added automatic Key Generation for Empty .env Keys

2025-12-03 20:38:40 +01:00
parent 61d94a264f
commit 14b3eb4559
9 changed files with 106 additions and 329 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,3 @@
 ROOT_URL=http://95.217.36.57:3000
 DOCKER_GROUP_ID=989
 DATA_MANAGER_DB_URL=postgresql://data_db:5432/user_data
--- a/README.md
+++ b/README.md
@@ -388,3 +388,24 @@ Do you want to build load_manager? (Y/n):
 => => unpacking to docker.io/fast/load_manager:latest
 ```
 You can now run the built images using Docker commands, for example:
 ## Setup Gitea Version controls system
 ```bash
 Do you want to set up Gitea (self-hosted git service)? (Y/n):
 Cloning into 'lib'...
 remote: Enumerating objects: 20, done.
 remote: Counting objects: 100% (20/20), done.
 remote: Compressing objects: 100% (15/15), done.
 remote: Total 20 (delta 4), reused 0 (delta 0), pack-reused 0 (from 0)
 Receiving objects: 100% (20/20), 6.30 KiB | 6.30 MiB/s, done.
 Resolving deltas: 100% (4/4), done.
 Enter the full path where you want to set up Fast (e.g., /opt/gitea):
 ```
 After entering the path, the script will proceed to set up Gitea and ask if you want to start it immediately:
 ```bash
 Gitea has been set up at /opt/gitea
 ```
--- a/bin/create_key.sh
+++ b/bin/create_key.sh
@@ -0,0 +1,11 @@
 #!/bin/bash
 # This generates an environmental variable safe key for use in various applications.
 KEY_LENGTH=$1
 if [[ -z "$KEY_LENGTH" ]]; then
    KEY_LENGTH=32
 fi
 KEY=$(head -c $KEY_LENGTH /dev/urandom | base64 | tr -d '=+/ ' | cut -c1-$KEY_LENGTH)
 echo $KEY
--- a/bin/generate_key.sh
+++ b/bin/generate_key.sh
@@ -0,0 +1,5 @@
 #!/bin/bash
 # This script generates a random 32-character alphanumeric key
 KEY=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 32)
 echo "$KEY"
--- a/bin/setup_env.sh
+++ b/bin/setup_env.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 SETUP_DIR=$PWD
 # check if FAST_PATH is set, if not exit with a message
 if [ -z "$FAST_PATH" ]; then
    echo "FAST_PATH is not set."
@@ -15,7 +17,7 @@ cd $FAST_PATH
 ENV_FILE=".env"
 # Define the keywords to look for (case-insensitive search for the value part)
-KEYWORDS="(key|user|password|email)"
+KEYWORDS="(KEY|USER|PASSWORD|EMAIL)"
 # Define the secure placeholder value for non-interactive mode
 SECURE_PLACEHOLDER="REPLACED_BY_SCRIPT"
@@ -63,7 +65,7 @@ while IFS= read -r line; do
        VAR_VALUE_LOWER=$(echo "$VAR_VALUE_CLEANED" | tr '[:upper:]' '[:lower:]')
        # 3. Check if the value contains a sensitive keyword
-        if [[ "$VAR_VALUE_LOWER" =~ $KEYWORDS ]]; then
+        if [[ "$VAR_NAME" =~ $KEYWORDS ]]; then
            echo -e "\n⚠️ Sensitive variable found: **$VAR_NAME**"
            echo "Current value: $VAR_VALUE_RAW"
@@ -77,9 +79,16 @@ while IFS= read -r line; do
                # if user entered an empty value, use the original value
                if [ -z "$NEW_VALUE" ]; then
                    if [ -z "$VAR_VALUE_CLEANED" ]; then
                        echo "Original value is empty. Generating a new secure key using bin/create_key..."
