Convert the remaining ad-hoc 'sudo' calls across the data plane to the run_privileged helpers so every file op lands as the correct owner with no blanket root: - DB/configs (manager-owned): db_list_all_apps, delete_db_file, install_sqlite, cli_webui_commands -> runInstallOp - containers (dockerinstall-owned): scan_container_socket, delete_data, webui_task_files, webui_app_log, webui_config_patch, application_missing_variables, uninstall_app -> runFileOp/runFileWrite - genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd unit read, authorized_keys read, nobody chown -> runSystem - interactive editors and 'id -u': drop sudo entirely (run as caller) - owncloud/adguard container-UID config edits -> runSystem (funnel; docker-exec rework deferred) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
108 lines
3.7 KiB
Bash
Executable File
108 lines
3.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# WebUI Commands Handler
|
|
# Handles all webui subcommands by calling core functions
|
|
|
|
cliHandleWebuiCommands()
|
|
{
|
|
local action="$initial_command2"
|
|
local config_type="$initial_command3"
|
|
local options="$initial_command4"
|
|
|
|
if [[ -z "$action" ]]; then
|
|
cliShowWebuiHelp
|
|
fi
|
|
|
|
case "$action" in
|
|
"generate")
|
|
if [[ -z "$config_type" ]]; then
|
|
isNotice "Generate option required. Use: backup [source] or config [options]"
|
|
cliShowWebuiHelp
|
|
elif [ "$config_type" = "backup" ]; then
|
|
webuiGenerateBackupLocations
|
|
webuiGenerateBackupDashboard
|
|
webuiGenerateBackupSnapshots "${options:-all}"
|
|
webuiGenerateBackupAppStatus
|
|
webuiGenerateBackupSchema
|
|
webuiGenerateBackupPasswords
|
|
elif [ "$config_type" = "system" ]; then
|
|
webuiSystemUpdate
|
|
elif [ "$config_type" = "config" ]; then
|
|
webuiGenerateSystemConfigs
|
|
elif [ "$config_type" = "all" ]; then
|
|
webuiLibrePortalUpdate
|
|
else
|
|
isNotice "Invalid generate option: $config_type. Use: backup, system, config, or all"
|
|
cliShowWebuiHelp
|
|
fi
|
|
;;
|
|
"service")
|
|
installLibrePortalWebUITaskService;
|
|
;;
|
|
"login")
|
|
case "$config_type" in
|
|
"show")
|
|
sourceScanFiles "libreportal_configs"
|
|
if [[ -z "$CFG_WEBUI_USERNAME" || -z "$CFG_WEBUI_PASSWORD" ]]; then
|
|
isError "WebUI credentials not found. Run 'libreportal webui login reset' to generate."
|
|
return 1
|
|
fi
|
|
webuiDisplayLogins "show"
|
|
;;
|
|
"reset"|"recover")
|
|
cliWebuiLoginReset
|
|
;;
|
|
*)
|
|
isNotice "Invalid login action: $config_type. Use: show, reset"
|
|
cliShowWebuiHelp
|
|
;;
|
|
esac
|
|
;;
|
|
"recover")
|
|
isNotice "'libreportal webui recover' is deprecated — use 'libreportal webui login reset'."
|
|
cliWebuiLoginReset
|
|
;;
|
|
*)
|
|
isNotice "Invalid webui action: $action"
|
|
cliShowWebuiHelp
|
|
;;
|
|
esac
|
|
}
|
|
|
|
cliWebuiLoginReset()
|
|
{
|
|
local auth_file="$containers_dir/libreportal/frontend/.auth.json"
|
|
local webui_logins_file="$configs_dir/webui/webui_logins"
|
|
|
|
isNotice "Resetting WebUI credentials..."
|
|
|
|
# Restore placeholders so the scan re-randomizes them
|
|
if [ -f "$webui_logins_file" ]; then
|
|
runInstallOp sed -i -E 's/^(CFG_WEBUI_USERNAME=).*$/\1RANDOMIZEDUSERNAME1/' "$webui_logins_file"
|
|
runInstallOp sed -i -E 's/^(CFG_WEBUI_PASSWORD=).*$/\1RANDOMIZEDPASSWORD1/' "$webui_logins_file"
|
|
fi
|
|
|
|
# Remove auth file to force credential regeneration on next container start
|
|
if [ -f "$auth_file" ]; then
|
|
rm -f "$auth_file"
|
|
isSuccessful "Removed WebUI auth file."
|
|
fi
|
|
|
|
# Re-randomize credentials in webui_logins
|
|
scanFileForRandomPasswordKeysUsers "$webui_logins_file"
|
|
sourceScanFiles "libreportal_configs"
|
|
isSuccessful "WebUI credentials have been reset."
|
|
|
|
# Regenerate all WebUI config files
|
|
isNotice "Regenerating WebUI config files..."
|
|
webuiLibrePortalUpdate
|
|
|
|
# Restart the libreportal container so it picks up the new credentials
|
|
isNotice "Restarting LibrePortal container..."
|
|
dockerComposeRestart libreportal
|
|
isSuccessful "LibrePortal container restarted."
|
|
|
|
# Display the new credentials
|
|
webuiDisplayLogins "reset"
|
|
}
|