merge

CHANGELOG

@@ -0,0 +1,4 @@
+v1.2.5 - Beginning of CHANGELOG
+	* has semi-functional launchpad
+	* OAuth3 with issuer-rewrite merged in
+	* capabilities API

LICENSE

@@ -1,3 +1,41 @@
-Copyright 2017 Daplie Inc.
+Copyright 2017 Daplie, Inc
 
-All Rights Reserved
+This is open source software; you can redistribute it and/or modify it under the
+terms of either:
+
+   a) the "MIT License"
+   b) the "Apache-2.0 License"
+
+MIT License
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in all
+   copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+Apache-2.0 License Summary
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

README.md

@@ -53,6 +53,10 @@ Installation
 
 We're still in a stage where the installation generally requires many manual steps.
 
+``bash
+curl https://git.daplie.com/Daplie/walnut.js/raw/v1.2/installer/get.sh | bash
+```
+
 See [INSTALL.md](/INSTALL.md)
 
 Usage

dist/etc/systemd/system/walnut.service

@@ -19,15 +19,15 @@ StartLimitBurst=3
 
 # User and group the process will run as
 # (www-data is the de facto standard on most systems)
-User=www-data
-Group=www-data
+User=MY_USER
+Group=MY_GROUP
 
 # If we need to pass environment variables in the future
 ; Environment=GOLDILOCKS_PATH=/opt/walnut
 
 # Set a sane working directory, sane flags, and specify how to reload the config file
-WorkingDirectory=/srv/www
-ExecStart=/opt/walnut/bin/node /srv/walnut/core/bin/walnut.js --config=/etc/walnut/walnut.yml
+WorkingDirectory=/opt/walnut
+ExecStart=/opt/walnut/bin/node /opt/walnut/core/bin/walnut.js --config=/etc/walnut/walnut.yml
 ExecReload=/bin/kill -USR1 $MAINPID
 
 # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
@@ -46,7 +46,7 @@ ProtectSystem=full
 # … except TLS/SSL, ACME, and Let's Encrypt certificates
 #   and /var/log/, because we want a place where logs can go.
 #   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
-ReadWriteDirectories=/etc/walnut /var/log/walnut /var/walnut /opt/walnut /srv/www
+ReadWriteDirectories=/etc/walnut /var/log/walnut /var/walnut /opt/walnut /srv/walnut
 
 # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
 ; ReadWritePaths=/etc/walnut /var/log/walnut

dist/etc/tmpfiles.d/walnut.conf

@@ -2,11 +2,11 @@
 # See https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
 
 # Type Path           Mode UID      GID      Age Argument
-d /etc/walnut          0755 www-data www-data -   -
-d /etc/ssl/walnut      0750 www-data www-data -   -
-d /srv/walnut          0775 www-data www-data -   -
-d /srv/www             0775 www-data www-data -   -
-d /opt/walnut          0775 www-data www-data -   -
-d /var/walnut          0775 www-data www-data -   -
-d /var/log/walnut      0750 www-data www-data -   -
+#d /etc/walnut          0755 www-data www-data -   -
+#d /etc/ssl/walnut      0750 www-data www-data -   -
+#d /srv/walnut          0775 www-data www-data -   -
+#d /srv/www             0775 www-data www-data -   -
+#d /opt/walnut          0775 www-data www-data -   -
+#d /var/walnut          0775 www-data www-data -   -
+#d /var/log/walnut      0750 www-data www-data -   -
 #d /run/walnut          0755 www-data www-data -   -

