From b70fb36c8cb9c3f1352ac5f10a158dc0d75a4c9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Tue, 9 Aug 2022 22:53:41 +0200
Subject: [PATCH] Cleaning

---
 check_process        |  1 -
 conf/.env.template   | 12 ++++++------
 conf/systemd.service |  4 +---
 scripts/backup       |  7 +++++++
 scripts/install      | 17 ++++++++++++++++-
 scripts/remove       | 21 +++++++++++----------
 scripts/restore      | 19 ++++++++++++++++---
 scripts/upgrade      | 32 ++++++++------------------------
 8 files changed, 65 insertions(+), 48 deletions(-)

diff --git a/check_process b/check_process
index 6cd9557..9e1bf62 100644
--- a/check_process
+++ b/check_process
@@ -13,7 +13,6 @@
 		upgrade=1
 		backup_restore=1
 		multi_instance=1
-		port_already_use=0
 		change_url=0
 ;;; Options
 Email=
diff --git a/conf/.env.template b/conf/.env.template
index e71a919..bc0edca 100644
--- a/conf/.env.template
+++ b/conf/.env.template
@@ -15,14 +15,14 @@ SECRET_KEY=__SECRETKEY__
 # ---------------------------------------------------------------
 
 # your default timezone See https://timezonedb.com/time-zones for a list of timezones
-TIMEZONE=America/Denver
+TIMEZONE=__TIMEZONE__
 
 # add only a database password if you want to run with the default postgres, otherwise change settings accordingly
 DB_ENGINE=django.db.backends.postgresql
 # DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl
 POSTGRES_HOST=127.0.0.1
 POSTGRES_PORT=5432
-POSTGRES_USER=__DB_NAME__
+POSTGRES_USER=__DB_USER__
 # ---------------------------- REQUIRED -------------------------
 POSTGRES_PASSWORD=__DB_PWD__
 # ---------------------------------------------------------------
@@ -46,7 +46,7 @@ SHOPPING_MIN_AUTOSYNC_INTERVAL=5
 
 # If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/)
 # Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/'
-#SCRIPT_NAME=__PATH__
+#SCRIPT_NAME=__PATH__/
 
 # If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN /
 # this is not required if you are just using a subfolder
@@ -56,7 +56,7 @@ SHOPPING_MIN_AUTOSYNC_INTERVAL=5
 # If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN /
 # this is not required if you are just using a subfolder
 # This can either be a relative path from the applications base path or the url of an external host
-#sub_path_only MEDIA_URL=__FINAL_PATH__/media/
+sub_path_only MEDIA_URL=__DATADIR__/
 
 # Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
 # provided that include an additional nxginx container to handle media file serving.
@@ -81,8 +81,8 @@ GUNICORN_MEDIA=0
 
 # Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host
 # Required for email confirmation and password reset (automatically activates if host is set)
-# EMAIL_HOST=
-# EMAIL_PORT=
+# EMAIL_HOST='localhost'
+# EMAIL_PORT=25
 # EMAIL_HOST_USER=
 # EMAIL_HOST_PASSWORD=
 # EMAIL_USE_TLS=0
diff --git a/conf/systemd.service b/conf/systemd.service
index fd3ab1d..a9372ed 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -4,11 +4,9 @@ After=network.target
 
 [Service]
 Type=simple
-Restart=always
-RestartSec=3
 User=__APP__
 Group=__APP__
-WorkingDirectory=__FINALPATH__
+WorkingDirectory=__FINALPATH__/
 EnvironmentFile=__FINALPATH__/.env
 ExecStart=__FINALPATH__/venv/bin/gunicorn --bind 127.0.0.1:__PORT__ recipes.wsgi:application
 Restart=on-failure
diff --git a/scripts/backup b/scripts/backup
index 7932e68..bfdef77 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -31,6 +31,7 @@ app=$YNH_APP_INSTANCE_NAME
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # DECLARE DATA AND CONF FILES TO BACKUP
@@ -43,6 +44,12 @@ ynh_print_info --message="Declaring files to be backed up..."
 
 ynh_backup --src_path="$final_path"
 
