Merge pull request #14 from YunoHost-Apps/testing

Upgrade

.github/workflows/updater.sh

@@ -0,0 +1,106 @@
+#!/bin/bash
+
+#=================================================
+# PACKAGE UPDATING HELPER
+#=================================================
+
+# This script is meant to be run by GitHub Actions
+# The YunoHost-Apps organisation offers a template Action to run this script periodically
+# Since each app is different, maintainers can adapt its contents so as to perform
+# automatic actions when a new upstream release is detected.
+
+#=================================================
+# FETCHING LATEST RELEASE AND ITS ASSETS
+#=================================================
+
+# Fetching information
+current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
+repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
+# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
+version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
+assets="https://github.com/PrivateBin/PrivateBin/archive/$version.tar.gz"
+
+# Later down the script, we assume the version has only digits and dots
+# Sometimes the release name starts with a "v", so let's filter it out.
+# You may need more tweaks here if the upstream repository has different naming conventions.
+if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
+	version=${version:1}
+fi
+
+# Setting up the environment variables
+echo "Current version: $current_version"
+echo "Latest release from upstream: $version"
+echo "VERSION=$version" >> $GITHUB_ENV
+echo "REPO=$repo" >> $GITHUB_ENV
+# For the time being, let's assume the script will fail
+echo "PROCEED=false" >> $GITHUB_ENV
+
+# Proceed only if the retrieved version is greater than the current one
+if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
+	echo "::warning ::No new version available"
+	exit 0
+# Proceed only if a PR for this new version does not already exist
+elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
+	echo "::warning ::A branch already exists for this update"
+	exit 0
+fi
+
+#=================================================
+# UPDATE SOURCE FILES
+#=================================================
+
+# Let's download source tarball
+asset_url=$assets
+
+echo "Handling asset at $asset_url"
+
+src="app"
+
+# Create the temporary directory
+tempdir="$(mktemp -d)"
+
+# Download sources and calculate checksum
+filename=${asset_url##*/}
+curl --silent -4 -L $asset_url -o "$tempdir/$filename"
+checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
+
+# Delete temporary directory
+rm -rf $tempdir
+
+# Get extension
+if [[ $filename == *.tar.gz ]]; then
+  extension=tar.gz
+else
+  extension=${filename##*.}
+fi
+
+# Rewrite source file
+cat <<EOT > conf/$src.src
+SOURCE_URL=$asset_url
+SOURCE_SUM=$checksum
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=$extension
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
+EOT
+echo "... conf/$src.src updated"
+
+#=================================================
+# SPECIFIC UPDATE STEPS
+#=================================================
+
+# Any action on the app's source code can be done.
+# The GitHub Action workflow takes care of committing all changes after this script ends.
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+
+# Replace new version in manifest
+echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
+
+# No need to update the README, yunohost-bot takes care of it
+
+# The Action will proceed only if the PROCEED environment variable is set to true
+echo "PROCEED=true" >> $GITHUB_ENV
+exit 0

.github/workflows/updater.yml

@@ -0,0 +1,49 @@
+# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
+# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
+# This file should be enough by itself, but feel free to tune it to your needs.
+# It calls updater.sh, which is where you should put the app-specific update steps.
+name: Check for new upstream releases
+on:
+  # Allow to manually trigger the workflow
+  workflow_dispatch:
+  # Run it every day at 6:00 UTC
+  schedule:
+    - cron:  '0 6 * * *'
+jobs:
+  updater:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch the source code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run the updater script
+        id: run_updater
+        run: |
+          # Setting up Git user
+          git config --global user.name 'yunohost-bot'
+          git config --global user.email 'yunohost-bot@users.noreply.github.com'
+          # Run the updater script
+          /bin/bash .github/workflows/updater.sh
+      - name: Commit changes
+        id: commit
+        if: ${{ env.PROCEED == 'true' }}
+        run: |
+          git commit -am "Upgrade to v$VERSION"
+      - name: Create Pull Request
+        id: cpr
+        if: ${{ env.PROCEED == 'true' }}
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Update to version ${{ env.VERSION }}
+          committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          signoff: false
+          base: testing
+          branch: ci-auto-update-v${{ env.VERSION }}
+          delete-branch: true
+          title: 'Upgrade to version ${{ env.VERSION }}'
+          body: |
+            Upgrade to v${{ env.VERSION }}
+          draft: false

README.md

@@ -5,7 +5,7 @@ It shall NOT be edited by hand.
 
