diff --git a/nextcloud/hooks/postgres_database-relation-joined b/nextcloud/hooks/postgres_database-relation-joined index 78340a2..ff60bb5 100755 --- a/nextcloud/hooks/postgres_database-relation-joined +++ b/nextcloud/hooks/postgres_database-relation-joined @@ -8,7 +8,36 @@ PASSWORD="$(relation-get password)" USER="$(relation-get user)" DBNAME="$(relation-get dbname)" -config-add "\ + +## This check adds purely arbitrary limits to what could be a password +## if we need to open that more, just consider the next script where we'll +## need to write in a PHP structure, or in YAML structure. + +## Note that here, "[]" chars are not accepted just because it doesn't seem evident +## to test for those in bash. +if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then + err "Invalid password chosen for postgres database." + exit 1 +fi + +## if config is not existent +if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then + + ## 'occ' can't be used as it will try to connect to postgres before running and + ## will fail if user/password is not correct + + ## We need to get through bash, and sed interpretation, then PHP single quoted strings. + quoted_user="${USER//\\/\\\\\\\\\\}" + quoted_user="${quoted_user//\'/\\\\\'}" + quoted_password="${PASSWORD//\\/\\\\\\\\\\}" + quoted_password="${quoted_password//\'/\\\\\'}" + sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ + s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;" "$CONFIGFILE" +else + + ## These variable are not used by current docker image after first install + + config-add "\ services: $MASTER_BASE_SERVICE_NAME: environment: @@ -17,5 +46,6 @@ services: POSTGRES_PASSWORD: $PASSWORD POSTGRES_USER: $USER " +fi info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." diff --git a/nextcloud/lib/common b/nextcloud/lib/common index 3c4a9de..334b7dd 100644 --- a/nextcloud/lib/common +++ b/nextcloud/lib/common @@ -6,6 +6,11 @@ PASSWORD_FILE="$SERVICE_CONFIGSTORE/etc/$SERVICE_NAME/pass" +## Used to check existence and make direct changes when 'occ' command +## can't do it properly. +CONFIGFILE="$SERVICE_CONFIGSTORE/var/www/html/config/config.php" + + has_user() { local user="$1" if ! out=$(occ user:info "$user"); then @@ -107,7 +112,7 @@ occ() { ## supposed to exist). For that we need to make sure nextcloud have ## be ran and setup prior to running this next command. export COMPOSE_IGNORE_ORPHANS=true - compose --debug -q --no-init --no-relations run \ + compose --debug -q --no-init --without-relation="$SERVICE_NAME":web-proxy run \ "${occ_docker_run_opts[@]}" \ -v "$HOST_CHARM_STORE/${CHARM_REL_PATH#${CHARM_STORE}/}/src/occ.batch:/var/www/html/occ.batch" \ -T --rm -u www-data "$SERVICE_NAME" /var/www/html/occ.batch "$@" | cat