                        NEW_VALUE=$($SETUP_DIR/bin/create_key.sh)
                        echo "Generated Key: $NEW_VALUE"
                    else
                        NEW_VALUE="$VAR_VALUE_CLEANED"
                        echo "No input provided. Keeping original value."
                    fi
                fi
                # Add quotes if value contains spaces
                if [[ "$NEW_VALUE" =~ [[:space:]] ]]; then
--- a/bin/setup_gitea.sh
+++ b/bin/setup_gitea.sh
@@ -0,0 +1,35 @@
 # clone the repository
 git clone https://git.nxs.solutions/Fast/gitea.git lib
 # ask the user for the location where to setup Fast
 read -p "Enter the full path where you want to set up Fast (e.g., /opt/gitea): " GITEA_PATH
 # if the user input is empty, use /opt/fast as default
 if [ -z "$GITEA_PATH" ]; then
    GITEA_PATH="/opt/gitea"
 fi
 # create the directory if it doesn't exist
 sudo mkdir -p "$GITEA_PATH"
 sudo cp -r lib/* $GITEA_PATH
 sudo rm -r lib
 sudo chown -R $USER:root $GITEA_PATH
 echo "Gitea has been set up at $GITEA_PATH"
 # write GITEA_PATH to fast .env
 source $USER/.bashrc
 if [ -z "$FAST_PATH" ]; then
    echo "FAST_PATH is not set. Please run setup_fast.sh first."
    exit 1
 else
    echo "GITEA_PATH=$GITEA_PATH" >> $FAST_PATH/.env
 fi
 cd $GITEA_PATH
 ./setup.sh
 echo "Gitea setup script completed."
--- a/config/.env
+++ b/config/.env
@@ -1,25 +1,25 @@
 VERSION=1.0.0
 LOG_LEVEL=DEBUG
-RUNPOD_API_KEY=your_rupod_api_key_here
+RUNPOD_API_KEY=
 REDIS_URL=redis://redis:6379/0
 TASK_MANAGER_URL=http://fastflask-nginx-1/task/api/v1
-TASK_MANAGER_API_KEY=task_manager_api_key
+TASK_MANAGER_API_KEY=
 SECRET_DATABASE_URL=sqlite:////app/data/secret.db
 SECRET_MANAGER_URL=http://fastflask-nginx-1/secret/api/v1
-SECRET_MANAGER_API_KEY=secret_manager_api_key
+SECRET_MANAGER_API_KEY=
 POSTGRES_USER=your_postgres_user
-POSTGRES_PASSWORD=your_postgres_password
+POSTGRES_PASSWORD=
 STORAGE_DIR=/app/data
 ACCESS_DATABASE_URL=sqlite:////app/data/access.db
 ACCESS_MANAGER_URL=http://fastflask-nginx-1/access/api/v1
-ACCESS_MANAGER_API_KEY=access_manager_api_key
+ACCESS_MANAGER_API_KEY=
 PROMETHEUS_URL=http://prometheus:9090
@@ -27,20 +27,21 @@ EXOSCALE_API_KEY=your_exoscale_api_key_here
 EXOSCALE_API_SECRET=your_exoscale_api_secret_here
 STRIPE_SECRET_KEY_PROD=your_stripe_api_secret_here
-STRIPE_SECRET_KEY=your_stripe_api_key_here
+STRIPE_SECRET_KEY=your_stripe_api_secret_here
 ADMIN_USERNAME=your_admin_username_here
-ADMIN_PASSWORD=your_admin_password_here
+ADMIN_PASSWORD=
 ADMIN_EMAIL=your_admin@email.com
 SMPT_SERVER=your_smtp_server.com
 SMPT_PORT=465
-JWT_SECRET_KEY=your_jwt_secret_key_here
+JWT_SECRET_KEY=
 SENDER_USER=your_smtp_username_here
 SENDER_PASSWORD=your_smtp_password_here
 SENDER_EMAIL=your_sender_email_here
 ACTIVATION_URL=https://your.activation.url/here
-PERSONAL_API_KEY=your_personal_api_key_here
+PERSONAL_API_KEY=
--- a/setup.log
+++ b/setup.log
@@ -1,316 +0,0 @@
 Hit:1 http://deb.debian.org/debian trixie InRelease
 Hit:2 http://deb.debian.org/debian trixie-updates InRelease
 Hit:3 https://download.docker.com/linux/debian trixie InRelease
 Hit:4 http://deb.debian.org/debian trixie-backports InRelease
 Hit:5 http://deb.debian.org/debian-security trixie-security InRelease
 Hit:6 http://mirror.hetzner.com/debian/packages trixie InRelease
 Hit:7 http://mirror.hetzner.com/debian/packages trixie-updates InRelease
 Hit:8 https://deb.nodesource.com/node_25.x nodistro InRelease
 Hit:9 http://mirror.hetzner.com/debian/packages trixie-backports InRelease
 Hit:10 http://mirror.hetzner.com/debian/security trixie-security InRelease
 Reading package lists...
