Add zap

ea938b99 · Bob Mottram · c9844da8 · ea938b99 · ea938b99 · ea938b99
Commit ea938b99 authored 6 years ago by Bob Mottram
--- a/doc/EN/apps.org
+++ b/doc/EN/apps.org
@@ -51,6 +51,7 @@
 | [[./help_syncthing.html][Syncthing]] - Synchronise files across all of your devices.                            |
 | [[./help_turtl.html][Turtl]] - Privately create and share notes and images.                                 |
 | [[./help_xmpp.html][XMPP]] - Chat server.                                                                  |
+| [[./help_zap.html][Zap]] - Nomadic social network server                                                  |
 #+END_CENTER

 * Apps available via ssh

--- a/img/android-app/zap.png
+++ b/img/android-app/zap.png
--- a/src/freedombone-app-zap
+++ b/src/freedombone-app-zap
+#!/bin/bash
+#  _____               _           _
+# |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
+# |   __|  _| -_| -_| . | . |     | . | . |   | -_|
+# |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|
+#
+#                              Freedom in the Cloud
+#
+# Zap application
+#
+# License
+# =======
+#
+# Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+VARIANTS='full full-vim social'
+
+IN_DEFAULT_INSTALL=0
+SHOW_ON_ABOUT=1
+NOT_ON_ONION=1
+
+ZAP_DOMAIN_NAME=
+ZAP_CODE=
+ZAP_ONION_PORT=8193
+ZAP_REPO="https://framagit.org/macgirvin/osada"
+ZAP_COMMIT='20f7479b83da8d3735a32ffd2d2e19cb4087bf6a'
+ZAP_ADDONS_REPO="https://framagit.org/macgirvin/osada-addons"
+ZAP_ADDONS_COMMIT='21099cbb65cc7a58e9ab1e7c2dba05ed510d1e86'
+ZAP_ADMIN_PASSWORD=
+
+ZAP_SHORT_DESCRIPTION=$'Nomadic social network server'
+ZAP_DESCRIPTION=$'Zap is a full featured social network application running under the Zot6 protocol. It provides enhanced privacy modes and identity/content mirroring across multiple servers ("nomadic identity").'
+ZAP_MOBILE_APP_URL='https://f-droid.org/en/packages/com.dfa.hubzilla_android/'
+
+zap_variables=(ONION_ONLY
+               ZAP_DOMAIN_NAME
+               ZAP_CODE
+               DDNS_PROVIDER
+               MY_USERNAME)
+
+function logging_on_zap {
+    echo -n ''
+}
+
+function logging_off_zap {
+    echo -n ''
+}
+
+function remove_user_zap {
+    remove_username="$1"
+    "${PROJECT_NAME}-pass" -u "$remove_username" --rmapp zap
+}
+
+function add_user_zap {
+    if [[ $(app_is_installed zap) == "0" ]]; then
+        echo '0'
+        return
+    fi
+
+    new_username="$1"
+    new_user_password="$2"
+    "${PROJECT_NAME}-pass" -u "$new_username" -a zap -p "$new_user_password"
+    echo '0'
+}
+
+function install_interactive_zap {
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        return
+    fi
+
+    function_check interactive_site_details
+    interactive_site_details zap
+
+    APP_INSTALLED=1
+}
+
+function change_password_zap {
+    #    ZAP_USERNAME="$1"
+    ZAP_PASSWORD="$2"
+    if [ ${#ZAP_PASSWORD} -lt 8 ]; then
+        echo $'Hubzilla password is too short'
+        return
+    fi
+    # TODO: This doesn't actually change the password
+    #${PROJECT_NAME}-pass -u $ZAP_USERNAME -a zap -p "$ZAP_PASSWORD"
+}
+
+function zap_create_database {
+    if [ -f "$IMAGE_PASSWORD_FILE" ]; then
+        ZAP_ADMIN_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
+    fi
+    if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
