diff --git a/deploy/setup.sh b/deploy/setup.sh index fd9848d..f42b7d2 100644 --- a/deploy/setup.sh +++ b/deploy/setup.sh @@ -17,10 +17,10 @@ GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color -# Function to generate random string +# Function to generate random string (alphanumeric only to avoid sed issues) generate_secret() { local length=${1:-32} - openssl rand -base64 $length | tr -d '\n' + openssl rand -hex $length | head -c $length } # Function to generate JWT token @@ -30,19 +30,39 @@ generate_jwt() { # JWT Header (base64url encoded) local header='{"alg":"HS256","typ":"JWT"}' - local header_b64=$(echo -n "$header" | base64 | tr '+/' '-_' | tr -d '=') + local header_b64=$(echo -n "$header" | base64 | tr '+/' '-_' | tr -d '=' | tr -d '\n') # JWT Payload - 100 years expiry local exp=$(($(date +%s) + 3153600000)) local payload="{\"role\":\"$role\",\"iss\":\"supabase\",\"iat\":$(date +%s),\"exp\":$exp}" - local payload_b64=$(echo -n "$payload" | base64 | tr '+/' '-_' | tr -d '=') + local payload_b64=$(echo -n "$payload" | base64 | tr '+/' '-_' | tr -d '=' | tr -d '\n') # Create signature - local signature=$(echo -n "${header_b64}.${payload_b64}" | openssl dgst -sha256 -hmac "$secret" -binary | base64 | tr '+/' '-_' | tr -d '=') + local signature=$(echo -n "${header_b64}.${payload_b64}" | openssl dgst -sha256 -hmac "$secret" -binary | base64 | tr '+/' '-_' | tr -d '=' | tr -d '\n') echo "${header_b64}.${payload_b64}.${signature}" } +# Function to update a variable in .env file using awk (more robust than sed) +update_env_var() { + local var_name=$1 + local var_value=$2 + local env_file=".env" + + # Create temp file + local tmp_file=$(mktemp) + + # Use awk to replace the line + awk -v name="$var_name" -v value="$var_value" ' + BEGIN { FS="="; OFS="=" } + $1 == name { print name, value; next } + { print } + ' "$env_file" > "$tmp_file" + + # Move temp file to .env + mv "$tmp_file" "$env_file" +} + # Check if .env exists if [ ! -f .env ]; then if [ -f .env.example ]; then @@ -56,10 +76,12 @@ if [ ! -f .env ]; then fi fi -# Load environment +# Load environment (handle errors gracefully) +set +e set -a -source .env +source .env 2>/dev/null set +a +set -e echo "" echo "Checking and generating secrets..." @@ -71,7 +93,7 @@ CHANGES_MADE=false # Generate POSTGRES_PASSWORD if not set or is placeholder if [ -z "$POSTGRES_PASSWORD" ] || [[ "$POSTGRES_PASSWORD" == *"CHANGE_ME"* ]] || [[ "$POSTGRES_PASSWORD" == *"change-this"* ]]; then NEW_POSTGRES_PASSWORD=$(generate_secret 32) - sed -i.bak "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$NEW_POSTGRES_PASSWORD|" .env + update_env_var "POSTGRES_PASSWORD" "$NEW_POSTGRES_PASSWORD" POSTGRES_PASSWORD=$NEW_POSTGRES_PASSWORD echo -e "${GREEN}[Generated]${NC} POSTGRES_PASSWORD" CHANGES_MADE=true @@ -82,7 +104,7 @@ fi # Generate JWT_SECRET if not set or is placeholder if [ -z "$JWT_SECRET" ] || [[ "$JWT_SECRET" == *"CHANGE_ME"* ]] || [[ "$JWT_SECRET" == *"generate"* ]]; then NEW_JWT_SECRET=$(generate_secret 32) - sed -i.bak "s|^JWT_SECRET=.