1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/redirect_ynh.git synced 2024-09-03 20:16:10 +02:00

is_public was a lie. Only reverse proxy can be private.

This commit is contained in:
Alexandre Aubin 2019-05-15 18:35:57 +02:00
parent 238eeb8f57
commit 650d69514d
4 changed files with 49 additions and 52 deletions

View file

@ -51,19 +51,6 @@
"example": "http://127.0.0.1:8080/app/",
"default": "http://127.0.0.1"
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public redirect?",
"fr": "Est-ce une redirection publique ?"
},
"help": {
"en": "A private redirection will only be effective for logged-in users.",
"fr": "Une redirection privée ne fonctionnera que pour les utilisateurs identifiés."
},
"default": false
},
{
"name": "redirect_type",
"ask": {
@ -71,11 +58,12 @@
"fr": "Type de redirection"
},
"choices": {
"visible_302" : "Visible (302, temporary redirect)",
"visible_301" : "Visible (301, permanent redirect)",
"proxy": "Proxy, invisible (Nginx proxy_pass)"
"public_302" : "Visible redirect (302, temporary). Everybody will be able to access it.",
"public_301" : "Visible redirect (301, permanent). Everybody will be able to access it.",
"public_proxy": "Proxy, invisible (nginx proxy_pass). Everybody will be able to access it.",
"private_proxy": "Proxy, invisible (nginx proxy_pass). Only accessible for allowed users."
},
"default": "visible_302"
"default": "public_302"
}
]
}

View file

@ -35,7 +35,6 @@ app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
redirect_type=$YNH_APP_ARG_REDIRECT_TYPE
redirect_path=$YNH_APP_ARG_REDIRECT_PATH
@ -47,7 +46,6 @@ url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=
[[ ! $redirect_path =~ $url_regex ]] && ynh_die "Invalid destination: $redirect_path" 1
# Save extra settings
ynh_app_setting_set $app is_public "$is_public"
ynh_app_setting_set $app redirect_type "$redirect_type"
ynh_app_setting_set $app redirect_path "$redirect_path"
@ -56,15 +54,15 @@ for FILE in $(ls ../conf/nginx-*.conf)
do
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
done
if [ "$redirect_type" = "visible_302" ];
if [ "$redirect_type" = "public_302" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "visible_301" ];
elif [ "$redirect_type" = "public_301" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "proxy" ];
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
@ -74,17 +72,12 @@ fi
# SETUP SSOWAT
#=================================================
if [ $is_public -eq 0 ]
then # Remove the public access
ynh_app_setting_delete "$app" skipped_uris
fi
# Make app public if necessary
if [ $is_public -eq 1 ]
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set "$app" unprotected_uris "/"
fi
# Reload Nginx and regenerate SSOwat conf
service nginx reload

View file

@ -40,7 +40,6 @@ app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments
domain=$(ynh_app_setting_get "$app" domain)
path_url=$(ynh_app_setting_get "$app" path)
is_public=$(ynh_app_setting_get "$app" is_public)
redirect_type=$(ynh_app_setting_get "$app" redirect_type)
redirect_path=$(ynh_app_setting_get "$app" redirect_path)
@ -59,12 +58,8 @@ cp -a ./conf/nginx.conf "$NGINX_CONF"
# SETUP SSOWAT
#=================================================
if [ "$is_public" -eq 0 ]
then # Remove the public access
ynh_app_setting_delete "$app" skipped_uris
fi
# Make app public if necessary
if [ "$is_public" -eq 1 ]
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set "$app" unprotected_uris "/"

View file

@ -32,7 +32,6 @@ app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments
domain=$(ynh_app_setting_get "$app" domain)
path_url=$(ynh_app_setting_get "$app" path)
is_public=$(ynh_app_setting_get "$app" is_public)
redirect_type=$(ynh_app_setting_get "$app" redirect_type)
redirect_path=$(ynh_app_setting_get "$app" redirect_path)
@ -41,14 +40,6 @@ redirect_path=$(ynh_app_setting_get "$app" redirect_path)
#=================================================
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set $app is_public 1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set $app is_public 0
is_public=0
fi
# Default value for redirect_type if upgrading from https://github.com/scith/redirect_ynh
if [ -z "$redirect_type" ];
then
@ -56,6 +47,40 @@ then
ynh_app_setting_set $app 'redirect_type' $redirect_type
fi
# Migrate away from old stuff with 'is_public' and old redirect type names
is_public=$(ynh_app_setting_get "$app" is_public)
if [ -n "$is_public" ]
then
if [ "$is_public" = "Yes" ]; then
is_public=1
elif [ "$is_public" = "No" ]; then
is_public=0
fi
if [ "$is_public" = "0" ] && [ "$redirect_type" != "proxy" ]; then
echo "WARNING: You previously had a 'supposedly' private 301 or 302 redirection ... but it was found that it was public all along and it is not easy to create such a private redirection. Your 301 or 302 redirection will be re-flagged as public..." >&2
is_public=1
fi
if [ "$redirect_type" == "proxy" ] && [ "$is_public" = "1" ]
then
redirect_type="public_proxy"
elif [ "$redirect_type" == "proxy" ] && [ "$is_public" = "0" ]
then
redirect_type="private_proxy"
elif [ "$redirect_type" == "visible_302" ]
then
redirect_type="public_302"
elif [ "$redirect_type" == "visible_301" ]
then
redirect_type="public_301"
fi
ynh_app_setting_set $app 'redirect_type' $redirect_type
ynh_app_setting_set $app 'is_public'
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
@ -78,15 +103,15 @@ for FILE in $(ls ../conf/nginx-*.conf)
do
ynh_replace_string "YNH_LOCATION" "$path_url" $FILE
done
if [ "$redirect_type" = "visible_302" ];
if [ "$redirect_type" = "public_302" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-302.conf
cp ../conf/nginx-visible-302.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "visible_301" ];
elif [ "$redirect_type" = "public_301" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-visible-301.conf
cp ../conf/nginx-visible-301.conf /etc/nginx/conf.d/$domain.d/$app.conf
elif [ "$redirect_type" = "proxy" ];
elif [ "$redirect_type" = "public_proxy" ] || [ "$redirect_type" = "private_proxy" ];
then
ynh_replace_string "YNH_REDIRECT_PATH" "$redirect_path" ../conf/nginx-proxy.conf
cp ../conf/nginx-proxy.conf /etc/nginx/conf.d/$domain.d/$app.conf
@ -96,15 +121,11 @@ fi
# SETUP SSOWAT
#=================================================
if [ "$is_public" -eq 0 ]
then # Remove the public access
ynh_app_setting_delete "$app" skipped_uris
fi
# Make app public if necessary
if [ "$is_public" -eq 1 ]
if [ "$redirect_type" != "private_proxy" ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set "$app" unprotected_uris -v "/"
ynh_app_setting_set "$app" unprotected_uris "/"
fi
# Reload Nginx and regenerate SSOwat conf