From 681f2ef994723f45779e6e83589cedaa4ad50e91 Mon Sep 17 00:00:00 2001 From: Veiko Aasa Date: Thu, 18 Apr 2024 13:00:15 +0300 Subject: [PATCH] minidlna: Do not proxy minidlna web interface over Apache Minidlna interface is still available to everybody in internal networks at http://:8200. (Note that using mDNS name like freedombox.local doesn't work here). Remove 'minidlna' group and apache minidlna site configuration as those are not useful any more. Reconfigure minidlna front page shortcut to link to the app description page. Tests performed with stable and testing containers: Create a user that belongs to minidlna group. Apply changes, after minidlna app upgrade: - the user is not in minidlna group any more. - the users configuration page doesn't show minidlna group. - Apache site /_minidlna is disabled. Closes #2012, #2013, #2416. Signed-off-by: Veiko Aasa [sunil: Minor formatting, use single quotes for strings for consistency] Signed-off-by: Sunil Mohan Adapa Reviewed-by: Sunil Mohan Adapa --- plinth/modules/minidlna/__init__.py | 40 +++++++------------ .../conf-available/minidlna-freedombox.conf | 9 ----- 2 files changed, 15 insertions(+), 34 deletions(-) delete mode 100644 plinth/modules/minidlna/data/usr/share/freedombox/etc/apache2/conf-available/minidlna-freedombox.conf diff --git a/plinth/modules/minidlna/__init__.py b/plinth/modules/minidlna/__init__.py index 9f6dfcd73..e1cd1089f 100644 --- a/plinth/modules/minidlna/__init__.py +++ b/plinth/modules/minidlna/__init__.py @@ -2,17 +2,15 @@ """ FreedomBox app to configure minidlna. """ +from django.urls import reverse_lazy from django.utils.translation import gettext_lazy as _ from plinth import app as app_module from plinth import frontpage, menu -from plinth.config import DropinConfigs from plinth.daemon import Daemon from plinth.modules import firewall -from plinth.modules.apache.components import Webserver from plinth.modules.backups.components import BackupRestore from plinth.modules.firewall.components import Firewall -from plinth.modules.users.components import UsersAndGroups from plinth.package import Packages, install from plinth.utils import Version @@ -37,14 +35,12 @@ class MiniDLNAApp(app_module.App): app_id = 'minidlna' - _version = 5 + _version = 6 def __init__(self) -> None: """Initialize the app components.""" super().__init__() - groups = {'minidlna': _('Media streaming server')} - info = app_module.Info(app_id=self.app_id, version=self._version, name=_('MiniDLNA'), icon_filename='minidlna', short_description=_('Simple Media Server'), @@ -63,31 +59,21 @@ class MiniDLNAApp(app_module.App): ) self.add(menu_item) - shortcut = frontpage.Shortcut('shortcut-minidlna', info.name, - short_description=info.short_description, - description=info.description, - icon=info.icon_filename, - url='/_minidlna/', login_required=True, - allowed_groups=list(groups)) + shortcut = frontpage.Shortcut( + 'shortcut-minidlna', info.name, + short_description=info.short_description, + description=info.description, icon=info.icon_filename, + configure_url=reverse_lazy('minidlna:index'), login_required=True) self.add(shortcut) packages = Packages('packages-minidlna', ['minidlna']) self.add(packages) - dropin_configs = DropinConfigs( - 'dropin-configs-minidlna', - ['/etc/apache2/conf-available/minidlna-freedombox.conf']) - self.add(dropin_configs) - firewall_minidlna = Firewall('firewall-minidlna', info.name, ports=['minidlna', 'ssdp'], is_external=False) self.add(firewall_minidlna) - webserver = Webserver('webserver-minidlna', 'minidlna-freedombox', - urls=['https://{host}/_minidlna/']) - self.add(webserver) - daemon = Daemon('daemon-minidlna', 'minidlna') self.add(daemon) @@ -95,10 +81,6 @@ class MiniDLNAApp(app_module.App): **manifest.backup) self.add(backup_restore) - users_and_groups = UsersAndGroups('users-and-groups-minidlna', - groups=groups) - self.add(users_and_groups) - def setup(self, old_version): """Install and configure the app.""" super().setup(old_version) @@ -111,6 +93,14 @@ class MiniDLNAApp(app_module.App): firewall.remove_passthrough('ipv4', '-A', 'INPUT', '-p', 'tcp', '--dport', '8200', '-j', 'REJECT') + if old_version and old_version <= 5: + # Remove minidlna LDAP group and disable minidlna apache config + from plinth.modules.apache import privileged as apache_privileged + from plinth.modules.users import privileged as users_privileged + + users_privileged.remove_group('minidlna') + apache_privileged.disable('minidlna-freedombox', 'config') + if not old_version: self.enable() diff --git a/plinth/modules/minidlna/data/usr/share/freedombox/etc/apache2/conf-available/minidlna-freedombox.conf b/plinth/modules/minidlna/data/usr/share/freedombox/etc/apache2/conf-available/minidlna-freedombox.conf deleted file mode 100644 index aaaf5f876..000000000 --- a/plinth/modules/minidlna/data/usr/share/freedombox/etc/apache2/conf-available/minidlna-freedombox.conf +++ /dev/null @@ -1,9 +0,0 @@ - - Include includes/freedombox-single-sign-on.conf - - - TKTAuthToken "admin" - - - ProxyPass http://localhost:8200/ -