bubblev
/
bubble-flexrouter
4
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Bubble proxy service
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
136 Commits
1 Branch
972 KiB
 
 
Tree: ead1887532
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ead1887532'
${ noResults }
bubble-flexrouter/flex_init.sh

159 lines
4.8 KiB
Raw Blame History 

  1. #!/bin/bash

  2. #

  3. # Utility to initialize a bubble-flexrouter.

  4. #

  5. # Note: Initialization requires the `htpasswd` program to be installed, to compute the bcrypted password

  6. #

  7. # Usage:

  8. #

  9. #      flex_init.sh [-f|--force] [-b|--bcrypt] [flex-password-env-var]

  10. #

  11. #   -f or --force         : Recreate token file, password file and SSH key, even if present

  12. #

  13. #   -b or --bcrypt        : If set, this means that the contents of the flex-password-env-var

  14. #                           is a bcrypted password, not a plaintext password

  15. #

  16. #   flex-password-env-var : Name of environment variable containing password to bcrypt and write to password file

  17. #                           Default value is BUBBLE_FR_PASS, or if not set, from prompt

  18. #                           Ignored if password file already exists and -f / --force was not specified

  19. #

  20. #   The init command will create the following files:

  21. #      ${FLEX_HOME}/.bfr_pass       # the bcrypted password

  22. #      ${FLEX_HOME}/.bfr_token      # the flex router token

  23. #      ${FLEX_HOME}/.ssh/flex.pub   # the SSH public key

  24. #      ${FLEX_HOME}/.ssh/flex       # the SSH private key

  25. #

  26. # Environment variables:

  27. #

  28. #   FLEX_HOME : the base directory for files. Default is ${HOME}

  29. #

  30. SCRIPT="${0}"

  31. 

  32. function die {

  33.   echo 1>&2 "${1}"

  34.   exit 1

  35. }

  36. 

  37. function log {

  38.   echo 1>&2 "${SCRIPT} : ${1}"

  39. }

  40. 

  41. case "$(uname -a | awk '{print $1}')" in

  42.   Linux*)

  43.     if [[ -z "${BUBBLE_DIST_HOME}" ]] ; then

  44.       SHA_CMD="sha256sum"

  45.     fi

  46.     ;;

  47.   Darwin*)

  48.     SHA_CMD="shasum -a 256"

  49.     ;;

  50.   CYGWIN*)

  51.     SHA_CMD="sha256sum"

  52.     ;;

  53. esac

  54. 

  55. function rand_string() {

  56.   cat /dev/random | strings | head -c 1000 | ${SHA_CMD}

  57. }

  58. 

  59. function write_ssh_key() {

  60.   KEY_FILE="${1}"

  61.   KEY_DIR="$(dirname ${KEY_FILE})"

  62.   if [[ ! -d "${KEY_DIR}" ]] ; then

  63.     mkdir -p "${KEY_DIR}" && chmod 700 ${KEY_DIR} || die "Error creating SSH key directory: ${KEY_DIR}"

  64.   fi

  65.   ssh-keygen -t rsa  -q -N '' -C 'bubble-flexrouter' -f ${KEY_FILE} || die "Error generating SSH key: ${KEY_FILE}"

  66. }

  67. 

  68. log "Initializing flex-router"

  69. 

  70. FORCE=0

  71. DO_BCRYPT=1

  72. 

  73. while [[ ! -z "${1}" && ${1} == -* ]] ; do

  74.   if [[ ${1} == "--force" || ${1} == "-f" ]] ; then

  75.     FORCE=1

  76.     shift

  77.   elif [[ ${1} == "--bcrypt" || ${1} == "-b" ]] ; then

  78.     DO_BCRYPT=0

  79.     shift

  80.   else

  81.     die "Only allowed options are: --force / -f and --bcrypt / -b"

  82.   fi

  83. done

  84. 

  85. if [[ -z "${FLEX_HOME}" ]] ; then

  86.   FLEX_HOME="${HOME}"

  87. fi

  88. BFR_PASSWORD_FILE="${HOMEFLEX_HOME}/.bfr_pass"

  89. BFR_TOKEN_FILE="${FLEX_HOME}/.bfr_token"

  90. BFR_SSH_KEY_FILE="${FLEX_HOME}/.ssh/flex"

  91. 

