UNFR/postauto
1
0
Fork 0
Code Activity

protection contre les erreurs curl http/2 (pour les gens qui ne metten pas à jour leur machine)

Browse Source
This commit is contained in:
unfr
2025-08-14 19:39:07 +02:00
parent 8abff0fb6c
commit 61ef28108d
2 changed files with 195 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

274
update.sh
View File

@@ -26,41 +26,47 @@ die() { err "$*"; exit 1; }
install_bin(){ install -m 755 "$1" "$2"; }
# ========= Downloader (curl→wget fallback) =========
download() {
local url="$1" out="$2"
[ -z "$url" ] || [ -z "$out" ] && { echo "download: usage: download <url> <outfile>" >&2; return 2; }
mkdir -p -- "$(dirname -- "$out")"
local tmp="${out}.dl.$$"
local curl_opts=(--fail --silent --show-error --location --retry 5 --retry-all-errors --retry-delay 2 --connect-timeout 15)
local wget_opts=(--quiet --https-only --tries=5 --waitretry=2 --retry-connrefused)
if command -v curl >/dev/null 2>&1; then
if curl --http1.1 -4 "${curl_opts[@]}" -o "$tmp" "$url"; then mv -f -- "$tmp" "$out"; return 0; fi
if env -u http_proxy -u https_proxy -u all_proxy \
curl --http1.1 -4 "${curl_opts[@]}" -o "$tmp" "$url"; then mv -f -- "$tmp" "$out"; return 0; fi
if curl --http1.1 "${curl_opts[@]}" -o "$tmp" "$url"; then mv -f -- "$tmp" "$out"; return 0; fi
fi
if command -v wget >/dev/null 2>&1; then
if wget --inet4-only "${wget_opts[@]}" -O "$tmp" "$url"; then mv -f -- "$tmp" "$out"; return 0; fi
if wget "${wget_opts[@]}" -O "$tmp" "$url"; then mv -f -- "$tmp" "$out"; return 0; fi
fi
rm -f -- "$tmp" 2>/dev/null || true
return 1
}
# --- lire une clé JS (ligne "clé: valeur") sans exécuter ---
parse_js_raw() {
local key="$1"
sed -n -E "s/^[[:space:]]*['\"]?${key}['\"]?[[:space:]]*:[[:space:]]*(.*)$/\1/p" "$CFG_JS" \
| head -n1 | sed -E "s/[[:space:]]*(,)?[[:space:]]*$//"
| head -n1 | sed -E "s/[[:space:]]*(,)?[[:space:]]*$//"
}
# --- normaliser une valeur JS simple: enlève guillemets, garde nombres, laisse path.join tel quel ---
# --- normaliser une valeur JS simple ---
# - supprime les commentaires inline " // ... "
# - supprime la virgule terminale
# - trim espaces
# - retire guillemets si présents
normalize_js_value() {
local raw="$1"
# retire commentaire inline: seulement si précédé d'un espace (évite "https://")
raw="$(printf '%s' "$raw" | sed -E 's@[[:space:]]//.*$@@')"
# retire virgule en fin de champ et espaces résiduels
raw="$(printf '%s' "$raw" | sed -E 's/,[[:space:]]*$//')"
raw="$(printf '%s' "$raw" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')"
# retire guillemets simples/doubles
if [[ "$raw" =~ ^\"(.*)\"$ ]]; then
printf '%s\n' "${BASH_REMATCH[1]}"; return
fi
if [[ "$raw" =~ ^\'(.*)\'$ ]]; then
printf '%s\n' "${BASH_REMATCH[1]}"; return
fi
raw="$(printf '%s' "$raw" | sed -E 's@[[:space:]]//.*$@@')" # retire commentaire inline
raw="$(printf '%s' "$raw" | sed -E 's/,[[:space:]]*$//')" # retire virgule
raw="$(printf '%s' "$raw" | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')" # trim
if [[ "$raw" =~ ^\"(.*)\"$ ]]; then printf '%s\n' "${BASH_REMATCH[1]}"; return; fi
if [[ "$raw" =~ ^\'(.*)\'$ ]]; then printf '%s\n' "${BASH_REMATCH[1]}"; return; fi
printf '%s\n' "$raw"
