YunoHost-Apps/snserver_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/snserver_ynh.git synced 2024-09-03 20:26:22 +02:00
Code Issues Activity Actions

Update:

Browse source 
- Add help page
- Update permissions
- Remove old script, settings, files
- Fix nginx conf
This commit is contained in:
Fabian Wilkens 2021-07-11 14:10:21 +02:00
parent 188ce2ba41
commit 1fb254fc2a
No known key found for this signature in database
GPG key ID: 23DFA025BB4E9FAB
9 changed files with 183 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
check_process
View file

@ -7,8 +7,6 @@
; Manifest
domain="domain.tld"
path="/path"
is_public=1
access_domain="/"
; Checks
pkg_linter=1
setup_sub_dir=1
@ -39,5 +37,5 @@ Notification=
;;; Upgrade options
; commit=b0c7e9e6f16d286ec74fa3c1b9cdf8492f4dcb9b
name=3.22.8~ynh2
manifest_arg=domain=DOMAIN&path=PATH&is_public=1
manifest_arg=domain=DOMAIN&path=PATH=1

30
conf/nginx.conf
View file

@ -14,10 +14,18 @@ location __PATH__/ {
location = __PATH__/ {
default_type text/plain;
return 200 "
This is where Standard Notes - Sycning Server is installed.
return 200 "This is where iStandard Notes - Syncing Server is installed.";
}
Add https://__DOMAIN____PATH__/ as Sync Server Domain in the Advanced Options to use this Syncing Server.";
location __PATH__/help/ {
alias __FINAL_PATH_WWW__/help/;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location = __PATH__/extensions {
@ -36,6 +44,18 @@ location __PATH__/extensions/ {
rewrite ^ https://$server_name$request_uri? permanent;
}
more_set_headers "Content-Security-Policy: frame-ancestors 'self' __ACCESS_DOMAIN__";
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';
return 204;
}
if ($request_method = 'GET') {
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';
}
more_set_headers "Content-Security-Policy: frame-ancestors 'self' * ";
}

14
config_panel.toml
View file

@ -1,14 +0,0 @@
version = "1.0"
name = "SNServer configuration panel"
[main]
name = "SNserver configuration"
[main.access_domain]
name = "Access Domain"
[main.access_domain.access_domain]
ask = "Which web app can access the Standart Notes Extensions?"
type = "string"
default = ""
help = "Please enter the domain(s) without the path of a Standart Notes Web App, which should have access to the Standard Notes Extensions.<br>Example: domain.tld<br>Example: https://domain.tld<br>Example: domain.tld notes.domain.tld<br>Example: domain.tld https://notes.domain.tld"

18
manifest.json
View file

@ -40,24 +40,6 @@
"type": "path",
"example": "/example",
"default": "/example"
},
{
"name": "is_public",
"type": "boolean",
"help": {
"en": "The Standard Notes - Syncing Server should be public accessable if you want to connect with a desktop or mobile app."
},
"default": true
},
{
"name": "access_domain",
"type": "string",
"ask": {
"en": "Choose a domain which has access to the extensions. E.g. the Standard-Notes web app."
},
"optional": true,
"example": "example.tld",
"default": ""
}
]
}

3
scripts/change_url
View file

@ -36,9 +36,6 @@ port_syncing_server_js_worker=$(ynh_app_setting_get --app=$app --key=port_syncin
port_auth=$(ynh_app_setting_get --app=$app --key=port_auth)
port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker)
port_api_gateway=$(ynh_app_setting_get --app=$app --key=port_api_gateway)
access_domain=$(ynh_app_setting_get --app=$app --key=access_domain)
access_domain=$(echo $access_domain | sed "s@;@ @g")
mail=$(ynh_app_setting_get --app=$app --key=mail)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP

66
scripts/config
View file

@ -1,66 +0,0 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ./_common.sh
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
app=$YNH_APP_INSTANCE_NAME
access_domain=$(ynh_app_setting_get --app=$app --key=access_domain)
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
#=================================================
show_config() {
if [ ! -z $access_domain ]
then
ynh_return "YNH_CONFIG_MAIN_ACCESS_DOMAIN_ACCESS_DOMAIN=$(echo $access_domain | sed "s@;@ @g")"
else
ynh_return "YNH_CONFIG_MAIN_ACCESS_DOMAIN_ACCESS_DOMAIN=$domain"
fi
}
#=================================================
# MODIFY THE CONFIGURATION
#=================================================
apply_config() {
access_domain=${YNH_CONFIG_MAIN_ACCESS_DOMAIN_ACCESS_DOMAIN:-$access_domain}
ynh_app_setting_set --app=$app --key=access_domain --value=$access_domain
access_domain=$(ynh_app_setting_get --app=$app --key=access_domain)
access_domains=$(echo $access_domain | sed "s@;@ @g")
nginx_conf_path=/etc/nginx/conf.d/$domain.d/$app.conf
ynh_delete_file_checksum --file=$nginx_conf_path
ynh_replace_string \
--match_string='more_set_headers "Content-Security-Policy: frame-ancestors '"'self'"'.*";' \
--replace_string='more_set_headers "Content-Security-Policy: frame-ancestors '"'self' $access_domains"'";' \
--target_file=$nginx_conf_path
ynh_store_file_checksum --file=$nginx_conf_path
systemctl reload nginx
}
#=================================================
# GENERIC FINALIZATION
#=================================================
# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT
#=================================================
case $1 in
show) show_config;;
apply) apply_config;;
esac

55
scripts/install
View file

@ -28,15 +28,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
access_domain=$YNH_APP_ARG_ACCESS_DOMAIN
if [ -z "$access_domain" ]
then
access_domain=$domain
fi
access_domain=$(echo $access_domain | sed "s@;@ @g")
mail="$app@$domain"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
@ -60,8 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=3
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=access_domain --value=$access_domain
ynh_app_setting_set --app=$app --key=mail --value=$mail
redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app=$app --key=redis_db --value="$redis_db"
@ -137,6 +127,13 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
# Copy help file
mkdir -p "$final_path_www/help"
if test -e "$YNH_APP_BASEDIR/sources/extra_files/help"; then
cp --archive "$YNH_APP_BASEDIR/sources/extra_files/help/." "$final_path_www/help"
fi
ynh_replace_vars --file="$final_path_www/help/index.html"
# Extensions
mkdir -p "$final_path_extensions"
@ -291,26 +288,6 @@ yunohost service add "$app-auth" --description="Standard Notes - Auth" --log="/v
yunohost service add "$app-auth-worker" --description="Standard Notes - Auth - Worker" --log="/var/log/$app/auth-worker.log"
yunohost service add "$app-api-gateway" --description="Standard Notes - API Gateway" --log="/var/log/$app/api-gateway.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=1
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --use_template
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..." --weight=3
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors" --show_tile="false"
fi
#=================================================
# START SYSTEMD SERVICE
@ -344,6 +321,24 @@ ynh_systemd_action \
--log_path="/var/log/$app/api-gateway.log" \
--line_match='{"message":"Server started on port '$port_api_gateway'","level":"info"}'
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=1
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --use_template
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..." --weight=3
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors" --show_tile="false"
ynh_permission_create --permission="help" --url="/help/" --allowed="all_users" --show_tile="true" --label="Help"
#=================================================
# RELOAD NGINX
#=================================================

