diff --git a/README_id.md b/README_id.md index c688f1f..bcfc66e 100644 --- a/README_id.md +++ b/README_id.md @@ -34,7 +34,7 @@ Upgrade from the YunoHost [Wallabag v1](https://github.com/YunoHost-Apps/wallaba - Website aplikasi resmi: - Dokumentasi admin resmi: -- Depot kode aplikasi hulu: +- Repositori kode aplikasi hulu: - Gudang YunoHost: - Laporkan bug: diff --git a/conf/extra_php-fpm.conf b/conf/extra_php-fpm.conf deleted file mode 100644 index 89caf08..0000000 --- a/conf/extra_php-fpm.conf +++ /dev/null @@ -1,5 +0,0 @@ -; Additional php.ini defines, specific to this pool of workers. - -php_admin_value[upload_max_filesize] = 50M -php_admin_value[post_max_size] = 50M -php_admin_value[max_execution_time] = 300 diff --git a/conf/nginx.conf b/conf/nginx.conf index 962767d..cb303de 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -9,7 +9,7 @@ location __PATH__/ { fastcgi_read_timeout 60m; client_max_body_size 50M; - try_files $uri @__NAME__; + try_files $uri @__APP__; location ~ ^__PATH__/app\.php(/|$) { include fastcgi_params; @@ -17,7 +17,7 @@ location __PATH__/ { fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param REMOTE_USER $remote_user; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock; fastcgi_intercept_errors on; } @@ -31,6 +31,6 @@ location __PATH__/ { include conf.d/yunohost_panel.conf.inc; } -location @__NAME__ { +location @__APP__ { rewrite ^ __PATH__/app.php/$is_args$args; } diff --git a/manifest.toml b/manifest.toml index 3521977..47cbf19 100644 --- a/manifest.toml +++ b/manifest.toml @@ -21,7 +21,8 @@ cpe = "cpe:2.3:a:wallabag:wallabag" fund = "https://liberapay.com/wallabag" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.29" +helpers_version = "2.1" architectures = "all" multi_instance = true ldap = true @@ -56,6 +57,7 @@ ram.runtime = "50M" [resources.system_user] [resources.install_dir] + group = "www-data:r-x" [resources.permissions] main.url = "/" diff --git a/scripts/_common.sh b/scripts/_common.sh index 9934791..2a416c6 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,19 +1,11 @@ #!/bin/bash #================================================= -# COMMON VARIABLES +# COMMON VARIABLES AND CUSTOM HELPERS #================================================= # Define a function to execute commands with `php_exec` php_exec() { - (cd "$install_dir" && ynh_exec_as "$app" \ - php${phpversion} "$install_dir/bin/console" --no-interaction --env=prod "$@") + (cd "$install_dir" && ynh_exec_as_app \ + php${php_version} "$install_dir/bin/console" --no-interaction --env=prod "$@") } - -#================================================= -# PERSONAL HELPERS -#================================================= - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= diff --git a/scripts/backup b/scripts/backup index 5fb5b0d..641e844 100644 --- a/scripts/backup +++ b/scripts/backup @@ -8,42 +8,39 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= # Clean cache files before backup (saved some disk space) -ynh_secure_remove --file=$install_dir/var/cache/prod +ynh_safe_rm $install_dir/var/cache/prod -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # BACKUP THE SYSTEM CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/$php_version/fpm/pool.d/$app.conf" -ynh_backup --src_path="/etc/logrotate.d/$app" +ynh_backup "/etc/logrotate.d/$app" -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= -ynh_print_info --message="Backing up the MySQL database..." +ynh_print_info "Backing up the MySQL database..." -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_mysql_dump_db > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 05e3046..885b59a 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -10,35 +10,35 @@ source /usr/share/yunohost/helpers #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 +ynh_script_progression "Updating NGINX web server configuration..." -ynh_change_url_nginx_config +ynh_config_change_url_nginx #================================================= # UPDATE CONFIGURATION #================================================= -ynh_script_progression --message="Updating wallabag configuration..." +ynh_script_progression "Updating wallabag configuration..." # Configure Wallabag instance URL -ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ +ynh_mysql_db_shell \ <<< "UPDATE internal_setting SET value = 'https://$new_domain$new_path' WHERE name = 'wallabag_url'" # Change domain name in parameters.yml -ynh_replace_string --target_file="$install_dir/app/config/parameters.yml" --match_string="domain_name: .