freedombone-app-fedwiki

#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# Federated wiki
#
# The wiki itself looks ok, but there is no straightforward way for a
# user to authenticate which isn't proprietary
#
# License
# =======
#
# Copyright (C) 2017-2019 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim writer'

APP_CATEGORY=publishing

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
REQUIRES_APP=

FEDWIKI_DOMAIN_NAME=
FEDWIKI_CODE=
FEDWIKI_VERSION='0.15.0'
FEDWIKI_ONION_PORT=8131
FEDWIKI_PORT=3053
FEDWIKI_DATA=/var/lib/fedwiki
FEDWIKI_COOKIE=

FEDWIKI_SHORT_DESCRIPTION=$'Federated wiki'
FEDWIKI_DESCRIPTION=$'Federated wiki'
FEDWIKI_MOBILE_APP_URL=

fedwiki_variables=(FEDWIKI_DOMAIN_NAME
                   FEDWIKI_CODE
                   FEDWIKI_COOKIE
                   FEDWIKI_ADMIN_PASSWORD
                   ONION_ONLY
                   DDNS_PROVIDER
                   MY_USERNAME
                   MY_EMAIL_ADDRESS)

function upgrade_distro_fedwiki {
    target_distro="$1"

    if [[ "$target_distro" == 'buster' ]]; then
        echo -n ''
    fi
}

function fedwiki_setting_password {
    # change the password via the web UI
    new_password="$1"

    if [ ${#new_password} -lt 8 ]; then
        return
    fi
    if [[ "$new_password" == *' '* || "$new_password" == *'"'* ]]; then
        return
    fi

    MY_USERNAME=$(grep 'MY_USERNAME=' "/root/${PROJECT_NAME}.cfg" | awk -F '=' '{print $2}')
    sed -i "s|--cookieSecret .*|--cookieSecret '${new_password}'|g" /etc/systemd/system/fedwiki.service

    fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
    { echo '{';
      echo "  \"name\": \"${MY_USERNAME}\",";
      echo '  "friend": {';
      echo "    \"secret\": \"${new_password}\"";
      echo '  }';
      echo '}'; } > $fedwiki_auth_file

    chown fedwiki:fedwiki $fedwiki_auth_file

    systemctl daemon-reload
    systemctl restart fedwiki
}

function fedwiki_setting_favicon {
    # change the favicon via the web UI
    image_url="$1"

    if [[ "$image_url" != 'http'* ]]; then
        return
    fi
    if [ ${#image_url} -gt 256 ]; then
        return
    fi

    image_extension=
    if [[ "$image_url" == *'.jpg' || "$image_url" == *'.jpeg' ]]; then
        image_extension='jpg'
    fi
    if [[ "$image_url" == *'.gif' ]]; then
        image_extension='gif'
    fi
    if [[ "$image_url" == *'.png' ]]; then
        image_extension='png'
    fi
    if [ ! $image_extension ]; then
        echo $'Invalid image type'
        return
    fi

    image_filename=$FEDWIKI_DATA/status/favicon.${image_extension}
    if [ -f "$image_filename" ]; then
        mv "$image_filename" "${image_filename}.prev"
    fi
    wget "$image_url" -O "$image_filename"
    if [ ! -f "$image_filename" ]; then
        if [ -f "${image_filename}.prev" ]; then
            mv "${image_filename}.prev" "${image_filename}"
        fi
        return
    fi
    rm "${image_filename}.prev"

    if [[ "$image_url" == *'.jpg' || "$image_url" == *'.jpeg' || "$image_url" == *'.gif' ]]; then
        convert "$image_filename" -resize "32x32" "$FEDWIKI_DATA/status/favicon.png"
        if [ ! -f "$FEDWIKI_DATA/status/favicon.png" ]; then
            return
        fi

        # remove the original
        rm "$image_filename"

        image_extension='png'
        image_filename="$FEDWIKI_DATA/status/favicon.png"
    else
        convert "$image_filename" -resize "32x32" "$image_filename"
    fi
    chown fedwiki:fedwiki "$image_filename"
}

function fedwiki_remove_bad_links {
    if [[ $ONION_ONLY == 'no' ]]; then
        sed -i "s|maxcdn.bootstrapcdn.com|${FEDWIKI_DOMAIN_NAME}|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
    else
        sed -i "s|https://maxcdn.bootstrapcdn.com|http://${FEDWIKI_ONION_HOSTNAME}|g" /var/lib/wiki/node_modules/wiki-security-friends/client/security.js
    fi

    if [ -f /var/lib/wiki/node_modules/localforage/docs/theme/style.css ]; then
        sed -i '/googleapi/d' /var/lib/wiki/node_modules/localforage/docs/theme/style.css
    fi

    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then
        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html
    fi

