yunohost/helpers/helpers.v2.1.d/utils

#!/bin/bash

YNH_APP_BASEDIR=${YNH_APP_BASEDIR:-$(realpath ..)}

# Handle script crashes / failures
#
# [internal]
#
# usage:
# ynh_exit_properly is used only by the helper ynh_abort_if_errors.
# You should not use it directly.
# Instead, add to your script:
# ynh_clean_setup () {
#        instructions...
# }
#
# This function provide a way to clean some residual of installation that not managed by remove script.
#
# It prints a warning to inform that the script was failed, and execute the ynh_clean_setup function if used in the app script
ynh_exit_properly() {
    local exit_code=$?

    if [[ "${YNH_APP_ACTION:-}" =~ ^install$|^upgrade$|^restore$ ]]
    then
        rm -rf "/var/cache/yunohost/download/"
    fi

    if [ "$exit_code" -eq 0 ]; then
        exit 0 # Exit without error if the script ended correctly
    fi

    trap '' EXIT # Ignore new exit signals
    # Do not exit anymore if a command fail or if a variable is empty
    set +o errexit # set +e
    set +o nounset # set +u

    # Small tempo to avoid the next message being mixed up with other DEBUG messages
    sleep 0.5

    if type -t ynh_clean_setup >/dev/null; then # Check if the function exist in the app script.
        ynh_clean_setup                         # Call the function to do specific cleaning for the app.
    fi

    # Exit with error status
    # We don't call ynh_die basically to avoid unecessary 10-ish
    # debug lines about parsing args and stuff just to exit 1..
    exit 1
}

# Exits if an error occurs during the execution of the script.
#
# [packagingv1]
#
# usage: ynh_abort_if_errors
#
# This configure the rest of the script execution such that, if an error occurs
# or if an empty variable is used, the execution of the script stops immediately
# and a call to `ynh_clean_setup` is triggered if it has been defined by your script.
ynh_abort_if_errors() {
    set -o errexit              # set -e; Exit if a command fail
    set -o nounset              # set -u; And if a variable is used unset
    trap ynh_exit_properly EXIT # Capturing exit signals on shell script
}

# When running an app script, auto-enable ynh_abort_if_errors except for remove script
if [[ "${YNH_CONTEXT:-}" != "regenconf" ]] && [[ "${YNH_APP_ACTION}" != "remove" ]]
then
    ynh_abort_if_errors
fi

# Execute a command after sudoing as $app
#
# Note that the $PATH variable is preserved (using --preserve-env=PATH)
#
# usage: ynh_exec_as_app COMMAND [ARG ...]
ynh_exec_as_app() {
    sudo --preserve-env=PATH -u "$app" "$@"
}

# Curl abstraction to help with POST requests to local pages (such as installation forms)
#
# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
# | arg: page_uri    - Path (relative to `$path`) of the page where POST data will be sent
# | arg: key1=value1 - (Optionnal) POST key and corresponding value
# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
# | arg: ...         - (Optionnal) More POST keys and values
#
# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
#
# For multiple calls, cookies are persisted between each call for the same app
#
# `$domain` and `$path` should be defined externally (and correspond to the domain.tld and the /path (of the app?))
ynh_local_curl() {
    # Define url of page to curl
    local local_page=$(ynh_normalize_url_path $1)
    local full_path=$path$local_page

    if [ "${path}" == "/" ]; then
        full_path=$local_page
    fi

    local full_page_url=https://localhost$full_path

    # Concatenate all other arguments with '&' to prepare POST data
    local POST_data=""
    local arg=""
    for arg in "${@:2}"; do
        POST_data="${POST_data}${arg}&"
    done
    if [ -n "$POST_data" ]; then
        # Add --data arg and remove the last character, which is an unecessary '&'
        POST_data="--data ${POST_data::-1}"
    fi

    # Wait untils nginx has fully reloaded (avoid curl fail with http2)
    sleep 2

    local cookiefile=/tmp/ynh-$app-cookie.txt
    touch $cookiefile
    chown root $cookiefile
    chmod 700 $cookiefile

    # Temporarily enable visitors if needed...
    local visitors_enabled=$(ynh_permission_has_user --permission="main" --user="visitors" && echo yes || echo no)
    if [[ $visitors_enabled == "no" ]]; then
        ynh_permission_update --permission="main" --add="visitors"
    fi