}
# placeholders à refuser (vides, “Voir…”, “CHANGEME…”, etc.)
is_placeholder() {
local v="$1"
@@ -72,14 +78,12 @@ is_placeholder() {
# entier (>=0)
is_int() { [[ "$1" =~ ^[0-9]+$ ]]; }
# booléen JS (true/false), avec ou sans guillemets
# booléen JS (true/false)
is_bool_literal() {
local v="$(echo "$1" | tr '[:upper:]' '[:lower:]')"
[[ "$v" == "true" || "$v" == "false" ]]
}
# ────────── Paths ──────────
BIN_DIR="$HOME/bin"
AUTOPOST_DIR="$HOME/autopost"
@@ -110,17 +114,17 @@ FILES["$AUTOPOST_DIR/views/autopost.html"]="https://tig.unfr.pw/UNFR/postauto/ra
log "Vérification/MAJ des fichiers…"
for LOCAL in "${!FILES[@]}"; do
URL="${FILES[$LOCAL]}"
TMP="$TMP_DIR/$(basename "$LOCAL").dl"
curl -fsSL "$URL" -o "$TMP" || die "Téléchargement échoué: $URL"
TMPF="$TMP_DIR/$(basename "$LOCAL").dl"
download "$URL" "$TMPF" || die "Téléchargement échoué: $URL"
if [ ! -f "$LOCAL" ] || ! cmp -s "$LOCAL" "$TMP"; then
cp -f "$LOCAL" "$LOCAL.bak" 2>/dev/null || true
case "$LOCAL" in
*postauto|*.sh) install_bin "$TMP" "$LOCAL" ;;
*) install -m 644 "$TMP" "$LOCAL" ;;
esac
ok "Mise à jour: $LOCAL"
updated=1
if [ ! -f "$LOCAL" ] || ! cmp -s "$LOCAL" "$TMPF"; then
cp -f "$LOCAL" "$LOCAL.bak" 2>/dev/null || true
case "$LOCAL" in
*postauto|*.sh) install_bin "$TMPF" "$LOCAL" ;;
*) install -m 644 "$TMPF" "$LOCAL" ;;
esac
ok "Mise à jour: $LOCAL"
updated=1
fi
done
@@ -146,10 +150,10 @@ _autopost_completion() {
opts="start stop restart show status createdb add log check update"
if [ $COMP_CWORD -eq 1 ]; then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") ); return 0
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") ); return 0
fi
if [ $COMP_CWORD -eq 2 ] && [ "${COMP_WORDS[1]}" = "add" ]; then
COMPREPLY=( $(compgen -f -- "${cur}") ); return 0
COMPREPLY=( $(compgen -f -- "${cur}") ); return 0
fi
}
complete -F _autopost_completion postauto
@@ -159,9 +163,8 @@ EOF
if [ ! -s "$COMP_FILE" ] || ! cmp -s <(printf "%s" "$COMPLETION_CODE") "$COMP_FILE"; then
printf "%s" "$COMPLETION_CODE" > "$COMP_FILE"
ok "Completion installée: $COMP_FILE"
# hook .bashrc si pas déjà présent
grep -q '\.bash_completion.d/postauto' "$BASHRC_FILE" 2>/dev/null || \
echo '[ -f "$HOME/.bash_completion.d/postauto" ] && . "$HOME/.bash_completion.d/postauto"' >> "$BASHRC_FILE"
echo '[ -f "$HOME/.bash_completion.d/postauto" ] && . "$HOME/.bash_completion.d/postauto"' >> "$BASHRC_FILE"
updated=1
fi
@@ -171,8 +174,8 @@ ensure_cmd(){ command -v "$1" >/dev/null 2>&1; }
if ! ensure_cmd 7z; then
log "Installation 7z…"
pushd "$TMP_DIR" >/dev/null
wget -q -o /dev/null -O 7z.tar.xz "https://7-zip.org/a/7z2409-linux-x64.tar.xz"
tar -xJf 7z.tar.xz
download "https://7-zip.org/a/7z2409-linux-x64.tar.xz" "$TMP_DIR/7z.tar.xz" || die "Téléchargement 7z"
tar -xJf "$TMP_DIR/7z.tar.xz"
ZBIN="$(find . -maxdepth 1 -type f -name '7zz*' -perm -u+x | head -n1)"
[ -n "$ZBIN" ] || die "Binaire 7z introuvable"
install_bin "$ZBIN" "$BIN_DIR/7z"
@@ -182,8 +185,9 @@ fi
if ! ensure_cmd BDInfo; then
log "Installation BDInfo…"
pushd "$TMP_DIR" >/dev/null
wget -q -o /dev/null -O bdinfo.zip "https://github.com/dotnetcorecorner/BDInfo/releases/download/linux-2.0.6/bdinfo_linux_v2.0.6.zip"
unzip -q bdinfo.zip