install-helper.sh

@@ -1,301 +0,0 @@
-#!/bin/bash
-
-set -e
-set -u
-
-# something or other about android and tmux using PREFIX
-#: "${PREFIX:=''}"
-MY_ROOT=""
-if [ -z "${PREFIX-}" ]; then
-  MY_ROOT=""
-else
-  MY_ROOT="$PREFIX"
-fi
-# Not every platform has or needs sudo, gotta save them O(1)s...
-sudo_cmd=""
-((EUID)) && [[ -z "${ANDROID_ROOT-}" ]] && sudo_cmd="sudo"
-
-###############################
-#                             #
-#         http_get            #
-# boilerplate for curl / wget #
-#                             #
-###############################
-
-# See https://git.daplie.com/Daplie/daplie-snippets/blob/master/bash/http-get.sh
-
-http_curl_opts="-fsSL"
-http_wget_opts="--quiet"
-
-http_bin=""
-http_opts=""
-http_out=""
-
-detect_http_bin()
-{
-  if type -p curl >/dev/null 2>&1; then
-    http_bin="curl"
-    http_opts="$http_curl_opts"
-    http_out="-o"
-    #curl -fsSL "$url" -o "$PREFIX/tmp/$pkg"
-  elif type -p wget >/dev/null 2>&1; then
-    http_bin="wget"
-    http_opts="$http_wget_opts"
-    http_out="-O"
-    #wget --quiet "$url" -O "$PREFIX/tmp/$pkg"
-  else
-    echo "Aborted, could not find curl or wget"
-    return 7
-  fi
-}
-
-http_get()
-{
-  if [ -e "$1" ]; then
-    rsync -a "$1" "$2"
-  elif type -p curl >/dev/null 2>&1; then
-    $http_bin $http_curl_opts $http_out "$2" "$1"
-  elif type -p wget >/dev/null 2>&1; then
-    $http_bin $http_wget_opts $http_out "$2" "$1"
-  else
-    echo "Aborted, could not find curl or wget"
-    return 7
-  fi
-}
-
-dap_dl()
-{
-  http_get "$1" "$2"
-}
-
-dap_dl_bash()
-{
-  dap_url=$1
-  #dap_args=$2
-  rm -rf /tmp/dap-tmp-runner.sh
-  $http_bin $http_opts $http_out /tmp/dap-tmp-runner.sh "$dap_url"; bash /tmp/dap-tmp-runner.sh; rm /tmp/dap-tmp-runner.sh
-}
-
-detect_http_bin
-
-## END HTTP_GET ##
-
-
-mvdir_backward_compat()
-{
-  old_dir=$1
-  new_dir=$2
-  # The symlink has already been set up, so no need to do anything.
-  if [ -L $old_dir ] && [ $(readlink $old_dir) == "$new_dir" ]; then
-    return 0
-  fi
-
-  if [ -d $old_dir ]; then
-    if [ $(ls $old_dir | wc -l) -gt 0 ]; then
-      mv ${old_dir}/* ${new_dir}/
-    fi
-    rm -r ${old_dir}
-    #rmdir ${old_dir}
-  fi
-
-  ln -snf $new_dir $old_dir
-}
-
-###################
-#                 #
-# Install service #
-#                 #
-###################
-
-install_for_systemd()
-{
-  echo ""
-  echo "Installing as systemd service"
-  echo ""
-  mkdir -p $(dirname "$my_app_dir/$my_app_systemd_service")
-  dap_dl "$installer_base/$my_app_systemd_service" "$my_app_dir/$my_app_systemd_service"
-  $sudo_cmd mv "$my_app_dir/$my_app_systemd_service" "$MY_ROOT/$my_app_systemd_service"
-  $sudo_cmd chown -R root:root "$MY_ROOT/$my_app_systemd_service"
-  $sudo_cmd chmod 644 "$MY_ROOT/$my_app_systemd_service"
-
-  mkdir -p $(dirname "$my_app_dir/$my_app_systemd_tmpfiles")
-  dap_dl "$installer_base/$my_app_systemd_tmpfiles" "$my_app_dir/$my_app_systemd_tmpfiles"
-  $sudo_cmd mv "$my_app_dir/$my_app_systemd_tmpfiles" "$MY_ROOT/$my_app_systemd_tmpfiles"
-  $sudo_cmd chown -R root:root "$MY_ROOT/$my_app_systemd_tmpfiles"
-  $sudo_cmd chmod 644 "$MY_ROOT/$my_app_systemd_tmpfiles"
-
-  $sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null
-  $sudo_cmd systemctl daemon-reload
-  $sudo_cmd systemctl start "${my_app_name}.service"
-  $sudo_cmd systemctl enable "${my_app_name}.service"
-
-  echo "$my_app_name started with systemctl, check its status like so"
-  echo "  $sudo_cmd systemctl status $my_app_name"
-  echo "  $sudo_cmd journalctl -xe -u $my_app_name"
-}
-
-install_for_launchd()
-{
-  echo ""
-  echo "Installing as launchd service"
-  echo ""
-  # See http://www.launchd.info/
-  mkdir -p $(dirname "$my_app_dir/$my_app_launchd_service")
-  dap_dl "$installer_base/$my_app_launchd_service" "$my_app_dir/$my_app_launchd_service"
-  $sudo_cmd mv "$my_app_dir/$my_app_launchd_service" "$MY_ROOT/$my_app_launchd_service"
-  $sudo_cmd chown root:wheel "$MY_ROOT/$my_app_launchd_service"
-  $sudo_cmd chmod 0644 "$MY_ROOT/$my_app_launchd_service"
-  $sudo_cmd launchctl unload -w "$MY_ROOT/$my_app_launchd_service" >/dev/null 2>/dev/null
-  $sudo_cmd launchctl load -w "$MY_ROOT/$my_app_launchd_service"
-
-  echo "$my_app_name started with launchd"
-}
-
-install_etc_config()
-{
-  #echo "install etc config $MY_ROOT / $my_app_etc_config"
-  if [ ! -e "$MY_ROOT/$my_app_etc_config" ]; then
-    $sudo_cmd mkdir -p $(dirname "$MY_ROOT/$my_app_etc_config")
-    mkdir -p $(dirname "$my_app_dir/$my_app_etc_config")
-    dap_dl "$installer_base/$my_app_etc_config" "$my_app_dir/$my_app_etc_config"
-    $sudo_cmd mv "$my_app_dir/$my_app_etc_config" "$MY_ROOT/$my_app_etc_config"
-  fi
-
-  $sudo_cmd chown -R www-data:www-data $(dirname "$MY_ROOT/$my_app_etc_config") || true
-  $sudo_cmd chown -R _www:_www $(dirname "$MY_ROOT/$my_app_etc_config") || true