    # Curl the URL
    curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile

    if [[ $visitors_enabled == "no" ]]; then
        ynh_permission_update --permission="main" --remove="visitors"
    fi
}

_acceptable_path_to_delete() {
    local file=$1

    local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*} /etc/yunohost/{apps,domains,hooks.d} /opt/yunohost 2> /dev/null)

    # Legacy : A couple apps still have data in /home/$app ...
    if [[ -n "${app:-}" ]]
    then
        forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app")
    fi

    # Use realpath to normalize the path ..
    # i.e convert ///foo//bar//..///baz//// to /foo/baz
    file=$(realpath --no-symlinks "$file")
    if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then
        return 1
    else
        return 0
    fi
}

# Remove a file or a directory, checking beforehand that it's not a disastrous location to rm such as entire /var or /home
#
# usage: ynh_safe_rm path_to_remove
ynh_safe_rm() {
    local target="$1"
    set +o xtrace # set +x

    if [ $# -ge 2 ]; then
        ynh_print_warn "/!\ Packager ! You provided more than one argument to ynh_safe_rm but it will be ignored... Use this helper with one argument at time."
    fi

    if [[ -z "$target" ]]; then
        ynh_print_warn "ynh_safe_rm called with empty argument, ignoring."
    elif [[ ! -e $target ]]; then
        ynh_print_info "'$target' wasn't deleted because it doesn't exist."
    elif ! _acceptable_path_to_delete "$target"; then
        ynh_print_warn "Not deleting '$target' because it is not an acceptable path to delete."
    else
        rm --recursive "$target"
    fi

    set -o xtrace # set -x
}

# Read the value of a key in the app's manifest
#
# usage: ynh_read_manifest "key"
# | arg: key - Name of the key to find
# | ret: the value associate to that key
ynh_read_manifest() {
    cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq ".$1" --raw-output
}

# Return the app upstream version, deduced from `$YNH_APP_MANIFEST_VERSION` and strippig the `~ynhX` part
#
# usage: ynh_app_upstream_version
# | ret: the version number of the upstream app
#
# For example, if the manifest contains `4.3-2~ynh3` the function will return `4.3-2`
ynh_app_upstream_version() {
    echo "${YNH_APP_MANIFEST_VERSION/~ynh*/}"
}

# Return 0 if the "upstream" part of the version changed, or 1 otherwise (ie only the ~ynh suffix changed)
#
# usage: if ynh_app_upstream_version_changed; then ...
ynh_app_upstream_version_changed() {
    # "UPGRADE_PACKAGE" means only the ~ynh prefix changed
    [[ "$YNH_APP_UPGRADE_TYPE" == "UPGRADE_PACKAGE" ]] && return 1 || return 0
}

# Compare the current package version is strictly lower than another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before() {
    local version=$1
    [[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"

    dpkg --compare-versions $YNH_APP_CURRENT_VERSION lt $version
}

# Compare the current package version is lower or equal to another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before_or_equal_to 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before_or_equal_to() {
    local version=$1
    [[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"

    dpkg --compare-versions $YNH_APP_CURRENT_VERSION le $version
}

# Apply sane permissions for files installed by ynh_setup_source and ynh_config_add.
#
# [internal]
#
# * Anything below $install_dir is chown $app:$app and chmod o-rwx,g-w
# * The rest is considered as system configuration and chown root, chmod 400
#
_ynh_apply_default_permissions() {
    local target=$1

    is_in_dir() {
        # Returns false if parent is empty
        [ -n "$2" ] || return 1
        local child=$(realpath "$1" 2>/dev/null)
        local parent=$(realpath "$2" 2>/dev/null)
        [[ "${child}" =~ ^$parent ]]
    }

    # App files can have files of their own
    if ynh_system_user_exists --username="$app"; then
        # If this is a file in $install_dir or $data_dir : it should be owned and read+writable by $app only
        if [ -f "$target" ] && (is_in_dir "$target" "${install_dir:-}" || is_in_dir "$target" "${data_dir:-}" || is_in_dir "$target" "/etc/$app")
        then
            chmod 600 "$target"
            chown "$app:$app" "$target"
            return
        fi
        # If this is the install dir (so far this is the only way this helper is called with a directory)
        if [ "$target" ==  "${install_dir:-}" ]
        then
            local group="$app"
            # We set the group to www-data for webapps that do serve static assets, which therefore need to be readable by nginx ...
            # The fact that the app needs this is infered by the existence of an nginx.conf and the presence of "alias" or "root" directive
            if grep -q '^\s*alias\s\|^\s*root\s' "$YNH_APP_BASEDIR/conf/nginx.conf" 2>/dev/null then
                group="www-data"
            fi
            # Files inside should be owned by $app with rw-r----- (+x for folders or files that already have +x)
            # The group needs read/dirtraversal (in particular if it's www-data)
            chmod -R u=rwX,g=r-X,o=--- "$target"
            chown -R "$app:$group" "$target"
            return
        fi
    fi

