From 8998c15de1fddbd6501c303d96406ca3fd5e5fab Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sun, 4 Apr 2021 23:32:26 +0200 Subject: [PATCH 1/7] Update config.js --- conf/config.js | 631 ++++++++++++++++++++++++++----------------------- 1 file changed, 329 insertions(+), 302 deletions(-) diff --git a/conf/config.js b/conf/config.js index 0f5b1fb..9ca6173 100644 --- a/conf/config.js +++ b/conf/config.js @@ -1,416 +1,443 @@ "use strict"; module.exports = { + // ## Server settings + + // ### `public` // - // Set the server mode. - // Public servers does not require authentication. + // When set to `true`, The Lounge starts in public mode. When set to `false`, + // it starts in private mode. // - // Set to 'false' to enable users. - // - // @type boolean - // @default false + // - A **public server** does not require authentication. Anyone can connect + // to IRC networks in this mode. All IRC connections and channel + // scrollbacks are lost when a user leaves the client. + // - A **private server** requires users to log in. Their IRC connections are + // kept even when they are not using or logged in to the client. All joined + // channels and scrollbacks are available when they come back. // + // This value is set to `false` by default. public: false, + // ### `host` // - // IP address or hostname for the web server to listen on. - // Setting this to undefined will listen on all interfaces. + // IP address or hostname for the web server to listen to. For example, set it + // to `"127.0.0.1"` to accept connections from localhost only. // - // For UNIX domain sockets, use unix:/absolute/path/to/file.sock. - // - // @type string - // @default undefined + // For UNIX domain sockets, use `"unix:/absolute/path/to/file.sock"`. // + // This value is set to `undefined` by default to listen on all interfaces. host: undefined, + // ### `port` // - // Set the port to listen on. - // - // @type int - // @default 9000 + // Set the port to listen to. // + // This value is set to `9000` by default. port: __PORT__, + // ### `bind` // - // Set the local IP to bind to for outgoing connections. Leave to undefined - // to let the operating system pick its preferred one. - // - // @type string - // @default undefined + // Set the local IP to bind to for outgoing connections. // + // This value is set to `undefined` by default to let the operating system + // pick its preferred one. bind: undefined, + // ### `reverseProxy` // - // Sets whether the server is behind a reverse proxy and should honor the - // X-Forwarded-For header or not. - // - // @type boolean - // @default false + // When set to `true`, The Lounge is marked as served behind a reverse proxy + // and will honor the `X-Forwarded-For` header. // + // This value is set to `false` by default. reverseProxy: true, + // ### `maxHistory` // - // Set the default theme. - // Find out how to add new themes at https://thelounge.github.io/docs/plugins/themes.html + // Defines the maximum number of history lines that will be kept in memory per + // channel/query, in order to reduce the memory usage of the server. Setting + // this to `-1` will keep unlimited amount. // - // @type string - // @default "example" - // - // theme: "example", + // This value is set to `10000` by default. + maxHistory: 10000, + // ### `https` // - // Prefetch URLs + // These settings are used to run The Lounge's web server using encrypted TLS. // - // If enabled, The Lounge will try to load thumbnails and site descriptions from - // URLs posted in channels. + // If you want more control over the webserver, + // [use a reverse proxy instead](https://thelounge.chat/docs/guides/reverse-proxies). // - // @type boolean - // @default false + // The available keys for the `https` object are: // - prefetch: true, + // - `enable`: when set to `false`, HTTPS support is disabled + // and all other values are ignored. + // - `key`: Path to the private key file. + // - `certificate`: Path to the certificate. + // - `ca`: Path to the CA bundle. + // + // The value of `enable` is set to `false` to disable HTTPS by default, in + // which case the other two string settings are ignored. + https: { + enable: false, + key: "", + certificate: "", + ca: "", + }, + // ## Client settings + + // ### `theme` // - // Store and proxy prefetched images and thumbnails. - // This improves security and privacy by not exposing client IP address, - // and always loading images from The Lounge instance and making all assets secure, - // which in result fixes mixed content warnings. + // Set the default theme to serve to new users. They will be able to select a + // different one in their client settings among those available. + // + // The Lounge ships with two themes (`default` and `morning`) and can be + // extended by installing more themes. Read more about how to manage them + // [here](https://thelounge.chat/docs/guides/theme-creation). + // + // This value needs to be the package name and not the display name. For + // example, the value for Morning would be `morning`, and the value for + // Solarized would be `thelounge-theme-solarized`. + // + // This value is set to `"default"` by default. + theme: "default", + + // ### `prefetch` + // + // When set to `true`, The Lounge will load thumbnails and site descriptions + // from URLs posted in channels and private messages. + // + // This value is set to `false` by default. + prefetch:true, + + // ### `disableMediaPreview` + // + // When set to `true`, The Lounge will not preview media (images, video and + // audio) hosted on third-party sites. This ensures the client does not + // make any requests to external sites. If `prefetchStorage` is enabled, + // images proxied via the The Lounge will be previewed. + // + // This has no effect if `prefetch` is set to `false`. + // + // This value is set to `false` by default. + disableMediaPreview: false, + + // ### `prefetchStorage` + + // When set to `true`, The Lounge will store and proxy prefetched images and + // thumbnails on the filesystem rather than directly display the content at + // the original URLs. + // + // This option primarily exists to resolve mixed content warnings by not + // loading images from http hosts. This option does not work for video + // or audio as The Lounge will only load these from https hosts. // // If storage is enabled, The Lounge will fetch and store images and thumbnails // in the `${THELOUNGE_HOME}/storage` folder. // - // Images are deleted when they are no longer referenced by any message (controlled by maxHistory), - // and the folder is cleaned up on every The Lounge restart. - // - // @type boolean - // @default false + // Images are deleted when they are no longer referenced by any message + // (controlled by `maxHistory`), and the folder is cleaned up when The Lounge + // restarts. // + // This value is set to `false` by default. prefetchStorage: true, + // ### `prefetchMaxImageSize` // - // Prefetch URLs Image Preview size limit - // - // If prefetch is enabled, The Lounge will only display content under the maximum size. - // Specified value is in kilobytes. Default value is 2048 kilobytes. - // - // @type int - // @default 2048 + // When `prefetch` is enabled, images will only be displayed if their file + // size does not exceed this limit. // + // This value is set to `2048` kilobytes by default. prefetchMaxImageSize: 2048, + // ### `fileUpload` // - // Lock network + // Allow uploading files to the server hosting The Lounge. // - // If set to true, users will not be able to modify host, port and tls - // settings and will be limited to the configured network. + // Files are stored in the `${THELOUNGE_HOME}/uploads` folder, do not expire, + // and are not removed by The Lounge. This may cause issues depending on your + // hardware, for example in terms of disk usage. // - // @type boolean - // @default false + // The available keys for the `fileUpload` object are: // - lockNetwork: false, + // - `enable`: When set to `true`, files can be uploaded on the client with a + // drag-and-drop or using the upload dialog. + // - `maxFileSize`: When file upload is enabled, users sending files above + // this limit will be prompted with an error message in their browser. A value of + // `-1` disables the file size limit and allows files of any size. **Use at + // your own risk.** This value is set to `10240` kilobytes by default. + // - `baseUrl`: If you want change the URL where uploaded files are accessed, + // you can set this option to `"https://example.com/folder/"` and the final URL + // would look like `"https://example.com/folder/aabbccddeeff1234/name.png"`. + // If you use this option, you must have a reverse proxy configured, + // to correctly proxy the uploads URLs back to The Lounge. + // This value is set to `null` by default. + fileUpload: { + enable: false, + maxFileSize: 10240, + baseUrl: null, + }, + // ### `transports` // - // Hex IP + // Set `socket.io` transports. // - // If enabled, clients' username will be set to their IP encoded has hex. - // This is done to share the real user IP address with the server for host masking purposes. - // - // @type boolean - // @default false - // - useHexIp: false, + // This value is set to `["polling", "websocket"]` by default. + transports: ["polling", "websocket"], + // ### `leaveMessage` // - // WEBIRC support + // Set users' default `quit` and `part` messages if they are not providing + // one. // - // If enabled, The Lounge will pass the connecting user's host and IP to the - // IRC server. Note that this requires to obtain a password from the IRC network - // The Lounge will be connecting to and generally involves a lot of trust from the - // network you are connecting to. - // - // Format (standard): {"irc.example.net": "hunter1", "irc.example.org": "passw0rd"} - // Format (function): - // {"irc.example.net": function(client, args, trusted) { - // // here, we return a webirc object fed directly to `irc-framework` - // return {username: "thelounge", password: "hunter1", address: args.ip, hostname: "webirc/"+args.hostname}; - // }} - // - // @type string | function(client, args):object(webirc) - // @default null - webirc: null, + // This value is set to `"The Lounge - https://thelounge.chat"` by + // default. + leaveMessage: "The Lounge - https://thelounge.chat", - // - // Message logging - // Logging is also