merge

use updated oauth3

See merge request !4

CHANGELOG

@@ -0,0 +1,4 @@
+v1.2.5 - Beginning of CHANGELOG
+	* has semi-functional launchpad
+	* OAuth3 with issuer-rewrite merged in
+	* capabilities API

LICENSE

@@ -1,3 +1,41 @@
-Copyright 2017 Daplie Inc.
+Copyright 2017 Daplie, Inc
 
-All Rights Reserved
+This is open source software; you can redistribute it and/or modify it under the
+terms of either:
+
+   a) the "MIT License"
+   b) the "Apache-2.0 License"
+
+MIT License
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+Apache-2.0 License Summary
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.md

@@ -19,7 +19,7 @@ Security Features
 * disallows cookies, except for protected static assets
 * api.* subdomain for apis
 * assets.* subdomain for protected assets
-* *must* sit behind a trusted https proxy (such as [Goldilocks](https://git.daplie.com/Daplie/goldilocks.js))
+* *must* sit behind a trusted https proxy (such as [Goldilocks](https://git.coolaj86.com/coolaj86/goldilocks.js))
 * HTTPS-only (checks for X-Forwarded-For)
 * AES, RSA, and ECDSA encryption and signing
 * Safe against CSRF, XSS, and SQL injection
@@ -34,14 +34,14 @@ Application Features
 
 * JSON-only expressjs APIs
 * Capability-based permissions system for (oauth3-discoverable) packages such as
-  * large file access (files@daplie.com)
+  * large file access (files@oauth3.org)
-  * database access (data@daplie.com)
+  * database access (data@oauth3.org)
-  * scheduling (for background tasks, alerts, alarms, calendars, reminders, etc) (events@daplie.com)
+  * scheduling (for background tasks, alerts, alarms, calendars, reminders, etc) (events@oauth3.org)
-  * payments (credit card) (payments@daplie.com)
+  * payments (credit card) (payments@oauth3.org)
-  * email (email@daplie.com)
+  * email (email@oauth3.org)
-  * SMS (texting) (tel@daplie.com)
+  * SMS (texting) (tel@oauth3.org)
-  * voice (calls and answering machine) (tel@daplie.com)
+  * voice (calls and answering machine) (tel@oauth3.org)
-  * lamba-style functions (functions@daplie.com)
+  * lamba-style functions (functions@oauth3.org)
 * Per-app, per-site, and per-user configurations
 * Multi-Tentated Application Management
 * Built-in OAuth2 & OAuth3 support
@@ -53,8 +53,18 @@ Installation
 
 We're still in a stage where the installation generally requires many manual steps.
 
+```bash
+curl https://git.coolaj86.com/coolaj86/walnut.js/raw/v1.2/installer/get.sh | bash
+```
+
 See [INSTALL.md](/INSTALL.md)
 
+### Uninstall
+
+```bash
+rm -rf /srv/walnut/ /var/walnut/ /etc/walnut/ /opt/walnut/ /var/log/walnut/ /etc/systemd/system/walnut.service /etc/tmpfiles.d/walnut.conf
+```
+
 Usage
 -----
 
@@ -121,7 +131,7 @@ Initialization
 needs to know its primary domain
 
 ```
-POST https://api.<domain.tld>/api/walnut@daplie.com/init
+POST https://api.<domain.tld>/api/walnut@oauth3.org/init
 
 { "domain": "<domain.tld>" }
 ```
@@ -143,18 +153,18 @@ api.<domain.tld>
 assets.<domain.tld>
 ```
 
-The domains can be setup through the Daplie Desktop App or with `daplie-tools`
+The domains can be setup through the OAuth3 Desktop App or with `oauth3-tools`
 
 ```bash
 # set device address and attach primary domain
-daplie devices:attach -d foodevice -n example.com -a 127.0.0.1
+oauth3 devices:attach -d foodevice -n example.com -a 127.0.0.1
 
 # attach all other domains with same device/address
-daplie devices:attach -d foodevice -n www.example.com
+oauth3 devices:attach -d foodevice -n www.example.com
-daplie devices:attach -d foodevice -n api.example.com
+oauth3 devices:attach -d foodevice -n api.example.com
-daplie devices:attach -d foodevice -n assets.example.com
+oauth3 devices:attach -d foodevice -n assets.example.com
-daplie devices:attach -d foodevice -n cloud.example.com
+oauth3 devices:attach -d foodevice -n cloud.example.com
-daplie devices:attach -d foodevice -n api.cloud.example.com
+oauth3 devices:attach -d foodevice -n api.cloud.example.com
 ```
 
 Example `/etc/goldilocks/goldilocks.yml`:
@@ -184,7 +194,7 @@ Resetting the Initialization
 Once you run the app the initialization files will appear in these locations
 
 ```
-/srv/walnut/var/walnut+config@daplie.com.sqlite3
+/srv/walnut/var/walnut+config@oauth3.org.sqlite3
 /srv/walnut/config/<domain.tld>/config.json
 ```
 
@@ -280,7 +290,7 @@ The permissions:
 ```
 /srv/walnut/var/
 └── sites
-    └── daplie.me
+    └── example.com
           '''
           seed@example.com      # refers to /srv/walnut/packages/pages/seed@example.com
           '''

dist/etc/systemd/system/walnut.service

@@ -19,15 +19,15 @@ StartLimitBurst=3
 
 # User and group the process will run as
 # (www-data is the de facto standard on most systems)
-User=www-data
+User=MY_USER
-Group=www-data
+Group=MY_GROUP
 