download "https://github.com/dotnetcorecorner/BDInfo/releases/download/linux-2.0.6/bdinfo_linux_v2.0.6.zip" "$TMP_DIR/bdinfo.zip" \
|| die "Téléchargement BDInfo"
unzip -q "$TMP_DIR/bdinfo.zip"
BDBIN="$(find . -type f -name BDInfo -perm -u+x | head -n1)"
[ -n "$BDBIN" ] || die "BDInfo introuvable"
install_bin "$BDBIN" "$BIN_DIR/BDInfo"
@@ -193,8 +197,9 @@ fi
if ! ensure_cmd BDInfoDataSubstractor; then
log "Installation BDInfoDataSubstractor…"
pushd "$TMP_DIR" >/dev/null
wget -q -o /dev/null -O substractor.zip "https://github.com/dotnetcorecorner/BDInfo/releases/download/linux-2.0.6/bdinfodatasubstractor_linux_v2.0.6.zip"
unzip -q substractor.zip
download "https://github.com/dotnetcorecorner/BDInfo/releases/download/linux-2.0.6/bdinfodatasubstractor_linux_v2.0.6.zip" "$TMP_DIR/substractor.zip" \
|| die "Téléchargement BDInfoDataSubstractor"
unzip -q "$TMP_DIR/substractor.zip"
SBBIN="$(find . -type f -name BDInfoDataSubstractor -perm -u+x | head -n1)"
[ -n "$SBBIN" ] || die "BDInfoDataSubstractor introuvable"
install_bin "$SBBIN" "$BIN_DIR/BDInfoDataSubstractor"
@@ -219,92 +224,81 @@ fi
popd >/dev/null
# ────────── VALIDATION conf.sh (sans exécuter) ──────────
# --- conf.sh : validation déclarative ---
check_conf() {
local file="$CONF_SH"
[[ -f "$file" ]] || { err "Manquant: $file"; errors=$((errors+1)); return; }
log "Validation déclarative de $file"
# Parse simple NAME=VALUE (ignore commentaires / 'export')
declare -A V=()
while IFS= read -r line; do
[[ "$line" =~ ^[[:space:]]*# ]] && continue
[[ "$line" =~ ^[[:space:]]*$ ]] && continue
line="${line#export }"
if [[ "$line" =~ ^[[:space:]]*([A-Za-z_][A-Za-z0-9_]*)[[:space:]]*=(.*)$ ]]; then
name="${BASH_REMATCH[1]}"
val="${BASH_REMATCH[2]}"
val="${val%%#*}"; val="${val%%;*}"
val="$(echo -n "$val" | sed -E "s/^[[:space:]]*['\"]?//; s/['\"]?[[:space:]]*$//")"
V["$name"]="$val"
fi
[[ "$line" =~ ^[[:space:]]*# ]] && continue
[[ "$line" =~ ^[[:space:]]*$ ]] && continue
line="${line#export }"
if [[ "$line" =~ ^[[:space:]]*([A-Za-z_][A-Za-z0-9_]*)[[:space:]]*=(.*)$ ]]; then
name="${BASH_REMATCH[1]}"
val="${BASH_REMATCH[2]}"
val="${val%%#*}"; val="${val%%;*}"
val="$(echo -n "$val" | sed -E "s/^[[:space:]]*['\"]?//; s/['\"]?[[:space:]]*$//")"
V["$name"]="$val"
fi
done < "$file"
# Requis généraux (non-placeholder)
for k in URL_API APIKEY DOSSIER_GLOBAL DOSSIER_NFO DOSSIER_LOGS DOSSIER_NZB_ATTENTE DOSSIER_NZB_FINAL MOVE_CMD MYSQL_TABLE dbtype; do
v="${V[$k]:-}"
if is_placeholder "$v"; then
err "conf.sh: '$k' non renseigné"; errors=$((errors+1))
fi
v="${V[$k]:-}"
if is_placeholder "$v"; then
err "conf.sh: '$k' non renseigné"; errors=$((errors+1))
fi
done
# MOVE_CMD valeurs autorisées
case "${V[MOVE_CMD]:-}" in
"cp -rl"|"cp -rs"|"ln -s"|"mv"|"cp") : ;;
*)
err "conf.sh: MOVE_CMD invalide ('${V[MOVE_CMD]:-}'), attendus: cp -rl|cp -rs|ln -s|mv|cp"
errors=$((errors+1))
;;
"cp -rl"|"cp -rs"|"ln -s"|"mv"|"cp") : ;;
*)
err "conf.sh: MOVE_CMD invalide ('${V[MOVE_CMD]:-}'), attendus: cp -rl|cp -rs|ln -s|mv|cp"
errors=$((errors+1))
;;
esac
# Fournisseur Usenet : non-vides + numériques où nécessaire
for k in NG_HOST NG_USER NG_PASS; do
if is_placeholder "${V[$k]:-}"; then
err "conf.sh: '$k' non renseigné"; errors=$((errors+1))
fi
if is_placeholder "${V[$k]:-}"; then
err "conf.sh: '$k' non renseigné"; errors=$((errors+1))