-  $sudo_cmd chmod 775 $(dirname "$MY_ROOT/$my_app_etc_config")
-  $sudo_cmd chmod 664 "$MY_ROOT/$my_app_etc_config"
-}
-
-install_service()
-{
-  install_etc_config
-  #echo "install service"
-
-  installable=""
-  if [ -d "$MY_ROOT/etc/systemd/system" ]; then
-    install_for_systemd
-    installable="true"
-  fi
-  if [ -d "/Library/LaunchDaemons" ]; then
-    install_for_launchd
-    installable="true"
-  fi
-  if [ -z "$installable" ]; then
-    echo ""
-    echo "Unknown system service init type. You must install as a system service manually."
-    echo '(please file a bug with the output of "uname -a")'
-    echo ""
-  fi
-  echo ""
-}
-
-## END SERVICE_INSTALL ##
-
-# Create dirs, set perms
-create_skeleton()
-{
-  $sudo_cmd mkdir -p /srv/www
-  $sudo_cmd mkdir -p /var/log/$my_app_name
-  $sudo_cmd mkdir -p /etc/$my_app_name
-  $sudo_cmd mkdir -p /var/$my_app_name
-  $sudo_cmd mkdir -p /srv/$my_app_name
-  $sudo_cmd mkdir -p /opt/$my_app_name
-}
-
-# Unistall
-install_uninstaller()
-{
-  #echo "install uninstaller"
-  dap_dl "https://git.daplie.com/Daplie/walnut.js/raw/master/uninstall.sh" "./walnut-uninstall"
-  $sudo_cmd chmod 755 "./walnut-uninstall"
-  $sudo_cmd chown root:root "./walnut-uninstall"
-  $sudo_cmd mv "./walnut-uninstall" "/usr/local/bin/uninstall-walnut"
-}
-
-
-# Dependencies
-export NODE_PATH=/opt/walnut/lib/node_modules
-export NPM_CONFIG_PREFIX=/opt/walnut
-$sudo_cmd mkdir -p $NODE_PATH
-$sudo_cmd chown -R $(whoami) /opt/walnut
-dap_dl_bash "https://git.daplie.com/coolaj86/node-install-script/raw/master/setup-min.sh"
-
-# Install
-# npm install -g 'git+https://git@git.daplie.com/Daplie/walnut.js.git#v1'
-
-my_app_name=walnut
-my_app_pkg_name=com.daplie.walnut.web
-my_app_dir=$(mktemp -d)
-#installer_base="https://git.daplie.com/Daplie/walnut.js/raw/master/dist"
-#installer_base="$( dirname "${BASH_SOURCE[0]}" )/dist"
-installer_base="/srv/walnut/core/dist"
-
-my_app_etc_config="etc/${my_app_name}/${my_app_name}.yml"
-my_app_systemd_service="etc/systemd/system/${my_app_name}.service"
-my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf"
-my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist"
-
-# Install
-install_my_app()
-{
-  # This function shouldn't need to use $sudo_cmd because it is called immediately after
-  # /srv/walnut is chown-ed and we only mess with things in that directory.
-
-  #git clone git@git.daplie.com:Daplie/walnut.js.git
-  #git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core
-  mkdir -p /srv/walnut/{core,lib,var,etc,config,node_modules}
-  rm -rf /srv/walnut/core/node_modules
-  ln -sf ../node_modules /srv/walnut/core/node_modules
-  mkdir -p /srv/walnut/var/sites
-  mkdir -p /srv/walnut/etc/org.oauth3.consumer
-  mkdir -p /srv/walnut/etc/client-api-grants
-  mkdir -p /srv/walnut/packages/{rest,api,pages,services}
-
-  # backwards compat
-  mvdir_backward_compat /srv/walnut/packages/client-api-grants /srv/walnut/etc/client-api-grants
-  mvdir_backward_compat /srv/walnut/packages/sites /srv/walnut/var/sites
-
-
-  if [ ! -d "/srv/walnut/core/lib/walnut@daplie.com/setup" ]; then
-    git clone https://git.daplie.com/Daplie/walnut_launchpad.git /srv/walnut/core/lib/walnut@daplie.com/setup
-  fi
-
-  pushd /srv/walnut/core/lib/walnut@daplie.com/setup
-    if [ ! -d "./.git/" ]; then
-      echo "'/srv/walnut/core/lib/walnut@daplie.com/setup' exists but is not a git repository... not sure what to do here..."
-    fi
-    git checkout v1.2
-    git pull
-  popd
-
-  pushd /srv/walnut/core
-    export NODE_PATH=/opt/walnut/lib/node_modules
-    export NPM_CONFIG_PREFIX=/opt/walnut
-    /opt/walnut/bin/npm install
-  popd
-}
-
-$sudo_cmd mkdir -p /srv/walnut
-$sudo_cmd chown -R $(whoami) /srv/walnut
-
-install_my_app
-create_skeleton
-install_uninstaller
-install_service
-
-$sudo_cmd chown -R www-data:www-data /opt/walnut || true
-$sudo_cmd chown -R _www:_www /opt/walnut || true
-$sudo_cmd chown -R www-data:www-data /srv/walnut || true
-$sudo_cmd chown -R _www:_www /srv/walnut || true
-$sudo_cmd chmod -R ug+rwX /srv/walnut
-$sudo_cmd chmod -R ug+rwX /opt/walnut
-# +s sets the setuid/setgid bit, which when set on directories makes it so anything
-# created inside the directory maintains the same user/group (depending on the bits
-# set). Any directory created within a directory with those bits set will also have
-# those bits set. When setuid or setgid bits are set on a file however it means that
-# if the file is executed it will run with the permissions of the user/group no matter
-# who actually runs it (see the ping executable for example).
-# I'm not sure that all systems actually support the use of these bits.
-find /srv/walnut -type d -exec $sudo_cmd chmod ug+s {} \; || true
-find /opt/walnut -type d -exec $sudo_cmd chmod ug+s {} \; || true

