librelad 07b3e7896d refactor(de-sudo): drop pointless sudo on htpasswd hash computation
htpasswd -bnBC just computes a bcrypt hash to stdout (no file/root access), so
the sudo was unnecessary — drop it in the adguard/focalboard/invidious auth
helpers and password_hash. (App-config file edits owned by container UIDs —
owncloud config.php/adguard yaml — are deferred as category-3 cross-owner work
for the root-owned ownership helper.)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 17:06:46 +01:00

36 lines
1.1 KiB
Bash
Executable File

#!/bin/bash
hashPassword()
{
local password="$1"
# htpasswd first (local, instant). docker fallback pulls a ~50MB image.
if command -v htpasswd &>/dev/null; then
local bcrypt_hash
bcrypt_hash=$(htpasswd -bnBC 10 "" "$password" | tr -d ':\n')
if [[ -n "$bcrypt_hash" ]]; then
bcrypt_hash=$(echo "$bcrypt_hash" | awk -F= '{print $NF}')
local escaped_hash
escaped_hash=$(echo "$bcrypt_hash" | sed 's/\$/\$\$/g')
echo "$escaped_hash"
return 0
fi
fi
if command -v docker &>/dev/null; then
local bcrypt_hash
bcrypt_hash=$(runFileOp docker run --rm ghcr.io/wg-easy/wg-easy wgpw "$password" 2>/dev/null | tr -d '\n')
if [[ -n "$bcrypt_hash" ]]; then
bcrypt_hash=$(echo "$bcrypt_hash" | awk -F= '{print $NF}')
local escaped_hash
escaped_hash=$(echo "$bcrypt_hash" | sed 's/\$/\$\$/g')
echo "$escaped_hash"
return 0
fi
fi
isError "Failed to generate bcrypt hash."
return 1
}