freedombone/src/freedombone-app-fedwiki

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Federated wiki
#
# The wiki itself looks ok, but there is no straightforward way for a
# user to authenticate which isn't proprietary
#
# License
# =======
#
# Copyright (C) 2017-2018 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim writer'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

FEDWIKI_DOMAIN_NAME=
FEDWIKI_CODE=
FEDWIKI_VERSION='0.13.0'
FEDWIKI_ONION_PORT=8131
FEDWIKI_PORT=3053
FEDWIKI_DATA=/var/lib/fedwiki
FEDWIKI_COOKIE=

fedwiki_variables=(FEDWIKI_DOMAIN_NAME
                   FEDWIKI_CODE
                   FEDWIKI_COOKIE
                   FEDWIKI_ADMIN_PASSWORD
                   ONION_ONLY
                   DDNS_PROVIDER
                   MY_USERNAME
                   MY_EMAIL_ADDRESS)

function fedwiki_remove_bad_links {
    if [[ $ONION_ONLY == 'no' ]]; then
        sed -i "s|link[href='https://maxcdn.bootstrapcdn.com.*|link[href='https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js

        sed -i "s|\$('<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com.*|\$('<link rel=\"stylesheet\" href=\"https://${FEDWIKI_DOMAIN_NAME}/fonts-font-awesome/css/font-awesome.min.css\">').appendTo(\"head\");|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js
    else
        FEDWIKI_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_fedwiki/hostname)
        sed -i "s|link[href='https://maxcdn.bootstrapcdn.com.*|link[href='http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css']\").length) {|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js

        sed -i "s|\$('<link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com.*|\$('<link rel=\"stylesheet\" href=\"http://${FEDWIKI_ONION_HOSTNAME}/fonts-font-awesome/css/font-awesome.min.css\">').appendTo(\"head\");|g" /usr/local/lib/node_modules/wiki/node_modules/wiki-security-friends/client/security.js
    fi

    if [ -f /usr/local/lib/node_modules/wiki/node_modules/localforage/docs/theme/style.css ]; then
        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/localforage/docs/theme/style.css
    fi

    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html ]; then
        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/addAlternativeDialog.html
    fi

    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/done.html ]; then
        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/done.html
    fi

    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html ]; then
        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/personaDialog.html
    fi

    if [ -f /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html ]; then
        sed -i '/googleapi/d' /usr/local/lib/node_modules/wiki/node_modules/wiki-security-passportjs/views/securityDialog.html
    fi

    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-google-oauth20 ]; then
        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-google-oauth20
    fi

    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2 ]; then
        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-oauth2
    fi

    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-twitter ]; then
        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-twitter
    fi

    if [ -d /usr/local/lib/node_modules/wiki/node_modules/passport-github ]; then
        rm -rf /usr/local/lib/node_modules/wiki/node_modules/passport-github
    fi
}

function logging_on_fedwiki {
    echo -n ''
}

function logging_off_fedwiki {
    echo -n ''
}

function remove_user_fedwiki {
    remove_username="$1"
}

function add_user_fedwiki {
    if [[ $(app_is_installed fedwiki) == "0" ]]; then
        echo '0'
        return
    fi

    new_username="$1"
    new_user_password="$2"

    echo '0'
}

function install_interactive_fedwiki {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [[ $ONION_ONLY != "no" ]]; then
        FEDWIKI_DOMAIN_NAME='fedwiki.local'
        write_config_param "FEDWIKI_DOMAIN_NAME" "$FEDWIKI_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details "fedwiki" "FEDWIKI_DOMAIN_NAME" "FEDWIKI_CODE"
    fi
    APP_INSTALLED=1
}

function change_password_fedwiki {
    FEDWIKI_USERNAME="$1"
    FEDWIKI_PASSWORD="$2"
    if [ ${#FEDWIKI_PASSWORD} -lt 8 ]; then
        echo $'Fedwiki password is too short'
        return
    fi
    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
    sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
    sed -i "s|\"secret\":.*|\"secret\": \"${FEDWIKI_PASSWORD}\"|g" ${FEDWIKI_DATA}/status/owner.json
    systemctl daemon-reload
    systemctl restart fedwiki
    write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
}

function reconfigure_fedwiki {
    echo -n ''
}

function upgrade_fedwiki {
    CURR_FEDWIKI_VERSION=$(get_completion_param "fedwiki version")
    if [[ "$CURR_FEDWIKI_VERSION" == "$FEDWIKI_VERSION" ]]; then
        return
    fi

    systemctl stop fedwiki
    npm upgrade -g wiki@$FEDWIKI_VERSION
    fedwiki_remove_bad_links
    chown -R fedwiki:fedwiki $FEDWIKI_DATA
    systemctl start fedwiki

