YunoHost-Apps/my_webapp_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/my_webapp_ynh.git synced 2024-09-03 19:46:26 +02:00
Code Issues Activity Actions

Merge pull request #48 from YunoHost-Apps/testing

Browse source 
$user = $app
This commit is contained in:
Alexandre Aubin 2020-06-17 17:57:04 +02:00 committed by GitHub
commit 0148b45f08
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 30 additions and 192 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -40,7 +40,6 @@ of your custom Web application inside.
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/my_webapp%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/my_webapp/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/my_webapp%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/my_webapp/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/my_webapp%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/my_webapp/)
## Limitations

15
actions.toml
View file

@ -13,21 +13,6 @@ description = "Enable or disable the sftp access."
ask = "Do you need a SFTP access?"
default = true
[public_private]
name = "Move to public or private"
command = "/bin/bash scripts/actions/public_private"
# user = "root" # optional
# cwd = "/" # optional
# accepted_return_codes = [0, 1, 2, 3] # optional
accepted_return_codes = [0]
description = "Change the public access of the app."
[public_private.arguments]
[public_private.arguments.is_public]
type = "boolean"
ask = "Is it a public app ?"
default = true
[create_database]
name = "Create a database"
command = "/bin/bash scripts/actions/create_database"

2
conf/ssh_regenconf_hook
View file

@ -11,7 +11,7 @@ echo "
##-> __APP__
# Hardening user connection
Match User __USER__
Match User __APP__
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

11
config_panel.toml
View file

@ -13,20 +13,11 @@ name = "My webapp configuration"
default = true
[main.sftp.password]
ask = "Set a password for the SFTP access. ≥ 5 character"
ask = "Set a password for the SFTP access"
type = "password"
optional = true
help = "If a password already exist, it will not be replaced."
[main.is_public]
name = "Public access"
[main.is_public.is_public]
ask = "Is it a public website ?"
type = "boolean"
default = true
[main.overwrite_files]
name = "Overwriting config files"

74
scripts/actions/public_private
View file

@ -1,74 +0,0 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
# Get is_public
is_public=${YNH_ACTION_IS_PUBLIC}
app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
#=================================================
# CHECK IF ARGUMENTS ARE CORRECT
#=================================================
#=================================================
# CHECK IF AN ACTION HAS TO BE DONE
#=================================================
is_public_old=$(ynh_app_setting_get --app=$app --key=is_public)
if [ $is_public -eq $is_public_old ]
then
ynh_die --message="is_public is already set as $is_public." --ret_code=0
fi
#=================================================
# SPECIFIC ACTION
#=================================================
# MOVE TO PUBLIC OR PRIVATE
#=================================================
if [ $is_public -eq 0 ]; then
public_private="private"
else
public_private="public"
fi
ynh_script_progression --message="Moving the application to $public_private..." --weight=3
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete --app=$app --key=skipped_uris
else
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
fi
ynh_script_progression --message="Upgrading SSOwat configuration..."
# Regen ssowat configuration
yunohost app ssowatconf
# Update the config of the app
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Execution completed" --last

14
scripts/actions/sftp
View file

@ -16,7 +16,6 @@ source /usr/share/yunohost/helpers
app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
with_sftp=${YNH_ACTION_WITH_SFTP}
user=$(ynh_app_setting_get --app=$app --key=user)
#=================================================
# CHECK IF ARGUMENTS ARE CORRECT
@ -44,28 +43,19 @@ then
ynh_script_progression --message="Configuring ssh to add a SFTP access..." --weight=3
cp -R conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
yunohost tools regen-conf ssh
else
ynh_script_progression --message="Removing the custom ssh config for the SFTP access..." --weight=3
sed -i "/##-> ${app}/,/##<- ${app}/d" /etc/ssh/sshd_config
# Remove regen-conf hook
ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app"
fi
yunohost tools regen-conf ssh
# Update the config of the app
ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp
#=================================================
# RELOAD SSH
#=================================================
ynh_script_progression --message="Reloading SSH..."
ynh_systemd_action --service_name=ssh --action=reload
#=================================================
# END OF SCRIPT
#=================================================

26
scripts/config
View file

@ -45,11 +45,6 @@ else
fi
# is_public
old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
# Overwrite nginx configuration
old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
@ -88,8 +83,6 @@ show_config() {
ynh_return "YNH_CONFIG_MAIN_SFTP_SFTP=$with_sftp"
# ynh_return "YNH_CONFIG_MAIN_SFTP_PASSWORD=$password"
ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FOOTPRINT=$fpm_footprint"
ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FREE_FOOTPRINT=$free_footprint"
ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_USAGE=$fpm_usage"
@ -100,14 +93,6 @@ show_config() {
#=================================================
apply_config() {
# Change public accessibility
if [ "$is_public" = "1" ]
then
yunohost app action run $app public_private --args is_public=1
else
yunohost app action run $app public_private --args is_public=0
fi
#=================================================
# REMOVE OR ADD SFTP ACCESS
#=================================================
@ -119,20 +104,11 @@ apply_config() {
# Change the password only if none was already set for the user
if [ $is_password_exist -eq 0 ] && [ $with_sftp -eq 1 ]
then
# Check password strength
if [ ${#password} -le 5 ]
then
ynh_print_err --message="The password is too weak, it must be longer than 5 characters."
# Disable the sftp access, as the password is incorrect
yunohost app action run $app sftp --args with_sftp=0
else
user=$(ynh_app_setting_get --app=$app --key=user)
# Add the password to the user
chpasswd <<< "${user}:${password}"
chpasswd <<< "${app}:${password}"
ynh_app_setting_set --app=$app --key=password --value="$password"
fi
fi
fi
#=================================================
# RECONFIGURE PHP-FPM

