mirror of
https://github.com/YunoHost-Apps/redirect_ynh.git
synced 2024-09-03 20:16:10 +02:00
114 lines
3.4 KiB
Bash
114 lines
3.4 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC STARTING
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# SPECIFIC GETTERS FOR TOML SHORT KEY
|
|
#=================================================
|
|
|
|
get__client_max_body_size() {
|
|
grep -o -P "(?<=client_max_body_size )\d+[kmgt](?=;)" /etc/nginx/conf.d/$domain.d/$app.conf
|
|
}
|
|
|
|
get__frame_allowed() {
|
|
if grep -E -q "Content-Security-Policy: +frame-ancestors +'none' *;" /etc/nginx/conf.d/$domain.d/$app.conf
|
|
then
|
|
echo 0
|
|
else
|
|
echo 1
|
|
fi
|
|
}
|
|
|
|
get__frame_ancestors() {
|
|
if grep -E -q "Content-Security-Policy: +frame-ancestors +'none' *;" /etc/nginx/conf.d/$domain.d/$app.conf
|
|
then
|
|
grep -o -P "(?<=Content-security-Policy: frame-ancestors )[^;]+(?=;)" /etc/nginx/conf.d/$domain.d/$app.conf | sed "s/'none'//g" | xargs | sed -E "s/ /,/g"
|
|
fi
|
|
}
|
|
|
|
|
|
#=================================================
|
|
# SPECIFIC VALIDATORS FOR TOML SHORT KEYS
|
|
#=================================================
|
|
validate__redirect_path() {
|
|
url_regex='(https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]'
|
|
if [[ ! $redirect_path =~ $url_regex ]]
|
|
then
|
|
echo "Invalid destination: $redirect_path"
|
|
fi
|
|
|
|
# Avoid uncrypted remote destination with reverse proxy mode
|
|
# Indeed the SSO send the password in all requests in HTTP headers
|
|
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
|
|
if [[ "$redirect_type" = "proxy" ]] && [[ ! $redirect_path =~ $url_regex ]]
|
|
then
|
|
echo
|
|
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $redirect_path"
|
|
fi
|
|
}
|
|
#=================================================
|
|
# SPECIFIC SETTERS FOR TOML SHORT KEYS
|
|
#=================================================
|
|
set__domain() {
|
|
ynh_secure_remove /etc/nginx/conf.d/${old[domain]}.d/$app.conf
|
|
}
|
|
|
|
set__redirect_type() {
|
|
if [[ $redirect_type != "proxy" ]]
|
|
then
|
|
ynh_permission_update --permission="main" --add="visitors" --protected=1
|
|
ynh_app_setting_set --app=$app --key=is_public --value=1
|
|
else
|
|
ynh_permission_update --permission="main" --protected=0
|
|
fi
|
|
ynh_app_setting_set --app=$app --key=redirect_type --value="$redirect_type"
|
|
}
|
|
|
|
|
|
set__frame_allowed() {
|
|
if [[ $frame_allowed == "0" ]]
|
|
then
|
|
frame_ancestors="'none'"
|
|
fi
|
|
}
|
|
|
|
set__frame_ancestors() {
|
|
if [[ $frame_allowed == "0" ]]
|
|
then
|
|
frame_ancestors="'none'"
|
|
fi
|
|
frame_ancestors="${frame_ancestors//,/ }"
|
|
ynh_app_setting_set --app=$app --key=frame_ancestors --value="$frame_ancestors"
|
|
}
|
|
|
|
#=================================================
|
|
# OVERWRITING APPLY STEP
|
|
#=================================================
|
|
ynh_app_config_apply() {
|
|
|
|
ynh_print_info --message="Override NGINX configuration"
|
|
|
|
|
|
_ynh_app_config_apply
|
|
|
|
cp ../conf/nginx-$redirect_type.conf ../conf/nginx.conf
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
|
|
}
|
|
|
|
ynh_app_config_run $1
|