controlled per user individually (logs variable) - // Leave the array empty to disable all logging globally - // - // text: Text file per network/channel in user folder - // sqlite: Messages are stored in SQLite, this allows them to be reloaded on server restart - // - // @type array - // @default ["sqlite", "text"] - // - messageStorage: ["sqlite"], + // ## Default network + // ### `defaults` // - // Maximum number of history lines per channel + // Specifies default network information that will be used as placeholder + // values in the *Connect* window. // - // Defines the maximum number of history lines that will be kept in - // memory per channel/query, in order to reduce the memory usage of - // the server. Setting this to -1 will keep unlimited amount. + // The available keys for the `defaults` object are: // - // @type integer - // @default 10000 - maxHistory: 10000, - + // - `name`: Name to display in the channel list of The Lounge. This value is + // not forwarded to the IRC network. + // - `host`: IP address or hostname of the IRC server. + // - `port`: Usually 6667 for unencrypted connections and 6697 for + // connections encrypted with TLS. + // - `password`: Connection password. If the server supports SASL capability, + // then this password will be used in SASL authentication. + // - `tls`: Enable TLS connections + // - `rejectUnauthorized`: Whether the server certificate should be verified + // against the list of supplied Certificate Authorities (CAs) by your + // Node.js installation. + // - `nick`: Nick name. Percent signs (`%`) will be replaced by random + // numbers from 0 to 9. For example, `Guest%%%` may become `Guest123`. + // - `username`: User name. + // - `realname`: Real name. + // - `join`: Comma-separated list of channels to auto-join once connected. // - // Default values for the 'Connect' form. - // - // @type object - // @default {} + // This value is set to connect to the official channel of The Lounge on + // Freenode by default: // + // ```js + // defaults: { + // name: "Freenode", + // host: "chat.freenode.net", + // port: 6697, + // password: "", + // tls: true, + // rejectUnauthorized: true, + // nick: "thelounge%%", + // username: "thelounge", + // realname: "The Lounge User", + // join: "#thelounge" + // } + // ``` defaults: { - // - // Name - // - // @type string - // @default "Freenode" - // name: "Freenode", - - // - // Host - // - // @type string - // @default "chat.freenode.net" - // host: "chat.freenode.net", - - // - // Port - // - // @type int - // @default 6697 - // port: 6697, - - // - // Password - // - // @type string - // @default "" - // password: "", - - // - // Enable TLS/SSL - // - // @type boolean - // @default true - // tls: true, - - // - // Enable certificate verification - // - // If true, the server certificate is verified against - // the list of supplied CAs by your node.js installation. - // - // @type boolean - // @default true - // rejectUnauthorized: true, - - // - // Nick - // - // Percent sign (%) will be replaced into a random number from 0 to 9. - // For example, Guest%%% will become Guest123 on page load. - // - // @type string - // @default "thelounge%%" - // nick: "ynhuser|%%%%%", - - // - // Username - // - // @type string - // @default "thelounge" - // - username: "thelounge", - - // - // Real Name - // - // @type string - // @default "The Lounge User" - // - realname: "The Lounge User", - - // - // Channels - // This is a comma-separated list. - // - // @type string - // @default "#thelounge" - // + username: "ynhuser|%%%%%", + realname: "yunohost User", join: "#yunohost", }, + // ### `lockNetwork` // - // Set socket.io transports + // When set to `true`, users will not be able to modify host, port and TLS + // settings and will be limited to the configured network. + // These fields will also be hidden from the UI. // - // @type array - // @default ["polling", "websocket"] - // - transports: ["polling", "websocket"], + // This value is set to `false` by default. + lockNetwork: false, - // - // Run The Lounge using encrypted HTTP/2. - // This will fallback to regular HTTPS if HTTP/2 is not supported. - // - // @type object - // @default {} - // - https: { - // - // Enable HTTP/2 / HTTPS support. - // - // @type boolean - // @default false - // - enable: false, + // ## User management - // - // Path to the key. - // - // @type string - // @example "sslcert/key.pem" - // @default "" - // - key: "", + // ### `messageStorage` - // - // Path to the certificate. - // - // @type string - // @example "sslcert/key-cert.pem" - // @default "" - // - certificate: "", + // The Lounge can log user messages, for example to access them later or to + // reload messages on server restart. - // - // Path to the CA bundle. - // - // @type string - // @example "sslcert/bundle.pem" - // @default "" - // - ca: "", - }, + // Set this array with one or multiple values to enable logging: + // - `text`: Messages per network and channel will be stored as text files. + // **Messages will not be reloaded on restart.