+        ZAP_ADMIN_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
+    fi
+    "${PROJECT_NAME}-pass" -u "$MY_USERNAME" -a zap -p "$ZAP_ADMIN_PASSWORD"
+    if [ ! "$ZAP_ADMIN_PASSWORD" ]; then
+        return
+    fi
+
+    function_check create_database
+    create_database zap "$ZAP_ADMIN_PASSWORD"
+}
+
+function reconfigure_zap {
+    echo -n ''
+}
+
+function upgrade_zap {
+    CURR_ZAP_COMMIT=$(get_completion_param "zap commit")
+    if [[ "$CURR_ZAP_COMMIT" == "$ZAP_COMMIT" ]]; then
+        return
+    fi
+
+    ZAP_PATH=/var/www/$ZAP_DOMAIN_NAME/htdocs
+
+    function_check set_repo_commit
+    set_repo_commit "$ZAP_PATH" "zap commit" "$ZAP_COMMIT" $ZAP_REPO
+    set_repo_commit "$ZAP_PATH/addon" "zap addons commit" "$ZAP_ADDONS_COMMIT" $ZAP_ADDONS_REPO
+}
+
+function backup_local_zap {
+    zap_path=/var/www/${ZAP_DOMAIN_NAME}/htdocs
+    if [ -d "$zap_path" ]; then
+        function_check backup_database_to_usb
+        backup_database_to_usb zap
+
+        backup_directory_to_usb "$zap_path" zap
+    fi
+}
+
+function restore_local_zap {
+    temp_restore_dir=/root/tempzap
+    zap_dir=/var/www/${ZAP_DOMAIN_NAME}/htdocs
+
+    function_check zap_create_database
+    zap_create_database
+
+    restore_database zap "${ZAP_DOMAIN_NAME}"
+    if [ -d "$USB_MOUNT/backup/zap" ]; then
+        if [ ! -d "$zap_dir/store/[data]/smarty3" ]; then
+            mkdir -p "$zap_dir/store/[data]/smarty3"
+        fi
+        chmod 1777 "$zap_dir/store/[data]/smarty3"
+        chown -R www-data:www-data "$zap_dir/"*
+        if [ -d $temp_restore_dir ]; then
+            rm -rf $temp_restore_dir
+        fi
+
+        MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb)
+        ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
+        sed -i "s|\$db_pass =.*|\$db_pass = '${MARIADB_PASSWORD}';|g" "$ZAP_PATH/.htconfig.php"
+        MARIADB_PASSWORD=
+    fi
+}
+
+function backup_remote_zap {
+    echo -n ''
+}
+
+function restore_remote_zap {
+    echo -n ''
+}
+
+function remove_zap {
+    if [ ${#ZAP_DOMAIN_NAME} -eq 0 ]; then
+        return
+    fi
+    nginx_dissite "$ZAP_DOMAIN_NAME"
+    remove_certs "${ZAP_DOMAIN_NAME}"
+    if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
+        rm -rf "/var/www/$ZAP_DOMAIN_NAME"
+    fi
+    if [ -f "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME" ]; then
+        rm "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+    fi
+    function_check drop_database
+    drop_database zap
+    function_check remove_onion_service
+    remove_onion_service zap ${ZAP_ONION_PORT}
+    sed -i '/zap/d' "$COMPLETION_FILE"
+
+    function_check remove_ddns_domain
+    remove_ddns_domain "$ZAP_DOMAIN_NAME"
+}
+
+function install_zap {
+    if [ ! "$ZAP_DOMAIN_NAME" ]; then
+        return
+    fi
+
+    if [[ "$ONION_ONLY" != "no" ]]; then
+        echo $"Hubzilla won't work on an onion address"
+        exit 529925
+    fi
+
+    ZAP_PATH="/var/www/$ZAP_DOMAIN_NAME/htdocs"
+
+    function_check install_mariadb
+    install_mariadb
+
+    if [ -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
+        remove_zap
+    fi
+
+    function_check get_mariadb_password
+    get_mariadb_password
+
+    function_check repair_databases_script
+    repair_databases_script
+
+    $INSTALL_PACKAGES php-common php-cli php-curl php-gd php-mysql php-mcrypt git
