From 5f862fe8d369464ced43c3ed1e75452142cccb21 Mon Sep 17 00:00:00 2001
From: awkawb <bryant.gitea@fastmail.com>
Date: Sun, 6 Oct 2024 21:48:09 -0400
Subject: [PATCH] Updated Invoice Ninja to v5.10.31

* Changed php environment packages
* Added patch to switch back to Flutter
* Added patch to fix storage permissions
---
 default.nix                                   | 16 ++++--
 disable-react-for-admin.patch                 | 13 +++++
 ...ystems.patch => fix-base-permissions.patch |  8 +--
 fix-storage-permissions.patch                 | 32 ++++++++++++
 invoice-ninja.nix                             | 50 +++++++++++--------
 tests/test-config.nix                         |  2 +-
 6 files changed, 92 insertions(+), 29 deletions(-)
 create mode 100644 disable-react-for-admin.patch
 rename config-filesystems.patch => fix-base-permissions.patch (65%)
 create mode 100644 fix-storage-permissions.patch

diff --git a/default.nix b/default.nix
index 6cf7ace..99ae22a 100644
--- a/default.nix
+++ b/default.nix
@@ -9,19 +9,25 @@
 
 php.buildComposerProject (finalAttrs: {
   pname = "invoice-ninja";
-  version = "5.10.29";
+  version = "5.10.31";
 
   src = fetchFromGitHub {
     owner = "invoiceninja";
     repo = "invoiceninja";
     rev = "v${finalAttrs.version}";
-    hash = "sha256-nhLt3DXW0q07ZhDq23mHwbVmqHZor+p925/yrKXum54=";
+    hash = "sha256-n3SpyXGUjw+qHEtnrclzIIdQ09UZBI+Rj7MXeUJVk6c=";
   };
 
-  vendorHash = "sha256-NVvx1aKhbC5XuXt2+gS2c3ulNWoCKrYNnEleBuAcftQ=";
+  vendorHash = "sha256-krGeVT6GyvkFkgeviA06dRneApEHDK61Tm+hXYTVYCM=";
 
-  # Patch sources to allow more restrictive permissions
-  # patches = [ ./config-filesystems.patch ];
+  # Patch sources for more restrictive permissions
+  patches = [
+    ./fix-storage-permissions.patch
+    ./disable-react-for-admin.patch
+
+    # FIXME this patch should fix "Health Check" file permissions errors
+    #./fix-base-permissions.patch
+  ];
 
   # Upstream composer.json has invalid license, webpatser/laravel-countries package is pointing
   # to commit-ref, and php required in require and require-dev
diff --git a/disable-react-for-admin.patch b/disable-react-for-admin.patch
new file mode 100644
index 0000000..d3f16f0
--- /dev/null
+++ b/disable-react-for-admin.patch
@@ -0,0 +1,13 @@
+diff --git a/app/Console/Commands/CreateAccount.php b/app/Console/Commands/CreateAccount.php
+index 228f8e8283..1ff3c54a61 100644
+--- a/app/Console/Commands/CreateAccount.php
++++ b/app/Console/Commands/CreateAccount.php
+@@ -79,7 +79,7 @@ class CreateAccount extends Command
+         $company->save();
+ 
+         $account->default_company_id = $company->id;
+-        $account->set_react_as_default_ap = true;
++        $account->set_react_as_default_ap = false;
+         $account->save();
+ 
+         $email = $this->option('email') ?? 'admin@example.com';
diff --git a/config-filesystems.patch b/fix-base-permissions.patch
similarity index 65%
rename from config-filesystems.patch
rename to fix-base-permissions.patch
index 5e15a0c..5254613 100644
--- a/config-filesystems.patch
+++ b/fix-base-permissions.patch
@@ -1,13 +1,15 @@
 diff --git a/config/filesystems.php b/config/filesystems.php
-index a104af7a81..a4c87ba3ff 100644
+index a104af7a81..3582c519a1 100644
 --- a/config/filesystems.php
 +++ b/config/filesystems.php
-@@ -37,7 +37,7 @@ return [
+@@ -37,8 +37,8 @@ return [
              'root' => base_path(),
              'permissions' => [
                  'file' => [
 -                    'public' => 0664,
+-                    'private' => 0600,
 +                    'public' => 0444,
-                     'private' => 0600,
++                    'private' => 0400,
                  ],
                  'dir' => [
+                     'public' => 0775,
diff --git a/fix-storage-permissions.patch b/fix-storage-permissions.patch
new file mode 100644
index 0000000..de32b03
--- /dev/null
+++ b/fix-storage-permissions.patch
@@ -0,0 +1,32 @@
+diff --git a/config/filesystems.php b/config/filesystems.php
+index a104af7a81..5294147710 100644
+--- a/config/filesystems.php
++++ b/config/filesystems.php
+@@ -53,11 +53,11 @@ return [
+             'root' => storage_path('app'),
+             'permissions' => [
+                 'file' => [
+-                    'public' => 0664,
++                    'public' => 0660,
+                     'private' => 0600,
+                 ],
+                 'dir' => [
+-                    'public' => 0775,
++                    'public' => 0770,
+                     'private' => 0700,
+                 ],
+             ],
+@@ -71,11 +71,11 @@ return [
+             'visibility' => 'public',
+             'permissions' => [
+                 'file' => [
+-                    'public' => 0664,
++                    'public' => 0660,
+                     'private' => 0600,
+                 ],
+                 'dir' => [
+-                    'public' => 0775,
++                    'public' => 0770,
+                     'private' => 0700,
+                 ],
+             ],
diff --git a/invoice-ninja.nix b/invoice-ninja.nix
index acb4925..a65365c 100644
--- a/invoice-ninja.nix
+++ b/invoice-ninja.nix
@@ -16,7 +16,7 @@ let
   # PHP environment
   phpPackage = cfg.phpPackage.buildEnv {
     extensions = { enabled, all }: enabled ++ (with all;
-      [ bcmath ctype curl fileinfo gd gmp iconv imagick mbstring mysqli openssl pdo tokenizer zip ]
+      [ bcmath ctype curl fileinfo gd gmp iconv imagick intl mbstring mysqli openssl pdo soap tokenizer zip ]
     );
 
