From b532d4eeed67befd61bba9af932e09e7c0499c7e Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Fri, 24 Feb 2023 12:19:06 -0500
Subject: [PATCH 1/6] Add support for LOCAL_DOMAIN

---
 conf/.env.production.sample | 3 ++-
 manifest.json               | 8 ++++++++
 scripts/install             | 2 ++
 scripts/remove              | 1 +
 scripts/restore             | 1 +
 scripts/upgrade             | 1 +
 6 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/conf/.env.production.sample b/conf/.env.production.sample
index 21cc8e5..09be4c1 100644
--- a/conf/.env.production.sample
+++ b/conf/.env.production.sample
@@ -14,7 +14,8 @@
 # ----------
 # This identifies your server and cannot be changed safely later
 # ----------
-LOCAL_DOMAIN=__DOMAIN__
+LOCAL_DOMAIN=__LOCAL_DOMAIN__
+WEB_DOMAIN=__DOMAIN__
 
 # Redis
 # -----
diff --git a/manifest.json b/manifest.json
index 871809b..6f2ab8e 100644
--- a/manifest.json
+++ b/manifest.json
@@ -42,6 +42,14 @@
                 "name": "domain",
                 "type": "domain"
             },
+            {
+                "name": "local_domain",
+                "type": "domain",
+                "default": "",
+                "help": {
+                    "en": "Use a different domain for users than the installation domain"
+                }
+            },
             {
                 "name": "is_public",
                 "type": "boolean",
diff --git a/scripts/install b/scripts/install
index 6df1759..3152e38 100644
--- a/scripts/install
+++ b/scripts/install
@@ -26,6 +26,7 @@ ynh_abort_if_errors
 #=================================================
 
 domain=$YNH_APP_ARG_DOMAIN
+local_domain=${YNH_APP_ARG_LOCAL_DOMAIN:=$YNH_APP_ARG_DOMAIN}
 path_url="/"
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
@@ -52,6 +53,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 ynh_script_progression --message="Storing installation settings..." --weight=1
 
 ynh_app_setting_set --app=$app --key=domain --value=$domain
+ynh_app_setting_set --app=$app --key=local_domain --value=$local_domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=language --value=$language
 ynh_app_setting_set --app=$app --key=admin --value=$admin
diff --git a/scripts/remove b/scripts/remove
index 69fc9ec..2ad4da3 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -19,6 +19,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$(ynh_app_setting_get --app=$app --key=db_user)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
diff --git a/scripts/restore b/scripts/restore
index be0e019..29a4ece 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -30,6 +30,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
diff --git a/scripts/upgrade b/scripts/upgrade
index 9be5f2f..1f91c9e 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -19,6 +19,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)

From d78a09400b8877fcd3d8ed8236406afd3b48186c Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Fri, 24 Feb 2023 12:36:57 -0500
Subject: [PATCH 2/6] Change to string and add doc

---
 manifest.json | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 6f2ab8e..45bec46 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,10 +44,13 @@
             },
             {
                 "name": "local_domain",
-                "type": "domain",
+                "type": "string",
                 "default": "",
+                "ask": {
+                    "en": "What domain do you want to ues for users?"
+                },
                 "help": {
-                    "en": "Use a different domain for users than the installation domain"
+                    "en": "Use a different domain for users than the installation domain, you'll need to setup the well-known redirects your self"
                 }
             },
             {

From 04caeb0d3bbdb36b29d12d83d45702d45b17b030 Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Fri, 24 Feb 2023 13:01:30 -0500
Subject: [PATCH 3/6] Set upgrade path

---
 scripts/upgrade | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 1f91c9e..b893d76 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -18,8 +18,9 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 
 app=$YNH_APP_INSTANCE_NAME
 
+_local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
+local_domain=${_local_domain:=$domain}
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)

From 0b7b64b8f2b12c189e4ddeff50501499e3867230 Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Sat, 25 Feb 2023 21:05:09 -0500
Subject: [PATCH 4/6] Use "optional": true

Following https://forum.yunohost.org/t/23805/2
---
 manifest.json | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 45bec46..bd1e4ae 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Libre and federated social network",
         "fr": "Réseau social libre et fédéré"
     },
-    "version": "4.0.2~ynh2",
+    "version": "4.0.2~ynh3",
     "url": "https://github.com/mastodon/mastodon",
     "upstream": {
         "license": "AGPL-3.0-or-later",
@@ -44,7 +44,8 @@
             },
             {
                 "name": "local_domain",
-                "type": "string",
+                "type": "domain",
+                "optional": true,
                 "default": "",
                 "ask": {
                     "en": "What domain do you want to ues for users?"

From 495410fac8e82e4116efe1211a11c1b4bd0a9851 Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Sat, 25 Feb 2023 23:51:01 -0500
Subject: [PATCH 5/6] Implement simple optional local_domain

