Fix setup.sh: use awk instead of sed for robustness
Build and Push Docker Image / build (push) Successful in 1m53s
Details
Build and Push Docker Image / build (push) Successful in 1m53s
Details
- Use openssl rand -hex for secrets (no special chars) - Use awk instead of sed for .env updates (handles any chars) - Use awk for kong.yml generation (handles JWT tokens) - Suppress source errors for malformed .env Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
4f4d0dd42e
commit
35f9beabc6
|
|
@ -17,10 +17,10 @@ GREEN='\033[0;32m'
|
|||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# Function to generate random string
|
||||
# Function to generate random string (alphanumeric only to avoid sed issues)
|
||||
generate_secret() {
|
||||
local length=${1:-32}
|
||||
openssl rand -base64 $length | tr -d '\n'
|
||||
openssl rand -hex $length | head -c $length
|
||||
}
|
||||
|
||||
# Function to generate JWT token
|
||||
|
|
@ -30,19 +30,39 @@ generate_jwt() {
|
|||
|
||||
# JWT Header (base64url encoded)
|
||||
local header='{"alg":"HS256","typ":"JWT"}'
|
||||
local header_b64=$(echo -n "$header" | base64 | tr '+/' '-_' | tr -d '=')
|
||||
local header_b64=$(echo -n "$header" | base64 | tr '+/' '-_' | tr -d '=' | tr -d '\n')
|
||||
|
||||
# JWT Payload - 100 years expiry
|
||||
local exp=$(($(date +%s) + 3153600000))
|
||||
local payload="{\"role\":\"$role\",\"iss\":\"supabase\",\"iat\":$(date +%s),\"exp\":$exp}"
|
||||
local payload_b64=$(echo -n "$payload" | base64 | tr '+/' '-_' | tr -d '=')
|
||||
local payload_b64=$(echo -n "$payload" | base64 | tr '+/' '-_' | tr -d '=' | tr -d '\n')
|
||||
|
||||
# Create signature
|
||||
local signature=$(echo -n "${header_b64}.${payload_b64}" | openssl dgst -sha256 -hmac "$secret" -binary | base64 | tr '+/' '-_' | tr -d '=')
|
||||
local signature=$(echo -n "${header_b64}.${payload_b64}" | openssl dgst -sha256 -hmac "$secret" -binary | base64 | tr '+/' '-_' | tr -d '=' | tr -d '\n')
|
||||
|
||||
echo "${header_b64}.${payload_b64}.${signature}"
|
||||
}
|
||||
|
||||
# Function to update a variable in .env file using awk (more robust than sed)
|
||||
update_env_var() {
|
||||
local var_name=$1
|
||||
local var_value=$2
|
||||
local env_file=".env"
|
||||
|
||||
# Create temp file
|
||||
local tmp_file=$(mktemp)
|
||||
|
||||
# Use awk to replace the line
|
||||
awk -v name="$var_name" -v value="$var_value" '
|
||||
BEGIN { FS="="; OFS="=" }
|
||||
$1 == name { print name, value; next }
|
||||
{ print }
|
||||
' "$env_file" > "$tmp_file"
|
||||
|
||||
# Move temp file to .env
|
||||
mv "$tmp_file" "$env_file"
|
||||
}
|
||||
|
||||
# Check if .env exists
|
||||
if [ ! -f .env ]; then
|
||||
if [ -f .env.example ]; then
|
||||
|
|
@ -56,10 +76,12 @@ if [ ! -f .env ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
# Load environment
|
||||
# Load environment (handle errors gracefully)
|
||||
set +e
|
||||
set -a
|
||||
source .env
|
||||
source .env 2>/dev/null
|
||||
set +a
|
||||
set -e
|
||||
|
||||
echo ""
|
||||
echo "Checking and generating secrets..."
|
||||
|
|
@ -71,7 +93,7 @@ CHANGES_MADE=false
|
|||
# Generate POSTGRES_PASSWORD if not set or is placeholder
|
||||
if [ -z "$POSTGRES_PASSWORD" ] || [[ "$POSTGRES_PASSWORD" == *"CHANGE_ME"* ]] || [[ "$POSTGRES_PASSWORD" == *"change-this"* ]]; then
|
||||
NEW_POSTGRES_PASSWORD=$(generate_secret 32)
|
||||
sed -i.bak "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$NEW_POSTGRES_PASSWORD|" .env
|
||||
update_env_var "POSTGRES_PASSWORD" "$NEW_POSTGRES_PASSWORD"
|
||||
POSTGRES_PASSWORD=$NEW_POSTGRES_PASSWORD
|
||||
echo -e "${GREEN}[Generated]${NC} POSTGRES_PASSWORD"
|
||||
CHANGES_MADE=true
|
||||
|
|
@ -82,7 +104,7 @@ fi
|
|||
# Generate JWT_SECRET if not set or is placeholder
|
||||
if [ -z "$JWT_SECRET" ] || [[ "$JWT_SECRET" == *"CHANGE_ME"* ]] || [[ "$JWT_SECRET" == *"generate"* ]]; then