install.sh

@@ -1,122 +0,0 @@
-#!/bin/bash
-
-# Not every platform has or needs sudo, gotta save them O(1)s...
-sudo_cmd=""
-((EUID)) && [[ -z "$ANDROID_ROOT" ]] && sudo_cmd="sudo"
-
-set -e
-set -u
-
-###############################
-#                             #
-# boilerplate for curl / wget #
-#                             #
-###############################
-
-http_get=""
-http_opts=""
-http_out=""
-
-detect_http_get()
-{
-  if type -p curl >/dev/null 2>&1; then
-    http_get="curl"
-    http_opts="-fsSL"
-    http_out="-o"
-    #curl -fsSL "$caddy_url" -o "$PREFIX/tmp/$caddy_pkg"
-  elif type -p wget >/dev/null 2>&1; then
-    http_get="wget"
-    http_opts="--quiet"
-    http_out="-O"
-    #wget --quiet "$caddy_url" -O "$PREFIX/tmp/$caddy_pkg"
-  else
-    echo "Aborted, could not find curl or wget"
-    return 7
-  fi
-}
-
-dap_dl()
-{
-  $http_get $http_opts $http_out "$2" "$1"
-}
-
-dap_dl_bash()
-{
-  dap_url=$1
-  #dap_args=$2
-  rm -rf dap-tmp-runner.sh
-  $http_get $http_opts $http_out dap-tmp-runner.sh "$dap_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh
-}
-
-detect_http_get
-
-###############################
-#                             #
-# actual script continues...  #
-#                             #
-###############################
-
-install_walnut()
-{
-  $sudo_cmd mkdir -p /srv/walnut/{var,etc,packages,node_modules}
-  # www-data exists on linux, _www exists on mac OS
-  $sudo_cmd chown -R $(whoami):www-data /srv/walnut || $sudo_cmd chown -R $(whoami):_www /srv/walnut
-  if [ ! -d "/srv/walnut/core/" ]; then
-    git clone https://git.daplie.com/Daplie/walnut.js.git /srv/walnut/core
-  fi
-  pushd /srv/walnut/core
-    if [ ! -d "./.git/" ]; then
-      echo "'/srv/walnut/core' exists but is not a git repository... not sure what to do here..."
-    fi
-    git checkout v1.2
-    git pull
-  popd
-  rm -rf /srv/walnut/core/node_modules
-  ln -sf ../node_modules /srv/walnut/core/node_modules
-  /srv/walnut/core/install-helper.sh /srv/walnut
-  # Now that the install is finished we need to set the owner to the user that will actually
-  # be running the walnut server.
-  $sudo_cmd chown -R www-data:www-data /srv/walnut || $sudo_cmd chown -R _www:_www /srv/walnut
-}
-
-# Install node
-echo "----Installing Nodejs and NPM----"
-echo "v8.9.0" > /tmp/NODEJS_VER
-dap_dl https://git.coolaj86.com/coolaj86/node-installer.sh/raw/master/install.sh ./node-installer.sh
-bash ./node-installer.sh --dev-deps
-npm install -g npm@4
-
-# Install goldilocks
-echo "----Installing goldilocks.js----"
-daplie-install-goldilocks
-
-echo "----Installing walnut.js----"
-#$sudo_cmd mkdir -p /opt/goldilocks/{lib,bin,etc}
-#export NODE_PATH=/opt/walnut/lib/node_modules
-#export NPM_CONFIG_PREFIX=/opt/walnut
-old_PATH=$PATH
-export PATH=/opt/walnut/bin:$PATH
-
-# Install walnut
-install_walnut
-
-# Install bower, some systems may be missing it, and it is a dependency
-/opt/walnut/bin/npm install -g bower
-touch /.bowerrc
-echo '{ "allow_root": true }' > /.bowerrc
-
-# Restore PATH to original value
-export PATH=$old_PATH
-
-echo ""
-echo "You must have some set of domain set up to properly use goldilocks+walnut:"
-echo ""
-echo "  example.com"
-echo "  www.example.com"
-echo "  api.example.com"
-echo "  assets.example.com"
-echo "  cloud.example.com"
-echo "  api.cloud.example.com"
-echo ""
-echo "Check the WALNUT README.md for more info and how to set up /etc/goldilocks/goldilocks.yml"
-echo ""

