From 8271dc7bf7e61362accf205412b63fa26640fa10 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 20 Jul 2021 22:12:24 +0200 Subject: [PATCH 01/41] 2.0.1 --- check_process | 21 ++++++++------------- conf/app.src | 4 ++-- manifest.json | 4 ++-- scripts/_common.sh | 13 ------------- scripts/install | 4 ++-- scripts/upgrade | 4 ++-- 6 files changed, 16 insertions(+), 34 deletions(-) diff --git a/check_process b/check_process index 858ab6e..e726315 100644 --- a/check_process +++ b/check_process @@ -1,15 +1,10 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/path" + admin="john" password="pass" - port="666" (PORT) + port="666" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -18,8 +13,8 @@ setup_private=1 setup_public=0 #Considering the sensitive actions this app can do, I prefer to have it private upgrade=1 - upgrade=0 from_commit=567fc9435804add272fa4ae48a7cf1ec5f173d2d upgrade=1 from_commit=453b13703bb418a7da33ed4f3e96a486b365d865 + upgrade=1 from_commit=2b01dad6ce2214a07f8b5dd63ee040c34268204c backup_restore=1 multi_instance=1 port_already_use=1 @@ -28,9 +23,9 @@ Email= Notification=none ;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&port=666& ; commit=453b13703bb418a7da33ed4f3e96a486b365d865 name=v1.2.9 2021-02-20 manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&port=666& + ; commit=2b01dad6ce2214a07f8b5dd63ee040c34268204c + name=Merge pull request #26 from YunoHost-Apps/testing + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&port=666& diff --git a/conf/app.src b/conf/app.src index 107ccdb..ff93162 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/node-red/node-red/releases/download/1.3.5/node-red-1.3.5.zip -SOURCE_SUM=44cda9032f1658fb23a9927fe37f518b778433a3091b7dc5d78cda9250234720 +SOURCE_URL=https://github.com/node-red/node-red/archive/refs/tags/2.0.1.zip +SOURCE_SUM=2944c378033240ce4286aa58c1f75797bd04d69b2c40bb30b07e30fb6ce88b58 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index aa719ab..c45022f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Flow-based programming for the Internet of Things", "fr": "Programmation par flux de données pour l'Internet des objets" }, - "version": "1.3.5~ynh2", + "version": "2.0.1~ynh1", "url": "https://nodered.org", "upstream": { "license": "Apache-2.0", @@ -50,7 +50,7 @@ "default": true, "help": { "en": "Should the dashboard and the nodes endpoints be publicly accessible?", - "fr": "Le tableau de bord et les routes des nodes doivent-ils être publiquement accessibles?" + "fr": "Le tableau de bord et les routes des nodes doivent-ils être publiquement accessibles ?" } } ] diff --git a/scripts/_common.sh b/scripts/_common.sh index 9a333c0..b818f0f 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -17,16 +17,3 @@ nodejs_version=16 #================================================= # FUTURE OFFICIAL HELPERS #================================================= - -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -exec_as() { - local USER=$1 - shift 1 - - if [[ $USER = $(whoami) ]]; then - eval "$@" - else - sudo -u "$USER" "$@" - fi -} diff --git a/scripts/install b/scripts/install index f691a40..4adb32d 100755 --- a/scripts/install +++ b/scripts/install @@ -97,8 +97,8 @@ ynh_use_nodejs chown -R $app: "$final_path" pushd $final_path - ynh_exec_warn_less exec_as $app $ynh_node_load_PATH $ynh_npm install --production - ynh_exec_warn_less exec_as $app $ynh_node_load_PATH $ynh_npm install node-red-dashboard + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --production + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install node-red-dashboard popd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 98bdc8c..6468bea 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -133,8 +133,8 @@ ynh_use_nodejs chown -R $app: "$final_path" pushd $final_path - ynh_exec_warn_less exec_as $app $ynh_node_load_PATH $ynh_npm install --production - ynh_exec_warn_less exec_as $app $ynh_node_load_PATH $ynh_npm install node-red-dashboard + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --production + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install node-red-dashboard popd #================================================= From db8564883348b7aff56bf47a0c623e92be5206d0 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot Date: Tue, 20 Jul 2021 20:12:31 +0000 Subject: [PATCH 02/41] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 775cfa5..ca822a4 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 1.3.5~ynh2 +**Shipped version:** 2.0.1~ynh1 diff --git a/README_fr.md b/README_fr.md index 6e9179c..6453dc9 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Programmation par flux de données pour l'Internet des objets -**Version incluse :** 1.3.5~ynh2 +**Version incluse :** 2.0.1~ynh1 From 56bafd98b0bcadb10e51f58323a6202cf9f4f64e Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 21 Jul 2021 09:11:11 +0200 Subject: [PATCH 03/41] Fix --- manifest.json | 2 +- scripts/install | 15 ++++----------- scripts/restore | 15 +++++---------- 3 files changed, 10 insertions(+), 22 deletions(-) diff --git a/manifest.json b/manifest.json index c45022f..5e7a665 100644 --- a/manifest.json +++ b/manifest.json @@ -20,7 +20,7 @@ "email": "tituspijean@outlook.com" }, "requirements": { - "yunohost": ">= 4.1.7" + "yunohost": ">= 4.2.0" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index 4adb32d..4996b51 100755 --- a/scripts/install +++ b/scripts/install @@ -101,6 +101,10 @@ pushd $final_path ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install node-red-dashboard popd +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -125,17 +129,6 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=3 # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" - #================================================= # SETUP LOGROTATE #================================================= diff --git a/scripts/restore b/scripts/restore index 0aab515..1627f1e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -45,13 +45,6 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring Node-RED main directory..." --weight=10 - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -61,13 +54,15 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei ynh_system_user_create --username=$app --home_dir=$final_path #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring Node-RED main directory..." --weight=10 + +ynh_restore_file --origin_path="$final_path" -# Restore permissions on app files chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chown -R $app:www-data "$final_path" # Create log directory and apply permissions mkdir -p /var/log/$app From 799dc73f3f0d94a99fd0b217b4aeeca0188d23f1 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 21 Jul 2021 09:11:51 +0200 Subject: [PATCH 04/41] Update check_process --- check_process | 1 - 1 file changed, 1 deletion(-) diff --git a/check_process b/check_process index e726315..ac9c0fa 100644 --- a/check_process +++ b/check_process @@ -17,7 +17,6 @@ upgrade=1 from_commit=2b01dad6ce2214a07f8b5dd63ee040c34268204c backup_restore=1 multi_instance=1 - port_already_use=1 change_url=1 ;;; Options Email= From 23c8403ee3093a212ee8122ea76f751f67f14f01 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 23 Jul 2021 16:29:25 +0200 Subject: [PATCH 05/41] Fix --- conf/app.src | 4 ++-- conf/nginx.conf | 3 +-- manifest.json | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/conf/app.src b/conf/app.src index ff93162..a8aab02 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/node-red/node-red/archive/refs/tags/2.0.1.zip -SOURCE_SUM=2944c378033240ce4286aa58c1f75797bd04d69b2c40bb30b07e30fb6ce88b58 +SOURCE_URL=https://github.com/node-red/node-red/archive/refs/tags/2.0.3.zip +SOURCE_SUM=28ef04e678695f39d895fbbd0a6abb3228d8a299f9cb71a8bc60af7f3cf17884 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index c0d5de0..c274e69 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,4 @@ -location ^~ __PATH__ { +location ^~ __PATH__/ { if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; @@ -15,4 +15,3 @@ location ^~ __PATH__ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } - diff --git a/manifest.json b/manifest.json index 5e7a665..892dbfb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Flow-based programming for the Internet of Things", "fr": "Programmation par flux de données pour l'Internet des objets" }, - "version": "2.0.1~ynh1", + "version": "2.0.3~ynh1", "url": "https://nodered.org", "upstream": { "license": "Apache-2.0", From 97be535cede2deb8fadfdbd1c6da237fb71d4efc Mon Sep 17 00:00:00 2001 From: Yunohost-Bot Date: Fri, 23 Jul 2021 14:29:32 +0000 Subject: [PATCH 06/41] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ca822a4..4020f3f 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 2.0.1~ynh1 +**Shipped version:** 2.0.3~ynh1 diff --git a/README_fr.md b/README_fr.md index 6453dc9..ff849c3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Programmation par flux de données pour l'Internet des objets -**Version incluse :** 2.0.1~ynh1 +**Version incluse :** 2.0.3~ynh1 From d1cc22ac3e405d138ec8f7a7701ea128c20f9678 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 24 Jul 2021 11:59:01 +0200 Subject: [PATCH 07/41] Upgrade to v2.0.3 --- README.md | 2 +- conf/app.src | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4020f3f..204f73a 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 2.0.3~ynh1 +**Shipped version:** 2.0.3 diff --git a/conf/app.src b/conf/app.src index a8aab02..30eae14 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/node-red/node-red/archive/refs/tags/2.0.3.zip -SOURCE_SUM=28ef04e678695f39d895fbbd0a6abb3228d8a299f9cb71a8bc60af7f3cf17884 +SOURCE_URL=https://github.com/node-red/node-red/releases/download/2.0.3/node-red-2.0.3.zip +SOURCE_SUM=1687fd13bbe18dfa93b5fd90babb1598bfab57ebdae19aeb81801dd27482454b SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true From ff88c99c14cab1df59d884f90b69eb532a604c7c Mon Sep 17 00:00:00 2001 From: Yunohost-Bot Date: Sat, 24 Jul 2021 09:59:28 +0000 Subject: [PATCH 08/41] Auto-update README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 204f73a..4020f3f 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 2.0.3 +**Shipped version:** 2.0.3~ynh1 From 6da643e61568ca04f402223f79f222f236aaa550 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 24 Jul 2021 13:51:38 +0200 Subject: [PATCH 09/41] Fix NGINX and settings --- conf/nginx.conf | 2 +- conf/settings.js | 676 ++++++++++++++++++++++++++++------------------- scripts/install | 12 +- scripts/restore | 2 +- 4 files changed, 417 insertions(+), 275 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index c274e69..810ba5a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,7 +4,7 @@ location ^~ __PATH__/ { rewrite ^ https://$server_name$request_uri? permanent; } - proxy_pass http://localhost:__PORT____PATH__; + proxy_pass http://localhost:__PORT__/; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; diff --git a/conf/settings.js b/conf/settings.js index 0b16fbb..862d81b 100644 --- a/conf/settings.js +++ b/conf/settings.js @@ -9,124 +9,70 @@ * * For more information about individual settings, refer to the documentation: * https://nodered.org/docs/user-guide/runtime/configuration + * + * The settings are split into the following sections: + * - Flow File and User Directory Settings + * - Security + * - Server Settings + * - Runtime Settings + * - Editor Settings + * - Node Settings + * **/ module.exports = { - // the tcp port that the Node-RED web server is listening on - uiPort: process.env.PORT || 1880, - // By default, the Node-RED UI accepts connections on all IPv4 interfaces. - // To listen on all IPv6 addresses, set uiHost to "::", - // The following property can be used to listen on a specific interface. For - // example, the following would only allow connections from the local machine. - //uiHost: "127.0.0.1", +/******************************************************************************* + * Flow File and User Directory Settings + * - flowFile + * - credentialSecret + * - flowFilePretty + * - userDir + * - nodesDir + ******************************************************************************/ - // Retry time in milliseconds for MQTT connections - mqttReconnectTime: 15000, + /** The file containing the flows. If not set, defaults to flows_.json **/ + flowFile: 'flows.json', - // Retry time in milliseconds for Serial port connections - serialReconnectTime: 15000, - - // Retry time in milliseconds for TCP socket connections - //socketReconnectTime: 10000, - - // Timeout in milliseconds for TCP server socket connections - // defaults to no timeout - //socketTimeout: 120000, - - // Maximum number of messages to wait in queue while attempting to connect to TCP socket - // defaults to 1000 - //tcpMsgQueueSize: 2000, - - // Timeout in milliseconds for HTTP request connections - // defaults to 120 seconds - //httpRequestTimeout: 120000, - - // Maximum buffer size for the exec