** + // - `sqlite`: Messages are stored in SQLite database files, one per user. + // + // Logging can be disabled globally by setting this value to an empty array + // `[]`. Logging is also controlled per user individually in the `log` key of + // their JSON configuration file. + // + // This value is set to `["sqlite", "text"]` by default. + messageStorage: ["sqlite"], + // ### `useHexIp` // - // Default quit and part message if none is provided. + // When set to `true`, users' IP addresses will be encoded as hex. // - // @type string - // @default "The Lounge - https://thelounge.chat" + // This is done to share the real user IP address with the server for host + // masking purposes. This is encoded in the `username` field and only supports + // IPv4. // - leaveMessage: "The Lounge - https://thelounge.chat", + // This value is set to `false` by default. + useHexIp: false, + // ## WEBIRC support // - // Run The Lounge with identd support. + // When enabled, The Lounge will pass the connecting user's host and IP to the + // IRC server. Note that this requires to obtain a password from the IRC + // network that The Lounge will be connecting to and generally involves a lot + // of trust from the network you are connecting to. // - // @type object - // @default {} + // There are 2 ways to configure the `webirc` setting: // + // - **Basic**: an object where keys are IRC hosts and values are passwords. + // For example: + // + // ```json + // webirc: { + // "irc.example.net": "thisiswebircpassword1", + // "irc.example.org": "thisiswebircpassword2", + // }, + // ``` + // + // - **Advanced**: an object where keys are IRC hosts and values are functions + // that take two arguments (`webircObj`, `network`) and return an + // object to be directly passed to `irc-framework`. `webircObj` contains the + // generated object which you can modify. For example: + // + // ```js + // webirc: { + // "irc.example.com": (webircObj, network) => { + // webircObj.password = "thisiswebircpassword"; + // webircObj.hostname = `webirc/${webircObj.hostname}`; + // return webircObj; + // }, + // }, + // ``` + // + // This value is set to `null` to disable WEBIRC by default. + webirc: null, + + // ## identd and oidentd support + + // ### `identd` + // + // Run The Lounge with `identd` support. + // + // The available keys for the `identd` object are: + // + // - `enable`: When `true`, the identd daemon runs on server start. + // - `port`: Port to listen for ident requests. + // + // The value of `enable` is set to `false` to disable `identd` support by + // default, in which case the value of `port` is ignored. The default value of + // `port` is 113. identd: { - // - // Run the identd daemon on server start. - // - // @type boolean - // @default false - // enable: false, - - // - // Port to listen for ident requests. - // - // @type int - // @default 113 - // port: 113, }, + // ### `oidentd` // - // Enable oidentd support using the specified file - // - // Example: oidentd: "~/.oidentd.conf", - // - // @type string - // @default null + // When this setting is a string, this enables `oidentd` support using the + // configuration file located at the given path. // + // This is set to `null` by default to disable `oidentd` support. oidentd: null, + // ## LDAP support + + // These settings enable and configure LDAP authentication. // - // LDAP authentication settings (only available if public=false) - // @type object - // @default {} + // They are only being used in private mode. To know more about private mode, + // see the `public` setting above. + // // The authentication process works as follows: // - // 1. Lounge connects to the LDAP server with its system credentials - // 2. It performs a LDAP search query to find the full DN associated to the - // user requesting to log in. - // 3. Lounge tries to connect a second time, but this time using the user's - // DN and password. Auth is validated iff this connection is successful. + // 1. The Lounge connects to the LDAP server with its system credentials. + // 2. It performs an LDAP search query to find the full DN associated to the + // user requesting to log in. + // 3. The Lounge tries to connect a second time, but this time using the + // user's DN and password. Authentication is validated if and only if this + // connection is successful. // // The search query takes a couple of parameters in `searchDN`: - // - a base DN `searchDN/base`. Only children nodes of this DN will be likely - // to be returned; - // - a search scope `searchDN/scope` (see LDAP documentation); - // - the query itself, build as (&(=) ) - // where is the user name provided in the log in request, - // is provided by the config and is a filtering complement - // also given in the config, to filter for instance only for nodes of type - // inetOrgPerson, or whatever LDAP search allows. // - // Alternatively, you can specify the `bindDN` parameter. This will make the lounge - // ignore searchDN options and assume that the user DN is always: - // ,= - // where is the user name provided in the log in request, and - // and are provided by the config. + // - a base DN `searchDN/base`. Only children nodes of this DN will be likely + // be returned; + // - a search scope `searchDN/scope` (see LDAP documentation); + // - the query itself, built