  92. WRITE_PASS=0

  93. if [[ -s ${BFR_PASSWORD_FILE} ]] ; then

  94.   if [[ ${FORCE} -eq 1 ]] ; then

  95.     log "Password file exists but -f / --force was set, overwriting: ${BFR_PASSWORD_FILE}"

  96.     WRITE_PASS=1

  97.   else

  98.     log "Password file exists, not overwriting: ${BFR_PASSWORD_FILE}"

  99.   fi

  100. else

  101.   WRITE_PASS=1

  102. fi

  103. 

  104. if [[ ${WRITE_PASS} -eq 1 ]] ; then

  105.   if [[ $DO_BCRYPT -eq 1 ]] ; then

  106.     if [[ -z "$(which htpasswd)" ]] ; then

  107.       die "htpasswd command not found, cannot bcrypt password"

  108.     fi

  109.   fi

  110.   BFR_PASSWORD_VAR="${1}"

  111.   if [[ -z "${BFR_PASSWORD_VAR}" ]] ; then

  112.     BFR_PASSWORD_VAR="BUBBLE_FR_PASS"

  113.   fi

  114.   BFR_PASSWORD="${!BFR_PASSWORD_VAR}"

  115.   if [[ -z "${BFR_PASSWORD}" ]] ; then

  116.     read -sp "Bubble Flex Router Password: " BFR_PASSWORD

  117.     # trim leading and trailing whitespace

  118.     BFR_PASSWORD="$(echo -n "${BFR_PASSWORD}" | awk '{$1=$1};1')"

  119.     if [[ -z "${BFR_PASSWORD}" ]] ; then

  120.       die "No password set"

  121.     fi

  122.   fi

  123.   if [[ $DO_BCRYPT -eq 1 ]] ; then

  124.     echo "$(htpasswd -nbBC 12 USER "${BFR_PASSWORD}" | awk -F ':' '{print $2}')" > ${BFR_PASSWORD_FILE} || die "Error writing password file"

  125.   else

  126.     echo "${BFR_PASSWORD}" > ${BFR_PASSWORD_FILE} || die "Error writing password file"

  127.   fi

  128.   chmod 600 ${BFR_PASSWORD_FILE} || die "Error setting permission on password file: ${BFR_PASSWORD_FILE}"

  129.   log "Wrote bcrypted password to ${BFR_PASSWORD_FILE}"

  130. fi

  131. 

  132. if [[ -s ${BFR_TOKEN_FILE} ]] ; then

  133.   if [[ ${FORCE} -eq 0 ]] ; then

  134.     log "Token file exists, not overwriting: ${BFR_TOKEN_FILE}"

  135.   else

  136.     log "Token file exists but -f / --force was set, overwriting: ${BFR_TOKEN_FILE}"

  137.     echo "$(rand_string)" > "${BFR_TOKEN_FILE}"

  138.   fi

  139. else

  140.   log "Token file not found or empty, creating: ${BFR_TOKEN_FILE}"

  141.   echo "$(rand_string)" > "${BFR_TOKEN_FILE}"

  142. fi

  143. chmod 600 ${BFR_TOKEN_FILE} || die "Error setting permission on token file: ${BFR_TOKEN_FILE}"

  144. 

  145. if [[ -s ${BFR_SSH_KEY_FILE} ]] ; then

  146.   if [[ ${FORCE} -eq 0 ]] ; then

  147.     log "SSH key file exists, not overwriting: ${BFR_SSH_KEY_FILE}"

  148.   else

  149.     log "SSH key file exists but -f / --force was set, overwriting: ${BFR_SSH_KEY_FILE}"

  150.     rm -f ${BFR_SSH_KEY_FILE} ${BFR_SSH_KEY_FILE}.pub || die "Error removing existing key file: ${BFR_SSH_KEY_FILE} and ${BFR_SSH_KEY_FILE}.pub"

  151.     write_ssh_key ${BFR_SSH_KEY_FILE}

  152.   fi

  153. else

  154.   log "SSH key file not found or empty, creating: ${BFR_SSH_KEY_FILE}"

  155.   write_ssh_key ${BFR_SSH_KEY_FILE}

  156. fi

  157. 

  158. log "Initialization completed successfully"