 # PrivateBin for YunoHost
 
-[![Integration level](https://dash.yunohost.org/integration/privatebin.svg)](https://dash.yunohost.org/appci/app/privatebin) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.maintain.svg)  
+[![Integration level](https://dash.yunohost.org/integration/privatebin.svg)](https://dash.yunohost.org/appci/app/privatebin) ![Working status](https://ci-apps.yunohost.org/ci/badges/privatebin.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/privatebin.maintain.svg)  
 [![Install PrivateBin with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=privatebin)
 
 *[Lire ce readme en français.](./README_fr.md)*
@@ -17,44 +17,48 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 Minimalist pastebin where the server has zero knowledge of pasted data
 
-**Shipped version:** 1.4.0~ynh1
+Data is encrypted/decrypted in the browser using 256bit AES in Galois Counter mode.
+
+This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was refactored to allow easier and cleaner extensions and has now much more features than the original. It is however still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data.
+
+
+**Shipped version:** 1.4.0~ynh2
+
 
 **Demo:** https://privatebin.net/
 
 ## Screenshots
 
-![](./doc/screenshots/bootstrap.png)
+![Screenshot of PrivateBin](./doc/screenshots/bootstrap.png)
 
 ## Disclaimers / important information
 
 ## Additional information
 
-Data is encrypted/decrypted in the browser using 256bit AES in Galois Counter mode.
+In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of PrivateBin, it is specified that:
-
-This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was refactored to allow easier and cleaner extensions and has now much more features than the original. It is however still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data.
-
-In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of ParsteBin, it is specified that:
 
 For full compatibility with ZeroBin and to be able to decrypt old pastes, you would enable this option. However this is not recommend for new installations as it weakens the security of your PrivateBin instance.
 
 This means that we have decided to delete the directory that allows us to save the data. You can save the 'data' directory, if you want to keep your data. But you should know that this weakens the security of this application.
+
 ## Documentation and resources
 
-* Official app website: https://privatebin.info/
+* Official app website: <https://privatebin.info/>
-* Official admin documentation: https://github.com/PrivateBin/PrivateBin/wiki
+* Official admin documentation: <https://github.com/PrivateBin/PrivateBin/wiki>
-* Upstream app code repository: https://github.com/PrivateBin/PrivateBin
+* Upstream app code repository: <https://github.com/PrivateBin/PrivateBin>
-* YunoHost documentation for this app: https://yunohost.org/app_privatebin
+* YunoHost documentation for this app: <https://yunohost.org/app_privatebin>
-* Report a bug: https://github.com/YunoHost-Apps/privatebin_ynh/issues
+* Report a bug: <https://github.com/YunoHost-Apps/privatebin_ynh/issues>
 
 ## Developer info
 
 Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing).
 