installer/get.sh

@@ -0,0 +1,20 @@
+set -e
+set -u
+
+my_name=walnut
+# TODO provide an option to supply my_ver and my_tmp
+my_ver=master
+my_tmp=$(mktemp -d)
+
+mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
+git clone https://git.daplie.com/Daplie/walnut.js.git $my_tmp/opt/$my_name/core
+
+echo "Installing to $my_tmp (will be moved after install)"
+pushd $my_tmp/opt/$my_name/core
+  git checkout $my_ver
+  source ./installer/install.sh
+popd
+
+echo "Installation successful, now cleaning up $my_tmp ..."
+rm -rf $my_tmp
+echo "Done"

installer/http-get.sh

@@ -0,0 +1,48 @@
+###############################
+#                             #
+#         http_get            #
+# boilerplate for curl / wget #
+#                             #
+###############################
+
+# See https://git.daplie.com/Daplie/daplie-snippets/blob/master/bash/http-get.sh
+
+_h_http_get=""
+_h_http_opts=""
+_h_http_out=""
+
+detect_http_get()
+{
+  set +e
+  if type -p curl >/dev/null 2>&1; then
+    _h_http_get="curl"
+    _h_http_opts="-fsSL"
+    _h_http_out="-o"
+  elif type -p wget >/dev/null 2>&1; then
+    _h_http_get="wget"
+    _h_http_opts="--quiet"
+    _h_http_out="-O"
+  else
+    echo "Aborted, could not find curl or wget"
+    return 7
+  fi
+  set -e
+}
+
+http_get()
+{
+  $_h_http_get $_h_http_opts $_h_http_out "$2" "$1"
+  touch "$2"
+}
+
+http_bash()
+{
+  _http_url=$1
+  #dap_args=$2
+  rm -rf dap-tmp-runner.sh
+  $_h_http_get $_h_http_opts $_h_http_out dap-tmp-runner.sh "$_http_url"; bash dap-tmp-runner.sh; rm dap-tmp-runner.sh
+}
+
+detect_http_get
+
+## END HTTP_GET ##

installer/install-for-launchd.sh

@@ -0,0 +1,17 @@
+set -u
+
+my_app_launchd_service="Library/LaunchDaemons/${my_app_pkg_name}.plist"
+
+echo ""
+echo "Installing as launchd service"
+echo ""
+
+# See http://www.launchd.info/
+safe_copy_config "$my_app_dist/$my_app_launchd_service" "$my_root/$my_app_launchd_service"
+
+$sudo_cmd chown root:wheel "$my_root/$my_app_launchd_service"
+
+$sudo_cmd launchctl unload -w "$my_root/$my_app_launchd_service" >/dev/null 2>/dev/null
+$sudo_cmd launchctl load -w "$my_root/$my_app_launchd_service"
+
+echo "$my_app_name started with launchd"

