From 0f6c243f80d14c332fa5652a985972c6922c6dae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Sun, 7 Mar 2021 11:42:53 +0100
Subject: [PATCH] Fix some small issues and remove hardcoded version of PHP

---
 conf/homeserver.yaml                  |  2 +-
 conf/nginx.conf                       |  2 +-
 conf/php-fpm.conf                     |  2 +-
 scripts/change_url                    |  2 +-
 scripts/install                       |  4 +--
 scripts/remove                        |  7 ------
 scripts/remove_sso_conf_persistent.py | 36 ++++++++++++++++++++-------
 scripts/restore                       | 31 +++++++++++------------
 scripts/upgrade                       | 12 ++++-----
 9 files changed, 52 insertions(+), 46 deletions(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index 6376607..4dcb30a 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -184,7 +184,7 @@ listeners:
   # will also need to give Synapse a TLS key and certificate: see the TLS section
   # below.)
   #
-  - port: __TURNSERVER_TLS_PORT__
+  - port: __SYNAPSE_TLS_PORT__
     type: http
     tls: true
     resources:
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 3c1e9f5..a08a7b7 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -8,7 +8,7 @@ location __PATH__ {
         location __PATH__/cas_server.php {
             alias /var/www/__APP__/;
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-            fastcgi_pass unix:/run/php7.0-fpm-__NAME__.sock;
+            fastcgi_pass unix:/run/php__PHPVERSION__-fpm-__NAME__.sock;
             include fastcgi_params;
             fastcgi_param REMOTE_USER $remote_user;
             fastcgi_param PATH_INFO $fastcgi_path_info;
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
index 8f737b9..223f72f 100644
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@@ -30,7 +30,7 @@ group = matrix-__USER__
 ;                            specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = /run/php7.0-fpm-__NAMETOCHANGE__.sock
+listen = /run/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
 
 ; Set listen(2) backlog. A value of '-1' means unlimited.
 ; Default Value: 128 (-1 on FreeBSD and OpenBSD)
diff --git a/scripts/change_url b/scripts/change_url
index 52aded6..d1c1bf1 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -120,7 +120,7 @@ ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 
 ynh_script_progression --message="Configuring permissions..." --weight=1
 ynh_permission_url --permission=server_api --clear_urls
-ynh_permission_url --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \
+ynh_permission_url --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \
 
 #=================================================
 # RELOAD SERVICES
diff --git a/scripts/install b/scripts/install
index a1e1f3d..6a16455 100644
--- a/scripts/install
+++ b/scripts/install
@@ -341,10 +341,10 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --weight=1
 
-ynh_permission_url --permission=main --url=/_matrix/cas_server.php/login --auth_header=true
+ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
 ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true
 
-ynh_permission_create --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \
+ynh_permission_create --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \
                       --label="Server access for client apps." --show_tile=false --allowed=visitors \
                       --auth_header=false --protected=true
 
diff --git a/scripts/remove b/scripts/remove
index eb42eb6..7c4e3fc 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -76,13 +76,6 @@ ynh_script_progression --message="Removing dependencies" --weight=15
 # Remove metapackage and its dependencies
 ynh_remove_app_dependencies
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-
-# Remove the skipped url
-python3 ../conf/remove_sso_conf.py $domain $server_name
-
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
diff --git a/scripts/remove_sso_conf_persistent.py b/scripts/remove_sso_conf_persistent.py
index e459ea6..f1d4271 100644
--- a/scripts/remove_sso_conf_persistent.py
+++ b/scripts/remove_sso_conf_persistent.py
@@ -1,21 +1,39 @@
 import json
 import sys
 
