From 1fb254fc2abb49ffa37c8bace86a02dcd1f33ace Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sun, 11 Jul 2021 14:10:21 +0200 Subject: [PATCH] Update: - Add help page - Update permissions - Remove old script, settings, files - Fix nginx conf --- check_process | 4 +- conf/nginx.conf | 30 +++++++++-- config_panel.toml | 14 ----- manifest.json | 18 ------- scripts/change_url | 3 -- scripts/config | 66 ----------------------- scripts/install | 55 +++++++++---------- scripts/upgrade | 70 +++++++++++++++++------- sources/extra_files/help/index.html | 82 +++++++++++++++++++++++++++++ 9 files changed, 183 insertions(+), 159 deletions(-) delete mode 100644 config_panel.toml delete mode 100755 scripts/config create mode 100644 sources/extra_files/help/index.html diff --git a/check_process b/check_process index a59d504..0c0de44 100644 --- a/check_process +++ b/check_process @@ -7,8 +7,6 @@ ; Manifest domain="domain.tld" path="/path" - is_public=1 - access_domain="/" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -39,5 +37,5 @@ Notification= ;;; Upgrade options ; commit=b0c7e9e6f16d286ec74fa3c1b9cdf8492f4dcb9b name=3.22.8~ynh2 - manifest_arg=domain=DOMAIN&path=PATH&is_public=1 + manifest_arg=domain=DOMAIN&path=PATH=1 diff --git a/conf/nginx.conf b/conf/nginx.conf index 5cb8776..edc4c3d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -14,10 +14,18 @@ location __PATH__/ { location = __PATH__/ { default_type text/plain; - return 200 " -This is where Standard Notes - Sycning Server is installed. + return 200 "This is where iStandard Notes - Syncing Server is installed."; +} -Add https://__DOMAIN____PATH__/ as Sync Server Domain in the Advanced Options to use this Syncing Server."; +location __PATH__/help/ { + alias __FINAL_PATH_WWW__/help/; + + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } location = __PATH__/extensions { @@ -36,6 +44,18 @@ location __PATH__/extensions/ { rewrite ^ https://$server_name$request_uri? permanent; } - more_set_headers "Content-Security-Policy: frame-ancestors 'self' __ACCESS_DOMAIN__"; + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: $http_origin'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD'; + more_set_headers 'Access-Control-Allow-Credentials: true'; + more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization'; + return 204; + } + if ($request_method = 'GET') { + more_set_headers 'Access-Control-Allow-Origin: $http_origin'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD'; + more_set_headers 'Access-Control-Allow-Credentials: true'; + more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization'; + } + more_set_headers "Content-Security-Policy: frame-ancestors 'self' * "; } - diff --git a/config_panel.toml b/config_panel.toml deleted file mode 100644 index 8c0d0f4..0000000 --- a/config_panel.toml +++ /dev/null @@ -1,14 +0,0 @@ -version = "1.0" -name = "SNServer configuration panel" - -[main] -name = "SNserver configuration" - - [main.access_domain] - name = "Access Domain" - - [main.access_domain.access_domain] - ask = "Which web app can access the Standart Notes Extensions?" - type = "string" - default = "" - help = "Please enter the domain(s) without the path of a Standart Notes Web App, which should have access to the Standard Notes Extensions.
Example: domain.tld
Example: https://domain.tld
Example: domain.tld notes.domain.tld
Example: domain.tld https://notes.domain.tld" diff --git a/manifest.json b/manifest.json index bfc25cf..c5c16ef 100644 --- a/manifest.json +++ b/manifest.json @@ -40,24 +40,6 @@ "type": "path", "example": "/example", "default": "/example" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "The Standard Notes - Syncing Server should be public accessable if you want to connect with a desktop or mobile app." - }, - "default": true - }, - { - "name": "access_domain", - "type": "string", - "ask": { - "en": "Choose a domain which has access to the extensions. E.g. the Standard-Notes web app." - }, - "optional": true, - "example": "example.tld", - "default": "" } ] } diff --git a/scripts/change_url b/scripts/change_url index d331681..c489c9e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -36,9 +36,6 @@ port_syncing_server_js_worker=$(ynh_app_setting_get --app=$app --key=port_syncin port_auth=$(ynh_app_setting_get --app=$app --key=port_auth) port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker) port_api_gateway=$(ynh_app_setting_get --app=$app --key=port_api_gateway) -access_domain=$(ynh_app_setting_get --app=$app --key=access_domain) -access_domain=$(echo $access_domain | sed "s@;@ @g") -mail=$(ynh_app_setting_get --app=$app --key=mail) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP diff --git a/scripts/config b/scripts/config deleted file mode 100755 index 9169fac..0000000 --- a/scripts/config +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source ./_common.sh -source /usr/share/yunohost/helpers - -# Stop script if errors -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -app=$YNH_APP_INSTANCE_NAME -access_domain=$(ynh_app_setting_get --app=$app --key=access_domain) -domain=$(ynh_app_setting_get --app=$app --key=domain) - -#================================================= -# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND -#================================================= - -show_config() { - if [ ! -z $access_domain ] - then - ynh_return "YNH_CONFIG_MAIN_ACCESS_DOMAIN_ACCESS_DOMAIN=$(echo $access_domain | sed "s@;@ @g")" - else - ynh_return "YNH_CONFIG_MAIN_ACCESS_DOMAIN_ACCESS_DOMAIN=$domain" - fi -} - -#================================================= -# MODIFY THE CONFIGURATION -#================================================= - -apply_config() { - access_domain=${YNH_CONFIG_MAIN_ACCESS_DOMAIN_ACCESS_DOMAIN:-$access_domain} - ynh_app_setting_set --app=$app --key=access_domain --value=$access_domain - - access_domain=$(ynh_app_setting_get --app=$app --key=access_domain) - access_domains=$(echo $access_domain | sed "s@;@ @g") - - nginx_conf_path=/etc/nginx/conf.d/$domain.d/$app.conf - ynh_delete_file_checksum --file=$nginx_conf_path - ynh_replace_string \ - --match_string='more_set_headers "Content-Security-Policy: frame-ancestors '"'self'"'.*";' \ - --replace_string='more_set_headers "Content-Security-Policy: frame-ancestors '"'self' $access_domains"'";' \ - --target_file=$nginx_conf_path - ynh_store_file_checksum --file=$nginx_conf_path - - systemctl reload nginx -} - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT -#================================================= -case $1 in - show) show_config;; - apply) apply_config;; -esac diff --git a/scripts/install b/scripts/install index 4ffeea4..d77de6f 100755 --- a/scripts/install +++ b/scripts/install @@ -28,15 +28,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME -access_domain=$YNH_APP_ARG_ACCESS_DOMAIN -if [ -z "$access_domain" ] -then - access_domain=$domain -fi -access_domain=$(echo $access_domain | sed "s@;@ @g") -mail="$app@$domain" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS @@ -60,8 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=3 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=access_domain --value=$access_domain -ynh_app_setting_set --app=$app --key=mail --value=$mail redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set --app=$app --key=redis_db --value="$redis_db" @@ -137,6 +127,13 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" +# Copy help file +mkdir -p "$final_path_www/help" +if test -e "$YNH_APP_BASEDIR/sources/extra_files/help"; then + cp --archive "$YNH_APP_BASEDIR/sources/extra_files/help/." "$final_path_www/help" +fi +ynh_replace_vars --file="$final_path_www/help/index.html" + # Extensions mkdir -p "$final_path_extensions" @@ -291,26 +288,6 @@ yunohost service add "$app-auth" --description="Standard Notes - Auth" --log="/v yunohost service add "$app-auth-worker" --description="Standard Notes - Auth - Worker" --log="/var/log/$app/auth-worker.log" yunohost service add "$app-api-gateway" --description="Standard Notes - API Gateway" --log="/var/log/$app/api-gateway.log" -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring fail2ban..." --weight=1 - -# Create a dedicated fail2ban config -ynh_add_fail2ban_config --use_template - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=3 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" --show_tile="false" -fi #================================================= # START SYSTEMD SERVICE @@ -344,6 +321,24 @@ ynh_systemd_action \ --log_path="/var/log/$app/api-gateway.log" \ --line_match='{"message":"Server started on port '$port_api_gateway'","level":"info"}' +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=1 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --use_template + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring SSOwat..." --weight=3 + +# Everyone can access the app. +# The "main" permission is automatically created before the install script. +ynh_permission_update --permission="main" --add="visitors" --show_tile="false" +ynh_permission_create --permission="help" --url="/help/" --allowed="all_users" --show_tile="true" --label="Help" + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 5ce2dfc..e27c328 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -36,9 +36,6 @@ port_auth=$(ynh_app_setting_get --app=$app --key=port_auth) port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker) port_api_gateway=$(ynh_app_setting_get --app=$app --key=port_api_gateway) -access_domain=$(ynh_app_setting_get --app=$app --key=access_domain) -access_domain=$(echo $access_domain | sed "s@;@ @g") -mail=$(ynh_app_setting_get --app=$app --key=mail) redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) jwt_secret=$(ynh_app_setting_get --app=$app --key=jwt_secret) @@ -131,6 +128,21 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +# Everyone can access the app. +if [[ $(ynh_permission_exists --permission="main") && ! $standalone ]] +then + ynh_permission_update --permission="main" --add="visitors" --show_tile="false" +fi +if ! ynh_permission_exists --permission="main" +then + ynh_permission_create --permission="main" --url="/" --allowed="visitors" --show_tile="false" +fi +# Create a permission if needed +if ! ynh_permission_exists --permission="help" +then + ynh_permission_create --permission="help" --url="/help" --allowed="all_users" +fi + # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/opt/yunohost/$app @@ -149,29 +161,12 @@ if [ -z "$final_path_extensions" ]; then ynh_app_setting_set --app=$app --key=final_path_extensions --value=$final_path_extensions fi -# If access_domain doesn't exist, create it -if [ -z "$access_domain" ]; then - access_domain=$domain - ynh_app_setting_set --app=$app --key=access_domain --value=$access_domain -fi - -# If mail doesn't exist, create it -if [ -z "$mail" ]; then - mail="$app@$domain" - ynh_app_setting_set --app=$app --key=mail --value=$mail -fi - # If redis_db doesn't exist, create it if [ -z "$redis_db" ]; then redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set --app=$app --key=redis_db --value="$redis_db" fi -# If port exist, delete it -if [ -n $(ynh_app_setting_get --app="$app" --key=port) ]; then - ynh_app_setting_delete --app=$app --key=port -fi - # If port_syncing_server_js doesn't exist, create it if [ -z "$port_syncing_server_js" ]; then port_syncing_server_js=$(ynh_find_port --port=3000) @@ -232,11 +227,38 @@ if [ -z "$encryption_server_key" ]; then ynh_app_setting_set --app=$app --key=encryption_server_key --value=$encryption_server_key fi +# Remove old Settings, Services, Files, Dependencies +# If access_domain exist, delete it +if [ -n $(ynh_app_setting_get --app="$app" --key=access_domain) ]; then + ynh_app_setting_delete --app=$app --key=access_domain +fi + +# If mail exist, delete it +if [ -n $(ynh_app_setting_get --app="$app" --key=mail) ]; then + ynh_app_setting_delete --app=$app --key=mail +fi + +# If port exist, delete it +if [ -n $(ynh_app_setting_get --app="$app" --key=port) ]; then + ynh_app_setting_delete --app=$app --key=port +fi + +# If old service exsits; remove it +if [ $(cat /etc/yunohost/services.yml | grep "$app:") -eq "$app" ]; then + yunohost service remove "$app" +fi + +# Remove old config scripts +ynh_secure_remove --file="/etc/yunohost/apps/$app/config_panel.toml" +ynh_secure_remove --file="/etc/yunohost/apps/$app/scripts/config" + +# Remove old dependencies if [[ ! $standalone ]]; then ynh_remove_ruby ynh_remove_app_dependencies fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -315,6 +337,14 @@ then done fi +# Copy help file +ynh_secure_remove --file="$final_path_www/help" +mkdir -p "$final_path_www/help" +if test -e "$YNH_APP_BASEDIR/sources/extra_files/help"; then + cp --archive "$YNH_APP_BASEDIR/sources/extra_files/help/." "$final_path_www/help" +fi +ynh_replace_vars --file="$final_path_www/help/index.html" + chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" diff --git a/sources/extra_files/help/index.html b/sources/extra_files/help/index.html new file mode 100644 index 0000000..90f03f8 --- /dev/null +++ b/sources/extra_files/help/index.html @@ -0,0 +1,82 @@ + + + + + Standard Notes - Syncing Server + + + +

Standard Notes - Sycning Server

+

Add https://__DOMAIN____PATH__/ as Sync Server Domain in the Advanced Options to use this Syncing Server.

+
+

+ You should know: +

+
    +
  1. + Your notes are fully encrypted on your device before they're ever sent to our servers.
    + This means even we can't read the contents of your notes. +
    2. +
  2. + Standard Notes is available on all your devices. + +
    3. +
+

+ Install instructions for Extensions: +

+
    +
  1. + Open the Standard Notes web or Desktop app +
    2. +
  2. + Press Extensions in the button left corner +
    3. +
  3. + Enter https://__DOMAIN____PATH__/extensions/repo.json in the textbox. +
    4. +
  4. + Press the Submit Code button. +
    5. +
  5. + Now you can see Editors, Themes and Components which you can install +
    6. +
+
+ + +