installer/install-for-systemd.sh

@@ -0,0 +1,28 @@
+set -u
+
+my_app_systemd_service="etc/systemd/system/${my_app_name}.service"
+my_app_systemd_tmpfiles="etc/tmpfiles.d/${my_app_name}.conf"
+
+echo ""
+echo "Installing as systemd service"
+echo ""
+
+sed "s/MY_USER/$my_user/g" "$my_app_dist/$my_app_systemd_service" > "$my_app_dist/$my_app_systemd_service.2"
+sed "s/MY_GROUP/$my_group/g" "$my_app_dist/$my_app_systemd_service.2" > "$my_app_dist/$my_app_systemd_service"
+rm "$my_app_dist/$my_app_systemd_service.2"
+safe_copy_config "$my_app_dist/$my_app_systemd_service" "$my_root/$my_app_systemd_service"
+safe_copy_config "$my_app_dist/$my_app_systemd_tmpfiles" "$my_root/$my_app_systemd_tmpfiles"
+
+$sudo_cmd systemctl stop "${my_app_name}.service" >/dev/null 2>/dev/null || true
+$sudo_cmd systemctl daemon-reload
+$sudo_cmd systemctl start "${my_app_name}.service"
+$sudo_cmd systemctl enable "${my_app_name}.service"
+
+echo ""
+echo "Fun systemd commands to remember:"
+echo "  $sudo_cmd systemctl daemon-reload"
+echo "  $sudo_cmd systemctl restart $my_app_name.service"
+echo ""
+echo "$my_app_name started with systemctl, check its status like so:"
+echo "  $sudo_cmd systemctl status $my_app_name"
+echo "  $sudo_cmd journalctl -xe -u $my_app_name"

installer/install-system-service.sh

@@ -0,0 +1,37 @@
+safe_copy_config()
+{
+  src=$1
+  dst=$2
+  $sudo_cmd mkdir -p $(dirname "$dst")
+  if [ -f "$dst" ]; then
+    $sudo_cmd rsync -a "$src" "$dst.latest"
+    # TODO edit config file with $my_user and $my_group
+    if [ "$(cat $dst)" == "$(cat $dst.latest)" ]; then
+      $sudo_cmd rm $dst.latest
+    else
+      echo "MANUAL INTERVENTION REQUIRED: check the systemd script update and manually decide what you want to do"
+      echo "diff $dst $dst.latest"
+      $sudo_cmd chown -R root:root "$dst.latest"
+    fi
+  else
+    $sudo_cmd rsync -a --ignore-existing "$src" "$dst"
+  fi
+  $sudo_cmd chown -R root:root "$dst"
+  $sudo_cmd chmod 644 "$dst"
+}
+
+installable=""
+if [ -d "$my_root/etc/systemd/system" ]; then
+  source ./installer/install-for-systemd.sh
+  installable="true"
+fi
+if [ -d "/Library/LaunchDaemons" ]; then
+  source ./installer/install-for-launchd.sh
+  installable="true"
+fi
+if [ -z "$installable" ]; then
+  echo ""
+  echo "Unknown system service init type. You must install as a system service manually."
+  echo '(please file a bug with the output of "uname -a")'
+  echo ""
+fi