as `(&(=) )` + // where `` is the user name provided in the log in request, + // `` is provided by the config and `` is a filtering + // complement also given in the config, to filter for instance only for + // nodes of type `inetOrgPerson`, or whatever LDAP search allows. // + // Alternatively, you can specify the `bindDN` parameter. This will make The + // Lounge ignore `searchDN` options and assume that the user DN is always + // `,=`, where `` is the user name + // provided in the log in request, and `` and `` are + // provided by the configuration. + // + // The available keys for the `ldap` object are: ldap: { - // - // Enable LDAP user authentication - // - // @type boolean - // @default false - // + // - `enable`: when set to `false`, LDAP support is disabled and all other + // values are ignored. enable: true, - // - // LDAP server URL - // - // @type string - // + // - `url`: A url of the form `ldaps://:`. + // For plain connections, use the `ldap` scheme. url: "ldap://127.0.0.1", + // - `tlsOptions`: LDAP connection TLS options (only used if scheme is + // `ldaps://`). It is an object whose values are Node.js' `tls.connect()` + // options. It is set to `{}` by default. + // For example, this option can be used in order to force the use of IPv6: + // ```js + // { + // host: 'my::ip::v6', + // servername: 'example.com' + // } + // ``` + tlsOptions: {}, - // - // LDAP base dn, alternative to searchDN - // - // @type string - // + // - `primaryKey`: LDAP primary key. It is set to `"uid"` by default. + primaryKey: "uid", + + // - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it + // to `"ou=accounts,dc=example,dc=com"`. + // When unset, the LDAP auth logic with use `searchDN` instead to locate users. baseDN: "ou=users,dc=yunohost,dc=org", + }, - // - // LDAP primary key - // - // @type string - // @default "uid" - // - primaryKey: "uid" + // ## Debugging settings - } + // The `debug` object contains several settings to enable debugging in The + // Lounge. Use them to learn more about an issue you are noticing but be aware + // this may produce more logging or may affect connection performance so it is + // not recommended to use them by default. + // + // All values in the `debug` object are set to `false`. + debug: { + // ### `debug.ircFramework` + // + // When set to true, this enables extra debugging output provided by + // [`irc-framework`](https://github.com/kiwiirc/irc-framework), the + // underlying IRC library for Node.js used by The Lounge. + ircFramework: false, + + // ### `debug.raw` + // + // When set to `true`, this enables logging of raw IRC messages into each + // server window, displayed on the client. + raw: false, + }, }; From 84cecba18b8d3e17bccca5a0eb18441753d40e86 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 10 May 2021 11:32:49 +0200 Subject: [PATCH 2/7] Fix --- conf/config.js | 102 +++++++++++++++++++++++++++++++++++++++++++ conf/systemd.service | 5 ++- 2 files changed, 106 insertions(+), 1 deletion(-) diff --git a/conf/config.js b/conf/config.js index 9ca6173..c681deb 100644 --- a/conf/config.js +++ b/conf/config.js @@ -83,9 +83,15 @@ module.exports = { certificate: "", ca: "", }, +<<<<<<< Updated upstream // ## Client settings +======= + + // ## Client settings + +>>>>>>> Stashed changes // ### `theme` // // Set the default theme to serve to new users. They will be able to select a @@ -108,7 +114,11 @@ module.exports = { // from URLs posted in channels and private messages. // // This value is set to `false` by default. +<<<<<<< Updated upstream prefetch:true, +======= + prefetch: true, +>>>>>>> Stashed changes // ### `disableMediaPreview` // @@ -121,9 +131,15 @@ module.exports = { // // This value is set to `false` by default. disableMediaPreview: false, +<<<<<<< Updated upstream // ### `prefetchStorage` +======= + + // ### `prefetchStorage` + +>>>>>>> Stashed changes // When set to `true`, The Lounge will store and proxy prefetched images and // thumbnails on the filesystem rather than directly display the content at // the original URLs. @@ -245,8 +261,13 @@ module.exports = { tls: true, rejectUnauthorized: true, nick: "ynhuser|%%%%%", +<<<<<<< Updated upstream username: "ynhuser|%%%%%", realname: "yunohost User", +======= + username: "thelounge", + realname: "The Lounge User", +>>>>>>> Stashed changes join: "#yunohost", }, @@ -276,7 +297,11 @@ module.exports = { // their JSON configuration file. // // This value is set to `["sqlite", "text"]` by default. +<<<<<<< Updated upstream messageStorage: ["sqlite"], +======= + messageStorage: ["sqlite", "text"], +>>>>>>> Stashed changes // ### `useHexIp` // @@ -288,6 +313,7 @@ module.exports = { // // This value is set to `false` by default. useHexIp: false, +<<<<<<< Updated upstream // ## WEBIRC support // @@ -328,6 +354,48 @@ module.exports = { // ## identd and oidentd support +======= + + // ## WEBIRC support + // + // When enabled, The Lounge will pass the connecting user's host and IP to the + // IRC server. Note that this requires to obtain a password from the IRC + // network that The Lounge will be connecting to and generally involves a lot + // of trust from the network you are connecting