dbid "$app") + db_user=$db_name + ynh_app_setting_set "$app" db_name "$db_name" + # Initialize database and store postgres password for upgrade + ynh_psql_setup_db "$db_name" "$db_user" + db_pwd=$(ynh_app_setting_get $app psqlpwd) # Password created in ynh_psql_setup_db function +fi -# Get source -SETUP_SOURCE +if [ -z "$max_file_size" ]; then + max_file_size=100 # 100 Mo +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + ynh_clean_check_starting + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_print_info "Upgrading source files..." + +ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev cpanminus + +ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Upgrading nginx web server configuration..." -# Et copie le fichier de config nginx -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf -# Modify Nginx configuration file and copy it to Nginx conf directory -sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__PORT__@$port@g" /etc/nginx/conf.d/$domain.d/$app.conf +# Create a dedicated nginx config +ynh_add_nginx_config max_file_size +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_print_info "Making sure dedicated system user exists..." -if [ "$is_public" = "Yes" ]; -then - sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf -fi +# Create a dedicated user (if not existing) +ynh_system_user_create $app #================================================= # SPECIFIC UPGRADE #================================================= # SETUP LUFI #================================================= +ynh_print_info "Configuring lufi..." -## Copie et configuration du fichier de conf. -CHECK_MD5_CONFIG "lufi.conf" "$final_path/lufi.conf" # Créé un backup du fichier de config si il a été modifié. -sudo cp ../conf/lufi.conf.template "$final_path/lufi.conf" -sudo sed -i "s@__DOMAIN__@$domain@g" "$final_path/lufi.conf" -sudo sed -i "s@__PATH__@$path@g" "$final_path/lufi.conf" -sudo sed -i "s@__PORT__@$port@g" "$final_path/lufi.conf" -sudo sed -i "s@__SECRET__@$secret@g" "${final_path}/lufi.conf" -STORE_MD5_CONFIG "lufi.conf" "$final_path/lufi.conf" # Réenregistre la somme de contrôle du fichier de config +cp ../conf/lufi.conf.template "${final_path}/lufi.conf" +ynh_replace_string "__DOMAIN__" "$domain" "${final_path}/lufi.conf" +ynh_replace_string "__PATH__" "$path_url" "${final_path}/lufi.conf" +ynh_replace_string "__PORT__" "$port" "${final_path}/lufi.conf" +ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" +ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" +ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" +ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" -#================================================= -# SETUP SYSTEMD -#================================================= - -# Mise en place du script systemd -sudo systemctl stop $app -sudo cp ../conf/lufi.service /etc/systemd/system/$app.service -sudo chown root: /etc/systemd/system/$app.service -sudo sed -i "s@__FINALPATH__@$final_path/@g" /etc/systemd/system/$app.service -sudo sed -i "s@__APP__@$app@g" /etc/systemd/system/$app.service -## Démarrage auto du service -sudo systemctl enable $app +ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf" +if [ $is_public -eq 0 ]; +then + ynh_replace_string "__IS_PUBLIC__" "" "${final_path}/lufi.conf" +else + ynh_replace_string "__IS_PUBLIC__" "#" "${final_path}/lufi.conf" +fi +ynh_store_file_checksum "${final_path}/lufi.conf" #================================================= # SETUP CRON #================================================= -sudo cp ../conf/cron_lufi /etc/cron.d/$app -sudo sed -i "s@__FINALPATH__@$final_path/@g" /etc/cron.d/$app - -#================================================= -# UPDATE LUFI WITH CARTON -#================================================= - -pushd $final_path # cd avec une stack pour revenir en arrière -echo yes | sudo carton install 2>&1 | sudo tee -a "/var/log/$app/setup_carton.log" -popd # Revient au dossier courant avant pushd +cp ../conf/cron_lufi /etc/cron.d/$app +ynh_replace_string "__FINALPATH__" "$final_path/" "/etc/cron.d/$app" +chmod +x $final_path/script/lufi #================================================= # SECURING FILES AND DIRECTORIES #================================================= -sudo chown -R www-data: $final_path +chown -R $app:$app "$final_path" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_print_info "Upgrading systemd configuration..." + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# Install