source: server/bin/settoken @ 436abc7

918-git-images-111dconfigfileconfigure-oglivegit-imageslgromero-new-oglivemainmaint-cronmount-efivarfsmultivmmultivm-ogboot-installerogClonningEngineogboot-installer-jenkinsoglive-ipv6test-python-scriptsticket-301ticket-50ticket-50-oldticket-577ticket-585ticket-611ticket-612ticket-693ticket-700ubu24tplunification2use-local-agent-oglivevarios-instalacion
Last change on this file since 436abc7 was 8495409, checked in by Ramón M. Gómez <ramongomez@…>, 6 years ago

#925: settoken: new server script to generate service access tokens.
  • Property mode set to 100755
File size: 2.5 KB
Line 
1#!/bin/bash
2
3#/**
4#@file    settoken
5#@brief   Generate a new security token for the specified service.
6#@usage   settoken [-f] [Service]
7#@param   -f: force server restart without prompting (ask by default)
8#@param   Service: may be "server", "repo" or "both" (by default)
9#@warning This script uses "php" command.
10#@version 1.1.2 - Initial version.
11#@author  Ramón M. Gómez - ETSII Univ. Sevilla
12#@date    2019-09-25
13#*/ ##
14
15# Global constants definition.
16PROG=$(basename "$(realpath "$0")")                     # Program name.
17OPENGNSYS=/opt/opengnsys                                # OpenGnsys main directory.
18SERVERCFG=$OPENGNSYS/etc/ogAdmServer.cfg                # Configuration files.
19REPOCFG=$OPENGNSYS/etc/ogAdmRepo.cfg
20
21# Functions.
22source $OPENGNSYS/lib/ogfunctions.sh
23
24# Error control.
25[ "$USER" != "root" ] && raiseError access "Need to by root"
26if [ "$1" == "-f" ]; then
27    FORCE=1
28    shift
29fi
30[ $# -gt 1 ] && raiseError usage
31case "${1,,}" in
32    help)
33        help ;;
34    server)
35        SERVER=1 ;;
36    repo)
37        REPO=1 ;;
38    ""|both)
39        SERVER=1; REPO=1 ;;
40    *)
41        raiseError notfound "Unknown service"
42esac
43[ -w $SERVERCFG ] || raiseError access "Server configuration file"
44
45# Update server token.
46if [ "$SERVER" ]; then
47    # Confirm action (server will be restarted).
48    if [ ! "$FORCE" ]; then
49        read -rp "It will be necessary to restart ogAdmServer service. Continue? [y/N]: " ANSWER
50        [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated"
51    fi
52    APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
53    sed -i "s/^APITOKEN=.*/APITOKEN=$APIKEY/" $SERVERCFG || raiseError access "Cannot update server file"
54fi
55
56# Update repository token.
57if [ "$REPO" ]; then
58    [ -w $REPOCFG ] || raiseError access "Repository configuration file"
59    APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
60    sed -i "s/^ApiToken=.*/ApiToken=$APIKEY/" $REPOCFG || raiseError access "Cannot update repository file"
61    # If database is local, update it.
62    source $SERVERCFG
63    source $REPOCFG
64    if [ "$ServidorAdm" == "$IPlocal" ]; then
65        MYCNF=$(mktemp)
66        trap "rm -f $MYCNF" 0 1 2 3 6 9 15
67        chmod 600 $MYCNF
68        cat << EOT > $MYCNF
69[client]
70user=$USUARIO
71password=$PASSWORD
72host=$datasource
73EOT
74        mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \
75            "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access  "Database error"
76    fi
77fi
78
79# Restart server, if needed.
80if [ "$SERVER" ]; then
81    restart opengnsys
82fi
83
Note: See TracBrowser for help on using the repository browser.