From 0f49b834fb9038f997e02241345575f7cbcc8c04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?E=CC=81ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Mon, 13 Nov 2023 12:41:11 +0100
Subject: [PATCH] cleaning

---
 conf/htconfig.php | 104 ++++++++++++++++++++++++++++++++++++++++++++++
 scripts/install   |  36 ++++------------
 scripts/upgrade   |  17 ++------
 3 files changed, 115 insertions(+), 42 deletions(-)
 create mode 100644 conf/htconfig.php

diff --git a/conf/htconfig.php b/conf/htconfig.php
new file mode 100644
index 0000000..a2ad41c
--- /dev/null
+++ b/conf/htconfig.php
@@ -0,0 +1,104 @@
+<?php
+
+// If automatic system installation fails: 
+
+// Copy or rename this file to .htconfig.php in the top level 
+// Hubzilla directory
+
+// Why .htconfig.php? Because it contains sensitive information which could
+// give somebody complete control of your database. Apache's default 
+// configuration denies access to and refuses to serve any file beginning 
+// with .ht
+
+// Then set the following for your MySQL installation
+
+$db_host = 'localhost'; // Use 'localhost' if you aren't using a remote server
+$db_port = 0;                    // leave 0 for default or set your port
+$db_user = '__DB_USER__';
+$db_pass = '__DB_PWD__';
+$db_data = '__DB_NAME__';
+$db_type = __DB_TYPE__; // use 1 for postgres, 0 for mysql
+
+/*
+ * Notice: Many of the following settings will be available in the admin panel 
+ * after a successful site install. Once they are set in the admin panel, they
+ * are stored in the DB - and the DB setting will over-ride any corresponding
+ * setting in this file
+ *
+ * The command-line tool util/config is able to query and set the DB items 
+ * directly if for some reason the admin panel is not available and a system
+ * setting requires modification. 
+ *
+ */ 
+
+
+// Choose a legal default timezone. If you are unsure, use "America/Los_Angeles".
+// It can be changed later and only applies to timestamps for anonymous viewers.
+
+App::$config['system']['timezone'] = '__TIMEZONE__';
+
+// What is your site name? DO NOT ADD A TRAILING SLASH!
+
+App::$config['system']['baseurl'] = 'https://__DOMAIN__';
+App::$config['system']['sitename'] = "Zap";
+App::$config['system']['location_hash'] = '__RANDOM_STRING__';
+
+
+// These lines set additional security headers to be sent with all responses
+// You may wish to set transport_security_header to 0 if your server already sends
+// this header. content_security_policy may need to be disabled if you wish to
+// run the piwik analytics plugin or include other offsite resources on a page
+
+App::$config['system']['transport_security_header'] = 1;
+App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
+
+
+// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
+// Be certain to create your own personal account before setting 
+// REGISTER_CLOSED. 'register_text' (if set) will be displayed prominently on 
+// the registration page. REGISTER_APPROVE requires you set 'admin_email'
+// to the email address of an already registered person who can authorise
+// and/or approve/deny the request. 
+
+// In order to perform system administration via the admin panel, admin_email
+// must precisely match the email address of the person logged in.
+
+App::$config['system']['register_policy'] = REGISTER_OPEN;
+App::$config['system']['register_text'] = '';
+App::$config['system']['admin_email'] = '__EMAIL__';
+
+// Location of PHP command line processor
+
+App::$config['system']['php_path'] = 'php__PHPVERSION__';
+
+
+// Configure how we communicate with directory servers.
+// DIRECTORY_MODE_NORMAL     = directory client, we will find a directory (all of your member's queries will be directed elsewhere)
+// DIRECTORY_MODE_SECONDARY  = caching directory or mirror (keeps in sync with realm primary [adds significant cron execution time])
+// DIRECTORY_MODE_PRIMARY    = main directory server (you do not want this unless you are operating your own realm. one per realm.)
+// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services (only local site members in directory)
+
+App::$config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;
+
+
+// PHP error logging setup
+// Before doing this ensure that the webserver has permission
+// to create and write to php.out in the top level Red directory,
+// or change the name (below) to a file/path where this is allowed.
+
+ini_set('display_errors', '0');
+
+// Uncomment the following 4 lines to turn on PHP error logging.
+//error_reporting(E_ERROR | E_PARSE ); 
+ini_set('error_log','php.log'); 
+ini_set('log_errors','1'); 
+
+
+App::$config['system']['addon'] = 'ldapauth';
+
+App::$config['ldapauth']['ldap_server'] = 'localhost';
+App::$config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=yunohost,dc=org';
+App::$config['ldapauth']['ldap_userattr'] = 'uid';
+App::$config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
+App::$config['ldapauth']['create_account'] = '1';
diff --git a/scripts/install b/scripts/install
index 654662f..4736996 100755
--- a/scripts/install
+++ b/scripts/install
@@ -14,16 +14,13 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 email=$(ynh_user_get_info --username=$admin --key=mail)
-upload="256M"
 random_string=$(ynh_string_random --length=48)
 
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
-#REMOVEME? ynh_print_info "Storing installation settings..."
+ynh_print_info "Storing installation settings..."
 