fi
done
if ! [[ "${V[NG_PORT]:-}" =~ ^[0-9]+$ ]]; then
err "conf.sh: NG_PORT doit être numérique"; errors=$((errors+1))
err "conf.sh: NG_PORT doit être numérique"; errors=$((errors+1))
fi
if ! [[ "${V[NG_NBR_CONN]:-}" =~ ^[0-9]+$ ]]; then
err "conf.sh: NG_NBR_CONN doit être numérique"; errors=$((errors+1))
err "conf.sh: NG_NBR_CONN doit être numérique"; errors=$((errors+1))
fi
# DB : règles conditionnelles (déclarations seulement)
case "${V[dbtype]:-}" in
sqlite)
if is_placeholder "${V[DB_FILE]:-}"; then
err "conf.sh: DB_FILE requis en mode sqlite"; errors=$((errors+1))
fi
;;
mysql)
for k in MYSQL_HOST MYSQL_USER MYSQL_PASS MYSQL_DB; do
if is_placeholder "${V[$k]:-}"; then
err "conf.sh: '$k' requis en mode mysql"; errors=$((errors+1))
fi
done
if ! [[ "${V[MYSQL_PORT]:-}" =~ ^[0-9]+$ ]]; then
err "conf.sh: MYSQL_PORT doit être numérique"; errors=$((errors+1))
fi
;;
*)
err "conf.sh: dbtype doit être 'sqlite' ou 'mysql' (actuel='${V[dbtype]:-}')"
errors=$((errors+1))
;;
sqlite)
if is_placeholder "${V[DB_FILE]:-}"; then
err "conf.sh: DB_FILE requis en mode sqlite"; errors=$((errors+1))
fi
;;
mysql)
for k in MYSQL_HOST MYSQL_USER MYSQL_PASS MYSQL_DB; do
if is_placeholder "${V[$k]:-}"; then
err "conf.sh: '$k' requis en mode mysql"; errors=$((errors+1))
fi
done
if ! [[ "${V[MYSQL_PORT]:-}" =~ ^[0-9]+$ ]]; then
err "conf.sh: MYSQL_PORT doit être numérique"; errors=$((errors+1))
fi
;;
*)
err "conf.sh: dbtype doit être 'sqlite' ou 'mysql' (actuel='${V[dbtype]:-}')"
errors=$((errors+1))
;;
esac
}
check_conf "$CONF_SH"
# ────────── VALIDATION config.js (avec Node) ──────────
# --- config.js : validation déclarative (sans exécuter du JS) ---
validate_config_js() {
[[ -f "$CFG_JS" ]] || { err "Manquant: $CFG_JS"; errors=$((errors+1)); return; }
log "Validation déclarative de $CFG_JS"
# valeurs principales
local dbtype port name secret table
dbtype="$(normalize_js_value "$(parse_js_raw dbtype)")"
port="$(normalize_js_value "$(parse_js_raw port)")"
@@ -312,77 +306,71 @@ validate_config_js() {
secret="$(normalize_js_value "$(parse_js_raw sessionSecret)")"
table="$(normalize_js_value "$(parse_js_raw DB_TABLE)")"
# checks minimaux
if ! is_int "$port" || (( port < 1 || port > 65535 )); then
err "config.js: 'port' invalide ($port)"; errors=$((errors+1))
err "config.js: 'port' invalide ($port)"; errors=$((errors+1))
fi
if is_placeholder "$name"; then err "config.js: 'name' non renseigné"; errors=$((errors+1)); fi
if is_placeholder "$secret"; then err "config.js: 'sessionSecret' non renseigné"; errors=$((errors+1)); fi
if is_placeholder "$table"; then err "config.js: 'DB_TABLE' non renseigné"; errors=$((errors+1)); fi
# dossiers : déclaration non vide (pas de test FS)
for key in finishdirectory logdirectory infodirectory; do
val="$(normalize_js_value "$(parse_js_raw "$key")")"
if is_placeholder "$val"; then
err "config.js: '$key' non renseigné"; errors=$((errors+1))
fi
val="$(normalize_js_value "$(parse_js_raw "$key")")"
if is_placeholder "$val"; then
err "config.js: '$key' non renseigné"; errors=$((errors+1))
fi
done
# trustProxy / cookieSecure / sessionStorePath
local tp cs ssp
tp="$(normalize_js_value "$(parse_js_raw trustProxy)")"
cs="$(normalize_js_value "$(parse_js_raw cookieSecure)")"