+    $INSTALL_PACKAGES php-dev imagemagick php-imagick libfcgi0ldbl
+    $INSTALL_PACKAGES php-memcached memcached
+
+    if [ ! -d "/var/www/$ZAP_DOMAIN_NAME" ]; then
+        mkdir "/var/www/$ZAP_DOMAIN_NAME"
+    fi
+    if [ ! -d "$ZAP_PATH" ]; then
+        mkdir -p "$ZAP_PATH"
+    fi
+
+    if [ ! -f "$ZAP_PATH/index.php" ]; then
+        if [ -d /repos/zap ]; then
+            mkdir -p "$ZAP_PATH"
+            cp -r -p /repos/zap/. "$ZAP_PATH"
+            cd "$ZAP_PATH" || exit 245672478
+            git pull
+        else
+            function_check git_clone
+            git_clone "$ZAP_REPO" "$ZAP_PATH"
+        fi
+
+        git checkout "$ZAP_COMMIT" -b "$ZAP_COMMIT"
+        set_completion_param "zap commit" "$ZAP_COMMIT"
+
+        if [ -d /repos/zap-addons ]; then
+            mkdir -p "$ZAP_PATH/addon"
+            cp -r -p /repos/zap-addons/. "$ZAP_PATH/addon"
+            cd "$ZAP_PATH/addon" || exit 24682464
+            git pull
+        else
+            git_clone "$ZAP_ADDONS_REPO" "$ZAP_PATH/addon"
+        fi
+
+        cd "$ZAP_PATH/addon" || exit 24982468
+        git checkout "$ZAP_ADDONS_COMMIT" -b "$ZAP_ADDONS_COMMIT"
+        set_completion_param "zap addons commit" "$ZAP_ADDONS_COMMIT"
+
+        chown -R www-data:www-data "$ZAP_PATH"
+    fi
+
+    if [ ! -f "$ZAP_PATH/install/schema_mysql.sql" ]; then
+        echo $'No database schema found for zap'
+        exit 252782
+    fi
+
+    ZAP_ONION_HOSTNAME=
+    if [[ $ONION_ONLY != "no" ]]; then
+        ZAP_ONION_HOSTNAME=$(add_onion_service zap 80 ${ZAP_ONION_PORT})
+    fi
+
+    zap_create_database
+
+    function_check add_ddns_domain
+    add_ddns_domain "$ZAP_DOMAIN_NAME"
+
+    if [[ "$ONION_ONLY" == "no" ]]; then
+        function_check nginx_http_redirect
+        nginx_http_redirect "$ZAP_DOMAIN_NAME"
+        { echo 'server {';
+          echo '    listen 443 ssl;';
+          echo '    #listen [::]:443 ssl;';
+          echo "    root $ZAP_PATH;";
+          echo "    server_name $ZAP_DOMAIN_NAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+        function_check nginx_ssl
+        nginx_ssl "$ZAP_DOMAIN_NAME"
+        function_check nginx_security_options
+        nginx_security_options "$ZAP_DOMAIN_NAME"
+        { echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+        function_check nginx_limits
+        nginx_limits "$ZAP_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+        function_check nginx_limits
+        nginx_limits "$ZAP_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo "        fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}';
+          echo ''; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+    else
+        { echo 'server {';
+          echo "    listen 127.0.0.1:${ZAP_ONION_PORT} default_server;";
+          echo '    port_in_redirect off;';
+          echo "    root $ZAP_PATH;";
+          echo "    server_name $ZAP_ONION_HOSTNAME;";
+          echo "    error_log /dev/null;";
+          echo '    index index.php;';
+          echo '    charset utf-8;';
+          echo '    access_log /dev/null;';
+          echo '    add_header Strict-Transport-Security max-age=15768000;';
+          echo '';
+          echo '    # rewrite to front controller as default rule';
