Improve permissions, settings, and service

conf/systemd.service

@@ -1,14 +1,16 @@
 [Unit]
-Description=Node-red service for its YunoHost app
+Description=Node-RED server
 After=network.target
 
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__FINALPATH__
-Environment="PATH=__ENV_PATH__"
-ExecStart=__FINALPATH__/bin/node-red-pi -p __PORT__ -u __FINALPATH__/data >> /var/log/__APP__/__APP__.log 2>&1
+WorkingDirectory=__FINALPATH__/
+Environment=NODE_ENV=production
+ExecStart=__NODEJS_PATH__/node red.js -p __PORT__ -u __FINALPATH__/data
+StandardOutput=append:/var/log/__APP__/__APP__.log
+StandardError=inherit
 
 [Install]
 WantedBy=multi-user.target

doc/DISCLAIMER.md

@@ -1,3 +1,5 @@
-* YunoHost's permissions system enables to select which users can have access to Node-RED. Upon installation, the selected administrator is the sole user to have access.
-* A `ui` permission is available in case you install the `node-red-dashboard` nodes. It makes the dashboard accessible to any authorized user or visitor, at `/ui` under Node-RED's address.
-* A `nodes` permission is available in case you need to use the HTTP nodes. By default, visitors have access to these endpoints at `/red-nodes/...` under Node-RED's address.
+YunoHost's permissions system allows you to select which users can have access to Node-RED:
+* The `main` permission protects
+  * `/path`, to access to the dashboard ;
+  * all `/path/<node>` endpoints defined in the HTTP nodes (with the exception of `/path/admin`).
+* Upon installation, the selected administrator will have the `admin` permission and access to the editor at `/path/admin`

doc/DISCLAIMER_fr.md

@@ -1,4 +1,5 @@
-* Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED. Par défaut, seul l'administrateur sélectionné lors de l'installation y a accès.
-* Une permission `ui` est diponible au cas où vous installeriez les nodes de `node-red-dashboard`. Elle donne accès au tableau de bord à tout utilisateur ou visiteur autorisé, au chemin `/ui` après l'adresse spécifiée pour Node-RED.
-* Une permission `nodes` est disponible au cas où vous utiliseriez les nodes HTTP. Par défaut, les visiteurs auront accès à ces nodes, au chemin `/red-nodes/...` après l'adresse spécifiée pour Node-RED.
-
+Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED. Par défaut, seul l'administrateur sélectionné lors de l'installation y a accès.
+* La permission `main` protège
+  * `/chemin`, pour accéder au tableau de bord ;
+  * toutes les routes `/path/<node>` définis par les *nodes* HTTP (à l'exception de `/chemin/admin`).
+* L'utilisateur choisi comme admin à l'installation aura la permission `admin` et aura accès à l'éditeur à l'adresse `/chemin/admin`

manifest.json

@@ -43,6 +43,15 @@
                 "name": "admin",
                 "type": "user",
                 "example": "johndoe"
+            },
+            {
+                "name": "is_public",
+                "type": "boolean",
+                "default": true,
+                "help": {
+                    "en": "Should the dashboard and the nodes endpoints be publicly accessible?",
+                    "fr": "Le tableau de bord et les routes des nodes doivent-ils être publiquement accessibles?"
+                }
             }
         ]
     }

scripts/change_url

@@ -26,10 +26,18 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 ynh_script_progression --message="Loading installation settings..." --weight=1
 
-# Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 
+if [[ $path_url = "/" ]]
+then
+        nodes_url="/"
+        admin_url="/admin"
+else
+        nodes_url="$path_url"
+        admin_url="$path_url/admin"
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -107,7 +115,7 @@ fi
 # ALTERED NODERED SETTINGS FILE
 #=================================================
 
-ynh_replace_string --match_string="httpRoot: '$old_path'," --replace_string="httpRoot: '$new_path'," --target_file="$final_path/data/settings.js"
+ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js"
 
 #=================================================
 # GENERIC FINALISATION
@@ -116,7 +124,7 @@ ynh_replace_string --match_string="httpRoot: '$old_path'," --replace_string="htt
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start"
 
 #=================================================
 # RELOAD NGINX

scripts/install

@@ -23,13 +23,16 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
 admin=$YNH_APP_ARG_ADMIN
+is_public=$YNH_APP_ARG_IS_PUBLIC
 app=$YNH_APP_INSTANCE_NAME
 
-if [ $path_url = "/" ]
+if [[ $path_url = "/" ]]
 then
-	nodes_url="/red-nodes"
+	nodes_url="/"
+	admin_url="/admin"
 else
-	nodes_url="$path_url/red-nodes"
+	nodes_url="$path_url"
+	admin_url="$path_url/admin"
 fi
 
 #=================================================
@@ -95,6 +98,7 @@ chown -R $app: $final_path
 pushd $final_path
 	ynh_use_nodejs
 	ynh_exec_warn_less exec_as $app env PATH=$PATH npm install --production
+	ynh_exec_warn_less exec_as $app env PATH=$PATH npm install node-red-dashboard
 popd
 
 #=================================================
@@ -108,28 +112,16 @@ ynh_add_nginx_config
 #=================================================
 # SPECIFIC SETUP
 #=================================================
+
+# Set up the settings file
 mkdir -p $final_path/data
-cp $final_path/settings.js $final_path/data/settings.js
-
-# Set editor path
-ynh_replace_string --match_string="//httpAdminRoot: '/admin'," --replace_string="httpAdminRoot: '$path_url'," --target_file="$final_path/data/settings.js"
-
-# Set nodes endpoints path
-ynh_replace_string --match_string="//httpNodeRoot: '/red-nodes'," --replace_string="httpNodeRoot: '$nodes_url'," --target_file="$final_path/data/settings.js"
-
-# Set dashboard path
-ynh_replace_string --match_string="//ui: { path: "ui" }," --replace_string="ui: { path: "/ui/" }," --target_file="$final_path/data/settings.js"
+ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js"
 
