diff options
| -rw-r--r-- | Docker/README.md | 14 | ||||
| -rw-r--r-- | app/Controllers/statsController.php | 1 | ||||
| -rw-r--r-- | app/FreshRSS.php | 8 | ||||
| -rw-r--r-- | app/Models/SystemConfiguration.php | 1 | ||||
| -rw-r--r-- | app/install.php | 8 | ||||
| -rw-r--r-- | app/layout/header.phtml | 8 | ||||
| -rw-r--r-- | app/layout/simple.phtml | 8 | ||||
| -rw-r--r-- | cli/README.md | 6 | ||||
| -rwxr-xr-x | cli/do-install.php | 8 | ||||
| -rw-r--r-- | config.default.php | 8 | ||||
| -rw-r--r-- | data/.gitignore | 3 | ||||
| -rw-r--r-- | docs/en/admins/03_Installation.md | 5 | ||||
| -rw-r--r-- | lib/Minz/ActionController.php | 24 |
13 files changed, 94 insertions, 8 deletions
diff --git a/Docker/README.md b/Docker/README.md index 6ff62d250..cb59c65ec 100644 --- a/Docker/README.md +++ b/Docker/README.md @@ -205,6 +205,16 @@ In the FreshRSS setup, you will then specify the name of the container (`freshrs ## More deployment options +### Provide default global settings + +An optional configuration file can be mounted to `/var/www/FreshRSS/data/config.custom.php` to provide custom settings before the FreshRSS setup, +on the model of [`config.default.php`](../config.default.php). + +### Provide default user settings + +An optional configuration file can be mounted to `/var/www/FreshRSS/data/config-user.default.php` to provide custom user settings before a user is created, +on the model of [`config-user.default.php`](../config-user.default.php). + ### Custom Apache configuration (advanced users) The FreshRSS Docker image uses the [Web server Apache](https://httpd.apache.org/) internally. @@ -294,6 +304,10 @@ services: volumes: - data:/var/www/FreshRSS/data - extensions:/var/www/FreshRSS/extensions + # Optional file providing custom global settings (used before a FreshRSS install) + - ./config.custom.php:/var/www/FreshRSS/data/config.custom.php + # Optional file providing custom user settings (used before a new user is created) + - ./config-user.custom.php:/var/www/FreshRSS/data/config-user.custom.php ports: # If you want to open a port 8080 on the local machine: - "8080:80" diff --git a/app/Controllers/statsController.php b/app/Controllers/statsController.php index be29bfac4..1798ee3cf 100644 --- a/app/Controllers/statsController.php +++ b/app/Controllers/statsController.php @@ -17,6 +17,7 @@ class FreshRSS_stats_Controller extends FreshRSS_ActionController { $this->_csp([ 'default-src' => "'self'", + 'img-src' => '* data:', 'style-src' => "'self' 'unsafe-inline'", ]); diff --git a/app/FreshRSS.php b/app/FreshRSS.php index dc5ed0999..602c46658 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -32,6 +32,14 @@ class FreshRSS extends Minz_FrontController { die($message); } + if (FreshRSS_Context::$system_conf->logo_html != '') { + // Relax Content Security Policy to allow external images if a custom logo HTML is used + Minz_ActionController::_defaultCsp([ + 'default-src' => "'self'", + 'img-src' => '* data:', + ]); + } + // Load list of extensions and enable the "system" ones. Minz_ExtensionManager::init(); diff --git a/app/Models/SystemConfiguration.php b/app/Models/SystemConfiguration.php index 3170a4180..ec5960c0e 100644 --- a/app/Models/SystemConfiguration.php +++ b/app/Models/SystemConfiguration.php @@ -17,6 +17,7 @@ * @property-read string $http_auth_auto_register_email_field * @property-read string $language * @property array<string,int> $limits + * @property-read string $logo_html * @property-read string $meta_description * @property-read bool $pubsubhubbub_enabled * @property-read string $salt diff --git a/app/install.php b/app/install.php