diff --git a/conf/.env b/conf/.env index f5279ed..911b979 100644 --- a/conf/.env +++ b/conf/.env @@ -54,8 +54,8 @@ AWS_S3_ACL=private # # When configuring the Client ID, add a redirect URL under "OAuth & Permissions": # https:///auth/slack.callback -SLACK_KEY=__SLACK_KEY__ -SLACK_SECRET=__SLACK_SECRET__ +SLACK_KEY= +SLACK_SECRET= # To configure Google auth, you'll need to create an OAuth Client ID at # => https://console.cloud.google.com/apis/credentials @@ -75,18 +75,18 @@ AZURE_RESOURCE_APP_ID= # To configure generic OIDC auth, you'll need some kind of identity provider. # See documentation for whichever IdP you use to acquire the following info: # Redirect URI is https:///auth/oidc.callback -OIDC_CLIENT_ID= -OIDC_CLIENT_SECRET= -OIDC_AUTH_URI= -OIDC_TOKEN_URI= -OIDC_USERINFO_URI= +OIDC_CLIENT_ID=__OIDC_NAME__ +OIDC_CLIENT_SECRET=__OIDC_SECRET__ +OIDC_AUTH_URI=https://__DEX_DOMAIN____DEX_PATH__auth +OIDC_TOKEN_URI=https://__DEX_DOMAIN____DEX_PATH__token +OIDC_USERINFO_URI=https://__DEX_DOMAIN____DEX_PATH__userinfo # Specify which claims to derive user information from # Supports any valid JSON path with the JWT payload OIDC_USERNAME_CLAIM=preferred_username # Display name for OIDC authentication -OIDC_DISPLAY_NAME=OpenID +OIDC_DISPLAY_NAME=Yunohost # Space separated auth scopes. OIDC_SCOPES="openid profile email" diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index d406a37..8bca22d 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -2,22 +2,12 @@ 1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server** 2. The app requires MinIO app to be installed (MinIO installation is automatic, though) -3. The app is requiring two full dedicated domains (one for MinIO server, one for Outline) +3. The app is requiring three domains including two fully dedicated (one for MinIO server, one for Dex, one for Outline) 4. ARM architectures are not supported (and may never be as Outline was built for AMD64) -5. Not yet working Yunohost SSO integration (for now it requires a Slack account and Slack app - see below) 6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly -### How to create a "Slack app" and get your "Client ID" and "Signing Secret" +### How to create an admin user -You should perform all below steps before starting the package installation on Yunohost : -1. Visit https://api.slack.com/apps -2. Sign in into a Slack workspace -3. Create a new app from scratch -4. Give it a name and associate it to your workspace - -![image](https://user-images.githubusercontent.com/24638389/134668089-3b1a73f2-dbca-47c4-8e57-1ee26d1c034a.png) - -6. In the basic information tab, you'll find a "Client ID" and a "Signing Secret" - keep both as you'll need them to run the package installation -7. Go to "Features" then "OAuth & Permissions" -8. Add a new redirect URL. Use https://example.mydomain.fr/auth/slack.callback (assuming https://example.mydomain.fr is the domain on which you will install outline package) \ No newline at end of file +The first user to login will automatically be granted admin rights +You can then change the user rights by default and/or change the admin user afterwards from the Outline settings page \ No newline at end of file diff --git a/manifest.json b/manifest.json index 460181d..5f544c2 100644 --- a/manifest.json +++ b/manifest.json @@ -31,7 +31,9 @@ "install" : [ { "name": "domain", - "type": "domain" + "type": "domain", + "example": "wiki.domain.tld", + "ask": "Domain for Outline app. This will be the main domain to access the wiki. Outline has to be installed at the root" }, { "name": "is_public", @@ -49,19 +51,22 @@ "default": "en" }, { - "name": "slack_key", - "type": "string", - "ask": "Slack Client ID (from https://api.slack.com/apps)" + "name": "dex_domain", + "type": "domain", + "example": "auth.domain.tld", + "ask": "Domain for authentification. It can't be the same domain as above. Dex app will be installed and used for the authentification mechanism" }, { - "name": "slack_secret", - "type": "string", - "ask": "Slack Client Secret (from https://api.slack.com/apps)" + "name": "dex_path", + "type": "path", + "example": "/example", + "default": "/example" }, { "name": "minio_domain", "type": "domain", - "ask": "Domain for MinIO app (if not yet installed, it will automatically be). Please note that this domain has to be free from any app" + "example": "docs.domain.tld", + "ask": "Domain for Minio app, used for images and attachements storage. If not yet installed, it will automatically be. Minio has to be installed at the root" } ] } diff --git a/scripts/backup b/scripts/backup index aa826ad..ffe6481 100755 --- a/scripts/backup +++ b/scripts/backup @@ -34,13 +34,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP diff --git a/scripts/change_url b/scripts/change_url index 84a524e..40cc62b 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -33,13 +33,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP diff --git a/scripts/install b/scripts/install index 05b8ba6..b533def 100755 --- a/scripts/install +++ b/scripts/install @@ -41,9 +41,6 @@ fi secret_key=$(ynh_hex_32_random) utils_secret=$(ynh_hex_32_random) -slack_key=$YNH_APP_ARG_SLACK_KEY -slack_secret=$YNH_APP_ARG_SLACK_SECRET - app=$YNH_APP_INSTANCE_NAME #================================================= @@ -64,6 +61,23 @@ minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +#================================================= +# CHECK IF MINIO IS INSTALLED, IF NOT INSTALL IT +#================================================= +ynh_script_progression --message="Installing Dex..." --weight=18 + +dex_domain=$YNH_APP_ARG_DEX_DOMAIN +dex_path=$YNH_APP_ARG_DEX_PATH +oidc_secret=$(ynh_hex_32_random) +oidc_name="Outline" +oidc_callback="$domain/auth/oidc.callback" + +if yunohost app list | grep -q "$YNH_APP_ARG_DEX_DOMAIN"; then + ynh_die "The domain provided for Dex is already used by another app. Please chose another one !" +fi + +yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback" + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -85,10 +99,12 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret -ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key -ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret ynh_app_setting_set --app=$app --key=language_key --value=$language_key - +ynh_app_setting_set --app=$app --key=dex_domain --value=$dex_domain +ynh_app_setting_set --app=$app --key=dex_path --value=$dex_path +ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name +ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret +ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback #================================================= # STANDARD MODIFICATIONS diff --git a/scripts/remove b/scripts/remove index 7fc17c9..7a3b163 100755 --- a/scripts/remove +++ b/scripts/remove @@ -21,15 +21,16 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path_url) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) - - minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # STANDARD REMOVE diff --git a/scripts/restore b/scripts/restore index 6f6687c..53c19ba 100755 --- a/scripts/restore +++ b/scripts/restore @@ -43,13 +43,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # CHECK IF THE APP CAN BE RESTORED diff --git a/scripts/upgrade b/scripts/upgrade index 14abc17..2f9759a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,13 +22,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # CHECK VERSION