Merge pull request #1448 from nono/docker-disable-csp

Allow to disable CSP from config file (dev only)

cmd/apps.go

@@ -54,7 +54,7 @@ var installWebappCmd = &cobra.Command{
 	Use: "install [slug] [sourceurl]",
 	Short: `Install an application with the specified slug name
 from the given source URL.`,
-	Example: "$ cozy-stack apps install --domain cozy.tools:8080 drive 'git://github.com/cozy/cozy-drive.git#latest-drive'",
+	Example: "$ cozy-stack apps install --domain cozy.tools:8080 drive registry://drive/stable",
 	Long:    "[Some schemes](../../docs/apps.md#sources) are allowed as `[sourceurl]`.",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		return installApp(cmd, args, consts.Apps)
@@ -129,7 +129,7 @@ var installKonnectorCmd = &cobra.Command{
 	Use: "install [slug] [sourceurl]",
 	Short: `Install a konnector with the specified slug name
 from the given source URL.`,
-	Example: "$ cozy-stack konnectors install --domain cozy.tools:8080 trainline 'git://github.com/cozy/cozy-konnector-trainline.git#build'",
+	Example: "$ cozy-stack konnectors install --domain cozy.tools:8080 trainline registry://trainline/stable",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		return installApp(cmd, args, consts.Konnectors)
 	},
@@ -252,14 +252,8 @@ func installApp(cmd *cobra.Command, args []string, appType string) error {
 		return cmd.Usage()
 	}
 	slug := args[0]
-	var source string
-	if len(args) == 1 {
-		s, ok := consts.AppsRegistry[slug]
-		if !ok {
-			return cmd.Usage()
-		}
-		source = s
-	} else {
+	source := "registry://" + slug + "/stable"
+	if len(args) > 1 {
 		source = args[1]
 	}
 	if flagAllDomains {

cmd/serve.go

@@ -22,7 +22,6 @@ import (
 
 var flagAllowRoot bool
 var flagAppdirs []string
-var flagDisableCSP bool
 var flagDevMode bool
 
 // serveCmd represents the serve command
@@ -59,13 +58,6 @@ example), you can use the --appdir flag like this:
 			config.BuildMode = config.ModeDev
 		}
 
-		if flagDisableCSP {
-			if !config.IsDevRelease() {
-				return errors.New("Using --disable-csp is allowed only for development")
-			}
-			config.GetConfig().CSPDisabled = true
-		}
-
 		var apps map[string]string
 		if len(flagAppdirs) > 0 {
 			apps = make(map[string]string)
@@ -218,7 +210,8 @@ func init() {
 	flags.BoolVar(&flagAllowRoot, "allow-root", false, "Allow to start as root (disabled by default)")
 	flags.StringSliceVar(&flagAppdirs, "appdir", nil, "Mount a directory as the 'app' application")
 
-	flags.BoolVar(&flagDisableCSP, "disable-csp", false, "Disable the Content Security Policy (only available for development)")
+	flags.Bool("disable-csp", false, "Disable the Content Security Policy (only available for development)")
+	checkNoErr(viper.BindPFlag("disable_csp", flags.Lookup("disable-csp")))
 
 	flags.String("csp-whitelist", "", "Whitelisted domains for the default allowed origins of the Content Secury Policy")
 	checkNoErr(viper.BindPFlag("csp_whitelist", flags.Lookup("csp-whitelist")))

cozy.example.yaml

@@ -224,6 +224,9 @@ csp_whitelist:
   # style:  https://whitelisted.domain.com/
   # font:   https://whitelisted.domain.com/
 
+# It can useful to disable the CSP policy to debug and test things in local
+# disable_csp: true
+
 log:
   # logger level (debug, info, warning, panic, fatal) - flags: --log-level
   level: info

docs/cli/cozy-stack_apps_install.md

@@ -14,7 +14,7 @@ cozy-stack apps install [slug] [sourceurl] [flags]
 ### Examples
 
 ```
-$ cozy-stack apps install --domain cozy.tools:8080 drive 'git://github.com/cozy/cozy-drive.git#latest-drive'
+$ cozy-stack apps install --domain cozy.tools:8080 drive registry://drive/stable
 ```
 
 ### Options

docs/cli/cozy-stack_instances_add.md

@@ -26,20 +26,21 @@ $ cozy-stack instances add --dev --passphrase cozy --apps drive,photos,settings
 ### Options
 
 ```
-      --apps strings          Apps to be preinstalled
-      --context-name string   Context name of the instance
-      --dev                   To create a development instance
-      --disk-quota string     The quota allowed to the instance's VFS
-      --email string          The email of the owner
-  -h, --help                  help for add
-      --locale string         Locale of the new cozy instance (default "en")
-      --passphrase string     Register the instance with this passphrase (useful for tests)
-      --public-name string    The public name of the owner
-      --settings string       A list of settings (eg context:foo,offer:premium)
-      --swift-cluster int     Specify a cluster number for swift
-      --tos string            The TOS version signed
-      --tz string             The timezone for the user
-      --uuid string           The UUID of the instance
+      --apps strings             Apps to be preinstalled
+      --context-name string      Context name of the instance
+      --dev                      To create a development instance
+      --disk-quota string        The quota allowed to the instance's VFS
+      --domain-aliases strings   Specify one or more aliases domain for the instance (separated by ',')
+      --email string             The email of the owner
+  -h, --help                     help for add
+      --locale string            Locale of the new cozy instance (default "en")
+      --passphrase string        Register the instance with this passphrase (useful for tests)
+      --public-name string       The public name of the owner
+      --settings string          A list of settings (eg context:foo,offer:premium)
+      --swift-cluster int        Specify a cluster number for swift
+      --tos string               The TOS version signed
+      --tz string                The timezone for the user
+      --uuid string              The UUID of the instance
 ```
 
