sulu: 3.1.30

sulu: - a6653de add documentation for connection config, lint files - 3f2c5d8 add support for port: "auto" and protocol: "autoWs" - be73c12 allow hosting sulu in sub-directory - 5d625dd if visibilityControl=force only show widget when parent matches - 154313a fix labels for firmware submit buttons when in queue mode - cb5cdd2 add visibilityControl field to widgetinfo, add documentation, normalize widget filtering function - 7702142 better users widget ui config: - Switch port to auto - Switch protocol to autoWS - Removed config option to disable RBAC - Use 8000 as redirect to https
2025-12-10 07:44:50 +01:00 · 2023-11-24 15:13:59 +05:30 · 2023-11-24 15:13:59 +05:30 · 2478ca8fd9
commit 2478ca8fd9
parent c6492dfeee
7 changed files with 67 additions and 215 deletions
--- a/sulu/sulu-base/Makefile
+++ b/sulu/sulu-base/Makefile
@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-base
-PKG_VERSION:=3.1.29
+PKG_VERSION:=3.1.30
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu.git
-PKG_SOURCE_VERSION:=e8188382267970f60a5992c55ab9858c9069044c
+PKG_SOURCE_VERSION:=a6653de12a1b45758f75a1d833ada3489f9125f9
 PKG_MIRROR_HASH:=skip
 SULU_MOD:=core
--- a/sulu/sulu-builder/Makefile
+++ b/sulu/sulu-builder/Makefile
@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=sulu-builder
-PKG_VERSION:=3.1.29
+PKG_VERSION:=3.1.30
 PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/websdk/sulu-builder.git
-PKG_SOURCE_VERSION:=ad61b28419343d3987bc6eeb259198201e8b0a67
+PKG_SOURCE_VERSION:=fa8e0cd297b38f8b1f964694fb990cf017d75223
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_SOURCE_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/sulu-$(PKG_VERSION)/sulu-builder-$(PKG_SOURCE_VERSION)
--- a/sulu/sulu-builder/files/etc/config/sulu
+++ b/sulu/sulu-builder/files/etc/config/sulu
@ -1,5 +1,4 @@
 config global 'global'
 	option role_based_access '1'
 	option SessionMode 'Allow'
 	list user 'admin'
 	list user 'user'
--- a/sulu/sulu-builder/files/etc/init.d/sulu
+++ b/sulu/sulu-builder/files/etc/init.d/sulu
@ -16,12 +16,11 @@ validate_sulu_global_section()
 {
 	uci_validate_section sulu global global \
 		'enabled:bool:1' \
-		'enable_system_credentials:bool:1' \
+		'enable_system_credentials:bool:1'
 		'role_based_access:bool:0'
 }
 start_service() {
-	local enabled enable_system_credentials role_based_access
+	local enabled enable_system_credentials
 	config_load sulu
 	procd_open_instance sulu
@ -34,8 +33,8 @@ start_service() {
 	fi
 	update_nginx_template
-	configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
+	configure_sulu "${enable_system_credentials}" 1
-	generate_sulu_conn_config "${role_based_access}"
+	generate_sulu_conn_config
 	procd_close_instance
 }
--- a/sulu/sulu-builder/files/etc/sulu/sulu.sh
+++ b/sulu/sulu-builder/files/etc/sulu/sulu.sh
@ -82,16 +82,6 @@ function _get_sulu_acl_file()
 	echo "${file}"
 }
 function _get_sulu_tls_port()
 {
 	local port listen
 	listen="$(uci -q get nginx._sulu_s.listen)"
 	port="$(echo $listen|grep -Eo '[0-9]+'|head -n 1)"
 	echo "${port:-8443}"
 }
 function _get_sulu_http_port()
 {
 	local port listen
@ -117,149 +107,40 @@ function update_nginx_template()
 function generate_sulu_conn_config()
 {
