From c7b5b3dbeedef58b5fca45c52b0a69b35ecb0507 Mon Sep 17 00:00:00 2001 From: selfhoster1312 Date: Tue, 10 Jan 2023 13:09:57 +0100 Subject: [PATCH] Handle edgecases gracefully Yunohost templating doesn't like @__NAME____proxy because `reverseproxy__2__proxy` will evaluate __2__ to $2 or @__NAME__@proxy because ynh_replace_vars uses @ as sed delimiter and ynh_replace_vars really hates multiline blocks... Using actual newlines in string produces a sed unclosed delimiter error, while using \n gets them double escaped to some weird output that crashed nginx. --- conf/nginx.conf | 10 ++++------ scripts/_common.sh | 32 ++++++++++++++++++++++++++++++-- scripts/change_url | 10 ++++++++++ scripts/install | 9 +++++++-- scripts/upgrade | 8 +++++++- 5 files changed, 58 insertions(+), 11 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index b68bbbd..e993460 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,4 @@ -location @__NAME____proxy { +location @__NAME__--proxy { proxy_pass __PROXY_PATH__; proxy_redirect off; proxy_set_header Host $host; @@ -18,11 +18,9 @@ location @__NAME____proxy { } # Support relative URLs -location = __PATH_URL__ { - return 302 __PATH_URL__/; -} +__REDIRECT_BLOCK__ -location __PATH_URL__/ { +location __PATH_URL_SLASH__ { alias __ASSETS_PATH__; - try_files $uri @__NAME____proxy; + try_files $uri @__NAME__--proxy; } diff --git a/scripts/_common.sh b/scripts/_common.sh index 373b908..59ddc05 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,8 +3,6 @@ # - plaintext http is only allowed to localhost (to avoid leaking credentials on the network) # - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid) rp_validate_proxy_path() { - proxy_path="$1" - if [[ ! $proxy_path =~ '^unix:/' ]]; then url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' [[ ! $proxy_path =~ $url_regex ]] && ynh_die \ @@ -24,3 +22,33 @@ rp_validate_proxy_path() { fi fi } + +# Verify that the requested assets path is valid +# - is a local folder +# - ends with a / +rp_validate_assets_path() { + if [[ "$assets_path" = "" ]]; then + assets_path="/dev/null" + else + if [ ! -d "$assets_path" ]; then + ynh_die "Requested assets path "$assets_path" does not exist" 1 + fi + + if [[ ! "$assets_path" =~ /$ ]]; then + # Append missing trailing / + assets_path=""${assets_path}"/" + fi + fi +} + +# When the app is not in the webroot (path_url = /), need to add a redirect block +# to app/ so relative URLs work +rp_handle_webroot() { + if [[ "$path_url" = "/" ]]; then + path_url_slash="/" + redirect_block="# Not needed for webroot" + else + path_url_slash=""$path_url"/" + redirect_block="location = "$path_url" { return 302 "$path_url_slash"; }" + fi +} diff --git a/scripts/change_url b/scripts/change_url index 12acc82..6be7a27 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -39,6 +39,16 @@ path_url="$new_path" domain="$old_domain" proxy_path="$(ynh_app_setting_get --app=$app --key=proxy_path)" assets_path="$(ynh_app_setting_get --app=$app --key=assets_path)" + +# Validate reverse proxy destination +rp_validate_proxy_path + +# Validate assets_path +rp_validate_assets_path + +# Special case for "/" path_url +rp_handle_webroot + ynh_add_nginx_config # Move file to new domain if domain has changed diff --git a/scripts/install b/scripts/install index 6071afd..da62af9 100644 --- a/scripts/install +++ b/scripts/install @@ -26,7 +26,6 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH proxy_path=$YNH_APP_ARG_PROXY_PATH assets_path=$YNH_APP_ARG_ASSETS_PATH -[[ "$assets_path" = "" ]] && assets_path="/dev/null" is_public=$YNH_APP_ARG_IS_PUBLIC #================================================= @@ -37,7 +36,13 @@ is_public=$YNH_APP_ARG_IS_PUBLIC ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url # Validate reverse proxy destination -rp_validate_proxy_path "$proxy_path" +rp_validate_proxy_path + +# Validate assets_path +rp_validate_assets_path + +# Special case for "/" path_url +rp_handle_webroot # Save extra settings ynh_app_setting_set --app=$app --key=proxy_path --value=$proxy_path diff --git a/scripts/upgrade b/scripts/upgrade index bd2d585..2c21e32 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -39,7 +39,13 @@ ynh_abort_if_errors #================================================= # Validate proxy destination -rp_validate_proxy_path "$proxy_path" +rp_validate_proxy_path + +# Validate assets_path +rp_validate_assets_path + +# Special case for "/" path_url +rp_handle_webroot # Configure nginx ynh_script_progression --message="Configuring NGINX web server..." --weight=1