    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then
        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/done.html
    fi

    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then
        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html
    fi

    if [ -f /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then
        sed -i '/googleapi/d' /var/lib/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html
    fi

    if [ -d /var/lib/wiki/node_modules/passport-google-oauth20 ]; then
        rm -rf /var/lib/wiki/node_modules/passport-google-oauth20
    fi

    if [ -d /var/lib/wiki/node_modules/passport-oauth2 ]; then
        rm -rf /var/lib/wiki/node_modules/passport-oauth2
    fi

    if [ -d /var/lib/wiki/node_modules/passport-twitter ]; then
        rm -rf /var/lib/wiki/node_modules/passport-twitter
    fi

    if [ -d /var/lib/wiki/node_modules/passport-github ]; then
        rm -rf /var/lib/wiki/node_modules/passport-github
    fi
}

function logging_on_fedwiki {
    echo -n ''
}

function logging_off_fedwiki {
    echo -n ''
}

function remove_user_fedwiki {
    remove_username="$1"
}

function add_user_fedwiki {
    if [[ $(app_is_installed fedwiki) == "0" ]]; then
        echo '0'
        return
    fi

    new_username="$1"
    new_user_password="$2"

    echo '0'
}

function install_interactive_fedwiki {
    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

    if [[ $ONION_ONLY != "no" ]]; then
        FEDWIKI_DOMAIN_NAME='fedwiki.local'
        write_config_param "FEDWIKI_DOMAIN_NAME" "$FEDWIKI_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details "fedwiki" "FEDWIKI_DOMAIN_NAME" "FEDWIKI_CODE"
    fi
    APP_INSTALLED=1
}

function change_password_fedwiki {
    FEDWIKI_USERNAME="$1"
    FEDWIKI_PASSWORD="$2"
    if [ ${#FEDWIKI_PASSWORD} -lt 8 ]; then
        echo $'Fedwiki password is too short'
        return
    fi
    "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
    sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
    sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
    systemctl daemon-reload
    systemctl restart fedwiki
    write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
}

function reconfigure_fedwiki {
    echo -n ''
}

function upgrade_fedwiki {
    CURR_FEDWIKI_VERSION=$(get_completion_param "fedwiki version")
    if [[ "$CURR_FEDWIKI_VERSION" == "$FEDWIKI_VERSION" ]]; then
        return
    fi

    systemctl stop fedwiki
    npm upgrade -g wiki@$FEDWIKI_VERSION

    cp -r /root/.npm-global/lib/node_modules/wiki/* /var/lib/wiki/
    cp /root/.npm-global/bin/wiki /var/lib/wiki/wiki
    chown -R fedwiki:fedwiki /var/lib/wiki

    fedwiki_remove_bad_links

    chown -R fedwiki:fedwiki $FEDWIKI_DATA
    systemctl start fedwiki

    set_completion_param "fedwiki version" "$FEDWIKI_VERSION"
}

function backup_local_fedwiki {
    FEDWIKI_DOMAIN_NAME='fedwiki.local'
    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
        FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
    fi

    systemctl stop fedwiki
    suspend_site "${FEDWIKI_DOMAIN_NAME}"

    fedwiki_path=$FEDWIKI_DATA
    if [ -d $fedwiki_path ]; then
        backup_directory_to_usb $fedwiki_path fedwiki
    fi

    restart_site
    systemctl start fedwiki
}

function restore_local_fedwiki {
    FEDWIKI_DOMAIN_NAME='fedwiki.local'
    if grep -q "fedwiki domain" "$COMPLETION_FILE"; then
        FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
    fi
    if [ "$FEDWIKI_DOMAIN_NAME" ]; then
        suspend_site "${FEDWIKI_DOMAIN_NAME}"
        systemctl stop fedwiki

        temp_restore_dir=/root/tempfedwiki
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir fedwiki
        if [ -d $temp_restore_dir ]; then
            if [ -d $temp_restore_dir$FEDWIKI_DATA ]; then
                cp -r $temp_restore_dir$FEDWIKI_DATA/* $FEDWIKI_DATA/
            else
                cp -r $temp_restore_dir/* $FEDWIKI_DATA/
            fi
            chown -R fedwiki:fedwiki $FEDWIKI_DATA
            rm -rf $temp_restore_dir
        fi

