refactor(de-sudo): config/password processors off raw sudo
scanConfigsForRandomPassword iterates $configs_dir (manager-owned), so the placeholder grep/sed/awk on the config file -> runInstallOp. The bcrypt export log ($containers_dir/bcrypt.txt) is docker-install-owned, so its touch/chmod/ sed/grep/append -> runFileOp/runFileWrite (NOT runInstallOp). Covers all password_replace*/password_user_replace/password_update_all and bcrypt/*. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
cf148327fd
commit
5ceef2df6a
@ -9,26 +9,26 @@ exportBcryptPassword()
|
||||
local file="$4" # File where the placeholder was found
|
||||
local log_file="$containers_dir/bcrypt.txt"
|
||||
|
||||
# Ensure log file exists
|
||||
# bcrypt.txt lives under containers_dir (docker-install-owned) -> runFileOp.
|
||||
if [ ! -f "$log_file" ]; then
|
||||
local result=$(sudo touch "$log_file")
|
||||
local result=$(runFileOp touch "$log_file")
|
||||
checkSuccess "Created bcrypt.txt file."
|
||||
|
||||
local result=$(sudo chmod 600 "$log_file")
|
||||
local result=$(runFileOp chmod 600 "$log_file")
|
||||
checkSuccess "Adjusted bcrypt.txt file permissions."
|
||||
fi
|
||||
|
||||
# Extract the correct variable name (e.g., PASSWORD_HASH) before the placeholder
|
||||
local variable_name
|
||||
variable_name=$(sudo awk -F= '/'"$placeholder"'/ { gsub(/^[ \t-]+/, "", $1); print $1; exit }' "$file")
|
||||
variable_name=$(runInstallOp awk -F= '/'"$placeholder"'/ { gsub(/^[ \t-]+/, "", $1); print $1; exit }' "$file")
|
||||
|
||||
if [ -n "$variable_name" ]; then
|
||||
# Remove old password entries for this app & variable
|
||||
local result=$(sudo sed -i "/^$app_name $variable_name /d" "$log_file")
|
||||
local result=$(runFileOp sed -i "/^$app_name $variable_name /d" "$log_file")
|
||||
checkSuccess "Removed existing entry for $app_name $variable_name from bcrypt.txt."
|
||||
|
||||
# Log new password
|
||||
local result=$(echo "$app_name $variable_name $raw_password" | sudo tee -a "$log_file" > /dev/null)
|
||||
local result=$(echo "$app_name $variable_name $raw_password" | runFileWrite -a "$log_file" > /dev/null)
|
||||
checkSuccess "Logged $app_name $variable_name in bcrypt.txt."
|
||||
else
|
||||
checkSuccess "Could not extract a variable name before $placeholder in $file."
|
||||
|
||||
@ -8,7 +8,7 @@ processBcryptPassword()
|
||||
|
||||
# Extract the variable name before the placeholder
|
||||
local variable_name
|
||||
variable_name=$(sudo awk -F= '/'"$placeholder"'/ { gsub(/^[ \t-]+/, "", $1); print $1; exit }' "$file")
|
||||
variable_name=$(runInstallOp awk -F= '/'"$placeholder"'/ { gsub(/^[ \t-]+/, "", $1); print $1; exit }' "$file")
|
||||
|
||||
if [ -z "$variable_name" ]; then
|
||||
isError " Could not extract variable name before $placeholder."
|
||||
@ -35,11 +35,11 @@ processBcryptPassword()
|
||||
# Remove any single quotes from the bcrypt hash
|
||||
bcrypt_password=$(echo "$bcrypt_password" | tr -d "'")
|
||||
|
||||
local result=$(sudo sed -i -E "s#$placeholder#$bcrypt_password#g" "$file")
|
||||
local result=$(runInstallOp sed -i -E "s#$placeholder#$bcrypt_password#g" "$file")
|
||||
checkSuccess "Use sed to replace placeholder with bcrypt hash"
|
||||
|
||||
# Verify replacement
|
||||
if sudo grep -q "$bcrypt_password" "$file"; then
|
||||
if runInstallOp grep -q "$bcrypt_password" "$file"; then
|
||||
isSuccessful "Updated $variable_name in $(basename "$file")."