lufi's dependencies via carton +#================================================= + +pushd $final_path +carton install --deployment --without=sqlite --without=mysql +popd + +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_print_info "Upgrading logrotate configuration..." + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add $app --log "/var/log/$app.log" #================================================= # RESTART LUFI #================================================= -sudo systemctl restart lufi.service +ynh_systemd_action -n $app -a reload -l "Creating process id file" -p "$final_path/log/production.log" +ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Upgrading SSOwat configuration..." -ynh_app_setting_set $app skipped_uris "/" -if [ $is_public -eq 0 ] -then - ynh_app_setting_set "$app" unprotected_uris "/" +# Make app public or private +ynh_app_setting_set $app unprotected_uris "/" +if [ $is_public -eq 0 ]; +then + ynh_app_setting_set $app protected_regex "/stats$","/manifest.webapp$","/$","/d/.*$","/m/.*$" +else + ynh_app_setting_delete $app protected_regex fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." -sudo systemctl reload nginx -sudo yunohost app ssowatconf +systemctl reload nginx +yunohost app ssowatconf + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" From 06102b2ed98d36d5704e20082f019fcddc7f6feb Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:09:22 +0100 Subject: [PATCH 05/16] nginx update --- conf/nginx.conf | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 5c1fa5b..d32e99c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -3,27 +3,31 @@ location __PATH__ { rewrite ^ https://$server_name$request_uri? permanent; } - access_log /var/log/nginx/lufi.access.log; + # This is important for user's privacy ! + access_log off; error_log /var/log/nginx/lufi.error.log; # This is important ! Make it OK with your Lutim configuration client_max_body_size __MAX_FILE_SIZE__M; - proxy_pass http://127.0.0.1:__PORT__; + if ($request_uri ~* ^/(img|css|font|js)/) { + add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT"; + add_header Cache-Control "public, max-age=315360000"; + } + + proxy_pass http://127.0.0.1:__PORT____PATH__; # Really important ! Lufi uses WebSocket, it won't work without this proxy_set_header Upgrade $http_upgrade ; proxy_set_header Connection "upgrade" ; + proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Remote-Port $remote_port; proxy_set_header X-Forwarded-Proto $scheme; - # If you want to log the remote port of the file senders, you'll need that - proxy_set_header X-Remote-Port $remote_port; - # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$ proxy_redirect off; From 66f1f8d04234dafdb9e32e128a8a3a2e73153393 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:52:39 +0100 Subject: [PATCH 06/16] check max_file_size --- scripts/change_url | 3 +++ scripts/install | 8 ++++++++ scripts/upgrade | 3 +++ 3 files changed, 14 insertions(+) diff --git a/scripts/change_url b/scripts/change_url index a58390a..ef25dbf 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -112,6 +112,9 @@ ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" +if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit + ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf" +fi ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf" if [ $is_public -eq 0 ]; diff --git a/scripts/install b/scripts/install index 850b828..b2a5b4a 100644 --- a/scripts/install +++ b/scripts/install @@ -43,6 +43,11 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) +# Check if max_file_size is a number +if ! [[ $max_file_size =~ "^[\-0-9]+$" ]] && [ $max_file_size -lt 0 ]; then + ynh_die "Max file must be a number positive or zero" +fi + # Check web path availability ynh_webpath_available $domain $path_url # Register (book) web path @@ -132,6 +137,9 @@ ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" +if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit + ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf" +fi secret=$(ynh_string_random 24) ynh_app_setting_set $app secret $secret diff --git a/scripts/upgrade b/scripts/upgrade index d2be926..95e9ea0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -116,6 +116,9 @@ ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" +if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit + ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf" +fi ynh_replace_string "__SECRET__" "$secret" "${final_path}/lufi.conf" if [ $is_public -eq 0 ]; From 9b7dbb913ca69db5f2631d971f0188aca9880589 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 18:52:52 +0100 Subject: [PATCH 07/16] fix manifest and multi_instance --- manifest.