+          echo '    location / {'; } > "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+        nginx_limits "$ZAP_DOMAIN_NAME"
+        nginx_security_options "$ZAP_DOMAIN_NAME"
+        { echo "        rewrite ^/(.*) /index.php?q=\$uri&\$args last;";
+          echo '    }';
+          echo '';
+          echo '    # statically serve these file types when possible';
+          echo '    # otherwise fall back to front controller';
+          echo '    # allow browser to cache them';
+          echo '    # added .htm for advanced source code editor library';
+          echo '    location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {';
+          echo '        expires 30d;';
+          echo "        try_files \$uri /index.php?q=\$uri&\$args;";
+          echo '    }';
+          echo '';
+          echo '    # block these file types';
+          echo '    location ~* \.(tpl|md|tgz|log|out)$ {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000';
+          echo '    # or a unix socket';
+          echo '    location ~* \.php$ {'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+        nginx_limits "$ZAP_DOMAIN_NAME"
+        nginx_security_options "$ZAP_DOMAIN_NAME"
+        { echo '        # Zero-day exploit defense.';
+          echo '        # http://forum.nginx.org/read.php?2,88845,page=3';
+          echo "        # Won't work properly (404 error) if the file is not stored on this";
+          echo "        # server, which is entirely possible with php-fpm/php-fcgi.";
+          echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on";
+          echo "        # another machine. And then cross your fingers that you won't get hacked.";
+          echo "        try_files \$uri \$uri/ /index.php;";
+          echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini';
+          echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;';
+          echo '        # With php-cgi alone:';
+          echo '        # fastcgi_pass 127.0.0.1:9000;';
+          echo '        # With php-fpm:';
+          echo "        fastcgi_pass unix:/var/run/php/php${PHP_VERSION}-fpm.sock;";
+          echo '        include fastcgi_params;';
+          echo '        fastcgi_index index.php;';
+          echo "        fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;";
+          echo '        fastcgi_read_timeout 300;';
+          echo '    }';
+          echo '';
+          echo '    # deny access to all dot files';
+          echo '    location ~ /\. {';
+          echo '        deny all;';
+          echo '    }';
+          echo '';
+          echo '    location ~ /\.ht {';
+          echo '      deny  all;';
+          echo '    }';
+          echo '}'; } >> "/etc/nginx/sites-available/$ZAP_DOMAIN_NAME"
+    fi
+
+    function_check configure_php
+    configure_php
+
+    function_check create_site_certificate
+    create_site_certificate "$ZAP_DOMAIN_NAME" 'yes'
+
+    if [ ! -d "$ZAP_PATH/view/tpl/smarty3" ]; then
+        mkdir "$ZAP_PATH/view/tpl/smarty3"
+    fi
+    if [ ! -d "$ZAP_PATH/store" ]; then
+        mkdir "$ZAP_PATH/store"
+    fi
+    if [ ! -d "$ZAP_PATH/store/[data]" ]; then
+        mkdir "$ZAP_PATH/store/[data]"
+    fi
+    if [ ! -d "$ZAP_PATH/store/[data]/smarty3" ]; then
+        mkdir "$ZAP_PATH/store/[data]/smarty3"
+        chmod 1777 "$ZAP_PATH/store/[data]/smarty3"
+    fi