installer/install.sh

@@ -0,0 +1,193 @@
+#!/bin/bash
+
+set -e
+set -u
+
+### IMPORTANT ###
+###  VERSION  ###
+my_name=walnut
+my_app_pkg_name=com.daplie.walnut.web
+#my_app_ver="v1.1"
+my_app_ver="installer-v2"
+my_azp_oauth3_ver="v1.2"
+export NODE_VERSION="v8.9.0"
+
+if [ -z "${my_tmp-}" ]; then
+  my_tmp="$(mktemp -d)"
+  mkdir -p $my_tmp/opt/$my_name/lib/node_modules/$my_name
+  echo "Installing to $my_tmp (will be moved after install)"
+  git clone ./ $my_tmp/opt/$my_name/lib/node_modules/$my_name
+  pushd $my_tmp/opt/$my_name/lib/node_modules/$my_name
+fi
+
+#################
+
+### IMPORTANT ###
+###  VERSION  ###
+#my_app_ver="v1.1"
+my_app_ver="installer-v2"
+my_launchpad_ver="v1.2"
+my_azp_oauth3_ver="v1.1.3"
+my_iss_oauth3_rest_ver="v1.2.0"
+my_iss_oauth3_pages_ver="v1.2.1"
+my_www_daplie_ver=v1.0.15
+export NODE_VERSION="v8.9.0"
+#################
+export NODE_PATH=$my_tmp/opt/$my_app_name/lib/node_modules
+export PATH=$my_tmp/opt/$my_app_name/bin/:$PATH
+export NPM_CONFIG_PREFIX=$my_tmp/opt/$my_app_name
+my_npm="$NPM_CONFIG_PREFIX/bin/npm"
+#################
+
+
+
+# TODO un-hardcode core at al
+#my_app_dist=$my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name/dist
+my_app_dist=$my_tmp/opt/$my_app_name/core/dist
+installer_base="https://git.daplie.com/Daplie/goldilocks.js/raw/$my_app_ver"
+
+# Backwards compat
+# some scripts still use the old names
+my_app_dir=$my_tmp
+my_app_name=$my_name
+
+
+
+git checkout $my_app_ver
+
+mkdir -p $my_tmp/{etc,opt,srv,var}/$my_app_name
+mkdir -p "$my_tmp/var/log/$my_app_name"
+mkdir -p "$my_tmp/opt/$my_app_name"/{bin,config,core,etc,lib,node_modules,var}
+ln -s ../core/bin/$my_app_name.js $my_tmp/opt/$my_app_name/bin/$my_app_name
+ln -s ../core/bin/$my_app_name.js $my_tmp/opt/$my_app_name/bin/$my_app_name.js
+#ln -s ../lib/node_modules/$my_app_name/bin/$my_app_name.js $my_tmp/opt/$my_app_name/bin/$my_app_name
+#ln -s ../lib/node_modules/$my_app_name/bin/$my_app_name.js $my_tmp/opt/$my_app_name/bin/$my_app_name.js
+mkdir -p "$my_tmp/opt/$my_app_name"/packages/{api,pages,rest,services}
+mkdir -p "$my_tmp/opt/$my_app_name"/etc/client-api-grants
+# TODO move packages and sites to /srv, grants to /etc
+ln -s ../etc/client-api-grants "$my_tmp/opt/$my_app_name"/packages/client-api-grants
+mkdir -p "$my_tmp/opt/$my_app_name"/var/sites
+ln -s ../var/sites "$my_tmp/opt/$my_app_name"/packages/sites
+mkdir -p "$my_tmp/etc/$my_app_name"
+chmod 775 "$my_tmp/etc/$my_app_name"
+cat "$my_app_dist/etc/$my_app_name/$my_app_name.example.yml" > "$my_tmp/etc/$my_app_name/$my_app_name.example.yml"
+chmod 664 "$my_tmp/etc/$my_app_name/$my_app_name.example.yml"
+mkdir -p $my_tmp/var/log/$my_app_name
+
+
+
+#
+# Helpers
+#
+source ./installer/sudo-cmd.sh
+source ./installer/http-get.sh
+
+
+
+#
+# Dependencies
+#
+echo $NODE_VERSION > /tmp/NODEJS_VER
+# This will read the NODE_* and PATH variables set previously, as well as /tmp/NODEJS_VER
+http_bash "https://git.coolaj86.com/coolaj86/node-installer.sh/raw/v1.1/install.sh"
+$my_npm install -g npm@4
+$my_npm install -g bower
+touch $my_tmp/opt/$my_app_name/.bowerrc
+echo '{ "allow_root": true }' > $my_tmp/opt/$my_app_name/.bowerrc
+
+#pushd $my_tmp/opt/$my_app_name/lib/node_modules/$my_app_name
+pushd $my_tmp/opt/$my_app_name/core
+  mkdir -p ../node_modules
+  ln -s ../node_modules node_modules
+  $my_npm install
+popd
+
+git clone https://git.daplie.com/Daplie/walnut_launchpad.git $my_tmp/opt/$my_app_name/core/lib/walnut@daplie.com/setup
+pushd $my_tmp/opt/$my_app_name/core/lib/walnut@daplie.com/setup
+  git pull
+  git checkout $my_launchpad_ver
+
+  git clone https://git.daplie.com/OAuth3/oauth3.js.git ./assets/oauth3.org
+  pushd assets/oauth3.org
+    git checkout $my_azp_oauth3_ver
+  popd
+popd
+
+pushd $my_tmp/opt/$my_app_name/packages
+  git clone https://git.daplie.com/OAuth3/issuer_oauth3.org.git rest/issuer@oauth3.org
+  pushd rest/issuer@oauth3.org/
+      git checkout $my_iss_oauth3_rest_ver
+      $my_npm install
+  popd
+
+  git clone https://git.daplie.com/OAuth3/org.oauth3.git pages/issuer@oauth3.org
+  pushd pages/issuer@oauth3.org
+    git checkout $my_iss_oauth3_pages_ver
+    bash ./install.sh
+
+    pushd ./assets/oauth3.org
+      git checkout $my_azp_oauth3_ver
+    popd
+  popd
+
+  git clone https://git.daplie.com/Daplie/walnut_rest_www_daplie.com.git rest/www@daplie.com
+  pushd rest/www@daplie.com
+    git checkout $my_www_daplie_ver
+    $my_npm install
+  popd
+popd
+
+
+
+#
+# System Service
+#
+source ./installer/my-root.sh
+echo "Pre-installation to $my_tmp complete, now installing to $my_root/ ..."
+set +e
+if type -p tree >/dev/null 2>/dev/null; then
+  #tree -I "node_modules|include|share" $my_tmp
+  tree -L 6 -I "include|share|npm" $my_tmp
+else
+  ls $my_tmp
+fi
+set -e
+
+source ./installer/my-user-my-group.sh
+echo "User $my_user Group $my_group"
+
+$sudo_cmd chown -R $my_user:$my_group $my_tmp
+$sudo_cmd chmod 0755 $my_tmp
+rsync -a --ignore-existing $my_tmp/ $my_root/
+rsync -a --ignore-existing $my_app_dist/etc/$my_app_name/$my_app_name.yml $my_root/etc/$my_app_name/$my_app_name.yml
+source ./installer/install-system-service.sh
+
+# Change to admin perms
+$sudo_cmd chown -R $my_user:$my_group $my_root/opt/$my_app_name
+$sudo_cmd chown -R $my_user:$my_group $my_root/var/www $my_root/srv/www
+
+# make sure the files are all read/write for the owner and group, and then set
+# the setuid and setgid bits so that any files/directories created inside these
+# directories have the same owner and group.
+$sudo_cmd chmod -R ug+rwX $my_root/opt/$my_app_name
+find $my_root/opt/$my_app_name -type d -exec $sudo_cmd chmod ug+s {} \;
+
+
+
+echo ""
+echo "You must have some set of domain set up to properly use goldilocks+walnut:"
+echo ""
+echo "  example.com"
+echo "  www.example.com"
+echo "  api.example.com"
+echo "  assets.example.com"
+echo "  cloud.example.com"
+echo "  api.cloud.example.com"
+echo ""
+echo "Check the WALNUT README.md for more info and how to set up /etc/goldilocks/goldilocks.yml"
+echo ""
+echo "Unistall: rm -rf /srv/walnut/ /var/walnut/ /etc/walnut/ /opt/walnut/ /var/log/walnut/ /etc/systemd/system/walnut.service"
+
+
+
+rm -rf $my_tmp