 To try the testing branch, please proceed like that.
-```
+
+``` bash
 sudo yunohost app install https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing --debug
 or
 sudo yunohost app upgrade privatebin -u https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing --debug
 ```
 
-**More info regarding app packaging:** https://yunohost.org/packaging_apps
+**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

README_fr.md

@@ -1,10 +1,14 @@
+<!--
+N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
+It shall NOT be edited by hand.
+-->
+
 # PrivateBin pour YunoHost
 
-[![Niveau d'intégration](https://dash.yunohost.org/integration/privatebin.svg)](https://dash.yunohost.org/appci/app/privatebin) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.maintain.svg)  
+[![Niveau d'intégration](https://dash.yunohost.org/integration/privatebin.svg)](https://dash.yunohost.org/appci/app/privatebin) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/privatebin.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/privatebin.maintain.svg)  
 [![Installer PrivateBin avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=privatebin)
 
 *[Read this readme in english.](./README.md)*
-*[Lire ce readme en français.](./README_fr.md)*
 
 > *Ce package vous permet d'installer PrivateBin rapidement et simplement sur un serveur YunoHost.
 Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
@@ -13,44 +17,48 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 Pastebin minimaliste où le serveur n'a aucune connaissance des données copiées
 
-**Version incluse :** 1.4.0~ynh1
+Les données sont chiffrées et déchiffrées dans le navigateur en utilisant la technologie AES 256bits en mode Galois Counter (GCM).
+
+Ce projet est un fork de ZeroBin, développé à l'origine par Sébastien Sauvage. Il a été ré-écrit pour accepter plus facilement des extensions en rajoutant plus de fonctionnalités. Il reste cependant compatible avec le schéma original de stockage des données Zerobin 0.19. Ainsi toutes les installations peuvent être mises à jour vers ce projet, sans perte de données.
+
+
+**Version incluse :** 1.4.0~ynh2
+
 
 **Démo :** https://privatebin.net/
 
 ## Captures d'écran
 
-![](./doc/screenshots/bootstrap.png)
+![Capture d'écran de PrivateBin](./doc/screenshots/bootstrap.png)
 
 ## Avertissements / informations importantes
 
 ## Informations additionnelles
 
-Les données sont chiffrées et déchiffrées dans le navigateur en utilisant la technologie AES 256bits en mode Galois Counter (GCM).
-
-Ce projet est un fork de ZeroBin, développé à l'origine par Sébastien Sauvage. Il a été ré-écrit pour accepter plus facilement des extensions en rajoutant plus de fonctionnalités. Il reste cependant compatible avec le schéma original de stockage des données Zerobin 0.19. Ainsi toutes les installations peuvent être mises à jour vers ce projet, sans perte de données.
-
 Dans la [documentation de mise à jour](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) de PrivateBin, il est précisé que :
 
 Pour une compatibilité complète avec Zerobin et le déchiffrement de tous les vieux "paste", vous devriez activer cette option. Cependant, ce n'est pas recommandé pour les nouvelles installations car cela affaiblit la sécurité de votre instance PrivateBin.
 
 Ceci signifie que nous avons décidé de supprimer ce répertoire pour permettre la sécurisation des données. Vous pouvez sauvegarder le répertoire 'data', si vous voulez conservez vos données. Mais vous devriez savoir que cela réduit la sécurité de votre application.
+
 ## Documentations et ressources
 
-* Site officiel de l'app : https://privatebin.info/
+* Site officiel de l'app : <https://privatebin.info/>
-* Documentation officielle de l'admin : https://github.com/PrivateBin/PrivateBin/wiki
+* Documentation officielle de l'admin : <https://github.com/PrivateBin/PrivateBin/wiki>
-* Dépôt de code officiel de l'app : https://github.com/PrivateBin/PrivateBin
+* Dépôt de code officiel de l'app : <https://github.com/PrivateBin/PrivateBin>
-* Documentation YunoHost pour cette app : https://yunohost.org/app_privatebin
+* Documentation YunoHost pour cette app : <https://yunohost.org/app_privatebin>
-* Signaler un bug : https://github.com/YunoHost-Apps/privatebin_ynh/issues
+* Signaler un bug : <https://github.com/YunoHost-Apps/privatebin_ynh/issues>
 
 ## Informations pour les développeurs
 
 Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing).
 
 Pour essayer la branche testing, procédez comme suit.
-```
+
+``` bash
 sudo yunohost app install https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing --debug
 ou
 sudo yunohost app upgrade privatebin -u https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing --debug
 ```
 
-**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
+**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

check_process

@@ -8,12 +8,13 @@
 		setup_sub_dir=1
 		setup_root=1
 		setup_nourl=0
-		setup_private=0
+		setup_private=1
 		setup_public=1
 		upgrade=1
 		upgrade=1	from_commit=8ce6cac57048e5df294269989c2432d67bef4c5c
 		backup_restore=1
 		multi_instance=1
+		port_already_use=0
 		change_url=1
 ;;; Options
 Email=

conf/app.src

@@ -4,3 +4,4 @@ SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
 SOURCE_FILENAME=
+SOURCE_EXTRACT=true

conf/nginx.conf

@@ -6,6 +6,9 @@ location __PATH__/ {
 
   index index.php;
 
+  # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
+  #client_max_body_size 50M;
+
   try_files $uri $uri/ index.php;
   location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
@@ -13,8 +16,8 @@ location __PATH__/ {
 
     fastcgi_index index.php;
     include fastcgi_params;
-    fastcgi_param REMOTE_USER     $remote_user;
+    fastcgi_param REMOTE_USER $remote_user;
-    fastcgi_param PATH_INFO       $fastcgi_path_info;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_param SCRIPT_FILENAME $request_filename;
   }
 

conf/php-fpm.conf

@@ -419,8 +419,8 @@ chdir = __FINALPATH__
 ;php_admin_value[memory_limit] = 32M
 
 ; Common values to change to increase file upload limit
-php_admin_value[upload_max_filesize] = 30M
+php_admin_value[upload_max_filesize] = 50M
-php_admin_value[post_max_size] = 30M
+php_admin_value[post_max_size] = 50M
 ; php_admin_flag[mail.add_x_header] = Off
 
