fureunoir/schon
fureunoir/schon
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
schon/scripts/Unix/generate-environment-file.sh
Egor fureunoir Gorbunov adec5503b2 feat(core/auth): enable encryption for sensitive fields and token handling 
Add encryption for user PII fields (phone number, name, attributes) and address fields to enhance data security. Introduced timestamped activation tokens for improved validation. Included migrations to encrypt existing plaintext data.

Refactored GraphQL settings to limit query depth and optionally disable introspection for enhanced API defense. Implemented throttling to safeguard API rates.

Improved Dockerfiles for better user management and restored media migration tools for smooth instance upgrades.
2026-03-02 00:11:57 +03:00

149 lines
4.9 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
source ./scripts/Unix/starter.sh
get_random_hex() {
hexdump -v -e '/1 "%02x"' -n "$1" /dev/urandom
}
prompt_default() {
local response=""
if [ -t 0 ]; then
read -r -p "Enter $1 [$2]: " response </dev/tty || response=""
fi
if [ -z "${response//[[:space:]]/}" ]; then
printf '%s\n' "$2"
else
printf '%s\n' "$response"
fi
}
prompt_autogen() {
local response=""
if [ -t 0 ]; then
read -r -p "Enter $1 (leave blank to auto-generate): " response </dev/tty || response=""
fi
if [ -z "${response//[[:space:]]/}" ]; then
get_random_hex "$2"
else
printf '%s\n' "$response"
fi
}
if [ -f .env ]; then
echo ".env already exists and will be overwritten." >&2
if [ -t 0 ]; then
printf "Press Enter to continue or Ctrl+C to abort: "
read -r _ </dev/tty || true
else
echo "Non-interactive session detected; proceeding without prompt." >&2
fi
fi
SCHON_PROJECT_NAME=$(prompt_default SCHON_PROJECT_NAME Schon)
SCHON_STOREFRONT_DOMAIN=$(prompt_default SCHON_STOREFRONT_DOMAIN schon.wiseless.xyz)
SCHON_BASE_DOMAIN=$(prompt_default SCHON_BASE_DOMAIN schon.wiseless.xyz)
SENTRY_DSN=$(prompt_default SENTRY_DSN "")
DEBUG=$(prompt_default DEBUG 1)
TIME_ZONE=$(prompt_default TIME_ZONE "Europe/London")
SCHON_LANGUAGE_CODE=$(prompt_default SCHON_LANGUAGE_CODE "en-gb")
SECRET_KEY=$(prompt_autogen SECRET_KEY 32)
JWT_SIGNING_KEY=$(prompt_autogen JWT_SIGNING_KEY 64)
SALT_KEY=$(prompt_autogen SALT_KEY 32)
ALLOWED_HOSTS=$(prompt_default ALLOWED_HOSTS "schon.wiseless.xyz api.schon.wiseless.xyz")
CSRF_TRUSTED_ORIGINS=$(prompt_default CSRF_TRUSTED_ORIGINS "https://schon.wiseless.xyz https://api.schon.wiseless.xyz https://www.schon.wiseless.xyz")
CORS_ALLOWED_ORIGINS=$(prompt_default CORS_ALLOWED_ORIGINS "$CSRF_TRUSTED_ORIGINS")
POSTGRES_DB=$(prompt_default POSTGRES_DB schon)
POSTGRES_USER=$(prompt_default POSTGRES_USER schon_user)
POSTGRES_PASSWORD=$(prompt_autogen POSTGRES_PASSWORD 16)
DBBACKUP_TYPE=$(prompt_default DBBACKUP_TYPE "Your backup connection type")
DBBACKUP_HOST=$(prompt_default DBBACKUP_HOST "Your SFTP backup host")