     extraConfig = "memory_limit = 1024M";
@@ -245,10 +245,13 @@ in
 
     services.invoice-ninja.settings =
       let
-        app_http_url = "http://${cfg.hostName}";
-        app_https_url = "https://${cfg.hostName}";
-        react_http_url = "http://${cfg.hostName}:3001";
-        react_https_url = "https://${cfg.hostName}:3001";
+        url = ({ hostName, react ? false }: 
+          if (hostName == "localhost")
+            then
+              (if (react == true) then ("http://" + hostName + ":3001") else ("http://" + hostName))
+            else
+              (if (react == true) then ("https://" + hostName + ":3001") else ("https://" + hostName))
+          );
         chromium = lib.lists.findSingle (x: x == pkgs.chromium) "none" "multiple" extraPrograms;
       in
       lib.mkMerge [
@@ -256,8 +259,8 @@ in
           APP_NAME = lib.mkDefault "\"Invoice Ninja\"";
           APP_ENV = lib.mkDefault "production";
           APP_DEBUG = lib.mkDefault false;
-          APP_URL = lib.mkDefault (if (cfg.hostName != "localhost") then "${app_https_url}" else "${app_http_url}");
-          REACT_URL = lib.mkDefault (if (cfg.hostName != "localhost") then "${react_https_url}" else "${react_http_url}");
+          APP_URL = lib.mkDefault (url { hostName = cfg.hostName; });
+          REACT_URL = lib.mkDefault (url { hostName = cfg.hostName; react = true; });
           DB_CONNECTION = lib.mkDefault "mysql";
           MULTI_DB_ENABLED = lib.mkDefault false;
           DEMO_MODE = lib.mkDefault false;
@@ -310,6 +313,11 @@ in
         {
           root = lib.mkForce "${invoice-ninja}/public";
           locations = {
+            "= /index.php".extraConfig = '' 
+              fastcgi_split_path_info ^(.+\.php)(/.+)$;
+              fastcgi_pass unix:${config.services.phpfpm.pools.invoice-ninja.socket};
+              fastcgi_index index.php;
+            '';
             "/" = {
               tryFiles = "$uri $uri/ /index.php?$query_string";
               extraConfig = ''
@@ -318,11 +326,7 @@ in
                 }
               '';
             };
-            "~ \\.php$".extraConfig = ''
-              fastcgi_split_path_info ^(.+\.php)(/.+)$;
-              fastcgi_pass unix:${config.services.phpfpm.pools.invoice-ninja.socket};
-              fastcgi_index index.php;
-            '';
+            "~ \\.php$".extraConfig = "return 403;";
             "~ /\\.ht".extraConfig = "deny all;";
           };
           extraConfig = ''
@@ -435,17 +439,15 @@ in
                 # Perform the first migration
                 [[ ! -f ${cfg.dataDir}/.initial-migration ]] && invoice-ninja-manage migrate --force && touch ${cfg.dataDir}/.initial-migration
 
+                # Seed database with records
+                # Necessary for languages, currencies, countries, etc.
+                invoice-ninja-manage db:seed --force
+
                 # Create Invoice Ninja admin account
                 [[ ! -f ${cfg.dataDir}/.admin-created ]] \
                   && invoice-ninja-manage ninja:create-account --email=${cfg.adminEmail} --password=${cfg.adminPassword} \
                   && touch ${cfg.dataDir}/.admin-created
                 
-                # Recent releases make the React interface default
-                # Currently this is broken so we switch back to the Flutter interface
-                [[ ! -f ${cfg.dataDir}/.react-disabled ]] \
-                  && mysql -D ${cfg.database.name} -e 'UPDATE accounts SET set_react_as_default_ap = 0;' \
-                  && touch ${cfg.dataDir}/.react-disabled
-
                 invoice-ninja-manage route:cache
                 invoice-ninja-manage view:cache
                 invoice-ninja-manage config:cache
@@ -460,16 +462,24 @@ in
       "${cfg.dataDir}/storage/framework"
       "${cfg.dataDir}/storage/framework/cache"
       "${cfg.dataDir}/storage/framework/sessions"
+      "${cfg.dataDir}/storage/framework/testing"
       "${cfg.dataDir}/storage/framework/views"
       "${cfg.dataDir}/storage/logs"
-      cfg.runtimeDir
-      "${cfg.runtimeDir}/cache"
     ] (n: {
       d = {
         user = user;
         group = group;
         mode = "0770";
       };
+    }) // lib.attrsets.genAttrs [
+      cfg.runtimeDir
+      "${cfg.runtimeDir}/cache"
+    ] (n: {
+      d = {
+        user = user;
+        group = group;
+        mode = "0750";
+      };
     });
   };
 }
diff --git a/tests/test-config.nix b/tests/test-config.nix
index 107caee..6eef017 100644
--- a/tests/test-config.nix
+++ b/tests/test-config.nix
@@ -13,7 +13,7 @@
   users.users.test = {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
-    initialPassword = "testing";
+    initialPassword = "test";
   };
 
   services.invoice-ninja = {