free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
freedomboneeee/src/freedombone-app-cryptpad

693 lines
22 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
# Freedom in the Cloud
#
# cryptpad application
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim writer'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
SHOW_ICANN_ADDRESS_ON_ABOUT=0
CRYPTPAD_ONION_PORT=8119
CRYPTPAD_PORT=9003
CRYPTPAD_PORT2=9005
CRYPTPAD_REPO="https://github.com/xwiki-labs/cryptpad"
CRYPTPAD_COMMIT='756681211b0fcc631ad0477246959fe4d71eb6e7'
CRYPTPAD_DIR=/etc/cryptpad
cryptpad_variables=(ONION_ONLY)
function logging_on_cryptpad {
echo -n ''
}
function logging_off_cryptpad {
echo -n ''
}
function remove_user_cryptpad {
remove_username="$1"
}
function add_user_cryptpad {
new_username="$1"
new_user_password="$2"
echo '0'
}
function install_interactive_cryptpad {
echo -n ''
APP_INSTALLED=1
}
function change_password_cryptpad {
curr_username="$1"
new_user_password="$2"
}
function reconfigure_cryptpad {
if [ -d $CRYPTPAD_DIR/datastore ]; then
rm -rf $CRYPTPAD_DIR/datastore
fi
}
function cryptpad_generate_api_config {
if [ ! -d $CRYPTPAD_DIR/customize/api ]; then
mkdir -p $CRYPTPAD_DIR/customize/api
fi
wget 127.0.0.1:$CRYPTPAD_PORT/api/config -O $CRYPTPAD_DIR/customize/api/config
if [ ! -f $CRYPTPAD_DIR/customize/api/config ]; then
echo $'Unable to wget api/config'
exit 89252
fi
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
}
function upgrade_cryptpad {
CURR_CRYPTPAD_COMMIT=$(get_completion_param "cryptpad commit")
if [[ "$CURR_CRYPTPAD_COMMIT" == "$CRYPTPAD_COMMIT" ]]; then
return
fi
systemctl stop cryptpad
# update to the next commit
function_check set_repo_commit
set_repo_commit $CRYPTPAD_DIR "cryptpad commit" "$CRYPTPAD_COMMIT" $CRYPTPAD_REPO
cd $CRYPTPAD_DIR || exit 254724
cryptpad_create_config
npm upgrade
npm install
rm -rf $CRYPTPAD_DIR/.cache/bower
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
su -c './node_modules/bower/bin/bower update --config.interactive=false' - cryptpad
cryptpad_generate_api_config
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
systemctl start cryptpad
}
function backup_local_cryptpad {
source_directory=$CRYPTPAD_DIR/datastore
if [ -d $source_directory ]; then
systemctl stop cryptpad
dest_directory=cryptpad
function_check suspend_site
suspend_site cryptpad
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
function_check restart_site
restart_site
systemctl start cryptpad
fi
}
function restore_local_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir cryptpad
if [ ! -d $temp_restore_dir$CRYPTPAD_DIR/datastore ]; then
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
exit 8736529
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
fi
rm -rf $temp_restore_dir
systemctl start cryptpad
fi
}
function backup_remote_cryptpad {
if grep -q "cryptpad domain" "$COMPLETION_FILE"; then
temp_backup_dir=$CRYPTPAD_DIR/datastore
if [ -d $temp_backup_dir ]; then
systemctl stop cryptpad
function_check suspend_site
suspend_site cryptpad
echo $"Backing up Cryptpad installation"
function_check backup_directory_to_friend
backup_directory_to_friend $temp_backup_dir cryptpad
function_check restart_site
restart_site
systemctl start cryptpad
else
echo $"cryptpad domain specified but not found in ${temp_backup_dir}"
fi
fi
}
function restore_remote_cryptpad {
if [ -d $CRYPTPAD_DIR ]; then
systemctl stop cryptpad
temp_restore_dir=/root/tempcryptpad
function_check restore_directory_from_usb
restore_directory_from_friend $temp_restore_dir cryptpad
if [ ! -d $temp_restore_dir$CRYPTPAD_DIR/datastore ]; then