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifest.json b/manifest.json index eddf33a..4821c7c 100644 --- a/manifest.json +++ b/manifest.json @@ -11,12 +11,12 @@ }, "version": "0.03.5", "url": "https://git.framasoft.org/luc/lufi", - "license": "AGPL", + "license": "AGPL-3.0-or-later", "maintainer": { "name": "frju365, cyp", "email": "win10@tutanota.com, cyp@rouquin.me" }, - "multi_instance": false, + "multi_instance": true, "services": [ "nginx" ], @@ -43,13 +43,13 @@ }, { "name": "max_file_size", - "type": "int", + "type": "string", "ask": { - "en": "Choose a max file size, in Mo", - "fr": "Choisissez une taille de fichier maximum chemin, en Mo" + "en": "Choose a max file size, in Mo (0 = no limit)", + "fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)" }, "example": "100", - "default": 100 + "default": "100" }, { "name": "is_public", From 18cf8d8d707fe3125f0f651e2f58997677720386 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 19:04:08 +0100 Subject: [PATCH 08/16] postgresql as a dependency --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index b2a5b4a..adb6222 100644 --- a/scripts/install +++ b/scripts/install @@ -81,7 +81,7 @@ ynh_app_setting_set $app max_file_size $max_file_size #================================================= ynh_print_info "Installing dependencies..." -ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev cpanminus +ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql cpanminus # Install Carton echo yes | cpanm Carton diff --git a/scripts/restore b/scripts/restore index 9cd5408..e2131e9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -51,7 +51,7 @@ test ! -d $final_path \ ynh_print_info "Reinstalling dependencies..." # Define and install dependencies -ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev cpanminus +ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql cpanminus # Install Carton echo yes | cpanm Carton diff --git a/scripts/upgrade b/scripts/upgrade index 95e9ea0..52b6509 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -81,7 +81,7 @@ ynh_abort_if_errors #================================================= ynh_print_info "Upgrading source files..." -ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev cpanminus +ynh_install_app_dependencies build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl libpq-dev postgresql cpanminus ynh_setup_source "$final_path" From 8a6cff10be3a0e306b5966e1405b98c97f96c8cf Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 20:26:09 +0100 Subject: [PATCH 09/16] log files --- scripts/install | 4 ++-- scripts/restore | 4 ++-- scripts/upgrade | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index adb6222..4885b08 100644 --- a/scripts/install +++ b/scripts/install @@ -189,8 +189,7 @@ ynh_use_logrotate # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app --log "/var/log/$app.log" --log "$final_path/log/production.log" -ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" +yunohost service add $app --log "$final_path/log/production.log" #================================================= # SETUP SSOWAT @@ -218,6 +217,7 @@ chown -R $app:$app "$final_path" systemctl enable $app.service ynh_systemd_action -n $app -a start -l "Creating process id file" -p "$final_path/log/production.log" +ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" #================================================= # RELOAD NGINX diff --git a/scripts/restore b/scripts/restore index e2131e9..286e393 100644 --- a/scripts/restore +++ b/scripts/restore @@ -103,13 +103,13 @@ ynh_print_info "Restoring the systemd configuration..." ynh_restore_file "/etc/systemd/system/$app.service" systemctl enable $app.service ynh_systemd_action -n $app -a start -l "Creating process id file" -p "$final_path/log/production.log" +ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app --log "/var/log/$app.log" --log "/var/www/$app/log/production.log" -ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" +yunohost service add $app --log "$final_path/log/production.log" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 52b6509..7a821fb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -171,7 +171,7 @@ ynh_use_logrotate --non-append # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add $app --log "/var/log/$app.log" +yunohost service add $app --log "$final_path/log/production.log" #================================================= # RESTART LUFI From e4ff0fd24d6b530a39cc5c4bedda63c382f88ed5 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 20:27:24 +0100 Subject: [PATCH 10/16] fix check_process for upgrade from old commit --- check_process | 1 + 1 file changed, 1 insertion(+) diff --git a/check_process b/check_process index 7a44d79..7b9b7ae 100644 --- a/check_process +++ b/check_process @@ -5,6 +5,7 @@ path="/path" (PATH) is_public="Yes" (PUBLIC|public=Yes|private=No) max_file_size=100 + admin="john" (USER) ; Checks pkg_linter=1 setup_sub_dir=1 From 619276677b38bf99acf1a93d54c9688636b79d86 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sun, 3 Mar 2019 20:39:01 +0100 Subject: [PATCH 11/16] Update README --- README.md | 90 +++++++++++++++++++++++++-------------- README_fr.md | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 175 insertions(+), 31 deletions(-) create mode 100644 README_fr.md diff --git a/README.md b/README.md index 07ca9b9..5b8f9be 100644 --- a/README.md +++ b/README.md @@ -1,44 +1,72 @@ # Lufi for YunoHost -[![Latest Version](https://img.shields.io/badge/version-_--_-green.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/releases) -[![Status](https://img.shields.io/badge/status-working-yellow.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/milestones) -[![Dependencies](https://img.shields.io/badge/dependencies-includes-lightgrey.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh#dependencies) -[![GitHub license](https://img.shields.io/badge/license-GPLv3-blue.svg?style=flat)](https://raw.githubusercontent.com/YunoHost-Apps/lufi_ynh/master/LICENSE) -[![Yunohost version](https://img.shields.io/badge/yunohost-2.4.2_tested-orange.svg?style=flat)](https://github.com/YunoHost/yunohost) -[![GitHub issues](https://img.shields.io/github/issues/YunoHost-Apps/lufi_ynh.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/issues) +[![Integration level](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi) +[![Install lufi with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=lufi) -## Lufi c'est quoi ? +*[Lire ce readme en français.](./README_fr.md)* -Il stocke vos fichiers et vous permet de les télécharger. - -Est-ce tout? Non. Tous les fichiers sont cryptés par le navigateur! Non chiffré. Ça ne marche pas. L'administrateur de l'instance Lufi ne pourra pas voir quel est votre administrateur réseau ou votre FAI. - -La clé de cryptage est une ancre (voir Fragment Identifier), ce qui signifie que cette partie n'est traitée que par le client et n'atteint pas le serveur. :-) - -Source: [Documentation de Lufi](https://framagit.org/luc/lufi/wikis/home) - -### Installation - -`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git` - -### Mise à jour - -`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git` - -## What is Lufi? +> *This package allow you to install lufi quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +## Overview It stores files and allows you to download them. -Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. +Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted. +The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. -The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-) +The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-) -Source: [Lufi documentation](https://framagit.org/luc/lufi/wikis/home) +**Shipped version:** 0.03.5 -### Install +## Screenshots -`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git` +![](https://framalibre.org/sites/default/files/screenshot_lufi_1.png) -### Update +## Demo -`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git` +* [Official demo](https://demo.lufi.io/) + +## Configuration + +How to configure this app: a plain file with SSH. + +## Documentation + + * Official documentation: https://framagit.org/luc/lufi/wikis/home + +## YunoHost specific features + +#### Multi-users support + +Are LDAP and HTTP auth supported? **Yes** +Can the app be used by multiple users? **Yes** + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/lufi/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lufi/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/lufi%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/lufi/) + +## Links + + * Report a bug: https://github.com/YunoHost-Apps/lufi_ynh/issues + * App website: https://framagit.org/fiat-tux/hat-softwares/lufi + * YunoHost website: https://yunohost.org/ + +--- + +Developers info +---------------- + +**Only if you want to use a testing branch for coding, instead of merging directly into master.