transmission: Allow remote UIs to connect

- Reload apache for new configuration - Increment app version to ensure new apache configuration is load immediately after FreedomBox version upgrade. - Don't re-enable a disabled app during app version upgrade. - Update description to talk about the remote RPC URL for apps. Tests: - Use tremotesf client on LineageOS to connect on the URL /transmission-remote. - Install transmission app freshly and notice that webserver reload was called only once. Remote GUI is working. - Install transmission without patches. Disable app. Apply patches, notice that webserver was not reloaded. Enable and remote GUI is working. - Install transmission without patches. Enable app. Apply patches, notice that webserver was reloaded and remote GUI is working. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-05-27 10:44:33 +00:00 · 2023-04-26 06:15:27 -07:00 · 2023-04-26 06:15:27 -07:00 · 209e9c681e
commit 209e9c681e
parent 1406f53019
2 changed files with 38 additions and 8 deletions
--- a/plinth/modules/transmission/init.py
+++ b/plinth/modules/transmission/init.py
@ -33,6 +33,12 @@ _description = [
        _('It can be accessed by <a href="{users_url}">any user</a> on '
          '{box_name} belonging to the bit-torrent group.'),
        box_name=_(cfg.box_name), users_url=reverse_lazy('users:index')),
+    format_lazy(
+        _('In addition to the web interface, mobile and desktop apps can also '
+          'be used to remotely control Transmission on {box_name}. To '
+          'configure remote control apps, use the URL '
+          '<a href="/transmission-remote/rpc">/transmission-remote/rpc</a>.'),
+        box_name=_(cfg.box_name)),
    format_lazy(
        _('<a href="{samba_url}">Samba</a> shares can be set as the '
          'default download directory from the dropdown menu below.'),
@ -51,7 +57,7 @@ class TransmissionApp(app_module.App):

    app_id = 'transmission'

-    _version = 5
+    _version = 6

    DAEMON = 'transmission-daemon'

@ -97,7 +103,8 @@ class TransmissionApp(app_module.App):
        self.add(firewall_local_protection)

        webserver = Webserver('webserver-transmission', 'transmission-plinth',
-                              urls=['https://{host}/transmission'])
+                              urls=['https://{host}/transmission'],
+                              last_updated_version=6)
        self.add(webserver)

        daemon = Daemon(
@ -131,4 +138,6 @@ class TransmissionApp(app_module.App):
        }
        privileged.merge_configuration(new_configuration)
        add_user_to_share_group(SYSTEM_USER, TransmissionApp.DAEMON)
-        self.enable()
+
+        if not old_version:
+            self.enable()
--- a/plinth/modules/transmission/data/etc/apache2/conf-available/transmission-plinth.conf
+++ b/plinth/modules/transmission/data/etc/apache2/conf-available/transmission-plinth.conf
@ -7,11 +7,24 @@
 ##   mod_proxy_http
 ##
 <Location /transmission>
-    ProxyPass        http://localhost:9091/transmission
-    Include          includes/freedombox-single-sign-on.conf
-    <IfModule mod_auth_pubtkt.c>
-        TKTAuthToken "admin" "bit-torrent"
-    </IfModule>
+    ProxyPass http://localhost:9091/transmission
+
+    # If a client sends 'Authorization' HTTP Header, perform Basic authorization
+    # using LDAP, otherwise redirect to FreedomBox single sign-on. It is not
+    # mandatory for the server to return HTTP 401 with 'WWW-Authenticate'. See
+    # https://datatracker.ietf.org/doc/html/rfc2616#section-14.8
+    <If "-n %{HTTP:Authorization}">
+        Include includes/freedombox-auth-ldap.conf
+        Require ldap-group cn=admin,ou=groups,dc=thisbox
+        Require ldap-group cn=bit-torrent,ou=groups,dc=thisbox
+    </If>
+    <Else>
+        Include includes/freedombox-single-sign-on.conf
+        <IfModule mod_auth_pubtkt.c>
+            TKTAuthToken "admin" "bit-torrent"
+        </IfModule>
+    </Else>
+
    ## Send the scheme from user's request to enable Transmission to
    ## redirect URLs, set cookies, set absolute URLs (if any)
    ## properly.
@ -28,3 +41,11 @@
        RewriteRule .* /transmission/web/ [R=302,L]
    </IfModule>
 </Location>
+
+# LDAP only authentication for Transmission remote UIs.
+<Location /transmission-remote>
+    ProxyPass http://localhost:9091/transmission
+    Include includes/freedombox-auth-ldap.conf
+    Require ldap-group cn=admin,ou=groups,dc=thisbox
+    Require ldap-group cn=bit-torrent,ou=groups,dc=thisbox
+</Location>