From d9ca625be441ec0098a3698ec461467919e832d7 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Sep 2021 17:20:18 +0200 Subject: [PATCH] Rework permissions and update script progression weights --- conf/nginx.conf | 1 + conf/settings.js | 2 +- manifest.json | 6 +++--- scripts/install | 41 ++++++++++++++++++++--------------------- scripts/restore | 4 ++-- scripts/upgrade | 37 +++++++++++++++---------------------- 6 files changed, 42 insertions(+), 49 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index a5abd65..eba319c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,6 +5,7 @@ location ^~ __PATH__/ { } rewrite ^__PATH__/admin$ https://$host__PATH__/admin/ permanent; + rewrite ^__PATH__/ui$ https://$host__PATH__/ui/ permanent; proxy_pass http://localhost:__PORT__/; proxy_set_header Host $host; diff --git a/conf/settings.js b/conf/settings.js index 5679534..d8da1c9 100644 --- a/conf/settings.js +++ b/conf/settings.js @@ -422,7 +422,7 @@ module.exports = { * middleware:{function or array}, (req,res,next) - http middleware * ioMiddleware:{function or array}, (socket,next) - socket.io middleware */ - ui: { path: "/" }, + ui: { path: "/ui" }, /** Colourise the console output of the debug node */ //debugUseColors: true, diff --git a/manifest.json b/manifest.json index 4121e89..21fc2fd 100644 --- a/manifest.json +++ b/manifest.json @@ -47,10 +47,10 @@ { "name": "is_public", "type": "boolean", - "default": true, + "default": false, "help": { - "en": "Should the dashboard and the nodes endpoints be publicly accessible?", - "fr": "Le tableau de bord et les routes des nodes doivent-ils ĂȘtre publiquement accessibles ?" + "en": "Should the dashboard be publicly accessible?", + "fr": "Le tableau de bord doit-il ĂȘtre publiquement accessible ?" } } ] diff --git a/scripts/install b/scripts/install index 52183fe..4179148 100755 --- a/scripts/install +++ b/scripts/install @@ -26,15 +26,6 @@ admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME -if [[ $path_url = "/" ]] -then - nodes_url="/" - admin_url="/admin" -else - nodes_url="$path_url" - admin_url="$path_url/admin" -fi - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -74,7 +65,7 @@ ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 +ynh_script_progression --message="Setting up source files..." --weight=2 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src @@ -91,7 +82,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # Install through npm #================================================= -ynh_script_progression --message="Installing Node-RED..." --weight=2 +ynh_script_progression --message="Installing Node-RED..." --weight=5 ynh_use_nodejs chown -R $app: "$final_path" @@ -104,7 +95,7 @@ popd #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=30 +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config @@ -128,7 +119,7 @@ chown -R $app: "$final_path" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=3 +ynh_script_progression --message="Configuring a systemd service..." --weight=1 # Create a dedicated systemd config ynh_add_systemd_config @@ -136,7 +127,7 @@ ynh_add_systemd_config #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=3 +ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -150,7 +141,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=2 +ynh_script_progression --message="Starting a systemd service..." --weight=3 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" @@ -160,16 +151,24 @@ ynh_systemd_action --service_name=$app --action="start" #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -# Make the dashboard and nodes endpoints public if necessary +# The "main" permission is automatically created before the install script. +# Here we use it for the endpoints root, they should be world-accessible by default +# Since it is meant for automated actions, we hide the tile from the SSO +ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false + +# Create the dashboard UI permission +ynh_permission_create --permission="ui" --url="/ui" --allowed="$admin" --show_tile=true + +# Reuse the main permission for the admin +ynh_permission_url --permission="main" --url="/admin" +ynh_permission_update --permission="main" --add="$admin" --remove="all_users" --show_tile=true + +# Make the dashboard public if necessary if [ $is_public -eq 1 ] then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" + ynh_permission_update --permission="ui" --remove="$admin" --add="visitors" fi -ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --label="admin" --show_tile=true - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/restore b/scripts/restore index 68ca03a..90d83c1 100755 --- a/scripts/restore +++ b/scripts/restore @@ -56,7 +56,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring Node-RED main directory..." --weight=10 +ynh_script_progression --message="Restoring Node-RED main directory..." --weight=5 ynh_restore_file --origin_path="$final_path" @@ -93,7 +93,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start" diff --git a/scripts/upgrade b/scripts/upgrade index 332fda1..3806876 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,15 +21,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) -if [[ $path_url = "/" ]] -then - nodes_url="/" - admin_url="/admin" -else - nodes_url="$path_url" - admin_url="$path_url/admin" -fi - #================================================= # CHECK VERSION #================================================= @@ -39,7 +30,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up Node-RED before upgrading (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up Node-RED before upgrading (may take a while)..." --weight=5 # Backup the current version of the app ynh_backup_before_upgrade @@ -68,14 +59,16 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -if ! ynh_permission_exists --permission="admin"; then - # Create the required permissions - ynh_permission_create --permission="admin" --url="/admin" --label="admin" --show_tile=true -fi - -if ynh_permission_exists --permission="ui"; then - # Delete the old permission - ynh_permission_delete --permission="ui" +# After 1.3.5~ynh2, permissions have been reworked +if ynh_permission_exists --permission="admin"; then + # Delete the admin permission, we use main for that now + ynh_permission_delete --permission="admin" + ynh_permission_url --permission="main" --url="/admin" + ynh_permission_update --permission="main" --remove="visitors" + # Create ui permission, for the dashboard + ynh_permission_create --permission="ui" --url="/ui" --show_tile=true + # Create endpoints permission + ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false fi #================================================= @@ -86,7 +79,7 @@ fi # allowing direct access to Node-RED... let's close it. if yunohost firewall list | grep -q "\- $port$" then - ynh_script_progression --message="Closing port $port..." + ynh_script_progression --message="Closing port $port..." --weight=1 ynh_exec_warn_less yunohost firewall disallow TCP $port fi @@ -114,7 +107,7 @@ fi if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=2 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" @@ -131,7 +124,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # Install through npm #================================================= -ynh_script_progression --message="Installing Node-RED..." --weight=30 +ynh_script_progression --message="Installing Node-RED..." --weight=5 ynh_use_nodejs @@ -193,7 +186,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start"