 Building dependency tree...
 Reading state information...
 2 packages can be upgraded. Run 'apt list --upgradable' to see them.
 Reading package lists...
 Building dependency tree...
 Reading state information...
 Calculating upgrade...
 Upgrading:
  docker-ce  docker-ce-cli
 Summary:
  Upgrading: 2, Installing: 0, Removing: 0, Not Upgrading: 0
  Download size: 37.3 MB
  Space needed: 5,120 B / 436 GB available
 Continue? [Y/n] Get:1 https://download.docker.com/linux/debian trixie/stable amd64 docker-ce-cli amd64 5:29.1.2-1~debian.13~trixie [16.3 MB]
 Get:2 https://download.docker.com/linux/debian trixie/stable amd64 docker-ce amd64 5:29.1.2-1~debian.13~trixie [21.0 MB]
 Fetched 37.3 MB in 0s (91.1 MB/s)
 (Reading database ... 
 (Reading database ... 5%
 (Reading database ... 10%
 (Reading database ... 15%
 (Reading database ... 20%
 (Reading database ... 25%
 (Reading database ... 30%
 (Reading database ... 35%
 (Reading database ... 40%
 (Reading database ... 45%
 (Reading database ... 50%
 (Reading database ... 55%
 (Reading database ... 60%
 (Reading database ... 65%
 (Reading database ... 70%
 (Reading database ... 75%
 (Reading database ... 80%
 (Reading database ... 85%
 (Reading database ... 90%
 (Reading database ... 95%
 (Reading database ... 100%
 (Reading database ... 52343 files and directories currently installed.)
 Preparing to unpack .../docker-ce-cli_5%3a29.1.2-1~debian.13~trixie_amd64.deb ...
 Unpacking docker-ce-cli (5:29.1.2-1~debian.13~trixie) over (5:29.1.1-1~debian.13~trixie) ...
 Preparing to unpack .../docker-ce_5%3a29.1.2-1~debian.13~trixie_amd64.deb ...
 Unpacking docker-ce (5:29.1.2-1~debian.13~trixie) over (5:29.1.1-1~debian.13~trixie) ...
 Setting up docker-ce-cli (5:29.1.2-1~debian.13~trixie) ...
 Setting up docker-ce (5:29.1.2-1~debian.13~trixie) ...
 Processing triggers for man-db (2.13.1-1) ...
 Reading package lists...
 Building dependency tree...
 Reading state information...
 tmux is already the newest version (3.5a-3).
 neovim is already the newest version (0.10.4-8).
 mosh is already the newest version (1.4.0-1+b2).
 zoxide is already the newest version (0.9.7-1+b1).
 starship is already the newest version (1.22.1-5).
 git is already the newest version (1:2.47.3-0+deb13u1).
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Reading package lists...
 Building dependency tree...
 Reading state information...
 ca-certificates is already the newest version (20250419).
 curl is already the newest version (8.14.1-2+deb13u2).
 build-essential is already the newest version (12.12).
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 [38;5;79m2025-12-03 10:55:55 - Installing pre-requisites[0m
 Hit:1 http://deb.debian.org/debian trixie InRelease
 Hit:2 http://deb.debian.org/debian trixie-updates InRelease
 Hit:3 https://download.docker.com/linux/debian trixie InRelease
 Hit:4 http://deb.debian.org/debian trixie-backports InRelease
 Hit:5 http://deb.debian.org/debian-security trixie-security InRelease
 Hit:6 http://mirror.hetzner.com/debian/packages trixie InRelease
 Hit:7 https://deb.nodesource.com/node_25.x nodistro InRelease
 Hit:8 http://mirror.hetzner.com/debian/packages trixie-updates InRelease
 Hit:9 http://mirror.hetzner.com/debian/packages trixie-backports InRelease
 Hit:10 http://mirror.hetzner.com/debian/security trixie-security InRelease
 Reading package lists...
 Building dependency tree...
 Reading state information...
 All packages are up to date.
