235 lines
7.1 KiB
Bash
235 lines
7.1 KiB
Bash
#!/bin/bash
|
|
# Monaco USA Portal - Production Setup Script
|
|
# This script prepares the deployment environment by:
|
|
# 1. Generating missing secrets in .env
|
|
# 2. Generating kong.yml from template with actual API keys
|
|
# 3. Validating the configuration
|
|
set -e
|
|
|
|
echo "========================================"
|
|
echo "Monaco USA Portal - Production Setup"
|
|
echo "========================================"
|
|
echo ""
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Function to generate random string
|
|
generate_secret() {
|
|
local length=${1:-32}
|
|
openssl rand -base64 $length | tr -d '\n'
|
|
}
|
|
|
|
# Function to generate JWT token
|
|
generate_jwt() {
|
|
local role=$1
|
|
local secret=$2
|
|
|
|
# JWT Header (base64url encoded)
|
|
local header='{"alg":"HS256","typ":"JWT"}'
|
|
local header_b64=$(echo -n "$header" | base64 | tr '+/' '-_' | tr -d '=')
|
|
|
|
# JWT Payload - 100 years expiry
|
|
local exp=$(($(date +%s) + 3153600000))
|
|
local payload="{\"role\":\"$role\",\"iss\":\"supabase\",\"iat\":$(date +%s),\"exp\":$exp}"
|
|
local payload_b64=$(echo -n "$payload" | base64 | tr '+/' '-_' | tr -d '=')
|
|
|
|
# Create signature
|
|
local signature=$(echo -n "${header_b64}.${payload_b64}" | openssl dgst -sha256 -hmac "$secret" -binary | base64 | tr '+/' '-_' | tr -d '=')
|
|
|
|
echo "${header_b64}.${payload_b64}.${signature}"
|
|
}
|
|
|
|
# Check if .env exists
|
|
if [ ! -f .env ]; then
|
|
if [ -f .env.example ]; then
|
|
echo -e "${YELLOW}No .env file found. Creating from .env.example...${NC}"
|
|
cp .env.example .env
|
|
echo -e "${GREEN}Created .env from template.${NC}"
|
|
else
|
|
echo -e "${RED}Error: No .env or .env.example file found.${NC}"
|
|
echo "Please create a .env file with your configuration."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Load environment
|
|
set -a
|
|
source .env
|
|
set +a
|
|
|
|
echo ""
|
|
echo "Checking and generating secrets..."
|
|
echo ""
|
|
|
|
# Track if we made changes
|
|
CHANGES_MADE=false
|
|
|
|
# Generate POSTGRES_PASSWORD if not set or is placeholder
|
|
if [ -z "$POSTGRES_PASSWORD" ] || [[ "$POSTGRES_PASSWORD" == *"CHANGE_ME"* ]] || [[ "$POSTGRES_PASSWORD" == *"change-this"* ]]; then
|
|
NEW_POSTGRES_PASSWORD=$(generate_secret 32)
|
|
sed -i.bak "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=$NEW_POSTGRES_PASSWORD|" .env
|
|
POSTGRES_PASSWORD=$NEW_POSTGRES_PASSWORD
|
|
echo -e "${GREEN}[Generated]${NC} POSTGRES_PASSWORD"
|
|
CHANGES_MADE=true
|
|
else
|
|
echo -e "[OK] POSTGRES_PASSWORD is set"
|
|
fi
|
|
|
|
# Generate JWT_SECRET if not set or is placeholder
|
|
if [ -z "$JWT_SECRET" ] || [[ "$JWT_SECRET" == *"CHANGE_ME"* ]] || [[ "$JWT_SECRET" == *"generate"* ]]; then
|
|
NEW_JWT_SECRET=$(generate_secret 32)
|
|
sed -i.bak "s|^JWT_SECRET=.*|JWT_SECRET=$NEW_JWT_SECRET|" .env
|
|
JWT_SECRET=$NEW_JWT_SECRET
|
|
echo -e "${GREEN}[Generated]${NC} JWT_SECRET"
|
|
CHANGES_MADE=true
|
|
else
|
|
echo -e "[OK] JWT_SECRET is set"
|
|
fi
|
|
|
|
# Generate SECRET_KEY_BASE if not set or is placeholder
|
|
if [ -z "$SECRET_KEY_BASE" ] || [[ "$SECRET_KEY_BASE" == *"CHANGE_ME"* ]] || [[ "$SECRET_KEY_BASE" == *"generate"* ]]; then
|
|
NEW_SECRET_KEY_BASE=$(generate_secret 64)
|
|
sed -i.bak "s|^SECRET_KEY_BASE=.*|SECRET_KEY_BASE=$NEW_SECRET_KEY_BASE|" .env
|
|
SECRET_KEY_BASE=$NEW_SECRET_KEY_BASE
|
|
echo -e "${GREEN}[Generated]${NC} SECRET_KEY_BASE"
|
|
CHANGES_MADE=true
|
|
else
|
|
echo -e "[OK] SECRET_KEY_BASE is set"
|
|
fi
|
|
|
|
# Generate ANON_KEY if not set or is placeholder
|
|
if [ -z "$ANON_KEY" ] || [[ "$ANON_KEY" == *"CHANGE_ME"* ]] || [[ "$ANON_KEY" == *"your-"* ]]; then
|
|
NEW_ANON_KEY=$(generate_jwt "anon" "$JWT_SECRET")
|
|
sed -i.bak "s|^ANON_KEY=.*|ANON_KEY=$NEW_ANON_KEY|" .env
|
|
ANON_KEY=$NEW_ANON_KEY
|
|
