LibrePortal/scripts/cli/commands/webui/cli_webui_commands.sh
librelad 8b14f26125 refactor(desudo): route scattered runtime sudo through privilege helpers
Convert the remaining ad-hoc 'sudo' calls across the data plane to the
run_privileged helpers so every file op lands as the correct owner with
no blanket root:

- DB/configs (manager-owned): db_list_all_apps, delete_db_file,
  install_sqlite, cli_webui_commands -> runInstallOp
- containers (dockerinstall-owned): scan_container_socket, delete_data,
  webui_task_files, webui_app_log, webui_config_patch,
  application_missing_variables, uninstall_app -> runFileOp/runFileWrite
- genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd
  unit read, authorized_keys read, nobody chown -> runSystem
- interactive editors and 'id -u': drop sudo entirely (run as caller)
- owncloud/adguard container-UID config edits -> runSystem (funnel;
  docker-exec rework deferred)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 18:00:19 +01:00

108 lines
3.7 KiB
Bash
Executable File

#!/bin/bash
# WebUI Commands Handler
# Handles all webui subcommands by calling core functions
cliHandleWebuiCommands()
{
local action="$initial_command2"
local config_type="$initial_command3"
local options="$initial_command4"
if [[ -z "$action" ]]; then
cliShowWebuiHelp
fi
case "$action" in
"generate")
if [[ -z "$config_type" ]]; then
isNotice "Generate option required. Use: backup [source] or config [options]"
cliShowWebuiHelp
elif [ "$config_type" = "backup" ]; then
webuiGenerateBackupLocations
webuiGenerateBackupDashboard
webuiGenerateBackupSnapshots "${options:-all}"
webuiGenerateBackupAppStatus
webuiGenerateBackupSchema
webuiGenerateBackupPasswords
elif [ "$config_type" = "system" ]; then
webuiSystemUpdate
elif [ "$config_type" = "config" ]; then
webuiGenerateSystemConfigs
elif [ "$config_type" = "all" ]; then
webuiLibrePortalUpdate
else
isNotice "Invalid generate option: $config_type. Use: backup, system, config, or all"
cliShowWebuiHelp
fi
;;
"service")
installLibrePortalWebUITaskService;
;;
"login")
case "$config_type" in
"show")
sourceScanFiles "libreportal_configs"
if [[ -z "$CFG_WEBUI_USERNAME" || -z "$CFG_WEBUI_PASSWORD" ]]; then
isError "WebUI credentials not found. Run 'libreportal webui login reset' to generate."
return 1
fi
webuiDisplayLogins "show"
;;
"reset"|"recover")
cliWebuiLoginReset
;;
*)
isNotice "Invalid login action: $config_type. Use: show, reset"
cliShowWebuiHelp
;;
esac
;;
"recover")
isNotice "'libreportal webui recover' is deprecated — use 'libreportal webui login reset'."
cliWebuiLoginReset
;;
*)
isNotice "Invalid webui action: $action"
cliShowWebuiHelp
;;
esac
}
cliWebuiLoginReset()
{
local auth_file="$containers_dir/libreportal/frontend/.auth.json"
local webui_logins_file="$configs_dir/webui/webui_logins"
isNotice "Resetting WebUI credentials..."
# Restore placeholders so the scan re-randomizes them
if [ -f "$webui_logins_file" ]; then
runInstallOp sed -i -E 's/^(CFG_WEBUI_USERNAME=).*$/\1RANDOMIZEDUSERNAME1/' "$webui_logins_file"
runInstallOp sed -i -E 's/^(CFG_WEBUI_PASSWORD=).*$/\1RANDOMIZEDPASSWORD1/' "$webui_logins_file"
fi
# Remove auth file to force credential regeneration on next container start
if [ -f "$auth_file" ]; then
rm -f "$auth_file"
isSuccessful "Removed WebUI auth file."
fi
# Re-randomize credentials in webui_logins
scanFileForRandomPasswordKeysUsers "$webui_logins_file"
sourceScanFiles "libreportal_configs"
isSuccessful "WebUI credentials have been reset."
# Regenerate all WebUI config files
isNotice "Regenerating WebUI config files..."
webuiLibrePortalUpdate
# Restart the libreportal container so it picks up the new credentials
isNotice "Restarting LibrePortal container..."
dockerComposeRestart libreportal
isSuccessful "LibrePortal container restarted."
# Display the new credentials
webuiDisplayLogins "reset"
}