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..." --weight=3
 
-# Set the systemd service settings
-ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/systemd.service"
-ynh_replace_string --match_string="__NODEJS__" --replace_string="$nodejs_version" --target_file="../conf/systemd.service"
-ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service"
-
 # Create a dedicated systemd config
 ynh_add_systemd_config
 
@@ -140,7 +132,8 @@ ynh_add_systemd_config
 #=================================================
 
 # Set permissions to app files
-chown -R $app: $final_path
+chown -R root:root $final_path
+chown -R $app: $final_path/data
 
 #=================================================
 # SETUP LOGROTATE
@@ -162,16 +155,22 @@ yunohost service add $app --description="Low-code programming for event-driven a
 ynh_script_progression --message="Starting a systemd service..." --weight=2
 
 # Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start"
 
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --weight=1
 
-ynh_permission_update --permission="main" --remove="all_users" --add="$admin"
-ynh_permission_create --permission="nodes" --url="$nodes_url" --allowed="visitors" --label="nodes endpoints"
-ynh_permission_create --permission="ui" --url="/ui" --allowed="$admin" --label="dashboard"
+# Make the dashboard and nodes endpoints public if necessary
+if [ $is_public -eq 1 ]
+then
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
+fi
+
+ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --label="admin" --show_tile=true
 
 #=================================================
 # RELOAD NGINX

scripts/remove

@@ -72,7 +72,7 @@ ynh_remove_logrotate
 #=================================================
 
 # Remove the log files
-ynh_secure_remove --file="/var/log/$app/"
+ynh_secure_remove --file="/var/log/$app"
 
 #=================================================
 # GENERIC FINALIZATION

scripts/restore

@@ -94,7 +94,7 @@ yunohost service add $app --description="Low-code programming for event-driven a
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start"
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION

scripts/upgrade

@@ -21,11 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 
-if [ $path_url = "/" ]
+if [[ $path_url = "/" ]]
 then
-        nodes_url="/red-nodes/"
+        nodes_url="/"
+        admin_url="/admin"
 else
-        nodes_url="$path_url/red-nodes/"
+        nodes_url="$path_url"
+        admin_url="$path_url/admin"
 fi
 
 #=================================================
@@ -66,14 +68,9 @@ if ynh_legacy_permissions_exists; then
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
-if ! ynh_permission_exists --permission="nodes"; then
+if ! ynh_permission_exists --permission="admin"; then
 	# Create the required permissions
-	ynh_permission_create --permission="nodes" --url="$nodes_url" --allowed="visitors" --label="nodes endpoints"
-fi
-
-if ! ynh_permission_exists --permission="ui"; then
-	# Create the required permissions
-	ynh_permission_create --permission="ui" --url="/ui" --label="dashboard"
+	ynh_permission_create --permission="admin" --url="/admin" --label="admin" --show_tile=true
 fi
 
 #=================================================
@@ -95,7 +92,7 @@ fi
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop"
 
 #=================================================
 # INSTALL NODEJS
@@ -128,11 +125,13 @@ ynh_system_user_create --username=$app --home_dir=$final_path
 #=================================================
 ynh_script_progression --message="Installing Node-RED..." --weight=30
 
-chown -R $app: $final_path
+chown -R root:root $final_path
+chown -R $app: $final_path/data
 
 pushd $final_path
 	ynh_use_nodejs
 	ynh_exec_warn_less exec_as $app env PATH=$PATH npm install --production
+	ynh_exec_warn_less exec_as $app env PATH=$PATH npm install node-red-dashboard
 popd
 
 #=================================================
@@ -146,21 +145,9 @@ ynh_add_nginx_config
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-if [ ! -f $final_path/data/settings.js ]; then
-	cp $final_path/settings.js $final_path/data/settings.js
-fi
 
-# Disable httpRoot from older installs
-ynh_replace_string --match_string="httpRoot: '$path_url'," --replace_string="//httpRoot: '/'," --target_file="$final_path/data/settings.js"
-
-# Set editor path
-ynh_replace_string --match_string="//httpAdminRoot: '/admin'," --replace_string="httpAdminRoot: '$path_url'," --target_file="$final_path/data/settings.js"
-
-# Set nodes endpoints path
-ynh_replace_string --match_string="//httpNodeRoot: '/red-nodes'," --replace_string="httpNodeRoot: '$nodes_url'," --target_file="$final_path/data/settings.js"
-
-# Set dashboard path
-ynh_replace_string --match_string="//ui: { path: "ui" }," --replace_string="ui: { path: "/ui/" }," --target_file="$final_path/data/settings.js"
+# Set up the settings file
+ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js"
 
 #=================================================
 # SETUP LOGROTATE
@@ -175,11 +162,6 @@ ynh_use_logrotate --non-append
 #=================================================
 ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
 
-# Set the systemd service settings
-ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/systemd.service"
-ynh_replace_string --match_string="__NODEJS__" --replace_string="$nodejs_version" --target_file="../conf/systemd.service"
-ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service"
-
 # Create a dedicated systemd config
 ynh_add_systemd_config
 
@@ -203,7 +185,7 @@ yunohost service add $app --description="Low-code programming for event-driven a
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start"
 
 #=================================================
 # RELOAD NGINX