From 7fe805ab03d2b12cb3952f4a14d93190f3db0c2b Mon Sep 17 00:00:00 2001
From: Valentin Lab <valentin.lab@kalysto.org>
Date: Thu, 11 Jan 2024 19:33:47 +0100
Subject: [PATCH] fix: [nextcloud] remove management of trusted domain to allow
 usage without proxy

Trusted domain functionality is to avoid host poisining attacks, but
when using web-proxy, it is useless. And when not using proxy it's not
open to internet.
---
 nextcloud/hooks/init                      |  1 +
 nextcloud/hooks/web_proxy-relation-joined | 26 ++++++++---------------
 2 files changed, 10 insertions(+), 17 deletions(-)

diff --git a/nextcloud/hooks/init b/nextcloud/hooks/init
index dbbd3dc..4a27d8e 100755
--- a/nextcloud/hooks/init
+++ b/nextcloud/hooks/init
@@ -65,6 +65,7 @@ $MASTER_BASE_SERVICE_NAME:
     NEXTCLOUD_ADMIN_USER: $admin_user
     NEXTCLOUD_ADMIN_PASSWORD: $admin_password
     NEXTCLOUD_DATA_DIR: /var/lib/nextcloud/data
+    NEXTCLOUD_TRUSTED_DOMAINS: '\*'
 "
 
 ## ensuring data directories are accessible by nextcloud
diff --git a/nextcloud/hooks/web_proxy-relation-joined b/nextcloud/hooks/web_proxy-relation-joined
index 2555006..c612bb1 100755
--- a/nextcloud/hooks/web_proxy-relation-joined
+++ b/nextcloud/hooks/web_proxy-relation-joined
@@ -6,17 +6,6 @@ DOMAIN=$(relation-get domain) || exit 1
 URL="$(relation-get url)" || exit 1
 PROTO="${URL%%://*}"
 
-if ! trusted_domains="$(
-    compose -q --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" \
-         config:system:get trusted_domains)"; then
-    err "Couldn't get 'trusted_domains'. Here's the ouput:"
-    echo "$trusted_domains" | prefix "  | " >&2
-
-    echo "If the code of nextcloud is already there (command occ is found), but " >&2
-    echo "the database is not yet created, this situation will arise." >&2
-    exit 1
-fi
-
 occ_opts=(
     ## necessary as nextcloud do not detect correctly those, and behind
     ## a proxy, it will generate a lot of URL that are not detected
@@ -25,9 +14,12 @@ occ_opts=(
     config:system:set overwritehost --value="$DOMAIN" \;
     config:system:set overwriteprotocol --value="$PROTO"
 )
-if ! [[ $'\n'"$trusted_domains"$'\n' == *$'\n'"$MASTER_BASE_SERVICE_NAME"$'\n'* ]]; then
-    trusted_index=$(echo "$trusted_domains" | wc -l)
-    debug "Adding $MASTER_TARGET_SERVICE_NAME to ${WHITE}trusted_domains${NORMAL}."
-    occ_opts+=( \; config:system:set trusted_domains "$trusted_index" --value="$MASTER_BASE_SERVICE_NAME")
-fi
-compose --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" "${occ_opts[@]}"
\ No newline at end of file
+compose --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" "${occ_opts[@]}" || {
+    err "Failure to execute these ${WHITE}occ${NORMAL} commands:"
+    echo " ${WHITE}$(printf ' %q' "${occ_opts[@]}")${NORMAL}" |
+        sed -r "s/\\;/$'n'/g" | prefix "  ${DARKGRAY}>${NORMAL} " >&2
+    echo " "
+    echo "  If the code of nextcloud is already there (command occ is found), but " >&2
+    echo "  the database is not yet created, this situation will arise." >&2
+    exit 1
+}
\ No newline at end of file