YunoHost-Apps/lufi_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lufi_ynh.git synced 2024-09-03 19:36:28 +02:00
Code Issues Activity Actions

Merge pull request #71 from YunoHost-Apps/testing

Browse source 
Allow LDAP on public and remove legacy permission and various fixes
This commit is contained in:
yalh76 2022-02-06 00:42:22 +01:00 committed by GitHub
commit b208e35276
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 249 additions and 268 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -15,9 +15,15 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview
Self hosting files and sharing anonymous application
It stores files and allows you to download them.
**Shipped version:** 0.05.16~ynh1
Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
**Shipped version:** 0.05.16~ynh2
**Demo:** https://demo.lufi.io/

10
README_fr.md
View file

@ -11,9 +11,15 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Vue d'ensemble
Application d'hébergement et de partage de fichiers anonyme
It stores files and allows you to download them.
**Version incluse :** 0.05.16~ynh1
Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)
**Version incluse :** 0.05.16~ynh2
**Démo :** https://demo.lufi.io/

6
check_process
View file

@ -3,9 +3,9 @@
; Manifest
domain="domain.tld"
path="/path"
max_file_size=100
is_public=1
admin="john"
max_file_size=100
use_ldap=0
; Checks
pkg_linter=1
setup_sub_dir=1
@ -15,7 +15,7 @@
setup_public=1
upgrade=1
# 0.03.5
upgrade=1 from_commit=23e84578464b1fa09f79c98b6a9b5f19bbcf83f3
upgrade=1 from_commit=23e84578464b1fa09f79c98b6a9b5f19bbcf83f3
backup_restore=1
multi_instance=1
change_url=1

30
conf/lufi.conf.template
View file

@ -59,7 +59,7 @@
# max file size, in octets
# you can write it 100*1024*1024
# optional, no default
max_file_size => __MAX_FILE_SIZE__*1024*1024,
__MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024,
# if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript
@ -199,20 +199,20 @@
# set `ldap` if you want that only authenticated users can upload files
# please note that everybody can still download files
# optional, no default
__IS_PUBLIC__ldap => {
__IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI
__IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN
__IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__IS_PUBLIC__ #bind_pwd => 'secr3t', # search bind password
__IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__IS_PUBLIC__ #user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.)
__IS_PUBLIC__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__IS_PUBLIC__ # don't set or uncomment if you don't want to configure it
__IS_PUBLIC__ #start_tls => {
__IS_PUBLIC__ # verify => 'optional',
__IS_PUBLIC__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__IS_PUBLIC__ #}
__IS_PUBLIC__},
__LDAP__ldap => {
__LDAP__ uri => 'ldap://localhost:389', # server URI
__LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
__LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__LDAP__ #bind_pwd => 'secr3t', # search bind password
__LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
__LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__LDAP__ # don't set or uncomment if you don't want to configure it
__LDAP__ #start_tls => {
__LDAP__ # verify => 'optional',
__LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__LDAP__ #}
__LDAP__},
# if you've set ldap above, the session will last `session_duration` seconds before
# the user needs to reauthenticate

48
conf/nginx.conf
View file

@ -1,37 +1,33 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# This is important for user's privacy!
access_log off;
error_log /var/log/nginx/lufi.error.log;
# This is important for user's privacy!
access_log off;
error_log /var/log/nginx/lufi.error.log;
# This is important! Make it OK with your Lutim configuration
client_max_body_size __MAX_FILE_SIZE__M;
# This is important! Make it OK with your Lutim configuration
client_max_body_size __MAX_FILE_SIZE__M;
if ($request_uri ~* ^/(img|css|font|js)/) {
more_set_headers "Cache-Control: public, max-age=315360000";
}
if ($request_uri ~* ^/(img|css|font|js)/) {
more_set_headers "Cache-Control: public, max-age=315360000";
}
proxy_pass http://127.0.0.1:__PORT____PATH__;
proxy_pass http://127.0.0.1:__PORT____PATH__;
# Really important! Lufi uses WebSocket, it won't work without this
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection "upgrade" ;
# Really important! Lufi uses WebSocket, it won't work without this
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection "upgrade" ;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$
proxy_redirect off;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrite$
proxy_redirect off;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}

6
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1,6 @@
It stores files and allows you to download them.
Is that all? No. All the files are encrypted **by the browser**! It means that your files **never** leave your computer unencrypted.
The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP.
The encryption key part of the URL is a anchor (Cf. [Fragment Identifier](https://en.wikipedia.org/wiki/Fragment_identifier)), that means this part is only processed client-side and does not reach the server. :-)

