YunoHost-Apps/moncycle_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/moncycle_ynh.git synced 2024-09-03 19:46:16 +02:00
Code Issues Activity Actions

Additionnal work

Browse source
This commit is contained in:
Limezy 2023-01-20 23:06:13 +07:00
parent 3b3b477f79
commit 7d2c2c15d7
9 changed files with 165 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
*~
*.sw[op]
.DS_Store

2
conf/config.php
View file

@ -11,7 +11,7 @@ define("DB_HOST", "");
define("DB_ID", "__APP__");
define("DB_NAME", "__APP__");
define("DB_PORT", 3306);
define("DB_PASSWORD", "");
define("DB_PASSWORD", "__DB_PWD__");
define("SMTP_HOST", 'localhost');
define("SMTP_PORT", 25);

1
conf/moncycleapp.cron Normal file
View file

@ -0,0 +1 @@
0 1 * * * __APP__ /usr/bin/php__PHPVERSION__ --define apc.enable_cli=1 -f __FINAL_PATH__/script/cron.php

9
scripts/backup
View file

@ -38,11 +38,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
### to be backuped and not an actual copy of any file. The actual backup that
### creates and fill the archive with the files happens in the core after this
### script is called. Hence ynh_backups calls takes basically 0 seconds to run.
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
@ -73,13 +68,11 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
#=================================================
# BACKUP VARIOUS FILES
# BACKUP THE CRON FILE
#=================================================
ynh_backup --src_path="/etc/cron.d/$app"
ynh_backup --src_path="/etc/$app/"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================

18
scripts/install
View file

@ -91,7 +91,12 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
###### need to move data to www
pushd "$final_path"
ynh_exec_warn_less sudo -u $app mv www_data/* ..
ynh_exec_warn_less sudo -u $app ./module/install.sh
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/table.sql
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/demo.sql
popd
#=================================================
# PHP-FPM CONFIGURATION
@ -123,6 +128,17 @@ chown $app:$app "$final_path/config.php"
# GENERIC FINALIZATION
#=================================================
#=================================================
# ADD A CRON JOB
#=================================================
cron_path="/etc/cron.d/$app"
ynh_add_config --template="../conf/moncycleapp.cron" --destination="$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"
exec_occ background:cron
#=================================================
# SETUP FAIL2BAN
#=================================================

7
scripts/remove
View file

@ -26,6 +26,13 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# STANDARD REMOVE
#=================================================
#=================================================
# REMOVE THE CRON FILE
#=================================================
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# REMOVE THE MYSQL DATABASE
#=================================================

15
scripts/restore
View file

@ -60,12 +60,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$final_path"
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
@ -119,8 +113,6 @@ ynh_script_progression --message="Restoring various files..." --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_restore_file --origin_path="/etc/$app/"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -131,6 +123,13 @@ ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --w
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# RESTORE THE CRON FILE
#=================================================
ynh_script_progression --message="Restoring cron job..." --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# END OF SCRIPT
#=================================================

109
scripts/upgrade
View file

@ -20,17 +20,12 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
#=================================================
# CHECK VERSION
#=================================================
### This helper will compare the version of the currently installed app and the version of the upstream package.
### $upgrade_type can have 2 different values
### - UPGRADE_APP if the upstream app version has changed
### - UPGRADE_PACKAGE if only the YunoHost package has changed
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
@ -50,54 +45,6 @@ ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
#
# N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
# of what you may want to do in some cases (e.g. a setting was not defined on
# some legacy installs and you therefore want to initiaze stuff during upgrade)
#
# If db_name doesn't exist, create it
#if [ -z "$db_name" ]; then
# db_name=$(ynh_sanitize_dbid --db_name=$app)
# ynh_app_setting_set --app=$app --key=db_name --value=$db_name
#fi
# If final_path doesn't exist, create it
#if [ -z "$final_path" ]; then
# final_path=/var/www/$app
# ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#fi
### If nobody installed your app before 4.1,
### then you may safely remove these lines
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
fi
#=================================================
# CREATE DEDICATED USER
@ -119,16 +66,17 @@ then
ynh_setup_source --dest_dir="$final_path"
fi
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
pushd "$final_path"
ynh_exec_warn_less sudo -u $app mv www_data/* ..
ynh_exec_warn_less sudo -u $app ./module/install.sh
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/table.sql
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/demo.sql
popd
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
@ -153,40 +101,31 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# ...
# CONFIGURATION UPGRADE
#=================================================
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_script_progression --message="Adding a configuration file..." --weight=1
### Same as during install
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php"
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/some_config_file"
chown $app:$app "$final_path/some_config_file"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
chmod 400 "$final_path/config.php"
chown $app:$app "$final_path/config.php"
#=================================================
# GENERIC FINALIZATION
#=================================================
#=================================================
# UPDATE THE CRON JOB
#=================================================
cron_path="/etc/cron.d/$app"
ynh_add_config --template="../conf/moncycleapp.cron" --destination="$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"
exec_occ background:cron
#=================================================
# UPGRADE FAIL2BAN
#=================================================