node - // defaults to 10Mb - //execMaxBufferSize: 10000000, - - // Timeout in milliseconds for inbound WebSocket connections that do not - // match any configured node. - // defaults to 5000 - //inboundWebSocketTimeout: 5000 - - - // The maximum length, in characters, of any message sent to the debug sidebar tab - debugMaxLength: 1000, - - // The maximum number of messages nodes will buffer internally as part of their - // operation. This applies across a range of nodes that operate on message sequences. - // defaults to no limit. A value of 0 also means no limit is applied. - //nodeMessageBufferMaxLength: 0, - - // To disable the option for using local files for storing keys and certificates in the TLS configuration - // node, set this to true - //tlsConfigDisableLocalFiles: true, - - // Colourise the console output of the debug node - //debugUseColors: true, - - // The file containing the flows. If not set, it defaults to flows_.json - //flowFile: 'flows.json', - - // To enabled pretty-printing of the flow within the flow file, set the following - // property to true: - //flowFilePretty: true, - - // By default, credentials are encrypted in storage using a generated key. To - // specify your own secret, set the following property. - // If you want to disable encryption of credentials, set this property to false. - // Note: once you set this property, do not change it - doing so will prevent - // node-red from being able to decrypt your existing credentials and they will be - // lost. + /** By default, credentials are encrypted in storage using a generated key. To + * specify your own secret, set the following property. + * If you want to disable encryption of credentials, set this property to false. + * Note: once you set this property, do not change it - doing so will prevent + * node-red from being able to decrypt your existing credentials and they will be + * lost. + */ //credentialSecret: "a-secret-key", - // By default, all user data is stored in a directory called `.node-red` under - // the user's home directory. To use a different location, the following - // property can be used - //userDir: '/home/nol/.node-red/', + /** By default, the flow JSON will be formatted over multiple lines making + * it easier to compare changes when using version control. + * To disable pretty-printing of the JSON set the following property to false. + */ + flowFilePretty: true, - // Node-RED scans the `nodes` directory in the userDir to find local node files. - // The following property can be used to specify an additional directory to scan. - //nodesDir: '/home/nol/.node-red/nodes', + /** By default, all user data is stored in a directory called `.node-red` under + * the user's home directory. To use a different location, the following + * property can be used + */ + userDir: '__FINALPATH__/data/', - // By default, the Node-RED UI is available at http://localhost:1880/ - // The following property can be used to specify a different root path. - // If set to false, this is disabled. - httpAdminRoot: '__ADMIN_URL__', + /** Node-RED scans the `nodes` directory in the userDir to find local node files. + * The following property can be used to specify an additional directory to scan. + */ + nodesDir: '__FINALPATH__/data/nodes', - // Some nodes, such as HTTP In, can be used to listen for incoming http requests. - // By default, these are served relative to '/'. The following property - // can be used to specifiy a different root path. If set to false, this is - // disabled. - httpNodeRoot: '__NODES_URL__', +/******************************************************************************* + * Security + * - adminAuth + * - https + * - httpsRefreshInterval + * - requireHttps + * - httpNodeAuth + * - httpStaticAuth + ******************************************************************************/ - // The following property can be used in place of 'httpAdminRoot' and 'httpNodeRoot', - // to apply the same root to both parts. - //httpRoot: '/red', - - // When httpAdminRoot is used to move the UI to a different root path, the - // following property can be used to identify a directory of static content - // that should be served at http://localhost:1880/. - //httpStatic: '/home/nol/node-red-static/', - - // The maximum size of HTTP request that will be accepted by the runtime api. - // Default: 5mb - //apiMaxLength: '5mb', - - // If you installed the optional node-red-dashboard you can set it's path - // relative to httpRoot - // Other optional properties include - // readOnly:{boolean}, - // middleware:{function or array}, (req,res,next) - http middleware - // ioMiddleware:{function or array}, (socket,next) - socket.io middleware - ui: { path: "/" }, - - // Securing Node-RED - // ----------------- - // To password protect the Node-RED editor and admin API, the following - // property can be used. See http://nodered.org/docs/security.html for details. + /** To password protect the Node-RED editor and admin API, the following + * property can be used. See http://nodered.org/docs/security.html for details. + */ //adminAuth: { // type: "credentials", // users: [{ @@ -136,24 +82,20 @@ module.exports = { // }] //}, - // To password protect the node-defined HTTP endpoints (httpNodeRoot), or - // the static content (httpStatic), the following properties can be used. - // The pass field is a bcrypt hash of the password. - // See http://nodered.org/docs/security.html#generating-the-password-hash - //httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, - //httpStaticAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, + /** The following property can be used to enable HTTPS + * This property can be either an object, containing both a (private) key + * and a (public) certificate, or a function that returns such an object. + * See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener + * for details of its contents. + */ - // The following property can be used to enable HTTPS - // See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener - // for details on its contents. - // This property can be either an object, containing both a (private) key and a (public) certificate, - // or a function that returns such an object: - //// https object: + /** Option 1: static object */ //https: { // key: require("fs").readFileSync('privkey.pem'), // cert: require("fs").readFileSync('cert.pem') //}, - ////https function: + + /** Option 2: function that returns the HTTP configuration object */ // https: function() { // // This function should return the options object, or a Promise // // that resolves to the options object @@ -163,54 +105,71 @@ module.exports = { // } // }, - // The following property can be used to refresh the https settings at a - // regular time interval in hours. - // This requires: - // - the `https` setting to be a function that can be called to get - // the refreshed settings. - // - Node.js 11 or later. + /** If the `https` setting is a function, the following setting can be used + * to set how often, in hours, the function will be called. That can be used + * to refresh any certificates. + */ //httpsRefreshInterval : 12, - // The following property can be used to cause insecure HTTP connections to - // be redirected to HTTPS. + /** The following property can be used to cause insecure HTTP connections to + * be redirected to HTTPS. + */ //requireHttps: true, - // The following property can be used to disable the editor. The admin API - // is not affected by this option. To disable both the editor and the admin - // API, use either the httpRoot or httpAdminRoot properties - //disableEditor: false, + /** To password protect the node-defined HTTP endpoints (httpNodeRoot), + * including node-red-dashboard, or the static content (httpStatic), the + * following properties can be used. + * The `pass` field is a bcrypt hash of the password. + * See http://nodered.org/docs/security.html#generating-the-password-hash + */ + //httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, + //httpStaticAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, - // The following property can be used to configure cross-origin resource sharing - // in the HTTP nodes. - // See https://github.com/troygoode/node-cors#configuration-options for - // details on its contents. The following is a basic permissive set of options: - //httpNodeCors: { - // origin: "*", - // methods: "GET,PUT,POST,DELETE" - //}, +/******************************************************************************* + * Server Settings + * - uiPort + * - uiHost + * - apiMaxLength + * - httpServerOptions + * - httpAdminRoot + * - httpAdminMiddleware + * - httpNodeRoot + * - httpNodeCors + * - httpNodeMiddleware + * - httpStatic + ******************************************************************************/ - // If you need to set an http proxy please set an environment variable - // called http_proxy (or HTTP_PROXY) outside of Node-RED in the operating system. - // For example - http_proxy=http://myproxy.com:8080 - // (Setting it here will have no effect) - // You may also specify no_proxy (or NO_PROXY) to supply a comma separated - // list of domains to not proxy, eg - no_proxy=.acme.co,.acme.co.uk + /** the tcp port that the Node-RED web server is listening on */ + uiPort: process.env.PORT || 1880, - // The following property can be used to add a custom middleware function - // in front of all http in nodes. This allows custom authentication to be - // applied to all http in nodes, or any other sort of common request processing. - // It can be a single function or an array of middleware functions. - //httpNodeMiddleware: function(req,res,next) { - // // Handle/reject the request, or pass it on to the http in node by calling next(); - // // Optionally skip our rawBodyParser by setting this to true; - // //req.skipRawBodyParser = true; - // next(); - //}, + /** By default, the Node-RED UI accepts connections on all IPv4 interfaces. + * To listen on all IPv6 addresses, set uiHost to "::", + * The following property can be used to listen on a specific interface. For + * example, the following would only allow connections from the local machine. + */ + uiHost: "127.0.0.1", + /** The maximum size of HTTP request that will be accepted by the runtime api. + * Default: 5mb + */ + //apiMaxLength: '5mb', - // The following property can be used to add a custom middleware function - // in front of all admin http routes. For example, to set custom http - // headers. It can be a single function or an array of middleware functions. + /** The following property can be used to pass custom options to the Express.js + * server used by Node-RED. For a full list of available options, refer + * to http://expressjs.com/en/api.html#app.settings.table + */ + //httpServerOptions: { }, + + /** By default, the Node-RED UI is available at http://localhost:1880/ + * The following property can be used to specify a different root path. + * If set to false, this is disabled. + */ + httpAdminRoot: '/admin', + + /** The following property can be used to add a custom middleware function + * in front of all admin http routes. For example, to set custom http + * headers. It can be a single function or an array of middleware functions. + */ // httpAdminMiddleware: function(req,res,next) { // // Set the X-Frame-Options header to limit where the editor // // can be embedded @@ -218,131 +177,310 @@ module.exports = { // next(); // }, - // The following property can be used to pass custom options to the Express.js - // server used by Node-RED. For a full list of available options, refer - // to http://expressjs.com/en/api.html#app.settings.table - //httpServerOptions: { }, - // The following property can be used to verify websocket connection attempts. - // This allows, for example, the HTTP request headers to be checked to ensure - // they include valid authentication information. - //webSocketNodeVerifyClient: function(info) { - // // 'info' has three properties: - // // - origin : the value in the Origin header - // // - req : the HTTP request - // // - secure : true if req.connection.authorized or req.connection.encrypted is set - // // - // // The function should return true if the connection should be accepted, false otherwise. - // // - // // Alternatively, if this function is defined to accept a second argument, callback, - // // it can be used to verify the client asynchronously. - // // The callback takes three arguments: - // // - result : boolean, whether to accept the connection or not - // // - code : if result is false, the HTTP error status to return - // // - reason: if result is false, the HTTP reason string to return + /** Some nodes, such as HTTP In, can be used to listen for incoming http requests. + * By default, these are served relative to '/'. The following property + * can be used to specifiy a different root path. If set to false, this is + * disabled. + */ + httpNodeRoot: '/nodes', + + /** The following property can be used to configure cross-origin resource sharing + * in the HTTP nodes. + * See https://github.com/troygoode/node-cors#configuration-options for + * details on its contents. The following is a basic permissive set of options: + */ + //httpNodeCors: { + // origin: "*", + // methods: "GET,PUT,POST,DELETE" //}, - // The following property can be used to seed Global Context with predefined - // values. This allows extra node modules to be made available with the - // Function node. - // For example, - // functionGlobalContext: { os:require('os') } - // can be accessed in a function block as: - // global.get("os") - functionGlobalContext: { - // os:require('os'), - // jfive:require("johnny-five"), - // j5board:require("johnny-five").Board({repl:false}) - }, + /** If you need to set an http proxy please set an environment variable + * called http_proxy (or HTTP_PROXY) outside of Node-RED in the operating system. + * For example - http_proxy=http://myproxy.com:8080 + * (Setting it here will have no effect) + * You may also specify no_proxy (or NO_PROXY) to supply a comma separated + * list of domains to not proxy, eg - no_proxy=.acme.co,.acme.co.uk + */ - // Allow the Function node to load additional npm modules - functionExternalModules: false, - - // `global.keys()` returns a list of all properties set in global context. - // This allows them to be displayed in the Context Sidebar within the editor. - // In some circumstances it is not desirable to expose them to the editor. The - // following property can be used to hide any property set in `functionGlobalContext` - // from being list by `global.keys()`. - // By default, the property is set to false to avoid accidental exposure of - // their values. Setting this to true will cause the keys to be listed. - exportGlobalContextKeys: false, - - // Uncomment the following to run node-red in your preferred language: - // lang: "de", - - // Context Storage - // The following property can be used to enable context storage. The configuration - // provided here will enable file-based context that flushes to disk every 30 seconds. - // Refer to the documentation for further options: https://nodered.org/docs/api/context/ - // - //contextStorage: { - // default: { - // module:"localfilesystem" - // }, + /** The following property can be used to add a custom middleware function + * in front of all http in nodes. This allows custom authentication to be + * applied to all http in nodes, or any other sort of common request processing. + * It can be a single function or an array of middleware functions. + */ + //httpNodeMiddleware: function(req,res,next) { + // // Handle/reject the request, or pass it on to the http in node by calling next(); + // // Optionally skip our rawBodyParser by setting this to true; + // //req.skipRawBodyParser = true; + // next(); //}, - // The following property can be used to order the categories in the editor - // palette. If a node's category is not in the list, the category will get - // added to the end of the palette. - // If not set, the following default order is used: - //paletteCategories: ['subflows', 'common', 'function', 'network', 'sequence', 'parser', 'storage'], + /** When httpAdminRoot is used to move the UI to a different root path, the + * following property can be used to identify a directory of static content + * that should be served at http://localhost:1880/. + */ + //httpStatic: '/home/nol/node-red-static/', - // Configure the logging output - logging: { - // Only console logging is currently supported - console: { - // Level of logging to be recorded. Options are: - // fatal - only those errors which make the application unusable should be recorded - // error - record errors which are deemed fatal for a particular request + fatal errors - // warn - record problems which are non fatal + errors + fatal errors - // info - record information about the general running of the application + warn + error + fatal errors - // debug - record information which is more verbose than info + info + warn + error + fatal errors - // trace - record very detailed logging + debug + info + warn + error + fatal errors - // off - turn off all logging (doesn't affect metrics or audit) - level: "info", - // Whether or not to include metric events in the log output - metrics: false, - // Whether or not to include audit events in the log output - audit: false - } - }, +/******************************************************************************* + * Runtime Settings + * - lang + * - logging + * - contextStorage + * - exportGlobalContextKeys + * - externalModules + ******************************************************************************/ - // Configure how the runtime will handle external npm modules. - // This covers: - // - whether the editor will allow new node modules to be installed - // - whether nodes, such as the Function node are allowed to have their - // own dynamically configured dependencies. - // The allow/denyList options can be used to limit what modules the runtime - // will install/load. It can use '*' as a wildcard that matches anything. - externalModules: { - // autoInstall: false, // Whether the runtime will attempt to automatically install missing modules - // autoInstallRetry: 30, // Interval, in seconds, between reinstall attempts - // palette: { // Configuration for the Palette Manager - // allowInstall: true, // Enable the Palette Manager in the editor - // allowUpload: true, // Allow module tgz files to be uploaded and installed - // allowList: [], - // denyList: [] - // }, - // modules: { // Configuration for node-specified modules - // allowInstall: true, - // allowList: [], - // denyList: [] - // } - }, + /** Uncomment the following to run node-red in your preferred language. + * Available languages include: en-US (default), ja, de, zh-CN, zh-TW, ru, ko + * Some languages are more complete than others. + */ + // lang: "de", - // Customising the editor + /** Configure the logging output */ + logging: { + /** Only console logging is currently supported */ + console: { + /** Level of logging to be recorded. Options are: + * fatal - only those errors which make the application unusable should be recorded + * error - record errors which are deemed fatal for a particular request + fatal errors + * warn - record problems which are non fatal + errors + fatal errors + * info - record information about the general running of the application + warn + error + fatal errors + * debug - record information which is more verbose than info + info + warn + error + fatal errors + * trace - record very detailed logging + debug + info + warn + error + fatal errors + * off - turn off all logging (doesn't affect metrics or audit) + */ + level: "info", + /** Whether or not to include metric events in the log output */ + metrics: false, + /** Whether or not to include audit events in the log output */ + audit: false + } + }, + + /** Context Storage + * The following property can be used to enable context storage. The configuration + * provided here will enable file-based context that flushes to disk every 30 seconds. + * Refer to the documentation for further options: https://nodered.org/docs/api/context/ + */ + //contextStorage: { + // default: { + // module:"localfilesystem" + // }, + //}, + + /** `global.keys()` returns a list of all properties set in global context. + * This allows them to be displayed in the Context Sidebar within the editor. + * In some circumstances it is not desirable to expose them to the editor. The + * following property can be used to hide any property set in `functionGlobalContext` + * from being list by `global.keys()`. + * By default, the property is set to false to avoid accidental exposure of + * their values. Setting this to true will cause the keys to be listed. + */ + exportGlobalContextKeys: false, + + /** Configure how the runtime will handle external npm modules. + * This covers: + * - whether the editor will allow new node modules to be installed + * - whether nodes, such as the Function node are allowed to have their + * own dynamically configured dependencies. + * The allow/denyList options can be used to limit what modules the runtime + * will install/load. It can use '*' as a wildcard that matches anything. + */ + externalModules: { + // autoInstall: false, /** Whether the runtime will attempt to automatically install missing modules */ + // autoInstallRetry: 30, /** Interval, in seconds, between reinstall attempts */ + // palette: { /** Configuration for the Palette Manager */ + // allowInstall: true, /** Enable the Palette Manager in the editor */ + // allowUpload: true, /** Allow module tgz files to be uploaded and installed */ + // allowList: [], + // denyList: [] + // }, + // modules: { /** Configuration for node-specified modules */ + // allowInstall: true, + // allowList: [], + // denyList: [] + // } + }, + + +/******************************************************************************* + * Editor Settings + * - disableEditor + * - editorTheme + ******************************************************************************/ + + /** The following property can be used to disable the editor. The admin API + * is not affected by this option. To disable both the editor and the admin + * API, use either the httpRoot or httpAdminRoot properties + */ + //disableEditor: false, + + /** Customising the editor + * See https://nodered.org/docs/user-guide/runtime/configuration#editor-themes + * for all available options. + */ editorTheme: { + /** The following property can be used to set a custom theme for the editor. + * See https://github.com/node-red-contrib-themes/theme-collection for + * a collection of themes to chose from. + */ + //theme: "", + palette: { + /** The following property can be used to order the categories in the editor + * palette. If a node's category is not in the list, the category will get + * added to the end of the palette. + * If not set, the following default order is used: + */ + //categories: ['subflows', 'common', 'function', 'network', 'sequence', 'parser', 'storage'], + }, projects: { - // To enable the Projects feature, set this value to true + /** To enable the Projects feature, set this value to true */ enabled: false, workflow: { - // Set the default projects workflow mode. - // - manual - you must manually commit changes - // - auto - changes are automatically committed - // This can be overridden per-user from the 'Git config' - // section of 'User Settings' within the editor + /** Set the default projects workflow mode. + * - manual - you must manually commit changes + * - auto - changes are automatically committed + * This can be overridden per-user from the 'Git config' + * section of 'User Settings' within the editor + */ mode: "manual" } + }, + codeEditor: { + /** Select the text editor component used by the editor. + * Defaults to "ace", but can be set to "ace" or "monaco" + */ + lib: "ace", + options: { + /** The follow options only apply if the editor is set to "monaco" + * + * theme - must match the file name of a theme in + * packages/node_modules/@node-red/editor-client/src/vendor/monaco/dist/theme + * e.g. "tomorrow-night", "upstream-sunburst", "github", "my-theme" + */ + theme: "vs", + /** other overrides can be set e.g. fontSize, fontFamily, fontLigatures etc. + * for the full list, see https://microsoft.github.io/monaco-editor/api/interfaces/monaco.editor.istandaloneeditorconstructionoptions.html + */ + //fontSize: 14, + //fontFamily: "Cascadia Code, Fira Code, Consolas, 'Courier New', monospace", + //fontLigatures: true, + } } - } + }, + +/******************************************************************************* + * Node Settings + * - fileWorkingDirectory + * - functionGlobalContext + * - functionExternalModules + * - nodeMessageBufferMaxLength + * - ui (for use with Node-RED Dashboard) + * - debugUseColors + * - debugMaxLength + * - execMaxBufferSize + * - httpRequestTimeout + * - mqttReconnectTime + * - serialReconnectTime + * - socketReconnectTime + * - socketTimeout + * - tcpMsgQueueSize + * - inboundWebSocketTimeout + * - tlsConfigDisableLocalFiles + * - webSocketNodeVerifyClient + ******************************************************************************/ + + /** The working directory to handle relative file paths from within the File nodes + * defaults to the working directory of the Node-RED process. + */ + //fileWorkingDirectory: "", + + /** Allow the Function node to load additional npm modules directly */ + functionExternalModules: true, + + /** The following property can be used to set predefined values in Global Context. + * This allows extra node modules to be made available with in Function node. + * For example, the following: + * functionGlobalContext: { os:require('os') } + * will allow the `os` module to be accessed in a Function node using: + * global.get("os") + */ + functionGlobalContext: { + // os:require('os'), + }, + + /** The maximum number of messages nodes will buffer internally as part of their + * operation. This applies across a range of nodes that operate on message sequences. + * defaults to no limit. A value of 0 also means no limit is applied. + */ + //nodeMessageBufferMaxLength: 0, + + /** If you installed the optional node-red-dashboard you can set it's path + * relative to httpNodeRoot + * Other optional properties include + * readOnly:{boolean}, + * middleware:{function or array}, (req,res,next) - http middleware + * ioMiddleware:{function or array}, (socket,next) - socket.io middleware + */ + ui: { path: "/" }, + + /** Colourise the console output of the debug node */ + //debugUseColors: true, + + /** The maximum length, in characters, of any message sent to the debug sidebar tab */ + debugMaxLength: 1000, + + /** Maximum buffer size for the exec node. Defaults to 10Mb */ + //execMaxBufferSize: 10000000, + + /** Timeout in milliseconds for HTTP request connections. Defaults to 120s */ + //httpRequestTimeout: 120000, + + /** Retry time in milliseconds for MQTT connections */ + mqttReconnectTime: 15000, + + /** Retry time in milliseconds for Serial port connections */ + serialReconnectTime: 15000, + + /** Retry time in milliseconds for TCP socket connections */ + //socketReconnectTime: 10000, + + /** Timeout in milliseconds for TCP server socket connections. Defaults to no timeout */ + //socketTimeout: 120000, + + /** Maximum number of messages to wait in queue while attempting to connect to TCP socket + * defaults to 1000 + */ + //tcpMsgQueueSize: 2000, + + /** Timeout in milliseconds for inbound WebSocket connections that do not + * match any configured node. Defaults to 5000 + */ + //inboundWebSocketTimeout: 5000, + + /** To disable the option for using local files for storing keys and + * certificates in the TLS configuration node, set this to true. + */ + //tlsConfigDisableLocalFiles: true, + + /** The following property can be used to verify websocket connection attempts. + * This allows, for example, the HTTP request headers to be checked to ensure + * they include valid authentication information. + */ + //webSocketNodeVerifyClient: function(info) { + // /** 'info' has three properties: + // * - origin : the value in the Origin header + // * - req : the HTTP request + // * - secure : true if req.connection.authorized or req.connection.encrypted is set + // * + // * The function should return true if the connection should be accepted, false otherwise. + // * + // * Alternatively, if this function is defined to accept a second argument, callback, + // * it can be used to verify the client asynchronously. + // * The callback takes three arguments: + // * - result : boolean, whether to accept the connection or not + // * - code : if result is false, the HTTP error status to return + // * - reason: if result is false, the HTTP reason string to return + // */ + //}, } diff --git a/scripts/install b/scripts/install index 4996b51..52183fe 100755 --- a/scripts/install +++ b/scripts/install @@ -101,10 +101,6 @@ pushd $final_path ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install node-red-dashboard popd -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - #================================================= # NGINX CONFIGURATION #================================================= @@ -121,6 +117,14 @@ ynh_add_nginx_config mkdir -p $final_path/data ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js" +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app: "$final_path" + #================================================= # SETUP SYSTEMD #================================================= diff --git a/scripts/restore b/scripts/restore index 1627f1e..68ca03a 100755 --- a/scripts/restore +++ b/scripts/restore @@ -62,7 +62,7 @@ ynh_restore_file --origin_path="$final_path" chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app: "$final_path" # Create log directory and apply permissions mkdir -p /var/log/$app From 2ae0546d1b56365f41699e65f31b0d2703c322b3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 24 Jul 2021 14:35:30 +0200 Subject: [PATCH 10/41] Fix permissions --- conf/settings.js | 2 +- doc/DISCLAIMER.md | 7 +++---- doc/DISCLAIMER_fr.md | 9 ++++----- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/conf/settings.js b/conf/settings.js index 862d81b..5679534 100644 --- a/conf/settings.js +++ b/conf/settings.js @@ -183,7 +183,7 @@ module.exports = { * can be used to specifiy a different root path. If set to false, this is * disabled. */ - httpNodeRoot: '/nodes', + httpNodeRoot: '/', /** The following property can be used to configure cross-origin resource sharing * in the HTTP nodes. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index e6e8617..2727989 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,5 +1,4 @@ YunoHost's permissions system allows you to select which users can have access to Node-RED: -* The `main` permission protects - * `/path`, to access to the dashboard ; - * all `/path/` endpoints defined in the HTTP nodes (with the exception of `/path/admin`). -* Upon installation, the selected administrator will have the `admin` permission and access to the editor at `/path/admin` +* `main` permission protects `./`, to access the dashboard and HTTP endpoints ; +By default it is accessible to visitors, since it is meant to be used for API-like endpoints ; +* `admin` permission protects `./admin`. Upon installation, the selected admin will have sole access to it. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 572877b..a6cc913 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,5 +1,4 @@ -Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED. Par défaut, seul l'administrateur sélectionné lors de l'installation y a accès. -* La permission `main` protège - * `/chemin`, pour accéder au tableau de bord ; - * toutes les routes `/path/` définis par les *nodes* HTTP (à l'exception de `/chemin/admin`). -* L'utilisateur choisi comme admin à l'installation aura la permission `admin` et aura accès à l'éditeur à l'adresse `/chemin/admin` +Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : +* la permission `main` protège `./`, chemin d'accès au tableau de bord et les *nodes* HTTP. +Par défault, elle est accessible aux visiteurs et sa tuile est cachée, puisqu'elle est utilisée comme un point d'entrée de type API ; +* la permission `admin` protège `./admin`. L'administrateur sélectionné à l'installation y aura accès. From e3ec4255ca300683699e7837dee9323b10aade4f Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 24 Jul 2021 12:35:56 +0000 Subject: [PATCH 11/41] Auto-update README --- README.md | 7 +++---- README_fr.md | 9 ++++----- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4020f3f..de76f86 100644 --- a/README.md +++ b/README.md @@ -28,10 +28,9 @@ Flow-based programming for the Internet of Things ## Disclaimers / important information YunoHost's permissions system allows you to select which users can have access to Node-RED: -* The `main` permission protects - * `/path`, to access to the dashboard ; - * all `/path/` endpoints defined in the HTTP nodes (with the exception of `/path/admin`). -* Upon installation, the selected administrator will have the `admin` permission and access to the editor at `/path/admin` +* `main` permission protects `./`, to access the dashboard and HTTP endpoints ; +By default it is accessible to visitors, since it is meant to be used for API-like endpoints ; +* `admin` permission protects `./admin`. Upon installation, the selected admin will have sole access to it. ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index ff849c3..4b721db 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,11 +23,10 @@ Programmation par flux de données pour l'Internet des objets ## Avertissements / informations importantes -Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED. Par défaut, seul l'administrateur sélectionné lors de l'installation y a accès. -* La permission `main` protège - * `/chemin`, pour accéder au tableau de bord ; - * toutes les routes `/path/` définis par les *nodes* HTTP (à l'exception de `/chemin/admin`). -* L'utilisateur choisi comme admin à l'installation aura la permission `admin` et aura accès à l'éditeur à l'adresse `/chemin/admin` +Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : +* la permission `main` protège `./`, chemin d'accès au tableau de bord et les *nodes* HTTP. +Par défault, elle est accessible aux visiteurs et sa tuile est cachée, puisqu'elle est utilisée comme un point d'entrée de type API ; +* la permission `admin` protège `./admin`. L'administrateur sélectionné à l'installation y aura accès. ## Documentations et ressources From 408a33107f4f9658fa03f780699693198f61bb9c Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 24 Jul 2021 16:42:27 +0200 Subject: [PATCH 12/41] Coherence regarding app public access --- check_process | 2 +- doc/DISCLAIMER_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/check_process b/check_process index ac9c0fa..2f80830 100644 --- a/check_process +++ b/check_process @@ -11,7 +11,7 @@ setup_root=1 setup_nourl=0 setup_private=1 - setup_public=0 #Considering the sensitive actions this app can do, I prefer to have it private + setup_public=1 upgrade=1 upgrade=1 from_commit=453b13703bb418a7da33ed4f3e96a486b365d865 upgrade=1 from_commit=2b01dad6ce2214a07f8b5dd63ee040c34268204c diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index a6cc913..3e920ff 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,4 +1,4 @@ Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : * la permission `main` protège `./`, chemin d'accès au tableau de bord et les *nodes* HTTP. -Par défault, elle est accessible aux visiteurs et sa tuile est cachée, puisqu'elle est utilisée comme un point d'entrée de type API ; +Par défault, elle est accessible aux visiteurs, puisqu'elle est utilisée comme un point d'entrée de type API ; * la permission `admin` protège `./admin`. L'administrateur sélectionné à l'installation y aura accès. From aeb357ee88ba40467eb0daee9dad2c77ad332c19 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 24 Jul 2021 14:43:52 +0000 Subject: [PATCH 13/41] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index 4b721db..4ae403f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -25,7 +25,7 @@ Programmation par flux de données pour l'Internet des objets Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : * la permission `main` protège `./`, chemin d'accès au tableau de bord et les *nodes* HTTP. -Par défault, elle est accessible aux visiteurs et sa tuile est cachée, puisqu'elle est utilisée comme un point d'entrée de type API ; +Par défault, elle est accessible aux visiteurs, puisqu'elle est utilisée comme un point d'entrée de type API ; * la permission `admin` protège `./admin`. L'administrateur sélectionné à l'installation y aura accès. ## Documentations et ressources From e6070ac37e9381ef4d66cf6a727ea5b64868c7b2 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 29 Jul 2021 11:12:46 +0200 Subject: [PATCH 14/41] Upgrade to v2.0.4 --- README.md | 2 +- conf/app.src | 4 ++-- manifest.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index de76f86..feb57c5 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 2.0.3~ynh1 +**Shipped version:** 2.0.4 diff --git a/conf/app.src b/conf/app.src index 30eae14..c3f5793 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/node-red/node-red/releases/download/2.0.3/node-red-2.0.3.zip -SOURCE_SUM=1687fd13bbe18dfa93b5fd90babb1598bfab57ebdae19aeb81801dd27482454b +SOURCE_URL=https://github.com/node-red/node-red/releases/download/2.0.4/node-red-2.0.4.zip +SOURCE_SUM=7bec6ec179b2f84cb57879f792e2688b19d2eb46ce65a02c59c1d3f31edeb6c6 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 892dbfb..5cbe024 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Flow-based programming for the Internet of Things", "fr": "Programmation par flux de données pour l'Internet des objets" }, - "version": "2.0.3~ynh1", + "version": "2.0.4~ynh1", "url": "https://nodered.org", "upstream": { "license": "Apache-2.0", From e70f04727df499e2aba75ce911dac32ce6158f57 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 29 Jul 2021 09:13:43 +0000 Subject: [PATCH 15/41] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index feb57c5..8b31573 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 2.0.4 +**Shipped version:** 2.0.4~ynh1 diff --git a/README_fr.md b/README_fr.md index 4ae403f..ddc8836 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Programmation par flux de données pour l'Internet des objets -**Version incluse :** 2.0.3~ynh1 +**Version incluse :** 2.0.4~ynh1 From a5afa5998e3a630714d9c110966f2d417c43483e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 2 Sep 2021 21:42:18 +0200 Subject: [PATCH 16/41] Delete old "ui" permission if it exists --- scripts/upgrade | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 6468bea..332fda1 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -73,6 +73,11 @@ if ! ynh_permission_exists --permission="admin"; then ynh_permission_create --permission="admin" --url="/admin" --label="admin" --show_tile=true fi +if ynh_permission_exists --permission="ui"; then + # Delete the old permission + ynh_permission_delete --permission="ui" +fi + #================================================= # CLOSING PORT #================================================= From 8b1630641965b97b2c840e52eda88f358307a15b Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 2 Sep 2021 13:33:10 +0200 Subject: [PATCH 17/41] Implement GitHub Action to upgrade from upstream --- .github/workflows/main.yml | 74 ++++++++++++++++++++++++++++++++++++ .github/workflows/updater.sh | 29 ++++++++++++++ scripts/update_version.sh | 53 -------------------------- 3 files changed, 103 insertions(+), 53 deletions(-) create mode 100644 .github/workflows/main.yml create mode 100644 .github/workflows/updater.sh delete mode 100755 scripts/update_version.