index 9186404c1..b0363efbc 100644 --- a/app/install.php +++ b/app/install.php @@ -145,6 +145,14 @@ function saveStep2() { $config_array['auth_type'] = Minz_Session::param('auth_type'); } + $customConfigPath = DATA_PATH . '/config.custom.php'; + if (file_exists($customConfigPath)) { + $customConfig = include($customConfigPath); + if (is_array($customConfig)) { + $config_array = array_merge($customConfig, $config_array); + } + } + @unlink(DATA_PATH . '/config.php'); //To avoid access-rights problems file_put_contents(DATA_PATH . '/config.php', "<?php\n return " . var_export($config_array, true) . ";\n"); diff --git a/app/layout/header.phtml b/app/layout/header.phtml index b5a9b662c..94a83894e 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -1,7 +1,13 @@ <header class="header"> <div class="item title"> <a href="<?= _url('index', 'index') ?>"> - <img class="logo" src="<?= _i('FreshRSS-logo', true) ?>" alt="" /> + <?php if (FreshRSS_Context::$system_conf->logo_html == '') { ?> + <img class="logo" src="<?= _i('FreshRSS-logo', true) ?>" alt="FreshRSS" /> + <?php + } else { + echo FreshRSS_Context::$system_conf->logo_html; + } + ?> </a> </div> diff --git a/app/layout/simple.phtml b/app/layout/simple.phtml index 1858c3fed..b4d3530bc 100644 --- a/app/layout/simple.phtml +++ b/app/layout/simple.phtml @@ -30,7 +30,13 @@ <div class="header"> <div class="item title"> <a href="<?= _url('index', 'index') ?>"> - <img class="logo" src="<?= _i('FreshRSS-logo', true) ?>" alt="" /> + <?php if (FreshRSS_Context::$system_conf->logo_html == '') { ?> + <img class="logo" src="<?= _i('FreshRSS-logo', true) ?>" alt="FreshRSS" /> + <?php + } else { + echo FreshRSS_Context::$system_conf->logo_html; + } + ?> </a> </div> diff --git a/cli/README.md b/cli/README.md index 1f5c3a549..284f675d4 100644 --- a/cli/README.md +++ b/cli/README.md @@ -49,6 +49,8 @@ cd /usr/share/FreshRSS # Same parameters as for do-install.php. Used to update an existing installation. ``` +> ℹ️ More options for [the configuration of your instance](../config.default.php#L3-L5) may be set in `./data/config.custom.php` before the install process, or in `./data/config.php` after the install process. + ### User ```sh @@ -59,7 +61,11 @@ cd /usr/share/FreshRSS ./cli/update-user.php --user username [ ... ] # Same options as create-user.php, except --no_default_feeds which is only available for create-user.php +``` +> ℹ️ More options for [the configuration of users](../config-user.default.php#L3-L5) may be set in `./data/config-user.custom.php` prior to creating new users, or in `./data/users/*/config.php` for existing users. + +```sh ./cli/actualize-user.php --user username # Fetch feeds for the specified user diff --git a/cli/do-install.php b/cli/do-install.php index 296b2bd31..db1af8ea5 100755 --- a/cli/do-install.php +++ b/cli/do-install.php @@ -46,6 +46,14 @@ $config = array( 'db' => FreshRSS_Context::$system_conf->db, ); +$customConfigPath = DATA_PATH . '/config.custom.php'; +if (file_exists($customConfigPath)) { + $customConfig = include($customConfigPath); + if (is_array($customConfig)) { + $config = array_merge($customConfig, $config); + } +} + foreach ($params as $param) { $param = rtrim($param, ':'); if (isset($options[$param])) { diff --git a/config.default.php b/config.default.php index 1b12834d0..6b024db6d 100644 --- a/config.default.php +++ b/config.default.php @@ -1,7 +1,8 @@ <?php # Do not modify this file, which defines default values, -# but edit `./data/config.php` instead, after the install process is completed. +# but instead edit `./data/config.php` after the install process is completed, +# or edit `./data/config.custom.php` before the install process. return array( # Set to `development` to get additional error messages, @@ -30,6 +31,11 @@ return array( # Meta description used when `allow_robots` is true. 