From 9568629f590e4487deb61ea9809ca754019d2c61 Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Sun, 30 Mar 2025 18:45:05 +0300
Subject: [PATCH 1/2] added HaRP support(NC32+)

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 Dockerfile                   | 16 +++++++++++
 Makefile                     |  2 +-
 appinfo/info.xml             |  4 +--
 ex_app/lib/main.py           |  2 +-
 ex_app_scripts/entrypoint.sh | 56 ++++++++++++++++++++++++++++++++++++
 requirements.txt             |  2 +-
 6 files changed, 77 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2e8f969..3e1095a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -203,6 +203,22 @@ RUN apt-get update && \
     curl nodejs sudo wget procps nano && \
     rm -rf /var/lib/apt/lists/*
 
+# HaRP: download and install FRP client
+RUN set -ex; \
+    ARCH=$(uname -m); \
+    if [ "$ARCH" = "aarch64" ]; then \
+      FRP_URL="https://raw.githubusercontent.com/nextcloud/HaRP/main/exapps_dev/frp_0.61.1_linux_arm64.tar.gz"; \
+    else \
+      FRP_URL="https://raw.githubusercontent.com/nextcloud/HaRP/main/exapps_dev/frp_0.61.1_linux_amd64.tar.gz"; \
+    fi; \
+    echo "Downloading FRP client from $FRP_URL"; \
+    curl -L "$FRP_URL" -o /tmp/frp.tar.gz; \
+    tar -C /tmp -xzf /tmp/frp.tar.gz; \
+    mv /tmp/frp_0.61.1_linux_* /tmp/frp; \
+    cp /tmp/frp/frpc /usr/local/bin/frpc; \
+    chmod +x /usr/local/bin/frpc; \
+    rm -rf /tmp/frp /tmp/frp.tar.gz
+
 COPY ex_app_scripts/common_pgsql.sh /ex_app_scripts/common_pgsql.sh
 COPY ex_app_scripts/install_pgsql.sh /ex_app_scripts/install_pgsql.sh
 COPY ex_app_scripts/init_pgsql.sh /ex_app_scripts/init_pgsql.sh
diff --git a/Makefile b/Makefile
index c0f87da..b0910ec 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@
 APP_ID := flow
 APP_NAME := Flow
 APP_VERSION := $$(xmlstarlet sel -t -v "//version" appinfo/info.xml)
-JSON_INFO := "{\"id\":\"$(APP_ID)\",\"name\":\"$(APP_NAME)\",\"daemon_config_name\":\"manual_install\",\"version\":\"$(APP_VERSION)\",\"secret\":\"12345\",\"port\":24000, \"routes\": [{\"url\":\"^api\\\/w\\\/nextcloud\\\/jobs\\\/.*\", \"verb\":\"GET, POST, PUT, DELETE\", \"access_level\":0, \"headers_to_exclude\":[], \"bruteforce_protection\":[401]}, {\"url\":\"^api\\\/w\\\/nextcloud\\\/jobs_u\\\/.*\", \"verb\":\"GET, POST, PUT, DELETE\", \"access_level\":0, \"headers_to_exclude\":[], \"bruteforce_protection\":[401]}, {\"url\":\".*\", \"verb\":\"GET, POST, PUT, DELETE\", \"access_level\":2, \"headers_to_exclude\":[]}]}"
+JSON_INFO := "{\"id\":\"$(APP_ID)\",\"name\":\"$(APP_NAME)\",\"daemon_config_name\":\"manual_install\",\"version\":\"$(APP_VERSION)\",\"secret\":\"12345\",\"port\":27100, \"routes\": [{\"url\":\"^api\\\/w\\\/nextcloud\\\/jobs\\\/.*\", \"verb\":\"GET, POST, PUT, DELETE\", \"access_level\":0, \"headers_to_exclude\":[], \"bruteforce_protection\":[401]}, {\"url\":\"^api\\\/w\\\/nextcloud\\\/jobs_u\\\/.*\", \"verb\":\"GET, POST, PUT, DELETE\", \"access_level\":0, \"headers_to_exclude\":[], \"bruteforce_protection\":[401]}, {\"url\":\".*\", \"verb\":\"GET, POST, PUT, DELETE\", \"access_level\":2, \"headers_to_exclude\":[]}]}"
 
 
 .PHONY: help
diff --git a/appinfo/info.xml b/appinfo/info.xml
index 39003f5..57b5f2d 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -24,7 +24,7 @@ This app provides an easy way to install the Windmill based Business Process Aut
 **Requires [`AppAPI`](https://github.com/nextcloud/app_api) and `webhook_listeners` to be enabled to work.**
 