-domain = sys.argv[1]
-server_name = sys.argv[2]
-
 with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
     data = json.load(jsonFile)
 
     for domain in ("", sys.argv[1], sys.argv[2]):
         for path in ("/_matrix", "/.well-known/matrix/", "/_matrix/cas_server.php/login"):
-            for l in (data["skipped_urls"],
-                      data["protected_urls"],
-                      data["permissions"]["custom_protected"]["uris"],
-                      data["permissions"]["custom_skipped"]["uris"]):
             url = domain + path
-            while url in l:
-                l.remove(url)
+            try:
+                uri_list = data["skipped_urls"]
+                while url in uri_list:
+                    uri_list.remove(url)     
+            except:
+                pass
+
+            try:
+                uri_list = data["protected_urls"]
+                while url in uri_list:
+                    uri_list.remove(url)     
+            except:
+                pass
+
+            try:
+                uri_list = data["permissions"]["custom_protected"]["uris"]
+                while url in uri_list:
+                    uri_list.remove(url)     
+            except:
+                pass
+
+            try:
+                uri_list = data["permissions"]["custom_skipped"]["uris"]
+                while url in uri_list:
+                    uri_list.remove(url)     
+            except:
+                pass
 
 with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
     jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
diff --git a/scripts/restore b/scripts/restore
index e11084a..cf3a038 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -73,6 +73,16 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=70
 # For any update do it in all files
 ynh_install_app_dependencies $dependances
 
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$synapse_user --home_dir=$data_path
+adduser $synapse_user ssl-cert
+adduser turnserver ssl-cert
+
 #=================================================
 # RESTORE ALL CONFIG AND DATA
 #=================================================
@@ -93,18 +103,6 @@ install_sources
 ynh_script_progression --message="Reload fail2ban..." --weight=6
 ynh_systemd_action --action=restart --service_name=fail2ban
 
-#=================================================
-# SPECIFIC RESTORATION
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$synapse_user --home_dir=$data_path
-adduser $synapse_user ssl-cert
-adduser turnserver ssl-cert
-
 #=================================================
 # RESTORE THE POSTGRESQL DATABASE
 #=================================================
@@ -181,14 +179,12 @@ public_ip6="$(curl ipv6.yunohost.org)" || true
 turn_external_ip=""
 if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
 then
-    turn_external_ip+="
-external-ip=$public_ip4"
+    turn_external_ip+="\nexternal-ip=$public_ip4"
 fi
 
 if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
 then
-    turn_external_ip+="
-external-ip=$public_ip6"
+    turn_external_ip+="\nexternal-ip=$public_ip6"
 fi
 
 ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
@@ -217,6 +213,7 @@ ynh_use_logrotate --logfile /var/log/matrix-$app
 
 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE (3 times)
 # For any update do it in all files
+ynh_script_progression --message="Configuring file permission..."
 chown $synapse_user:root -R $final_path
 chmod 770 $final_path/Coturn_config_rotate.sh
 chmod 700 $final_path/update_synapse_for_appservice.sh
@@ -264,7 +261,7 @@ ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
 #=================================================
 ynh_script_progression --message="Reloading nginx web server..."
 
-systemctl reload php7.0-fpm
+ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 072163b..ea4b614 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -338,14 +338,12 @@ public_ip6="$(curl ipv6.yunohost.org)" || true
 turn_external_ip=""
 if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
 then
-    turn_external_ip+="
-external-ip=$public_ip4"
+    turn_external_ip+="\nexternal-ip=$public_ip4"
 fi
 
 if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
 then
-    turn_external_ip+="
-external-ip=$public_ip6"
+    turn_external_ip+="\nexternal-ip=$public_ip6"
 fi
 
 ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
@@ -403,14 +401,14 @@ ynh_script_progression --message="Configuring permissions..." --weight=1
 ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
 ynh_permission_update --permission=main --label="Synapse server SSO authentication" --show_tile=false --protected=true
 
-if !ynh_permission_exists --permission=server_api; then
-    ynh_permission_create --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \
+if ! ynh_permission_exists --permission=server_api; then
+    ynh_permission_create --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \
                           --label="Server access for client apps." --show_tile=false --allowed=visitors \
                           --auth_header=false --protected=true
     python3 remove_sso_conf_persistent.py $domain $server_name \
         || ynh_print_warn --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
 else
-    ynh_permission_url --permission=server_api --url=/_matrix --additional_urls=$server_name/.well-known/matrix \
+    ynh_permission_url --permission=server_api --url=$domain/_matrix --add_url=$server_name/.well-known/matrix \
                        --auth_header=false
     ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \
                           --protected=true