if [ -d $temp_restore_dir ]; then
cp -r $temp_restore_dir/* $CRYPTPAD_DIR/datastore/
else
systemctl start cryptpad
echo 'Failed to restore cryptpad'
rm -rf $temp_restore_dir
return
fi
else
cp -r $temp_restore_dir$CRYPTPAD_DIR/datastore/* $CRYPTPAD_DIR/datastore/
fi
rm -rf $temp_restore_dir
systemctl start cryptpad
fi
}
function remove_cryptpad {
systemctl stop cryptpad
systemctl disable cryptpad
if [ -f /etc/systemd/system/cryptpad.service ]; then
rm /etc/systemd/system/cryptpad.service
fi
systemctl daemon-reload
function_check remove_nodejs
remove_nodejs cryptpad
nginx_dissite cryptpad
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -f /etc/nginx/sites-available/cryptpad ]; then
rm /etc/nginx/sites-available/cryptpad
fi
function_check remove_onion_service
remove_onion_service cryptpad ${CRYPTPAD_ONION_PORT}
remove_app cryptpad
remove_completion_param install_cryptpad
sed -i '/cryptpad/d' "$COMPLETION_FILE"
userdel -r cryptpad
}
function cryptpad_create_config {
cryptpad_install_type=$1
cryptpad_prefix=
if [[ "$cryptpad_install_type" == "mesh" ]]; then
# shellcheck disable=SC2154
cryptpad_prefix="$rootdir"
fi
{ echo '/*@flow*/';
echo '/*';
echo ' globals module';
echo '*/';
echo "var domain = ' http://localhost:${CRYPTPAD_PORT}/';";
echo 'module.exports = {';
echo " httpAddress: '::',";
echo ' httpHeaders: {';
echo ' "X-XSS-Protection": "1; mode=block",';
echo ' "X-Content-Type-Options": "nosniff",';
echo ' "Access-Control-Allow-Origin": "*"';
echo ' },';
echo '';
echo ' contentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self' \" + domain,";
echo " \"script-src 'self'\" + domain,";
echo " \"font-src 'self' data:\" + domain,";
echo '';
echo ' "child-src blob: *",';
echo ' "frame-src blob: *",';
echo ' "media-src * blob:",';
echo '';
echo " \"connect-src 'self' ws: wss: blob:\" + domain,";
echo '';
echo " \"img-src 'self' data: blob:\" + domain,";
echo '';
echo ' "frame-ancestors *",';
echo " ].join('; '),";
echo '';
echo ' padContentSecurity: [';
echo " \"default-src 'none'\",";
echo " \"style-src 'unsafe-inline' 'self'\" + domain,";
echo " \"script-src 'self' 'unsafe-eval' 'unsafe-inline'\" + domain,";
echo " \"font-src 'self'\" + domain,";
echo '';
echo ' "child-src *",';
echo ' "frame-src *",';
echo '';
echo " \"connect-src 'self' ws: wss:\" + domain,";
echo '';
echo ' "img-src * blob:",';
echo " ].join('; '),";
echo '';
echo " httpPort: ${CRYPTPAD_PORT},";
echo '';
echo ' // This is for allowing the cross-domain iframe to function when developing';
echo " httpSafePort: ${CRYPTPAD_PORT2},";
echo '';
echo " websocketPath: '/cryptpad_websocket',";
echo '';
echo ' logToStdout: false,';
echo '';
echo ' verbose: false,';
echo '';
echo ' mainPages: [';
echo " 'index'";
echo ' ],';
echo '';
echo ' removeDonateButton: true,';
echo ' allowSubscriptions: false,'; } > "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" == "mesh" ]]; then
echo " myDomain: 'http://P${PEER_ID}.local'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
CRYPTPAD_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_cryptpad/hostname)
echo " myDomain: 'http://${CRYPTPAD_ONION_HOSTNAME}'," >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
fi
{ echo ' defaultStorageLimit: 50 * 1024 * 1024,';
echo '';
echo ' customLimits: {';
echo ' },';
echo '';
echo ' adminEmail: false,';
echo '';
echo " storage: './storage/file',";
echo '';
echo " filePath: './datastore/',";
echo " pinPath: './pins',";
echo " blobPath: './blob',";
echo " blobStagingPath: './blobstage',";
echo ' channelExpirationMs: 30000,';
echo ' openFileLimit: 1024,';
echo " rpc: './rpc.js',";