echo -e "${GREEN}[Generated]${NC} ANON_KEY (JWT with role=anon)"
|
|
CHANGES_MADE=true
|
|
else
|
|
echo -e "[OK] ANON_KEY is set"
|
|
fi
|
|
|
|
# Generate SERVICE_ROLE_KEY if not set or is placeholder
|
|
if [ -z "$SERVICE_ROLE_KEY" ] || [[ "$SERVICE_ROLE_KEY" == *"CHANGE_ME"* ]] || [[ "$SERVICE_ROLE_KEY" == *"your-"* ]]; then
|
|
NEW_SERVICE_ROLE_KEY=$(generate_jwt "service_role" "$JWT_SECRET")
|
|
sed -i.bak "s|^SERVICE_ROLE_KEY=.*|SERVICE_ROLE_KEY=$NEW_SERVICE_ROLE_KEY|" .env
|
|
SERVICE_ROLE_KEY=$NEW_SERVICE_ROLE_KEY
|
|
echo -e "${GREEN}[Generated]${NC} SERVICE_ROLE_KEY (JWT with role=service_role)"
|
|
CHANGES_MADE=true
|
|
else
|
|
echo -e "[OK] SERVICE_ROLE_KEY is set"
|
|
fi
|
|
|
|
# Also update PUBLIC_SUPABASE_ANON_KEY and SUPABASE_SERVICE_ROLE_KEY if they exist
|
|
if grep -q "^PUBLIC_SUPABASE_ANON_KEY=" .env; then
|
|
sed -i.bak "s|^PUBLIC_SUPABASE_ANON_KEY=.*|PUBLIC_SUPABASE_ANON_KEY=$ANON_KEY|" .env
|
|
fi
|
|
if grep -q "^SUPABASE_SERVICE_ROLE_KEY=" .env; then
|
|
sed -i.bak "s|^SUPABASE_SERVICE_ROLE_KEY=.*|SUPABASE_SERVICE_ROLE_KEY=$SERVICE_ROLE_KEY|" .env
|
|
fi
|
|
|
|
# Clean up backup files
|
|
rm -f .env.bak
|
|
|
|
echo ""
|
|
|
|
# Reload environment after changes
|
|
set -a
|
|
source .env
|
|
set +a
|
|
|
|
# Validate required variables
|
|
echo "Validating required variables..."
|
|
REQUIRED_VARS=(
|
|
"DOMAIN"
|
|
"POSTGRES_USER"
|
|
"POSTGRES_PASSWORD"
|
|
"POSTGRES_DB"
|
|
"JWT_SECRET"
|
|
"ANON_KEY"
|
|
"SERVICE_ROLE_KEY"
|
|
"SECRET_KEY_BASE"
|
|
)
|
|
|
|
MISSING_VARS=()
|
|
for var in "${REQUIRED_VARS[@]}"; do
|
|
if [ -z "${!var}" ]; then
|
|
MISSING_VARS+=("$var")
|
|
fi
|
|
done
|
|
|
|
if [ ${#MISSING_VARS[@]} -ne 0 ]; then
|
|
echo ""
|
|
echo -e "${RED}Error: The following required variables are not set in .env:${NC}"
|
|
for var in "${MISSING_VARS[@]}"; do
|
|
echo " - $var"
|
|
done
|
|
echo ""
|
|
echo "Please edit .env and set these values, then run this script again."
|
|
exit 1
|
|
fi
|
|
|
|
echo -e "${GREEN}All required variables are set.${NC}"
|
|
echo ""
|
|
|
|
# Check for optional but recommended variables
|
|
OPTIONAL_VARS=(
|
|
"ACME_EMAIL"
|
|
"SMTP_HOST"
|
|
"SMTP_USER"
|
|
)
|
|
|
|
echo "Checking optional variables..."
|
|
for var in "${OPTIONAL_VARS[@]}"; do
|
|
if [ -z "${!var}" ]; then
|
|
echo -e "${YELLOW}[Warning]${NC} $var is not set (optional)"
|
|
else
|
|
echo -e "[OK] $var is set"
|
|
fi
|
|
done
|
|
|
|
echo ""
|
|
|
|
# Generate kong.yml from template
|
|
echo "Generating kong.yml from template..."
|
|
|
|
if [ ! -f kong.yml.template ]; then
|
|
echo -e "${RED}Error: kong.yml.template not found.${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
# Use sed to replace placeholders
|
|
sed -e "s|__ANON_KEY__|$ANON_KEY|g" \
|
|
-e "s|__SERVICE_ROLE_KEY__|$SERVICE_ROLE_KEY|g" \
|
|
kong.yml.template > kong.yml
|
|
|
|
echo -e "${GREEN}Generated kong.yml with API keys.${NC}"
|
|
echo ""
|
|
|
|
# Summary
|
|
echo "========================================"
|
|
echo "Setup Complete!"
|
|
echo "========================================"
|
|
echo ""
|
|
if [ "$CHANGES_MADE" = true ]; then
|
|
echo -e "${YELLOW}IMPORTANT: New secrets were generated and saved to .env${NC}"
|
|
echo "Make sure to backup your .env file securely!"
|
|
echo ""
|
|
fi
|
|
echo "Next steps:"
|
|
echo " 1. Review .env and configure any remaining settings"
|
|
echo " 2. Start the services: docker compose up -d"
|
|
echo " 3. Wait for all containers to be healthy: docker compose ps"
|
|
echo " 4. Access the portal at: https://${DOMAIN:-your-domain.com}"
|
|
echo " 5. Create your admin account on first visit"
|
|
echo ""
|
|
echo "Useful commands:"
|
|
echo " docker compose ps - Check container status"
|
|
echo " docker compose logs -f - Follow all logs"
|
|
echo " docker compose logs db - Check database logs"
|
|
echo " docker compose down - Stop all services"
|
|
echo ""
|