-	local rbac users SCONFIG session
+	local users SCONFIG session
 	rbac="${1}"
 	users="$(_get_sulu_users)"
 	session="$(_get_sulu_session_mode)"
 	SCONFIG="$(_get_sulu_connection_config)"
 	json_init;
-	if [ "${rbac}" -eq "1" ]; then
+	json_add_string 'Current-connection' 'main';
 		json_add_string 'Current-connection' 'rbac';
 	else
 		json_add_string 'Current-connection' 'main';
 	fi
 	json_add_object 'Connections';
-		json_add_object 'rbac';
+		json_add_object 'main';
 		json_add_string 'toId' "$(_get_endpoint_id)";
-		json_add_int 'port' "$(_get_sulu_tls_port)";
+		json_add_string 'port' "auto";
 		json_add_string 'path' "/wss";
 		if [ "${session}" = "Require" ]; then
 			json_add_boolean 'useSession' 1;
 		fi
-		json_add_string 'protocol' 'wss';
+		json_add_string 'protocol' 'autoWs';
-			json_add_array 'auth';
+		json_add_object 'overrides';
-			json_close_array;
+		for f in ${users}; do
-
+			json_add_object "${f}";
-			json_add_array 'urlOverrides';
+			json_add_string 'fromId' "self::sulu-${f}";
-				json_add_object "";
+			json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint";
-					json_add_object 'match';
+			json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller";
 						json_add_string 'protocol' 'http:'
 					json_close_object
 					json_add_object 'override';
 						json_add_string 'protocol' 'ws'
 						json_add_int 'port' "$(_get_sulu_http_port)";
 					json_close_object
 				json_close_object
 			json_close_array
 			json_add_object 'overrides';
 			for f in ${users}; do
 				json_add_object "${f}";
 				json_add_string 'fromId' "self::sulu-${f}";
 				json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint";
 				json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller";
 				json_close_object;
 			done
 			json_close_object;
 		done
 		json_close_object;
 		# add the default connection
 		json_add_object 'main';
 		json_add_string 'fromId' 'proto::interop-usp-controller';
 		json_add_string 'toId' "$(_get_endpoint_id)";
 		json_add_int 'port' "$(_get_sulu_tls_port)";
 		json_add_string 'path' "/wss";
 		json_add_string 'protocol' 'wss';
 		json_add_string 'publishEndpoint' "/usp/endpoint";
 		json_add_string 'subscribeEndpoint' "/usp/controller";
 			json_add_array 'auth';
 			json_close_array;
 			json_add_array 'urlOverrides';
 				json_add_object "";
 					json_add_object 'match';
 						json_add_string 'protocol' 'http:'
 					json_close_object
 					json_add_object 'override';
 						json_add_string 'protocol' 'ws'
 						json_add_int 'port' "$(_get_sulu_http_port)";
 					json_close_object
 				json_close_object
 			json_close_array
 		json_close_object;
 	json_close_object;
 	json_dump > ${SCONFIG}
 }
 function set_sulu_connection_mode()
 {
 	local rbac profile config SCONFIG
 	SCONFIG="$(_get_sulu_connection_config)"
 	rbac="${1}"
 	profile="$(jq '."Current-connection"' ${SCONFIG})"
 	if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
 		config="$(jq '."Current-connection" = "rbac"' ${SCONFIG})"
 		echo "${config}" > ${SCONFIG}
 	elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
 		config="$(jq '."Current-connection" = "main"' ${SCONFIG})"
 		echo "${config}" > ${SCONFIG}
 	fi
 }
