From 690c207fb97adff424b43a4bd8c55a11e95bf28f Mon Sep 17 00:00:00 2001 From: philc Date: Tue, 26 Nov 2024 14:53:45 +0100 Subject: [PATCH] update setup to secure backup download --- apxtri/setup/nginx.wwwscf | 12 ++++++++++-- apxtri/setup/setup.sh | 17 ++++++++++------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/apxtri/setup/nginx.wwwscf b/apxtri/setup/nginx.wwwscf index e650d88..70d287b 100644 --- a/apxtri/setup/nginx.wwwscf +++ b/apxtri/setup/nginx.wwwscf @@ -26,8 +26,16 @@ location /adminapi/Checkjson.js { location /setup.sh { alias {{{townpath}}}/adminapi/apxtri/setup/setup.sh; } -location ~ ^/([^/]+)/setup.*\.tar\.gz$ { - rewrite ^/([^/]+)/(setup.*\.tar\.gz)$ /$1/backups/$2 break; +location ~ ^/([^/]+)/backups/.*\.(objects|pytri|schema)\.tar\.gz$ { + set $secure_code "{{{nginx.secure_accessbackup}}}"; + set $code $arg_code; + if ($arg_code = "") { + set $code ""; + } + if ($code != $secure_code) { + return 403; + } + rewrite ^/([^/]+)/backups/(.+\.(objects|pytri|schema)\.tar\.gz)$ /$1/backups/$2 break; root {{{townpath}}}/; } location ~* /objectimg/.*/img/ { diff --git a/apxtri/setup/setup.sh b/apxtri/setup/setup.sh index 55b3deb..2f8dfb2 100755 --- a/apxtri/setup/setup.sh +++ b/apxtri/setup/setup.sh @@ -26,12 +26,13 @@ tribe=$1 # name of the tribe to install url=$2 # url to get the data from OR newtribe gitrepo=$3 # url to get apxtri code from a git repo (empty if must come from a backup or the url) +codekey=$4 # code to access backend of the tribe in case it is not newtribe or adminapi tribe function help { - echo "Need more params, cmd must be $ . setup.sh " - echo "Example1: . setup.sh adminapi https://testwall-ants.ndda.fr https://gitea.ndda.fr/apxtri/adminapi" + echo "Need more params, cmd must be $ . setup.sh " + echo "Example1: . setup.sh adminapi https://app1.smatchit.io https://gitea.ndda.fr/apxtri/adminapi" echo " install adminapi from the repo (with git accessright) and get data for adminapi from testwall-ants.nnda.fr" - echo "Example2: setup.sh smatchit https://testwall-ants.ndda.fr" + echo "Example2: setup.sh smatchit https://admin.smatchit.io 1234" echo " install smatchit as a copy of testwall-ants.ndda.fr but not from the git (you don't need to have git acess but need to know a specific code)" echo "Example3: setup.sh smatchit newtribe" echo " create a new empty tribe" @@ -44,18 +45,18 @@ else if [ "$url" == "newtribe" ]; then mkdir -p "${tribe}" else - wget "${url}/${tribe}/setup.objects.tar.gz" + wget "${url}/${tribe}/setup.objects.tar.gz?code=${codekey}" -o setup.objects.tar.gz if [[ $? -ne 0 ]]; then - echo "Check the url:$url seems not answer" + echo "Check the url:$url that seems not answer, check with tribe's admin if your access code is still valid" help else # add 127.0.0.1 town.nation in /ertc/hoss if not already exist to make localhost available #dns=$(basename "$PWD" | sed 's/-/./g') #grep -q "^127.0.0.1 $dns" /etc/hosts || echo "127.0.0.1 $dns" | sudo tee -a /etc/hosts > /dev/null if [ -z "$gitrepo" ]; then - wget "${url}/${tribe}/setup.apxtri.tar.gz" + wget "${url}/${tribe}/setup.apxtri.tar.gz?code=${codekey}" -o setup.objects.tar.gz tar -xzf setup.apxtri.tar.gz -C . -p && rm setup.apxtri.tar.gz - wget "${url}/${tribe}/setup.schema.tar.gz" + wget "${url}/${tribe}/setup.schema.tar.gz?code=${codekey}" -o setup.objects.tar.gz tar -xzf setup.schema.tar.gz -C . -p && rm setup.schema.tar.gz #wget "${url}/${tribe}/setup.nginx.tar.gz" #tar -xzf setup.nginx.tar.gz -C . -p && rm setup.nginx.tar.gz @@ -72,6 +73,8 @@ else mkdir -p "${tribe}/tmp" mkdir -p "${tribe}/logs" mkdir -p "${tribe}/logs/nginx" + mkdir -p "${tribe}/logs/apxtri" + mkdir -p "${tribe}/logs/pytri" mkdir -p "${tribe}/backups" # add specific dependancy for tribe if apxtri exist cd "$tribe"