#!/bin/bash SETUP_DIR=$PWD # check if FAST_PATH is set, if not exit with a message if [ -z "$FAST_PATH" ]; then echo "FAST_PATH is not set." exit 1 fi sudo cp $PWD/config/.env $FAST_PATH/.env echo "Environment file copied to $FAST_PATH/.env" cd $FAST_PATH # Define the file to process ENV_FILE=".env" # Define the keywords to look for (case-insensitive search for the value part) KEYWORDS="(KEY|USER|PASSWORD|EMAIL)" # Define the secure placeholder value for non-interactive mode SECURE_PLACEHOLDER="REPLACED_BY_SCRIPT" # Flag to check if the script is running interactively (can prompt for input) # If stdin is connected to a terminal, it's interactive. if [[ -t 0 ]]; then IS_INTERACTIVE=true echo "Mode: šŸŸ¢ Interactive (Will prompt for input)" else IS_INTERACTIVE=false echo "Mode: šŸ”“ Non-Interactive (Will use placeholder: $SECURE_PLACEHOLDER)" fi # Check if the .env file exists if [ ! -f "$ENV_FILE" ]; then echo "Error: .env file not found at $ENV_FILE" exit 1 fi echo "--- .env File Security Checker ---" echo "Searching for sensitive variables in $ENV_FILE..." echo "-----------------------------------" # Create a temporary file to store the modified content TEMP_FILE=$(mktemp) # Loop through each line while IFS= read -r line; do # 1. Skip comments and empty lines if [[ "$line" =~ ^\#.* ]] || [[ -z "$line" ]]; then echo "$line" >> "$TEMP_FILE" continue fi # 2. Extract the Variable Name and Value (must match VAR=VAL format) if [[ "$line" =~ ^([[:alnum:]_]+)=.* ]]; then VAR_NAME="${BASH_REMATCH[1]}" VAR_VALUE_RAW="${line#*=}" # Clean quotes and convert value to lowercase for reliable keyword checking VAR_VALUE_CLEANED="${VAR_VALUE_RAW%\"}"; VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED#\"}" VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED%\'}"; VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED#\'}" VAR_VALUE_LOWER=$(echo "$VAR_VALUE_CLEANED" | tr '[:upper:]' '[:lower:]') # 3. Check if the value contains a sensitive keyword if [[ "$VAR_NAME" =~ $KEYWORDS ]]; then echo -e "\nāš ļø Sensitive variable found: **$VAR_NAME**" echo "Current value: $VAR_VALUE_RAW" NEW_LINE="" if $IS_INTERACTIVE; then # INTERACTIVE MODE: Prompt the user read -r -p "Enter a new secure value for $VAR_NAME: " NEW_VALUE < /dev/tty echo $NEW_VALUE # if user entered an empty value, use the original value if [ -z "$NEW_VALUE" ]; then if [ -z "$VAR_VALUE_CLEANED" ]; then echo "Original value is empty. Generating a new secure key using bin/create_key..." NEW_VALUE=$($SETUP_DIR/bin/create_key.sh) echo "Generated Key: $NEW_VALUE" else NEW_VALUE="$VAR_VALUE_CLEANED" echo "No input provided. Keeping original value." fi fi # Add quotes if value contains spaces if [[ "$NEW_VALUE" =~ [[:space:]] ]]; then NEW_LINE="$VAR_NAME=\"$NEW_VALUE\"" else NEW_LINE="$VAR_NAME=$NEW_VALUE" fi echo "Action: Manual update applied." else # NON-INTERACTIVE MODE: Use the placeholder NEW_LINE="$VAR_NAME=$SECURE_PLACEHOLDER" echo "Action: Automatically set to placeholder for non-interactive run." fi # Write the new line echo "$NEW_LINE" >> "$TEMP_FILE" continue fi fi # 4. Write the line unchanged if not sensitive echo "$line" >> "$TEMP_FILE" done < "$ENV_FILE" # Insert DOCKER_GROUP_ID DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock) echo -e "\n--- adding DOCKER_GROUP_ID=$DOCKER_GROUP_ID to .env ---" echo "DOCKER_GROUP_ID=$DOCKER_GROUP_ID" >> "$TEMP_FILE" # Generate DATA_MANGER_DB_URL # check if POSTGRES_USER and POSTGRES_PASSWORD are set, else add the DATA_MANAGER_DB_URL without credentials POSTGRES_USER=$(grep -E '^POSTGRES_USER=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"') POSTGRES_PASSWORD=$(grep -E '^POSTGRES_PASSWORD=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"') if [ -z "$POSTGRES_USER" ] || [ -z "$POSTGRES_PASSWORD" ]; then DATA_MANAGER_DB_URL=postgresql://data_db:5432/user_data else DATA_MANAGER_DB_URL=postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@data_db:5432/user_data fi echo -e "\n--- adding DATA_MANAGER_DB_URL to .env ---" echo "DATA_MANAGER_DB_URL=$DATA_MANAGER_DB_URL" >> "$TEMP_FILE" # 5. Overwrite the original .env file with the content of the temporary file echo -e "\n--- Finalizing Update ---" sudo mv -f "$TEMP_FILE" "$ENV_FILE" echo "āœ… All updates applied. The original $ENV_FILE has been overwritten."