Cleaning up (#110)

* Cleaning up
2024-10-01 13:35:06 +02:00 · 2021-06-24 14:04:11 +02:00 · 2021-06-24 14:04:11 +02:00 · 113e385900
commit 113e385900
parent 89b1b2cc81
11 changed files with 159 additions and 80 deletions
--- a/README.md
+++ b/README.md
@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in

 A self hostable read-it-later app

-**Shipped version:** 2.4.2~ynh1
+**Shipped version:** 2.4.2~ynh2

 **Demo:** https://demo.yunohost.org/wallabag/

--- a/README_fr.md
+++ b/README_fr.md
@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour

 Une application de lecture-plus-tard auto-hébergeable

-**Version incluse :** 2.4.2~ynh1
+**Version incluse :** 2.4.2~ynh2

 **Démo :** https://demo.yunohost.org/wallabag/

--- a/2
+++ b/2
@ -15,8 +15,6 @@
 		backup_restore=1
 		multi_instance=1
 		change_url=1
-;;; Levels
-	Level 5=auto
 ;;; Options
 Email=
 Notification=none
--- a/conf/parameters.yml.dist
+++ b/conf/parameters.yml.dist
@ -0,0 +1,74 @@
+# This file is a "template" of what your parameters.yml file should look like
+parameters:
+    # Uncomment these settings or manually update your parameters.yml
+    # to use docker-compose
+    #
+    # database_driver: %env.database_driver%
+    # database_host: %env.database_host%
+    # database_port: %env.database_port%
+    # database_name: %env.database_name%
+    # database_user: %env.database_user%
+    # database_password: %env.database_password%
+
+    database_driver: pdo_mysql
+    database_host: 127.0.0.1
+    database_port: ~
+    database_name: __DB_NAME__
+    database_user: __DB_NAME__
+    database_password: __DB_PWD__
+    # For SQLite, database_path should be "%kernel.project_dir%/data/db/wallabag.sqlite"
+    database_path: null
+    database_table_prefix: null
+    database_socket: null
+    # with PostgreSQL and SQLite, you must set "utf8"
+    database_charset: utf8mb4
+
+    domain_name: https://__DOMAIN____PATH__
+    server_name: "Your wallabag instance"
+
+    mailer_transport:  smtp
+    mailer_user:       ~
+    mailer_password:   ~
+    mailer_host:       127.0.0.1
+    mailer_port:       false
+    mailer_encryption: ~
+    mailer_auth_mode:  ~
+
+    locale: en
+
+    # A secret key that's used to generate certain security-related tokens
+    secret: __DESKEY__
+
+    # two factor stuff
+    twofactor_auth: true
+    twofactor_sender: no-reply@wallabag.org
+
+    # fosuser stuff
+    fosuser_registration: false
+    fosuser_confirmation: true
+
+    # how long the access token should live in seconds for the API
+    fos_oauth_server_access_token_lifetime: 3600
+    # how long the refresh token should life in seconds for the API
+    fos_oauth_server_refresh_token_lifetime: 1209600
+
+    from_email: no-reply@wallabag.org
+
+    rss_limit: 50
+
+    # RabbitMQ processing
+    rabbitmq_host: localhost
+    rabbitmq_port: 5672
+    rabbitmq_user: guest
+    rabbitmq_password: guest
+    rabbitmq_prefetch_count: 10
+
+    # Redis processing
+    redis_scheme: tcp
+    redis_host: localhost
+    redis_port: 6379
+    redis_path: null
+    redis_password: null
+
+    # sentry logging
+    sentry_dsn: ~
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "A self hostable read-it-later app",
        "fr": "Une application de lecture-plus-tard auto-hébergeable"
    },
-    "version": "2.4.2~ynh1",
+    "version": "2.4.2~ynh2",
    "url": "https://www.wallabag.org",
    "upstream": {
        "license": "MIT",
@ -35,7 +35,7 @@
            {
                "name": "domain",
                "type": "domain",
-                "example": "domain.org"
+                "example": "example.com"
            },
            {
                "name": "path",
@ -46,7 +46,7 @@
            {
                "name": "admin",
                "type": "user",
-                "example": "homer"
+                "example": "johndoe"
            }
        ]
    }
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -7,7 +7,7 @@
 YNH_PHP_VERSION="7.3"

 # dependencies used by the app
-extra_php_dependencies="php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-tidy php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-php-gettext php${YNH_PHP_VERSION}-redis"
+extra_php_dependencies="php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-tidy php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gettext php${YNH_PHP_VERSION}-redis"

 #=================================================
 # PERSONAL HELPERS
--- a/scripts/backup
+++ b/scripts/backup
@ -67,4 +67,5 @@ ynh_backup "/etc/fail2ban/filter.d/$app.conf"
 #=================================================
 # END OF SCRIPT
 #=================================================
+
 ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
--- a/scripts/install
+++ b/scripts/install
@ -98,20 +98,11 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 ynh_script_progression --message="Configuring wallabag..." --weight=35