 	]]></description>
-	<version>1.1.0</version>
+	<version>1.2.0</version>
 	<licence>agpl</licence>
 	<author mail="julien-nc@posteo.net" homepage="https://github.com/julien-nc">Julien Veyssier</author>
 	<author mail="mklehr@gmx.net" homepage="https://github.com/marcelklehr">Marcel Klehr</author>
@@ -44,7 +44,7 @@ This app provides an easy way to install the Windmill based Business Process Aut
 		<docker-install>
 			<registry>ghcr.io</registry>
 			<image>nextcloud/flow</image>
-			<image-tag>1.1.0</image-tag>
+			<image-tag>1.2.0</image-tag>
 		</docker-install>
 		<routes>
 			<route>
diff --git a/ex_app/lib/main.py b/ex_app/lib/main.py
index 4eca93d..0904b9f 100644
--- a/ex_app/lib/main.py
+++ b/ex_app/lib/main.py
@@ -33,7 +33,7 @@
 
 # os.environ["NEXTCLOUD_URL"] = "http://nextcloud.local/index.php"
 # os.environ["APP_HOST"] = "0.0.0.0"
-# os.environ["APP_PORT"] = "24000"
+# os.environ["APP_PORT"] = "27100"
 # os.environ["APP_ID"] = "flow"
 # os.environ["APP_SECRET"] = "12345"  # noqa
 # os.environ["AA_VERSION"] = "4.0.0"  # value but should not be greater than minimal required AppAPI version
diff --git a/ex_app_scripts/entrypoint.sh b/ex_app_scripts/entrypoint.sh
index ae91c07..09cc420 100644
--- a/ex_app_scripts/entrypoint.sh
+++ b/ex_app_scripts/entrypoint.sh
@@ -2,6 +2,62 @@
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: MIT
 
+set -e
+
+# Only create a config file if HP_SHARED_KEY is set.
+if [ -n "$HP_SHARED_KEY" ]; then
+    echo "HP_SHARED_KEY is set, creating /frpc.toml configuration file..."
+    if [ -d "/certs/frp" ]; then
+        echo "Found /certs/frp directory. Creating configuration with TLS certificates."
+        cat <<EOF > /frpc.toml
+serverAddr = "$HP_FRP_ADDRESS"
+serverPort = $HP_FRP_PORT
+
+transport.tls.enable = true
+transport.tls.certFile = "/certs/frp/client.crt"
+transport.tls.keyFile = "/certs/frp/client.key"
+transport.tls.trustedCaFile = "/certs/frp/ca.crt"
+transport.tls.serverName = "harp.nc"
+
+metadatas.token = "$HP_SHARED_KEY"
+
+[[proxies]]
+remotePort = $APP_PORT
+type = "tcp"
+name = "$APP_ID"
+[proxies.plugin]
+type = "unix_domain_socket"
+unixPath = "/tmp/exapp.sock"
+EOF
+    else
+        echo "Directory /certs/frp not found. Creating configuration without TLS certificates."
+        cat <<EOF > /frpc.toml
+serverAddr = "$HP_FRP_ADDRESS"
+serverPort = $HP_FRP_PORT
+
+transport.tls.enable = false
+
+metadatas.token = "$HP_SHARED_KEY"
+
+[[proxies]]
+remotePort = $APP_PORT
+type = "tcp"
+name = "$APP_ID"
+[proxies.plugin]
+type = "unix_domain_socket"
+unixPath = "/tmp/exapp.sock"
+EOF
+    fi
+else
+    echo "HP_SHARED_KEY is not set. Skipping FRP configuration."
+fi
+
+# If we have a configuration file and the shared key is present, start the FRP client
+if [ -f /frpc.toml ] && [ -n "$HP_SHARED_KEY" ]; then
+    echo "Starting frpc in the background..."
+    frpc -c /frpc.toml &
+fi
+
 # Read environment variables
 . /etc/environment
 
diff --git a/requirements.txt b/requirements.txt
index 3cd8d60..ccef928 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1 @@
-nc_py_api[app]>=0.18.0
+nc_py_api[app]>=0.19.2

From 082bda584e6a207045a02ce9d222322c428be8fe Mon Sep 17 00:00:00 2001
From: Oleksander Piskun <oleksandr2088@icloud.com>
Date: Mon, 31 Mar 2025 16:35:06 +0300
Subject: [PATCH 2/2] added loginFailExit=false

Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
---
 ex_app_scripts/entrypoint.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ex_app_scripts/entrypoint.sh b/ex_app_scripts/entrypoint.sh
index 09cc420..77b1b5b 100644
--- a/ex_app_scripts/entrypoint.sh
+++ b/ex_app_scripts/entrypoint.sh
@@ -12,6 +12,7 @@ if [ -n "$HP_SHARED_KEY" ]; then
         cat <<EOF > /frpc.toml
 serverAddr = "$HP_FRP_ADDRESS"
 serverPort = $HP_FRP_PORT
+loginFailExit = false
 
 transport.tls.enable = true
 transport.tls.certFile = "/certs/frp/client.crt"
@@ -34,6 +35,7 @@ EOF
         cat <<EOF > /frpc.toml
 serverAddr = "$HP_FRP_ADDRESS"
 serverPort = $HP_FRP_PORT
+loginFailExit = false
 
 transport.tls.enable = false