feat(AppAPI): HaRP support(Nextcloud 32+)

Dockerfile

@@ -2,9 +2,30 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 FROM python:3.11-slim-bookworm
 
-COPY requirements.txt /
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && \
+  apt-get install -y curl && \
+  apt-get -y clean && \
+  rm -rf /var/lib/apt/lists/*
 
+# Download and install FRP client into /usr/local/bin.
+RUN set -ex; \
+    ARCH=$(uname -m); \
+    if [ "$ARCH" = "aarch64" ]; then \
+      FRP_URL="https://raw.githubusercontent.com/nextcloud/HaRP/main/exapps_dev/frp_0.61.1_linux_arm64.tar.gz"; \
+    else \
+      FRP_URL="https://raw.githubusercontent.com/nextcloud/HaRP/main/exapps_dev/frp_0.61.1_linux_amd64.tar.gz"; \
+    fi; \
+    echo "Downloading FRP client from $FRP_URL"; \
+    curl -L "$FRP_URL" -o /tmp/frp.tar.gz; \
+    tar -C /tmp -xzf /tmp/frp.tar.gz; \
+    mv /tmp/frp_0.61.1_linux_* /tmp/frp; \
+    cp /tmp/frp/frpc /usr/local/bin/frpc; \
+    chmod +x /usr/local/bin/frpc; \
+    rm -rf /tmp/frp /tmp/frp.tar.gz
 
+COPY requirements.txt /
 
 RUN \
   python3 -m pip install -r requirements.txt && rm -rf ~/.cache && rm requirements.txt
@@ -16,8 +37,9 @@ ADD /ex_app/l10[n] /ex_app/l10n
 ADD /ex_app/li[b] /ex_app/lib
 
 COPY --chmod=775 healthcheck.sh /
+COPY --chmod=775 start.sh /
 
 WORKDIR /ex_app/lib
 ENV PYTHONPATH="/"
-ENTRYPOINT ["python3", "main.py"]
+ENTRYPOINT ["/start.sh", "python3", "main.py"]
 HEALTHCHECK --interval=2s --timeout=2s --retries=300 CMD /healthcheck.sh

healthcheck.sh

@@ -1,4 +1,10 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later
-exit 0
+if [ -f /frpc.toml ] && [ -n "$HP_SHARED_KEY" ]; then
+  if pgrep -x "frpc" > /dev/null; then
+      exit 0
+  else
+      exit 1
+  fi
+fi

start.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+set -e
+
+# Only create a config file if HP_SHARED_KEY is set.
+if [ -n "$HP_SHARED_KEY" ]; then
+    echo "HP_SHARED_KEY is set, creating /frpc.toml configuration file..."
+    if [ -d "/certs/frp" ]; then
+        echo "Found /certs/frp directory. Creating configuration with TLS certificates."
+        cat <<EOF > /frpc.toml
+serverAddr = "$HP_FRP_ADDRESS"
+serverPort = $HP_FRP_PORT
+loginFailExit = false
+
+transport.tls.enable = true
+transport.tls.certFile = "/certs/frp/client.crt"
+transport.tls.keyFile = "/certs/frp/client.key"
+transport.tls.trustedCaFile = "/certs/frp/ca.crt"
+transport.tls.serverName = "harp.nc"
+
+metadatas.token = "$HP_SHARED_KEY"
+
+[[proxies]]
+remotePort = $APP_PORT
+type = "tcp"
+name = "$APP_ID"
+[proxies.plugin]
+type = "unix_domain_socket"
+unixPath = "/tmp/exapp.sock"
+EOF
+    else
+        echo "Directory /certs/frp not found. Creating configuration without TLS certificates."
+        cat <<EOF > /frpc.toml
+serverAddr = "$HP_FRP_ADDRESS"
+serverPort = $HP_FRP_PORT
+loginFailExit = false
+
+transport.tls.enable = false
+
+metadatas.token = "$HP_SHARED_KEY"
+
+[[proxies]]
+remotePort = $APP_PORT
+type = "tcp"
+name = "$APP_ID"
+[proxies.plugin]
+type = "unix_domain_socket"
+unixPath = "/tmp/exapp.sock"
+EOF
+    fi
+else
+    echo "HP_SHARED_KEY is not set. Skipping FRP configuration."
+fi
+
+# If we have a configuration file and the shared key is present, start the FRP client
+if [ -f /frpc.toml ] && [ -n "$HP_SHARED_KEY" ]; then
+    echo "Starting frpc in the background..."
+    frpc -c /frpc.toml &
+fi
+
+# Start the main application (launch cmd for ExApp is an argument for this script)
+echo "Starting application: $@"
+exec "$@"