    # Other files are considered system
    chmod 400 "$target"
    chown root:root "$target"
}

int_to_bool() {
    sed -e 's/^1$/True/g' -e 's/^0$/False/g' -e 's/^true$/True/g' -e 's/^false$/False/g'
}

toml_to_json() {
    python3 -c 'import toml, json, sys; print(json.dumps(toml.load(sys.stdin)))'
}

# Validate an IP address
#
# usage: ynh_validate_ip --family=family --ip_address=ip_address
# | ret: 0 for valid ip addresses, 1 otherwise
#
# example: ynh_validate_ip 4 111.222.333.444
ynh_validate_ip() {
    # ============ Argument parsing =============
    local -A args_array=([f]=family= [i]=ip_address=)
    local family
    local ip_address
    ynh_handle_getopts_args "$@"
    # ===========================================

    [ "$family" == "4" ] || [ "$family" == "6" ] || return 1

    # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
    python3 /dev/stdin <<EOF
import socket
import sys
family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
try:
    socket.inet_pton(family["$family"], "$ip_address")
except socket.error:
    sys.exit(1)
sys.exit(0)
EOF
}

# Get the total or free amount of RAM+swap on the system
#
# [packagingv1]
#
# usage: ynh_get_ram [--free|--total]
# | arg: --free         - Count free RAM+swap
# | arg: --total        - Count total RAM+swap
# | ret: the amount of free ram, in MB (MegaBytes)
ynh_get_ram() {
    # ============ Argument parsing =============
    local -A args_array=([f]=free [t]=total)
    local free
    local total
    ynh_handle_getopts_args "$@"
    free=${free:-0}
    total=${total:-0}
    # ===========================================

    if [ $free -eq $total ]; then
        ynh_print_warn "You have to choose --free or --total when using ynh_get_ram"
        ram=0
    elif [ $free -eq 1 ]; then
        local free_ram=$(LC_ALL=C vmstat --stats --unit M | grep "free memory" | awk '{print $1}')
        local free_swap=$(LC_ALL=C vmstat --stats --unit M | grep "free swap" | awk '{print $1}')
        local free_ram_swap=$((free_ram + free_swap))
        local ram=$free_ram_swap
    elif [ $total -eq 1 ]; then
        local total_ram=$(LC_ALL=C vmstat --stats --unit M | grep "total memory" | awk '{print $1}')
        local total_swap=$(LC_ALL=C vmstat --stats --unit M | grep "total swap" | awk '{print $1}')
        local total_ram_swap=$((total_ram + total_swap))
        local ram=$total_ram_swap
    fi

    echo $ram
}

# Check if the scripts are being run by the package_check in CI
#
# usage: ynh_in_ci_tests
#
# Return 0 if in CI, 1 otherwise
ynh_in_ci_tests() {
    [ "${PACKAGE_CHECK_EXEC:-0}" -eq 1 ]
}

# Retrieve a YunoHost user information
#
# usage: ynh_user_get_info --username=username --key=key
# | arg: --username=    - the username to retrieve info from
# | arg: --key=         - the key to retrieve
# | ret: the value associate to that key
#
# example: mail=$(ynh_user_get_info --username="toto" --key=mail)
ynh_user_get_info() {
    # ============ Argument parsing =============
    local -A args_array=([u]=username= [k]=key=)
    local username
    local key
    ynh_handle_getopts_args "$@"
    # ===========================================

    yunohost user info "$username" --output-as json --quiet | jq -r ".$key"
}

# Get the list of YunoHost users
#
# usage: ynh_user_list
# | ret: one username per line as strings
#
# example: for u in $(ynh_user_list); do ... ; done
ynh_user_list() {
    yunohost user list --output-as json --quiet | jq -r ".users | keys[]"
}