*|JWT_SECRET=$NEW_JWT_SECRET|" .env + update_env_var "JWT_SECRET" "$NEW_JWT_SECRET" JWT_SECRET=$NEW_JWT_SECRET echo -e "${GREEN}[Generated]${NC} JWT_SECRET" CHANGES_MADE=true @@ -93,7 +115,7 @@ fi # Generate SECRET_KEY_BASE if not set or is placeholder if [ -z "$SECRET_KEY_BASE" ] || [[ "$SECRET_KEY_BASE" == *"CHANGE_ME"* ]] || [[ "$SECRET_KEY_BASE" == *"generate"* ]]; then NEW_SECRET_KEY_BASE=$(generate_secret 64) - sed -i.bak "s|^SECRET_KEY_BASE=.*|SECRET_KEY_BASE=$NEW_SECRET_KEY_BASE|" .env + update_env_var "SECRET_KEY_BASE" "$NEW_SECRET_KEY_BASE" SECRET_KEY_BASE=$NEW_SECRET_KEY_BASE echo -e "${GREEN}[Generated]${NC} SECRET_KEY_BASE" CHANGES_MADE=true @@ -104,7 +126,7 @@ fi # Generate ANON_KEY if not set or is placeholder if [ -z "$ANON_KEY" ] || [[ "$ANON_KEY" == *"CHANGE_ME"* ]] || [[ "$ANON_KEY" == *"your-"* ]]; then NEW_ANON_KEY=$(generate_jwt "anon" "$JWT_SECRET") - sed -i.bak "s|^ANON_KEY=.*|ANON_KEY=$NEW_ANON_KEY|" .env + update_env_var "ANON_KEY" "$NEW_ANON_KEY" ANON_KEY=$NEW_ANON_KEY echo -e "${GREEN}[Generated]${NC} ANON_KEY (JWT with role=anon)" CHANGES_MADE=true @@ -115,7 +137,7 @@ fi # Generate SERVICE_ROLE_KEY if not set or is placeholder if [ -z "$SERVICE_ROLE_KEY" ] || [[ "$SERVICE_ROLE_KEY" == *"CHANGE_ME"* ]] || [[ "$SERVICE_ROLE_KEY" == *"your-"* ]]; then NEW_SERVICE_ROLE_KEY=$(generate_jwt "service_role" "$JWT_SECRET") - sed -i.bak "s|^SERVICE_ROLE_KEY=.*|SERVICE_ROLE_KEY=$NEW_SERVICE_ROLE_KEY|" .env + update_env_var "SERVICE_ROLE_KEY" "$NEW_SERVICE_ROLE_KEY" SERVICE_ROLE_KEY=$NEW_SERVICE_ROLE_KEY echo -e "${GREEN}[Generated]${NC} SERVICE_ROLE_KEY (JWT with role=service_role)" CHANGES_MADE=true @@ -125,21 +147,20 @@ fi # Also update PUBLIC_SUPABASE_ANON_KEY and SUPABASE_SERVICE_ROLE_KEY if they exist if grep -q "^PUBLIC_SUPABASE_ANON_KEY=" .env; then - sed -i.bak "s|^PUBLIC_SUPABASE_ANON_KEY=.*|PUBLIC_SUPABASE_ANON_KEY=$ANON_KEY|" .env + update_env_var "PUBLIC_SUPABASE_ANON_KEY" "\${ANON_KEY}" fi if grep -q "^SUPABASE_SERVICE_ROLE_KEY=" .env; then - sed -i.bak "s|^SUPABASE_SERVICE_ROLE_KEY=.*|SUPABASE_SERVICE_ROLE_KEY=$SERVICE_ROLE_KEY|" .env + update_env_var "SUPABASE_SERVICE_ROLE_KEY" "\${SERVICE_ROLE_KEY}" fi -# Clean up backup files -rm -f .env.bak - echo "" # Reload environment after changes +set +e set -a -source .env +source .env 2>/dev/null set +a +set -e # Validate required variables echo "Validating required variables..." @@ -177,7 +198,6 @@ echo "" # Check for optional but recommended variables OPTIONAL_VARS=( - "ACME_EMAIL" "SMTP_HOST" "SMTP_USER" ) @@ -201,10 +221,14 @@ if [ ! -f kong.yml.template ]; then exit 1 fi -# Use sed to replace placeholders -sed -e "s|__ANON_KEY__|$ANON_KEY|g" \ - -e "s|__SERVICE_ROLE_KEY__|$SERVICE_ROLE_KEY|g" \ - kong.yml.template > kong.yml +# Use awk to replace placeholders (more robust than sed for complex strings) +awk -v anon_key="$ANON_KEY" -v service_key="$SERVICE_ROLE_KEY" ' +{ + gsub(/__ANON_KEY__/, anon_key) + gsub(/__SERVICE_ROLE_KEY__/, service_key) + print +} +' kong.yml.template > kong.yml echo -e "${GREEN}Generated kong.yml with API keys.${NC}" echo ""