From 36f75ce177c01ddf343cbb7bd48f5063aabbcb27 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 9 Jun 2021 18:26:39 +0200 Subject: [PATCH] new permission hpb, some fixes --- check_process | 1 + conf/config.json | 3 ++- conf/systemd.service | 1 + scripts/change_url | 4 ++++ scripts/install | 19 ++++++++++++++----- scripts/remove | 2 +- scripts/restore | 6 ++++-- scripts/upgrade | 19 +++++++++++++++++-- 8 files changed, 44 insertions(+), 11 deletions(-) diff --git a/check_process b/check_process index 8d88180..f596848 100644 --- a/check_process +++ b/check_process @@ -4,6 +4,7 @@ path="/path" admin="homer" user_home="1" + use_notify_push="1" ; Checks pkg_linter=1 setup_sub_dir=1 diff --git a/conf/config.json b/conf/config.json index 70efa3f..d60e191 100644 --- a/conf/config.json +++ b/conf/config.json @@ -12,7 +12,8 @@ "password": "" }, "hashing_default_password": true, - "localstorage.allowsymlinks": true + "localstorage.allowsymlinks": true, + "trusted_proxies": [ "127.0.0.1", "::1" ] }, "apps": { "user_ldap": { diff --git a/conf/systemd.service b/conf/systemd.service index 9f26878..ef9e7b6 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -4,6 +4,7 @@ Description = Push daemon for Nextcloud clients [Service] Environment=SOCKET_PATH=/var/run/__APP__/notify-push.sock Environment=NEXTCLOUD_URL=https://__DOMAIN____PATH__ +Environment=ALLOW_SELF_SIGNED=true ExecStart=__FINAL_PATH__/apps/notify_push/bin/x86_64/notify_push __FINAL_PATH__/config/config.php User=__APP__ Group=__APP__ diff --git a/scripts/change_url b/scripts/change_url index ebc58ae..17503e2 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -142,6 +142,10 @@ fi if [ $use_notify_push -eq 1 ] then + domain="$new_domain" + path_url="$new_path" + exec_occ config:app:set notify_push base_endpoint --value https://$domain$path_url/push + ynh_add_systemd_config --service="${app}-notify-push" ynh_systemd_action --service_name="${app}-notify-push" --action=restart diff --git a/scripts/install b/scripts/install index a236eac..f1f6ca9 100755 --- a/scripts/install +++ b/scripts/install @@ -313,13 +313,12 @@ ynh_multimedia_addaccess $app if [ $use_notify_push -eq 1 ] then exec_occ app:install notify_push + exec_occ config:app:set notify_push base_endpoint --value https://$domain$path_url/push mkdir -p /var/run/$app/ chown $app: /var/run/$app/ ynh_add_systemd_config --service="${app}-notify-push" - - ynh_systemd_action --service_name="${app}-notify-push" --action=restart fi #================================================= @@ -336,6 +335,10 @@ find $datadir/ -type f -print0 | xargs -0 chmod 0640 find $datadir/ -type d -print0 | xargs -0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app +if [ $use_notify_push -eq 1 ] +then + chmod 740 $final_path/apps/notify_push/bin/x86_64/notify_push +fi #================================================= # SETUP LOGROTATE @@ -358,7 +361,11 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= ynh_script_progression --message="Configuring SSOwat..." -ynh_permission_create --permission="api" --label="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" + +if [ $use_notify_push -eq 1 ] +then + ynh_permission_create --permission="hpb" --label="High Performance Backend" --url="/push" --additional_urls="/index.php/apps/notify_push/" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +fi #================================================= # RELOAD NGINX @@ -373,8 +380,10 @@ ynh_systemd_action --service_name=nginx --action=reload if [ $use_notify_push -eq 1 ] then - if ! ynh_exec_as "$app" php${phpversion} $final_path/occ notify_push:self-test; then - ynh_print_warn --message="High Performance Backend is not working correctly, try to repair it or contact YNH support." + ynh_systemd_action --service_name="${app}-notify-push" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart $app-notify-push.service\", and run \"sudo -u $app php${phpversion} $final_path/occ notify_push:self-test\" to verify that everything is green." fi fi diff --git a/scripts/remove b/scripts/remove index 527610e..9e2ed19 100755 --- a/scripts/remove +++ b/scripts/remove @@ -85,7 +85,7 @@ ynh_remove_fail2ban_config ynh_script_progression --message="Stopping and removing the systemd service..." ynh_remove_systemd_config --service="${app}-notify-push" -ynh_secure_remove --file="/var/run/$app/" +ynh_secure_remove --file="/var/run/$app" #================================================= # SPECIFIC REMOVE diff --git a/scripts/restore b/scripts/restore index 508a963..fb01c63 100755 --- a/scripts/restore +++ b/scripts/restore @@ -202,8 +202,10 @@ ynh_systemd_action --service_name=nginx --action=reload if [ $use_notify_push -eq 1 ] then - if ! ynh_exec_as "$app" php${phpversion} $final_path/occ notify_push:self-test; then - ynh_print_warn --message="High Performance Backend is not working correctly, try to repair it or contact YNH support." + ynh_systemd_action --service_name="${app}-notify-push" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart $app-notify-push.service\", and run \"sudo -u $app php${phpversion} $final_path/occ notify_push:self-test\" to verify that everything is green." fi fi diff --git a/scripts/upgrade b/scripts/upgrade index 45b6dec..20756b8 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -115,6 +115,15 @@ if ynh_legacy_permissions_exists; then ynh_permission_create --permission="api" --label="api" --url="re:$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" fi +if [ $use_notify_push -eq 1 ] && ! ynh_permission_exists --permission="hpb" +then + ynh_permission_create --permission="hpb" --label="High Performance Backend" --url="/push" --additional_urls="/index.php/apps/notify_push/" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" +elif [ $use_notify_push -eq 0 ] && ynh_permission_exists --permission="hpb" +then + ynh_permission_delete --permission="hpb" +fi + + #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -460,6 +469,10 @@ find $datadir/ -type f -print0 | xargs -0 chmod 0640 find $datadir/ -type d -print0 | xargs -0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app +if [ $use_notify_push -eq 1 ] +then + chmod 740 $final_path/apps/notify_push/bin/x86_64/notify_push +fi #================================================= # WARNING ABOUT THIRD-PARTY APPS @@ -504,8 +517,10 @@ ynh_systemd_action --service_name="php${phpversion}-fpm" --action=reload if [ $use_notify_push -eq 1 ] then - if ! ynh_exec_as "$app" php${phpversion} $final_path/occ notify_push:self-test; then - ynh_print_warn --message="High Performance Backend is not working correctly, try to repair it or contact YNH support." + ynh_systemd_action --service_name="${app}-notify-push" --action=restart + + if ! exec_occ notify_push:self-test; then + ynh_print_warn --message="The High Performance Backend service is still not working properly. Please log in with a user to your NextCloud instance, restart the High Performance Backend service with \"systemctl restart $app-notify-push.service\", and run \"sudo -u $app php${phpversion} $final_path/occ notify_push:self-test\" to verify that everything is green." fi fi