ssp="$(normalize_js_value "$(parse_js_raw sessionStorePath)")"
if is_placeholder "$tp"; then
err "config.js: 'trustProxy' non renseigné"; errors=$((errors+1))
err "config.js: 'trustProxy' non renseigné"; errors=$((errors+1))
else
if is_int "$tp"; then
if (( tp < 0 )); then
err "config.js: 'trustProxy' doit être >= 0 (valeur=$tp)"; errors=$((errors+1))
fi
else
# chaîne non vide acceptée (ex: "loopback,uniquelocal")
:
fi
if is_int "$tp"; then
if (( tp < 0 )); then
err "config.js: 'trustProxy' doit être >= 0 (valeur=$tp)"; errors=$((errors+1))
fi
fi
fi
if ! is_bool_literal "$cs"; then
err "config.js: 'cookieSecure' doit être true ou false (valeur='$cs')"; errors=$((errors+1))
err "config.js: 'cookieSecure' doit être true ou false (valeur='$cs')"; errors=$((errors+1))
fi
if is_placeholder "$ssp"; then
err "config.js: 'sessionStorePath' non renseigné"; errors=$((errors+1))
err "config.js: 'sessionStorePath' non renseigné"; errors=$((errors+1))
fi
# règles DB (déclarations uniquement)
case "$dbtype" in
sqlite)
val="$(normalize_js_value "$(parse_js_raw dbFile)")"
if is_placeholder "$val"; then
err "config.js: 'dbFile' requis (sqlite)"; errors=$((errors+1))
fi
;;
mysql)
local H P U PW DB
H="$(normalize_js_value "$(parse_js_raw DB_HOST)")"
P="$(normalize_js_value "$(parse_js_raw DB_PORT)")"
U="$(normalize_js_value "$(parse_js_raw DB_USER)")"
PW="$(normalize_js_value "$(parse_js_raw DB_PASSWORD)")"
DB="$(normalize_js_value "$(parse_js_raw DB_DATABASE)")"
if is_placeholder "$H"; then err "config.js: 'DB_HOST' requis (mysql)"; errors=$((errors+1)); fi
if ! is_int "$P"; then err "config.js: 'DB_PORT' entier requis (mysql)"; errors=$((errors+1)); fi
if is_placeholder "$U"; then err "config.js: 'DB_USER' requis (mysql)"; errors=$((errors+1)); fi
if is_placeholder "$PW"; then err "config.js: 'DB_PASSWORD' requis (mysql)"; errors=$((errors+1)); fi
if is_placeholder "$DB"; then err "config.js: 'DB_DATABASE' requis (mysql)"; errors=$((errors+1)); fi
;;
*)
err "config.js: 'dbtype' doit être 'sqlite' ou 'mysql' (actuel='$dbtype')"
errors=$((errors+1))
;;
sqlite)
val="$(normalize_js_value "$(parse_js_raw dbFile)")"
if is_placeholder "$val"; then
err "config.js: 'dbFile' requis (sqlite)"; errors=$((errors+1))
fi
;;
mysql)
local H P U PW DB
H="$(normalize_js_value "$(parse_js_raw DB_HOST)")"
P="$(normalize_js_value "$(parse_js_raw DB_PORT)")"
U="$(normalize_js_value "$(parse_js_raw DB_USER)")"
PW="$(normalize_js_value "$(parse_js_raw DB_PASSWORD)")"
DB="$(normalize_js_value "$(parse_js_raw DB_DATABASE)")"
if is_placeholder "$H"; then err "config.js: 'DB_HOST' requis (mysql)"; errors=$((errors+1)); fi
if ! is_int "$P"; then err "config.js: 'DB_PORT' entier requis (mysql)"; errors=$((errors+1)); fi
if is_placeholder "$U"; then err "config.js: 'DB_USER' requis (mysql)"; errors=$((errors+1)); fi
if is_placeholder "$PW"; then err "config.js: 'DB_PASSWORD' requis (mysql)"; errors=$((errors+1)); fi
if is_placeholder "$DB"; then err "config.js: 'DB_DATABASE' requis (mysql)"; errors=$((errors+1)); fi
;;
*)
err "config.js: 'dbtype' doit être 'sqlite' ou 'mysql' (actuel='$dbtype')"
errors=$((errors+1))
;;
esac
}
check_conf "$CONF_SH"
validate_config_js
# ────────── Résumé & exit codes ──────────