 # If we need to pass environment variables in the future
 ; Environment=GOLDILOCKS_PATH=/opt/walnut
 
 # Set a sane working directory, sane flags, and specify how to reload the config file
-WorkingDirectory=/srv/www
+WorkingDirectory=/opt/walnut
-ExecStart=/opt/walnut/bin/node /srv/walnut/core/bin/walnut.js --config=/etc/walnut/walnut.yml
+ExecStart=/opt/walnut/bin/node /opt/walnut/core/bin/walnut.js --config=/etc/walnut/walnut.yml
 ExecReload=/bin/kill -USR1 $MAINPID
 
 # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
@@ -46,7 +46,7 @@ ProtectSystem=full
 # … except TLS/SSL, ACME, and Let's Encrypt certificates
 #   and /var/log/, because we want a place where logs can go.
 #   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
-ReadWriteDirectories=/etc/walnut /var/log/walnut /var/walnut /opt/walnut /srv/www
+ReadWriteDirectories=/etc/walnut /var/log/walnut /var/walnut /opt/walnut /srv/walnut
 
 # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
 ; ReadWritePaths=/etc/walnut /var/log/walnut

dist/etc/tmpfiles.d/walnut.conf

@@ -1,12 +1,5 @@
-# /etc/tmpfiles.d/walnut.conf
+# /etc/tmpfiles.d/goldilocks.conf
 # See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
 
 # Type Path           Mode UID      GID      Age Argument
-d /etc/walnut          0755 www-data www-data -   -
+d /run/goldilocks          0755 MY_USER MY_GROUP -   -
-d /etc/ssl/walnut      0750 www-data www-data -   -
-d /srv/walnut          0775 www-data www-data -   -
-d /srv/www             0775 www-data www-data -   -
-d /opt/walnut          0775 www-data www-data -   -
-d /var/walnut          0775 www-data www-data -   -
-d /var/log/walnut      0750 www-data www-data -   -
-#d /run/walnut          0755 www-data www-data -   -

