From d589591dd793d881bb7d0fb513fada17d5866c5c Mon Sep 17 00:00:00 2001
From: anmol <github@datamol.org>
Date: Sat, 5 Jan 2019 22:59:57 +0530
Subject: [PATCH] Restrict admin page to specified user

---
 conf/config.php | 3 +--
 scripts/install | 5 +++--
 scripts/restore | 2 +-
 scripts/upgrade | 4 ++++
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/conf/config.php b/conf/config.php
index 024d42c..c363d3a 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -48,7 +48,7 @@ define( 'YOURLS_UNIQUE_URLS', true );
 /** Private means the Admin area will be protected with login/pass as defined below.
  ** Set to false for public usage (eg on a restricted intranet or for test setups)
  ** Read http://yourls.org/privatepublic for more details if you're unsure */
-define( 'YOURLS_PRIVATE', true );
+define( 'YOURLS_PRIVATE', false );
 
 /** A random secret hash used to encrypt cookies. You don't have to remember it, make it long and complicated. Hint: copy from http://yourls.org/cookie **/
 define( 'YOURLS_COOKIEKEY', 'modify this text with something random' );
@@ -57,7 +57,6 @@ define( 'YOURLS_COOKIEKEY', 'modify this text with something random' );
  ** YOURLS will auto encrypt plain text passwords in this file
  ** Read http://yourls.org/userpassword for more information */
 $yourls_user_passwords = array(
-'yourlsuser' => 'yourpassword',
 );
 
 /** Debug mode to output some internal information
diff --git a/scripts/install b/scripts/install
index 2dd9480..ed15e21 100644
--- a/scripts/install
+++ b/scripts/install
@@ -118,8 +118,6 @@ ynh_replace_string "yunopass" "$db_pwd" "$final_path/user/config.php"
 ynh_replace_string "yunobase" "$db_name" "$final_path/user/config.php"
 ynh_replace_string "yunodomain" "$domain" "$final_path/user/config.php"
 ynh_replace_string "_yourlspath" "${path_url%/}" "$final_path/user/config.php"
-ynh_replace_string "yourlsuser" "$admin" "$final_path/user/config.php"
-ynh_replace_string "yourpassword" "$pass" "$final_path/user/config.php"
 ynh_replace_string "modify this text with something random" "$(ynh_string_random 24)$(ynh_string_random 24)" "$final_path/user/config.php"
 
 # The script "add_sso_conf.py" will just add en entry for the path "/admin" in the sso conf.json.persistent file in the cathegory "protected_urls".
@@ -145,6 +143,9 @@ sudo chown -R $app: $final_path
 # Reload Nginx and regenerate SSOwat conf
 
 yunohost app setting $app unprotected_uris -v "/"
+
+# Restrict access to admin only
+yunohost app addaccess --users=$admin $app
 yunohost app ssowatconf
 
 # Reload Nginx
diff --git a/scripts/restore b/scripts/restore
index 2fe2801..c0aa8b0 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -80,7 +80,7 @@ ynh_system_user_create $app
 #=================================================
 
 # Restore permissions on app files
-chown -R root: $final_path
+chown -R $app: $final_path
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 7bec7f8..ab2d65b 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -131,6 +131,10 @@ chown -R $app: $final_path
 
 ynh_app_setting_set $app unprotected_uris "/"
 
+# Restrict access to admin only
+yunohost app addaccess --users=$admin $app
+yunohost app ssowatconf
+
 
 #=================================================
 # RELOAD NGINX