Based on @Thatoo 's implementation in Synapse
https://github.com/YunoHost-Apps/synapse_ynh
---
 README.md            | 19 +++++++++++++++++++
 conf/well_known.conf |  3 +++
 manifest.json        |  9 ++++-----
 scripts/backup       |  4 ++++
 scripts/install      | 19 ++++++++++++++++++-
 scripts/remove       |  3 +++
 scripts/upgrade      | 21 +++++++++++++++++++--
 7 files changed, 70 insertions(+), 8 deletions(-)
 create mode 100644 conf/well_known.conf

diff --git a/README.md b/README.md
index 4dd8f5e..660c75c 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,25 @@ $ screen -d
 $ screen -r
 ```
 
+#### Using separate domains for Serving and Identity
+
+It is possible to use one domain for serving (like social.example.com) and another for the user identities (like @user@example.com).
+In this installation simple set the Local Domain field with the relevant domain.
+If the Identity domain is locally managed and properly entered, appropriate redirects will be set up, otherwise you will need to set them up manually.
+
+Example of setting up the required redirect in nginx:
+```
+{
+  server example.com;
+  # Other example.com settings...
+  ### This is the relevant part:
+  location ~ ^/.well-known/(host-meta|nodeinfo|webfinger)/ {
+    return 301 https://__DOMAIN__$request_uri;
+  }
+  ### Until here is the relevant part
+}
+```
+
 ### Update
 
 #### Using *screen* highly recommended
diff --git a/conf/well_known.conf b/conf/well_known.conf
new file mode 100644
index 0000000..0652827
--- /dev/null
+++ b/conf/well_known.conf
@@ -0,0 +1,3 @@
+location ~ ^/.well-known/(host-meta|nodeinfo|webfinger)/ {
+  return 301 https://__DOMAIN__$request_uri;
+}
diff --git a/manifest.json b/manifest.json
index bd1e4ae..7a41a6f 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,14 +44,13 @@
             },
             {
                 "name": "local_domain",
-                "type": "domain",
-                "optional": true,
-                "default": "",
+                "type": "string",
+                "default": "Same as the domain",
                 "ask": {
-                    "en": "What domain do you want to ues for users?"
+                    "en": "Local Domain: Set a different domain for user identity"
                 },
                 "help": {
-                    "en": "Use a different domain for users than the installation domain, you'll need to setup the well-known redirects your self"
+                    "en": "You can specify another domain so users are referred to @user@domain.tld instead of @user@social.domain.tld. URL redirects will automatically be created if the domain is locally managed."
                 }
             },
             {
diff --git a/scripts/backup b/scripts/backup
index 96a895d..5551c29 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -29,6 +29,7 @@ app=$YNH_APP_INSTANCE_NAME
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 
 #=================================================
@@ -47,6 +48,9 @@ ynh_backup --src_path="$final_path"
 #=================================================
 
 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_backup --src_path="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+fi
 
 #=================================================
 # SPECIFIC BACKUP
diff --git a/scripts/install b/scripts/install
index 3152e38..c529270 100644
--- a/scripts/install
+++ b/scripts/install
@@ -26,7 +26,7 @@ ynh_abort_if_errors
 #=================================================
 
 domain=$YNH_APP_ARG_DOMAIN
-local_domain=${YNH_APP_ARG_LOCAL_DOMAIN:=$YNH_APP_ARG_DOMAIN}
+local_domain=$YNH_APP_ARG_LOCAL_DOMAIN
 path_url="/"
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
@@ -36,6 +36,11 @@ app=$YNH_APP_INSTANCE_NAME
 
 admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
 
+# Serving domain is identical to Identity domain
+if [[ "$local_domain" == "Same as the domain" ]]; then
+  local_domain=$domain
+fi
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@@ -122,6 +127,11 @@ chown -R $app:www-data "$final_path"
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_add_config --template="well_known.conf" --destination="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+fi
+
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
@@ -270,6 +280,13 @@ fi
 
 ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
 
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_permission_create --permission=well_known --url=$local_domain/.well-known/webfinger \
+                        --additional_urls $local_domain/.well-known/host-meta $local_domain/.well-known/nodeinfo \
+                        --label="Well known path redirects" --show_tile=false --allowed=visitors --auth_header=false
+fi
+
 #=================================================
 # RELOAD NGINX
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 2ad4da3..af34ec5 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -80,6 +80,9 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
 
+# Remove well known path redirects if installed
+ynh_secure_remove --file="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
 
diff --git a/scripts/upgrade b/scripts/upgrade
index b893d76..d0b7fda 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -18,9 +18,8 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 
 app=$YNH_APP_INSTANCE_NAME
 
-_local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-local_domain=${_local_domain:=$domain}
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
@@ -151,6 +150,19 @@ if [[ -z "$redis_namespace" ]]; then
 	ynh_app_setting_set --app=$app --key=redis_namespace --value=$redis_namespace
 fi
 
+# Update settings when upgrading from a setup with no local_domain
+if [[ -z $local_domain ]]; then
+  local_domain=$domain
+  ynh_app_setting_set --app=$app --key=local_domain --value=$domain
+fi
+
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$" && ! ynh_permission_exists --permission="well_known"; then
+  ynh_permission_create --permission=well_known --url=$local_domain/.well-known/webfinger \
+                        --additional_urls $local_domain/.well-known/host-meta $local_domain/.well-known/nodeinfo \
+                        --label="Well known path redirects" --show_tile=false --allowed=visitors --auth_header=false
+fi
+
 #Remove previous added repository
 ynh_remove_extra_repo
 
@@ -211,6 +223,11 @@ ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yar
 #=================================================
 ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
 
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_add_config --template="well_known.conf" --destination="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+fi
+
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 

From cd6c54e95d3c861ef8772575dde8840a2307d1b4 Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Sun, 26 Feb 2023 00:06:47 -0500
Subject: [PATCH 6/6] Fix redirect location

---
 conf/well_known.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/well_known.conf b/conf/well_known.conf
index 0652827..19d3350 100644
--- a/conf/well_known.conf
+++ b/conf/well_known.conf
@@ -1,3 +1,3 @@
-location ~ ^/.well-known/(host-meta|nodeinfo|webfinger)/ {
+location ~ ^/.well-known/(host-meta|nodeinfo|webfinger) {
   return 301 https://__DOMAIN__$request_uri;
 }