merge upstream and small changes

Signed-off-by: Zoey <zoey@z0ey.de>

Dockerfile

@@ -54,12 +54,17 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 ARG CRS_VER=v4.0/dev
 
 COPY rootfs /
+COPY --from=zoeyvid/certbot-docker:19  /usr/local          /usr/local
+COPY --from=zoeyvid/curl-quic:364      /usr/local/bin/curl /usr/local/bin/curl
+
 RUN apk add --no-cache ca-certificates tzdata tini \
+    patch bash nano \
     lua5.1-lzlib \
     nodejs-current \
     openssl apache2-utils \
-    coreutils grep jq curl shadow sudo \
+    coreutils grep jq shadow sudo \
     luarocks5.1 wget lua5.1-dev build-base git yarn && \
+    curl https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online --home /usr/local/bin/acmesh --nocron && \
     git clone https://github.com/coreruleset/coreruleset --branch "$CRS_VER" /tmp/coreruleset && \
     mkdir -v /usr/local/nginx/conf/conf.d/include/coreruleset && \
     mv -v /tmp/coreruleset/crs-setup.conf.example /usr/local/nginx/conf/conf.d/include/coreruleset/crs-setup.conf.example && \
@@ -71,16 +76,16 @@ RUN apk add --no-cache ca-certificates tzdata tini \
     apk del --no-cache luarocks5.1 wget lua5.1-dev build-base git yarn
 
 COPY --from=backend                    /build/backend                                             /app
-COPY --from=frontend                   /build/frontend/dist                                       /app/frontend
-COPY --from=zoeyvid/certbot-docker:18  /usr/local/certbot                                         /usr/local/certbot
+COPY --from=frontend                   /build/frontend/dist                                       /html/frontend
 COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/lib/plugins            /usr/local/nginx/lib/lua/plugins
 COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/lib/crowdsec.lua       /usr/local/nginx/lib/lua/crowdsec.lua
 COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/templates/ban.html     /usr/local/nginx/conf/conf.d/include/ban.html
 COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/templates/captcha.html /usr/local/nginx/conf/conf.d/include/captcha.html
 COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/lua-mod/config_example.conf    /usr/local/nginx/conf/conf.d/include/crowdsec.conf
 COPY --from=crowdsec                   /src/crowdsec-nginx-bouncer/nginx/crowdsec_nginx.conf      /usr/local/nginx/conf/conf.d/include/crowdsec_nginx.conf
 
-RUN ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
+RUN ln -s /usr/local/bin/acmesh/acme.sh /usr/local/bin/acme.sh && \
+    ln -s /app/password-reset.js /usr/local/bin/password-reset.js && \
     ln -s /app/sqlite-vaccum.js /usr/local/bin/sqlite-vaccum.js && \
     ln -s /app/index.js /usr/local/bin/index.js
 
@@ -121,5 +126,5 @@ ENV PUID=0 \
     PHP83=false
 
 WORKDIR /app
-ENTRYPOINT ["tini", "--", "start.sh"]
+ENTRYPOINT ["tini", "--", "entrypoint.sh"]
 HEALTHCHECK CMD healthcheck.sh

README.md

@@ -185,6 +185,13 @@ Password: iArhP1j7p1P6TA92FA2FMbbUGYqwcYzxC4AVEe12Wbi94FY9gNN62aKyF1shrvG4NycjjX
 
 Immediately after logging in with this default user you will be asked to modify your details and change your password.
 