-ynh_app_setting_set --app=$app --key=email --value=$email
-ynh_app_setting_set --app=$app --key=upload --value=$upload
 ynh_app_setting_set --app=$app --key=random_string --value=$random_string
 
 #=================================================
@@ -78,13 +75,7 @@ mkdir -p "${install_dir}/store"
 mkdir -p  "${install_dir}/cache/smarty3"
 chmod -R 775 $install_dir/store $install_dir/cache
 
-# Copy the template install/htconfig.sample.php to .htconfig.php
-config="$install_dir/.htconfig.php"
-ynh_script_progression --message="Moving .htconfig.php to root of Zap ..."
-cp $install_dir/install/htconfig.sample.php $config
-config="$install_dir/.htconfig.php"
 # Create php.log inside for logs
-ynh_print_info "Create php.log for the debuging..."
 touch "$install_dir/php.log"
 
 chmod 750 "$install_dir"
@@ -104,38 +95,27 @@ ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
 
 if [  $database == "mysql" ]; then
 	ynh_script_progression --message="Creating a MySQL database..."
+	db_type=0
 	ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
 	ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < $install_dir/install/schema_mysql.sql
 elif [ $database == "postgresql" ]; then
 	# Create postgresql database
 	ynh_script_progression --message="Creating a PostgreSQL database..."
-	ynh_replace_string --match_string="db_type = 0;" --replace_string="db_type = 1;" --target_file="$config"
+	db_type=1
 	ynh_psql_test_if_first_run
 	ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
 	ynh_psql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" < $install_dir/install/schema_postgres.sql
 fi
 
 #=================================================
-# MODIFY A CONFIG FILE
+# ADD A CONFIGURATION
 #=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
 
-ynh_replace_string --match_string="your.mysqlhost.com" --replace_string="localhost" --target_file="$config"
-ynh_replace_string --match_string= "mysqlpassword" --replace_string="$db_pwd" --target_file="$config"
-ynh_replace_string --match_string="mysqlusername" --replace_string="$db_name" --target_file="$config"
-ynh_replace_string --match_string= "mysqldatabasename" --replace_string="$db_name" --target_file="$config"
-ynh_replace_string --match_string= "mysite.example" --replace_string="$domain" --target_file="$config"
-ynh_replace_string --match_string= "if the auto install failed, put a unique random string here" --replace_string="$random_string" --target_file="$config"
-sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" "$config"
-ynh_replace_string --match_string= "//error_reporting(E_ERROR | E_WARNING | E_PARSE );" --replace_string="error_reporting(E_ERROR | E_WARNING | E_PARSE );" --target_file="$config"
-ynh_replace_string --match_string= "//ini_set('error_log','php.out');" --replace_string="ini_set('error_log','php.log');" --target_file="$config"
-ynh_replace_string --match_string= "//ini_set('log_errors','1');" --replace_string="ini_set('log_errors','1');" --target_file="$config"
-ynh_replace_string --match_string= "//ini_set('display_errors', '0');" --replace_string="ini_set('display_errors', '0');" --target_file="$config"
-sed -i "s/\['php_path'\] = 'php';/\['php_path'\] = 'php$phpversion';/g" "$config"
+ynh_add_config --template="htconfig.php" --destination="$install_dir/.htconfig.php"
 
-# addon LDAP config
-ynh_script_progression --message="Push Ldap configuration to .htconfig.php..."
-
-cat ../conf/ldap_conf.php >> $install_dir/.htconfig.php
+chmod 400 "$install_dir/.htconfig.php"
+chown $app:$app "$install_dir/.htconfig.php"
 
 #=================================================
 # NGINX CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 9f80986..1e11536 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -101,26 +101,15 @@ ynh_add_nginx_config
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 
-### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
-### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
-ynh_backup_if_checksum_is_different --file="$install_dir/.htconfig.php"
-# Recalculate and store the checksum of the file for the next upgrade.
-ynh_store_file_checksum --file="$install_dir/.htconfig.php"
-
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 
-ynh_add_fail2ban_config --logpath="$install_dir/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
-
-#=================================================
-# UPGRADE CRON
-#=================================================
-ynh_script_progression --message="Setting up cron job..."
-
-ynh_add_config --template=".poller-cron" --destination="/etc/cron.d/$app"
+ynh_add_config --template="poller-cron" --destination="/etc/cron.d/$app"
 chown root: "/etc/cron.d/$app"
 chmod 644 "/etc/cron.d/$app"
 
+ynh_add_fail2ban_config --logpath="$install_dir/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP <HOST>.*$" --max_retry="5"
+
 #=================================================
 # END OF SCRIPT
 #=================================================