*" --replace_string="domain_name: https://$new_domain$new_path" +ynh_replace --file="$install_dir/app/config/parameters.yml" --match="domain_name: .*" --replace="domain_name: https://$new_domain$new_path" # If "Download images locally" option has been enabled in Internal Settings -download_images_enabled=$(ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ +download_images_enabled=$(ynh_mysql_db_shell \ <<< "SELECT value from internal_setting WHERE name='download_images_enabled '" | tail -n 1) if [ "$download_images_enabled" = "1" ]; then - ynh_print_info --message="Updating images URL; this operation may take a while..." + ynh_print_info "Updating images URL; this operation may take a while..." # Query/replace the domain/path in every entry.content in mysql database - ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ + ynh_mysql_db_shell \ <<< "UPDATE entry SET content = REPLACE(content, '$old_domain$old_path', '$new_domain$new_path');" fi # Clear assets cache -ynh_secure_remove --file="$install_dir/var/cache" +ynh_safe_rm "$install_dir/var/cache" mkdir "$install_dir/var/cache" chown "$app:www-data" "$install_dir/var/cache" @@ -46,4 +46,4 @@ chown "$app:www-data" "$install_dir/var/cache" # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index fc4b7cb..552c47c 100644 --- a/scripts/install +++ b/scripts/install @@ -13,23 +13,21 @@ source /usr/share/yunohost/helpers # Generate random DES key & password deskey=$(ynh_string_random --length=24) -ynh_app_setting_set --app="$app" --key="deskey" --value="$deskey" +ynh_app_setting_set --key="deskey" --value="$deskey" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=6 +ynh_script_progression "Setting up source files..." # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -# Create log dir/file FIXME: is it useless? +# Create log dir/file is it useless? mkdir -p "$install_dir/var/logs/" touch "$install_dir/var/logs/prod.log" # Set permissions to app files -chown -R "$app:www-data" "$install_dir" - # Restrict rights to Wallabag user only if [ -e "$install_dir/var/cache/prod/appProdProjectContainer.php" ]; then chmod 700 "$install_dir/var/cache/prod/appProdProjectContainer.php" @@ -38,12 +36,9 @@ fi #================================================= # APP INITIAL CONFIGURATION #================================================= -ynh_script_progression --message="Adding $app's configuration files..." --weight=1 +ynh_script_progression "Adding $app's configuration files..." -ynh_add_config --template="parameters.yml" --destination="$install_dir/app/config/parameters.yml" - -chmod 600 "$install_dir/app/config/parameters.yml" -chown "$app:$app" "$install_dir/app/config/parameters.yml" +ynh_config_add --template="parameters.yml" --destination="$install_dir/app/config/parameters.yml" # Install dependencies and Wallabag php_exec wallabag:install @@ -60,38 +55,34 @@ done php_exec fos:user:promote --super "$admin" # Configure Wallabag instance URL -ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ - <<< "UPDATE internal_setting SET value = 'https://$domain$path' WHERE name = 'wallabag_url'" - -# Set permissions to app files -chown -R "$app:www-data" "$install_dir" +ynh_mysql_db_shell <<< "UPDATE internal_setting SET value = 'https://$domain$path' WHERE name = 'wallabag_url'" #================================================= # SETUP HOOKS #================================================= -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_create" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_delete" +ynh_replace --match="__APP__" --replace="$app" --file="../hooks/post_user_create" +ynh_replace --match="__APP__" --replace="$app" --file="../hooks/post_user_delete" #================================================= # SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 +ynh_script_progression "Adding system configurations related to $app..." # Create a dedicated NGINX config -ynh_add_nginx_config +ynh_config_add_nginx # Create a dedicated PHP-FPM config -ynh_add_fpm_config +ynh_config_add_phpfpm # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile="$install_dir/var/logs/prod.log" +ynh_config_add_logrotate "$install_dir/var/logs/prod.log" # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="$install_dir/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 +ynh_config_add_fail2ban --logpath="$install_dir/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index aabd88a..ec528f5 100644 --- a/scripts/remove +++ b/scripts/remove @@ -10,22 +10,22 @@ source /usr/share/yunohost/helpers #================================================= # REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 +ynh_script_progression "Removing system configurations related to $app..." # Remove the app-specific logrotate config -ynh_remove_logrotate +ynh_config_remove_logrotate # Remove the dedicated NGINX config -ynh_remove_nginx_config +ynh_config_remove_nginx # Remove the dedicated PHP-FPM config -ynh_remove_fpm_config +ynh_config_remove_phpfpm # Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config +ynh_config_remove_fail2ban #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index dd1c787..5e73e7b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -11,13 +11,11 @@ source /usr/share/yunohost/helpers #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." +ynh_script_progression "Restoring the app main directory..." -ynh_restore_file --origin_path="$install_dir" +ynh_restore "$install_dir" # Set permissions to app files -chown -R "$app:www-data" "$install_dir" - # Restrict rights to Wallabag user only if [ -e "$install_dir/var/cache/prod/appProdProjectContainer.php" ]; then chmod 700 "$install_dir/var/cache/prod/appProdProjectContainer.php" @@ -26,36 +24,36 @@ fi #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=1 +ynh_script_progression "Restoring the MySQL database..." -ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql +ynh_mysql_db_shell < ./db.sql #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_script_progression "Restoring system configurations related to $app..." -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_restore "/etc/php/$php_version/fpm/pool.d/$app.conf" -ynh_restore_file --origin_path="/etc/logrotate.d/$app" +ynh_restore "/etc/logrotate.d/$app" -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +ynh_restore "/etc/fail2ban/jail.d/$app.conf" +ynh_restore "/etc/fail2ban/filter.d/$app.conf" +ynh_systemctl --action=restart --service=fail2ban #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 +ynh_script_progression "Reloading NGINX web server and $app's service..." -ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload +ynh_systemctl --service="php$php_version-fpm" --action=reload -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index e040482..b251691 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -10,18 +10,16 @@ source /usr/share/yunohost/helpers #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Upgrading source files..." --weight=6 +ynh_script_progression "Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="app/config/parameters.yml var/logs web/assets/images" +ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="app/config/parameters.yml var/logs web/assets/images" -# Create log dir/file FIXME: is it useless? +# Create log dir/file is it useless? mkdir -p "$install_dir/var/logs/" touch "$install_dir/var/logs/prod.log" # Set permissions to app files -chown -R "$app:www-data" "$install_dir" - # Restrict rights to Wallabag user only if [ -e "$install_dir/var/cache/prod/appProdProjectContainer.php" ]; then chmod 700 "$install_dir/var/cache/prod/appProdProjectContainer.php" @@ -30,41 +28,40 @@ fi #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Reconfiguring $app..." --weight=1 +ynh_script_progression "Reconfiguring $app..." # Upgrade database and clear the cache php_exec doctrine:migrations:migrate php_exec cache:clear # Configure Wallabag instance URL -ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ - <<< "UPDATE internal_setting SET value = 'https://$domain$path' WHERE name = 'wallabag_url'" +ynh_mysql_db_shell <<< "UPDATE internal_setting SET value = 