From d808ef4dd5eaec10b4c1b4c1fcfc22424bd8e298 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Jan 2024 23:29:54 +0100 Subject: [PATCH 01/11] trying to authorize app ressources url --- manifest.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index bafb0d8..eaad88e 100644 --- a/manifest.toml +++ b/manifest.toml @@ -60,4 +60,5 @@ ram.runtime = "50M" download.url = "/download" download.allowed = "visitors" download.auth_header = false - download.show_tile = false \ No newline at end of file + download.show_tile = false + download.additional_urls = [ "/inter.css", "re:/app.*\.css", "re:/app.*\.js", "re:/icon.*\.svg" ] From f82ea15330e5c5c865646bbf8cbea6aabb9c2d91 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Jan 2024 23:32:41 +0100 Subject: [PATCH 02/11] fix regex --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index eaad88e..29489e5 100644 --- a/manifest.toml +++ b/manifest.toml @@ -61,4 +61,4 @@ ram.runtime = "50M" download.allowed = "visitors" download.auth_header = false download.show_tile = false - download.additional_urls = [ "/inter.css", "re:/app.*\.css", "re:/app.*\.js", "re:/icon.*\.svg" ] + download.additional_urls = [ "/inter.css", "re:\/app.*\.css", "re:\/app.*\.js", "re:\/icon.*\.svg" ] From 017f0d598af84045d1487e58ab4d2c27c093585e Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Jan 2024 23:41:44 +0100 Subject: [PATCH 03/11] allow any js or css --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 29489e5..31bb72f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -61,4 +61,4 @@ ram.runtime = "50M" download.allowed = "visitors" download.auth_header = false download.show_tile = false - download.additional_urls = [ "/inter.css", "re:\/app.*\.css", "re:\/app.*\.js", "re:\/icon.*\.svg" ] + download.additional_urls = "^/.*.css|/.*.js$" From 287ee861d86661f9812de2eebab590fe9befaea4 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Jan 2024 23:53:57 +0100 Subject: [PATCH 04/11] better allowlist --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 31bb72f..5d09b4e 100644 --- a/manifest.toml +++ b/manifest.toml @@ -61,4 +61,4 @@ ram.runtime = "50M" download.allowed = "visitors" download.auth_header = false download.show_tile = false - download.additional_urls = "^/.*.css|/.*.js$" + download.additional_urls = [ "^/.*.css$", "^/.*.js$", "^/.*.svg$", "^/.*.woff2$", "^/favicon.*.png$" ] From 298fffbf6b913f1630d85919e11db122b8a7bd32 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Wed, 17 Jan 2024 00:05:18 +0100 Subject: [PATCH 05/11] am dumdum --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 5d09b4e..bc18ea2 100644 --- a/manifest.toml +++ b/manifest.toml @@ -61,4 +61,4 @@ ram.runtime = "50M" download.allowed = "visitors" download.auth_header = false download.show_tile = false - download.additional_urls = [ "^/.*.css$", "^/.*.js$", "^/.*.svg$", "^/.*.woff2$", "^/favicon.*.png$" ] + download.additional_urls = [ "re:^/.*.css$", "re:^/.*.js$", "re:^/.*.svg$", "re:^/.*.woff2$", "re:^/favicon.*.png$" ] From 93804380e906248b347ca356f0c39b70fa5bcdec Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Wed, 17 Jan 2024 00:10:59 +0100 Subject: [PATCH 06/11] fix --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 9dc8af4..966c646 100644 --- a/manifest.toml +++ b/manifest.toml @@ -54,11 +54,11 @@ ram.runtime = "50M" main.url = "/" api.url = "/api" api.allowed = "visitors" - api.auth_header =false + api.auth_header = false api.show_tile = false api.protected = true download.url = "/download" download.allowed = "visitors" download.auth_header = false download.show_tile = false - download.additional_urls = [ "re:^/.*.css$", "re:^/.*.js$", "re:^/.*.svg$", "re:^/.*.woff2$", "re:^/favicon.*.png$" \ No newline at end of file + download.additional_urls = [ "re:^/.*.css$", "re:^/.*.js$", "re:^/.*.svg$", "re:^/.*.woff2$", "re:^/favicon.*.png$" ] \ No newline at end of file From 4de99003441df1cde04e9a73500724163f15505f Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Wed, 17 Jan 2024 01:10:02 +0100 Subject: [PATCH 07/11] absolute urls --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 966c646..5d95cc8 100644 --- a/manifest.toml +++ b/manifest.toml @@ -61,4 +61,4 @@ ram.runtime = "50M" download.allowed = "visitors" download.auth_header = false download.show_tile = false - download.additional_urls = [ "re:^/.*.css$", "re:^/.*.js$", "re:^/.*.svg$", "re:^/.*.woff2$", "re:^/favicon.*.png$" ] \ No newline at end of file + download.additional_urls = [ "re:^__DOMAIN__/.