 function update_sulu_connection_port()
 {
 	local port ws_port SCONF
 	SCONF="$(_get_sulu_connection_config)"
 	ws_port="$(_get_sulu_tls_port)"
 	port="$(jq '.Connections.rbac.port' ${SCONF})"
 	if [ "${port}" -ne "${ws_port}" ]; then
 		jq ".Connections.main.port = ${ws_port} | .Connections.rbac.port = ${ws_port}" ${SCONF} > /tmp/sulu/ss_port.json
 		mv /tmp/sulu/ss_port.json ${SCONF}
 	fi
 }
 function _update_obuspa_config()
 {
 	local restart
 	restart=0
 	if ! uci_get obuspa localmqtt >/dev/null 2>&1; then
 		uci_add obuspa mqtt localmqtt
 		uci_set obuspa localmqtt BrokerAddress "127.0.0.1"
 		uci_set obuspa localmqtt BrokerPort "1883"
 		uci_set obuspa localmqtt TransportProtocol "TCP/IP"
 		restart=1
 	fi
 	if ! uci_get obuspa agent_mtp >/dev/null 2>&1; then
 		uci_add obuspa mtp agent_mtp
 		uci_set obuspa agent_mtp Protocol "MQTT"
 		uci_set obuspa agent_mtp ResponseTopicConfigured "/usp/endpoint"
 		uci_set obuspa agent_mtp mqtt "localmqtt"
 		restart=1
 	fi
 	if ! uci_get obuspa localcontroller >/dev/null 2>&1; then
 		uci_add obuspa controller localcontroller
 		uci_set obuspa localcontroller EndpointID "proto::interop-usp-controller"
 		uci_set obuspa localcontroller Protocol "MQTT"
 		uci_set obuspa localcontroller Topic "/usp/controller"
 		uci_set obuspa localcontroller mqtt "localmqtt"
 		uci_set obuspa localcontroller assigned_role_name "full_access"
 		restart=1
 	fi
 	return "${restart}"
 }
 function _remove_obuspa_config()
 {
 	local restart session
@ -343,31 +224,14 @@ function _remove_sulu_sec()
 	return 0
 }
 function _remove_obuspa_config_rbac()
 {
 	local restart
 	restart=0
 	config_foreach _remove_sulu_sec mqtt
 	restart="$(( restart + $? ))"
 	config_foreach _remove_sulu_sec mtp
 	restart="$(( restart + $? ))"
 	config_foreach _remove_sulu_sec controller
 	restart="$(( restart + $? ))"
 	uci_set obuspa global role_file ""
 	return "${restart}"
 }
 function _create_acl() {
-        local agentid rbac users restart
+        local agentid users restart
 	local ACL_FILE
 	rbac="${1:-0}"
 	restart="0"
 	ACL_FILE="$(_get_sulu_acl_file)"
-	if [ -z "${ACL_FILE}" -o "${rbac}" -eq "0" ]; then
+	if [ -z "${ACL_FILE}" ]; then
 		return 0
 	fi
@ -376,20 +240,18 @@ function _create_acl() {
 	fi
 	touch "${ACL_FILE}"
-	if [ "${rbac}" -eq "1" ]; then
+	users="$(_get_sulu_users)"
-		users="$(_get_sulu_users)"
+	agentid="$(_get_agent_id)"
-		agentid="$(_get_agent_id)"
+	for f in ${users}; do
-		for f in ${users}; do
+		if ! grep -q "user $f" ${ACL_FILE}; then
-			if ! grep -q "user $f" ${ACL_FILE}; then
+			echo "user ${f}" >> ${ACL_FILE}
-				echo "user ${f}" >> ${ACL_FILE}
+			echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
-				echo "topic read  /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+			echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
-				echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+			echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
-				echo "topic read  /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+			echo "" >> ${ACL_FILE}
-				echo "" >> ${ACL_FILE}
+			restart="1"
-				restart="1"
+		fi
-			fi
+	done
 		done
 	fi
 	if [ "${restart}" -gt "0" ]; then
 		slog "Restarting mosquitto..."