+    chmod 1777 "$ZAP_PATH/view/tpl"
+    chown -R www-data:www-data "$ZAP_PATH/store"
+    chmod 1777 "$ZAP_PATH/view/tpl/smarty3"
+
+    # Ensure that the database gets backed up locally, if remote
+    # backups are not being used
+    function_check backup_databases_script_header
+    backup_databases_script_header
+
+    function_check backup_database_local
+    backup_database_local zap
+
+    chown -R www-data:www-data "$ZAP_PATH"
+
+    function_check nginx_ensite
+    nginx_ensite "$ZAP_DOMAIN_NAME"
+
+    function_check initialise_database
+    initialise_database zap "$ZAP_PATH/install/schema_mysql.sql"
+
+    # create the config file
+    { echo '<?php';
+      echo "\$db_host = 'localhost';";
+      echo "\$db_port = '0';";
+      echo "\$db_user = 'root';";
+      echo "\$db_pass = '${MARIADB_PASSWORD}';";
+      echo "\$db_data = 'zap';";
+      echo "\$db_type = '0';";
+      echo "\$default_timezone = 'Europe/London';"; } > "$ZAP_PATH/.htconfig.php"
+    if [[ "$ONION_ONLY" == 'no' ]]; then
+        echo "\$a->config['system']['baseurl'] = 'https://${ZAP_DOMAIN_NAME}';" >> "$ZAP_PATH/.htconfig.php"
+    else
+        echo "\$a->config['system']['baseurl'] = 'http://${ZAP_ONION_HOSTNAME}';" >> "$ZAP_PATH/.htconfig.php"
+    fi
+    echo "\$a->config['system']['sitename'] = \"Hubzilla\";" >> "$ZAP_PATH/.htconfig.php"
+    ZAP_LOCATION_HASH="$(create_password 30)$(create_password 30)$(create_password 30)"
+    { echo "\$a->config['system']['location_hash'] = '${ZAP_LOCATION_HASH}';";
+      echo "\$a->config['system']['register_policy'] = REGISTER_OPEN;";
+      echo "\$a->config['system']['register_text'] = '';";
+      echo "\$a->config['system']['admin_email'] = '${MY_EMAIL_ADDRESS}';";
+      echo "\$a->config['system']['verify_email'] = 1;";
+      echo "\$a->config['system']['access_policy'] = ACCESS_PRIVATE;";
+      echo "\$a->config['system']['sellpage'] = '';";
+      echo "\$a->config['system']['max_import_size'] = 200000;";
+      echo "\$a->config['system']['php_path'] = '/usr/bin/php';";
+      echo "\$a->config['system']['directory_mode']  = DIRECTORY_MODE_NORMAL;";
+      echo "\$a->config['system']['theme'] = 'redbasic';"; } >> "$ZAP_PATH/.htconfig.php"
+    chown www-data:www-data "$ZAP_PATH/.htconfig.php"
+    chmod 755 "$ZAP_PATH/.htconfig.php"
+
+    systemctl restart mariadb
+    # shellcheck disable=SC2086
+    systemctl restart php${PHP_VERSION}-fpm
+    systemctl restart nginx
+    systemctl restart cron
+
+    "${PROJECT_NAME}-addemail" -u "$MY_USERNAME" -e "noreply@$ZAP_DOMAIN_NAME" -g zap --public no
+
+    set_completion_param "zap domain" "${ZAP_DOMAIN_NAME}"
+
+    APP_INSTALLED=1
+}
+
+# NOTE: deliberately there is no "exit 0"
--- a/website/EN/apps.html
+++ b/website/EN/apps.html
@@ -4,7 +4,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 <title>Freedombone</title>
-<!-- 2018-10-22 Mon 23:10 -->
+<!-- 2018-10-25 Thu 12:45 -->
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta  name="generator" content="Org-mode" />
 <meta  name="author" content="Bob Mottram" />
@@ -303,6 +303,10 @@ for the JavaScript code in this tag.
 <tr>
 <td class="left"><a href="./help_xmpp.html">XMPP</a> - Chat server.</td>
 </tr>
+
+<tr>
+<td class="left"><a href="./help_zap.html">Zap</a> - Nomadic social network server</td>
+</tr>
 </tbody>
 </table>
 </div>