Skip to content
Snippets Groups Projects
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
freedombone-app-zap 17.08 KiB
#!/bin/bash
#  _____               _           _
# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
#
#                              Freedom in the Cloud
#
# Zap application
#
# License
# =======
#
# Copyright (C) 2014-2019 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim social'

APP_CATEGORY=social

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
NOT_ON_ONION=1
REQUIRES_APP=

ZAP_DOMAIN_NAME=
ZAP_CODE=
ZAP_REPO="https://framagit.org/zot/zap"
ZAP_COMMIT='ca3b993e85cf3b08d20f700e134b984eb3f7457c'
ZAP_ADDONS_REPO="https://framagit.org/zot/zap-addons"
ZAP_ADMIN_PASSWORD=

ZAP_SHORT_DESCRIPTION=$'Nomadic social network server'
ZAP_DESCRIPTION=$'Zap is a full featured social network application running under the Zot6 protocol. It provides enhanced privacy modes and identity/content mirroring across multiple servers ("nomadic identity").'
ZAP_MOBILE_APP_URL='https://f-droid.org/en/packages/com.dfa.hubzilla_android/'

zap_variables=(ONION_ONLY
               ZAP_DOMAIN_NAME
               ZAP_CODE
               DDNS_PROVIDER
               MY_EMAIL_ADDRESS
               MY_USERNAME)

function upgrade_distro_zap {
    target_distro="$1"

    if [[ "$target_distro" == 'buster' ]]; then
        echo -n ''
    fi
}

function logging_on_zap {
    echo -n ''
}

function logging_off_zap {
    echo -n ''
}

function remove_user_zap {
    remove_username="$1"
    # TODO: remove user
    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp zap
}

function add_user_zap {
    if [[ $(app_is_installed zap) == "0" ]]; then
        echo '0'
        return
    fi

    new_username="$1"
    new_user_password="$2"
    # TODO: add user
    "${PROJECT_NAME}-pass" -u "$new_username" -a zap -p "$new_user_password"
    echo '0'
}

function install_interactive_zap {
    if [[ "$ONION_ONLY" != "no" ]]; then
        return
    fi

    function_check interactive_site_details
    interactive_site_details zap

    APP_INSTALLED=1
}

function change_password_zap {
    #    ZAP_USERNAME="$1"
    ZAP_PASSWORD="$2"
    if [ ${#ZAP_PASSWORD} -lt 8 ]; then
        echo $'Zap password is too short'
        return
    fi
    # TODO: This doesn't actually change the password
    #${PROJECT_NAME}-pass -u $ZAP_USERNAME -a zap -p "$ZAP_PASSWORD"
}

function zap_create_database {
    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
        ZAP_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
    fi
    if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
        ZAP_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
    fi
    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a zap -p "$ZAP_ADMIN_PASSWORD"
    if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
        return
    fi

    function_check create_database
    create_database zap "$ZAP_ADMIN_PASSWORD"
}

function reconfigure_zap {
    echo -n ''
}

function zap_set_permissions {
    chown -R www-data:www-data "$ZAP_PATH/doc"
    chown -R www-data:www-data "$ZAP_PATH/store"
    chmod -R 755 "$ZAP_PATH/store"
    chmod 1755 "$ZAP_PATH/store/[data]/smarty3"
    chmod 1755 "$ZAP_PATH/view/tpl"
    chmod 1755 "$ZAP_PATH/view/tpl/smarty3"
    chmod 755 "$ZAP_PATH/.htconfig.php"
}

function upgrade_zap {
    ZAP_PATH=/var/www/$ZAP_DOMAIN_NAME/htdocs
    CURR_ZAP_COMMIT=$(get_completion_param "zap commit")
    if [[ "$CURR_ZAP_COMMIT" == "$ZAP_COMMIT" ]]; then
        zap_set_permissions
        return
    fi

    function_check set_repo_commit
    set_repo_commit "$ZAP_PATH" "zap commit" "$ZAP_COMMIT" $ZAP_REPO
    #if [ -d ${ZAP_PATH}/zaddons ]; then
    #    cd ${ZAP_PATH}/zaddons || exit 34
    #    git remote set-url origin $ZAP_ADDONS_REPO
    #fi
    #cd ${ZAP_PATH} || exit 34
    #./util/update_addon_repo zaddons

    if [ -d "$ZAP_PATH/store/[data]/smarty3/compiled" ]; then
        rm -rf "$ZAP_PATH/store/[data]/smarty3/compiled"/*
    fi