 Reading package lists...
 Building dependency tree...
 Reading state information...
 apt-transport-https is already the newest version (3.0.3).
 ca-certificates is already the newest version (20250419).
 curl is already the newest version (8.14.1-2+deb13u2).
 gnupg is already the newest version (2.4.7-21).
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Hit:1 http://deb.debian.org/debian trixie InRelease
 Hit:2 http://deb.debian.org/debian trixie-updates InRelease
 Hit:3 http://deb.debian.org/debian trixie-backports InRelease
 Hit:4 http://deb.debian.org/debian-security trixie-security InRelease
 Hit:5 https://download.docker.com/linux/debian trixie InRelease
 Hit:6 http://mirror.hetzner.com/debian/packages trixie InRelease
 Hit:7 http://mirror.hetzner.com/debian/packages trixie-updates InRelease
 Hit:8 http://mirror.hetzner.com/debian/packages trixie-backports InRelease
 Hit:9 https://deb.nodesource.com/node_25.x nodistro InRelease
 Hit:10 http://mirror.hetzner.com/debian/security trixie-security InRelease
 Reading package lists...
 Building dependency tree...
 Reading state information...
 All packages are up to date.
 [1;34m2025-12-03 10:55:58 - Repository configured successfully.[0m
 [38;5;79m2025-12-03 10:55:58 - To install Node.js, run: apt install nodejs -y[0m
 [38;5;79m2025-12-03 10:55:58 - You can use N|solid Runtime as a node.js alternative[0m
 [1;32m2025-12-03 10:55:58 - To install N|solid Runtime, run: apt install nsolid -y 
 [0m
 Reading package lists...
 Building dependency tree...
 Reading state information...
 nodejs is already the newest version (25.2.0-1nodesource1).
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Types: deb
 URIs: https://download.docker.com/linux/debian
 Suites: trixie
 Components: stable
 Signed-By: /etc/apt/keyrings/docker.asc
 Hit:1 http://deb.debian.org/debian trixie InRelease
 Hit:2 http://deb.debian.org/debian trixie-updates InRelease
 Hit:3 https://download.docker.com/linux/debian trixie InRelease
 Hit:4 http://deb.debian.org/debian trixie-backports InRelease
 Hit:5 http://deb.debian.org/debian-security trixie-security InRelease
 Hit:6 http://mirror.hetzner.com/debian/packages trixie InRelease
 Hit:7 https://deb.nodesource.com/node_25.x nodistro InRelease
 Hit:8 http://mirror.hetzner.com/debian/packages trixie-updates InRelease
 Hit:9 http://mirror.hetzner.com/debian/packages trixie-backports InRelease
 Hit:10 http://mirror.hetzner.com/debian/security trixie-security InRelease
 Reading package lists...
 Building dependency tree...
 Reading state information...
 All packages are up to date.
 Reading package lists...
 Building dependency tree...
 Reading state information...
 Calculating upgrade...
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Reading package lists...
 Building dependency tree...
 Reading state information...
 docker-ce is already the newest version (5:29.1.2-1~debian.13~trixie).
 docker-ce-cli is already the newest version (5:29.1.2-1~debian.13~trixie).
 containerd.io is already the newest version (2.2.0-2~debian.13~trixie).
 docker-buildx-plugin is already the newest version (0.30.1-1~debian.13~trixie).
 docker-compose-plugin is already the newest version (2.40.3-1~debian.13~trixie).
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Docker has been installed and configured.
 Hit:1 http://deb.debian.org/debian trixie InRelease
 Hit:2 http://deb.debian.org/debian trixie-updates InRelease
 Hit:3 https://download.docker.com/linux/debian trixie InRelease
 Hit:4 http://deb.debian.org/debian trixie-backports InRelease
 Hit:5 http://deb.debian.org/debian-security trixie-security InRelease
 Hit:6 http://mirror.hetzner.com/debian/packages trixie InRelease
 Hit:7 http://mirror.hetzner.com/debian/packages trixie-updates InRelease
 Hit:8 https://deb.nodesource.com/node_25.x nodistro InRelease
 Hit:9 http://mirror.hetzner.com/debian/packages trixie-backports InRelease
 Hit:10 http://mirror.hetzner.com/debian/security trixie-security InRelease
 Reading package lists...