@ -399,23 +261,15 @@ function _create_acl() {
 function update_obuspa_config()
 {
-	local rbac restart
+	local restart
 	rbac="${1}"
 	restart=0
 	uci_load obuspa
-	if [ "${rbac}" -eq "1" ]; then
+	_remove_obuspa_config
-		_remove_obuspa_config
+	restart="$(( restart + $? ))"
-		restart="$(( restart + $? ))"
+	_update_obuspa_config_rbac
-		_update_obuspa_config_rbac
+	restart="$(( restart + $? ))"
 		restart="$(( restart + $? ))"
 	else
 		_remove_obuspa_config_rbac
 		restart="$(( restart + $? ))"
 		_update_obuspa_config
 		restart="$(( restart + $? ))"
 	fi
 	uci_commit obuspa
 	if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then
@ -426,20 +280,18 @@ function update_obuspa_config()
 function configure_sulu()
 {
-	local sys_cred rbac restart
+	local sys_cred restart
 	sys_cred="${1}"
-	rbac="${2}"
+	restart="${2:-0}"
 	restart="${3:-0}"
-	if [ -z "${sys_cred}" -o -z "${rbac}" ]; then
+	if [ -z "${sys_cred}" ]; then
 		slog "Invalid inputs"
 		return 0
 	fi
 	_RESTART_SERVICES="${restart}"
-	set_sulu_connection_mode "${rbac}"
+	update_obuspa_config
-	update_obuspa_config "${rbac}"
+	_create_acl
 	_create_acl "${rbac}"
 }
--- a/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config
+++ b/sulu/sulu-builder/files/etc/uci-defaults/40-add-sulu-nginx-config
@ -21,25 +21,28 @@ add_sulu_nginx_uci()
 		uci_set nginx _sulu_s error_log '/dev/null'
 	fi
-# To host on http, disable _suluredirect and enable _sulu_http
+	# To host on http, disable _suluredirect and enable _sulu_http
-#	if ! uci_get nginx _suluredirect >/dev/null 2>&1; then
+	if ! uci_get nginx _suluredirect >/dev/null 2>&1; then
-#		uci_add nginx server _suluredirect
+		uci_add nginx server _suluredirect
-#		uci_add_list nginx _suluredirect listen "8080"
+		uci_add_list nginx _suluredirect listen "8080"
-#		uci_add_list nginx _suluredirect listen "[::]:8080"
+		uci_add_list nginx _suluredirect listen "[::]:8080"
-#		uci_set nginx _suluredirect server_name '_suluredirect'
+		uci_set nginx _suluredirect server_name '_suluredirect'
-#		uci_set nginx _suluredirect return '302 https://$host:8443$request_uri'
+		uci_set nginx _suluredirect return '302 https://$host:8443$request_uri'
 #	fi
 	if ! uci_get nginx _sulu_http >/dev/null 2>&1; then
 		uci_add nginx server _sulu_http
 		uci_set nginx _sulu_http root '/sulu'
 		uci_add_list nginx _sulu_http listen "8080"
 		uci_add_list nginx _sulu_http listen "[::]:8080"
 		uci_set nginx _sulu_http server_name '_sulu_http'
 		uci_add_list nginx _sulu_http include '/etc/sulu/nginx.locations'
 	        uci_set nginx _sulu_http ssl_session_cache 'none'
 		uci_set nginx _sulu_http access_log 'off; # logd openwrt'
 	fi
 	if uci_get nginx _sulu_http >/dev/null 2>&1; then
 		uci_remove nginx _sulu_http
 	fi
 #	if ! uci_get nginx _sulu_http >/dev/null 2>&1; then
 #		uci_add nginx server _sulu_http
 #		uci_set nginx _sulu_http root '/sulu'
 #		uci_add_list nginx _sulu_http listen "8080"
 #		uci_add_list nginx _sulu_http listen "[::]:8080"
 #		uci_set nginx _sulu_http server_name '_sulu_http'
 #		uci_add_list nginx _sulu_http include '/etc/sulu/nginx.locations'
 #	        uci_set nginx _sulu_http ssl_session_cache 'none'
 #		uci_set nginx _sulu_http access_log 'off; # logd openwrt'
 #	fi
 }
--- a/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config
+++ b/sulu/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config
@ -4,7 +4,6 @@
 config_load sulu
 config_get enable_system_credentials global enable_system_credentials 1
 config_get role_based_access global role_based_access 0
-configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
+configure_sulu "${enable_system_credentials}" 0
-generate_sulu_conn_config "${role_based_access}"
+generate_sulu_conn_config