-# Copy and set Wallabag dist configuration
-wb_conf=$final_path/app/config/parameters.yml
-cp $final_path/app/config/parameters.yml.dist $wb_conf
-
-ynh_replace_string --match_string="fosuser_registration: true" --replace_string="fosuser_registration: false" --target_file=$wb_conf
-ynh_replace_string --match_string="database_name: wallabag" --replace_string="database_name:  $db_name" --target_file=$wb_conf
-ynh_replace_string --match_string="database_user: root" --replace_string="database_user: $db_user" --target_file=$wb_conf
-ynh_replace_string --match_string="database_password: ~" --replace_string="database_password: $db_pwd" --target_file=$wb_conf
-ynh_replace_string --match_string="database_table_prefix: wallabag_" --replace_string="database_table_prefix: null" --target_file=$wb_conf
 # Generate random DES key & password
 deskey=$(ynh_string_random --length=24)
 ynh_app_setting_set --app=$app --key=deskey --value=$deskey
-ynh_replace_string --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" --target_file=$wb_conf
-ynh_replace_string --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path_url" --target_file=$wb_conf
+
+ynh_add_config --template="../conf/parameters.yml.dist" --destination="$final_path/app/config/parameters.yml"

 # Alias for php-cli execution command
 php_exec="ynh_exec_as $app php "$final_path/bin/console" --no-interaction --env=prod"
@ -134,12 +125,18 @@ done
 $php_exec fos:user:promote --super "$admin"

 #=================================================
-# CONFIGURE FAIL2BAN
+# CONFIGURE LOG
 #=================================================
+
 # Create the log file is not already existing during install
 mkdir -p "$final_path/var/logs/"
 touch "$final_path/var/logs/prod.log"
 chown $app: "$final_path/var/logs/prod.log"
+
+#=================================================
+# CONFIGURE FAIL2BAN
+#=================================================
+
 # Add fail2ban config
 ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5

@ -149,7 +146,15 @@ ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='a
 # SECURE FILES AND DIRECTORIES
 #=================================================

-set_permissions
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
+# Restrict rights to Wallabag user only
+chmod 600 $final_path/app/config/parameters.yml
+if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+	chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+fi

 #=================================================
 # SETUP HOOKS
@ -158,13 +163,6 @@ set_permissions
 ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_create"
 ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_delete"

-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=1
-
-ynh_permission_update --permission="main" --add="visitors"
-
 #=================================================
 # RELOAD NGINX
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -58,6 +58,7 @@ ynh_remove_fpm_config
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================
+
 ynh_remove_fail2ban_config

 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -29,6 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)

 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@ -48,6 +49,14 @@ test ! -d $final_path \

 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"

+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
@ -55,26 +64,24 @@ ynh_script_progression --message="Restoring the app main directory..."

 ynh_restore_file --origin_path="$final_path"

-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================

-wb_conf=$final_path/app/config/parameters.yml
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path

-set_permissions
+# Restrict rights to Wallabag user only
+chmod 600 $final_path/app/config/parameters.yml
+if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+    chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+fi

 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=5
+ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=1

 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"

--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -31,6 +31,20 @@ deskey=$(ynh_app_setting_get --app=$app --key=deskey)

 upgrade_type=$(ynh_check_app_version_changed)

+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=5
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+	# restore it if the upgrade fails
+	ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
@ -54,6 +68,14 @@ if [ -z "$path_url" ]; then
 	ynh_app_setting_set --app=$app --key=path --value=$path_url
 fi

+# Create the log file is not already existing
+if [ ! -f "$final_path/var/logs/prod.log" ]
+then
+  mkdir -p "$final_path/var/logs/"
+  touch "$final_path/var/logs/prod.log"
+  chown $app: "$final_path/var/logs/prod.log"
+fi
+
 if ynh_legacy_permissions_exists
 then
 	ynh_legacy_permissions_delete_all
@ -62,18 +84,12 @@ then
 fi

 #=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+# CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
+ynh_script_progression --message="Making sure dedicated system user exists..."

-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
-	# restore it if the upgrade fails
-	ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"

 #=================================================
 # STANDARD UPGRADE STEPS
@ -101,31 +117,18 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
 # Create a dedicated nginx config
 ynh_add_nginx_config

-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Upgrading php-fpm configuration..."
+ynh_script_progression --message="Upgrading PHP-FPM configuration..."

 # Create a dedicated php-fpm config
 ynh_add_fpm_config --package="$extra_php_dependencies"

-# Set-up fail2ban
-# Create the log file is not already existing
-if [ ! -f "$final_path/var/logs/prod.log" ]
-then
-  mkdir -p "$final_path/var/logs/"
-  touch "$final_path/var/logs/prod.log"
-  chown $app: "$final_path/var/logs/prod.log"
-fi
-# Add fail2ban config
+#=================================================
+# CONFIGURE FAIL2BAN
+#=================================================
+
 ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5 # same as install config

 #=================================================
@ -134,22 +137,11 @@ ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='a
 # CONFIGURE WALLABAG
 #=================================================

-wb_conf=$final_path/app/config/parameters.yml
-
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Reconfiguring wallabag..." --weight=11

-	# Copy and set Wallabag dist configuration
-	cp $final_path/app/config/parameters.yml.dist $wb_conf
-
-	ynh_replace_string --match_string="fosuser_registration: true" --replace_string="fosuser_registration: false" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_name: wallabag" --replace_string="database_name:  $db_name" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_user: root" --replace_string="database_user: $db_user" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_password: ~" --replace_string="database_password: $db_pwd" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_table_prefix: wallabag_" --replace_string="database_table_prefix: null" --target_file=$wb_conf
-	ynh_replace_string --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" --target_file=$wb_conf
-	ynh_replace_string --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path_url" --target_file=$wb_conf
+	ynh_add_config --template="../conf/parameters.yml.dist" --destination="$final_path/app/config/parameters.yml"

 	#=================================================
 	# UPGRADE WALLABAG
@ -181,7 +173,15 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================

-set_permissions
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
+# Restrict rights to Wallabag user only
+chmod 600 $final_path/app/config/parameters.yml
+if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+    chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+fi

 #=================================================
 # SETUP HOOKS