|
||||
NEW_JWT_SECRET=$(generate_secret 32)
|
||||
sed -i.bak "s|^JWT_SECRET=.*|JWT_SECRET=$NEW_JWT_SECRET|" .env
|
||||
update_env_var "JWT_SECRET" "$NEW_JWT_SECRET"
|
||||
JWT_SECRET=$NEW_JWT_SECRET
|
||||
echo -e "${GREEN}[Generated]${NC} JWT_SECRET"
|
||||
CHANGES_MADE=true
|
||||
|
|
@ -93,7 +115,7 @@ fi
|
|||
# Generate SECRET_KEY_BASE if not set or is placeholder
|
||||
if [ -z "$SECRET_KEY_BASE" ] || [[ "$SECRET_KEY_BASE" == *"CHANGE_ME"* ]] || [[ "$SECRET_KEY_BASE" == *"generate"* ]]; then
|
||||
NEW_SECRET_KEY_BASE=$(generate_secret 64)
|
||||
sed -i.bak "s|^SECRET_KEY_BASE=.*|SECRET_KEY_BASE=$NEW_SECRET_KEY_BASE|" .env
|
||||
update_env_var "SECRET_KEY_BASE" "$NEW_SECRET_KEY_BASE"
|
||||
SECRET_KEY_BASE=$NEW_SECRET_KEY_BASE
|
||||
echo -e "${GREEN}[Generated]${NC} SECRET_KEY_BASE"
|
||||
CHANGES_MADE=true
|
||||
|
|
@ -104,7 +126,7 @@ fi
|
|||
# Generate ANON_KEY if not set or is placeholder
|
||||
if [ -z "$ANON_KEY" ] || [[ "$ANON_KEY" == *"CHANGE_ME"* ]] || [[ "$ANON_KEY" == *"your-"* ]]; then
|
||||
NEW_ANON_KEY=$(generate_jwt "anon" "$JWT_SECRET")
|
||||
sed -i.bak "s|^ANON_KEY=.*|ANON_KEY=$NEW_ANON_KEY|" .env
|
||||
update_env_var "ANON_KEY" "$NEW_ANON_KEY"
|
||||
ANON_KEY=$NEW_ANON_KEY
|
||||
echo -e "${GREEN}[Generated]${NC} ANON_KEY (JWT with role=anon)"
|
||||
CHANGES_MADE=true
|
||||
|
|
@ -115,7 +137,7 @@ fi
|
|||
# Generate SERVICE_ROLE_KEY if not set or is placeholder
|
||||
if [ -z "$SERVICE_ROLE_KEY" ] || [[ "$SERVICE_ROLE_KEY" == *"CHANGE_ME"* ]] || [[ "$SERVICE_ROLE_KEY" == *"your-"* ]]; then
|
||||
NEW_SERVICE_ROLE_KEY=$(generate_jwt "service_role" "$JWT_SECRET")
|
||||
sed -i.bak "s|^SERVICE_ROLE_KEY=.*|SERVICE_ROLE_KEY=$NEW_SERVICE_ROLE_KEY|" .env
|
||||
update_env_var "SERVICE_ROLE_KEY" "$NEW_SERVICE_ROLE_KEY"
|
||||
SERVICE_ROLE_KEY=$NEW_SERVICE_ROLE_KEY
|
||||
echo -e "${GREEN}[Generated]${NC} SERVICE_ROLE_KEY (JWT with role=service_role)"
|
||||
CHANGES_MADE=true
|
||||
|
|
@ -125,21 +147,20 @@ fi
|
|||
|
||||
# Also update PUBLIC_SUPABASE_ANON_KEY and SUPABASE_SERVICE_ROLE_KEY if they exist
|
||||
if grep -q "^PUBLIC_SUPABASE_ANON_KEY=" .env; then
|
||||
sed -i.bak "s|^PUBLIC_SUPABASE_ANON_KEY=.*|PUBLIC_SUPABASE_ANON_KEY=$ANON_KEY|" .env
|
||||
update_env_var "PUBLIC_SUPABASE_ANON_KEY" "\${ANON_KEY}"
|
||||
fi
|
||||
if grep -q "^SUPABASE_SERVICE_ROLE_KEY=" .env; then
|
||||
sed -i.bak "s|^SUPABASE_SERVICE_ROLE_KEY=.*|SUPABASE_SERVICE_ROLE_KEY=$SERVICE_ROLE_KEY|" .env
|
||||
update_env_var "SUPABASE_SERVICE_ROLE_KEY" "\${SERVICE_ROLE_KEY}"
|
||||
fi
|
||||
|
||||
# Clean up backup files
|
||||
rm -f .env.bak
|
||||
|
||||
echo ""
|
||||
|
||||
# Reload environment after changes
|
||||
set +e
|
||||
set -a
|
||||
source .env
|
||||
source .env 2>/dev/null
|
||||
set +a
|
||||
set -e
|
||||
|
||||
# Validate required variables
|
||||
echo "Validating required variables..."
|
||||
|
|
@ -177,7 +198,6 @@ echo ""
|
|||
|
||||
# Check for optional but recommended variables
|
||||
OPTIONAL_VARS=(
|
||||
"ACME_EMAIL"
|
||||
"SMTP_HOST"
|
||||
"SMTP_USER"
|
||||
)
|
||||
|
|
@ -201,10 +221,14 @@ if [ ! -f kong.yml.template ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
# Use sed to replace placeholders
|
||||
sed -e "s|__ANON_KEY__|$ANON_KEY|g" \
|
||||
-e "s|__SERVICE_ROLE_KEY__|$SERVICE_ROLE_KEY|g" \
|
||||
kong.yml.template > kong.yml
|
||||
# Use awk to replace placeholders (more robust than sed for complex strings)
|
||||
awk -v anon_key="$ANON_KEY" -v service_key="$SERVICE_ROLE_KEY" '
|
||||
{
|
||||
gsub(/__ANON_KEY__/, anon_key)
|
||||
gsub(/__SERVICE_ROLE_KEY__/, service_key)
|
||||
print
|
||||
}
|
||||
' kong.yml.template > kong.yml
|
||||
|
||||
echo -e "${GREEN}Generated kong.yml with API keys.${NC}"
|
||||
echo ""
|
||||
|
|
|
|||
Loading…
Reference in New Issue