XF/GIA
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
add685a326b9fde2949435b05772adfc88678b7f
GIA/utilities/prosody/ensure_xmpp_secret.sh
Mark Veidemanis 438e561da0 Harden security
2026-03-05 05:42:19 +00:00

59 lines
1.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
STACK_ENV="${1:-}"
if [[ -z "$STACK_ENV" ]]; then
echo "Usage: $0 /path/to/stack.env" >&2
exit 2
fi
mkdir -p "$(dirname "$STACK_ENV")"
touch "$STACK_ENV"
current_secret=""
if grep -q '^XMPP_SECRET=' "$STACK_ENV"; then
current_secret="$(grep '^XMPP_SECRET=' "$STACK_ENV" | head -n1 | cut -d= -f2- | tr -d '"' | tr -d "'" | tr -d '\r' | tr -d '\n')"
fi
if [[ -n "$current_secret" ]]; then
printf "%s" "$current_secret"
exit 0
fi
generate_secret() {
if command -v openssl >/dev/null 2>&1; then
openssl rand -base64 48 | tr -d '\n'
return 0
fi
if command -v python3 >/dev/null 2>&1; then
python3 -c 'import secrets; print(secrets.token_urlsafe(48))'
return 0
fi
head -c 48 /dev/urandom | base64 | tr -d '\n'
}
secret="$(generate_secret)"
if [[ -z "$secret" ]]; then
echo "Failed to generate XMPP_SECRET." >&2
exit 1
fi
tmp="$(mktemp)"
awk -v s="$secret" '
BEGIN { done = 0 }
/^XMPP_SECRET=/ {
if (!done) {
print "XMPP_SECRET=" s
done = 1
}
next
}
{ print }
END {
if (!done) print "XMPP_SECRET=" s
}
' "$STACK_ENV" > "$tmp"
mv "$tmp" "$STACK_ENV"
printf "%s" "$secret"
Reference in New Issue View Git Blame Copy Permalink