install-helper.sh

@@ -1,299 +0,0 @@
-#!/bin/bash
-
-set -e
-set -u
-
-# something or other about android and tmux using PREFIX
-#: "${PREFIX:=''}"
-MY_ROOT=""
-if [ -z "${PREFIX-}" ]; then
-  MY_ROOT=""
-else
-  MY_ROOT="$PREFIX"
-fi
-# Not every platform has or needs sudo, gotta save them O(1)s...
-sudo_cmd=""
-((EUID)) && [[ -z "${ANDROID_ROOT-}" ]] && sudo_cmd="sudo"
-
-###############################
-#                             #
-#         http_get            #
-# boilerplate for curl / wget #
-#                             #
-###############################
-
-# See https://git.daplie.com/Daplie/daplie-snippets/blob/master/bash/http-get.sh
-
-http_curl_opts="-fsSL"
-http_wget_opts="--quiet"
-
-http_bin=""
-http_opts=""
-http_out=""
-
-detect_http_bin()
-{
-  if type -p curl >/dev/null 2>&1; then
-    http_bin="curl"
-    http_opts="$http_curl_opts"
-    http_out="-o"
-    #curl -fsSL "$url" -o "$PREFIX/tmp/$pkg"
-  elif type -p wget >/dev/null 2>&1; then
-    http_bin="wget"
-    http_opts="$http_wget_opts"
-    http_out="-O"
-    #wget --quiet "$url" -O "$PREFIX/tmp/$pkg"
-  else
-    echo "Aborted, could not find curl or wget"
-    return 7
-  fi
-}
-
-http_get()
-{
-  if [ -e "$1" ]; then
-    rsync -a "$1" "$2"
-  elif type -p curl >/dev/null 2>&1; then
-    $http_bin $http_curl_opts $http_out "$2" "$1"
-  elif type -p wget >/dev/null 2>&1; then
-    $http_bin $http_wget_opts $http_out "$2" "$1"
-  else
-    echo "Aborted, could not find curl or wget"
-    return 7
-  fi
-}
-
-dap_dl()
-{
-  http_get "$1" "$2"
-}
-
-dap_dl_bash()
-{
-  dap_url=$1
-  #dap_args=$2
-  rm -rf /tmp/dap-tmp-runner.sh
-  $http_bin $http_opts $http_out /tmp/dap-tmp-runner.sh "$dap_url"; bash /tmp/dap-tmp-runner.sh; rm /tmp/dap-tmp-runner.sh
-}
-
-detect_http_bin
-
-## END HTTP_GET ##
-
-
-mvdir_backward_compat()
-{
-  old_dir=$1
-  new_dir=$2
-  # The symlink has already been set up, so no need to do anything.
-  if [ -L $old_dir ] && [ $(readlink $old_dir) == "$new_dir" ]; then
-    return 0
-  fi
-
-  if [ -d $old_dir ]; then
-    if [ $(ls $old_dir | wc -l) -gt 0 ]; then
-      mv ${old_dir}/* ${new_dir}/
-    fi
-    rm -r ${old_dir}
-    #rmdir ${old_dir}
-  fi
-
-  ln -snf $new_dir $old_dir
-}
-
-###################
-#                 #
-# Install service #
-#                 #
-###################
-
-install_for_systemd()
-{
-  echo ""
-  echo "Installing as systemd service"
-  echo ""
-  mkdir -p $(dirname "$my_app_dir/$my_app_systemd_service")
-  dap_dl "$installer_base/$my_app_systemd_service" "$my_app_dir/$my_app_systemd_service"
-  $sudo_cmd mv "$my_app_dir/$my_app_systemd_service" "$MY_ROOT/$my_app_systemd_service"
-  $sudo_cmd chown -R root:root "$MY_ROOT/$my_app_systemd_service"
-  $sudo_cmd chmod 644 "$MY_ROOT/$my_app_systemd_service"
-
-  mkdir -p $(dirname "$my_app_dir/$my_app_systemd_tmpfiles")
-  dap_dl "$installer_base/$my_app_systemd_tmpfiles" "$my_app_dir/$my_app_systemd_tmpfiles"
-  $sudo_cmd mv "$my_app_dir/$my_app_systemd_tmpfiles" "$MY_ROOT/$my_app_systemd_tmpfiles"
-  $sudo_cmd chown -R root:root "$MY_ROOT/$my_app_systemd_tmpfiles"
-  $sudo_cmd chmod 644 "$MY_ROOT/$my_app_systemd_tmpfiles"
-
-  $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null
-  $sudo_cmd systemctl daemon-reload
-  $sudo_cmd systemctl start "${my_app_name}.service"
-  $sudo_cmd systemctl enable "${my_app_name}.service"
-
-  echo "$my_app_name started with systemctl, check its status like so"
-  echo "  $sudo_cmd systemctl status $my_app_name"
-  echo "  $sudo_cmd journalctl -xe -u $my_app_name"
-}
-
-install_for_launchd()
-{
-  echo ""
-  echo "Installing as launchd service"
-  echo ""
-  # See http://www.launchd.info/
-  mkdir -p $(dirname "$my_app_dir/$my_app_launchd_service")
-  dap_dl "$installer_base/$my_app_launchd_service" "$my_app_dir/$my_app_launchd_service"
-  $sudo_cmd mv "$my_app_dir/$my_app_launchd_service" "$MY_ROOT/$my_app_launchd_service"
-  $sudo_cmd chown root:wheel "$MY_ROOT/$my_app_launchd_service"
-  $sudo_cmd chmod 0644 "$MY_ROOT/$my_app_launchd_service"
-  $sudo_cmd launchctl unload -w "$MY_ROOT/$my_app_launchd_service" >/dev/null 2>/dev/null
-  $sudo_cmd launchctl load -w "$MY_ROOT/$my_app_launchd_service"
-
-  echo "$my_app_name started with launchd"
-}
-
-install_etc_config()
-{
-  #echo "install etc config $MY_ROOT / $my_app_etc_config"
-  if [ ! -e "$MY_ROOT/$my_app_etc_config" ]; then
-    $sudo_cmd mkdir -p $(dirname "$MY_ROOT/$my_app_etc_config")
-    mkdir -p $(dirname "$my_app_dir/$my_app_etc_config")
-    dap_dl "$installer_base/$my_app_etc_config" "$my_app_dir/$my_app_etc_config"
-    $sudo_cmd mv "$my_app_dir/$my_app_etc_config" "$MY_ROOT/$my_app_etc_config"
-  fi
-
-  $sudo_cmd chown -R www-data:www-data $(dirname "$MY_ROOT/$my_app_etc_config") || true
-  $sudo_cmd chown -R _www:_www $(dirname "$MY_ROOT/$my_app_etc_config") || true