    chown -R www-data:www-data "$ZAP_PATH/extend"
    ./util/importdoc
    zap_set_permissions
}

function backup_local_zap {
    zap_path=/var/www/${ZAP_DOMAIN_NAME}/htdocs
    if [ -d "$zap_path" ]; then
        function_check backup_database_to_usb
        backup_database_to_usb zap

        backup_directory_to_usb "$zap_path" zap
    fi
}

function restore_local_zap {
    temp_restore_dir=/root/tempzap
    zap_dir=/var/www/${ZAP_DOMAIN_NAME}/htdocs

    function_check zap_create_database
    zap_create_database

    restore_database zap "${ZAP_DOMAIN_NAME}"
    if [ -d "$USB_MOUNT/backup/zap" ]; then
        if [ ! -d "$zap_dir/store/[data]/smarty3" ]; then
            mkdir -p "$zap_dir/store/[data]/smarty3"
        fi
        chmod -R 755 "$zap_dir/store"
        chown -R www-data:www-data "$zap_dir/"*
        if [ -d $temp_restore_dir ]; then
            rm -rf $temp_restore_dir
        fi

        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
        ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$ZAP_PATH/.htconfig.php"
        MARIADB_PASSWORD=
    fi
}

function backup_remote_zap {
    echo -n ''
}

function restore_remote_zap {
    echo -n ''
}

function remove_zap {
    if [ ${#ZAP_DOMAIN_NAME} -eq 0 ]; then
        return
    fi
    nginx_dissite "$ZAP_DOMAIN_NAME"
    remove_certs "${ZAP_DOMAIN_NAME}"
    if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
        rm -rf "/var/www/$ZAP_DOMAIN_NAME"
    fi
    if [ -f "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME" ]; then
        rm "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
    fi
    function_check drop_database
    drop_database zap
    sed -i '/zap/d' "$COMPLETION_FILE"
    sed -i '/Zotlabs/d' /etc/crontab

    function_check remove_ddns_domain
    remove_ddns_domain "$ZAP_DOMAIN_NAME"
}

function install_zap {
    if [ ! "$ZAP_DOMAIN_NAME" ]; then
        return
    fi

    if [[ "$ONION_ONLY" != "no" ]]; then
        echo $"Zap won't work on an onion address"
        exit 52
    fi

    increment_app_install_progress

    ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"

    function_check install_mariadb
    install_mariadb

    increment_app_install_progress

    if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
        remove_zap
    fi

    function_check get_mariadb_password
    get_mariadb_password

    increment_app_install_progress

    function_check repair_databases_script
    repair_databases_script

    increment_app_install_progress

    $INSTALL_PACKAGES php-common php-cli php-curl php-gd php-mysql php-mcrypt git

    increment_app_install_progress

    $INSTALL_PACKAGES php-dev imagemagick php-imagick libfcgi0ldbl

    increment_app_install_progress

    $INSTALL_PACKAGES php-memcached memcached

    increment_app_install_progress

    if [ ! -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
        mkdir "/var/www/$ZAP_DOMAIN_NAME"
    fi
    if [ ! -d "$ZAP_PATH" ]; then
        mkdir -p "$ZAP_PATH"
    fi

    if [ ! -f "$ZAP_PATH/index.php" ]; then
        if [ -d /repos/zap ]; then
            mkdir -p "$ZAP_PATH"
            cp -r -p /repos/zap/. "$ZAP_PATH"
            cd "$ZAP_PATH" || exit 24
            git pull
        else
            function_check git_clone
            git_clone "$ZAP_REPO" "$ZAP_PATH"
        fi

        git checkout "$ZAP_COMMIT" -b "$ZAP_COMMIT"
        set_completion_param "zap commit" "$ZAP_COMMIT"
        chown -R www-data:www-data "$ZAP_PATH"
    fi

    increment_app_install_progress

    if [ ! -f "$ZAP_PATH/install/schema_mysql.sql" ]; then
        echo $'No database schema found for zap'
        exit 25
    fi

    zap_create_database

    increment_app_install_progress

    function_check add_ddns_domain
    add_ddns_domain "$ZAP_DOMAIN_NAME"