+#=================================================
+# BACKUP THE DATA DIR
+#=================================================
+
+ynh_backup --src_path="$datadir" --is_big
+
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================
diff --git a/scripts/install b/scripts/install
index 1ff2c2f..b82eeb7 100755
--- a/scripts/install
+++ b/scripts/install
@@ -31,6 +31,7 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
 app=$YNH_APP_INSTANCE_NAME
 
 secretkey=$(ynh_string_random --length=12)
+timezone="$(cat /etc/timezone)"
 
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
@@ -70,7 +71,7 @@ ynh_app_setting_set --app=$app --key=port --value=$port
 #=================================================
 ynh_script_progression --message="Installing dependencies..." --weight=3
 
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
 # Install Nodejs
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
@@ -122,6 +123,20 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# CREATE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Creating a data directory..." --weight=1
+
+datadir=/home/yunohost.app/$app
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+
+mkdir -p $datadir
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:www-data "$datadir"
+
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 645f26c..ff4afaa 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -68,6 +68,17 @@ ynh_script_progression --message="Removing app main directory..." --weight=1
 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
 
+#=================================================
+# REMOVE DATA DIR
+#=================================================
+
+# Remove the data directory if --purge option is used
+if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
+then
+	ynh_script_progression --message="Removing app data directory..." --weight=1
+	ynh_secure_remove --file="$datadir"
+fi
+
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
@@ -84,16 +95,6 @@ ynh_script_progression --message="Removing dependencies..." --weight=1
 # Remove metapackage and its dependencies
 ynh_remove_app_dependencies
 
-#=================================================
-# CLOSE A PORT
-#=================================================
-
-if yunohost firewall list | grep -q "\- $port$"
-then
-	ynh_script_progression --message="Closing port $port..." --weight=1
-	ynh_exec_warn_less yunohost firewall disallow TCP $port
-fi
-
 #=================================================
 # SPECIFIC REMOVE
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 5f2ef60..4613e48 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -33,9 +33,10 @@ port=$(ynh_app_setting_get --app=$app --key=port)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 secretkey=$(ynh_app_setting_get --app=$app --key=secretkey)
-db_user=$db_name
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@@ -72,6 +73,19 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 
+#=================================================
+# RESTORE THE DATA DIRECTORY
+#=================================================
+ynh_script_progression --message="Restoring the data directory..." --weight=1
+
+ynh_restore_file --origin_path="$datadir" --not_mandatory
+
+mkdir -p $datadir
+
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:www-data "$datadir"
+
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
@@ -80,7 +94,7 @@ chown -R $app:www-data "$final_path"
 ynh_script_progression --message="Reinstalling dependencies..." --weight=1
 
 # Define and install dependencies
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
@@ -94,7 +108,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
 
-db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 ynh_psql_test_if_first_run
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
diff --git a/scripts/upgrade b/scripts/upgrade
index 358012f..4a9e948 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -23,6 +23,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 secretkey=$(ynh_app_setting_get --app=$app --key=secretkey)
+timezone="$(cat /etc/timezone)"
 
 #=================================================
 # CHECK VERSION
@@ -69,19 +70,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --weight=1
 
-	#=================================================
-	# INSTALL DEPENDENCIES
-	#=================================================
-	ynh_script_progression --message="Installing dependencies..." --weight=3
-
-	ynh_install_app_dependencies $pkg_dependencies
-
-	# Install Nodejs
-	ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
-
-	# Install Yarn
-	ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
-
 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$final_path" --keep="$final_path/venv"
 
@@ -90,22 +78,18 @@ then
 	chown -R $app:www-data "$final_path"
 fi
 
-# FIXME: this should be managed by the core in the future
-# Here, as a packager, you may have to tweak the ownerhsip/permissions
-# such that the appropriate users (e.g. maybe www-data) can access
-# files in some cases.
-# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
-# this will be treated as a security issue.
-chmod 750 "$final_path"
-chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
-
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Upgrading dependencies..." --weight=1
 
-ynh_install_app_dependencies $pkg_dependencies
+ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
+
+# Install Nodejs
+ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
+
+# Install Yarn
+ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
 
 #=================================================
 # NGINX CONFIGURATION