diff --git a/README.md b/README.md index bb83230..bba031d 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,13 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Self hosting files and sharing anonymous application +It stores files and allows you to download them. + +Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted. +The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. + +The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-) + **Shipped version:** 0.05.16~ynh1 diff --git a/README_fr.md b/README_fr.md index 236fe6f..4eed290 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,13 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble -Application d'hébergement et de partage de fichiers anonyme +It stores files and allows you to download them. + +Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted. +The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. + +The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-) + **Version incluse :** 0.05.16~ynh1 diff --git a/check_process b/check_process index 4b77609..3839f0d 100644 --- a/check_process +++ b/check_process @@ -4,9 +4,8 @@ domain="domain.tld" path="/path" max_file_size=100 - is_public=1 use_ldap=0 - admin="john" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -16,7 +15,7 @@ setup_public=1 upgrade=1 # 0.03.5 - upgrade=1 from_commit=23e84578464b1fa09f79c98b6a9b5f19bbcf83f3 + upgrade=1 from_commit=23e84578464b1fa09f79c98b6a9b5f19bbcf83f3 backup_restore=1 multi_instance=1 change_url=1 diff --git a/conf/nginx.conf b/conf/nginx.conf index 6c8afbc..44b2d54 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,33 +1,33 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - # This is important for user's privacy! - access_log off; - error_log /var/log/nginx/lufi.error.log; + # This is important for user's privacy! + access_log off; + error_log /var/log/nginx/lufi.error.log; - # This is important! Make it OK with your Lutim configuration - client_max_body_size __MAX_FILE_SIZE__M; + # This is important! Make it OK with your Lutim configuration + client_max_body_size __MAX_FILE_SIZE__M; - if ($request_uri ~* ^/(img|css|font|js)/) { - more_set_headers "Cache-Control: public, max-age=315360000"; - } + if ($request_uri ~* ^/(img|css|font|js)/) { + more_set_headers "Cache-Control: public, max-age=315360000"; + } - proxy_pass http://127.0.0.1:__PORT____PATH__; + proxy_pass http://127.0.0.1:__PORT____PATH__; - # Really important! Lufi uses WebSocket, it won't work without this - proxy_set_header Upgrade $http_upgrade ; - proxy_set_header Connection "upgrade" ; + # Really important! Lufi uses WebSocket, it won't work without this + proxy_set_header Upgrade $http_upgrade ; + proxy_set_header Connection "upgrade" ; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Remote-Port $remote_port; - proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Remote-Port $remote_port; + proxy_set_header X-Forwarded-Proto $scheme; - # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$ - proxy_redirect off; + # We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$ + proxy_redirect off; - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..4d9f867 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,6 @@ +It stores files and allows you to download them. + +Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted. +The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. + +The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-) diff --git a/manifest.json b/manifest.json index 1724075..a749850 100644 --- a/manifest.json +++ b/manifest.json @@ -1,75 +1,71 @@ { - "name": "Lufi", - "id": "lufi", - "packaging_format": 1, - "description": { - "en": "Self hosting files and sharing anonymous application", - "fr": "Application d'hébergement et de partage de fichiers anonyme" - }, - "version": "0.05.16~ynh2", - "url": "https://git.framasoft.org/luc/lufi", - "upstream": { + "name": "Lufi", + "id": "lufi", + "packaging_format": 1, + "description": { + "en": "Self hosting files and sharing anonymous application", + "fr": "Application d'hébergement et de partage de fichiers anonyme" + }, + "version": "0.05.16~ynh2", + "url": "https://git.framasoft.org/luc/lufi", + "upstream": { "license": "AGPL-3.0-or-later", "demo": "https://demo.lufi.io/", "admindoc": "https://framagit.org/luc/lufi/wikis/home", "code": "https://framagit.org/fiat-tux/hat-softwares/lufi" }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "frju365, cyp", - "email": "win10@tutanota.com, cyp@rouquin.me" - }, - "requirements": { - "yunohost": ">= 4.3" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/lufi", - "default": "/lufi" - }, - { - "name": "max_file_size", - "type": "string", - "ask": { - "en": "Choose a max file size, in Mo (0 = no limit)", - "fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)" - }, - "example": "100", - "default": "100" - }, - { - "name": "use_ldap", - "type": "boolean", - "ask": { - "en": "Install Lufi with LDAP configuration?", - "fr": "Installer Lufi avec la configuration LDAP ?" - }, - "help": { - "en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.", - "fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser." - }, - "default": false - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "A public Lufi will be publicly visible for everyone.", - "fr": "Un Lufi public sera visible publiquement pour tous." - }, - "default": true - } - ] - } + "license": "AGPL-3.0-or-later", + "maintainer": { + "name": "frju365, cyp", + "email": "win10@tutanota.com, cyp@rouquin.me" + }, + "requirements": { + "yunohost": ">= 4.3.0" + }, + "multi_instance": true, + "services": [ + "nginx" + ], + "arguments": { + "install": [ + { + "name": "domain", + "type": "domain" + }, + { + "name": "path", + "type": "path", + "example": "/lufi", + "default": "/lufi" + }, + { + "name": "is_public", + "type": "boolean", + "default": true + }, + { + "name": "max_file_size", + "type": "string", + "ask": { + "en": "Choose a max file size, in Mo (0 = no limit)", + "fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)" + }, + "example": "100", + "default": "100" + }, + { + "name": "use_ldap", + "type": "boolean", + "ask": { + "en": "Install Lufi with LDAP configuration?", + "fr": "Installer Lufi avec la configuration LDAP ?" + }, + "help": { + "en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.", + "fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser." + }, + "default": false + } + ] + } } diff --git a/scripts/backup b/scripts/backup index 111d116..dbd2762 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -63,7 +63,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" #================================================= -# BACKUP A CRON FILE +# BACKUP VARIOUS FILES #================================================= ynh_backup --src_path="/etc/cron.d/$app" diff --git a/scripts/change_url b/scripts/change_url index 46cadcf..cb2f20c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -39,7 +39,7 @@ secret=$(ynh_app_setting_get --app=$app --key=secret) max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size) #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." @@ -49,7 +49,7 @@ ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -96,7 +96,7 @@ then domain="$old_domain" path_url="$new_path" # Create a dedicated NGINX config - ynh_add_nginx_config max_file_size + ynh_add_nginx_config fi # Change the domain for NGINX diff --git a/scripts/install b/scripts/install index 848bd44..6f2d44e 100644 --- a/scripts/install +++ b/scripts/install @@ -25,8 +25,8 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH -max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE is_public=$YNH_APP_ARG_IS_PUBLIC +max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE use_ldap=$YNH_APP_ARG_USE_LDAP secret=$(ynh_string_random --length=24) @@ -117,7 +117,7 @@ chown -R $app:www-data "$final_path" ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config -ynh_add_nginx_config max_file_size +ynh_add_nginx_config #================================================= # SPECIFIC SETUP diff --git a/scripts/remove b/scripts/remove index 0cca7d3..61cf84f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service..." + ynh_script_progression --message="Removing $app service integration..." yunohost service remove $app fi @@ -43,6 +43,14 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." + +# Remove the app-specific logrotate config +ynh_remove_logrotate + #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= @@ -51,14 +59,6 @@ ynh_script_progression --message="Removing the PostgreSQL database..." # Remove a database if it exists, along with the associated user ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name" -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -76,28 +76,24 @@ ynh_script_progression --message="Removing NGINX web server configuration..." ynh_remove_nginx_config #================================================= -# REMOVE LOGROTATE CONFIGURATION +# REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing logrotate configuration..." +ynh_script_progression --message="Removing dependencies..." -# Remove the app-specific logrotate config -ynh_remove_logrotate +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE THE CRON FILE +# REMOVE VARIOUS FILES #================================================= -ynh_script_progression --message="Removing the cron file..." +ynh_script_progression --message="Removing various files..." # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" -#================================================= -# REMOVE LOG -#================================================= -ynh_script_progression --message="Removing the log file..." - +# Remove the log files ynh_secure_remove --file="/var/log/$app" #================================================= diff --git a/scripts/restore b/scripts/restore index c9bb718..17d0466 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -89,6 +89,13 @@ ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +#================================================= +# RESTORE VARIOUS FILES +#================================================= +ynh_script_progression --message="Restoring various files..." + +ynh_restore_file --origin_path="/etc/cron.d/$app" + #================================================= # RESTORE SYSTEMD #================================================= @@ -97,6 +104,13 @@ ynh_script_progression --message="Restoring the systemd configuration..." ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -111,20 +125,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/production.log" --line_match="Creating process id file" -#================================================= -# RESTORE THE CRON FILE -#================================================= -ynh_script_progression --message="Restoring the cron file..." - -ynh_restore_file --origin_path="/etc/cron.d/$app" - -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1d9d4b3..006df5d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -30,6 +30,7 @@ max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) @@ -42,12 +43,21 @@ ynh_script_progression --message="Backing up the app before upgrading (may take ynh_backup_before_upgrade ynh_clean_setup () { ynh_clean_check_starting - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +ynh_systemd_action --service_name=$app --action=stop --log_path="$final_path/log/production.log" + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -103,15 +113,6 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." - -ynh_systemd_action --service_name=$app --action=stop --log_path="$final_path/log/production.log" - #================================================= # CREATE DEDICATED USER #================================================= @@ -141,8 +142,8 @@ chown -R $app:www-data "$final_path" #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config -ynh_add_nginx_config max_file_size +# Create a dedicated NGINX config +ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES @@ -151,6 +152,8 @@ ynh_script_progression --message="Upgrading dependencies..." ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies +#================================================= +# SPECIFIC UPGRADE #================================================= # SETUP LUFI #================================================= @@ -190,12 +193,15 @@ ynh_add_config --template="../conf/cron_lufi" --destination="/etc/cron.d/$app" chmod +x $final_path/script/lufi #================================================= -# ADVERTISE SERVICE IN ADMIN PANEL +# SETUP SYSTEMD #================================================= -ynh_script_progression --message="Storing the config file checksum..." +ynh_script_progression --message="Upgrading systemd configuration..." -yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log" +# Create a dedicated systemd config +ynh_add_systemd_config +#================================================= +# GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= @@ -205,12 +211,11 @@ ynh_script_progression --message="Upgrading logrotate configuration..." ynh_use_logrotate --non-append #================================================= -# SETUP SYSTEMD +# INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." +ynh_script_progression --message="Integrating service in YunoHost..." -# Create a dedicated systemd config -ynh_add_systemd_config +yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log" #================================================= # START SYSTEMD SERVICE