diff --git a/conf/systemd.service b/conf/systemd.service index 369c384..0d2442f 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,14 +1,16 @@ [Unit] -Description=Node-red service for its YunoHost app +Description=Node-RED server After=network.target [Service] Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__ -Environment="PATH=__ENV_PATH__" -ExecStart=__FINALPATH__/bin/node-red-pi -p __PORT__ -u __FINALPATH__/data >> /var/log/__APP__/__APP__.log 2>&1 +WorkingDirectory=__FINALPATH__/ +Environment=NODE_ENV=production +ExecStart=__NODEJS_PATH__/node red.js -p __PORT__ -u __FINALPATH__/data +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit [Install] WantedBy=multi-user.target diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 1c57e41..e6e8617 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,3 +1,5 @@ -* YunoHost's permissions system enables to select which users can have access to Node-RED. Upon installation, the selected administrator is the sole user to have access. -* A `ui` permission is available in case you install the `node-red-dashboard` nodes. It makes the dashboard accessible to any authorized user or visitor, at `/ui` under Node-RED's address. -* A `nodes` permission is available in case you need to use the HTTP nodes. By default, visitors have access to these endpoints at `/red-nodes/...` under Node-RED's address. +YunoHost's permissions system allows you to select which users can have access to Node-RED: +* The `main` permission protects + * `/path`, to access to the dashboard ; + * all `/path/` endpoints defined in the HTTP nodes (with the exception of `/path/admin`). +* Upon installation, the selected administrator will have the `admin` permission and access to the editor at `/path/admin` diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 8e10ddf..572877b 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,4 +1,5 @@ -* Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED. Par défaut, seul l'administrateur sélectionné lors de l'installation y a accès. -* Une permission `ui` est diponible au cas où vous installeriez les nodes de `node-red-dashboard`. Elle donne accès au tableau de bord à tout utilisateur ou visiteur autorisé, au chemin `/ui` après l'adresse spécifiée pour Node-RED. -* Une permission `nodes` est disponible au cas où vous utiliseriez les nodes HTTP. Par défaut, les visiteurs auront accès à ces nodes, au chemin `/red-nodes/...` après l'adresse spécifiée pour Node-RED. - +Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED. Par défaut, seul l'administrateur sélectionné lors de l'installation y a accès. +* La permission `main` protège + * `/chemin`, pour accéder au tableau de bord ; + * toutes les routes `/path/` définis par les *nodes* HTTP (à l'exception de `/chemin/admin`). +* L'utilisateur choisi comme admin à l'installation aura la permission `admin` et aura accès à l'éditeur à l'adresse `/chemin/admin` diff --git a/manifest.json b/manifest.json index 79bac29..aa719ab 100644 --- a/manifest.json +++ b/manifest.json @@ -43,6 +43,15 @@ "name": "admin", "type": "user", "example": "johndoe" + }, + { + "name": "is_public", + "type": "boolean", + "default": true, + "help": { + "en": "Should the dashboard and the nodes endpoints be publicly accessible?", + "fr": "Le tableau de bord et les routes des nodes doivent-ils être publiquement accessibles?" + } } ] } diff --git a/scripts/change_url b/scripts/change_url index fc27da0..d403156 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -26,10 +26,18 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Loading installation settings..." --weight=1 -# Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) +if [[ $path_url = "/" ]] +then + nodes_url="/" + admin_url="/admin" +else + nodes_url="$path_url" + admin_url="$path_url/admin" +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -107,7 +115,7 @@ fi # ALTERED NODERED SETTINGS FILE #================================================= -ynh_replace_string --match_string="httpRoot: '$old_path'," --replace_string="httpRoot: '$new_path'," --target_file="$final_path/data/settings.js" +ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js" #================================================= # GENERIC FINALISATION @@ -116,7 +124,7 @@ ynh_replace_string --match_string="httpRoot: '$old_path'," --replace_string="htt #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" #================================================= # RELOAD NGINX diff --git a/scripts/install b/scripts/install index 74c6975..5f2a0b1 100755 --- a/scripts/install +++ b/scripts/install @@ -23,13 +23,16 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME -if [ $path_url = "/" ] +if [[ $path_url = "/" ]] then - nodes_url="/red-nodes" + nodes_url="/" + admin_url="/admin" else - nodes_url="$path_url/red-nodes" + nodes_url="$path_url" + admin_url="$path_url/admin" fi #================================================= @@ -95,6 +98,7 @@ chown -R $app: $final_path pushd $final_path ynh_use_nodejs ynh_exec_warn_less exec_as $app env PATH=$PATH npm install --production + ynh_exec_warn_less exec_as $app env PATH=$PATH npm install node-red-dashboard popd #================================================= @@ -108,28 +112,16 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= + +# Set up the settings file mkdir -p $final_path/data -cp $final_path/settings.js $final_path/data/settings.js - -# Set editor path -ynh_replace_string --match_string="//httpAdminRoot: '/admin'," --replace_string="httpAdminRoot: '$path_url'," --target_file="$final_path/data/settings.js" - -# Set nodes endpoints path -ynh_replace_string --match_string="//httpNodeRoot: '/red-nodes'," --replace_string="httpNodeRoot: '$nodes_url'," --target_file="$final_path/data/settings.js" - -# Set dashboard path -ynh_replace_string --match_string="//ui: { path: "ui" }," --replace_string="ui: { path: "/ui/" }," --target_file="$final_path/data/settings.js" +ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=3 -# Set the systemd service settings -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__NODEJS__" --replace_string="$nodejs_version" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" - # Create a dedicated systemd config ynh_add_systemd_config @@ -140,7 +132,8 @@ ynh_add_systemd_config #================================================= # Set permissions to app files -chown -R $app: $final_path +chown -R root:root $final_path +chown -R $app: $final_path/data #================================================= # SETUP LOGROTATE @@ -162,16 +155,22 @@ yunohost service add $app --description="Low-code programming for event-driven a ynh_script_progression --message="Starting a systemd service..." --weight=2 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -ynh_permission_update --permission="main" --remove="all_users" --add="$admin" -ynh_permission_create --permission="nodes" --url="$nodes_url" --allowed="visitors" --label="nodes endpoints" -ynh_permission_create --permission="ui" --url="/ui" --allowed="$admin" --label="dashboard" +# Make the dashboard and nodes endpoints public if necessary +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" +fi + +ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --label="admin" --show_tile=true #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index b482ca9..3113e17 100755 --- a/scripts/remove +++ b/scripts/remove @@ -72,7 +72,7 @@ ynh_remove_logrotate #================================================= # Remove the log files -ynh_secure_remove --file="/var/log/$app/" +ynh_secure_remove --file="/var/log/$app" #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index d3a48b2..679ff58 100755 --- a/scripts/restore +++ b/scripts/restore @@ -94,7 +94,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index f4eb836..6cf821b 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,11 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) -if [ $path_url = "/" ] +if [[ $path_url = "/" ]] then - nodes_url="/red-nodes/" + nodes_url="/" + admin_url="/admin" else - nodes_url="$path_url/red-nodes/" + nodes_url="$path_url" + admin_url="$path_url/admin" fi #================================================= @@ -66,14 +68,9 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -if ! ynh_permission_exists --permission="nodes"; then +if ! ynh_permission_exists --permission="admin"; then # Create the required permissions - ynh_permission_create --permission="nodes" --url="$nodes_url" --allowed="visitors" --label="nodes endpoints" -fi - -if ! ynh_permission_exists --permission="ui"; then - # Create the required permissions - ynh_permission_create --permission="ui" --url="/ui" --label="dashboard" + ynh_permission_create --permission="admin" --url="/admin" --label="admin" --show_tile=true fi #================================================= @@ -95,7 +92,7 @@ fi #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" #================================================= # INSTALL NODEJS @@ -128,11 +125,13 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= ynh_script_progression --message="Installing Node-RED..." --weight=30 -chown -R $app: $final_path +chown -R root:root $final_path +chown -R $app: $final_path/data pushd $final_path ynh_use_nodejs ynh_exec_warn_less exec_as $app env PATH=$PATH npm install --production + ynh_exec_warn_less exec_as $app env PATH=$PATH npm install node-red-dashboard popd #================================================= @@ -146,21 +145,9 @@ ynh_add_nginx_config #================================================= # SPECIFIC UPGRADE #================================================= -if [ ! -f $final_path/data/settings.js ]; then - cp $final_path/settings.js $final_path/data/settings.js -fi -# Disable httpRoot from older installs -ynh_replace_string --match_string="httpRoot: '$path_url'," --replace_string="//httpRoot: '/'," --target_file="$final_path/data/settings.js" - -# Set editor path -ynh_replace_string --match_string="//httpAdminRoot: '/admin'," --replace_string="httpAdminRoot: '$path_url'," --target_file="$final_path/data/settings.js" - -# Set nodes endpoints path -ynh_replace_string --match_string="//httpNodeRoot: '/red-nodes'," --replace_string="httpNodeRoot: '$nodes_url'," --target_file="$final_path/data/settings.js" - -# Set dashboard path -ynh_replace_string --match_string="//ui: { path: "ui" }," --replace_string="ui: { path: "/ui/" }," --target_file="$final_path/data/settings.js" +# Set up the settings file +ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js" #================================================= # SETUP LOGROTATE @@ -175,11 +162,6 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -# Set the systemd service settings -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__NODEJS__" --replace_string="$nodejs_version" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" - # Create a dedicated systemd config ynh_add_systemd_config @@ -203,7 +185,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" #================================================= # RELOAD NGINX