From 7d2c2c15d7d5b0e3246b76b1f4dcf4d861c2b27c Mon Sep 17 00:00:00 2001 From: Limezy Date: Fri, 20 Jan 2023 23:06:13 +0700 Subject: [PATCH] Additionnal work --- .gitignore | 1 + conf/config.php | 2 +- conf/moncycleapp.cron | 1 + scripts/backup | 9 +-- scripts/install | 18 ++++- scripts/remove | 7 ++ scripts/restore | 15 ++-- scripts/upgrade | 109 ++++++-------------------- sources/patches/app-02-cleaning.patch | 106 +++++++++++++++++++++++++ 9 files changed, 165 insertions(+), 103 deletions(-) create mode 100644 conf/moncycleapp.cron create mode 100644 sources/patches/app-02-cleaning.patch diff --git a/.gitignore b/.gitignore index 783a4ae..8f144f3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *~ *.sw[op] +.DS_Store diff --git a/conf/config.php b/conf/config.php index 34153ff..02ada23 100644 --- a/conf/config.php +++ b/conf/config.php @@ -11,7 +11,7 @@ define("DB_HOST", ""); define("DB_ID", "__APP__"); define("DB_NAME", "__APP__"); define("DB_PORT", 3306); -define("DB_PASSWORD", ""); +define("DB_PASSWORD", "__DB_PWD__"); define("SMTP_HOST", 'localhost'); define("SMTP_PORT", 25); diff --git a/conf/moncycleapp.cron b/conf/moncycleapp.cron new file mode 100644 index 0000000..7f41665 --- /dev/null +++ b/conf/moncycleapp.cron @@ -0,0 +1 @@ +0 1 * * * __APP__ /usr/bin/php__PHPVERSION__ --define apc.enable_cli=1 -f __FINAL_PATH__/script/cron.php \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index bb71ccc..7e204b8 100755 --- a/scripts/backup +++ b/scripts/backup @@ -38,11 +38,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fill the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls takes basically 0 seconds to run. - #================================================= # BACKUP THE APP MAIN DIR #================================================= @@ -73,13 +68,11 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= #================================================= -# BACKUP VARIOUS FILES +# BACKUP THE CRON FILE #================================================= ynh_backup --src_path="/etc/cron.d/$app" -ynh_backup --src_path="/etc/$app/" - #================================================= # BACKUP THE MYSQL DATABASE #================================================= diff --git a/scripts/install b/scripts/install index 1ba4af1..d67816a 100755 --- a/scripts/install +++ b/scripts/install @@ -91,7 +91,12 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -###### need to move data to www +pushd "$final_path" + ynh_exec_warn_less sudo -u $app mv www_data/* .. + ynh_exec_warn_less sudo -u $app ./module/install.sh + ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/table.sql + ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/demo.sql +popd #================================================= # PHP-FPM CONFIGURATION @@ -123,6 +128,17 @@ chown $app:$app "$final_path/config.php" # GENERIC FINALIZATION #================================================= +#================================================= +# ADD A CRON JOB +#================================================= + +cron_path="/etc/cron.d/$app" +ynh_add_config --template="../conf/moncycleapp.cron" --destination="$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" + +exec_occ background:cron + #================================================= # SETUP FAIL2BAN #================================================= diff --git a/scripts/remove b/scripts/remove index 6ed9566..5753eda 100755 --- a/scripts/remove +++ b/scripts/remove @@ -26,6 +26,13 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # STANDARD REMOVE #================================================= +#================================================= +# REMOVE THE CRON FILE +#================================================= + +# Remove a cron file +ynh_secure_remove --file="/etc/cron.d/$app" + #================================================= # REMOVE THE MYSQL DATABASE #================================================= diff --git a/scripts/restore b/scripts/restore index 24bbe35..0b1b3de 100755 --- a/scripts/restore +++ b/scripts/restore @@ -60,12 +60,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" @@ -119,8 +113,6 @@ ynh_script_progression --message="Restoring various files..." --weight=1 ynh_restore_file --origin_path="/etc/cron.d/$app" -ynh_restore_file --origin_path="/etc/$app/" - #================================================= # GENERIC FINALIZATION #================================================= @@ -131,6 +123,13 @@ ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --w ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload +#================================================= +# RESTORE THE CRON FILE +#================================================= +ynh_script_progression --message="Restoring cron job..." --weight=1 + +ynh_restore_file --origin_path="/etc/cron.d/$app" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 985fb84..760e28f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,17 +20,12 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) #================================================= # CHECK VERSION #================================================= -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= @@ -50,54 +45,6 @@ ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" - -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -# -# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# - -# If db_name doesn't exist, create it -#if [ -z "$db_name" ]; then -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -#fi - -# If final_path doesn't exist, create it -#if [ -z "$final_path" ]; then -# final_path=/var/www/$app -# ynh_app_setting_set --app=$app --key=final_path --value=$final_path -#fi - -### If nobody installed your app before 4.1, -### then you may safely remove these lines - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -if ! ynh_permission_exists --permission="admin"; then - # Create the required permissions - ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" -fi #================================================= # CREATE DEDICATED USER @@ -119,16 +66,17 @@ then ynh_setup_source --dest_dir="$final_path" fi -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +pushd "$final_path" + ynh_exec_warn_less sudo -u $app mv www_data/* .. + ynh_exec_warn_less sudo -u $app ./module/install.sh + ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/table.sql + ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < db/demo.sql +popd + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -153,40 +101,31 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - ynh_add_nginx_config #================================================= -# SPECIFIC UPGRADE -#================================================= -# ... +# CONFIGURATION UPGRADE #================================================= -#================================================= -# UPDATE A CONFIG FILE -#================================================= -ynh_script_progression --message="Updating a configuration file..." --weight=1 +ynh_script_progression --message="Adding a configuration file..." --weight=1 -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) +ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php" -ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/some_config_file" -chown $app:$app "$final_path/some_config_file" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" +chmod 400 "$final_path/config.php" +chown $app:$app "$final_path/config.php" #================================================= # GENERIC FINALIZATION #================================================= +#================================================= +# UPDATE THE CRON JOB +#================================================= + +cron_path="/etc/cron.d/$app" +ynh_add_config --template="../conf/moncycleapp.cron" --destination="$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" + +exec_occ background:cron + #================================================= # UPGRADE FAIL2BAN #================================================= diff --git a/sources/patches/app-02-cleaning.patch b/sources/patches/app-02-cleaning.patch new file mode 100644 index 0000000..736dcfc --- /dev/null +++ b/sources/patches/app-02-cleaning.patch @@ -0,0 +1,106 @@ +diff --git a/.gitignore b/.gitignore +deleted file mode 100644 +index 1a3237c..0000000 +--- a/.gitignore ++++ /dev/null +@@ -1,7 +0,0 @@ +-docker-compose.yml +-www_data/config.php +-www_data/info.php +-htpasswd +-sessions +-www_data/module +- +diff --git a/Dockerfile b/Dockerfile +deleted file mode 100644 +index 164b163..0000000 +--- a/Dockerfile ++++ /dev/null +@@ -1,19 +0,0 @@ +-FROM php:apache +- +-RUN apt-get update \ +- && apt-get install -y libfreetype6-dev libjpeg62-turbo-dev libpng-dev unzip \ +- && docker-php-ext-configure gd --with-freetype --with-jpeg \ +- && docker-php-ext-install -j$(nproc) gd pdo pdo_mysql +- +-#RUN mv "$PHP_INI_DIR/php.ini-development" "$PHP_INI_DIR/php.ini" +-RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" +- +-COPY ./server_conf/moncycleapp_apache.conf /etc/apache2/conf-enabled/ +-COPY ./server_conf/moncycleapp_php.ini $PHP_INI_DIR/conf.d +- +-RUN mkdir -p /var/lib/php/session && mkdir -p /var/lib/php/soap_cache && chown -R www-data:www-data /var/lib/php/ +- +-COPY ./www_data /var/www/html/ +- +-RUN bash /var/www/html/module/install.sh +- +diff --git a/README.md b/README.md +deleted file mode 100644 +index 9d22bd5..0000000 +--- a/README.md ++++ /dev/null +@@ -1,20 +0,0 @@ +-# MONCYCLE.APP +- +-Application de suivi de cycle menstruel pour les méthodes naturelles de régulation de naissance. +- +-Plus d'information 👉 [https://moncycle.app](https://moncycle.app) +- +-Code source 👉 [https://github.com/jean-io/moncycle.app](https://github.com/jean-io/moncycle.app) +- +-Page Tipeee 👉 [https://fr.tipeee.com/moncycleapp](https://fr.tipeee.com/moncycleapp) +- +-### Licence +- +-Creative Commons **CC BY-NC-SA** +- +-Attribution - Utilisation non commerciale - Partage dans les mêmes conditions +- +-Détail de la licence 👉 [https://creativecommons.org/licenses/by-nc-sa/4.0/](https://creativecommons.org/licenses/by-nc-sa/4.0/) +- +-Code légal 👉 [https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.fr](https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode.fr) +- +diff --git a/server_conf/moncycleapp_apache.conf b/server_conf/moncycleapp_apache.conf +deleted file mode 100644 +index cb5ff31..0000000 +--- a/server_conf/moncycleapp_apache.conf ++++ /dev/null +@@ -1,5 +0,0 @@ +- +- Options +MultiViews +- MultiviewsMatch Any +- AllowOverride None +- +diff --git a/server_conf/moncycleapp_php.ini b/server_conf/moncycleapp_php.ini +deleted file mode 100644 +index 092dd23..0000000 +--- a/server_conf/moncycleapp_php.ini ++++ /dev/null +@@ -1,25 +0,0 @@ +-session.name = MONCYCLEAPP_SESID +-session.cookie_httponly = 1 +-session.cookie_secure = 1 +-session.use_strict_mode = 1 +-session.use_cookies = 1 +-session.use_only_cookies = 1 +- +-; sessions de 30 jours +-session.gc_maxlifetime = 2592000 +-session.cookie_lifetime = 2592000 +- +-; hardening +-expose_php = Off +-allow_url_fopen = Off +-allow_url_include = Off +-max_input_time = 30 +-max_execution_time = 30 +-memory_limit = 16M +-post_max_size = 256K +-max_input_vars = 100 +-file_uploads = Off +-open_basedir = /var/www/html:/var/lib/php/session +-session.save_path = /var/lib/php/session +-soap.wsdl_cache_dir = /var/lib/php/soap_cache +-disable_functions = ini_set,php_uname,getmyuid,getmypid,passthru,leak,listen,diskfreespace,tmpfile,link,ignore_user_abord,shell_exec,dl,set_time_limit,exec,system,highlight_file,source,show_source,fpaththru,virtual,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,phpinfo,popen,curl_exec,curl_multi_exec,parse_ini_file,allow_url_fopen,allow_url_include,pcntl_exec,chgrp,chmod,chown,lchgrp,lchown,putenv \ No newline at end of file