    increment_app_install_progress

    function_check nginx_http_redirect
    nginx_http_redirect "$ZAP_DOMAIN_NAME"
    { echo 'server {';
      echo '    listen 443 ssl;';
      echo '    #listen [::]:443 ssl;';
      echo "    root $ZAP_PATH;";
      echo "    server_name $ZAP_DOMAIN_NAME;";
      echo "    error_log /dev/null;";
      echo '    index index.php;';
      echo '    charset utf-8;';
      echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
    function_check nginx_ssl
    nginx_ssl "$ZAP_DOMAIN_NAME"
    function_check nginx_security_options
    nginx_security_options "$ZAP_DOMAIN_NAME"
    nginx_robots "$ZAP_DOMAIN_NAME"
    { echo '    add_header Strict-Transport-Security max-age=15768000;';
      echo '';
      echo '    fastcgi_param HTTPS on;';
      echo '    include mime.types;';
      echo '';
      echo '    # rewrite to front controller as default rule';
      echo '    location / {';
      echo "        if (!-e \$request_filename) {";
      echo "            rewrite ^(.*)\$ /index.php?req=\$1;";
      echo '        }';
      echo '    }';
      echo '';
      echo "    # make sure webfinger and other well known services aren't blocked";
      echo "    # by denying dot files and rewrite request to the front controller";
      echo '    location ^~ /.well-known/ {';
      echo '        allow all;';
      echo "        if (!-e \$request_filename) {";
      echo "            rewrite ^(.*)\$ /index.php?req=\$1;";
      echo '        }';
      echo '    }';
      echo '';
      echo '    # statically serve these file types when possible';
      echo '    # otherwise fall back to front controller';
      echo '    # allow browser to cache them';
      echo '    # added .htm for advanced source code editor library';
      echo "    # location ~* \\.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)\$ {";
      echo '    #  expires 30d;';
      echo "    #  try_files \$uri /index.php?req=\$uri&\$args;";
      echo '    # }';
      echo '';
      echo '    # block these file types';
      echo "    location ~* \\.(tpl|md|tgz|log|out)\$ {";
      echo '        deny all;';
      echo '    }';
      echo '';
      echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
      echo '    # or a unix socket';
      echo "    location ~* \\.php\$ {";
      echo '        # Zero-day exploit defense.';
      echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
      echo "        # Won't work properly (404 error) if the file is not stored on this";
      echo '        # server, which is entirely possible with php-fpm/php-fcgi.';
      echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
      echo "        # another machine.  And then cross your fingers that you won't get hacked.";
      echo "        try_files \$uri =404;";
      echo '';
      echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
      echo "        fastcgi_split_path_info ^(.+\\.php)(/.+)\$;";
      echo '';
      echo "        fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
      echo '        fastcgi_read_timeout 300;';
      echo '';
      echo '        include fastcgi_params;';
      echo '        fastcgi_index index.php;';
      echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
      echo '    }';
      echo '';
      echo '    # deny access to all dot files';
      echo '    location ~ /\. {';
      echo '        deny all;';
      echo '    }';
      echo '';
      echo '    location ~ /store {';
      echo '        deny all;';
      echo '    }';
      echo '';
      echo '    location ~ /util {';
      echo '        deny all;';
      echo '    }';
      echo '}';
      echo ''; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"

    function_check configure_php
    configure_php

    increment_app_install_progress

    function_check create_site_certificate
    create_site_certificate "$ZAP_DOMAIN_NAME" 'yes'

    increment_app_install_progress

    if [ ! -d "$ZAP_PATH/view/tpl/smarty3" ]; then
        mkdir "$ZAP_PATH/view/tpl/smarty3"
    fi
    if [ ! -d "$ZAP_PATH/store" ]; then
        mkdir "$ZAP_PATH/store"
    fi
    if [ ! -d "$ZAP_PATH/store/[data]" ]; then
        mkdir "$ZAP_PATH/store/[data]"
    fi
    if [ ! -d "$ZAP_PATH/store/[data]/smarty3" ]; then
        mkdir "$ZAP_PATH/store/[data]/smarty3"
        chmod 1755 "$ZAP_PATH/store/[data]/smarty3"
    fi
    chmod 1755 "$ZAP_PATH/view/tpl"
    chown -R www-data:www-data "$ZAP_PATH/store"
    chmod 1755 "$ZAP_PATH/view/tpl/smarty3"