*.css$", "re:^__DOMAIN__/.*.js$", "re:^__DOMAIN__/.*.svg$", "re:^__DOMAIN__/.*.woff2$", "re:^__DOMAIN__/favicon.*.png$" ] From b11796f6636764ff1f844e5e3c7b3dcc9ba43b4a Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Wed, 17 Jan 2024 01:30:55 +0100 Subject: [PATCH 08/11] restrict upload api following the main url --- manifest.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifest.toml b/manifest.toml index 5d95cc8..854ee75 100644 --- a/manifest.toml +++ b/manifest.toml @@ -52,6 +52,7 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" + main.additional_urls = "/api/upload" api.url = "/api" api.allowed = "visitors" api.auth_header = false From 9549a8d5424c85c20ffe97ee1fb4289bb8bf9c1e Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Wed, 17 Jan 2024 01:43:15 +0100 Subject: [PATCH 09/11] quoting vars --- scripts/change_url | 6 +++--- scripts/install | 14 +++++++------- scripts/remove | 4 ++-- scripts/restore | 10 +++++----- scripts/upgrade | 18 +++++++++--------- 5 files changed, 26 insertions(+), 26 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index 0339ec5..5df6755 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" +ynh_systemd_action --service_name="$app" --action="stop" #================================================= # MODIFY URL IN NGINX CONF @@ -36,7 +36,7 @@ domain=$new_domain ynh_add_config --template="../conf/config.js" --destination="$install_dir/server/config.js" chmod 400 "$install_dir/server/config.js" -chown $app:$app "$install_dir/server/config.js" +chown "$app:$app" "$install_dir/server/config.js" #================================================= # GENERIC FINALISATION @@ -46,7 +46,7 @@ chown $app:$app "$install_dir/server/config.js" ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name="$app" --action="start" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index f830ed4..aedf981 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Installing dependencies..." --weight=20 -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version="$nodejs_version" #================================================= # CREATE A REDIS DATABASE @@ -34,7 +34,7 @@ ynh_script_progression --message="Setting up source files..." --weight=2 ynh_setup_source --dest_dir="$install_dir" chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chown -R "$app:www-data" "$install_dir" chmod +x "$install_dir/server/bin/prod.js" #================================================= @@ -49,7 +49,7 @@ env_path="$PATH" # Create a dedicated systemd config ynh_add_systemd_config -yunohost service add $app --description="Simple, private file sharing" --log="/var/log/$app/$app.log" +yunohost service add "$app" --description="Simple, private file sharing" --log="/var/log/$app/$app.log" #================================================= # ADD A CONFIGURATION @@ -59,7 +59,7 @@ ynh_script_progression --message="Adding a configuration file..." --weight=2 ynh_add_config --template="config.js" --destination="$install_dir/server/config.js" chmod 400 "$install_dir/server/config.js" -chown $app: "$install_dir/server/config.js" +chown "$app:" "$install_dir/server/config.js" #================================================= # SPECIFIC SETUP @@ -70,8 +70,8 @@ ynh_script_progression --message="Building app... (this will take some time and pushd "$install_dir" ynh_use_nodejs - ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH $ynh_npm install - ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH $ynh_npm run build + ynh_exec_warn_less ynh_exec_as "$app" env "$ynh_node_load_PATH" "$ynh_npm" install + ynh_exec_warn_less ynh_exec_as "$app" env "$ynh_node_load_PATH" "$ynh_npm" run build popd #================================================= @@ -80,7 +80,7 @@ popd ynh_script_progression --message="Starting a systemd service..." --weight=2 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name="$app" --action="start" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 9846aba..c5feb91 100644 --- a/scripts/remove +++ b/scripts/remove @@ -16,10 +16,10 @@ source /usr/share/yunohost/helpers #================================================= # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_exec_warn_less yunohost service status "$app" >/dev/null then ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove $app + yunohost service remove "$app" fi # Remove the dedicated systemd config diff --git a/scripts/restore b/scripts/restore index 49895c4..7f0a5b5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -18,7 +18,7 