 ### Options inherited from parent commands

docs/cli/cozy-stack_instances_modify.md

@@ -16,19 +16,20 @@ cozy-stack instances modify [domain] [flags]
 ### Options
 
 ```
-      --context-name string   New context name
-      --disk-quota string     Specify a new disk quota
-      --email string          New email
-  -h, --help                  help for modify
-      --locale string         New locale (default "en")
-      --onboarding-finished   Force the finishing of the onboarding
-      --public-name string    New public name
-      --settings string       New list of settings (eg offer:premium)
-      --swift-cluster int     New swift cluster
-      --tos string            Update the TOS version signed
-      --tos-latest string     Update the latest TOS version
-      --tz string             New timezone
-      --uuid string           New UUID
+      --context-name string      New context name
+      --disk-quota string        Specify a new disk quota
+      --domain-aliases strings   Specify one or more aliases domain for the instance (separated by ',')
+      --email string             New email
+  -h, --help                     help for modify
+      --locale string            New locale (default "en")
+      --onboarding-finished      Force the finishing of the onboarding
+      --public-name string       New public name
+      --settings string          New list of settings (eg offer:premium)
+      --swift-cluster int        New swift cluster
+      --tos string               Update the TOS version signed
+      --tos-latest string        Update the latest TOS version
+      --tz string                New timezone
+      --uuid string              New UUID
 ```
 
 ### Options inherited from parent commands

docs/cli/cozy-stack_instances_update.md

@@ -16,10 +16,12 @@ cozy-stack instances update [slugs...] [flags]
 ### Options
 
 ```
-      --all-domains      Work on all domains iterativelly
-      --domain string    Specify the domain name of the instance
-      --force-registry   Force to update all applications sources from git to the registry
-  -h, --help             help for update
+      --all-domains           Work on all domains iterativelly
+      --context-name string   Work only on the instances with the given context name
+      --domain string         Specify the domain name of the instance
+      --force-registry        Force to update all applications sources from git to the registry
+  -h, --help                  help for update
+      --only-registry         Only update applications installed from the registry
 ```
 
 ### Options inherited from parent commands

docs/cli/cozy-stack_konnectors_install.md

@@ -15,7 +15,7 @@ cozy-stack konnectors install [slug] [sourceurl] [flags]
 ### Examples
 
 ```
-$ cozy-stack konnectors install --domain cozy.tools:8080 trainline 'git://github.com/cozy/cozy-konnector-trainline.git#build'
+$ cozy-stack konnectors install --domain cozy.tools:8080 trainline registry://trainline/stable
 ```
 
 ### Options

pkg/config/config.go

@@ -629,6 +629,10 @@ func UseViper(v *viper.Viper) error {
 		CSPWhitelist: v.GetStringMapString("csp_whitelist"),
 	}
 
+	if IsDevRelease() && v.GetBool("disable_csp") {
+		config.CSPDisabled = true
+	}
+
 	return logger.Init(config.Logger)
 }
 

pkg/consts/consts.go

@@ -109,15 +109,3 @@ const (
 	// InstanceSettingsID is the id of settings document for the instance
 	InstanceSettingsID = "io.cozy.settings.instance"
 )
-
-// AppsRegistry is an hard-coded list of known apps, with their source URLs
-// TODO remove it when we will have a true registry
-var AppsRegistry = map[string]string{
-	"onboarding": "git://github.com/cozy/cozy-onboarding-v3.git#latest",
-	"drive":      "git://github.com/cozy/cozy-drive.git#latest-drive",
-	"photos":     "git://github.com/cozy/cozy-drive.git#latest-photos",
-	"settings":   "git://github.com/cozy/cozy-settings.git#latest",
-	"collect":    "git://github.com/cozy/cozy-collect.git#latest",
-	"banks":      "git://github.com/cozy/cozy-banks.git#latest",
-	"contacts":   "git://github.com/cozy/cozy-contacts.git#latest",
-}

pkg/instance/instance.go

@@ -517,10 +517,7 @@ func (i *Instance) OnboardedRedirection() *url.URL {
 }
 
 func (i *Instance) installApp(slug string) error {
-	source, ok := consts.AppsRegistry[slug]
-	if !ok {
-		return errors.New("Unknown app")
-	}
+	source := "registry://" + slug + "/stable"
 	inst, err := apps.NewInstaller(i, i.AppsCopier(apps.Webapp), &apps.InstallerOptions{
 		Operation: apps.Install,
 		Type:      apps.Webapp,