echo ' suppressRPCErrors: false,';
echo ' enableUploads: true,';
echo ' //restrictUploads: false,';
echo ' maxUploadSize: 20 * 1024 * 1024,';
echo ' //logFeedback: true,';
echo ' //logRPC: true,';
echo '};'; } >> "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
if [[ "$cryptpad_install_type" != "mesh" ]]; then
chown cryptpad:cryptpad "$cryptpad_prefix$CRYPTPAD_DIR/config.js"
else
chroot "$rootdir" chown cryptpad:cryptpad $CRYPTPAD_DIR/config.js
fi
}
function mesh_install_cryptpad {
# shellcheck disable=SC2153
if [[ "$VARIANT" != "meshclient" && "$VARIANT" != "meshusb" ]]; then
return
fi
if [ ! -d "$rootdir/var/www/cryptpad" ]; then
mkdir "$rootdir/var/www/cryptpad"
fi
if [ -d "$rootdir$CRYPTPAD_DIR" ]; then
rm -rf "$rootdir$CRYPTPAD_DIR"
fi
git_clone "$CRYPTPAD_REPO" "$rootdir$CRYPTPAD_DIR"
if [ ! -d "$rootdir$CRYPTPAD_DIR" ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
chroot "$rootdir" useradd -d $CRYPTPAD_DIR/ cryptpad
cd "$rootdir$CRYPTPAD_DIR" || exit 34683568
git checkout "$CRYPTPAD_COMMIT" -b "$CRYPTPAD_COMMIT"
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
cryptpad_nginx_site=$rootdir/etc/nginx/sites-available/cryptpad
{ echo 'server {';
echo ' listen [::]:80 default_server;';
echo " server_name P${PEER_ID}.local;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }';
echo '';
echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://[::]:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' }';
echo '';
echo ' location ^~ /blob/ {';
echo ' add_header Cache-Control max-age=31536000;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /datastore/ {';
echo ' add_header Cache-Control max-age=0;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > "$cryptpad_nginx_site"
cd "$rootdir$CRYPTPAD_DIR" || exit 6246824624527
get_npm_arch
cat <<EOF > "$rootdir/usr/bin/install_cryptpad"
#!/bin/bash
cd $CRYPTPAD_DIR || exit 358735
npm install --arch=$NPM_ARCH --build-from-source
npm install --arch=$NPM_ARCH bower@1.8.4
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
cp config.example.js config.js
EOF
chmod +x "$rootdir/usr/bin/install_cryptpad"
chroot "$rootdir" /usr/bin/install_cryptpad
if [ ! -f "$rootdir$CRYPTPAD_DIR/config.js" ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
rm "$rootdir/usr/bin/install_cryptpad"
cryptpad_create_config mesh
chroot "$rootdir" chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > "$rootdir/etc/systemd/system/cryptpad.service"
chroot "$rootdir" systemctl enable cryptpad.service
}
function install_cryptpad_main {
if [[ $(app_is_installed cryptpad_main) == "1" ]]; then
return
fi
if [ ! -d /var/www/cryptpad ]; then
mkdir /var/www/cryptpad
fi
if [ -d $CRYPTPAD_DIR ]; then
rm -rf $CRYPTPAD_DIR
fi
if [ -d /repos/cryptpad ]; then
mkdir $CRYPTPAD_DIR
cp -r -p /repos/cryptpad/. $CRYPTPAD_DIR
cd $CRYPTPAD_DIR || exit 3468356385
git pull
else
function_check git_clone
git_clone $CRYPTPAD_REPO $CRYPTPAD_DIR
fi
if [ ! -d $CRYPTPAD_DIR ]; then
echo $'Unable to clone cryptpad repo'
exit 783251
fi
# an unprivileged user to run as
useradd -d $CRYPTPAD_DIR/ cryptpad
cd $CRYPTPAD_DIR || exit 34683655
git checkout $CRYPTPAD_COMMIT -b $CRYPTPAD_COMMIT
set_completion_param "cryptpad commit" "$CRYPTPAD_COMMIT"
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
CRYPTPAD_ONION_HOSTNAME=$(add_onion_service cryptpad 80 ${CRYPTPAD_ONION_PORT})
cryptpad_nginx_site=/etc/nginx/sites-available/cryptpad
{ echo 'server {';
echo " listen 127.0.0.1:$CRYPTPAD_ONION_PORT default_server;";
echo " server_name $CRYPTPAD_ONION_HOSTNAME;";
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo ' # Root';