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..ba7ebe6 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,74 @@ +name: Check for new upstream releases +on: + workflow_dispatch: + schedule: + - cron: '0 8 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Check if newer version is available upstream + id: check_version + run: | + # Fetching information + current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') + repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') + version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -j '[ .[] | .tag_name ] | sort | last') + download_url=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -j '.[] | select(.tag_name=="'$version'").assets[0].browser_download_url') + echo "Current version: $current_version" + echo "Latest release from upstream: $version" + echo "VERSION=$version" >> $GITHUB_ENV + echo "DOWNLOAD_URL=$download_url" >> $GITHUB_ENV + if dpkg --compare-versions "$current_version" "lt" "$version"; then + echo ::set-output name=to_update::true + else + echo ::set-output name=to_update::false + echo "::warning ::No new version available" + fi + - name: Update package files + id: update_files + if: steps.check_version.outputs.to_update == 'true' + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + + # Run the version updater script + chmod +x ./.github/workflows/updater.sh + ./.github/workflows/updater.sh + + # Replace new version in manifest + sed -i "s# \"version\": \".*# \"version\": \"${VERSION}\~ynh1\",#" manifest.json + + # Commit + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + uses: peter-evans/create-pull-request@v3 + if: steps.check_version.outputs.to_update == 'true' + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + branch: v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false + - name: Check outputs + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + - name: Trigger CI + uses: peter-evans/create-or-update-comment@v1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + issue-number: ${{ steps.cpr.outputs.pull-request-number }} + body: | + !testme diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 0000000..ad86c2b --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${DOWNLOAD_URL##*/} +curl --silent -4 -L $DOWNLOAD_URL -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Get extension +if [[ $filename == *.tar.gz ]]; then +extension=tar.gz +else +extension=${filename##*.} +fi + +# Rewrite source file +cat < conf/app.src +SOURCE_URL=$DOWNLOAD_URL +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +EOT diff --git a/scripts/update_version.sh b/scripts/update_version.sh deleted file mode 100755 index 45149e1..0000000 --- a/scripts/update_version.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -source /usr/share/yunohost/helpers - -repo="node-red/node-red" - -#================================================= -# META HELPER FOR PACKAGE RELEASES -#================================================= - -# This script is meant to be manually run by the app packagers -# to automatically update the source files. - -# Thanks @lukechild and @jbellocastro -# https://gist.github.com/lukechilds/a83e1d7127b78fef38c2914c4ececc3c -version=$(curl --silent "https://api.github.com/repos/$repo/releases/latest" | jq -r ".tag_name") -download_url=$(curl --silent "https://api.github.com/repos/$repo/releases/latest" | jq -r ".assets[0].browser_download_url") - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${download_url##*/} -curl --silent -4 -L $download_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) -ynh_secure_remove $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -cat < ../conf/app.src -SOURCE_URL=$download_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT - -sed -i "s#\*\*Shipped version:\*\*.*#\*\*Shipped version:\*\* ${version}#" ../README.md -sed -i "s#\*\*Version incluse :\*\*.*#\*\*Version incluse :\*\* ${version}#" ../README_fr.md -sed -i "s# \"version\": \".*# \"version\": \"${version}\~ynh1\",#" ../manifest.json - -message="Upgrade to v$version" -if [ "$message" == "$(git show -s --format=%s)" ]; then - git commit ../README.md ../README_fr.md ../manifest.json ../conf/app.src --amend -m "$message" -else - git commit ../README.md ../README_fr.md ../manifest.json ../conf/app.src -m "$message" -fi From f022167b787ebd4c452a68625f3c30d6fa3e7f52 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 4 Sep 2021 08:02:44 +0000 Subject: [PATCH 18/41] Upgrade to v2.0.6 --- .github/workflows/updater.sh | 0 conf/app.src | 4 ++-- manifest.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) mode change 100644 => 100755 .github/workflows/updater.sh diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh old mode 100644 new mode 100755 diff --git a/conf/app.src b/conf/app.src index c3f5793..047e97b 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/node-red/node-red/releases/download/2.0.4/node-red-2.0.4.zip -SOURCE_SUM=7bec6ec179b2f84cb57879f792e2688b19d2eb46ce65a02c59c1d3f31edeb6c6 +SOURCE_URL=https://github.com/node-red/node-red/releases/download/2.0.6/node-red-2.0.6.zip +SOURCE_SUM=ddeeb2afebef145715c94b1888b08ee1b69290bb5440b5318c2523bf3bd0f290 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 5cbe024..4121e89 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Flow-based programming for the Internet of Things", "fr": "Programmation par flux de données pour l'Internet des objets" }, - "version": "2.0.4~ynh1", + "version": "2.0.6~ynh1", "url": "https://nodered.org", "upstream": { "license": "Apache-2.0", From 3210d9c8e2b3564af8f154b48f718214651072f6 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot Date: Sat, 4 Sep 2021 08:02:47 +0000 Subject: [PATCH 19/41] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8b31573..33d1af7 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Flow-based programming for the Internet of Things -**Shipped version:** 2.0.4~ynh1 +**Shipped version:** 2.0.6~ynh1 diff --git a/README_fr.md b/README_fr.md index ddc8836..479c7e1 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Programmation par flux de données pour l'Internet des objets -**Version incluse :** 2.0.4~ynh1 +**Version incluse :** 2.0.6~ynh1 From 53b1075ef1f48dad20f63b3e9af4fc9d420bbee3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Mon, 6 Sep 2021 21:28:25 +0200 Subject: [PATCH 20/41] Improve auto-updater --- .github/workflows/main.yml | 74 ---------------------------- .github/workflows/updater.yml | 90 +++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 74 deletions(-) delete mode 100644 .github/workflows/main.yml create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index ba7ebe6..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Check for new upstream releases -on: - workflow_dispatch: - schedule: - - cron: '0 8 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Check if newer version is available upstream - id: check_version - run: | - # Fetching information - current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') - repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') - version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -j '[ .[] | .tag_name ] | sort | last') - download_url=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -j '.[] | select(.tag_name=="'$version'").assets[0].browser_download_url') - echo "Current version: $current_version" - echo "Latest release from upstream: $version" - echo "VERSION=$version" >> $GITHUB_ENV - echo "DOWNLOAD_URL=$download_url" >> $GITHUB_ENV - if dpkg --compare-versions "$current_version" "lt" "$version"; then - echo ::set-output name=to_update::true - else - echo ::set-output name=to_update::false - echo "::warning ::No new version available" - fi - - name: Update package files - id: update_files - if: steps.check_version.outputs.to_update == 'true' - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - - # Run the version updater script - chmod +x ./.github/workflows/updater.sh - ./.github/workflows/updater.sh - - # Replace new version in manifest - sed -i "s# \"version\": \".*# \"version\": \"${VERSION}\~ynh1\",#" manifest.json - - # Commit - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - uses: peter-evans/create-pull-request@v3 - if: steps.check_version.outputs.to_update == 'true' - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - branch: v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false - - name: Check outputs - run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" - - name: Trigger CI - uses: peter-evans/create-or-update-comment@v1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - issue-number: ${{ steps.cpr.outputs.pull-request-number }} - body: | - !testme diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..c1f336f --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,90 @@ +# This workflow allows GitHub Actions to automagically update your app +# whenever a new upstream release is detected. +# You need to enable Actions in your repository settings. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Check if newer version is available upstream + id: check_version + run: | + # Install moreutils, needed for sponge + sudo apt-get install moreutils + # Fetching information + current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') + repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') + version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | .tag_name' | sort -V | tail -1) + assets=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'") + # Setting up the environment variables + echo ::set-output name=current_version::$current_version + echo "Current version: $current_version" + echo ::set-output name=latest_version::$version + echo "Latest release from upstream: $version" + echo "VERSION=$version" >> $GITHUB_ENV + echo "ASSETS=$assets" >> $GITHUB_ENV + if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "PROCEED=false" >> $GITHUB_ENV + echo "::warning ::No new version available" + elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "PROCEED=false" >> $GITHUB_ENV + echo "::warning ::A branch already exists for this update" + else + echo "PROCEED=true" >> $GITHUB_ENV + fi + - name: Update package files + id: update_files + if: ${{ env.PROCEED == 'true' }} + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the version updater script + ./.github/workflows/updater.sh + retval=$? + # Check + if [ $retval -eq 0 ]; then + echo "PROCEED=true" >> $GITHUB_ENV + else + echo "PROCEED=false" >> $GITHUB_ENV + echo "::warning ::The updater script failed (exit code $retval)" + fi + # Replace new version in manifest + jq -s --indent 4 ".[] | .version = \"$VERSION~ynh1\"" manifest.json | sponge manifest.json + # Commit + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false + - name: Check outputs + if: ${{ env.PROCEED == 'true' }} + run: | + echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" + echo "Current version - ${{ steps.check_version.outputs.current_version }}" + echo "New version - ${{ steps.check_version.outputs.latest_version }}" From 4f69f3a46f42bab1ab97190fd095f77340de4a5a Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 11 Sep 2021 21:59:36 +0200 Subject: [PATCH 21/41] Use the organization's updater Action --- .github/workflows/updater.sh | 97 +++++++++++++++++++++++++++++++++++ .github/workflows/updater.yml | 90 -------------------------------- 2 files changed, 97 insertions(+), 90 deletions(-) delete mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index ad86c2b..69cd362 100755 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -1,5 +1,73 @@ #!