to. + // + // There are 2 ways to configure the `webirc` setting: + // + // - **Basic**: an object where keys are IRC hosts and values are passwords. + // For example: + // + // ```json + // webirc: { + // "irc.example.net": "thisiswebircpassword1", + // "irc.example.org": "thisiswebircpassword2", + // }, + // ``` + // + // - **Advanced**: an object where keys are IRC hosts and values are functions + // that take two arguments (`webircObj`, `network`) and return an + // object to be directly passed to `irc-framework`. `webircObj` contains the + // generated object which you can modify. For example: + // + // ```js + // webirc: { + // "irc.example.com": (webircObj, network) => { + // webircObj.password = "thisiswebircpassword"; + // webircObj.hostname = `webirc/${webircObj.hostname}`; + // return webircObj; + // }, + // }, + // ``` + // + // This value is set to `null` to disable WEBIRC by default. + webirc: null, + + // ## identd and oidentd support + +>>>>>>> Stashed changes // ### `identd` // // Run The Lounge with `identd` support. @@ -415,11 +483,45 @@ module.exports = { // - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it // to `"ou=accounts,dc=example,dc=com"`. // When unset, the LDAP auth logic with use `searchDN` instead to locate users. +<<<<<<< Updated upstream baseDN: "ou=users,dc=yunohost,dc=org", }, // ## Debugging settings +======= + + // - `searchDN`: LDAP search DN settings. This defines the procedure by + // which The Lounge first looks for the user DN before authenticating them. + // It is ignored if `baseDN` is specified. It is an object with the + // following keys: + searchDN: { + // - `rootDN`: This bind DN is used to query the server for the DN of + // the user. This is supposed to be a system user that has access in + // read-only to the DNs of the people that are allowed to log in. + // It is set to `"cn=thelounge,ou=system-users,dc=example,dc=com"` by + // default. + rootDN: "ou=users,dc=yunohost,dc=org", + + // - `rootPassword`: Password of The Lounge LDAP system user. + rootPassword: "1234", + + // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"` + // by default. + filter: "(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)", + + // - `base`: LDAP search base (search only within this node). It is set + // to `"dc=example,dc=com"` by default. + base: "dc=yunohost,dc=org", + + // - `scope`: LDAP search scope. It is set to `"sub"` by default. + scope: "sub", + }, + }, + + // ## Debugging settings + +>>>>>>> Stashed changes // The `debug` object contains several settings to enable debugging in The // Lounge. Use them to learn more about an issue you are noticing but be aware // this may produce more logging or may affect connection performance so it is diff --git a/conf/systemd.service b/conf/systemd.service index cc12689..0aed22e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -11,7 +11,10 @@ Environment="PATH=__ENV_PATH__" Environment="THELOUNGE_HOME=/home/yunohost.app/__APP__/" Environment="NODE_ENV=production" ExecStart=/usr/bin/yarn start -Restart=always +Restart=on-failure +RestartSec=5 +StartLimitInterval=60s +StartLimitBurst=3 [Install] WantedBy=default.target From a471b2d2ffdf74502692fda6d0ad7fbd7490f7ed Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 10 May 2021 11:33:18 +0200 Subject: [PATCH 3/7] Fix --- conf/config.js | 76 -------------------------------------------------- 1 file changed, 76 deletions(-) diff --git a/conf/config.js b/conf/config.js index c681deb..5257aab 100644 --- a/conf/config.js +++ b/conf/config.js @@ -83,15 +83,9 @@ module.exports = { certificate: "", ca: "", }, -<<<<<<< Updated upstream // ## Client settings -======= - - // ## Client settings - ->>>>>>> Stashed changes // ### `theme` // // Set the default theme to serve to new users. They will be able to select a @@ -114,11 +108,7 @@ module.exports = { // from URLs posted in channels and private messages. // // This value is set to `false` by default. -<<<<<<< Updated upstream - prefetch:true, -======= prefetch: true, ->>>>>>> Stashed changes // ### `disableMediaPreview` // @@ -131,15 +121,9 @@ module.exports = { // // This value is set to `false` by default. disableMediaPreview: false, -<<<<<<< Updated upstream // ### `prefetchStorage` -======= - - // ### `prefetchStorage` - ->>>>>>> Stashed changes // When set to `true`, The Lounge will store and proxy prefetched images and // thumbnails on the filesystem rather than directly display the content at // the original URLs. @@ -261,13 +245,8 @@ module.exports = { tls: true, rejectUnauthorized: true, nick: "ynhuser|%%%%%", -<<<<<<< Updated upstream - username: "ynhuser|%%%%%", - realname: "yunohost User", -======= username: "thelounge", realname: "The Lounge User", ->>>>>>> Stashed changes join: "#yunohost", }, @@ -297,11 +276,7 @@ module.exports = { // their JSON configuration file. // // This value is set to `["sqlite", "text"]` by default. -<<<<<<< Updated upstream - messageStorage: ["sqlite"], -======= messageStorage: ["sqlite", "text"], ->>>>>>> Stashed changes // ### `useHexIp` // @@ -313,7 +288,6 @@ module.exports = { // // This value is set to `false` by default. useHexIp: false, -<<<<<<< Updated upstream // ## WEBIRC support // @@ -354,48 +328,6 @@ module.exports = { // ## identd and oidentd support -======= - - // ## WEBIRC support - // - // When enabled, The Lounge will pass the connecting user's host and IP to the - // IRC server. Note that this requires to obtain a password from the IRC - // network that The Lounge will be connecting to and generally involves a lot - // of trust from the network you are connecting to. - // - // There are 2 ways to configure the `webirc` setting: - // - // - **Basic**: an object where keys are IRC hosts and values are passwords. - // For example: - // - // ```json - // webirc: { - // "irc.example.net": "thisiswebircpassword1", - // "irc.example.org": "thisiswebircpassword2", - // }, - // ``` - // - // - **Advanced**: an object where keys are IRC hosts and values are functions - // that take two arguments (`webircObj`, `network`) and return an - // object to be directly passed to `irc-framework`. `webircObj` contains the - // generated object which you can modify. For example: - // - // ```js - // webirc: { - // "irc.example.com": (webircObj, network) => { - // webircObj.password = "thisiswebircpassword"; - // webircObj.hostname = `webirc/${webircObj.hostname}`; - // return webircObj; - // }, - // }, - // ``` - // - // This value is set to `null` to disable WEBIRC by default. - webirc: null, - - // ## identd and oidentd support - ->>>>>>> Stashed changes // ### `identd` // // Run The Lounge with `identd` support. @@ -483,13 +415,6 @@ module.exports = { // - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it // to `"ou=accounts,dc=example,dc=com"`. // When unset, the LDAP auth logic with use `searchDN` instead to locate users. -<<<<<<< Updated upstream - baseDN: "ou=users,dc=yunohost,dc=org", - }, - - // ## Debugging settings - -======= // - `searchDN`: LDAP search DN settings. This defines the procedure by // which The Lounge first looks for the user DN before authenticating them. @@ -521,7 +446,6 @@ module.exports = { // ## Debugging settings ->>>>>>> Stashed changes // The `debug` object contains several settings to enable debugging in The // Lounge. Use them to learn more about an issue you are noticing but be aware // this may produce more logging or may affect connection performance so it is From e5392a5e569d033621f6cffe37116f9e3e51ca72 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 10 May 2021 11:40:31 +0200 Subject: [PATCH 4/7] Fix --- README.md | 2 +- README_fr.md | 2 +- conf/config.js | 2 +- scripts/upgrade | 13 +++---------- 4 files changed, 6 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 8e9feac..2a40e09 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ *[Lire ce readme en français.](./README_fr.md)* > *This package allow you to install The Lounge quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +If you don't have YunoHost, please see [here](https://yunohost.org/install) to know how to install and enjoy it.* ## Overview diff --git a/README_fr.md b/README_fr.md index c321a4c..d641873 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,7 +6,7 @@ *[Read this readme in english.](./README.md)* > *Ce package vous permet d'installer The Lounge rapidement et simplement sur un serveur YunoHost. -Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/install) pour savoir comment l’installer et en profiter.* ## Vue d’ensemble The Lounge est un client Web IRC auto-hébergé. diff --git a/conf/config.js b/conf/config.js index 5257aab..e7cb1dd 100644 --- a/conf/config.js +++ b/conf/config.js @@ -429,7 +429,7 @@ module.exports = { rootDN: "ou=users,dc=yunohost,dc=org", // - `rootPassword`: Password of The Lounge LDAP system user. - rootPassword: "1234", + rootPassword: "", // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"` // by default. diff --git a/scripts/upgrade b/scripts/upgrade index 0865c5c..e59155c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -94,8 +94,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." - ynh_secure_remove --file=$final_path - # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" fi @@ -135,13 +133,6 @@ then popd fi -#================================================= -# MODIFY A CONFIG FILE -#================================================= -ynh_script_progression --message="Modifying a config file..." - -ynh_add_config --template="../conf/config.js" --destination="$config_path/config.js" - #================================================= # SETUP SYSTEMD #================================================= @@ -160,7 +151,9 @@ ynh_add_systemd_config ynh_script_progression --message="Securing files and directories..." # Set permissions on app files -chown -R $app: $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data $final_path chown -R $app: $config_path #================================================= From 1ebdb733b791b148865e82969477787ce76c715c Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 10 May 2021 11:48:57 +0200 Subject: [PATCH 5/7] Revert "Fix" This reverts commit e5392a5e569d033621f6cffe37116f9e3e51ca72. --- README.md | 2 +- README_fr.md | 2 +- conf/config.js | 2 +- scripts/upgrade | 13 ++++++++++--- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2a40e09..8e9feac 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ *[Lire ce readme en français.](./README_fr.md)* > *This package allow you to install The Lounge quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/install) to know how to install and enjoy it.