From 1ed361820324f1e523a18a1ba3b1e087002aa974 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Mon, 13 Mar 2023 17:28:57 +0100
Subject: [PATCH] fix: append to local.json instead of overwriting it

local.json is automatically generated and can change due to updates,
to prevent breaking changes, only append the necssary config
using a custom entrypoint.
---
 abra.sh            |  2 +-
 compose.jwt.yml    |  1 +
 compose.yml        | 13 ++++++-----
 entrypoint.sh.tmpl | 37 +++++++++++++++++++++++++++++++
 local.json.tmpl    | 55 ----------------------------------------------
 5 files changed, 47 insertions(+), 61 deletions(-)
 create mode 100644 entrypoint.sh.tmpl
 delete mode 100644 local.json.tmpl

diff --git a/abra.sh b/abra.sh
index dd23d60..d5f5d47 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,4 +1,4 @@
-export LOCAL_JSON_VERSION=v1
+export ENTRYPOINT_VERSION=v1
 
 prepare_shutdown () {
   documentserver-prepare4shutdown.sh    
diff --git a/compose.jwt.yml b/compose.jwt.yml
index 2ff8c2e..c9ec631 100644
--- a/compose.jwt.yml
+++ b/compose.jwt.yml
@@ -5,6 +5,7 @@ services:
       - JWT_ENABLED=true
       - JWT_HEADER=Authorization
       - JWT_IN_BODY=true
+      - JWT_SECRET_FILE=/run/secrets/jwt_secret
     secrets:
       - jwt_secret
 
diff --git a/compose.yml b/compose.yml
index f67e15b..de25fb7 100644
--- a/compose.yml
+++ b/compose.yml
@@ -15,6 +15,7 @@ services:
       DB_PORT: 5432
       DB_NAME: onlyoffice
       DB_USER: onlyoffice
+      DB_PWD_FILE: /run/secrets/db_password
       AMQP_URI: amqp://guest:guest@rabbitmq
       AUTO_ASSEMBLY_ENABLED: 
       AUTO_ASSEMBLY_INTERVAL: 
@@ -28,8 +29,10 @@ services:
       retries: 10
       start_period: 1m
     configs:
-      - source: local_json
-        target: /etc/onlyoffice/documentserver/local.json
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 555
+    entrypoint: /custom-entrypoint.sh
     deploy:
       update_config:
         failure_action: rollback
@@ -89,8 +92,8 @@ secrets:
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
 
 configs:
-  local_json:
-    name: ${STACK_NAME}_local_json_${LOCAL_JSON_VERSION}
-    file: local.json.tmpl 
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    file: entrypoint.sh.tmpl
     template_driver: golang
 
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
new file mode 100644
index 0000000..64d0eec
--- /dev/null
+++ b/entrypoint.sh.tmpl
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -eu
+
+file_env() {
+  local var="$1"
+  local fileVar="${var}_FILE"
+  local def="${2:-}"
+
+  if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+    echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+    exit 1
+  fi
+
+  local val="$def"
+  if [ "${!var:-}" ]; then
+    val="${!var}"
+  elif [ "${!fileVar:-}" ]; then
+    val="$(< "${!fileVar}")"
+  fi
+
+  export "$var"="$val"
+  unset "$fileVar"
+}
+
+file_env "DB_PWD"
+file_env "JWT_SECRET"
+
+CONFIG=/etc/onlyoffice/documentserver/local.json
+JSON_BIN=/var/www/onlyoffice/documentserver/npm/json
+JSON="${JSON_BIN} -q -f ${CONFIG}"
+${JSON} -I -e "if(this.services.CoAuthoring.autoAssembly===undefined)this.services.CoAuthoring.autoAssembly={};"
+${JSON} -I -e "this.services.CoAuthoring.autoAssembly.enable = ${AUTO_ASSEMBLY_ENABLED}"
+${JSON} -I -e "this.services.CoAuthoring.autoAssembly.interval = '${AUTO_ASSEMBLY_INTERVAL}'"
+${JSON} -I -e "this.services.CoAuthoring.autoAssembly.step = '${AUTO_ASSEMBLY_STEP}'"
+
+/app/ds/run-document-server.sh
diff --git a/local.json.tmpl b/local.json.tmpl
deleted file mode 100644
index 046baa9..0000000
--- a/local.json.tmpl
+++ /dev/null
@@ -1,55 +0,0 @@
-{
-  "services": {
-    "CoAuthoring": {
-      "sql": {
-       "type": "{{ env "DB_TYPE" }}",
-        "dbHost": "{{ env "DB_HOST" }}",
-        "dbPort": "{{ env "DB_PORT" }}",
-        "dbName": "{{ env "DB_NAME" }}",
-        "dbUser": "{{ env "DB_USER" }}",
-        "dbPass": "{{ secret  "db_password" }}"
-      },
-  {{ if eq (env "JWT_ENABLED") "true" }}
-      "token": {
-        "enable": {
-          "request": {
-            "inbox": true,
-            "outbox": true
-          },
-          "browser": true
-        },
-        "inbox": {
-          "header": "Authorization",
-          "inBody": true
-        },
-        "outbox": {
-          "header": "Authorization",
-          "inBody": true
-        }
-      },
-      "secret": {
-        "inbox": {
-          "string": "{{ secret "jwt_secret" }}"
-        },
-        "outbox": {
-          "string": "{{ secret "jwt_secret" }}"
-        },
-        "session": {
-          "string": "{{ secret "jwt_secret" }}"
-        }
-      },
-    {{ end }}
-    "autoAssembly" : {
-      "enable": {{ env "AUTO_ASSEMBLY_ENABLED" }},
-      "interval": "{{ env "AUTO_ASSEMBLY_INTERVAL" }}",
-      "step": "{{ env "AUTO_ASSEMBLY_STEP" }}"
-      }
-    }
-  },
-  "rabbitmq": {
-    "url": "amqp://guest:guest@rabbitmq"
-  },
-  "queue": {
-    "type": "rabbitmq"
-  }
-}