 ; Other common parameters

doc/DESCRIPTION.md

@@ -0,0 +1,5 @@
+Minimalist pastebin where the server has zero knowledge of pasted data
+
+Data is encrypted/decrypted in the browser using 256bit AES in Galois Counter mode.
+
+This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was refactored to allow easier and cleaner extensions and has now much more features than the original. It is however still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data.

doc/DESCRIPTION_fr.md

@@ -0,0 +1,5 @@
+Pastebin minimaliste où le serveur n'a aucune connaissance des données copiées
+
+Les données sont chiffrées et déchiffrées dans le navigateur en utilisant la technologie AES 256bits en mode Galois Counter (GCM).
+
+Ce projet est un fork de ZeroBin, développé à l'origine par Sébastien Sauvage. Il a été ré-écrit pour accepter plus facilement des extensions en rajoutant plus de fonctionnalités. Il reste cependant compatible avec le schéma original de stockage des données Zerobin 0.19. Ainsi toutes les installations peuvent être mises à jour vers ce projet, sans perte de données.

doc/DISCLAIMER.md

@@ -1,11 +1,7 @@
 ## Additional information
 
-Data is encrypted/decrypted in the browser using 256bit AES in Galois Counter mode.
+In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of PrivateBin, it is specified that:
-
-This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was refactored to allow easier and cleaner extensions and has now much more features than the original. It is however still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data.
-
-In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of ParsteBin, it is specified that:
 
 For full compatibility with ZeroBin and to be able to decrypt old pastes, you would enable this option. However this is not recommend for new installations as it weakens the security of your PrivateBin instance.
 
-This means that we have decided to delete the directory that allows us to save the data. You can save the 'data' directory, if you want to keep your data. But you should know that this weakens the security of this application.
+This means that we have decided to delete the directory that allows us to save the data. You can save the 'data' directory, if you want to keep your data. But you should know that this weakens the security of this application.

doc/DISCLAIMER_fr.md

@@ -1,11 +1,7 @@
 ## Informations additionnelles
 
-Les données sont chiffrées et déchiffrées dans le navigateur en utilisant la technologie AES 256bits en mode Galois Counter (GCM).
-
-Ce projet est un fork de ZeroBin, développé à l'origine par Sébastien Sauvage. Il a été ré-écrit pour accepter plus facilement des extensions en rajoutant plus de fonctionnalités. Il reste cependant compatible avec le schéma original de stockage des données Zerobin 0.19. Ainsi toutes les installations peuvent être mises à jour vers ce projet, sans perte de données.
-
 Dans la [documentation de mise à jour](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) de PrivateBin, il est précisé que :
 
 Pour une compatibilité complète avec Zerobin et le déchiffrement de tous les vieux "paste", vous devriez activer cette option. Cependant, ce n'est pas recommandé pour les nouvelles installations car cela affaiblit la sécurité de votre instance PrivateBin.
 
-Ceci signifie que nous avons décidé de supprimer ce répertoire pour permettre la sécurisation des données. Vous pouvez sauvegarder le répertoire 'data', si vous voulez conservez vos données. Mais vous devriez savoir que cela réduit la sécurité de votre application.
+Ceci signifie que nous avons décidé de supprimer ce répertoire pour permettre la sécurisation des données. Vous pouvez sauvegarder le répertoire 'data', si vous voulez conservez vos données. Mais vous devriez savoir que cela réduit la sécurité de votre application.

manifest.json

@@ -6,7 +6,7 @@
         "en": "Minimalist pastebin where the server has zero knowledge of pasted data",
         "fr": "Pastebin minimaliste où le serveur n'a aucune connaissance des données copiées"
     },
-    "version": "1.4.0~ynh1",
+    "version": "1.4.0~ynh2",
     "url": "https://github.com/PrivateBin/PrivateBin",
     "upstream": {
         "license": "Zlib",
@@ -17,8 +17,8 @@
     },
     "license": "Zlib",
     "maintainer": {
-        "name": "julien",
+        "name": "",
-        "email": "julien.malik@paraiso.me"
+        "email": ""
     },
     "requirements": {
         "yunohost": ">= 4.3.0"
@@ -29,7 +29,7 @@
         "php7.3-fpm"
     ],
     "arguments": {
-        "install" : [
+        "install": [
             {
                 "name": "domain",
                 "type": "domain"

scripts/_common.sh

@@ -4,8 +4,6 @@
 # COMMON VARIABLES
 #=================================================
 
-YNH_PHP_VERSION="7.3"
-
 #=================================================
 # PERSONAL HELPERS
 #=================================================
@@ -16,4 +14,4 @@ YNH_PHP_VERSION="7.3"
 