DBBACKUP_USER=$(prompt_default DBBACKUP_USER "The username to use to log in to that host")
DBBACKUP_PASS=$(prompt_default DBBACKUP_PASS "The password to use to log in to that host")
ELASTIC_PASSWORD=$(prompt_autogen ELASTIC_PASSWORD 16)
REDIS_PASSWORD=$(prompt_autogen REDIS_PASSWORD 16)
PROMETHEUS_USER=$(prompt_default PROMETHEUS_USER schon)
PROMETHEUS_PASSWORD=$(prompt_autogen PROMETHEUS_PASSWORD 16)
EMAIL_BACKEND=$(prompt_default EMAIL_BACKEND django.core.mail.backends.smtp.EmailBackend)
EMAIL_HOST=$(prompt_default EMAIL_HOST smtp.whatever.schon.wiseless.xyz)
EMAIL_PORT=$(prompt_default EMAIL_PORT 465)
EMAIL_USE_TLS=$(prompt_default EMAIL_USE_TLS 0)
EMAIL_USE_SSL=$(prompt_default EMAIL_USE_SSL 1)
EMAIL_HOST_USER=$(prompt_default EMAIL_HOST_USER your-email-user@whatever.schon.wiseless.xyz)
EMAIL_FROM=$EMAIL_HOST_USER
EMAIL_HOST_PASSWORD=$(prompt_default EMAIL_HOST_PASSWORD SUPERSECRETEMAILHOSTPASSWORD)
COMPANY_NAME=$(prompt_default COMPANY_NAME "Schon, Inc.")
COMPANY_PHONE_NUMBER=$(prompt_default COMPANY_PHONE_NUMBER "+888888888888")
COMPANY_ADDRESS=$(prompt_default COMPANY_ADDRESS "The place that does not exist")
OPENAI_API_KEY=$(prompt_default OPENAI_API_KEY "Haha, really?")
ABSTRACT_API_KEY=$(prompt_default ABSTRACT_API_KEY "Haha, really? x2")
DEEPL_AUTH_KEY=$(prompt_default DEEPL_AUTH_KEY "Haha, really? x3")
cat > .env <<EOF
SCHON_PROJECT_NAME="${SCHON_PROJECT_NAME}"
SCHON_STOREFRONT_DOMAIN="${SCHON_STOREFRONT_DOMAIN}"
SCHON_BASE_DOMAIN="${SCHON_BASE_DOMAIN}"
SENTRY_DSN="${SENTRY_DSN}"
DEBUG=${DEBUG}
TIME_ZONE="${TIME_ZONE}"
SCHON_LANGUAGE_CODE="${SCHON_LANGUAGE_CODE}"
SECRET_KEY="${SECRET_KEY}"
JWT_SIGNING_KEY="${JWT_SIGNING_KEY}"
SALT_KEY="${SALT_KEY}"
ALLOWED_HOSTS="${ALLOWED_HOSTS}"
CSRF_TRUSTED_ORIGINS="${CSRF_TRUSTED_ORIGINS}"
CORS_ALLOWED_ORIGINS="${CORS_ALLOWED_ORIGINS}"
POSTGRES_DB="${POSTGRES_DB}"
POSTGRES_USER="${POSTGRES_USER}"
POSTGRES_PASSWORD="${POSTGRES_PASSWORD}"
DBBACKUP_TYPE="${DBBACKUP_TYPE}"
DBBACKUP_HOST="${DBBACKUP_HOST}"
DBBACKUP_USER="${DBBACKUP_USER}"
DBBACKUP_PASS="${DBBACKUP_PASS}"
ELASTIC_PASSWORD="${ELASTIC_PASSWORD}"
REDIS_PASSWORD="${REDIS_PASSWORD}"
CELERY_BROKER_URL="redis://:${REDIS_PASSWORD}@redis:6379/0"
CELERY_RESULT_BACKEND="redis://:${REDIS_PASSWORD}@redis:6379/0"
PROMETHEUS_USER="${PROMETHEUS_USER}"
PROMETHEUS_PASSWORD="${PROMETHEUS_PASSWORD}"
EMAIL_BACKEND="${EMAIL_BACKEND}"
EMAIL_HOST="${EMAIL_HOST}"
EMAIL_PORT="${EMAIL_PORT}"
EMAIL_USE_TLS=${EMAIL_USE_TLS}
EMAIL_USE_SSL=${EMAIL_USE_SSL}
EMAIL_HOST_USER="${EMAIL_HOST_USER}"
EMAIL_HOST_PASSWORD="${EMAIL_HOST_PASSWORD}"
EMAIL_FROM="${EMAIL_FROM}"
COMPANY_NAME="${COMPANY_NAME}"
COMPANY_PHONE_NUMBER="${COMPANY_PHONE_NUMBER}"
COMPANY_ADDRESS="${COMPANY_ADDRESS}"
OPENAI_API_KEY="${OPENAI_API_KEY}"
ABSTRACT_API_KEY="${ABSTRACT_API_KEY}"
DEEPL_AUTH_KEY="${DEEPL_AUTH_KEY}"
EOF
echo ".env file generated with fresh values."
Reference in a new issue View git blame Copy permalink