'meta_description' => '', + # Override logo of this FreshRSS instance in the Web user interface. + # It is rendered inside an <a>...</a> element and must be valid HTML or text. + # Example: '<img class="logo" src="https://example.net/Hello.png" alt="Logo Example" /> Hello' + 'logo_html' => '', + # Name of the user that has administration rights. 'default_user' => '_', diff --git a/data/.gitignore b/data/.gitignore index 2c13b7111..41c3ebd0e 100644 --- a/data/.gitignore +++ b/data/.gitignore @@ -1,7 +1,8 @@ .htpasswd +config-user.custom.php +config.custom.php config.php config.php.bak.php -config-user.custom.php force-https.txt last_update.txt no-cache.txt diff --git a/docs/en/admins/03_Installation.md b/docs/en/admins/03_Installation.md index a77054a27..884e088de 100644 --- a/docs/en/admins/03_Installation.md +++ b/docs/en/admins/03_Installation.md @@ -16,7 +16,10 @@ Before you begin, make sure that you’ve read the [prerequisites](02_Prerequisi 6. Using your supported web browser of choice, navigate to the address you’ve installed your server to complete the installation from the GUI.[^3] -7. You can then customize [the configuration of your instance](https://github.com/FreshRSS/FreshRSS/blob/edge/config.default.php#L3-L4), [the default configuration for new users](https://github.com/FreshRSS/FreshRSS/blob/edge/config-user.default.php#L3-L5) or [the default set of feeds for new users](https://github.com/FreshRSS/FreshRSS/blob/edge/opml.default.xml#L2-L5). +7. In configuration files, you can customize advanced settings: + * [the configuration of your instance](https://github.com/FreshRSS/FreshRSS/blob/edge/config.default.php#L3-L5) in `./data/config.custom.php` before the install process, or in `./data/config.php` after the install process; + * [the default configuration for new users](https://github.com/FreshRSS/FreshRSS/blob/edge/config-user.default.php#L3-L5) in `./data/config-user.custom.php`, or in `./data/users/*/config.php` for existing users; + * [the default set of feeds for new users](https://github.com/FreshRSS/FreshRSS/blob/edge/opml.default.xml#L2-L5) in `./data/opml.xml`. --- diff --git a/lib/Minz/ActionController.php b/lib/Minz/ActionController.php index 1d29d4c20..08ef2a051 100644 --- a/lib/Minz/ActionController.php +++ b/lib/Minz/ActionController.php @@ -8,15 +8,22 @@ * The Minz_ActionController class is a controller in the MVC paradigm */ class Minz_ActionController { - protected $view; - private $csp_policies = array( + + /** @var array<string,string> */ + private static $csp_default = [ 'default-src' => "'self'", - ); + ]; + + /** @var array<string,string> */ + private $csp_policies; + + protected $view; // Gives the possibility to override the default View type. public static $viewType = 'Minz_View'; public function __construct () { + $this->csp_policies = self::$csp_default; if (class_exists(self::$viewType)) { $this->view = new self::$viewType(); } else { @@ -35,6 +42,17 @@ class Minz_ActionController { } /** + * Set default CSP policies. + * @param array<string,string> $policies An array where keys are directives and values are sources. + */ + public static function _defaultCsp($policies) { + if (!isset($policies['default-src'])) { + Minz_Log::warning('Default CSP policy is not declared', ADMIN_LOG); + } + self::$csp_default = $policies; + } + + /** * Set CSP policies. * * A default-src directive should always be given. |