 #=================================================
 # FUTURE OFFICIAL HELPERS
-#=================================================
+#=================================================

scripts/backup

@@ -6,6 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
@@ -13,6 +14,7 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
 
+# Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
 #=================================================

scripts/change_url

@@ -24,14 +24,13 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..."
+ynh_script_progression --message="Loading installation settings..." --weight=1
 
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 
 #=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
 #=================================================
 ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
 
@@ -94,30 +93,12 @@ then
 	ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
 fi
 
-#=================================================
-# UPDATE SSOWAT
-#=================================================
-ynh_script_progression --message="Reconfiguring permissions..."
-
-if [ $is_public -eq 0 ]
-then
-    # If the app is private, viewing images stays publicly accessible.
-    if [ "$new_path" == "/" ]; then
-        # If the path is /, clear it to prevent any error with the regex.
-        new_path=""
-    fi
-    # Modify the domain to be used in a regex
-    domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
-    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$new_path/$"
-    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$new_path/.*$"
-fi
-
 #=================================================
 # GENERIC FINALISATION
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading NGINX web server..."
+ynh_script_progression --message="Reloading NGINX web server..." --weight=1
 
 ynh_systemd_action --service_name=nginx --action=reload
 
@@ -125,4 +106,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Change of URL completed for PrivateBin" --last
+ynh_script_progression --message="Change of URL completed for $app" --last

scripts/install

@@ -13,6 +13,7 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
 
+# Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
 #=================================================
@@ -43,10 +44,17 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 
 #=================================================
 # STANDARD MODIFICATIONS
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=3
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -55,22 +63,11 @@ ynh_script_progression --message="Setting up source files..." --weight=3
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
+mkdir -p $final_path/{data,tmp}
 
-#=================================================
+chmod 750 "$final_path"
-# NGINX CONFIGURATION
+chmod -R o-rwx "$final_path"
-#=================================================
+chown -R $app:www-data "$final_path"
-ynh_script_progression --message="Configuring NGINX web server..." --weight=1
-
-# Create a dedicated NGINX config
-ynh_add_nginx_config
-
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=3
-
-# Create a system user
-ynh_system_user_create --username=$app
 
 #=================================================
 # PHP-FPM CONFIGURATION
@@ -81,38 +78,27 @@ ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
 ynh_add_fpm_config
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Configuring NGINX web server..." --weight=1
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
+
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R root: $final_path
-# Files owned by user specific can just read
-find $final_path -type f | xargs chmod 644
-find $final_path -type d | xargs chmod 755
-
-# Except for data and tmp subdir, where the user must have write permissions
-mkdir -p $final_path/{data,tmp}
-chown -R $app:root $final_path/{data,tmp}
-chmod 700 $final_path/{data,tmp}
-
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring permissions..."  --weight=1
+ynh_script_progression --message="Configuring permissions..." --weight=1
 
-# If app is public, add url to SSOWat conf as skipped_uris
+# Make app public if necessary
-if [ $is_public -eq 1 ]; then
+if [ $is_public -eq 1 ]
-    # unprotected_uris allows SSO credentials to be passed anyway.
+then
-    ynh_permission_update --permission="main" --add="visitors"
+	# Everyone can access the app.
-else
+	# The "main" permission is automatically created before the install script.
-    # If the app is private, viewing paste stays publicly accessible.
+	ynh_permission_update --permission="main" --add="visitors"
-    # Modify the domain to be used in a regex
-    domain_regex=$(echo "$domain" | sed 's@-@.@g')
-    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$"
-    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$"
 fi
 
 #=================================================
@@ -126,4 +112,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Installation of PrivateBin completed" --last
+ynh_script_progression --message="Installation of $app completed" --last

scripts/remove

@@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Removing PrivateBin main directory" --weight=2
+ynh_script_progression --message="Removing app main directory..." --weight=2
 
 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
@@ -32,7 +32,7 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing NGINX web server configuration" --weight=3
+ynh_script_progression --message="Removing NGINX web server configuration..." --weight=3
 
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
@@ -40,7 +40,7 @@ ynh_remove_nginx_config
 #=================================================
 # REMOVE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing PHP-FPM configuration" --weight=1
+ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1
 
