142 lines
4.9 KiB
Bash
Executable File
142 lines
4.9 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
SETUP_DIR=$PWD
|
||
|
||
# check if FAST_PATH is set, if not exit with a message
|
||
if [ -z "$FAST_PATH" ]; then
|
||
echo "FAST_PATH is not set."
|
||
exit 1
|
||
fi
|
||
|
||
sudo cp $PWD/config/.env $FAST_PATH/.env
|
||
echo "Environment file copied to $FAST_PATH/.env"
|
||
|
||
cd $FAST_PATH
|
||
|
||
# Define the file to process
|
||
ENV_FILE=".env"
|
||
|
||
# Define the keywords to look for (case-insensitive search for the value part)
|
||
KEYWORDS="(KEY|USER|PASSWORD|EMAIL)"
|
||
|
||
# Define the secure placeholder value for non-interactive mode
|
||
SECURE_PLACEHOLDER="REPLACED_BY_SCRIPT"
|
||
|
||
# Flag to check if the script is running interactively (can prompt for input)
|
||
# If stdin is connected to a terminal, it's interactive.
|
||
if [[ -t 0 ]]; then
|
||
IS_INTERACTIVE=true
|
||
echo "Mode: 🟢 Interactive (Will prompt for input)"
|
||
else
|
||
IS_INTERACTIVE=false
|
||
echo "Mode: 🔴 Non-Interactive (Will use placeholder: $SECURE_PLACEHOLDER)"
|
||
fi
|
||
|
||
# Check if the .env file exists
|
||
if [ ! -f "$ENV_FILE" ]; then
|
||
echo "Error: .env file not found at $ENV_FILE"
|
||
exit 1
|
||
fi
|
||
|
||
echo "--- .env File Security Checker ---"
|
||
echo "Searching for sensitive variables in $ENV_FILE..."
|
||
echo "-----------------------------------"
|
||
|
||
# Create a temporary file to store the modified content
|
||
TEMP_FILE=$(mktemp)
|
||
|
||
# Loop through each line
|
||
while IFS= read -r line; do
|
||
|
||
# 1. Skip comments and empty lines
|
||
if [[ "$line" =~ ^\#.* ]] || [[ -z "$line" ]]; then
|
||
echo "$line" >> "$TEMP_FILE"
|
||
continue
|
||
fi
|
||
|
||
# 2. Extract the Variable Name and Value (must match VAR=VAL format)
|
||
if [[ "$line" =~ ^([[:alnum:]_]+)=.* ]]; then
|
||
VAR_NAME="${BASH_REMATCH[1]}"
|
||
VAR_VALUE_RAW="${line#*=}"
|
||
|
||
# Clean quotes and convert value to lowercase for reliable keyword checking
|
||
VAR_VALUE_CLEANED="${VAR_VALUE_RAW%\"}"; VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED#\"}"
|
||
VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED%\'}"; VAR_VALUE_CLEANED="${VAR_VALUE_CLEANED#\'}"
|
||
VAR_VALUE_LOWER=$(echo "$VAR_VALUE_CLEANED" | tr '[:upper:]' '[:lower:]')
|
||
|
||
# 3. Check if the value contains a sensitive keyword
|
||
if [[ "$VAR_NAME" =~ $KEYWORDS ]]; then
|
||
|
||
echo -e "\n⚠️ Sensitive variable found: **$VAR_NAME**"
|
||
echo "Current value: $VAR_VALUE_RAW"
|
||
|
||
NEW_LINE=""
|
||
|
||
if $IS_INTERACTIVE; then
|
||
# INTERACTIVE MODE: Prompt the user
|
||
read -r -p "Enter a new secure value for $VAR_NAME: " NEW_VALUE < /dev/tty
|
||
echo $NEW_VALUE
|
||
|
||
# if user entered an empty value, use the original value
|
||
if [ -z "$NEW_VALUE" ]; then
|
||
|
||
if [ -z "$VAR_VALUE_CLEANED" ]; then
|
||
echo "Original value is empty. Generating a new secure key using bin/create_key..."
|
||
NEW_VALUE=$($SETUP_DIR/bin/create_key.sh)
|
||
echo "Generated Key: $NEW_VALUE"
|
||
else
|
||
NEW_VALUE="$VAR_VALUE_CLEANED"
|
||
echo "No input provided. Keeping original value."
|
||
fi
|
||
fi
|
||
|
||
# Add quotes if value contains spaces
|
||
if [[ "$NEW_VALUE" =~ [[:space:]] ]]; then
|
||
NEW_LINE="$VAR_NAME=\"$NEW_VALUE\""
|
||
else
|
||
NEW_LINE="$VAR_NAME=$NEW_VALUE"
|
||
fi
|
||
echo "Action: Manual update applied."
|
||
else
|
||
# NON-INTERACTIVE MODE: Use the placeholder
|
||
NEW_LINE="$VAR_NAME=$SECURE_PLACEHOLDER"
|
||
echo "Action: Automatically set to placeholder for non-interactive run."
|
||
fi
|
||
|
||
# Write the new line
|
||
echo "$NEW_LINE" >> "$TEMP_FILE"
|
||
continue
|
||
fi
|
||
fi
|
||
|
||
# 4. Write the line unchanged if not sensitive
|
||
echo "$line" >> "$TEMP_FILE"
|
||
|
||
done < "$ENV_FILE"
|
||
|
||
# Insert DOCKER_GROUP_ID
|
||
DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
|
||
echo -e "\n--- adding DOCKER_GROUP_ID=$DOCKER_GROUP_ID to .env ---"
|
||
echo "DOCKER_GROUP_ID=$DOCKER_GROUP_ID" >> "$TEMP_FILE"
|
||
|
||
# Generate DATA_MANGER_DB_URL
|
||
# check if POSTGRES_USER and POSTGRES_PASSWORD are set, else add the DATA_MANAGER_DB_URL without credentials
|
||
POSTGRES_USER=$(grep -E '^POSTGRES_USER=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"')
|
||
POSTGRES_PASSWORD=$(grep -E '^POSTGRES_PASSWORD=' "$ENV_FILE" | cut -d '=' -f2 | tr -d '"')
|
||
|
||
if [ -z "$POSTGRES_USER" ] || [ -z "$POSTGRES_PASSWORD" ]; then
|
||
DATA_MANAGER_DB_URL=postgresql://data_db:5432/user_data
|
||
else
|
||
DATA_MANAGER_DB_URL=postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@data_db:5432/user_data
|
||
fi
|
||
|
||
echo -e "\n--- adding DATA_MANAGER_DB_URL to .env ---"
|
||
|
||
echo "DATA_MANAGER_DB_URL=$DATA_MANAGER_DB_URL" >> "$TEMP_FILE"
|
||
|
||
# 5. Overwrite the original .env file with the content of the temporary file
|
||
echo -e "\n--- Finalizing Update ---"
|
||
sudo mv -f "$TEMP_FILE" "$ENV_FILE"
|
||
|
||
echo "✅ All updates applied. The original $ENV_FILE has been overwritten."
|