70
scripts/upgrade
View file

@ -36,9 +36,6 @@ port_auth=$(ynh_app_setting_get --app=$app --key=port_auth)
port_auth_worker=$(ynh_app_setting_get --app=$app --key=port_auth_worker)
port_api_gateway=$(ynh_app_setting_get --app=$app --key=port_api_gateway)
access_domain=$(ynh_app_setting_get --app=$app --key=access_domain)
access_domain=$(echo $access_domain | sed "s@;@ @g")
mail=$(ynh_app_setting_get --app=$app --key=mail)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
jwt_secret=$(ynh_app_setting_get --app=$app --key=jwt_secret)
@ -131,6 +128,21 @@ if ynh_legacy_permissions_exists; then
ynh_app_setting_delete --app=$app --key=is_public
fi
# Everyone can access the app.
if [[ $(ynh_permission_exists --permission="main") && ! $standalone ]]
then
ynh_permission_update --permission="main" --add="visitors" --show_tile="false"
fi
if ! ynh_permission_exists --permission="main"
then
ynh_permission_create --permission="main" --url="/" --allowed="visitors" --show_tile="false"
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="help"
then
ynh_permission_create --permission="help" --url="/help" --allowed="all_users"
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/opt/yunohost/$app
@ -149,29 +161,12 @@ if [ -z "$final_path_extensions" ]; then
ynh_app_setting_set --app=$app --key=final_path_extensions --value=$final_path_extensions
fi
# If access_domain doesn't exist, create it
if [ -z "$access_domain" ]; then
access_domain=$domain
ynh_app_setting_set --app=$app --key=access_domain --value=$access_domain
fi
# If mail doesn't exist, create it
if [ -z "$mail" ]; then
mail="$app@$domain"
ynh_app_setting_set --app=$app --key=mail --value=$mail
fi
# If redis_db doesn't exist, create it
if [ -z "$redis_db" ]; then
redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app=$app --key=redis_db --value="$redis_db"
fi
# If port exist, delete it
if [ -n $(ynh_app_setting_get --app="$app" --key=port) ]; then
ynh_app_setting_delete --app=$app --key=port
fi
# If port_syncing_server_js doesn't exist, create it
if [ -z "$port_syncing_server_js" ]; then
port_syncing_server_js=$(ynh_find_port --port=3000)
@ -232,11 +227,38 @@ if [ -z "$encryption_server_key" ]; then
ynh_app_setting_set --app=$app --key=encryption_server_key --value=$encryption_server_key
fi
# Remove old Settings, Services, Files, Dependencies
# If access_domain exist, delete it
if [ -n $(ynh_app_setting_get --app="$app" --key=access_domain) ]; then
ynh_app_setting_delete --app=$app --key=access_domain
fi
# If mail exist, delete it
if [ -n $(ynh_app_setting_get --app="$app" --key=mail) ]; then
ynh_app_setting_delete --app=$app --key=mail
fi
# If port exist, delete it
if [ -n $(ynh_app_setting_get --app="$app" --key=port) ]; then
ynh_app_setting_delete --app=$app --key=port
fi
# If old service exsits; remove it
if [ $(cat /etc/yunohost/services.yml | grep "$app:") -eq "$app" ]; then
yunohost service remove "$app"
fi
# Remove old config scripts
ynh_secure_remove --file="/etc/yunohost/apps/$app/config_panel.toml"
ynh_secure_remove --file="/etc/yunohost/apps/$app/scripts/config"
# Remove old dependencies
if [[ ! $standalone ]];
then
ynh_remove_ruby
ynh_remove_app_dependencies
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
@ -315,6 +337,14 @@ then
done
fi
# Copy help file
ynh_secure_remove --file="$final_path_www/help"
mkdir -p "$final_path_www/help"
if test -e "$YNH_APP_BASEDIR/sources/extra_files/help"; then
cp --archive "$YNH_APP_BASEDIR/sources/extra_files/help/." "$final_path_www/help"
fi
ynh_replace_vars --file="$final_path_www/help/index.html"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"

82
sources/extra_files/help/index.html Normal file
View file

@ -0,0 +1,82 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title> Standard Notes - Syncing Server </title>
<style>
body {
padding-top: 15px;
text-align: center;
font-family: sans-serif;
min-width: 985px;
}
p, ol {
margin-right: auto;
margin-left: auto;
font-size: x-large;
}
div {
width: 940px;
margin-right: auto;
margin-left: auto;
text-align: left;
}
a {
cursor: pointer;
color: #086dd6;
box-sizing: border-box;
text-decoration: none;
}
ul {
list-style-type: disc;
}
</style>
</head>
<body>
<h1>Standard Notes - Sycning Server</h1>
<p>Add <strong>https://__DOMAIN____PATH__/</strong> as Sync Server Domain in the Advanced Options to use this Syncing Server.</p>
<div>
<p>
<strong>You should know:</strong>
</p>
<ol>
<li>
Your notes are fully encrypted on your device before they're ever sent to our servers.<br>
This means even we can't read the contents of your notes.
</li>
<li>
Standard Notes is available on all your devices.
<ul>
<li><a href="https://itunes.apple.com/us/app/standard-notes/id1285392450?mt=8" target="_blank" rel="noreferrer">iOS</a></li>
<li><a href="https://play.google.com/store/apps/details?id=com.standardnotes" target="_blank" rel="noreferrer">Android</a></li>
<li><a href="https://app.standardnotes.org" target="_blank" rel="noreferrer">Web App</a></li>
<li><a href="https://standardnotes.org/download/mac" target="_blank" rel="noreferrer">Mac</a></li>
<li><a href="https://standardnotes.org/download/windows" target="_blank" rel="noreferrer">Windows</a></li>
<li><a href="https://standardnotes.org/download/linux" target="_blank" rel="noreferrer">Linux</a>.</li>
</ul>
</li>
</ol>
<p>
<strong>Install instructions for Extensions:</strong>
</p>
<ol>
<li>
Open the Standard Notes web or Desktop app
</li>
<li>
Press <strong>Extensions</strong> in the button left corner
</li>
<li>
Enter <strong>https://__DOMAIN____PATH__/extensions/repo.json</strong> in the textbox.
</li>
<li>
Press the <strong>Submit Code</strong> button.
</li>
<li>
Now you can see Editors, Themes and Components which you can install
</li>
</ol>
</div>
</body>
</html>