    set_completion_param "fedwiki version" "$FEDWIKI_VERSION"
}

function backup_local_fedwiki {
    FEDWIKI_DOMAIN_NAME='fedwiki.local'
    if grep -q "fedwiki domain" $COMPLETION_FILE; then
        FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
    fi

    systemctl stop fedwiki
    suspend_site ${FEDWIKI_DOMAIN_NAME}

    fedwiki_path=$FEDWIKI_DATA
    if [ -d $fedwiki_path ]; then
        backup_directory_to_usb $fedwiki_path fedwiki
    fi

    restart_site
    systemctl start fedwiki
}

function restore_local_fedwiki {
    FEDWIKI_DOMAIN_NAME='fedwiki.local'
    if grep -q "fedwiki domain" $COMPLETION_FILE; then
        FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
    fi
    if [ $FEDWIKI_DOMAIN_NAME ]; then
        suspend_site ${FEDWIKI_DOMAIN_NAME}
        systemctl stop fedwiki

        temp_restore_dir=/root/tempfedwiki
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir fedwiki
        if [ -d $temp_restore_dir ]; then
            if [ -d $temp_restore_dir$FEDWIKI_DATA ]; then
                cp -r $temp_restore_dir$FEDWIKI_DATA/* $FEDWIKI_DATA/
            else
                cp -r $temp_restore_dir/* $FEDWIKI_DATA/
            fi
            chown -R fedwiki:fedwiki $FEDWIKI_DATA
            rm -rf $temp_restore_dir
        fi

        FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
        ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
        sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
        write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
        systemctl daemon-reload
        systemctl start fedwiki
        restart_site
    fi
}

function backup_remote_fedwiki {
    FEDWIKI_DOMAIN_NAME='fedwiki.local'
    if grep -q "fedwiki domain" $COMPLETION_FILE; then
        FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
    fi

    systemctl stop fedwiki
    suspend_site ${FEDWIKI_DOMAIN_NAME}

    temp_backup_dir=$FEDWIKI_DATA
    if [ -d $temp_backup_dir ]; then
        backup_directory_to_friend $temp_backup_dir fedwiki
    else
        echo $"Fedwiki domain specified but not found in $temp_backup_dir"
        exit 63542852
    fi

    restart_site
    systemctl start fedwiki
}

function restore_remote_fedwiki {
    FEDWIKI_DOMAIN_NAME='fedwiki.local'
    if grep -q "fedwiki domain" $COMPLETION_FILE; then
        FEDWIKI_DOMAIN_NAME=$(get_completion_param "fedwiki domain")
    fi

    systemctl stop fedwiki
    suspend_site ${FEDWIKI_DOMAIN_NAME}

    temp_restore_dir=/root/tempfedwiki
    function_check restore_directory_from_friend
    restore_directory_from_friend $temp_restore_dir fedwiki
    if [ -d $temp_restore_dir ]; then
        if [ -d $temp_restore_dir$FEDWIKI_DATA ]; then
            cp -r $temp_restore_dir$FEDWIKI_DATA/* $FEDWIKI_DATA/
        else
            cp -r $temp_restore_dir/* $FEDWIKI_DATA/
        fi
        chown -R fedwiki: $FEDWIKI_DATA
        rm -rf $temp_restore_dir
    fi

    FEDWIKI_PASSWORD=$(cat ${FEDWIKI_DATA}/status/owner.json | grep secret | awk -F '"' '{print $4}')
    ${PROJECT_NAME}-pass -u $FEDWIKI_USERNAME -a fedwiki -p "$FEDWIKI_PASSWORD"
    sed -i "s|--cookieSecret .*|--cookieSecret '${FEDWIKI_PASSWORD}'|g" /etc/systemd/system/fedwiki.service
    write_config_param "FEDWIKI_COOKIE" "$FEDWIKI_PASSWORD"
    systemctl daemon-reload
    systemctl start fedwiki
    restart_site
}

function remove_fedwiki {
    if [ ${#FEDWIKI_DOMAIN_NAME} -eq 0 ]; then
        return
    fi

    systemctl stop fedwiki
    systemctl disable fedwiki
    rm /etc/systemd/system/fedwiki.service
    systemctl daemon-reload

    npm uninstall -g wiki-security-friends
    npm uninstall -g wiki

    function_check remove_nodejs
    remove_nodejs fedwiki

    read_config_param "FEDWIKI_DOMAIN_NAME"
    nginx_dissite $FEDWIKI_DOMAIN_NAME
    remove_certs ${FEDWIKI_DOMAIN_NAME}
    if [ -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME ]; then
        rm -f /etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME
    fi
    if [ -d /var/www/$FEDWIKI_DOMAIN_NAME ]; then
        rm -rf /var/www/$FEDWIKI_DOMAIN_NAME
    fi
    remove_config_param FEDWIKI_DOMAIN_NAME
    remove_config_param FEDWIKI_CODE
    function_check remove_onion_service
    remove_onion_service fedwiki ${FEDWIKI_ONION_PORT}
    remove_completion_param "install_fedwiki"
    sed -i '/fedwiki/d' $COMPLETION_FILE