-  $sudo_cmd chmod 775 $(dirname "$MY_ROOT/$my_app_etc_config")
-  $sudo_cmd chmod 664 "$MY_ROOT/$my_app_etc_config"
-}
-
-install_service()
-{
-  install_etc_config
-  #echo "install service"
-
-  installable=""
-  if [ -d "$MY_ROOT/etc/systemd/system" ]; then
-    install_for_systemd
-    installable="true"
-  fi
-  if [ -d "/Library/LaunchDaemons" ]; then
-    install_for_launchd
-    installable="true"
-  fi
-  if [ -z "$installable" ]; then
-    echo ""
-    echo "Unknown system service init type. You must install as a system service manually."
-    echo '(please file a bug with the output of "uname -a")'
-    echo ""
-  fi
-  echo ""
-}
-
-## END SERVICE_INSTALL ##
-
-# Create dirs, set perms
-create_skeleton()
-{
-  $sudo_cmd mkdir -p /srv/www
-  $sudo_cmd mkdir -p /var/log/$my_app_name
-  $sudo_cmd mkdir -p /etc/$my_app_name
-  $sudo_cmd mkdir -p /var/$my_app_name
-  $sudo_cmd mkdir -p /srv/$my_app_name
-  $sudo_cmd mkdir -p /opt/$my_app_name
-}
-
-# Unistall
-install_uninstaller()
-{
-  #echo "install uninstaller"
-  dap_dl "https://git.daplie.com/Daplie/walnut.js/raw/master/uninstall.sh" "./walnut-uninstall"
-  $sudo_cmd chmod 755 "./walnut-uninstall"
-  $sudo_cmd chown root:root "./walnut-uninstall"
-  $sudo_cmd mv "./walnut-uninstall" "/usr/local/bin/uninstall-walnut"
-}
-
-
-# Dependencies
-export NODE_PATH=/opt/walnut/lib/node_modules
-export NPM_CONFIG_PREFIX=/opt/walnut
-$sudo_cmd mkdir -p $NODE_PATH
-$sudo_cmd chown -R $(whoami) /opt/walnut
-dap_dl_bash "https://git.daplie.com/coolaj86/node-install-script/raw/master/setup-min.sh"
-
-# Install
-# npm install -g 'git+https://git@git.daplie.com/Daplie/walnut.js.git#v1'
-
-my_app_name=walnut
-my_app_pkg_name=com.daplie.walnut.web
-my_app_dir=$(mktemp -d)
-#installer_base="https://git.daplie.com/Daplie/walnut.js/raw/master/dist"
-#installer_base="$( dirname "${BASH_SOURCE[0]}" )/dist"
-installer_base="/srv/walnut/core/dist"
-
-my_app_etc_config="etc/${my_app_name}/${my_app_name}.yml"
-my_app_systemd_service="etc/systemd/system/${my_app_name}.service"
-my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf"
-my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist"
-
-# Install
-install_my_app()
-{
-  # This function shouldn't need to use $sudo_cmd because it is called immediately after
-  # /srv/walnut is chown-ed and we only mess with things in that directory.
-
-  #git clone git@git.daplie.com:Daplie/walnut.js.git
-  #git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core
-  mkdir -p /srv/walnut/{core,lib,var,etc,config,node_modules}
-  rm -rf /srv/walnut/core/node_modules
-  ln -sf ../node_modules /srv/walnut/core/node_modules
-  mkdir -p /srv/walnut/var/sites
-  mkdir -p /srv/walnut/etc/org.oauth3.consumer
-  mkdir -p /srv/walnut/etc/client-api-grants
-  mkdir -p /srv/walnut/packages/{rest,api,pages,services}
-
-  # backwards compat
-  mvdir_backward_compat /srv/walnut/packages/client-api-grants /srv/walnut/etc/client-api-grants
-  mvdir_backward_compat /srv/walnut/packages/sites /srv/walnut/var/sites
-
-  if [ ! -d "/srv/walnut/core/lib/walnut@daplie.com/setup" ]; then
-    git clone https://git.daplie.com/Daplie/walnut_launchpad.git /srv/walnut/core/lib/walnut@daplie.com/setup
-  fi
-  pushd /srv/walnut/core/lib/walnut@daplie.com/setup
-    if [ ! -d "./.git/" ]; then
-      echo "'/srv/walnut/core/lib/walnut@daplie.com/setup' exists but is not a git repository... not sure what to do here..."
-    fi
-    git checkout master
-    git pull
-  popd
-
-  pushd /srv/walnut/core
-    export NODE_PATH=/opt/walnut/lib/node_modules
-    export NPM_CONFIG_PREFIX=/opt/walnut
-    /opt/walnut/bin/npm install
-  popd
-}
-
-$sudo_cmd mkdir -p /srv/walnut
-$sudo_cmd chown -R $(whoami) /srv/walnut
-
-install_my_app
-create_skeleton
-install_uninstaller
-install_service
-
-$sudo_cmd chown -R www-data:www-data /opt/walnut || true
-$sudo_cmd chown -R _www:_www /opt/walnut || true
-$sudo_cmd chown -R www-data:www-data /srv/walnut || true
-$sudo_cmd chown -R _www:_www /srv/walnut || true
-$sudo_cmd chmod -R ug+rwX /srv/walnut
-$sudo_cmd chmod -R ug+rwX /opt/walnut
-# +s sets the setuid/setgid bit, which when set on directories makes it so anything
-# created inside the directory maintains the same user/group (depending on the bits
-# set). Any directory created within a directory with those bits set will also have
-# those bits set. When setuid or setgid bits are set on a file however it means that
-# if the file is executed it will run with the permissions of the user/group no matter
-# who actually runs it (see the ping executable for example).
-# I'm not sure that all systems actually support the use of these bits.
-find /srv/walnut -type d -exec $sudo_cmd chmod ug+s {} \; || true
-find /opt/walnut -type d -exec $sudo_cmd chmod ug+s {} \; || true