115
manifest.json
View file

@ -1,58 +1,71 @@
{
"name": "Lufi",
"id": "lufi",
"packaging_format": 1,
"description": {
"en": "Self hosting files and sharing anonymous application",
"fr": "Application d'hébergement et de partage de fichiers anonyme"
},
"version": "0.05.16~ynh1",
"url": "https://git.framasoft.org/luc/lufi",
"upstream": {
"name": "Lufi",
"id": "lufi",
"packaging_format": 1,
"description": {
"en": "Self hosting files and sharing anonymous application",
"fr": "Application d'hébergement et de partage de fichiers anonyme"
},
"version": "0.05.16~ynh2",
"url": "https://git.framasoft.org/luc/lufi",
"upstream": {
"license": "AGPL-3.0-or-later",
"demo": "https://demo.lufi.io/",
"admindoc": "https://framagit.org/luc/lufi/wikis/home",
"code": "https://framagit.org/fiat-tux/hat-softwares/lufi"
},
"license": "AGPL-3.0-or-later",
"maintainer": {
"name": "frju365, cyp",
"email": "win10@tutanota.com, cyp@rouquin.me"
},
"requirements": {
"yunohost": ">= 4.2.3"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/lufi",
"default": "/lufi"
},
{
"name": "max_file_size",
"type": "string",
"ask": {
"en": "Choose a max file size, in Mo (0 = no limit)",
"fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)"
},
"example": "100",
"default": "100"
},
{
"name": "is_public",
"type": "boolean",
"default": true
}
]
}
"license": "AGPL-3.0-or-later",
"maintainer": {
"name": "frju365, cyp",
"email": "win10@tutanota.com, cyp@rouquin.me"
},
"requirements": {
"yunohost": ">= 4.3.0"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/lufi",
"default": "/lufi"
},
{
"name": "is_public",
"type": "boolean",
"default": true
},
{
"name": "max_file_size",
"type": "string",
"ask": {
"en": "Choose a max file size, in Mo (0 = no limit)",
"fr": "Choisissez une taille de fichier maximum chemin, en Mo (0 = pas de limite)"
},
"example": "100",
"default": "100"
},
{
"name": "use_ldap",
"type": "boolean",
"ask": {
"en": "Install Lufi with LDAP configuration?",
"fr": "Installer Lufi avec la configuration LDAP ?"
},
"help": {
"en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.",
"fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser."
},
"default": false
}
]
}
}

4
scripts/backup
View file

@ -6,7 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -63,7 +63,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================
# BACKUP A CRON FILE
# BACKUP VARIOUS FILES
#=================================================
ynh_backup --src_path="/etc/cron.d/$app"

55
scripts/change_url
View file

@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Add settings here as needed by your application
port=$(ynh_app_setting_get --app=$app --key=port)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
db_user=$db_name
@ -39,7 +39,7 @@ secret=$(ynh_app_setting_get --app=$app --key=secret)
max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
@ -49,7 +49,7 @@ ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# restore it if the upgrade fails
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
@ -96,7 +96,7 @@ then
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config max_file_size
ynh_add_nginx_config
fi
# Change the domain for NGINX
@ -119,49 +119,22 @@ ynh_script_progression --message="Configuring lufi..."
domain="$new_domain"
path_url="$new_path"
config=${final_path}/lufi.conf
ynh_backup_if_checksum_is_different --file="$config"
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
ldap="#"
if [ $use_ldap -eq 1 ];
then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
ldap=""
fi
ynh_store_file_checksum --file="$config"
max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf
#=================================================
# UPDATE SSOWAT
#=================================================
ynh_script_progression --message="Reconfiguring permissions..."
ynh_permission_update --permission="main" --add="visitors"
if [ $is_public -eq 0 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#=================================================
# GENERIC FINALISATION
#=================================================

47
scripts/install
View file

@ -25,8 +25,9 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
is_public=$YNH_APP_ARG_IS_PUBLIC
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
use_ldap=$YNH_APP_ARG_USE_LDAP
secret=$(ynh_string_random --length=24)
app=$YNH_APP_INSTANCE_NAME
@ -54,7 +55,7 @@ ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=use_ldap --value=$use_ldap
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
ynh_app_setting_set --app=$app --key=secret --value=$secret
@ -116,7 +117,7 @@ chown -R $app:www-data "$final_path"
ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config
ynh_add_nginx_config max_file_size
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
@ -125,28 +126,18 @@ ynh_add_nginx_config max_file_size
#=================================================
ynh_script_progression --message="Configuring $app..."
config=${final_path}/lufi.conf
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
ldap="#"
if [ $use_ldap -eq 1 ];
then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
ldap=""
fi
ynh_store_file_checksum --file="$config"
max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf
@ -204,17 +195,9 @@ ynh_systemd_action --service_name=$app --action="start" --line_match="Creating p
#=================================================
ynh_script_progression --message="Configuring permissions..."
ynh_permission_update --permission="main" --add="visitors"
if [ $is_public -eq 0 ]
if [ $is_public -eq 1 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================