|
||||
else
|
||||
isError "ERROR: sed failed to replace $placeholder in $file."
|
||||
|
||||
@ -7,7 +7,7 @@ replaceBcryptPasswords()
|
||||
app_name=$(basename "$(dirname "$file")")
|
||||
|
||||
# Only scan for bcrypt placeholders that actually exist in the file
|
||||
local existing_placeholders=$(sudo grep -oE 'RANDOMIZEDBCRYPTPASSWORD[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
local existing_placeholders=$(runInstallOp grep -oE 'RANDOMIZEDBCRYPTPASSWORD[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
|
||||
if [[ -n "$existing_placeholders" ]]; then
|
||||
while IFS= read -r placeholder; do
|
||||
|
||||
@ -7,7 +7,7 @@ getStoredPassword()
|
||||
local log_file="$containers_dir/bcrypt.txt"
|
||||
|
||||
if [ -f "$log_file" ]; then
|
||||
sudo grep "^$app_name $variable_name " "$log_file" | awk '{print $3}' | tail -n 1
|
||||
runFileOp grep "^$app_name $variable_name " "$log_file" | awk '{print $3}' | tail -n 1
|
||||
else
|
||||
echo ""
|
||||
fi
|
||||
|
||||
@ -5,7 +5,7 @@ replaceHexKeys()
|
||||
local file="$1"
|
||||
|
||||
# Only scan for hex placeholders that actually exist in the file
|
||||
local existing_placeholders=$(sudo grep -oE 'RANDOMIZEDHEX[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
local existing_placeholders=$(runInstallOp grep -oE 'RANDOMIZEDHEX[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
|
||||
if [[ -n "$existing_placeholders" ]]; then
|
||||
while IFS= read -r placeholder; do
|
||||
@ -13,7 +13,7 @@ replaceHexKeys()
|
||||
local hex_key
|
||||
hex_key=$(openssl rand -hex 32)
|
||||
|
||||
sudo sed -i "s/${placeholder}/${hex_key}/g" "$file"
|
||||
runInstallOp sed -i "s/${placeholder}/${hex_key}/g" "$file"
|
||||
checkSuccess "Updated ${placeholder} in $(basename "$file") with a new hex key."
|
||||
fi
|
||||
done <<< "$existing_placeholders"
|
||||
|
||||
@ -5,7 +5,7 @@ replaceVAPIDKeys()
|
||||
local file="$1"
|
||||
|
||||
# Only scan for VAPID placeholders that actually exist in the file
|
||||
local existing_placeholders=$(sudo grep -oE 'RANDOMIZEDVAPID[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
local existing_placeholders=$(runInstallOp grep -oE 'RANDOMIZEDVAPID[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
|
||||
if [[ -n "$existing_placeholders" ]]; then
|
||||
while IFS= read -r placeholder; do
|
||||
@ -13,7 +13,7 @@ replaceVAPIDKeys()
|
||||
local vapid_key
|
||||
vapid_key=$(openssl rand -base64 32 | tr -d '+/=' | tr -cd '[:alnum:]')
|
||||
|
||||
sudo sed -i "s/${placeholder}/${vapid_key}/g" "$file"
|
||||
runInstallOp sed -i "s/${placeholder}/${vapid_key}/g" "$file"
|
||||
checkSuccess "Updated ${placeholder} in $(basename "$file") with a new VAPID key."