        FEDWIKI_PASSWORD=$(grep secret "${FEDWIKI_DATA}/status/owner.json" | awk -F '"' '{print $4}')
        "${PROJECT_NAME}-pass" -u "$FEDWIKI_USERNAME" -a fedwiki -p "$FEDWIKI_PASSWORD"
        sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
        write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
        systemctl daemon-reload
        systemctl start fedwiki
        restart_site
    fi
}

function backup_remote_fedwiki {
    echo -n ''
}

function restore_remote_fedwiki {
    echo -n ''
}

function remove_fedwiki {
    if [ ${#FEDWIKI_DOMAIN_NAME} -eq 0 ]; then
        return
    fi

    systemctl stop fedwiki
    systemctl disable fedwiki
    rm /etc/systemd/system/fedwiki.service
    systemctl daemon-reload

    npm uninstall -g wiki-security-friends
    npm uninstall -g wiki

    function_check remove_nodejs
    remove_nodejs fedwiki

    read_config_param "FEDWIKI_DOMAIN_NAME"
    nginx_dissite "$FEDWIKI_DOMAIN_NAME"
    remove_certs "${FEDWIKI_DOMAIN_NAME}"
    if [ -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME" ]; then
        rm -f "/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"
    fi
    if [ -d "/var/www/$FEDWIKI_DOMAIN_NAME" ]; then
        rm -rf "/var/www/$FEDWIKI_DOMAIN_NAME"
    fi
    if [ -d /var/lib/wiki ]; then
        rm -rf /var/lib/wiki
    fi
    remove_config_param FEDWIKI_DOMAIN_NAME
    remove_config_param FEDWIKI_CODE
    function_check remove_onion_service
    remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
    remove_completion_param "install_fedwiki"
    sed -i '/fedwiki/d' "$COMPLETION_FILE"

    groupdel -f fedwiki
    userdel -r fedwiki

    if [ -d $FEDWIKI_DATA ]; then
        rm -rf $FEDWIKI_DATA
    fi

    function_check remove_ddns_domain
    remove_ddns_domain "$FEDWIKI_DOMAIN_NAME"
}

function fedwiki_setup_web {
    fedwiki_nginx_file="/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME"

    if [[ "$ONION_ONLY" == "no" ]]; then
        { echo 'server {';
        echo '  listen 80;';
        echo '  listen [::]:80;';
        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
        echo "  rewrite ^ https://\$server_name\$request_uri? permanent;";
        echo '}';
        echo '';
        echo 'server {';
        echo '  listen 443 ssl;';
        echo '  #listen [::]:443 ssl;';
        echo "  server_name $FEDWIKI_DOMAIN_NAME;";
        echo ''; } > "$fedwiki_nginx_file"
        function_check nginx_ssl
        nginx_ssl "$FEDWIKI_DOMAIN_NAME" mobile

        { echo '  add_header X-Download-Options noopen;';
          echo '  add_header X-Frame-Options DENY;';
          echo '  add_header X-Content-Type-Options nosniff;';
          echo '  add_header Strict-Transport-Security max-age=15768000;';
          echo '';
          echo '  location /fonts-font-awesome/ {';
          echo '    alias /usr/share/fonts-font-awesome/;';
          echo '  }';
          echo '';
          echo '  location / {';
          echo '';
          echo '    limit_conn conn_limit_per_ip 50;';
          echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
          echo '';
          echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
          echo "    proxy_set_header X-Real-IP \$remote_addr;";
          echo "    proxy_set_header Host \$host;";
          echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
          echo '    client_max_body_size 1M;';
          echo '  }';
          echo '}';
          echo ''; } >> "$fedwiki_nginx_file"
    else
        echo -n '' > "$fedwiki_nginx_file"
    fi
    { echo 'server {';
      echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;";
      echo '  port_in_redirect off;';
      echo "  server_name $FEDWIKI_ONION_HOSTNAME;";
      echo '';
      echo '  add_header X-Frame-Options DENY;';
      echo '  add_header X-Content-Type-Options nosniff;';
      echo '  add_header X-Download-Options noopen;';
      echo '';
      echo '  location /fonts-font-awesome/ {';
      echo '    alias /usr/share/fonts-font-awesome/;';
      echo '  }';
      echo '';
      echo '  location / {';
      echo '';
      echo '    limit_conn conn_limit_per_ip 50;';
      echo '    limit_req zone=req_limit_per_ip burst=50 nodelay;';
      echo '';
      echo "    proxy_pass http://localhost:${FEDWIKI_PORT};";
      echo "    proxy_set_header X-Real-IP \$remote_addr;";
      echo "    proxy_set_header Host \$host;";
      echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;";
      echo '    client_max_body_size 1M;';
      echo '  }';
      echo '}'; } >> "$fedwiki_nginx_file"

    sed -i '/Content-Security-Policy/d' "$fedwiki_nginx_file"
    sed -i '/X-XSS-Protection/d' "$fedwiki_nginx_file"
    sed -i '/X-Permitted-Cross-Domain-Policies/d' "$fedwiki_nginx_file"

    function_check create_site_certificate
    create_site_certificate "$FEDWIKI_DOMAIN_NAME" 'yes'