    groupdel -f fedwiki
    userdel -r fedwiki

    if [ -d $FEDWIKI_DATA ]; then
        rm -rf $FEDWIKI_DATA
    fi

    function_check remove_ddns_domain
    remove_ddns_domain $FEDWIKI_DOMAIN_NAME
}

function fedwiki_setup_web {
    fedwiki_nginx_file=/etc/nginx/sites-available/$FEDWIKI_DOMAIN_NAME

    if [[ $ONION_ONLY == "no" ]]; then
        echo 'server {' > $fedwiki_nginx_file
        echo '  listen 80;' >> $fedwiki_nginx_file
        echo '  listen [::]:80;' >> $fedwiki_nginx_file
        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
        echo '  rewrite ^ https://$server_name$request_uri? permanent;' >> $fedwiki_nginx_file
        echo '}' >> $fedwiki_nginx_file
        echo '' >> $fedwiki_nginx_file
        echo 'server {' >> $fedwiki_nginx_file
        echo '  listen 443 ssl;' >> $fedwiki_nginx_file
        echo '  listen [::]:443 ssl;' >> $fedwiki_nginx_file
        echo "  server_name $FEDWIKI_DOMAIN_NAME;" >> $fedwiki_nginx_file
        echo '' >> $fedwiki_nginx_file
        function_check nginx_ssl
        nginx_ssl $FEDWIKI_DOMAIN_NAME mobile

        sed -i '/Content-Security-Policy/d' $fedwiki_nginx_file
        sed -i '/X-XSS-Protection/d' $fedwiki_nginx_file
        sed -i '/X-Robots-Tag/d' $fedwiki_nginx_file
        sed -i '/X-Download-Options/d' $fedwiki_nginx_file
        sed -i '/X-Permitted-Cross-Domain-Policies/d' $fedwiki_nginx_file

        echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
        echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
        echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
        echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $fedwiki_nginx_file
        echo '' >> $fedwiki_nginx_file
        echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
        echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
        echo '  }' >> $fedwiki_nginx_file
        echo '' >> $fedwiki_nginx_file
        echo '  location / {' >> $fedwiki_nginx_file
        echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
        echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
        echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
        echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
        echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
        echo '  }' >> $fedwiki_nginx_file
        echo '}' >> $fedwiki_nginx_file
        echo '' >> $fedwiki_nginx_file
    else
        echo -n '' > $fedwiki_nginx_file
    fi
    echo 'server {' >> $fedwiki_nginx_file
    echo "  listen 127.0.0.1:$FEDWIKI_ONION_PORT default_server;" >> $fedwiki_nginx_file
    echo "  server_name $FEDWIKI_ONION_HOSTNAME;" >> $fedwiki_nginx_file
    echo '' >> $fedwiki_nginx_file
    echo '  add_header X-Robots-Tag none;' >> $fedwiki_nginx_file
    echo '  add_header X-Download-Options noopen;' >> $fedwiki_nginx_file
    echo '  add_header X-Frame-Options DENY;' >> $fedwiki_nginx_file
    echo '  add_header X-Content-Type-Options nosniff;' >> $fedwiki_nginx_file
    echo '' >> $fedwiki_nginx_file
    echo '  location /fonts-font-awesome/ {' >> $fedwiki_nginx_file
    echo '    alias /usr/share/fonts-font-awesome/;' >> $fedwiki_nginx_file
    echo '  }' >> $fedwiki_nginx_file
    echo '' >> $fedwiki_nginx_file
    echo '  location / {' >> $fedwiki_nginx_file
    echo "    proxy_pass http://localhost:${FEDWIKI_PORT};" >> $fedwiki_nginx_file
    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $fedwiki_nginx_file
    echo '    proxy_set_header Host $host;' >> $fedwiki_nginx_file
    echo '    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $fedwiki_nginx_file
    echo '    client_max_body_size 1M;' >> $fedwiki_nginx_file
    echo '  }' >> $fedwiki_nginx_file
    echo '}' >> $fedwiki_nginx_file

    function_check create_site_certificate
    create_site_certificate $FEDWIKI_DOMAIN_NAME 'yes'

    function_check nginx_ensite
    nginx_ensite $FEDWIKI_DOMAIN_NAME
}

function install_fedwiki {
    if [[ $VARIANT == "mesh"* ]]; then
        return
    fi