 # Remove the dedicated PHP-FPM config
 ynh_remove_fpm_config
@@ -50,7 +50,7 @@ ynh_remove_fpm_config
 #=================================================
 # REMOVE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Removing the dedicated system user" --weight=2
+ynh_script_progression --message="Removing the dedicated system user..." --weight=2
 
 # Delete a system user
 ynh_system_user_delete --username=$app
@@ -59,4 +59,4 @@ ynh_system_user_delete --username=$app
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Removal of PrivateBin completed" --last
+ynh_script_progression --message="Removal of $app completed" --last

scripts/restore

@@ -6,6 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers
 
@@ -19,7 +20,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading settings..."  --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -33,43 +34,44 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..." --weight=2
 
-test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
+test ! -d $final_path \
+	|| ynh_die --message="There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
-#=================================================
-# RESTORE THE NGINX CONFIGURATION
-#=================================================
-
-ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-
-#=================================================
-# RESTORE THE APP MAIN DIR
-#=================================================
-ynh_script_progression --message="Restoring PrivateBin main directory..." --weight=6
-
-ynh_restore_file --origin_path="$final_path"
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
 ynh_script_progression --message="Recreating the dedicated system user..." --weight=4
 
 # Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
+ynh_system_user_create --username=$app --home_dir="$final_path"
 
 #=================================================
-# RESTORE USER RIGHTS
+# RESTORE THE APP MAIN DIR
 #=================================================
+ynh_script_progression --message="Restoring the app main directory..." --weight=6
 
-chown -R $app:root $final_path/{data,tmp}
+ynh_restore_file --origin_path="$final_path"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
+ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=1
 
 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
+#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
+
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -84,4 +86,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Restoration completed for PrivateBin" --last
+ynh_script_progression --message="Restoration completed for $app" --last

scripts/upgrade

@@ -18,38 +18,42 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
 # CHECK VERSION
 #=================================================
+ynh_script_progression --message="Checking version..."
 
 upgrade_type=$(ynh_check_app_version_changed)
 
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=3
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# Restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# STANDARD UPGRADE STEPS
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=3
 
-# Fix is_public as a boolean value
+# Cleaning legacy permissions
-if [ "$is_public" = "Yes" ]; then
+if ynh_legacy_permissions_exists; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
+	ynh_legacy_permissions_delete_all
-	is_public=1
+
-elif [ "$is_public" = "No" ]; then
+	ynh_app_setting_delete --app=$app --key=is_public
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-elif [ -z "$is_public" ]
-then
-	if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml"
-	then
-		ynh_app_setting_set --app=$app --key=is_public --value=1
-		is_public=1
-	else
-		ynh_app_setting_set --app=$app --key=is_public --value=0
-		is_public=0
-	fi
 fi
 
 # If final_path doesn't exist, create it
@@ -59,21 +63,13 @@ if [ -z "$final_path" ]; then
 fi
 
 #=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+# CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Backing up PrivateBin before upgrading (may take a while)..." --weight=3
+ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2
 
-# Backup the current version of the app
+# Create a dedicated user (if not existing)
-ynh_backup_before_upgrade
+ynh_system_user_create --username=$app --home_dir="$final_path"
-ynh_clean_setup () {
-	# restore it if the upgrade fails
-	ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
 
-#=================================================
-# STANDARD UPGRADE STEPS
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -86,21 +82,9 @@ then
 	ynh_setup_source --dest_dir="$final_path"
 fi
 
-#=================================================
+chmod 750 "$final_path"
-# NGINX CONFIGURATION
+chmod -R o-rwx "$final_path"
-#=================================================
+chown -R $app:www-data "$final_path"
-ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
-
-# Create a dedicated NGINX config
-ynh_add_nginx_config
-
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
 
 #=================================================
 # PHP-FPM CONFIGURATION
@@ -110,23 +94,16 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3
 # Create a dedicated PHP-FPM config
 ynh_add_fpm_config
 
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
+
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R root: $final_path
-# Files owned by user specific can just read
-find $final_path -type f | xargs chmod 644
-find $final_path -type d | xargs chmod 755
-
-# except for data and tmp subdir, where the user must have write permissions
-mkdir -p $final_path/{data,tmp}
-chown -R $app:root $final_path/{data,tmp}
-chmod 700 $final_path/{data,tmp}
-
 #=================================================
 # RELOAD NGINX
 #=================================================
@@ -138,4 +115,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Upgrade of PrivateBin completed" --last
+ynh_script_progression --message="Upgrade of $app completed" --last