/bin/bash +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 1 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 1 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) +# Leave $src empty to ignore the asset +case $asset_url in + *"admin"*) + src="app" + ;; + *"update"*) + src="app-upgrade" + ;; + *) + src="" + ;; +esac + +# If $src is not empty, let's process the asset +if [ ! -z "$src" ]; then + # Create the temporary directory tempdir="$(mktemp -d)" @@ -27,3 +95,32 @@ SOURCE_FORMAT=$extension SOURCE_IN_SUBDIR=true SOURCE_FILENAME= EOT +echo "... conf/$src.src updated" + +else +echo "... asset ignored" +fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Install moreutils, needed for sponge +sudo apt-get install moreutils + +# Replace new version in manifest +jq -s --indent 4 ".[] | .version = \"$VERSION~ynh1\"" manifest.json | sponge manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if a 0 exit code is returned +exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index c1f336f..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,90 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app -# whenever a new upstream release is detected. -# You need to enable Actions in your repository settings. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Check if newer version is available upstream - id: check_version - run: | - # Install moreutils, needed for sponge - sudo apt-get install moreutils - # Fetching information - current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') - repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') - version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | .tag_name' | sort -V | tail -1) - assets=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'") - # Setting up the environment variables - echo ::set-output name=current_version::$current_version - echo "Current version: $current_version" - echo ::set-output name=latest_version::$version - echo "Latest release from upstream: $version" - echo "VERSION=$version" >> $GITHUB_ENV - echo "ASSETS=$assets" >> $GITHUB_ENV - if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "PROCEED=false" >> $GITHUB_ENV - echo "::warning ::No new version available" - elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "PROCEED=false" >> $GITHUB_ENV - echo "::warning ::A branch already exists for this update" - else - echo "PROCEED=true" >> $GITHUB_ENV - fi - - name: Update package files - id: update_files - if: ${{ env.PROCEED == 'true' }} - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the version updater script - ./.github/workflows/updater.sh - retval=$? - # Check - if [ $retval -eq 0 ]; then - echo "PROCEED=true" >> $GITHUB_ENV - else - echo "PROCEED=false" >> $GITHUB_ENV - echo "::warning ::The updater script failed (exit code $retval)" - fi - # Replace new version in manifest - jq -s --indent 4 ".[] | .version = \"$VERSION~ynh1\"" manifest.json | sponge manifest.json - # Commit - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false - - name: Check outputs - if: ${{ env.PROCEED == 'true' }} - run: | - echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" - echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" - echo "Current version - ${{ steps.check_version.outputs.current_version }}" - echo "New version - ${{ steps.check_version.outputs.latest_version }}" From b5526e2e2e59adf1aaef6a759d8e6b443252f558 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 11 Sep 2021 22:02:09 +0200 Subject: [PATCH 22/41] Create updater.yml --- .github/workflows/updater.yml | 53 +++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..c56591a --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,53 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + ./.github/workflows/updater.sh + retval=$? + # Check if we are allowed to proceed + if [ $retval -eq 0 ]; then + echo "PROCEED=true" >> $GITHUB_ENV + else + echo "PROCEED=false" >> $GITHUB_ENV + echo "::warning ::The updater script failed (exit code $retval)" + fi + # Commit + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false From 45c171b14d72883c4b886d384a6d4f938c5ccd45 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 11 Sep 2021 22:09:20 +0200 Subject: [PATCH 23/41] Fix updater logics --- .github/workflows/updater.sh | 9 ++++++--- .github/workflows/updater.yml | 8 -------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 69cd362..08e75b0 100755 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -24,15 +24,17 @@ assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ echo "Current version: $current_version" echo "Latest release from upstream: $version" echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV # Proceed only if the retrieved version is greater than the current one if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then echo "::warning ::No new version available" - exit 1 + exit 0 # Proceed only if a PR for this new version does not already exist elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then echo "::warning ::A branch already exists for this update" - exit 1 + exit 0 fi # Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) @@ -122,5 +124,6 @@ jq -s --indent 4 ".[] | .version = \"$VERSION~ynh1\"" manifest.json | sponge man # No need to update the README, yunohost-bot takes care of it -# The Action will proceed only if a 0 exit code is returned +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml index c56591a..52e7a8b 100644 --- a/.github/workflows/updater.yml +++ b/.github/workflows/updater.yml @@ -25,14 +25,6 @@ jobs: git config --global user.email 'yunohost-bot@users.noreply.github.com' # Run the updater script ./.github/workflows/updater.sh - retval=$? - # Check if we are allowed to proceed - if [ $retval -eq 0 ]; then - echo "PROCEED=true" >> $GITHUB_ENV - else - echo "PROCEED=false" >> $GITHUB_ENV - echo "::warning ::The updater script failed (exit code $retval)" - fi # Commit git commit -am "Upgrade to v$VERSION" - name: Create Pull Request From 601566c4036bb78b5e2b291f2ea6a8779455834f Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 11 Sep 2021 22:19:16 +0200 Subject: [PATCH 24/41] =?UTF-8?q?Fix=20updater=20logics=C2=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/updater.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 08e75b0..e139f0c 100755 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -56,12 +56,9 @@ echo "Handling asset at $asset_url" # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) # Leave $src empty to ignore the asset case $asset_url in - *"admin"*) + *"node-red-"*) src="app" ;; - *"update"*) - src="app-upgrade" - ;; *) src="" ;; @@ -89,7 +86,7 @@ extension=${filename##*.} fi # Rewrite source file -cat < conf/app.src +cat < conf/$src.src SOURCE_URL=$DOWNLOAD_URL SOURCE_SUM=$checksum SOURCE_SUM_PRG=sha256sum From 8d07f9ce5ac84f4c1281acbc678223b2150b5901 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 11 Sep 2021 22:22:56 +0200 Subject: [PATCH 25/41] Fix updater logics, again --- .github/workflows/updater.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml index 52e7a8b..236dc10 100644 --- a/.github/workflows/updater.yml +++ b/.github/workflows/updater.yml @@ -25,7 +25,10 @@ jobs: git config --global user.email 'yunohost-bot@users.noreply.github.com' # Run the updater script ./.github/workflows/updater.sh - # Commit + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | git commit -am "Upgrade to v$VERSION" - name: Create Pull Request id: cpr From 3e84519f1579de14d44cdb79d4eea21cadc06704 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 17 Sep 2021 23:41:19 +0200 Subject: [PATCH 26/41] Fix NGINX conf for admin panel --- conf/nginx.conf | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 810ba5a..a5abd65 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,17 +1,19 @@ location ^~ __PATH__/ { - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } - proxy_pass http://localhost:__PORT__/; - proxy_set_header Host $host; - proxy_redirect http:// https://; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + rewrite ^__PATH__/admin$ https://$host__PATH__/admin/ permanent; - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + proxy_pass http://localhost:__PORT__/; + proxy_set_header Host $host; + proxy_redirect http:// https://; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } From d9ca625be441ec0098a3698ec461467919e832d7 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Sep 2021 17:20:18 +0200 Subject: [PATCH 27/41] Rework permissions and update script progression weights --- conf/nginx.conf | 1 + conf/settings.js | 2 +- manifest.json | 6 +++--- scripts/install | 41 ++++++++++++++++++++--------------------- scripts/restore | 4 ++-- scripts/upgrade | 37 +++++++++++++++---------------------- 6 files changed, 42 insertions(+), 49 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index a5abd65..eba319c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,6 +5,7 @@ location ^~ __PATH__/ { } rewrite ^__PATH__/admin$ https://$host__PATH__/admin/ permanent; + rewrite ^__PATH__/ui$ https://$host__PATH__/ui/ permanent; proxy_pass http://localhost:__PORT__/; proxy_set_header Host $host; diff --git a/conf/settings.js b/conf/settings.js index 5679534..d8da1c9 100644 --- a/conf/settings.js +++ b/conf/settings.js @@ -422,7 +422,7 @@ module.exports = { * middleware:{function or array}, (req,res,next) - http middleware * ioMiddleware:{function or array}, (socket,next) - socket.io middleware */ - ui: { path: "/" }, + ui: { path: "/ui" }, /** Colourise the console output of the debug node */ //debugUseColors: true, diff --git a/manifest.json b/manifest.json index 4121e89..21fc2fd 100644 --- a/manifest.json +++ b/manifest.json @@ -47,10 +47,10 @@ { "name": "is_public", "type": "boolean", - "default": true, + "default": false, "help": { - "en": "Should the dashboard and the nodes endpoints be publicly accessible?", - "fr": "Le tableau de bord et les routes des nodes doivent-ils être publiquement accessibles ?" + "en": "Should the dashboard be publicly accessible?", + "fr": "Le tableau de bord doit-il être publiquement accessible ?" } } ] diff --git a/scripts/install b/scripts/install index 52183fe..4179148 100755 --- a/scripts/install +++ b/scripts/install @@ -26,15 +26,6 @@ admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME -if [[ $path_url = "/" ]] -then - nodes_url="/" - admin_url="/admin" -else - nodes_url="$path_url" - admin_url="$path_url/admin" -fi - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -74,7 +65,7 @@ ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 +ynh_script_progression --message="Setting up source files..." --weight=2 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src @@ -91,7 +82,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # Install through npm #================================================= -ynh_script_progression --message="Installing Node-RED..." --weight=2 +ynh_script_progression --message="Installing Node-RED..." --weight=5 ynh_use_nodejs chown -R $app: "$final_path" @@ -104,7 +95,7 @@ popd #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=30 +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config @@ -128,7 +119,7 @@ chown -R $app: "$final_path" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=3 +ynh_script_progression --message="Configuring a systemd service..." --weight=1 # Create a dedicated systemd config ynh_add_systemd_config @@ -136,7 +127,7 @@ ynh_add_systemd_config #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=3 +ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -150,7 +141,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=2 +ynh_script_progression --message="Starting a systemd service..." --weight=3 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" @@ -160,16 +151,24 @@ ynh_systemd_action --service_name=$app --action="start" #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -# Make the dashboard and nodes endpoints public if necessary +# The "main" permission is automatically created before the install script. +# Here we use it for the endpoints root, they should be world-accessible by default +# Since it is meant for automated actions, we hide the tile from the SSO +ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false + +# Create the dashboard UI permission +ynh_permission_create --permission="ui" --url="/ui" --allowed="$admin" --show_tile=true + +# Reuse the main permission for the admin +ynh_permission_url --permission="main" --url="/admin" +ynh_permission_update --permission="main" --add="$admin" --remove="all_users" --show_tile=true + +# Make the dashboard public if necessary if [ $is_public -eq 1 ] then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" + ynh_permission_update --permission="ui" --remove="$admin" --add="visitors" fi -ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --label="admin" --show_tile=true - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/restore b/scripts/restore index 68ca03a..90d83c1 100755 --- a/scripts/restore +++ b/scripts/restore @@ -56,7 +56,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring Node-RED main directory..." --weight=10 +ynh_script_progression --message="Restoring Node-RED main directory..." --weight=5 ynh_restore_file --origin_path="$final_path" @@ -93,7 +93,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start" diff --git a/scripts/upgrade b/scripts/upgrade index 332fda1..3806876 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,15 +21,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) -if [[ $path_url = "/" ]] -then - nodes_url="/" - admin_url="/admin" -else - nodes_url="$path_url" - admin_url="$path_url/admin" -fi - #================================================= # CHECK VERSION #================================================= @@ -39,7 +30,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up Node-RED before upgrading (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up Node-RED before upgrading (may take a while)..." --weight=5 # Backup the current version of the app ynh_backup_before_upgrade @@ -68,14 +59,16 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -if ! ynh_permission_exists --permission="admin"; then - # Create the required permissions - ynh_permission_create --permission="admin" --url="/admin" --label="admin" --show_tile=true -fi - -if ynh_permission_exists --permission="ui"; then - # Delete the old permission - ynh_permission_delete --permission="ui" +# After 1.3.5~ynh2, permissions have been reworked +if ynh_permission_exists --permission="admin"; then + # Delete the admin permission, we use main for that now + ynh_permission_delete --permission="admin" + ynh_permission_url --permission="main" --url="/admin" + ynh_permission_update --permission="main" --remove="visitors" + # Create ui permission, for the dashboard + ynh_permission_create --permission="ui" --url="/ui" --show_tile=true + # Create endpoints permission + ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false fi #================================================= @@ -86,7 +79,7 @@ fi # allowing direct access to Node-RED... let's close it. if yunohost firewall list | grep -q "\- $port$" then - ynh_script_progression --message="Closing port $port..." + ynh_script_progression --message="Closing port $port..." --weight=1 ynh_exec_warn_less yunohost firewall disallow TCP $port fi @@ -114,7 +107,7 @@ fi if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=2 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" @@ -131,7 +124,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # Install through npm #================================================= -ynh_script_progression --message="Installing Node-RED..." --weight=30 +ynh_script_progression --message="Installing Node-RED..." --weight=5 ynh_use_nodejs @@ -193,7 +186,7 @@ yunohost service add $app --description="Low-code programming for event-driven a #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start" From d5212cd2751fd1aba11d8e62d34927b7f6712069 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Sep 2021 17:55:46 +0200 Subject: [PATCH 28/41] Fix flows data file name --- scripts/upgrade | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 3806876..31fbcc9 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -71,6 +71,13 @@ if ynh_permission_exists --permission="admin"; then ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false fi +# Flows were stored in file named after the hostname. +# Not very portable. Let's fix that. +if [ ! -f "$final_path/data/flows.json" ]; then + mv "$final_path/data/flows_$(hostname)_cred.json" "$final_path/data/flows_cred.json" + mv "$final_path/data/flows_$(hostname).json" "$final_path/data/flows.json" +fi + #================================================= # CLOSING PORT #================================================= From dd19df13f7089685f700ed89f7ef281ef614d4bd Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Sep 2021 18:03:40 +0200 Subject: [PATCH 29/41] Update README about permissions --- doc/DISCLAIMER.md | 6 +++--- doc/DISCLAIMER_fr.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 2727989..99d8e87 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,4 +1,4 @@ YunoHost's permissions system allows you to select which users can have access to Node-RED: -* `main` permission protects `./`, to access the dashboard and HTTP endpoints ; -By default it is accessible to visitors, since it is meant to be used for API-like endpoints ; -* `admin` permission protects `./admin`. Upon installation, the selected admin will have sole access to it. +* `main` permission protects `/admin`, the flows editor. The administrator is chosen during installation ; +* `ui` permission protects `/ui`, the dashboard allowing visual interface for the flows. Public access is chosen during installation ; +* `endpoints` permission protects `/`, for API-like endpoints. By default, it is world-accessible. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 3e920ff..6ae47e3 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,4 +1,4 @@ Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : -* la permission `main` protège `./`, chemin d'accès au tableau de bord et les *nodes* HTTP. -Par défault, elle est accessible aux visiteurs, puisqu'elle est utilisée comme un point d'entrée de type API ; -* la permission `admin` protège `./admin`. L'administrateur sélectionné à l'installation y aura accès. +* la permission `main` protège `/admin`, l'éditeur de flux. L'administrateur est sélectionné pendant l'installation ; +* la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation. ; +* la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. Par défault, elle est accessible aux visiteurs. From 31b0618860ee73f467d746b9b26a55ebbfe3ec24 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 18 Sep 2021 16:03:52 +0000 Subject: [PATCH 30/41] Auto-update README --- README.md | 6 +++--- README_fr.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 33d1af7..54e6b7f 100644 --- a/README.md +++ b/README.md @@ -28,9 +28,9 @@ Flow-based programming for the Internet of Things ## Disclaimers / important information YunoHost's permissions system allows you to select which users can have access to Node-RED: -* `main` permission protects `./`, to access the dashboard and HTTP endpoints ; -By default it is accessible to visitors, since it is meant to be used for API-like endpoints ; -* `admin` permission protects `./admin`. Upon installation, the selected admin will have sole access to it. +* `main` permission protects `/admin`, the flows editor. The administrator is chosen during installation ; +* `ui` permission protects `/ui`, the dashboard allowing visual interface for the flows. Public access is chosen during installation ; +* `endpoints` permission protects `/`, for API-like endpoints. By default, it is world-accessible. ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index 479c7e1..35f3c46 100644 --- a/README_fr.md +++ b/README_fr.md @@ -24,9 +24,9 @@ Programmation par flux de données pour l'Internet des objets ## Avertissements / informations importantes Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : -* la permission `main` protège `./`, chemin d'accès au tableau de bord et les *nodes* HTTP. -Par défault, elle est accessible aux visiteurs, puisqu'elle est utilisée comme un point d'entrée de type API ; -* la permission `admin` protège `./admin`. L'administrateur sélectionné à l'installation y aura accès. +* la permission `main` protège `/admin`, l'éditeur de flux. L'administrateur est sélectionné pendant l'installation ; +* la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation. ; +* la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. Par défault, elle est accessible aux visiteurs. ## Documentations et ressources From c68b0b8722270a8a85033668305fa0ca303e5f18 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Wed, 22 Sep 2021 21:51:09 +0200 Subject: [PATCH 31/41] Make the CI happy by returning 200 status code on / --- conf/flows.json | 68 +++++++++++++++++++++++++++++++++++++++++++++++++ scripts/install | 5 ++++ 2 files changed, 73 insertions(+) create mode 100644 conf/flows.json diff --git a/conf/flows.json b/conf/flows.json new file mode 100644 index 0000000..a6a0b8f --- /dev/null +++ b/conf/flows.json @@ -0,0 +1,68 @@ +[ + { + "id": "bc116265cdf0e254", + "type": "tab", + "label": "Flow 1", + "disabled": false, + "info": "" + }, + { + "id": "255633424e315905", + "type": "http in", + "z": "bc116265cdf0e254", + "name": "", + "url": "/", + "method": "get", + "upload": false, + "swaggerDoc": "", + "x": 130, + "y": 160, + "wires": [ + [ + "a2420c0d393687a4" + ] + ] + }, + { + "id": "274b98239a2ae817", + "type": "http response", + "z": "bc116265cdf0e254", + "name": "", + "statusCode": "200", + "headers": { + "test": "test" + }, + "x": 460, + "y": 160, + "wires": [] + }, + { + "id": "a2420c0d393687a4", + "type": "function", + "z": "bc116265cdf0e254", + "name": "Set answer's body", + "func": "msg.payload=\"Node-RED has been sucessfully installed!\";\n\nreturn msg;", + "outputs": 1, + "noerr": 0, + "initialize": "", + "finalize": "", + "libs": [], + "x": 290, + "y": 160, + "wires": [ + [ + "274b98239a2ae817" + ] + ] + }, + { + "id": "cb54e0b32ffe6082", + "type": "comment", + "z": "bc116265cdf0e254", + "name": "Demo of HTTP node for Node-RED", + "info": "", + "x": 220, + "y": 120, + "wires": [] + } +] \ No newline at end of file diff --git a/scripts/install b/scripts/install index 4179148..1205377 100755 --- a/scripts/install +++ b/scripts/install @@ -108,6 +108,11 @@ ynh_add_nginx_config mkdir -p $final_path/data ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js" +# Small hack to have the "/" path answer with a 200 code to satisfy the CI +if [[ "${PACKAGE_CHECK_EXEC:-}" = "1" ]] ; then + ynh_add_config --template="../conf/flows.json" --destination="$final_path/data/flows.json" +fi + #================================================= # SECURE FILES AND DIRECTORIES #================================================= From 07bac87075cb6cd09762c126e5586a091dafd79e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 23 Sep 2021 19:42:23 +0200 Subject: [PATCH 32/41] Protect endpoints with is_public setting too --- scripts/install | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 1205377..8596869 100755 --- a/scripts/install +++ b/scripts/install @@ -159,10 +159,10 @@ ynh_script_progression --message="Configuring permissions..." --weight=1 # The "main" permission is automatically created before the install script. # Here we use it for the endpoints root, they should be world-accessible by default # Since it is meant for automated actions, we hide the tile from the SSO -ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false +ynh_permission_create --permission="endpoints" --url="/" --show_tile=false # Create the dashboard UI permission -ynh_permission_create --permission="ui" --url="/ui" --allowed="$admin" --show_tile=true +ynh_permission_create --permission="ui" --url="/ui" --show_tile=true # Reuse the main permission for the admin ynh_permission_url --permission="main" --url="/admin" @@ -171,7 +171,11 @@ ynh_permission_update --permission="main" --add="$admin" --remove="all_users" -- # Make the dashboard public if necessary if [ $is_public -eq 1 ] then - ynh_permission_update --permission="ui" --remove="$admin" --add="visitors" + ynh_permission_update --permission="ui" --add="visitors" + ynh_permission_update --permission="endpoints" --add="visitors" +else + ynh_permission_update --permission="ui" --add="$admin" + ynh_permission_update --permission="endpoints" --add="$admin" fi #================================================= From 191e363e7c046e364472f7b8be9a231654d5e8c8 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 23 Sep 2021 20:03:27 +0200 Subject: [PATCH 33/41] Remove ynh_webpath_available in restore --- scripts/restore | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index 90d83c1..a4820f7 100755 --- a/scripts/restore +++ b/scripts/restore @@ -32,8 +32,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " From a204fd5cc06958790e0d70af8221bfe5e47d675b Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 23 Sep 2021 20:06:16 +0200 Subject: [PATCH 34/41] Remove superfluous examples in manifest --- manifest.json | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/manifest.json b/manifest.json index 21fc2fd..bd4272b 100644 --- a/manifest.json +++ b/manifest.json @@ -30,8 +30,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "path", @@ -41,8 +40,7 @@ }, { "name": "admin", - "type": "user", - "example": "johndoe" + "type": "user" }, { "name": "is_public", From ae77da46540dedb1306a4a615425fcd0c785dda3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 23 Sep 2021 20:24:05 +0200 Subject: [PATCH 35/41] Update is_public description --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index bd4272b..132dcc9 100644 --- a/manifest.json +++ b/manifest.json @@ -47,8 +47,8 @@ "type": "boolean", "default": false, "help": { - "en": "Should the dashboard be publicly accessible?", - "fr": "Le tableau de bord doit-il être publiquement accessible ?" + "en": "Should the dashboard and HTTP endpoints be publicly accessible?", + "fr": "Le tableau