install.sh

@@ -1,121 +0,0 @@
-#!/bin/bash
-
-# Not every platform has or needs sudo, gotta save them O(1)s...
-sudo_cmd=""
-((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo"
-
-set -e
-set -u
-
-###############################
-#                             #
-# boilerplate for curl / wget #
-#                             #
-###############################
-
-http_get=""
-http_opts=""
-http_out=""
-
-detect_http_get()
-{
-  if type -p curl >/dev/null 2>&1; then
-    http_get="curl"
-    http_opts="-fsSL"
-    http_out="-o"
-    #curl -fsSL "$caddy_url" -o "$PREFIX/tmp/$caddy_pkg"
-  elif type -p wget >/dev/null 2>&1; then
-    http_get="wget"
-    http_opts="--quiet"
-    http_out="-O"
-    #wget --quiet "$caddy_url" -O "$PREFIX/tmp/$caddy_pkg"
-  else
-    echo "Aborted, could not find curl or wget"
-    return 7
-  fi
-}
-
-dap_dl()
-{
-  $http_get $http_opts $http_out "$2" "$1"
-}
-
-dap_dl_bash()
-{
-  dap_url=$1
-  #dap_args=$2
-  rm -rf dap-tmp-runner.sh
-  $http_get $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh
-}
-
-detect_http_get
-
-###############################
-#                             #
-# actual script continues...  #
-#                             #
-###############################
-
-install_walnut()
-{
-  $sudo_cmd mkdir -p /srv/walnut/{var,etc,packages,node_modules}
-  # www-data exists on linux, _www exists on mac OS
-  $sudo_cmd chown -R $(whoami):www-data /srv/walnut || $sudo_cmd chown -R $(whoami):_www /srv/walnut
-  if [ ! -d "/srv/walnut/core/" ]; then
-    git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core
-  fi
-  pushd /srv/walnut/core
-    if [ ! -d "./.git/" ]; then
-      echo "'/srv/walnut/core' exists but is not a git repository... not sure what to do here..."
-    fi
-    git checkout master
-    git pull
-  popd
-  rm -rf /srv/walnut/core/node_modules
-  ln -sf ../node_modules /srv/walnut/core/node_modules
-  /srv/walnut/core/install-helper.sh /srv/walnut
-  # Now that the install is finished we need to set the owner to the user that will actually
-  # be running the walnut server.
-  $sudo_cmd chown -R www-data:www-data /srv/walnut || $sudo_cmd chown -R _www:_www /srv/walnut
-}   
-
-# Install node
-echo "----Installing Nodejs and NPM----"
-echo "v8.2.1" > /tmp/NODEJS_VER
-daplie-install-node-dev
-npm install -g npm@4
-
-# Install goldilocks
-echo "----Installing goldilocks.js----"
-daplie-install-goldilocks
-
-echo "----Installing walnut.js----"
-#$sudo_cmd mkdir -p /opt/goldilocks/{lib,bin,etc}
-#export NODE_PATH=/opt/walnut/lib/node_modules
-#export NPM_CONFIG_PREFIX=/opt/walnut
-old_PATH=$PATH
-export PATH=/opt/walnut/bin:$PATH
-
-# Install walnut
-install_walnut
-
-# Install bower, some systems may be missing it, and it is a dependency
-/opt/walnut/bin/npm install -g bower
-touch /.bowerrc
-echo '{ "allow_root": true }' > /.bowerrc
-
-# Restore PATH to original value
-export PATH=$old_PATH
-
-echo ""
-echo "You must have some set of domain set up to properly use goldilocks+walnut:"
-echo ""
-echo "  example.com"
-echo "  www.example.com"
-echo "  api.example.com"
-echo "  assets.example.com"
-echo "  cloud.example.com"
-echo "  api.cloud.example.com"
-echo ""
-echo "Check the WALNUT README.md for more info and how to set up /etc/goldilocks/goldilocks.yml"
-echo ""

installer/get.sh

@@ -0,0 +1,20 @@
+set -e
+set -u
+
+my_name=walnut
+# TODO provide an option to supply my_ver and my_tmp
+my_ver=master
+my_tmp=$(mktemp -d)
+
+mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
+git clone https://git.coolaj86.com/coolaj86/walnut.js.git $my_tmp/opt/$my_name/core
+
+echo "Installing to $my_tmp (will be moved after install)"
+pushd $my_tmp/opt/$my_name/core
+  git checkout $my_ver
+  source ./installer/install.sh
+popd
+
+echo "Installation successful, now cleaning up $my_tmp ..."
+rm -rf $my_tmp
+echo "Done"

installer/http-get.sh

@@ -0,0 +1,48 @@
+###############################
+#                             #
+#         http_get            #
+# boilerplate for curl / wget #
+#                             #
+###############################
+
+# See https://git.coolaj86.com/coolaj86/snippets/blob/master/bash/http-get.sh
+
+_h_http_get=""
+_h_http_opts=""
+_h_http_out=""
+
+detect_http_get()
+{
+  set +e
+  if type -p curl >/dev/null 2>&1; then
+    _h_http_get="curl"
+    _h_http_opts="-fsSL"
+    _h_http_out="-o"
+  elif type -p wget >/dev/null 2>&1; then
+    _h_http_get="wget"
+    _h_http_opts="--quiet"
+    _h_http_out="-O"
+  else
+    echo "Aborted, could not find curl or wget"
+    return 7
+  fi
+  set -e
+}
+
+http_get()
+{
+  $_h_http_get $_h_http_opts $_h_http_out "$2" "$1"
+  touch "$2"
+}
+
+http_bash()
+{
+  _http_url=$1
+  #dap_args=$2
+  rm -rf dap-tmp-runner.sh
+  $_h_http_get $_h_http_opts $_h_http_out dap-tmp-runner.sh "$_http_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh
+}
+
+detect_http_get
+
+## END HTTP_GET ##

installer/install-for-launchd.sh

@@ -0,0 +1,17 @@
+set -u
+
+my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist"
+
+echo ""
+echo "Installing as launchd service"
+echo ""
+
+# See http://www.launchd.info/
+safe_copy_config "$my_app_dist/$my_app_launchd_service" "$my_root/$my_app_launchd_service"
+
+$sudo_cmd chown root:wheel "$my_root/$my_app_launchd_service"
+
+$sudo_cmd launchctl unload -w "$my_root/$my_app_launchd_service" >/dev/null 2>/dev/null
+$sudo_cmd launchctl load -w "$my_root/$my_app_launchd_service"
+
+echo "$my_app_name started with launchd"