echo " root $CRYPTPAD_DIR;";
echo '';
echo ' index index.html;';
echo '';
echo " if (\$args ~ ver=) {";
echo " set \$cacheControl max-age=31536000;";
echo ' }';
echo " add_header Cache-Control \$cacheControl;";
echo '';
echo ' add_header X-XSS-Protection "1; mode=block";';
echo ' add_header X-Content-Type-Options nosniff;';
echo ' add_header X-Frame-Options SAMEORIGIN;';
echo '';
echo " if (\$uri = /pad/inner.html) {";
echo " set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";";
echo ' }';
echo '';
echo ' location = /cryptpad_websocket {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo '';
echo ' # WebSocket support (nginx 1.4)';
echo ' proxy_http_version 1.1;';
echo " proxy_set_header Upgrade \$http_upgrade;";
echo ' proxy_set_header Connection upgrade;';
echo ' }';
echo '';
echo ' location ^~ /customize.dist/ {';
echo ' # This is needed in order to prevent infinite recursion between /customize/ and the root';
echo ' }';
echo ' location ^~ /customize/ {';
echo " rewrite ^/customize/(.*)\$ \$1 break;";
echo " try_files /customize/\$uri /customize.dist/\$uri;";
echo ' }';
echo ' location = /api/config {';
echo " proxy_pass http://localhost:$CRYPTPAD_PORT;";
echo " proxy_set_header X-Real-IP \$remote_addr;";
echo " proxy_set_header Host \$host;";
echo " proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
echo ' }';
echo '';
echo ' location ^~ /blob/ {';
echo ' add_header Cache-Control max-age=31536000;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /datastore/ {';
echo ' add_header Cache-Control max-age=0;';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /register/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /login/ {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /about.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /contact.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ^~ /what-is-cryptpad.html {';
echo " try_files \$uri =404;";
echo ' }';
echo '';
echo ' location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {';
echo " rewrite ^(.*)\$ \$1/ redirect;";
echo ' }';
echo '';
echo " try_files /www/\$uri /www/\$uri/index.html /customize/\$uri;";
echo '}'; } > $cryptpad_nginx_site
function_check nginx_ensite
nginx_ensite cryptpad
install_completed cryptpad_main
}
function install_cryptpad {
function_check install_nodejs
install_nodejs cryptpad
install_cryptpad_main
cd $CRYPTPAD_DIR || exit 35483548
npm install
npm install bower@1.8.4
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
su -c './node_modules/bower/bin/bower update --config.interactive=false' - cryptpad
cp config.example.js config.js
if [ ! -f config.js ]; then
echo $'Cryptpad config file not found'
exit 628252
fi
cryptpad_create_config
chown -R cryptpad:cryptpad $CRYPTPAD_DIR
# daemon
{ echo '[Unit]';
echo 'Description=Cryptpad';
echo 'After=syslog.target';
echo 'After=network.target';
echo '';
echo '[Service]';
echo 'User=cryptpad';
echo 'Group=cryptpad';
echo "WorkingDirectory=$CRYPTPAD_DIR";
echo "ExecStart=/usr/local/bin/node $CRYPTPAD_DIR/server.js";
echo 'Environment=PATH=/usr/bin:/usr/local/bin';
echo 'Environment=NODE_ENV=production';
echo 'Restart=on-failure';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/cryptpad.service
systemctl enable cryptpad.service
systemctl daemon-reload
systemctl start cryptpad.service
sleep 8
cryptpad_generate_api_config
# install again
cd $CRYPTPAD_DIR || exit 73537453
su -c './node_modules/bower/bin/bower install --config.interactive=false' - cryptpad
systemctl restart nginx
APP_INSTALLED=1
}
# NOTE: deliberately there is no "exit 0"
Reference in New Issue View Git Blame Copy Permalink