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chown -R "$app:www-data" "$install_dir" chmod +x "$install_dir/server/bin/prod.js" #================================================= @@ -28,21 +28,21 @@ chmod +x "$install_dir/server/bin/prod.js" #================================================= ynh_script_progression --message="Reinstalling dependencies..." --weight=7 -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version="$nodejs_version" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet +systemctl enable "$app.service" --quiet -yunohost service add $app --description="Simple, private file sharing" --log="/var/log/$app/$app.log" +yunohost service add "$app" --description="Simple, private file sharing" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name="$app" --action="start" --log_path="systemd" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index b667c3d..dce977e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,7 +22,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -40,11 +40,11 @@ then ynh_script_progression --message="Upgrading source files..." --weight=10 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir=$install_dir --keep="server/config.js" + ynh_setup_source --dest_dir="$install_dir" --keep="server/config.js" fi chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chown -R "$app:www-data" "$install_dir" chmod +x "$install_dir/server/bin/prod.js" #================================================= @@ -52,7 +52,7 @@ chmod +x "$install_dir/server/bin/prod.js" #================================================= ynh_script_progression --message="Upgrading dependencies..." --weight=18 -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version="$nodejs_version" #================================================= # NGINX CONFIGURATION @@ -66,7 +66,7 @@ env_path="$PATH" # Create a dedicated systemd config ynh_add_systemd_config -yunohost service add $app --description="Simple, private file sharing" --log="/var/log/$app/$app.log" +yunohost service add "$app" --description="Simple, private file sharing" --log="/var/log/$app/$app.log" #================================================= # UPDATE A CONFIG FILE @@ -76,7 +76,7 @@ ynh_script_progression --message="Updating a configuration file..." ynh_add_config --template="config.js" --destination="$install_dir/server/config.js" chmod 400 "$install_dir/server/config.js" -chown $app: "$install_dir/server/config.js" +chown "$app:" "$install_dir/server/config.js" #================================================= # SPECIFIC UPGRADE @@ -90,8 +90,8 @@ then pushd "$install_dir" ynh_use_nodejs - ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH $ynh_npm install - ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH $ynh_npm run build + ynh_exec_warn_less ynh_exec_as "$app" env "$ynh_node_load_PATH" "$ynh_npm" install + ynh_exec_warn_less ynh_exec_as "$app" env "$ynh_node_load_PATH" "$ynh_npm" run build popd fi @@ -100,7 +100,7 @@ fi #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name="$app" --action="start" --log_path="systemd" #================================================= # END OF SCRIPT From 0bde20dd8954274995fa31c24afa30c9601298e1 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Wed, 17 Jan 2024 01:45:19 +0100 Subject: [PATCH 10/11] add pre upgrade message --- doc/PRE_UPGRADE.d/3.4.23~ynh3 | 1 + 1 file changed, 1 insertion(+) create mode 100644 doc/PRE_UPGRADE.d/3.4.23~ynh3 diff --git a/doc/PRE_UPGRADE.d/3.4.23~ynh3 b/doc/PRE_UPGRADE.d/3.4.23~ynh3 new file mode 100644 index 0000000..d6f1a0f --- /dev/null +++ b/doc/PRE_UPGRADE.d/3.4.23~ynh3 @@ -0,0 +1 @@ +Now with the `3.4.23~ynh3` version, the Send package supports download link sharing even if the app is protected by the YunoHost login page. \ No newline at end of file From 931afeadd6d0f22a832444f26c22fad3f1d62b68 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Wed, 17 Jan 2024 02:42:52 +0100 Subject: [PATCH 11/11] Update manifest.toml: additional_urls should be a list --- manifest.toml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 854ee75..c9fd8e0 100644 --- a/manifest.toml +++ b/manifest.toml @@ -52,12 +52,14 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" - main.additional_urls = "/api/upload" + main.additional_urls = ["/api/upload"] + api.url = "/api" api.allowed = "visitors" api.auth_header = false api.show_tile = false api.protected = true + download.url = "/download" download.allowed = "visitors" download.auth_header = false