    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [ ! $FEDWIKI_DOMAIN_NAME ]; then
        echo $'The fedwiki domain name was not specified'
        exit 893635
    fi

    if [ ! -d /var/www/$FEDWIKI_DOMAIN_NAME/htdocs ]; then
        mkdir -p /var/www/$FEDWIKI_DOMAIN_NAME/htdocs
    fi

    if [ ! -d $FEDWIKI_DATA ]; then
        mkdir -p $FEDWIKI_DATA
    fi

    groupadd fedwiki
    useradd -c "Fedwiki system account" -d $FEDWIKI_DATA -m -r -g fedwiki fedwiki
    if [ -d $FEDWIKI_DATA/Maildir ]; then
        rm -rf $FEDWIKI_DATA/Maildir
    fi

    function_check install_nodejs
    install_nodejs fedwiki

    apt-get -yq install fonts-font-awesome

    npm install -g wiki@$FEDWIKI_VERSION
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install fedwiki'
        exit 6293523
    fi

    npm install -g wiki-security-friends@0.1.0
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install wiki-security-friends'
        exit 783533
    fi

    if [ ! -f /usr/local/bin/wiki ]; then
        echo $'wiki was not installed'
        exit 5293524
    fi

    if [ ! -d /usr/local/lib/node_modules/wiki ]; then
        echo $'wiki directory not found /usr/local/lib/node_modules/wiki'
        exit 6285324
    fi

    FEDWIKI_ONION_HOSTNAME=$(add_onion_service fedwiki 80 ${FEDWIKI_ONION_PORT})

    if [ ! $FEDWIKI_COOKIE ]; then
        FEDWIKI_COOKIE="$(create_password 20)"
    fi

    echo '[Unit]' > /etc/systemd/system/fedwiki.service
    echo 'Description=Fedwiki federated wiki' >> /etc/systemd/system/fedwiki.service
    echo 'After=syslog.target' >> /etc/systemd/system/fedwiki.service
    echo 'After=network.target' >> /etc/systemd/system/fedwiki.service
    echo '' >> /etc/systemd/system/fedwiki.service
    echo '[Service]' >> /etc/systemd/system/fedwiki.service
    echo 'User=fedwiki' >> /etc/systemd/system/fedwiki.service
    echo 'Group=fedwiki' >> /etc/systemd/system/fedwiki.service
    echo "WorkingDirectory=/usr/local/lib/node_modules/wiki" >> /etc/systemd/system/fedwiki.service
    echo "ExecStart=/usr/local/bin/wiki --security_type friends --session_duration 7 --data $FEDWIKI_DATA -p $FEDWIKI_PORT --cookieSecret '${FEDWIKI_COOKIE}'" >> /etc/systemd/system/fedwiki.service
    echo 'StandardOutput=syslog' >> /etc/systemd/system/fedwiki.service
    echo 'StandardError=syslog' >> /etc/systemd/system/fedwiki.service
    echo 'SyslogIdentifier=fedwiki' >> /etc/systemd/system/fedwiki.service
    echo 'Restart=always' >> /etc/systemd/system/fedwiki.service
    echo "Environment=NODE_ENV=production" >> /etc/systemd/system/fedwiki.service
    echo '' >> /etc/systemd/system/fedwiki.service
    echo '[Install]' >> /etc/systemd/system/fedwiki.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/fedwiki.service

    if [ ! -d ${FEDWIKI_DATA}/status ]; then
        mkdir -p ${FEDWIKI_DATA}/status
    fi
    fedwiki_auth_file=${FEDWIKI_DATA}/status/owner.json
    echo '{' > $fedwiki_auth_file
    echo "  \"name\": \"${MY_USERNAME}\"," >> $fedwiki_auth_file
    echo '  "friend": {' >> $fedwiki_auth_file
    echo "    \"secret\": \"${FEDWIKI_COOKIE}\"" >> $fedwiki_auth_file
    echo '  }' >> $fedwiki_auth_file
    echo '}' >> $fedwiki_auth_file

    chown -R fedwiki:fedwiki $FEDWIKI_DATA

    fedwiki_setup_web

    ${PROJECT_NAME}-pass -u $MY_USERNAME -a fedwiki -p "$FEDWIKI_COOKIE"

    function_check add_ddns_domain
    add_ddns_domain $FEDWIKI_DOMAIN_NAME

    fedwiki_remove_bad_links

    systemctl enable fedwiki
    systemctl daemon-reload
    systemctl start fedwiki
    systemctl restart nginx

    set_completion_param "fedwiki domain" "$FEDWIKI_DOMAIN_NAME"
    set_completion_param "fedwiki version" "$FEDWIKI_VERSION"
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0