From 2413cb492b63198a5047b7986a43166aba806434 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 9 Jun 2021 18:26:39 +0200 Subject: [PATCH] new permission hpb, some fixes --- conf/config.json | 3 ++- conf/systemd.service | 1 + scripts/change_url | 24 ++++++++++++++++++++---- scripts/install | 26 +++++++++++++++++++++----- scripts/remove | 2 +- scripts/restore | 8 +++++--- scripts/upgrade | 17 +++++++++++++++-- 7 files changed, 65 insertions(+), 16 deletions(-) diff --git a/conf/config.json b/conf/config.json index 6e4790c..02d8572 100644 --- a/conf/config.json +++ b/conf/config.json @@ -30,7 +30,8 @@ "verify_peer": false, "verify_peer_name": false } - } + }, + "trusted_proxies": [ "127.0.0.1", "::1" ] }, "apps": { "user_ldap": { diff --git a/conf/systemd.service b/conf/systemd.service index 9f26878..ef9e7b6 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -4,6 +4,7 @@ Description = Push daemon for Nextcloud clients [Service] Environment=SOCKET_PATH=/var/run/__APP__/notify-push.sock Environment=NEXTCLOUD_URL=https://__DOMAIN____PATH__ +Environment=ALLOW_SELF_SIGNED=true ExecStart=__FINAL_PATH__/apps/notify_push/bin/x86_64/notify_push __FINAL_PATH__/config/config.php User=__APP__ Group=__APP__ diff --git a/scripts/change_url b/scripts/change_url index a9503d0..afd2218 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -59,12 +59,28 @@ then fi #================================================= -# SETUP SSOWAT +# CONFIGURE NOTIFY_PUSH APP #================================================= -ynh_script_progression --message="Configuring permissions..." -# Temporary fix for the API permission (workaround for https://github.com/YunoHost/issues/issues/2294 ) -ynh_permission_url --permission="api" --url="re:$new_domain\/.well-known\/.*" --auth_header="false" --clear_urls +if [ $enable_notify_push -eq 1 ] +then + domain="$new_domain" + path_url="$new_path" + exec_occ config:app:set notify_push base_endpoint --value https://$domain$path_url/push + + ynh_add_systemd_config --service="${app}-notify-push" + + ynh_systemd_action --service_name="${app}-notify-push" --action=restart +fi + +#================================================= +# GENERIC FINALISATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." + +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 3908260..e575b1c 100755 --- a/scripts/install +++ b/scripts/install @@ -239,13 +239,12 @@ ynh_multimedia_addaccess $app if [ $enable_notify_push -eq 1 ] then exec_occ app:install notify_push + exec_occ config:app:set notify_push base_endpoint --value https://$domain$path_url/push mkdir -p /var/run/$app/ chown $app: /var/run/$app/ ynh_add_systemd_config --service="${app}-notify-push" - - ynh_systemd_action --service_name="${app}-notify-push" --action=restart fi #================================================= @@ -264,6 +263,10 @@ find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 chmod 640 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir +if [ $enable_notify_push -eq 1 ] +then + chmod 740 $final_path/apps/notify_push/bin/x86_64/notify_push +fi #================================================= # SETUP LOGROTATE @@ -282,13 +285,26 @@ ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= -# CHECK IF NOTIFY_PUSH WORKS +# CONFIGURE NOTIFY_PUSH APP #================================================= if [ $use_notify_push -eq 1 ] then - if ! ynh_exec_as "$app" nextcloud php7.3 $final_path/occ notify_push:self-test; then - ynh_print_warn --message="High Performance Backend is not working correctly, try to repair it or contact YNH support." + ynh_permission_create --permission="hpb" --label="High Performance Backend" --url="/push" --additional_urls="/index.php/apps/notify_push/" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +fi + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# CHECK IF NOTIFY_PUSH WORKS +#================================================= + +if [ $enable_notify_push -eq 1 ] +then + ynh_systemd_action --service_name="${app}-notify-push" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart $app-notify-push.service\", and run \"sudo -u $app php${phpversion} $final_path/occ notify_push:self-test\" to verify that everything is green." fi fi diff --git a/scripts/remove b/scripts/remove index bb67bd8..4331c2c 100755 --- a/scripts/remove +++ b/scripts/remove @@ -24,7 +24,7 @@ ynh_remove_fail2ban_config # Remove notify push ynh_remove_systemd_config --service="${app}-notify-push" -ynh_secure_remove --file="/var/run/$app/" +ynh_secure_remove --file="/var/run/$app" # Remove a cron file # TODO: Ensure that cron job is not running (How !?) diff --git a/scripts/restore b/scripts/restore index 0449612..939145b 100755 --- a/scripts/restore +++ b/scripts/restore @@ -78,7 +78,7 @@ ynh_restore_file --origin_path="$data_dir" --not_mandatory # RESTORE THE NOTIFY_PUSH APP #================================================= -if [ $use_notify_push -eq 1 ] +if [ $enable_notify_push -eq 1 ] then mkdir -p /var/run/$app/ chown $app: /var/run/$app/ @@ -153,8 +153,10 @@ ynh_systemd_action --service_name=nginx --action=reload if [ $enable_notify_push -eq 1 ] then - if ! ynh_exec_as "$app" nextcloud php7.3 $final_path/occ notify_push:self-test; then - ynh_print_warn --message="High Performance Backend is not working correctly, try to repair it or contact YNH support." + ynh_systemd_action --service_name="${app}-notify-push" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart $app-notify-push.service\", and run \"sudo -u $app php${phpversion} $final_path/occ notify_push:self-test\" to verify that everything is green." fi fi diff --git a/scripts/upgrade b/scripts/upgrade index fe83a2d..7bbb6d5 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -320,6 +320,11 @@ chmod 640 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir +if [ $enable_notify_push -eq 1 ] +then + chmod 740 $final_path/apps/notify_push/bin/x86_64/notify_push +fi + #================================================= # REGEN SYSTEM CONFIGURATIONS #================================================= @@ -355,6 +360,12 @@ fi # Create a dedicated NGINX config ynh_add_nginx_config + +if [ $enable_notify_push -eq 1 ] +then + ynh_add_nginx_config "${app}-notify-push" +fi + #================================================= # CRON JOB #================================================= @@ -407,8 +418,10 @@ ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.* if [ $use_notify_push -eq 1 ] then - if ! ynh_exec_as "$app" nextcloud php7.3 $final_path/occ notify_push:self-test; then - ynh_print_warn --message="High Performance Backend is not working correctly, try to repair it or contact YNH support." + ynh_systemd_action --service_name="${app}-notify-push" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart $app-notify-push.service\", and run \"sudo -u $app php${phpversion} $final_path/occ notify_push:self-test\" to verify that everything is green." fi fi