feat: add env-based auth config support
This commit is contained in:
@@ -3,6 +3,97 @@ set -e
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
SERVICE_FILE="$HOME/.config/systemd/user/webterm.service"
|
||||
DEFAULT_USERNAME="izackp"
|
||||
DEFAULT_TTL_SECONDS="86400"
|
||||
UPDATE_AUTH_PASSWORD=0
|
||||
|
||||
if [ ! -f "$SERVICE_FILE" ]; then
|
||||
echo "Missing service file: $SERVICE_FILE" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
while getopts ":p" opt; do
|
||||
case "$opt" in
|
||||
p)
|
||||
UPDATE_AUTH_PASSWORD=1
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 [-p]" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift $((OPTIND - 1))
|
||||
|
||||
if [ "$UPDATE_AUTH_PASSWORD" -eq 1 ]; then
|
||||
echo "Enter password for webterm login."
|
||||
read -rsp "Password for $DEFAULT_USERNAME: " WEBTERM_PASSWORD
|
||||
echo
|
||||
if [ -z "$WEBTERM_PASSWORD" ]; then
|
||||
echo "Password cannot be empty." >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
CURRENT_SECRET="$(sed -n 's/^Environment=WEBTERM_AUTH_COOKIE_SECRET=//p' "$SERVICE_FILE" | tail -n 1)"
|
||||
if [ -z "$CURRENT_SECRET" ]; then
|
||||
CURRENT_SECRET="$(openssl rand -hex 32)"
|
||||
fi
|
||||
|
||||
if [ "$UPDATE_AUTH_PASSWORD" -eq 1 ]; then
|
||||
TMP_SERVICE="$(mktemp)"
|
||||
awk '
|
||||
BEGIN {
|
||||
skip["Environment=WEBTERM_AUTH_USERNAME"]=1
|
||||
skip["Environment=WEBTERM_AUTH_PASSWORD"]=1
|
||||
skip["Environment=WEBTERM_AUTH_COOKIE_SECRET"]=1
|
||||
skip["Environment=WEBTERM_AUTH_SESSION_TTL_SECONDS"]=1
|
||||
}
|
||||
{
|
||||
for (prefix in skip) {
|
||||
if (index($0, prefix) == 1) next
|
||||
}
|
||||
print
|
||||
}
|
||||
' "$SERVICE_FILE" > "$TMP_SERVICE"
|
||||
|
||||
python3 - "$TMP_SERVICE" "$WEBTERM_PASSWORD" "$CURRENT_SECRET" "$DEFAULT_TTL_SECONDS" <<'PYEOF'
|
||||
import sys
|
||||
from pathlib import Path
|
||||
import shlex
|
||||
|
||||
path = Path(sys.argv[1])
|
||||
username = "izackp"
|
||||
password = sys.argv[2]
|
||||
secret = sys.argv[3]
|
||||
ttl = sys.argv[4]
|
||||
|
||||
lines = path.read_text().splitlines()
|
||||
insert = [
|
||||
f"Environment=WEBTERM_AUTH_USERNAME={shlex.quote(username)}",
|
||||
f"Environment=WEBTERM_AUTH_PASSWORD={shlex.quote(password)}",
|
||||
f"Environment=WEBTERM_AUTH_COOKIE_SECRET={shlex.quote(secret)}",
|
||||
f"Environment=WEBTERM_AUTH_SESSION_TTL_SECONDS={shlex.quote(ttl)}",
|
||||
]
|
||||
|
||||
out = []
|
||||
inserted = False
|
||||
for line in lines:
|
||||
out.append(line)
|
||||
if line.strip() == "[Service]":
|
||||
out.extend(insert)
|
||||
inserted = True
|
||||
|
||||
if not inserted:
|
||||
raise SystemExit("Could not find [Service] section in webterm.service")
|
||||
|
||||
path.write_text("\n".join(out) + "\n")
|
||||
PYEOF
|
||||
|
||||
mv "$TMP_SERVICE" "$SERVICE_FILE"
|
||||
fi
|
||||
|
||||
echo "Building frontend..."
|
||||
make build
|
||||
|
||||
@@ -16,6 +107,9 @@ cp bin/webterm "$tmp_target"
|
||||
chmod +x "$tmp_target"
|
||||
mv "$tmp_target" ~/go/bin/webterm
|
||||
|
||||
echo "Reloading user systemd config..."
|
||||
systemctl --user daemon-reload
|
||||
|
||||
echo "Restarting service..."
|
||||
systemctl --user restart webterm.service
|
||||
|
||||
|
||||
Reference in New Issue
Block a user