** +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/lufi_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug +or +sudo yunohost app upgrade lufi -u https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug +``` + +**More information on the documentation page:** +https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..978f621 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,116 @@ +# Lufi pour YunoHost + +[![Integration level](https://dash.yunohost.org/integration/lufi.svg)](https://dash.yunohost.org/appci/app/lufi) +[![Install lufi with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=lufi) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer lufi rapidement et simplement sur un serveur Yunohost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble +Il stocke vos fichiers et vous permet de les télécharger. + +Est-ce tout? Non. Tous les fichiers sont cryptés par le navigateur! Non chiffré. Ça ne marche pas. L'administrateur de l'instance Lufi ne pourra pas voir quel est votre administrateur réseau ou votre FAI. + +La clé de cryptage est une ancre (voir [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), ce qui signifie que cette partie n'est traitée que par le client et n'atteint pas le serveur. :-) + +**Version incluse:** 0.03.5 + +## Captures d'écran + +![](https://framalibre.org/sites/default/files/screenshot_lufi_1.png) + +## Démo + +* [Démo officielle](https://demo.lufi.io/) + +## Configuration + +Comment configurer cette application: un fichier brut en SSH. + +## Documentation + + * Documentation officielle: https://framagit.org/luc/lufi/wikis/home + +## Caractéristiques spécifiques YunoHost + +#### Support multi-utilisateurs + +L'authentification LDAP et HTTP est-elle prise en charge? **Oui** +L'application peut-elle être utilisée par plusieurs utilisateurs? **Oui** + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/lufi/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lufi%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lufi/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/lufi%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/lufi/) + +## Links + + * Signaler un bug: https://github.com/YunoHost-Apps/lufi_ynh/issues + * Site de l'application: https://framagit.org/fiat-tux/hat-softwares/lufi + * Site web YunoHost: https://yunohost.org/ + +--- + +Informations pour les développeurs +---------------- + +**Seulement si vous voulez utiliser une branche de test pour le codage, au lieu de fusionner directement dans la banche principale.** +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/lufi_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug +ou +sudo yunohost app upgrade lufi -u https://github.com/YunoHost-Apps/lufi_ynh/tree/testing --debug +``` + +**Plus d'informations sur la page de documentation:** +https://yunohost.org/packaging_apps + +# Lufi for YunoHost + +[![Latest Version](https://img.shields.io/badge/version-_--_-green.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/releases) +[![Status](https://img.shields.io/badge/status-working-yellow.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/milestones) +[![Dependencies](https://img.shields.io/badge/dependencies-includes-lightgrey.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh#dependencies) +[![GitHub license](https://img.shields.io/badge/license-GPLv3-blue.svg?style=flat)](https://raw.githubusercontent.com/YunoHost-Apps/lufi_ynh/master/LICENSE) +[![Yunohost version](https://img.shields.io/badge/yunohost-2.4.2_tested-orange.svg?style=flat)](https://github.com/YunoHost/yunohost) +[![GitHub issues](https://img.shields.io/github/issues/YunoHost-Apps/lufi_ynh.svg?style=flat)](https://github.com/YunoHost-Apps/lufi_ynh/issues) + +## Lufi c'est quoi ? + +Il stocke vos fichiers et vous permet de les télécharger. + +Est-ce tout? Non. Tous les fichiers sont cryptés par le navigateur! Non chiffré. Ça ne marche pas. L'administrateur de l'instance Lufi ne pourra pas voir quel est votre administrateur réseau ou votre FAI. + +La clé de cryptage est une ancre (voir Fragment Identifier), ce qui signifie que cette partie n'est traitée que par le client et n'atteint pas le serveur. :-) + +Source: [Documentation de Lufi](https://framagit.org/luc/lufi/wikis/home) + +### Installation + +`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git` + +### Mise à jour + +`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git` + +## What is Lufi? + +It stores files and allows you to download them. + +Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. + +The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-) + +Source: [Lufi documentation](https://framagit.org/luc/lufi/wikis/home) + +### Install + +`$ sudo yunohost app install https://github.com/YunoHost-Apps/lufi_ynh.git` + +### Update + +`$ sudo yunohost app upgrade --verbose lufi -u https://github.com/YunoHost-Apps/lufi_ynh.git` From 1125a9433df44e40e9a4fff9e8ec831b8238145d Mon Sep 17 00:00:00 2001 From: Kayou Date: Fri, 8 Mar 2019 22:04:09 +0100 Subject: [PATCH 12/16] Fix public/private --- scripts/change_url | 17 +++++++++++++++++ scripts/install | 13 ++++++++----- scripts/upgrade | 13 ++++++++----- 3 files changed, 33 insertions(+), 10 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index ef25dbf..23da1c3 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -127,6 +127,23 @@ ynh_store_file_checksum "${final_path}/lufi.conf" #================================================= # GENERIC FINALISATION +#================================================= +# UPDATE SSOWAT +#================================================= +ynh_print_info "Reconfigure SSOwat" + +ynh_app_setting_set $app unprotected_uris "/" +if [ $is_public -eq 0 ] +then + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex + domain_regex=$(echo "$domain" | sed 's@-@.@g') + ynh_app_setting_set $app protected_regex "$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$" +fi + #================================================= # RESTART LUFI #================================================= diff --git a/scripts/install b/scripts/install index 4885b08..33afb7c 100644 --- a/scripts/install +++ b/scripts/install @@ -196,13 +196,16 @@ yunohost service add $app --log "$final_path/log/production.log" #================================================= ynh_print_info "Configuring SSOwat..." -# Make app public or private ynh_app_setting_set $app unprotected_uris "/" -if [ $is_public -eq 0 ]; +if [ $is_public -eq 0 ] then - ynh_app_setting_set $app protected_regex "/stats$","/manifest.webapp$","/$","/d/.*$","/m/.*$" -else - ynh_app_setting_delete $app protected_regex + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex + domain_regex=$(echo "$domain" | sed 's@-@.@g') + ynh_app_setting_set $app protected_regex "$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7a821fb..fb6d1e3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -185,13 +185,16 @@ ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" #================================================= ynh_print_info "Upgrading SSOwat configuration..." -# Make app public or private ynh_app_setting_set $app unprotected_uris "/" -if [ $is_public -eq 0 ]; +if [ $is_public -eq 0 ] then - ynh_app_setting_set $app protected_regex "/stats$","/manifest.webapp$","/$","/d/.*$","/m/.*$" -else - ynh_app_setting_delete $app protected_regex + if [ "$path_url" == "/" ]; then + # If the path is /, clear it to prevent any error with the regex. + path_url="" + fi + # Modify the domain to be used in a regex + domain_regex=$(echo "$domain" | sed 's@-@.@g') + ynh_app_setting_set $app protected_regex "$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$" fi #================================================= From baf6a3aaa8b64ce9bfde52bd546537bbce9b2d3f Mon Sep 17 00:00:00 2001 From: Kayou Date: Fri, 8 Mar 2019 22:15:41 +0100 Subject: [PATCH 13/16] Update manifest.json --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 4821c7c..b9dff0c 100644 --- a/manifest.json +++ b/manifest.json @@ -3,13 +3,13 @@ "id": "lufi", "packaging_format": 1, "requirements": { - "yunohost": ">= 3.2" + "yunohost": ">= 3.2.2" }, "description": { "en": "Self hosting files and sharing anonymous application", "fr": "Application d'hébergement et de partage de fichiers anonyme" }, - "version": "0.03.5", + "version": "0.03.5~ynh1", "url": "https://git.framasoft.org/luc/lufi", "license": "AGPL-3.0-or-later", "maintainer": { From 25d73a472c195aa0b0a3713c9f00f6bc586fe6a6 Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 20 Mar 2019 00:16:02 +0100 Subject: [PATCH 14/16] Fix upgrade from the old version --- conf/lufi.conf.template | 2 +- scripts/backup | 5 ++++- scripts/change_url | 2 ++ scripts/install | 5 +++++ scripts/remove | 2 +- scripts/restore | 14 +++++++++----- scripts/upgrade | 24 +++++++++++++++++++++--- 7 files changed, 43 insertions(+), 11 deletions(-) diff --git a/conf/lufi.conf.template b/conf/lufi.conf.template index 4fc1e86..4a24af8 100644 --- a/conf/lufi.conf.template +++ b/conf/lufi.conf.template @@ -117,7 +117,7 @@ # choose what database you want to use # valid choices are sqlite, postgresql and mysql (all lowercase) # optional, default is sqlite - dbtype => 'postgresql', + dbtype => '__DB_MANAGER__', # SQLite ONLY - only used if dbtype is set to sqlite # define a path to the SQLite database diff --git a/scripts/backup b/scripts/backup index 15c84e6..e7dac3c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -30,6 +30,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) db_name=$(ynh_app_setting_get $app db_name) +db_manager=$(ynh_app_setting_get $app db_manager) #================================================= # STANDARD BACKUP STEPS @@ -52,7 +53,9 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_print_info "Backing up the PostgreSQL database..." -ynh_psql_dump_db "$db_name" > db.sql +if [ $db_manager = "postgresql" ]; then + ynh_psql_dump_db "$db_name" > db.sql +fi #================================================= # SPECIFIC BACKUP diff --git a/scripts/change_url b/scripts/change_url index 23da1c3..a90a093 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -37,6 +37,7 @@ db_pwd=$(ynh_app_setting_get $app psqlpwd) db_user=$db_name secret=$(ynh_app_setting_get $app secret) max_file_size=$(ynh_app_setting_get $app max_file_size) +db_manager=$(ynh_app_setting_get $app db_manager) #================================================= # CHECK THE SYNTAX OF THE PATHS @@ -112,6 +113,7 @@ ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" +ynh_replace_string "__DB_MANAGER__" "$db_manager" "${final_path}/lufi.conf" if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf" fi diff --git a/scripts/install b/scripts/install index 33afb7c..05be583 100644 --- a/scripts/install +++ b/scripts/install @@ -48,6 +48,9 @@ if ! [[ $max_file_size =~ "^[\-0-9]+$" ]] && [ $max_file_size -lt 0 ]; then ynh_die "Max file must be a number positive or zero" fi +# Use postgresql by default +db_manager="postgresql" + # Check web path availability ynh_webpath_available $domain $path_url # Register (book) web path @@ -73,6 +76,7 @@ ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app port $port ynh_app_setting_set $app path $path_url ynh_app_setting_set $app max_file_size $max_file_size +ynh_app_setting_set $app db_manager $db_manager #================================================= # STANDARD MODIFICATIONS @@ -137,6 +141,7 @@ ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" +ynh_replace_string "__DB_MANAGER__" "$db_manager" "${final_path}/lufi.conf" if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf" fi diff --git a/scripts/remove b/scripts/remove index 8377d9d..627263d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -63,7 +63,7 @@ ynh_remove_nginx_config # DELETE LOG #================================================= -ynh_secure_remove "/var/log/$app/" +ynh_secure_remove "/var/log/$app" #================================================= # REMOVE LOGROTATE CONFIGURATION diff --git a/scripts/restore b/scripts/restore index 286e393..0bef29a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -32,6 +32,7 @@ domain=$(ynh_app_setting_get $app domain) path_url=$(ynh_app_setting_get $app path) final_path=$(ynh_app_setting_get $app final_path) db_name=$(ynh_app_setting_get $app db_name) +db_manager=$(ynh_app_setting_get $app db_manager) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -79,12 +80,15 @@ ynh_system_user_create $app #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_print_info "Restoring the PostregSQL database..." -db_pwd=$(ynh_app_setting_get $app psqlpwd) -ynh_psql_test_if_first_run -ynh_psql_setup_db $db_name $db_name $db_pwd -ynh_psql_connect_as $db_name $db_pwd $db_name < ./db.sql +if [ $db_manager = "postgresql" ]; then + ynh_print_info "Restoring the PostregSQL database..." + + db_pwd=$(ynh_app_setting_get $app psqlpwd) + ynh_psql_test_if_first_run + ynh_psql_setup_db $db_name $db_name $db_pwd + ynh_psql_connect_as $db_name $db_pwd $db_name < ./db.sql +fi #================================================= # RESTORE USER RIGHTS diff --git a/scripts/upgrade b/scripts/upgrade index fb6d1e3..e2dd559 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,6 +26,7 @@ db_name=$(ynh_app_setting_get $app db_name) db_user=$db_name db_pwd=$(ynh_app_setting_get $app psqlpwd) max_file_size=$(ynh_app_setting_get $app max_file_size) +db_manager=$(ynh_app_setting_get $app db_manager) #================================================= # FIX OLD THINGS @@ -59,6 +60,11 @@ if [ -z "$max_file_size" ]; then max_file_size=100 # 100 Mo fi +# If db_manager is empty, use sqlite for a backward compatibility +if [ -z "$db_manager" ]; then + db_manager="sqlite" +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -116,6 +122,7 @@ ynh_replace_string "__DB_NAME__" "$db_name" "${final_path}/lufi.conf" ynh_replace_string "__DB_USER__" "$db_user" "${final_path}/lufi.conf" ynh_replace_string "__DB_PWD__" "$db_pwd" "${final_path}/lufi.conf" ynh_replace_string "__MAX_FILE_SIZE__" "$max_file_size" "${final_path}/lufi.conf" +ynh_replace_string "__DB_MANAGER__" "$db_manager" "${final_path}/lufi.conf" if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit ynh_replace_string "max_file_size" "#max_file_size" "${final_path}/lufi.conf" fi @@ -141,7 +148,7 @@ chmod +x $final_path/script/lufi # SECURING FILES AND DIRECTORIES #================================================= -chown -R $app:$app "$final_path" +chown -R $app: "$final_path" #================================================= # SETUP SYSTEMD @@ -156,7 +163,11 @@ ynh_add_systemd_config #================================================= pushd $final_path -carton install --deployment --without=sqlite --without=mysql +if [ $db_manager = "postgresql" ]; then + carton install --deployment --without=sqlite --without=mysql +else + carton install --deployment --without=postgresql --without=mysql +fi popd #================================================= @@ -171,14 +182,21 @@ ynh_use_logrotate --non-append # ADVERTISE SERVICE IN ADMIN PANEL #================================================= +# if /var/log/$app/production.log is a symbolic link, then move it to $final_path/log/production.log +if [ ! -L "/var/log/$app/production.log" ] +then + mv "/var/log/$app/production.log" "$final_path/log/production.log" + chown -R $app: "$final_path/log/production.log" +fi + yunohost service add $app --log "$final_path/log/production.log" #================================================= # RESTART LUFI #================================================= -ynh_systemd_action -n $app -a reload -l "Creating process id file" -p "$final_path/log/production.log" ln -sf "$final_path/log/production.log" "/var/log/$app/production.log" +ynh_systemd_action -n $app -a restart -l "Creating process id file" -p "$final_path/log/production.log" #================================================= # SETUP SSOWAT From 9419b1e137a85b2ab391ea7ab571c8be86f95f9e Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 20 Mar 2019 00:32:40 +0100 Subject: [PATCH 15/16] more_set_headers for nginx --- conf/nginx.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index d32e99c..3d053b6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -11,8 +11,8 @@ location __PATH__ { client_max_body_size __MAX_FILE_SIZE__M; if ($request_uri ~* ^/(img|css|font|js)/) { - add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT"; - add_header Cache-Control "public, max-age=315360000"; + more_set_headers Expires "Thu, 31 Dec 2037 23:55:55 GMT"; + more_set_headers Cache-Control "public, max-age=315360000"; } proxy_pass http://127.0.0.1:__PORT____PATH__; From 4cd46fe39f8a6e390b1364ca0d5cc13a4c0f627f Mon Sep 17 00:00:00 2001 From: Kayou Date: Wed, 20 Mar 2019 01:07:02 +0100 Subject: [PATCH 16/16] Don't create psql db if useing sqlite --- scripts/upgrade | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index e2dd559..c237407 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -45,7 +45,13 @@ then # Si final_path n'est pas renseigné dans la config yunohost, cas d'ancien final_path=/var/www/$app fi -if [ -z "$db_pwd" ]; then + +# If db_manager is empty, use sqlite for a backward compatibility +if [ -z "$db_manager" ]; then + db_manager="sqlite" +fi + +if [ -z "$db_pwd" && "$db_manager" = "postgresql"]; then # Create postgresql database ynh_psql_test_if_first_run db_name=$(ynh_sanitize_dbid "$app") @@ -60,11 +66,6 @@ if [ -z "$max_file_size" ]; then max_file_size=100 # 100 Mo fi -# If db_manager is empty, use sqlite for a backward compatibility -if [ -z "$db_manager" ]; then - db_manager="sqlite" -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #=================================================