From 5ff45db4d1931e4b60b3fa9828912fb970a61e57 Mon Sep 17 00:00:00 2001
From: maniack <maniack@maniack-fixe>
Date: Sun, 8 Mar 2020 20:09:34 +0100
Subject: [PATCH] Allow pastes to be seen in private

---
 manifest.json      |  4 ++++
 scripts/change_url | 18 ++++++++++++++++++
 scripts/install    | 10 ++++++++--
 scripts/upgrade    |  6 ++++++
 4 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index d34a079..1ff2094 100644
--- a/manifest.json
+++ b/manifest.json
@@ -49,6 +49,10 @@
                     "en": "Is it a public Zerobin site ?",
                     "fr": "Est-ce un site public ?"
                 },
+                "help": {
+                    "en": "If private, only YunoHost users can create a paste, but everyone can read it.",
+                    "fr": "Si privé, seul les utilisateurs YunoHost peuvent créer un paste, mais tout le monde peut lire."
+                },
                 "default": true
             }
         ]
diff --git a/scripts/change_url b/scripts/change_url
index b15aa51..6dc7d8b 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -75,6 +75,24 @@ then
 	ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
 fi
 
+#=================================================
+# UPDATE SSOWAT
+#=================================================
+ynh_script_progression --message="Reconfiguring SSOwat..."
+
+if [ $is_public -eq 0 ]
+then
+    # If the app is private, viewing images stays publicly accessible.
+    if [ "$new_path" == "/" ]; then
+        # If the path is /, clear it to prevent any error with the regex.
+        new_path=""
+    fi
+    # Modify the domain to be used in a regex
+    domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
+    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$new_path/$"
+    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$new_path/.*$"
+fi
+
 #=================================================
 # GENERIC FINALISATION
 #=================================================
diff --git a/scripts/install b/scripts/install
index c22e678..b7b4cc8 100644
--- a/scripts/install
+++ b/scripts/install
@@ -105,8 +105,14 @@ ynh_script_progression --message="Configuring SSOwat..."
 
 # If app is public, add url to SSOWat conf as skipped_uris
 if [ $is_public -eq 1 ]; then
-  # unprotected_uris allows SSO credentials to be passed anyway.
-  ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+    # unprotected_uris allows SSO credentials to be passed anyway.
+    ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+else
+    # If the app is private, viewing paste stays publicly accessible.
+    # Modify the domain to be used in a regex
+    domain_regex=$(echo "$domain" | sed 's@-@.@g')
+    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$"
+    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index bf94e62..6684832 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -142,6 +142,12 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
 if [ $is_public -eq 1 ]; then
   # unprotected_uris allows SSO credentials to be passed anyway.
   ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+else
+    # If the app is private, viewing paste stays publicly accessible.
+    # Modify the domain to be used in a regex
+    domain_regex=$(echo "$domain" | sed 's@-@.@g')
+    ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$"
+    ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$"
 fi
 
 #=================================================