From 495410fac8e82e4116efe1211a11c1b4bd0a9851 Mon Sep 17 00:00:00 2001
From: Yehuda Deutsch <yeh@uda.co.il>
Date: Sat, 25 Feb 2023 23:51:01 -0500
Subject: [PATCH] Implement simple optional local_domain

Based on @Thatoo 's implementation in Synapse
https://github.com/YunoHost-Apps/synapse_ynh
---
 README.md            | 19 +++++++++++++++++++
 conf/well_known.conf |  3 +++
 manifest.json        |  9 ++++-----
 scripts/backup       |  4 ++++
 scripts/install      | 19 ++++++++++++++++++-
 scripts/remove       |  3 +++
 scripts/upgrade      | 21 +++++++++++++++++++--
 7 files changed, 70 insertions(+), 8 deletions(-)
 create mode 100644 conf/well_known.conf

diff --git a/README.md b/README.md
index 4dd8f5e..660c75c 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,25 @@ $ screen -d
 $ screen -r
 ```
 
+#### Using separate domains for Serving and Identity
+
+It is possible to use one domain for serving (like social.example.com) and another for the user identities (like @user@example.com).
+In this installation simple set the Local Domain field with the relevant domain.
+If the Identity domain is locally managed and properly entered, appropriate redirects will be set up, otherwise you will need to set them up manually.
+
+Example of setting up the required redirect in nginx:
+```
+{
+  server example.com;
+  # Other example.com settings...
+  ### This is the relevant part:
+  location ~ ^/.well-known/(host-meta|nodeinfo|webfinger)/ {
+    return 301 https://__DOMAIN__$request_uri;
+  }
+  ### Until here is the relevant part
+}
+```
+
 ### Update
 
 #### Using *screen* highly recommended
diff --git a/conf/well_known.conf b/conf/well_known.conf
new file mode 100644
index 0000000..0652827
--- /dev/null
+++ b/conf/well_known.conf
@@ -0,0 +1,3 @@
+location ~ ^/.well-known/(host-meta|nodeinfo|webfinger)/ {
+  return 301 https://__DOMAIN__$request_uri;
+}
diff --git a/manifest.json b/manifest.json
index bd1e4ae..7a41a6f 100644
--- a/manifest.json
+++ b/manifest.json
@@ -44,14 +44,13 @@
             },
             {
                 "name": "local_domain",
-                "type": "domain",
-                "optional": true,
-                "default": "",
+                "type": "string",
+                "default": "Same as the domain",
                 "ask": {
-                    "en": "What domain do you want to ues for users?"
+                    "en": "Local Domain: Set a different domain for user identity"
                 },
                 "help": {
-                    "en": "Use a different domain for users than the installation domain, you'll need to setup the well-known redirects your self"
+                    "en": "You can specify another domain so users are referred to @user@domain.tld instead of @user@social.domain.tld. URL redirects will automatically be created if the domain is locally managed."
                 }
             },
             {
diff --git a/scripts/backup b/scripts/backup
index 96a895d..5551c29 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -29,6 +29,7 @@ app=$YNH_APP_INSTANCE_NAME
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 
 #=================================================
@@ -47,6 +48,9 @@ ynh_backup --src_path="$final_path"
 #=================================================
 
 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_backup --src_path="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+fi
 
 #=================================================
 # SPECIFIC BACKUP
diff --git a/scripts/install b/scripts/install
index 3152e38..c529270 100644
--- a/scripts/install
+++ b/scripts/install
@@ -26,7 +26,7 @@ ynh_abort_if_errors
 #=================================================
 
 domain=$YNH_APP_ARG_DOMAIN
-local_domain=${YNH_APP_ARG_LOCAL_DOMAIN:=$YNH_APP_ARG_DOMAIN}
+local_domain=$YNH_APP_ARG_LOCAL_DOMAIN
 path_url="/"
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
@@ -36,6 +36,11 @@ app=$YNH_APP_INSTANCE_NAME
 
 admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
 
+# Serving domain is identical to Identity domain
+if [[ "$local_domain" == "Same as the domain" ]]; then
+  local_domain=$domain
+fi
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@@ -122,6 +127,11 @@ chown -R $app:www-data "$final_path"
 #=================================================
 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_add_config --template="well_known.conf" --destination="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+fi
+
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
@@ -270,6 +280,13 @@ fi
 
 ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
 
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_permission_create --permission=well_known --url=$local_domain/.well-known/webfinger \
+                        --additional_urls $local_domain/.well-known/host-meta $local_domain/.well-known/nodeinfo \
+                        --label="Well known path redirects" --show_tile=false --allowed=visitors --auth_header=false
+fi
+
 #=================================================
 # RELOAD NGINX
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 2ad4da3..af34ec5 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -80,6 +80,9 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
 
+# Remove well known path redirects if installed
+ynh_secure_remove --file="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
 
diff --git a/scripts/upgrade b/scripts/upgrade
index b893d76..d0b7fda 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -18,9 +18,8 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 
 app=$YNH_APP_INSTANCE_NAME
 
-_local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-local_domain=${_local_domain:=$domain}
+local_domain=$(ynh_app_setting_get --app=$app --key=local_domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
@@ -151,6 +150,19 @@ if [[ -z "$redis_namespace" ]]; then
 	ynh_app_setting_set --app=$app --key=redis_namespace --value=$redis_namespace
 fi
 
+# Update settings when upgrading from a setup with no local_domain
+if [[ -z $local_domain ]]; then
+  local_domain=$domain
+  ynh_app_setting_set --app=$app --key=local_domain --value=$domain
+fi
+
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$" && ! ynh_permission_exists --permission="well_known"; then
+  ynh_permission_create --permission=well_known --url=$local_domain/.well-known/webfinger \
+                        --additional_urls $local_domain/.well-known/host-meta $local_domain/.well-known/nodeinfo \
+                        --label="Well known path redirects" --show_tile=false --allowed=visitors --auth_header=false
+fi
+
 #Remove previous added repository
 ynh_remove_extra_repo
 
@@ -211,6 +223,11 @@ ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yar
 #=================================================
 ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
 
+# Create .well-known redirection for access by federation, if Identity domain is different from Serving domain
+if [[ "$domain" != "$local_domain" ]] && yunohost --output-as plain domain list | grep -q "^$local_domain$"; then
+  ynh_add_config --template="well_known.conf" --destination="/etc/nginx/conf.d/${local_domain}.d/${app}_well_known.conf"
+fi
+
 # Create a dedicated NGINX config
 ynh_add_nginx_config