installer/install-for-systemd.sh

@@ -0,0 +1,35 @@
+set -u
+
+my_app_systemd_service="etc/systemd/system/${my_app_name}.service"
+my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf"
+
+echo ""
+echo "Installing as systemd service"
+echo ""
+
+sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_service" > "$my_app_dist/$my_app_systemd_service.2"
+sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service"
+rm "$my_app_dist/$my_app_systemd_service.2"
+safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service"
+
+sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_tmpfiles" > "$my_app_dist/$my_app_systemd_tmpfiles.2"
+sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_tmpfiles.2" > "$my_app_dist/$my_app_systemd_tmpfiles"
+rm "$my_app_dist/$my_app_systemd_tmpfiles.2"
+safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles"
+
+$sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true
+$sudo_cmd systemctl daemon-reload
+$sudo_cmd systemctl start "${my_app_name}.service"
+$sudo_cmd systemctl enable "${my_app_name}.service"
+
+echo ""
+echo ""
+echo "Fun systemd commands to remember:"
+echo "  $sudo_cmd systemctl daemon-reload"
+echo "  $sudo_cmd systemctl restart $my_app_name.service"
+echo ""
+echo "$my_app_name started with systemctl, check its status like so:"
+echo "  $sudo_cmd systemctl status $my_app_name"
+echo "  $sudo_cmd journalctl -xefu $my_app_name"
+echo ""
+echo ""

installer/install-system-service.sh

@@ -0,0 +1,37 @@
+safe_copy_config()
+{
+  src=$1
+  dst=$2
+  $sudo_cmd mkdir -p $(dirname "$dst")
+  if [ -f "$dst" ]; then
+    $sudo_cmd rsync -a "$src" "$dst.latest"
+    # TODO edit config file with $my_user and $my_group
+    if [ "$(cat $dst)" == "$(cat $dst.latest)" ]; then
+      $sudo_cmd rm $dst.latest
+    else
+      echo "MANUAL INTERVENTION REQUIRED: check the systemd script update and manually decide what you want to do"
+      echo "diff $dst $dst.latest"
+      $sudo_cmd chown -R root:root "$dst.latest"
+    fi
+  else
+    $sudo_cmd rsync -a --ignore-existing "$src" "$dst"
+  fi
+  $sudo_cmd chown -R root:root "$dst"
+  $sudo_cmd chmod 644 "$dst"
+}
+
+installable=""
+if [ -d "$my_root/etc/systemd/system" ]; then
+  source ./installer/install-for-systemd.sh
+  installable="true"
+fi
+if [ -d "/Library/LaunchDaemons" ]; then
+  source ./installer/install-for-launchd.sh
+  installable="true"
+fi
+if [ -z "$installable" ]; then
+  echo ""
+  echo "Unknown system service init type. You must install as a system service manually."
+  echo '(please file a bug with the output of "uname -a")'
+  echo ""
+fi