de bord et les points d'accès HTTP doivent-ils être publiquement accessibles ?" } } ] From 14b4b6091f3b9a7666ae134cb41617611bdf0ba4 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 23 Sep 2021 21:13:59 +0200 Subject: [PATCH 36/41] Ensure new permissions are tested upon upgrade --- scripts/upgrade | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 31fbcc9..f8728c9 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -68,7 +68,7 @@ if ynh_permission_exists --permission="admin"; then # Create ui permission, for the dashboard ynh_permission_create --permission="ui" --url="/ui" --show_tile=true # Create endpoints permission - ynh_permission_create --permission="endpoints" --url="/" --allowed="visitors" --show_tile=false + ynh_permission_create --permission="endpoints" --url="/" --show_tile=false fi # Flows were stored in file named after the hostname. @@ -157,6 +157,11 @@ ynh_add_nginx_config # Set up the settings file ynh_add_config --template="../conf/settings.js" --destination="$final_path/data/settings.js" +# Small hack to have the "/" path answer with a 200 code to satisfy the CI +if [[ "${PACKAGE_CHECK_EXEC:-}" = "1" ]] ; then + ynh_add_config --template="../conf/flows.json" --destination="$final_path/data/flows.json" +fi + #================================================= # SETUP LOGROTATE #================================================= From 61df0e8726d8cf5f14cb15d87423071586184b49 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 24 Sep 2021 23:57:36 +0200 Subject: [PATCH 37/41] Attempt to fix check_process and permissions testing after upgrade --- check_process | 7 +++---- scripts/upgrade | 11 +++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/check_process b/check_process index 2f80830..bf14e26 100644 --- a/check_process +++ b/check_process @@ -3,8 +3,7 @@ domain="domain.tld" path="/path" admin="john" - password="pass" - port="666" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -24,7 +23,7 @@ Notification=none ;;; Upgrade options ; commit=453b13703bb418a7da33ed4f3e96a486b365d865 name=v1.2.9 2021-02-20 - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&port=666& + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1& ; commit=2b01dad6ce2214a07f8b5dd63ee040c34268204c name=Merge pull request #26 from YunoHost-Apps/testing - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&port=666& + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1& diff --git a/scripts/upgrade b/scripts/upgrade index f8728c9..e22f89f 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -61,14 +61,21 @@ fi # After 1.3.5~ynh2, permissions have been reworked if ynh_permission_exists --permission="admin"; then - # Delete the admin permission, we use main for that now + # Delete the admin permission ynh_permission_delete --permission="admin" + # We use main as admin permission ynh_permission_url --permission="main" --url="/admin" - ynh_permission_update --permission="main" --remove="visitors" # Create ui permission, for the dashboard ynh_permission_create --permission="ui" --url="/ui" --show_tile=true # Create endpoints permission ynh_permission_create --permission="endpoints" --url="/" --show_tile=false + # Transfer the publicness of the app to ui and endpoints + if ynh_permission_has_user --permission=main --user=visitors; then + ynh_permission_update --permission="ui" --add="visitors" + ynh_permission_update --permission="endpoints" --add="visitors" + fi + # Remove visitor access to the admin panel + ynh_permission_update --permission="main" --remove="visitors" fi # Flows were stored in file named after the hostname. From 0c9c5198d66c914691fffba03330364a15b5344f Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 11:38:19 +0200 Subject: [PATCH 38/41] Update DISCLAIMER and add DESCRIPTION --- doc/DESCRIPTION.md | 10 ++++++++++ doc/DESCRIPTION_fr.md | 10 ++++++++++ doc/DISCLAIMER.md | 2 ++ doc/DISCLAIMER_fr.md | 2 ++ 4 files changed, 24 insertions(+) create mode 100644 doc/DESCRIPTION.md create mode 100644 doc/DESCRIPTION_fr.md diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..2005b21 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,10 @@ +Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. + +It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click. + +### Features + +- Browser-based flow editing +- On-click deployment of the flows +- Over 225,000 modules available +- Custom JavaScript functions can be written diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..4248bd3 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1,10 @@ +Node-RED est un outil de programmation pour connecter des appareils, API, et des services en ligne en de nouvelles et intéressantes façons. + +Il propose un éditeur accessible dans le navigateur, qui facilite l'ébauche de flux qui connectent ensemble la grande variété de nœuds disponibles dans sa palette. Ces flux sont ensuite activables et déployables en un clic. + +### Fonctionnalités + +- Edition de flux dans le navigateur +- Déploiement des flux en un clic +- Plus de 225 000 modules disponibles +- Fonctions personnalisées en JavaScript diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 99d8e87..8b4e91d 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -2,3 +2,5 @@ YunoHost's permissions system allows you to select which users can have access t * `main` permission protects `/admin`, the flows editor. The administrator is chosen during installation ; * `ui` permission protects `/ui`, the dashboard allowing visual interface for the flows. Public access is chosen during installation ; * `endpoints` permission protects `/`, for API-like endpoints. By default, it is world-accessible. + +If you have upgraded Node-RED beyond v2, check that these permissions suit you in your YunoHost admin panel. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 6ae47e3..eb374a2 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -2,3 +2,5 @@ Le système de permissions de YunoHost permet de paramétrer les accès à Node- * la permission `main` protège `/admin`, l'éditeur de flux. L'administrateur est sélectionné pendant l'installation ; * la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation. ; * la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. Par défault, elle est accessible aux visiteurs. + +Si vous avez mis à jour Node-RED au-delà de la version 2, vérifiez que ces permissions vous conviennent dans votre panneau d'administration de YunoHost. From e3b2919c4839257693fa45d6b0c4940bb5987831 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 25 Sep 2021 09:38:33 +0000 Subject: [PATCH 39/41] Auto-update README --- README.md | 14 +++++++++++++- README_fr.md | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 54e6b7f..6fe0ae3 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,17 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Flow-based programming for the Internet of Things +Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. + +It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click. + +### Features + +- Browser-based flow editing +- On-click deployment of the flows +- Over 225,000 modules available +- Custom JavaScript functions can be written + **Shipped version:** 2.0.6~ynh1 @@ -32,6 +42,8 @@ YunoHost's permissions system allows you to select which users can have access t * `ui` permission protects `/ui`, the dashboard allowing visual interface for the flows. Public access is chosen during installation ; * `endpoints` permission protects `/`, for API-like endpoints. By default, it is world-accessible. +If you have upgraded Node-RED beyond v2, check that these permissions suit you in your YunoHost admin panel. + ## Documentation and resources * Official app website: https://nodered.org diff --git a/README_fr.md b/README_fr.md index 35f3c46..9f35a32 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,17 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble -Programmation par flux de données pour l'Internet des objets +Node-RED est un outil de programmation pour connecter des appareils, API, et des services en ligne en de nouvelles et intéressantes façons. + +Il propose un éditeur accessible dans le navigateur, qui facilite l'ébauche de flux qui connectent ensemble la grande variété de nœuds disponibles dans sa palette. Ces flux sont ensuite activables et déployables en un clic. + +### Fonctionnalités + +- Edition de flux dans le navigateur +- Déploiement des flux en un clic +- Plus de 225 000 modules disponibles +- Fonctions personnalisées en JavaScript + **Version incluse :** 2.0.6~ynh1 @@ -28,6 +38,8 @@ Le système de permissions de YunoHost permet de paramétrer les accès à Node- * la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation. ; * la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. Par défault, elle est accessible aux visiteurs. +Si vous avez mis à jour Node-RED au-delà de la version 2, vérifiez que ces permissions vous conviennent dans votre panneau d'administration de YunoHost. + ## Documentations et ressources * Site officiel de l'app : https://nodered.org From 656fcd0f58c38ffb688cce7ae1803a9abc5cccb8 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 25 Sep 2021 11:40:40 +0200 Subject: [PATCH 40/41] Fix DISCLAIMER --- doc/DISCLAIMER.md | 2 +- doc/DISCLAIMER_fr.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 8b4e91d..83c5a62 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,6 +1,6 @@ YunoHost's permissions system allows you to select which users can have access to Node-RED: * `main` permission protects `/admin`, the flows editor. The administrator is chosen during installation ; * `ui` permission protects `/ui`, the dashboard allowing visual interface for the flows. Public access is chosen during installation ; -* `endpoints` permission protects `/`, for API-like endpoints. By default, it is world-accessible. +* `endpoints` permission protects `/`, for API-like endpoints. Public access is chosen during installation. If you have upgraded Node-RED beyond v2, check that these permissions suit you in your YunoHost admin panel. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index eb374a2..93d2754 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,6 +1,6 @@ Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : * la permission `main` protège `/admin`, l'éditeur de flux. L'administrateur est sélectionné pendant l'installation ; -* la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation. ; -* la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. Par défault, elle est accessible aux visiteurs. +* la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation ; +* la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. L'accès public est défini lors de l'installation. Si vous avez mis à jour Node-RED au-delà de la version 2, vérifiez que ces permissions vous conviennent dans votre panneau d'administration de YunoHost. From d4f8f9afc419258ff5c0e181acd01aeba66ab5a1 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 25 Sep 2021 09:41:04 +0000 Subject: [PATCH 41/41] Auto-update README --- README.md | 2 +- README_fr.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6fe0ae3..8f26ce0 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ It provides a browser-based editor that makes it easy to wire together flows usi YunoHost's permissions system allows you to select which users can have access to Node-RED: * `main` permission protects `/admin`, the flows editor. The administrator is chosen during installation ; * `ui` permission protects `/ui`, the dashboard allowing visual interface for the flows. Public access is chosen during installation ; -* `endpoints` permission protects `/`, for API-like endpoints. By default, it is world-accessible. +* `endpoints` permission protects `/`, for API-like endpoints. Public access is chosen during installation. If you have upgraded Node-RED beyond v2, check that these permissions suit you in your YunoHost admin panel. diff --git a/README_fr.md b/README_fr.md index 9f35a32..4e1e058 100644 --- a/README_fr.md +++ b/README_fr.md @@ -35,8 +35,8 @@ Il propose un éditeur accessible dans le navigateur, qui facilite l'ébauche de Le système de permissions de YunoHost permet de paramétrer les accès à Node-RED : * la permission `main` protège `/admin`, l'éditeur de flux. L'administrateur est sélectionné pendant l'installation ; -* la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation. ; -* la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. Par défault, elle est accessible aux visiteurs. +* la permisison `ui` protège `/ui`, le tableau de bord permettant de donner une interface graphique aux flux. L'accès public est défini lors de l'installation ; +* la permission `endpoints` protège `/`, pour notamment les points d'entrée de type API. L'accès public est défini lors de l'installation. Si vous avez mis à jour Node-RED au-delà de la version 2, vérifiez que ces permissions vous conviennent dans votre panneau d'administration de YunoHost.