YunoHost-Apps/redirect_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/redirect_ynh.git synced 2024-09-03 20:16:10 +02:00
Code Issues Activity Actions

write validate_redirect_uri in _common.sh

Browse source
This commit is contained in:
Félix Piédallu 2023-12-12 17:07:15 +01:00 committed by Alexandre Aubin
parent b7a72ef229
commit 2a7d414d11
3 changed files with 36 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
scripts/_common.sh Normal file
View file

@ -0,0 +1,32 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
#=================================================
# PERSONAL HELPERS
#=================================================
URL_REGEX_VALID='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
URL_REGEX_SECURE='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
_validate_redirect_uri() {
if [[ ! $target =~ $URL_REGEX_VALID ]]; then
ynh_die "Invalid destination: $target" 1
fi
# Avoid uncrypted remote destination with reverse proxy mode
# Indeed the SSO send the password in all requests in HTTP headers
if [[ "$redirect_type" = "proxy" ]] && [[ ! $target =~ $URL_REGEX_SECURE ]]; then
ynh_die "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $target" 1
fi
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

9
scripts/install
View file

@ -6,20 +6,17 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
# Avoid uncrypted remote destination with reverse proxy mode
# Indeed the SSO send the password in all requests in HTTP headers
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
[[ "$redirect_type" = "reverseproxy" ]] && [[ ! "$target" =~ $url_regex ]] && ynh_die \
"For secure reason, you can't use an unencrypted http remote destination coupled with ssowat for your reverse proxy: $target" 1
_validate_redirect_uri
#=================================================
# CONFIGURE NGINX
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
mv ../conf/{nginx-$redirect_type.conf,nginx.conf}
mv ../conf/{"nginx-$redirect_type.conf",nginx.conf}
ynh_add_nginx_config
#=================================================

1
scripts/upgrade
View file

@ -1,5 +1,6 @@
#!/bin/bash
source _common.sh
source /usr/share/yunohost/helpers
#=================================================