remove cloudron-provision

will move to separate repo

CHANGES

@@ -1608,4 +1608,4 @@
 * Fix domain and tag filtering
 * Customizable app icons
 * Remove obsolete X-Frame-Options from nginx configs
-
+* Give SFTP access based on access restriction

scripts/cloudron-provision

@@ -1,106 +0,0 @@
-#!/bin/bash
-
-set -eu -o pipefail
-
-readonly curl="curl --fail --connect-timeout 20 --retry 10 --retry-delay 2 --max-time 2400 --http1.1"
-
-ip=""
-dns_config=""
-tls_cert_file=""
-tls_key_file=""
-license_file=""
-backup_config=""
-
-args=$(getopt -o "" -l "ip:,backup-config:,license:,dns-config:,tls-cert:,tls-key:" -n "$0" -- "$@")
-eval set -- "${args}"
-
-while true; do
-    case "$1" in
-    --ip) ip="$2"; shift 2;;
-    --dns-config) dns_config="$2"; shift 2;;
-    --tls-cert) tls_cert_file="$2"; shift 2;;
-    --tls-key) tls_key_file="$2"; shift 2;;
-    --license) license_file="$2"; shift 2;;
-    --backup-config) backup_config="$2"; shift 2;;
-    --) break;;
-    *) echo "Unknown option $1"; exit 1;;
-    esac
-done
-
-# validate arguments in the absence of data
-if [[ -z "${ip}" ]]; then
-    echo "--ip is required"
-    exit 1
-fi
-
-if [[ -z "${dns_config}" ]]; then
-    echo "--dns-config is required"
-    exit 1
-fi
-
-if [[ ! -f "${license_file}" ]]; then
-    echo "--license must be a valid license file"
-    exit 1
-fi
-
-function get_status() {
-    key="$1"
-    if status=$($curl -q -f -k "https://${ip}/api/v1/cloudron/status" 2>/dev/null); then
-        currentValue=$(echo "${status}" | python3 -c 'import sys, json; print(json.dumps(json.load(sys.stdin)[sys.argv[1]]))' "${key}")
-        echo "${currentValue}"
-        return 0
-    fi
-
-    return 1
-}
-
-function wait_for_status() {
-    key="$1"
-    expectedValue="$2"
-
-    echo "wait_for_status: $key to be $expectedValue"
-    while true; do
-        if currentValue=$(get_status "${key}"); then
-            echo "wait_for_status: $key is current: $currentValue expecting: $expectedValue"
-            if [[ "${currentValue}" == $expectedValue ]]; then
-                break
-            fi
-        fi
-        sleep 3
-    done
-}
-
-echo "=> Waiting for cloudron to be ready"
-wait_for_status "version" '*'
-
-domain=$(echo "${dns_config}" | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["domain"])')
-
-echo "Provisioning Cloudron ${domain}"
-if [[ -n "${tls_cert_file}" && -n "${tls_key_file}" ]]; then
-    tls_cert=$(cat "${tls_cert_file}" | awk '{printf "%s\\n", $0}')
-    tls_key=$(cat "${tls_key_file}" | awk '{printf "%s\\n", $0}')
-    fallback_cert=$(printf '{ "cert": "%s", "key": "%s", "provider": "fallback", "restricted": true }' "${tls_cert}" "${tls_key}")
-else
-    fallback_cert=None
-fi
-
-tls_config='{ "provider": "fallback" }'
-dns_config=$(echo "${dns_config}" | python3 -c "import json,sys;obj=json.load(sys.stdin);obj.update(tlsConfig=${tls_config});obj.update(fallbackCertficate=${fallback_cert});print(json.dumps(obj))")
-
-license=$(cat "${license_file}")
-
-if [[ -z "${backup_config:-}" ]]; then
-    backup_config='{ "provider": "filesystem", "backupFolder": "/var/backups", "format": "tgz" }'
-fi
-
-setupData=$(printf '{ "dnsConfig": %s, "autoconf": { "appstoreConfig": %s, "backupConfig": %s } }' "${dns_config}" "${license}" "${backup_config}")
-
-if ! setupResult=$($curl -kq -X POST -H "Content-Type: application/json" -d "${setupData}" https://${ip}/api/v1/cloudron/setup); then
-    echo "Failed to setup with ${setupData} ${setupResult}"
-    exit 1
-fi
-
-wait_for_status "webadminStatus" '*"tls": true*'
-
-echo "Cloudron is ready at https://my-${domain}"
-

src/ldap.js

@@ -520,22 +520,25 @@ function userSearchSftp(req, res, next) {
         users.getByUsername(username, function (error, user) {
             if (error) return next(new ldap.OperationsError(error.toString()));
 
-            if (!user.admin) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
+            apps.hasAccessTo(app, user, function (error, hasAccess) {
+                if (error) return next(new ldap.OperationsError(error.toString()));
+                if (!hasAccess) return next(new ldap.InsufficientAccessRightsError('Not authorized'));
 
-            var obj = {
-                dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(),
-                attributes: {
-                    homeDirectory: path.join('/app/data', app.id, 'data'),
-                    objectclass: ['user'],
-                    objectcategory: 'person',
-                    cn: user.id,
-                    uid: `${username}@${appFqdn}`,  // for bind after search
-                    uidNumber: uidNumber,           // unix uid for ftp access
-                    gidNumber: uidNumber            // unix gid for ftp access
-                }
-            };
+                var obj = {
+                    dn: ldap.parseDN(`cn=${username}@${appFqdn},ou=sftp,dc=cloudron`).toString(),
+                    attributes: {
+                        homeDirectory: path.join('/app/data', app.id, 'data'),
+                        objectclass: ['user'],
+                        objectcategory: 'person',
+                        cn: user.id,
+                        uid: `${username}@${appFqdn}`,  // for bind after search
+                        uidNumber: uidNumber,           // unix uid for ftp access
+                        gidNumber: uidNumber            // unix gid for ftp access
+                    }
+                };
 
-            finalSend([ obj ], req, res, next);
+                finalSend([ obj ], req, res, next);
+            });
         });
     });
 }

src/provision.js

@@ -87,6 +87,7 @@ function setProgress(task, message, callback) {
     callback();
 }
 
+// some conf that can be setup during provision time since the post-activation API requires user tokens
 function autoprovision(autoconf, callback) {
     assert.strictEqual(typeof autoconf, 'object');
     assert.strictEqual(typeof callback, 'function');