installer/install.sh

@@ -0,0 +1,195 @@
+#!/bin/bash
+
+set -e
+set -u
+
+### IMPORTANT ###
+###  VERSION  ###
+my_name=walnut
+my_app_pkg_name=org.oauth3.walnut.web
+my_app_ver="v1.2"
+my_azp_oauth3_ver="v1.2"
+# is the old version still needed in launchpad?
+#my_azp_oauth3_ver="v1.1.3"
+export NODE_VERSION="v8.9.0"
+
+if [ -z "${my_tmp-}" ]; then
+  my_tmp="$(mktemp -d)"
+  mkdir -p $my_tmp/opt/$my_name/core
+  echo "Installing to $my_tmp (will be moved after install)"
+  git clone ./ $my_tmp/opt/$my_name/core
+  pushd $my_tmp/opt/$my_name/core
+fi
+
+#################
+
+### IMPORTANT ###
+###  VERSION  ###
+#my_app_ver="v1.1"
+my_app_ver="v1.2"
+my_launchpad_ver="v1.2"
+my_iss_oauth3_rest_ver="v1.2.0"
+my_iss_oauth3_pages_ver="v1.2.1"
+my_www_ppl_ver=v1.0.15
+export NODE_VERSION="v8.9.0"
+#################
+export NODE_PATH=$my_tmp/opt/$my_name/lib/node_modules
+export PATH=$my_tmp/opt/$my_name/bin/:$PATH
+export NPM_CONFIG_PREFIX=$my_tmp/opt/$my_name
+my_npm="$NPM_CONFIG_PREFIX/bin/npm"
+#################
+
+
+
+# TODO un-hardcode core at al
+#my_app_dist=$my_tmp/opt/$my_name/lib/node_modules/$my_name/dist
+my_app_dist=$my_tmp/opt/$my_name/core/dist
+installer_base="https://git.coolaj86.com/coolaj86/goldilocks.js/raw/$my_app_ver"
+
+# Backwards compat
+# some scripts still use the old names
+my_app_dir=$my_tmp
+my_app_name=$my_name
+
+
+
+git checkout $my_app_ver
+
+mkdir -p $my_tmp/{etc,opt,srv,var}/$my_name
+mkdir -p "$my_tmp/var/log/$my_name"
+mkdir -p "$my_tmp/opt/$my_name"/{bin,config,core,etc,lib,node_modules,var}
+ln -s ../core/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name
+ln -s ../core/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name.js
+#ln -s ../lib/node_modules/$my_name/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name
+#ln -s ../lib/node_modules/$my_name/bin/$my_name.js $my_tmp/opt/$my_name/bin/$my_name.js
+mkdir -p "$my_tmp/opt/$my_name"/packages/{api,pages,rest,services}
+mkdir -p "$my_tmp/opt/$my_name"/etc/client-api-grants
+# TODO move packages and sites to /srv, grants to /etc
+ln -s ../etc/client-api-grants "$my_tmp/opt/$my_name"/packages/client-api-grants
+mkdir -p "$my_tmp/opt/$my_name"/var/sites
+ln -s ../var/sites "$my_tmp/opt/$my_name"/packages/sites
+mkdir -p "$my_tmp/etc/$my_name"
+chmod 775 "$my_tmp/etc/$my_name"
+cat "$my_app_dist/etc/$my_name/$my_name.example.yml" > "$my_tmp/etc/$my_name/$my_name.example.yml"
+chmod 664 "$my_tmp/etc/$my_name/$my_name.example.yml"
+mkdir -p $my_tmp/var/log/$my_name
+
+
+
+#
+# Helpers
+#
+source ./installer/sudo-cmd.sh
+source ./installer/http-get.sh
+
+
+
+#
+# Dependencies
+#
+echo $NODE_VERSION > /tmp/NODEJS_VER
+# This will read the NODE_* and PATH variables set previously, as well as /tmp/NODEJS_VER
+http_bash "https://git.coolaj86.com/coolaj86/node-installer.sh/raw/v1.1/install.sh"
+$my_npm install -g npm@4
+$my_npm install -g bower
+touch $my_tmp/opt/$my_name/.bowerrc
+echo '{ "allow_root": true }' > $my_tmp/opt/$my_name/.bowerrc
+
+#pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
+pushd $my_tmp/opt/$my_name/core
+  mkdir -p ../node_modules
+  ln -s ../node_modules node_modules
+  $my_npm install
+popd
+
+git clone https://git.coolaj86.com/coolaj86/walnut_launchpad.html.git $my_tmp/opt/$my_name/core/lib/walnut@oauth3.org/setup
+pushd $my_tmp/opt/$my_name/core/lib/walnut@oauth3.org/setup
+  git pull
+  git checkout $my_launchpad_ver
+
+  git clone https://git.oauth3.org/OAuth3/oauth3.js.git ./assets/oauth3.org
+  pushd assets/oauth3.org
+    git checkout $my_azp_oauth3_ver
+  popd
+popd
+
+pushd $my_tmp/opt/$my_name/packages
+  git clone https://git.oauth3.org/OAuth3/issuer.rest.walnut.js.git rest/issuer@oauth3.org
+  pushd rest/issuer@oauth3.org/
+      git checkout $my_iss_oauth3_rest_ver
+      $my_npm install
+  popd
+
+  git clone https://git.oauth3.org/OAuth3/issuer.html.git pages/issuer@oauth3.org
+  pushd pages/issuer@oauth3.org
+    git checkout $my_iss_oauth3_pages_ver
+    bash ./install.sh
+
+    pushd ./assets/oauth3.org
+      git checkout $my_azp_oauth3_ver
+    popd
+  popd
+
+  git clone https://git.coolaj86.com/coolaj86/walnut_rest_www_oauth3.org.js.git rest/www@oauth3.org
+  pushd rest/www@oauth3.org
+    git checkout $my_www_ppl_ver
+    $my_npm install
+  popd
+popd
+
+
+
+#
+# System Service
+#
+source ./installer/my-root.sh
+echo "Pre-installation to $my_tmp complete, now installing to $my_root/ ..."
+set +e
+if type -p tree >/dev/null 2>/dev/null; then
+  #tree -I "node_modules|include|share" $my_tmp
+  tree -L 6 -I "include|share|npm" $my_tmp
+else
+  ls $my_tmp
+fi
+set -e
+
+source ./installer/my-user-my-group.sh
+echo "User $my_user Group $my_group"
+
+$sudo_cmd chown -R $my_user:$my_group $my_tmp
+$sudo_cmd chown root:root $my_tmp/*
+$sudo_cmd chown root:root $my_tmp
+$sudo_cmd chmod 0755 $my_tmp
+$sudo_cmd rsync -a --ignore-existing $my_tmp/ $my_root/
+$sudo_cmd rsync -a --ignore-existing $my_app_dist/etc/$my_name/$my_name.yml $my_root/etc/$my_name/$my_name.yml
+source ./installer/install-system-service.sh
+
+# Change to admin perms
+$sudo_cmd chown -R $my_user:$my_group $my_root/opt/$my_name
+$sudo_cmd chown -R $my_user:$my_group $my_root/var/www $my_root/srv/www
+
+# make sure the files are all read/write for the owner and group, and then set
+# the setuid and setgid bits so that any files/directories created inside these
+# directories have the same owner and group.
+$sudo_cmd chmod -R ug+rwX $my_root/opt/$my_name
+find $my_root/opt/$my_name -type d -exec $sudo_cmd chmod ug+s {} \;
+
+
+
+echo ""
+echo "You must have some set of domain set up to properly use goldilocks+walnut:"
+echo ""
+echo "  example.com"
+echo "  www.example.com"
+echo "  api.example.com"
+echo "  assets.example.com"
+echo "  cloud.example.com"
+echo "  api.cloud.example.com"
+echo ""
+echo "Check the WALNUT README.md for more info and how to set up /etc/goldilocks/goldilocks.yml"
+echo ""
+echo "Unistall: rm -rf /srv/walnut/ /var/walnut/ /etc/walnut/ /opt/walnut/ /var/log/walnut/ /etc/systemd/system/walnut.service /etc/tmpfiles.d/walnut.conf"
+
+
+
+rm -rf $my_tmp