'https://$domain$path' WHERE name = 'wallabag_url'" #================================================= # SETUP HOOKS #================================================= -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_create" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_delete" +ynh_replace --match="__APP__" --replace="$app" --file="../hooks/post_user_create" +ynh_replace --match="__APP__" --replace="$app" --file="../hooks/post_user_delete" #================================================= # REAPPLY SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 +ynh_script_progression "Upgrading system configurations related to $app..." # Create a dedicated NGINX config -ynh_add_nginx_config +ynh_config_add_nginx # Create a dedicated PHP-FPM config -ynh_add_fpm_config +ynh_config_add_phpfpm -ynh_use_logrotate --non-append --logfile="$install_dir/var/logs/prod.log" +ynh_config_add_logrotate "$install_dir/var/logs/prod.log" # Add fail2ban config -ynh_add_fail2ban_config --logpath="$install_dir/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 # same as install config +ynh_config_add_fail2ban --logpath="$install_dir/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' # same as install config #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed" diff --git a/sources/patches/main-00-ldap-auth.patch b/sources/patches/main-00-ldap-auth.patch deleted file mode 100644 index 3a36f5e..0000000 --- a/sources/patches/main-00-ldap-auth.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/app/config/security.yml b/app/config/security.yml -index 02afc9ea..5a3f7a34 100644 ---- a/app/config/security.yml -+++ b/app/config/security.yml -@@ -13,6 +13,14 @@ security: - property: username - fos_userbundle: - id: fos_user.user_provider.username_email -+ yunohost_users: -+ ldap: -+ service: yunohost.ldap -+ base_dn: ou=users,dc=yunohost,dc=org -+ search_dn: -+ search_password: -+ filter: (&(uid={username})(objectClass=posixAccount)) -+ default_roles: ROLE_USER - - # the main part of the security, where you can set up firewalls - # for specific sections of your app -@@ -38,6 +46,9 @@ security: - - secured_area: - pattern: ^/ -+ http_basic_ldap: -+ service: yunohost.ldap -+ dn_string: "uid={username},ou=users,dc=yunohost,dc=org" - form_login: - provider: fos_userbundle - csrf_token_generator: security.csrf.token_manager -diff --git a/app/config/services.yml b/app/config/services.yml -index 7b85d846..f23961c5 100644 ---- a/app/config/services.yml -+++ b/app/config/services.yml -@@ -43,6 +43,10 @@ services: - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - -+ yunohost.ldap: -+ class: Symfony\Component\Ldap\LdapClient -+ arguments: ["localhost"] -+ - craue_config_cache_provider: - class: Symfony\Component\Cache\Adapter\FilesystemAdapter - public: false --- -2.17.1 diff --git a/sources/patches/main-01-logout-success-handler.patch b/sources/patches/main-01-logout-success-handler.patch deleted file mode 100644 index d321d54..0000000 --- a/sources/patches/main-01-logout-success-handler.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff --git a/app/config/security.yml b/app/config/security.yml -index 5a3f7a34..1720e741 100644 ---- a/app/config/security.yml -+++ b/app/config/security.yml -@@ -62,7 +62,7 @@ security: - - logout: - path: /logout -- target: / -+ success_handler: yunohost.logout_success_handler - - access_control: - - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } -diff --git a/app/config/services.yml b/app/config/services.yml -index f23961c5..f266e6d1 100644 ---- a/app/config/services.yml -+++ b/app/config/services.yml -@@ -43,6 +43,10 @@ services: - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - -+ yunohost.logout_success_handler: -+ class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler -+ -+ - yunohost.ldap: - class: Symfony\Component\Ldap\LdapClient - arguments: ["localhost"] -diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php -new file mode 100644 -index 00000000..b3268243 ---- /dev/null -+++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php -@@ -0,0 +1,27 @@ -+encoderFactory->getEncoder($user); - -- if ($encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) { -+ if (true) { - return array( - 'data' => $user, - );