|
||||
fi
|
||||
done <<< "$existing_placeholders"
|
||||
|
||||
@ -5,13 +5,13 @@ replacePlainPasswords()
|
||||
local file="$1"
|
||||
|
||||
# Only scan for placeholders that actually exist in the file
|
||||
local existing_placeholders=$(sudo grep -oE 'RANDOMIZEDPASSWORD[0-9]+' "$file" 2>/dev/null | sort -u)
|
||||
local existing_placeholders=$(runInstallOp grep -oE 'RANDOMIZEDPASSWORD[0-9]+' "$file" 2>/dev/null | sort -u)
|
||||
|
||||
if [[ -n "$existing_placeholders" ]]; then
|
||||
while IFS= read -r password_placeholder; do
|
||||
if [[ -n "$password_placeholder" ]]; then
|
||||
local random_password=$(generateRandomPassword)
|
||||
sudo sed -i 's/'"${password_placeholder}"'/'"${random_password}"'/g' "$file"
|
||||
runInstallOp sed -i 's/'"${password_placeholder}"'/'"${random_password}"'/g' "$file"
|
||||
checkSuccess "Updated ${password_placeholder} in $(basename "$file")."
|
||||
fi
|
||||
done <<< "$existing_placeholders"
|
||||
|
||||
@ -8,14 +8,14 @@ replaceLaravelAppKeys()
|
||||
{
|
||||
local file="$1"
|
||||
|
||||
local existing_placeholders=$(sudo grep -oE 'RANDOMIZEDAPPKEY[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
local existing_placeholders=$(runInstallOp grep -oE 'RANDOMIZEDAPPKEY[0-9]*' "$file" 2>/dev/null | sort -u)
|
||||
|
||||
if [[ -n "$existing_placeholders" ]]; then
|
||||
while IFS= read -r placeholder; do
|
||||
if [[ -n "$placeholder" ]]; then
|
||||
local app_key
|
||||
app_key="base64:$(openssl rand -base64 32)"
|
||||
sudo sed -i "s#${placeholder}#${app_key}#g" "$file"
|
||||
runInstallOp sed -i "s#${placeholder}#${app_key}#g" "$file"
|
||||
checkSuccess "Updated ${placeholder} in $(basename "$file") with a new Laravel APP_KEY."
|
||||
fi
|
||||
done <<< "$existing_placeholders"
|
||||
|
||||
@ -11,7 +11,7 @@ scanConfigsForRandomPassword()
|
||||
# Find all config files in subdirectories (excluding .category files)
|
||||
find "$configs_dir" -type f ! -name "*.category" -print0 | while IFS= read -r -d '' scanned_config_file; do
|
||||
# Check for placeholders in the file
|
||||
if sudo grep -qE "$passplaceholder|$bcryptplaceholder" "$scanned_config_file"; then
|
||||
if runInstallOp grep -qE "$passplaceholder|$bcryptplaceholder" "$scanned_config_file"; then
|
||||
scanFileForRandomPasswordKeysUsers "$scanned_config_file"
|
||||
fi
|
||||
done
|
||||
|
||||
@ -5,13 +5,13 @@ replaceRandomUsernames()
|
||||
local file="$1"
|
||||
|
||||
# Only scan for placeholders that actually exist in the file
|
||||
local existing_placeholders=$(sudo grep -oE 'RANDOMIZEDUSERNAME[0-9]+' "$file" 2>/dev/null | sort -u)
|
||||
local existing_placeholders=$(runInstallOp grep -oE 'RANDOMIZEDUSERNAME[0-9]+' "$file" 2>/dev/null | sort -u)
|
||||
|
||||
if [[ -n "$existing_placeholders" ]]; then
|
||||
while IFS= read -r username_placeholder; do
|
||||
if [[ -n "$username_placeholder" ]]; then
|
||||
local random_username=$(generateRandomUsername)
|
||||
sudo sed -i 's/'"${username_placeholder}"'/'"${random_username}"'/g' "$file"
|
||||
runInstallOp sed -i 's/'"${username_placeholder}"'/'"${random_username}"'/g' "$file"
|
||||
checkSuccess "Updated ${username_placeholder} in $(basename "$file")."
|
||||
fi
|
||||
done <<< "$existing_placeholders"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user