diff options
author | Ramón M. Gómez <ramongomez@us.es> | 2019-09-26 11:37:49 +0200 |
---|---|---|
committer | Ramón M. Gómez <ramongomez@us.es> | 2019-09-26 11:37:49 +0200 |
commit | 84954097c4bce5b4eb700546c7b5c98c6a86a747 (patch) | |
tree | 25db2b1aa97f818ff36028ff4a3d7bcda976071a /server/bin/settoken | |
parent | 8645a4a3854dda6384ee64d9992240bb51345c3f (diff) |
#925: settoken: new server script to generate service access tokens.
Diffstat (limited to 'server/bin/settoken')
-rwxr-xr-x | server/bin/settoken | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/server/bin/settoken b/server/bin/settoken new file mode 100755 index 00000000..dd98f06a --- /dev/null +++ b/server/bin/settoken @@ -0,0 +1,83 @@ +#!/bin/bash + +#/** +#@file settoken +#@brief Generate a new security token for the specified service. +#@usage settoken [-f] [Service] +#@param -f: force server restart without prompting (ask by default) +#@param Service: may be "server", "repo" or "both" (by default) +#@warning This script uses "php" command. +#@version 1.1.2 - Initial version. +#@author Ramón M. Gómez - ETSII Univ. Sevilla +#@date 2019-09-25 +#*/ ## + +# Global constants definition. +PROG=$(basename "$(realpath "$0")") # Program name. +OPENGNSYS=/opt/opengnsys # OpenGnsys main directory. +SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg # Configuration files. +REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg + +# Functions. +source $OPENGNSYS/lib/ogfunctions.sh + +# Error control. +[ "$USER" != "root" ] && raiseError access "Need to by root" +if [ "$1" == "-f" ]; then + FORCE=1 + shift +fi +[ $# -gt 1 ] && raiseError usage +case "${1,,}" in + help) + help ;; + server) + SERVER=1 ;; + repo) + REPO=1 ;; + ""|both) + SERVER=1; REPO=1 ;; + *) + raiseError notfound "Unknown service" +esac +[ -w $SERVERCFG ] || raiseError access "Server configuration file" + +# Update server token. +if [ "$SERVER" ]; then + # Confirm action (server will be restarted). + if [ ! "$FORCE" ]; then + read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER + [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated" + fi + APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') + sed -i "s/^APITOKEN=.*/APITOKEN=$APIKEY/" $SERVERCFG || raiseError access "Cannot update server file" +fi + +# Update repository token. +if [ "$REPO" ]; then + [ -w $REPOCFG ] || raiseError access "Repository configuration file" + APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') + sed -i "s/^ApiToken=.*/ApiToken=$APIKEY/" $REPOCFG || raiseError access "Cannot update repository file" + # If database is local, update it. + source $SERVERCFG + source $REPOCFG + if [ "$ServidorAdm" == "$IPlocal" ]; then + MYCNF=$(mktemp) + trap "rm -f $MYCNF" 0 1 2 3 6 9 15 + chmod 600 $MYCNF + cat << EOT > $MYCNF +[client] +user=$USUARIO +password=$PASSWORD +host=$datasource +EOT + mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \ + "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access "Database error" + fi +fi + +# Restart server, if needed. +if [ "$SERVER" ]; then + restart opengnsys +fi + |