installer/my-root.sh

@@ -0,0 +1,8 @@
+# something or other about android and tmux using PREFIX
+#: "${PREFIX:=''}"
+my_root=""
+if [ -z "${PREFIX-}" ]; then
+  my_root=""
+else
+  my_root="$PREFIX"
+fi

installer/my-user-my-group.sh

@@ -0,0 +1,19 @@
+if type -p adduser >/dev/null 2>/dev/null; then
+  if [ -z "$(cat $my_root/etc/passwd | grep $my_app_name)" ]; then
+    $sudo_cmd adduser --home $my_root/opt/$my_app_name --gecos '' --disabled-password $my_app_name
+  fi
+  my_user=$my_app_name
+  my_group=$my_app_name
+elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
+  # Linux (Ubuntu)
+  my_user=www-data
+  my_group=www-data
+elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
+  # Mac
+  my_user=_www
+  my_group=_www
+else
+  # Unsure
+  my_user=$(whoami)
+  my_group=$(id -g -n)
+fi

installer/sudo-cmd.sh

@@ -0,0 +1,7 @@
+# Not every platform has or needs sudo, gotta save them O(1)s...
+sudo_cmd=""
+set +e
+if type -p sudo >/dev/null 2>/dev/null; then
+  ((EUID)) && [[ -z "${ANDROID_ROOT-}" ]] && sudo_cmd="sudo"
+fi
+set -e

package.json

@@ -1,6 +1,6 @@
 {
   "name": "walnut",
-  "version": "0.1.0",
+  "version": "1.2.5",
   "description": "zero-config home cloud server",
   "main": "walnut.js",
   "scripts": {
@@ -34,7 +34,7 @@
     "public"
   ],
   "author": "AJ ONeal <aj@daplie.com> (https://daplie.com)",
-  "license": "Apache2",
+  "license": "(MIT or Apache2)",
   "bugs": {
     "url": "https://github.com/Daplie/walnut/issues"
   },
@@ -69,7 +69,6 @@
     "serve-static": "1.x",
     "sqlite3-cluster": "git+https://git.daplie.com/coolaj86/sqlite3-cluster.git#v2",
     "stripe": "^4.22.0",
-    "twilio": "1.x",
-    "ursa": "^0.9.1"
+    "twilio": "1.x"
   }
 }