installer/my-root.sh

@@ -0,0 +1,8 @@
+# something or other about android and tmux using PREFIX
+#: "${PREFIX:=''}"
+my_root=""
+if [ -z "${PREFIX-}" ]; then
+  my_root=""
+else
+  my_root="$PREFIX"
+fi

installer/my-user-my-group.sh

@@ -0,0 +1,19 @@
+if type -p adduser >/dev/null 2>/dev/null; then
+  if [ -z "$(cat $my_root/etc/passwd | grep $my_app_name)" ]; then
+    $sudo_cmd adduser --home $my_root/opt/$my_app_name --gecos '' --disabled-password $my_app_name
+  fi
+  my_user=$my_app_name
+  my_group=$my_app_name
+elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
+  # Linux (Ubuntu)
+  my_user=www-data
+  my_group=www-data
+elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
+  # Mac
+  my_user=_www
+  my_group=_www
+else
+  # Unsure
+  my_user=$(whoami)
+  my_group=$(id -g -n)
+fi

installer/sudo-cmd.sh

@@ -0,0 +1,7 @@
+# Not every platform has or needs sudo, gotta save them O(1)s...
+sudo_cmd=""
+set +e
+if type -p sudo >/dev/null 2>/dev/null; then
+  ((EUID)) && [[ -z "${ANDROID_ROOT-}" ]] && sudo_cmd="sudo"
+fi
+set -e

package.json

@@ -1,6 +1,6 @@
 {
   "name": "walnut",
-  "version": "0.1.0",
+  "version": "1.2.5",
   "description": "zero-config home cloud server",
   "main": "walnut.js",
   "scripts": {
@@ -8,7 +8,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/Daplie/walnut.git"
+    "url": "https://git.coolaj86.com/coolaj86/walnut.js.git"
   },
   "bin": {
     "walnut": "./bin/walnut.js"
@@ -33,16 +33,16 @@
     "private",
     "public"
   ],
-  "author": "AJ ONeal <aj@daplie.com> (https://daplie.com)",
+  "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com)",
-  "license": "Apache2",
+  "license": "(MIT or Apache2)",
   "bugs": {
-    "url": "https://github.com/Daplie/walnut/issues"
+    "url": "https://git.coolaj86.com/coolaj86/walnut.js/issues"
   },
-  "homepage": "https://github.com/Daplie/walnut",
+  "homepage": "https://git.coolaj86.com/coolaj86/walnut.js",
   "dependencies": {
     "bluebird": "3.x",
     "body-parser": "1.x",
-    "cluster-store": "git+https://git.daplie.com/Daplie/cluster-store.git#v2",
+    "cluster-store": "^2.0.8",
     "connect": "3.x",
     "connect-cors": "0.5.x",
     "connect-recase": "^1.0.2",
@@ -57,19 +57,24 @@
     "jwk-to-pem": "^1.2.6",
     "mailchimp-api-v3": "^1.7.0",
     "mandrill-api": "^1.0.45",
-    "masterquest-sqlite3": "git+https://git.daplie.com/node/masterquest-sqlite3.git",
+    "masterquest-sqlite3": "^1.1.1",
     "mkdirp": "^0.5.1",
     "multiparty": "^4.1.3",
     "nodemailer": "^1.4.0",
     "nodemailer-mailgun-transport": "1.x",
-    "oauth3.js": "git+https://git.daplie.com/OAuth3/oauth3.js.git",
+    "oauth3.js": "git+https://git.oauth3.org/OAuth3/oauth3.js.git#v1.2",
     "recase": "^1.0.4",
     "request": "^2.81.0",
     "scmp": "^2.0.0",
     "serve-static": "1.x",
-    "sqlite3-cluster": "git+https://git.daplie.com/coolaj86/sqlite3-cluster.git#v2",
+    "sqlite3-cluster": "^2.1.2",
     "stripe": "^4.22.0",
-    "twilio": "1.x",
+    "twilio": "1.x"
-    "ursa": "^0.9.1"
+  },
+  "gitDependencies": {
+    "cluster-store": "git+https://git.coolaj86.com/coolaj86/cluster-store.git#v2",
+    "masterquest-sqlite3": "git+https://git.coolaj86.com/coolaj86/masterquest-sqlite3.git",
+    "oauth3.js": "git+https://git.oauth3.org/OAuth3/oauth3.js.git#v1.2",
+    "sqlite3-cluster": "git+https://git.coolaj86.com/coolaj86/sqlite3-cluster.git#v2"
   }
 }