33
scripts/install
View file

@ -39,15 +39,6 @@ ynh_script_progression --message="Validating installation parameters..." --weigh
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
if [ $with_sftp -eq 1 ]
then
# Check password strength
if [ ${#password} -le 5 ]
then
ynh_die --message="The password is too weak, it must be longer than 5 characters"
fi
fi
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
@ -56,13 +47,11 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
ynh_script_progression --message="Storing installation settings..."
user=webapp${app_nb}
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=with_mysql --value=$with_mysql
ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp
ynh_app_setting_set --app=$app --key=user --value=$user
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=0
@ -97,13 +86,12 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a standard user (not a system user for sftp)
ynh_system_user_exists --username=$user || \
useradd -d "$final_path" -M --user-group "$user"
ynh_system_user_create --username=$app --home_dir="$final_path"
if [ $with_sftp -eq 1 ]
then
# Add the password to this user
chpasswd <<< "${user}:${password}"
chpasswd <<< "${app}:${password}"
ynh_app_setting_set --app=$app --key=password --value="$password"
fi
@ -119,7 +107,6 @@ then
cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
yunohost tools regen-conf ssh
fi
@ -133,7 +120,7 @@ mkdir -p "$final_path/www"
if [ $with_sftp -eq 1 ]
then
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file=../sources/www/index.html
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=../sources/www/index.html
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../sources/www/index.html
# Copy files to the right place
cp "../sources/www/index.html" "$final_path/www/index.html"
@ -159,21 +146,13 @@ ynh_script_progression --message="Configuring php-fpm..." --weight=2
# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=low --footprint=low
# use $user instead of $app as user that run the fpm processes
finalphpconf="/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_replace_string --match_string="^user = .*" --replace_string="user = $user" --target_file="$finalphpconf"
ynh_replace_string --match_string="^group = .*" --replace_string="group = $user" --target_file="$finalphpconf"
ynh_store_file_checksum --file="$finalphpconf"
ynh_systemd_action --service_name=php7.0-fpm --action=reload
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
chown -R $user: "$final_path"
chown -R $app: "$final_path"
# Home directory of the user needs to be owned by root to allow
# SFTP connections
chown root: "$final_path"
@ -218,7 +197,7 @@ then
sftp_infos="You can connect to this repository by using sftp with the following credentials.
Domain: $domain
Port: $(grep "^Port" /etc/ssh/sshd_config | awk '{print $2}')
User: $user
User: $app
Password: The one you set at installation."
else
sftp_infos=""

3
scripts/remove
View file

@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql)
with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp)
user=$(ynh_app_setting_get --app=$app --key=user)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
@ -83,7 +82,7 @@ fi
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT

9
scripts/restore
View file

@ -30,7 +30,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql)
with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp)
password=$(ynh_app_setting_get --app=$app --key=password)
user=$(ynh_app_setting_get --app=$app --key=user)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
@ -74,14 +73,12 @@ fi
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
# Create a standard user (not a system user for sftp)
ynh_system_user_exists --username=$user || \
useradd -d "$final_path" -M --user-group "$user"
ynh_system_user_create --username=$app --home_dir="$final_path"
if [ -n "$password" ]
then
# Add the password to this user
chpasswd <<< "${user}:${password}"
chpasswd <<< "${app}:${password}"
fi
#=================================================
@ -89,7 +86,7 @@ fi
#=================================================
# Restore permissions on app files
chown -R $user: "$final_path"
chown -R $app: "$final_path"
# Home directory of the user need to be owned by root to allow
# SFTP connections
chown root: "$final_path"

28
scripts/upgrade
View file

@ -24,7 +24,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql)
with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp)
password=$(ynh_app_setting_get --app=$app --key=password)
user=$(ynh_app_setting_get --app=$app --key=user)
overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx)
overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm)
@ -53,6 +52,13 @@ elif [ "$is_public" = "No" ]; then
is_public=0
fi
# Delete old user
if [ -n "$(ynh_app_setting_get --app=$app --key=user)" ]
then
ynh_system_user_delete --username="$(ynh_app_setting_get --app=$app --key=user)"
ynh_app_setting_delete --app=$app --key=user
fi
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
@ -149,18 +155,17 @@ fi
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2
# Create a standard user (not a system user for sftp)
ynh_system_user_exists --username=$user || \
useradd -d "$final_path" -M --user-group "$user"
ynh_system_user_create --username=$app --home_dir="$final_path"
if [ $with_sftp -eq 1 ]
then
# Add the password to this user
chpasswd <<< "${user}:${password}"
chpasswd <<< "${app}:${password}"
fi
# Change the user group for previous my_webapp install script
groupadd -f "$user"
usermod -g "$user" "$user"
groupadd -f "$app"
usermod -g "$app" "$app"
#=================================================
# PHP-FPM CONFIGURATION
@ -173,14 +178,6 @@ then
# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
# Use $user instead of $app as user that run the fpm processes
finalphpconf="/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_replace_string --match_string="^user = .*" --replace_string="user = $user" --target_file="$finalphpconf"
ynh_replace_string --match_string="^group = .*" --replace_string="group = $user" --target_file="$finalphpconf"
ynh_store_file_checksum --file="$finalphpconf"
ynh_systemd_action --service_name=php7.0-fpm --action=reload
fi
#=================================================
@ -196,7 +193,6 @@ then
cp -R ../conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app
yunohost tools regen-conf ssh
fi

2
sources/www/index.html
View file

@ -20,7 +20,7 @@
<dt>Port</dt>
<dd>22 (or the port you defined <a href="https://yunohost.org/#/security_fr">if you change the ssh port</a>)</dd>
<dt>User</dt>
<dd>__USER__</dd>
<dd>__APP__</dd>
<dt>Password</dt>
<dd><i>the one you set at installation</i></dd>
</dl>