+### prerun patches/scripts (EXPERT option) - if you donÄt know what this is, ignore it
+
+run order: entrypoint.sh (patches => scripts) => start.sh => launch.sh <br>
+if you need to apply patches before NPMplus launches put them under: `/opt/npm/etc/prerun/patches/*.patch` (applied using `patch -p1`) <br>
+if you need to run scripts before NPMplus launches put them under: `/opt/npm/etc/prerun/scripts/*.sh` (please add `#!/bin/sh` / `#!/bin/bash` to the top of the script) <br>
+you need to create this folders yourself, they will be launches from the `/` folder - **NOTE:** I won't help you creating thoose patches/scripts if you need them you also need to know how to create them
+
 ## Contributing
 
 All are welcome to create pull requests for this project, against the `develop` branch.

backend/lib/utils.js

@@ -3,8 +3,8 @@ const exec       = require('child_process').exec;
 const spawn      = require('child_process').spawn;
 const execFile   = require('child_process').execFile;
 const { Liquid } = require('liquidjs');
-const logger     = require('../logger').global;
 const error      = require('./error');
+//const logger     = require('../logger').global;
 
 module.exports = {
 
@@ -13,7 +13,7 @@ module.exports = {
 	 * @param   {String} cmd
 	 */
 	exec: async function(cmd, options = {}) {
-		logger.debug('CMD:', cmd);
+		//logger.debug('CMD:', cmd);
 
 		const { stdout, stderr } = await new Promise((resolve, reject) => {
 			const child = exec(cmd, options, (isError, stdout, stderr) => {
@@ -36,7 +36,7 @@ module.exports = {
 	 * @param   {Array}  args
 	 */
 	execFile: async function (cmd, args, options = {}) {
-		logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
+		//logger.debug('CMD: ' + cmd + ' ' + (args ? args.join(' ') : ''));
 
 		const { stdout, stderr } = await new Promise((resolve, reject) => {
 			const child = execFile(cmd, args, options, (isError, stdout, stderr) => {
@@ -62,7 +62,7 @@ module.exports = {
 			const childProcess = spawn(cmd, {
 				shell:    true,
 				detached: true,
-				stdio:    'inherit' // Use the same stdio as the current process
+				stdio:    'inherit'
 			});
 
 			childProcess.on('error', (err) => {

backend/models/token.js

@@ -73,13 +73,6 @@ module.exports = function () {
 
 							} else {
 								token_data = result;
-
-								// Hack: some tokens out in the wild have a scope of 'all' instead of 'user'.
-								// For 30 days at least, we need to replace 'all' with user.
-								if ((typeof token_data.scope !== 'undefined' && _.indexOf(token_data.scope, 'all') !== -1)) {
-									token_data.scope = ['user'];
-								}
-
 								resolve(token_data);
 							}
 						});

frontend/js/app/nginx/dead/form.ejs

@@ -60,7 +60,7 @@
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
                                     <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                 </label>
                             </div>
                         </div>

frontend/js/app/nginx/proxy/form.ejs

@@ -128,7 +128,7 @@
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
                                     <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                 </label>
                             </div>
                         </div>

frontend/js/app/nginx/redirection/form.ejs

@@ -109,7 +109,7 @@
                                 <label class="custom-switch">
                                     <input type="checkbox" class="custom-switch-input" name="hsts_enabled" value="1"<%- hsts_enabled ? ' checked' : '' %><%- certificate_id && ssl_forced ? '' : ' disabled' %>>
                                     <span class="custom-switch-indicator"></span>
-                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/backend/templates/_hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
+                                    <span class="custom-switch-description"><%- i18n('all-hosts', 'hsts-enabled') %> <a href="https://github.com/ZoeyVid/NPMplus/blob/develop/rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf" target="_blank"><i class="fe fe-help-circle"></i></a></span>
                                 </label>
                             </div>
                         </div>

frontend/js/i18n/messages.json

@@ -52,7 +52,7 @@
     "roles": {
       "title": "Roles",
       "admin": "Administrator",
-      "user": "Apache Helicopter"
+      "user": "User"
     },
     "menu": {
       "dashboard": "Dashboard",

global/README.md

@@ -9,10 +9,10 @@ File Structure:
 ```json
 {
   "cloudflare": {
-    "display_name": "Name displayed to the user",
+    "name": "Name displayed to the user",
     "package_name": "Package name in PyPi repo",
     "credentials": "Template of the credentials file",
-    "full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-njalla'"
+    "full_plugin_name": "The full plugin name as used in the commandline with certbot, e.g. 'dns-cloudflare'"
   },
   ...
 }