* +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* ## Overview diff --git a/README_fr.md b/README_fr.md index d641873..c321a4c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,7 +6,7 @@ *[Read this readme in english.](./README.md)* > *Ce package vous permet d'installer The Lounge rapidement et simplement sur un serveur YunoHost. -Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/install) pour savoir comment l’installer et en profiter.* +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* ## Vue d’ensemble The Lounge est un client Web IRC auto-hébergé. diff --git a/conf/config.js b/conf/config.js index e7cb1dd..5257aab 100644 --- a/conf/config.js +++ b/conf/config.js @@ -429,7 +429,7 @@ module.exports = { rootDN: "ou=users,dc=yunohost,dc=org", // - `rootPassword`: Password of The Lounge LDAP system user. - rootPassword: "", + rootPassword: "1234", // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"` // by default. diff --git a/scripts/upgrade b/scripts/upgrade index e59155c..0865c5c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -94,6 +94,8 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." + ynh_secure_remove --file=$final_path + # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" fi @@ -133,6 +135,13 @@ then popd fi +#================================================= +# MODIFY A CONFIG FILE +#================================================= +ynh_script_progression --message="Modifying a config file..." + +ynh_add_config --template="../conf/config.js" --destination="$config_path/config.js" + #================================================= # SETUP SYSTEMD #================================================= @@ -151,9 +160,7 @@ ynh_add_systemd_config ynh_script_progression --message="Securing files and directories..." # Set permissions on app files -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data $final_path +chown -R $app: $final_path chown -R $app: $config_path #================================================= From 5c911704cbec69e522735fb5e3a57c6feebae6e2 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 10 May 2021 11:59:36 +0200 Subject: [PATCH 6/7] Update config.js --- conf/config.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config.js b/conf/config.js index 5257aab..e7cb1dd 100644 --- a/conf/config.js +++ b/conf/config.js @@ -429,7 +429,7 @@ module.exports = { rootDN: "ou=users,dc=yunohost,dc=org", // - `rootPassword`: Password of The Lounge LDAP system user. - rootPassword: "1234", + rootPassword: "", // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"` // by default. From bf490ab241dd1d914ccc271f487597d62504c2a9 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 10 May 2021 13:13:25 +0200 Subject: [PATCH 7/7] Update config.js --- conf/config.js | 40 +--------------------------------------- 1 file changed, 1 insertion(+), 39 deletions(-) diff --git a/conf/config.js b/conf/config.js index e7cb1dd..ff7ee20 100644 --- a/conf/config.js +++ b/conf/config.js @@ -397,51 +397,13 @@ module.exports = { // For plain connections, use the `ldap` scheme. url: "ldap://127.0.0.1", - // - `tlsOptions`: LDAP connection TLS options (only used if scheme is - // `ldaps://`). It is an object whose values are Node.js' `tls.connect()` - // options. It is set to `{}` by default. - // For example, this option can be used in order to force the use of IPv6: - // ```js - // { - // host: 'my::ip::v6', - // servername: 'example.com' - // } - // ``` - tlsOptions: {}, - // - `primaryKey`: LDAP primary key. It is set to `"uid"` by default. primaryKey: "uid", // - `baseDN`: LDAP base DN, alternative to `searchDN`. For example, set it // to `"ou=accounts,dc=example,dc=com"`. // When unset, the LDAP auth logic with use `searchDN` instead to locate users. - - // - `searchDN`: LDAP search DN settings. This defines the procedure by - // which The Lounge first looks for the user DN before authenticating them. - // It is ignored if `baseDN` is specified. It is an object with the - // following keys: - searchDN: { - // - `rootDN`: This bind DN is used to query the server for the DN of - // the user. This is supposed to be a system user that has access in - // read-only to the DNs of the people that are allowed to log in. - // It is set to `"cn=thelounge,ou=system-users,dc=example,dc=com"` by - // default. - rootDN: "ou=users,dc=yunohost,dc=org", - - // - `rootPassword`: Password of The Lounge LDAP system user. - rootPassword: "", - - // - `ldapFilter`: it is set to `"(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)"` - // by default. - filter: "(objectClass=person)(memberOf=ou=accounts,dc=example,dc=com)", - - // - `base`: LDAP search base (search only within this node). It is set - // to `"dc=example,dc=com"` by default. - base: "dc=yunohost,dc=org", - - // - `scope`: LDAP search scope. It is set to `"sub"` by default. - scope: "sub", - }, + baseDN: "ou=users,dc=yunohost,dc=org", }, // ## Debugging settings