36
scripts/remove
View file

@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service..."
ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app
fi
@ -43,6 +43,14 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
@ -51,14 +59,6 @@ ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name"
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
@ -76,28 +76,24 @@ ynh_script_progression --message="Removing NGINX web server configuration..."
ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
ynh_script_progression --message="Removing dependencies..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE THE CRON FILE
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing the cron file..."
ynh_script_progression --message="Removing various files..."
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# REMOVE LOG
#=================================================
ynh_script_progression --message="Removing the log file..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================

30
scripts/restore
View file

@ -6,7 +6,7 @@
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -89,6 +89,13 @@ ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..."
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# RESTORE SYSTEMD
#=================================================
@ -97,6 +104,13 @@ ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
@ -111,20 +125,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/production.log" --line_match="Creating process id file"
#=================================================
# RESTORE THE CRON FILE
#=================================================
ynh_script_progression --message="Restoring the cron file..."
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================

120
scripts/upgrade
View file

@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
secret=$(ynh_app_setting_get --app=$app --key=secret)
@ -30,6 +30,7 @@ max_file_size=$(ynh_app_setting_get --app=$app --key=max_file_size)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
@ -42,12 +43,21 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# restore it if the upgrade fails
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action=stop --log_path="$final_path/log/production.log"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
@ -70,21 +80,38 @@ if [ -z "$max_file_size" ]; then
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
# Check if is_public settings exist and is set to true
was_public=$(ynh_app_setting_get --app=$app --key=is_public)
if [ $was_public -eq 1 ]
then
# Fix permissions if true
ynh_print_info --message="Upgrading from legacy permission..."
ynh_print_info --message="Legacy public instance detected, allow visitors with new permission."
use_ldap=0
# Add new permission to allow visitors
ynh_permission_update --permission="main" --add="visitors"
# Remove deprecated is_public settings
ynh_app_setting_delete --app=$app --key=is_public
fi
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
# Check if legacy permissions exists (meanning that is_public was set to false)
if ynh_legacy_permissions_exists; then
ynh_systemd_action --service_name=$app --action=stop --log_path="$final_path/log/production.log"
ynh_print_info --message="Upgrading from legacy permission..."
ynh_print_info --message="Legacy private instance detected, keep LDAP enabled."
# Legacy private install have LDAP enabled
use_ldap=1
# Cleaning legacy permissions
ynh_print_info --message="Removing legacy permission..."
ynh_legacy_permissions_delete_all
# Remove deprecated is_public settings
ynh_app_setting_delete --app=$app --key=is_public
fi
#=================================================
# CREATE DEDICATED USER
@ -115,8 +142,8 @@ chown -R $app:www-data "$final_path"
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated nginx config
ynh_add_nginx_config max_file_size
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
@ -125,34 +152,25 @@ ynh_script_progression --message="Upgrading dependencies..."
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#=================================================
# SPECIFIC UPGRADE
#=================================================
# SETUP LUFI
#=================================================
ynh_script_progression --message="Configuring Lufi..."
config=${final_path}/lufi.conf
ynh_backup_if_checksum_is_different --file="$config"
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
ldap="#"
if [ $use_ldap -eq 1 ];
then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
ldap=""
fi
ynh_store_file_checksum --file="$config"
max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf
@ -175,12 +193,15 @@ ynh_add_config --template="../conf/cron_lufi" --destination="/etc/cron.d/$app"
chmod +x $final_path/script/lufi
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Storing the config file checksum..."
ynh_script_progression --message="Upgrading systemd configuration..."
yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log"
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
@ -190,30 +211,11 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
ynh_use_logrotate --non-append
#=================================================
# SETUP SYSTEMD
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..."
ynh_script_progression --message="Integrating service in YunoHost..."
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading permissions..."
ynh_permission_update --permission="main" --add="visitors"
if [ $is_public -eq 0 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
yunohost service add $app --description="Lufi service" --log="$final_path/log/production.log"
#=================================================
# START SYSTEMD SERVICE