106
sources/patches/app-02-cleaning.patch Normal file
View file

@ -0,0 +1,106 @@
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 1a3237c..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-docker-compose.yml
-www_data/config.php
-www_data/info.php
-htpasswd
-sessions
-www_data/module
-
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 164b163..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,19 +0,0 @@
-FROM php:apache
-
-RUN apt-get update \
- && apt-get install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev unzip \
- && docker-php-ext-configure gd --with-freetype --with-jpeg \
- && docker-php-ext-install -j$(nproc) gd pdo pdo_mysql
-
-#RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini"
-RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-
-COPY ./server_conf/moncycleapp_apache.conf /etc/apache2/conf-enabled/
-COPY ./server_conf/moncycleapp_php.ini $PHP_INI_DIR/conf.d
-
-RUN mkdir -p /var/lib/php/session && mkdir -p /var/lib/php/soap_cache && chown -R www-data:www-data /var/lib/php/
-
-COPY ./www_data /var/www/html/
-
-RUN bash /var/www/html/module/install.sh
-
diff --git a/README.md b/README.md
deleted file mode 100644
index 9d22bd5..0000000
--- a/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# MONCYCLE.APP
-
-Application de suivi de cycle menstruel pour les méthodes naturelles de régulation de naissance.
-
-Plus d'information 👉 [https://moncycle.app](https://moncycle.app)
-
-Code source 👉 [https://github.com/jean-io/moncycle.app](https://github.com/jean-io/moncycle.app)
-
-Page Tipeee 👉 [https://fr.tipeee.com/moncycleapp](https://fr.tipeee.com/moncycleapp)
-
-### Licence
-
-Creative Commons **CC BY-NC-SA**
-
-Attribution - Utilisation non commerciale - Partage dans les mêmes conditions
-
-Détail de la licence 👉 [https://creativecommons.org/licenses/by-nc-sa/4.0/](https://creativecommons.org/licenses/by-nc-sa/4.0/)
-
-Code légal 👉 [https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.fr](https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.fr)
-
diff --git a/server_conf/moncycleapp_apache.conf b/server_conf/moncycleapp_apache.conf
deleted file mode 100644
index cb5ff31..0000000
--- a/server_conf/moncycleapp_apache.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-<Directory /var/www/>
- Options +MultiViews
- MultiviewsMatch Any
- AllowOverride None
-</Directory>
diff --git a/server_conf/moncycleapp_php.ini b/server_conf/moncycleapp_php.ini
deleted file mode 100644
index 092dd23..0000000
--- a/server_conf/moncycleapp_php.ini
+++ /dev/null
@@ -1,25 +0,0 @@
-session.name = MONCYCLEAPP_SESID
-session.cookie_httponly = 1
-session.cookie_secure = 1
-session.use_strict_mode = 1
-session.use_cookies = 1
-session.use_only_cookies = 1
-
-; sessions de 30 jours
-session.gc_maxlifetime = 2592000
-session.cookie_lifetime = 2592000
-
-; hardening
-expose_php = Off
-allow_url_fopen = Off
-allow_url_include = Off
-max_input_time = 30
-max_execution_time = 30
-memory_limit = 16M
-post_max_size = 256K
-max_input_vars = 100
-file_uploads = Off
-open_basedir = /var/www/html:/var/lib/php/session
-session.save_path = /var/lib/php/session
-soap.wsdl_cache_dir = /var/lib/php/soap_cache
-disable_functions = ini_set,php_uname,getmyuid,getmypid,passthru,leak,listen,diskfreespace,tmpfile,link,ignore_user_abord,shell_exec,dl,set_time_limit,exec,system,highlight_file,source,show_source,fpaththru,virtual,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,phpinfo,popen,curl_exec,curl_multi_exec,parse_ini_file,allow_url_fopen,allow_url_include,pcntl_exec,chgrp,chmod,chown,lchgrp,lchown,putenv