    function_check nginx_ensite
    nginx_ensite "$FEDWIKI_DOMAIN_NAME"
}

function install_fedwiki {
    # shellcheck disable=SC2153
    if [[ "$VARIANT" == "mesh"* ]]; then
        return
    fi

    if [ ! "$ONION_ONLY" ]; then
        ONION_ONLY='no'
    fi

    if [ ! "$FEDWIKI_DOMAIN_NAME" ]; then
        echo $'The fedwiki domain name was not specified'
        exit 89
    fi

    increment_app_install_progress

    if [ ! -d "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs" ]; then
        mkdir -p "/var/www/$FEDWIKI_DOMAIN_NAME/htdocs"
    fi

    if [ ! -d $FEDWIKI_DATA ]; then
        mkdir -p $FEDWIKI_DATA
    fi

    increment_app_install_progress

    groupadd fedwiki
    useradd -c "Fedwiki system account" -d $FEDWIKI_DATA -m -r -g fedwiki fedwiki
    if [ -d $FEDWIKI_DATA/Maildir ]; then
        rm -rf $FEDWIKI_DATA/Maildir
    fi

    increment_app_install_progress

    function_check install_nodejs
    install_nodejs fedwiki

    increment_app_install_progress

    $INSTALL_PACKAGES fonts-font-awesome

    increment_app_install_progress

    if ! npm install -g wiki@$FEDWIKI_VERSION; then
        echo $'Failed to install fedwiki'
        exit 62
    fi

    increment_app_install_progress

    if ! npm install -g wiki-security-friends@0.1.0; then
        echo $'Failed to install wiki-security-friends'
        exit 78
    fi

    increment_app_install_progress

    if [ ! -f /root/.npm-global/bin/wiki ]; then
        echo $'wiki was not installed'
        exit 52
    fi

    increment_app_install_progress

    if [ ! -d /root/.npm-global/lib/node_modules/wiki ]; then
        echo $'wiki directory not found /root/.npm-global/lib/node_modules/wiki'
        exit 62
    fi

    increment_app_install_progress

    FEDWIKI_ONION_HOSTNAME=$(add_onion_service fedwiki 80 ${FEDWIKI_ONION_PORT})

    increment_app_install_progress

    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
        FEDWIKI_COOKIE="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    else
        if [ ! "$FEDWIKI_COOKIE" ]; then
            FEDWIKI_COOKIE="$(create_password 20)"
        fi
    fi

    cp -r /root/.npm-global/lib/node_modules/wiki /var/lib
    cp /root/.npm-global/bin/wiki /var/lib/wiki
    chown -R fedwiki:fedwiki /var/lib/wiki

    increment_app_install_progress

    { echo '[Unit]';
      echo 'Description=Fedwiki federated wiki';
      echo 'After=syslog.target';
      echo 'After=network.target';
      echo '';
      echo '[Service]';
      echo 'User=fedwiki';
      echo 'Group=fedwiki';
      echo "WorkingDirectory=/var/lib/wiki";
      echo "ExecStart=/var/lib/wiki/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'";
      echo 'StandardOutput=syslog';
      echo 'StandardError=syslog';
      echo 'SyslogIdentifier=fedwiki';
      echo 'Restart=always';
      echo "Environment=NODE_ENV=production";
      echo 'PrivateTmp=true';
      echo 'PrivateDevices=false';
      echo 'NoNewPrivileges=true';
      echo 'CapabilityBoundingSet=~CAP_SYS_ADMIN';
      echo '';
      echo '[Install]';
      echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/fedwiki.service

    if [ ! -d ${FEDWIKI_DATA}/status ]; then
        mkdir -p ${FEDWIKI_DATA}/status
    fi
    fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
    { echo '{';
      echo "  \"name\": \"${MY_USERNAME}\",";
      echo '  "friend": {';
      echo "    \"secret\": \"${FEDWIKI_COOKIE}\"";
      echo '  }';
      echo '}'; } > $fedwiki_auth_file

    chown -R fedwiki:fedwiki $FEDWIKI_DATA

    fedwiki_setup_web

    increment_app_install_progress

    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a fedwiki -p "$FEDWIKI_COOKIE"

    function_check add_ddns_domain
    add_ddns_domain "$FEDWIKI_DOMAIN_NAME"

    fedwiki_remove_bad_links

    increment_app_install_progress

    systemctl enable fedwiki

    increment_app_install_progress

    systemctl daemon-reload

    increment_app_install_progress

    systemctl start fedwiki

    increment_app_install_progress

    systemctl restart nginx

    set_completion_param "fedwiki domain" "$FEDWIKI_DOMAIN_NAME"
    set_completion_param "fedwiki version" "$FEDWIKI_VERSION"
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0