 Building dependency tree...
 Reading state information...
 All packages are up to date.
 Reading package lists...
 Building dependency tree...
 Reading state information...
 Calculating upgrade...
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Reading package lists...
 Building dependency tree...
 Reading state information...
 ufw is already the newest version (0.36.2-9).
 Summary:
  Upgrading: 0, Installing: 0, Removing: 0, Not Upgrading: 0
 Skipping adding existing rule
 Skipping adding existing rule (v6)
 Skipping adding existing rule
 Skipping adding existing rule (v6)
 Skipping adding existing rule
 Skipping adding existing rule (v6)
 Skipping adding existing rule
 Skipping adding existing rule (v6)
 Skipping adding existing rule
 Skipping adding existing rule (v6)
 Firewall is active and enabled on system startup
 Status: active
 Logging: on (low)
 Default: deny (incoming), allow (outgoing), deny (routed)
 New profiles: skip
 To                         Action      From
 --                         ------      ----
 22/tcp                     ALLOW IN    Anywhere                  
 80/tcp                     ALLOW IN    Anywhere                  
 443/tcp                    ALLOW IN    Anywhere                  
 2222/tcp                   ALLOW IN    Anywhere                  
 60000:61000/udp            ALLOW IN    Anywhere                  
 22/tcp (v6)                ALLOW IN    Anywhere (v6)             
 80/tcp (v6)                ALLOW IN    Anywhere (v6)             
 443/tcp (v6)               ALLOW IN    Anywhere (v6)             
 2222/tcp (v6)              ALLOW IN    Anywhere (v6)             
 60000:61000/udp (v6)       ALLOW IN    Anywhere (v6)             
 Removing .git directory to detach from the original repository...
 FAST_PATH already exists in .bashrc.
 Overwriting FAST_PATH in .bashrc...
 FAST_PATH updated in .bashrc and sourced.
 Fast has been set up at /opt/fast
 Environment file copied to /opt/fast/.env
 Mode: 🟢 Interactive (Will prompt for input)
 --- .env File Security Checker ---
 Searching for sensitive variables in .env...
 -----------------------------------
 ⚠️ Sensitive variable found: **RUNPOD_API_KEY**
 Current value: your_rupod_api_key_here
 my_runpod_api_key
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **TASK_MANAGER_API_KEY**
 Current value: task_manager_api_key
 asd
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **SECRET_MANAGER_API_KEY**
 Current value: secret_manager_api_key
 aa
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **POSTGRES_USER**
 Current value: your_postgres_user
 admin
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **POSTGRES_PASSWORD**
 Current value: your_postgres_password
 my_admin_postgres_pwd
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **ACCESS_MANAGER_API_KEY**
 Current value: access_manager_api_key
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **EXOSCALE_API_KEY**
 Current value: your_exoscale_api_key_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **STRIPE_SECRET_KEY**
 Current value: your_stripe_api_key_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **ADMIN_USERNAME**
 Current value: your_admin_username_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **ADMIN_PASSWORD**
 Current value: your_admin_password_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **ADMIN_EMAIL**
 Current value: your_admin@email.com
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **JWT_SECRET_KEY**
 Current value: your_jwt_secret_key_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **SENDER_USER**
 Current value: your_smtp_username_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **SENDER_PASSWORD**
 Current value: your_smtp_password_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **SENDER_EMAIL**
 Current value: your_sender_email_here
 No input provided. Keeping original value.
 Action: Manual update applied.
 ⚠️ Sensitive variable found: **PERSONAL_API_KEY**
 Current value: your_personal_api_key_here
--- a/setup.sh
+++ b/setup.sh
@@ -33,5 +33,13 @@ if [[ "$START_BUILD" == "y" || "$START_BUILD" == "Y" || $START_BUILD == "" ]]; t
    $PWD/bin/start_build.sh
 fi
 # Ask user if they want to install Gitea now for self-hosted git
 read -p "Do you want to set up Gitea (self-hosted git service)? (Y/n): " SETUP_GITEA
 if [[ "$SETUP_GITEA" == "y" || "$SETUP_GITEA" == "Y" || $SETUP_GITEA == "" ]]; then
    $PWD/bin/setup_gitea.sh
 fi
 sudo apt autoremove -y