    # Ensure that the database gets backed up locally, if remote
    # backups are not being used
    function_check backup_databases_script_header
    backup_databases_script_header

    increment_app_install_progress

    function_check backup_database_local
    backup_database_local zap

    increment_app_install_progress

    chown -R www-data:www-data "$ZAP_PATH"

    function_check nginx_ensite
    nginx_ensite "$ZAP_DOMAIN_NAME"

    increment_app_install_progress

    function_check initialise_database
    initialise_database zap "$ZAP_PATH/install/schema_mysql.sql"

    increment_app_install_progress

    ZAP_LOCATION_HASH="$(create_random_string 30)$(create_random_string 30)$(create_random_string 30)"

    { echo '<?php';
      echo '';
      echo "\$db_host = '127.0.0.1';";
      echo "\$db_port = '0';";
      echo "\$db_user = 'root';";
      echo "\$db_pass = '${MARIADB_PASSWORD}';";
      echo "\$db_data = 'zap';";
      echo "\$db_type = '0'; // an integer. 0 or unset for mysql, 1 for postgres";
      echo '';
      echo "define('NOMADIC',1);";
      echo '';
      echo "App::\$config['system']['timezone'] = 'Europe/London';";
      echo '';
      echo "App::\$config['system']['baseurl'] = 'https://${ZAP_DOMAIN_NAME}';";
      echo "App::\$config['system']['sitename'] = 'Zap';";
      echo "App::\$config['system']['location_hash'] = '${ZAP_LOCATION_HASH}';"
      echo '';
      echo "App::\$config['system']['transport_security_header'] = 1;";
      echo "App::\$config['system']['content_security_policy'] = 1;";
      echo "App::\$config['system']['ssl_cookie_protection'] = 1;";
      echo '';
      echo '// Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.';
      echo "App::\$config['system']['register_policy'] = REGISTER_OPEN;";
      echo "App::\$config['system']['register_text'] = '';";
      echo "App::\$config['system']['admin_email'] = '$MY_EMAIL_ADDRESS';";
      echo '';
      echo "App::\$config['system']['verify_email'] = 0;";
      echo '';
      echo '// Your choices are ACCESS_PRIVATE, ACCESS_PAID, ACCESS_TIERED, and ACCESS_FREE.';
      echo "App::\$config['system']['access_policy'] = ACCESS_PRIVATE;";
      echo '';
      echo "App::\$config['system']['sellpage'] = '';";
      echo '';
      echo '// Maximum size of an imported message, 0 is unlimited';
      echo '';
      echo "App::\$config['system']['max_import_size'] = 200000;";
      echo '';
      echo "App::\$config['system']['php_path'] = '/usr/bin/php';";
      echo '';
      echo '// Configure how we communicate with directory servers.';
      echo '// DIRECTORY_MODE_NORMAL     = directory client, we will find a directory';
      echo '// DIRECTORY_MODE_SECONDARY  = caching directory or mirror';
      echo '// DIRECTORY_MODE_PRIMARY    = master directory server - one per realm';
      echo '// DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services';
      echo '';
      echo "App::\$config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
      echo '';
      echo "App::\$config['system']['theme'] = 'redbasic';";
      echo '';
      echo '// Uncomment the following 4 lines to turn on PHP error logging.';
      echo '//error_reporting(E_ERROR | E_WARNING | E_PARSE );';
      echo "//ini_set('error_log','php.out');";
      echo "//ini_set('log_errors','1');";
      echo "//ini_set('display_errors', '0');"; } > "$ZAP_PATH/.htconfig.php"

    chown www-data:www-data "$ZAP_PATH/.htconfig.php"
    chmod 755 "$ZAP_PATH/.htconfig.php"

    systemctl restart mariadb

    increment_app_install_progress

    # shellcheck disable=SC2086
    systemctl restart php${PHP_VERSION}-fpm

    increment_app_install_progress

    systemctl restart nginx

    increment_app_install_progress

    systemctl restart cron

    increment_app_install_progress

    cd "$ZAP_PATH" || exit 36
    #./util/add_addon_repo ${ZAP_ADDONS_REPO} zaddons
    chown -R www-data:www-data "$ZAP_PATH/extend"
    ./util/importdoc
    chown -R www-data:www-data "$ZAP_PATH/doc"

    if ! grep -q 'Zotlabs' /etc/crontab; then
        echo "*/10 * * * *  www-data cd $ZAP_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1" >> /etc/crontab
    fi

    increment_app_install_progress

    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$ZAP_DOMAIN_NAME" -g zap --public no

    set_completion_param "zap domain" "${ZAP_DOMAIN_NAME}"

    APP_INSTALLED=1
}

# NOTE: deliberately there is no "exit 0"