fureunoir/schon
fureunoir/schon
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
schon/scripts/Windows/generate-environment-file.ps1
Egor fureunoir Gorbunov adec5503b2 feat(core/auth): enable encryption for sensitive fields and token handling 
Add encryption for user PII fields (phone number, name, attributes) and address fields to enhance data security. Introduced timestamped activation tokens for improved validation. Included migrations to encrypt existing plaintext data.

Refactored GraphQL settings to limit query depth and optionally disable introspection for enhanced API defense. Implemented throttling to safeguard API rates.

Improved Dockerfiles for better user management and restored media migration tools for smooth instance upgrades.
2026-03-02 00:11:57 +03:00

157 lines
6 KiB
PowerShell
Raw Blame History

Set-StrictMode -Version Latest
$ErrorActionPreference = 'Stop'
.\scripts\Windows\starter.ps1
if ($LASTEXITCODE -ne 0) {
exit $LASTEXITCODE
}
function Get-RandomHex
{
param([int]$Bytes)
$rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$buffer = New-Object byte[] $Bytes
$rng.GetBytes($buffer)
-join ($buffer | ForEach-Object { $_.ToString('x2') })
}
function Prompt-Default
{
param(
[string]$Name,
[string]$Default
)
$response = Read-Host "Enter $Name [$Default]"
if ( [string]::IsNullOrWhiteSpace($response))
{
return $Default
}
return $response
}
function Prompt-AutoGen
{
param(
[string]$Name,
[int]$Bytes
)
$response = Read-Host "Enter $Name (leave blank to auto-generate)"
if ( [string]::IsNullOrWhiteSpace($response))
{
return Get-RandomHex $Bytes
}
return $response
}
if (Test-Path '.env')
{
Write-Warning ".env already exists and will be overwritten."
Read-Host "Press Enter to continue or Ctrl+C to abort"
}
$SCHON_PROJECT_NAME = Prompt-Default 'SCHON_PROJECT_NAME' 'Schon'
$SCHON_STOREFRONT_DOMAIN = Prompt-Default 'SCHON_STOREFRONT_DOMAIN' 'schon.wiseless.xyz'
$SCHON_BASE_DOMAIN = Prompt-Default 'SCHON_BASE_DOMAIN' 'schon.wiseless.xyz'
$SENTRY_DSN = Prompt-Default 'SENTRY_DSN' ''
$DEBUG = Prompt-Default 'DEBUG' '1'
$TIME_ZONE = Prompt-Default 'TIME_ZONE' 'Europe/London'
$SCHON_LANGUAGE_CODE = Prompt-Default 'SCHON_LANGUAGE_CODE' 'en-gb'
$SECRET_KEY = Prompt-AutoGen 'SECRET_KEY' 32
$JWT_SIGNING_KEY = Prompt-AutoGen 'JWT_SIGNING_KEY' 64
$SALT_KEY = Prompt-AutoGen 'SALT_KEY' 32
$ALLOWED_HOSTS = Prompt-Default 'ALLOWED_HOSTS' 'schon.wiseless.xyz api.schon.wiseless.xyz'
$CSRF_TRUSTED_ORIGINS = Prompt-Default 'CSRF_TRUSTED_ORIGINS' 'https://schon.wiseless.xyz https://api.schon.wiseless.xyz https://www.schon.wiseless.xyz'
$CORS_ALLOWED_ORIGINS = Prompt-Default 'CORS_ALLOWED_ORIGINS' $CSRF_TRUSTED_ORIGINS
$POSTGRES_DB = Prompt-Default 'POSTGRES_DB' 'schon'
$POSTGRES_USER = Prompt-Default 'POSTGRES_USER' 'schon_user'
$POSTGRES_PASSWORD = Prompt-AutoGen 'POSTGRES_PASSWORD' 16
$DBBACKUP_TYPE = Prompt-Default 'DBBACKUP_TYPE' 'Your backup connection type'
$DBBACKUP_HOST = Prompt-Default 'DBBACKUP_HOST' 'Your SFTP backup host'
$DBBACKUP_USER = Prompt-Default 'DBBACKUP_USER' 'The username to use to log in to that host'
$DBBACKUP_PASS = Prompt-Default 'DBBACKUP_PASS' 'The password to use to log in to that host'
$ELASTIC_PASSWORD = Prompt-AutoGen 'ELASTIC_PASSWORD' 16
$REDIS_PASSWORD = Prompt-AutoGen 'REDIS_PASSWORD' 16
$PROMETHEUS_USER = Prompt-Default 'PROMETHEUS_USER' 'schon'
$PROMETHEUS_PASSWORD = Prompt-AutoGen 'PROMETHEUS_PASSWORD' 16
$EMAIL_BACKEND = Prompt-Default 'EMAIL_BACKEND' 'django.core.mail.backends.smtp.EmailBackend'
$EMAIL_HOST = Prompt-Default 'EMAIL_HOST' 'smtp.whatever.schon.wiseless.xyz'
$EMAIL_PORT = Prompt-Default 'EMAIL_PORT' '465'
$EMAIL_USE_TLS = Prompt-Default 'EMAIL_USE_TLS' '0'
$EMAIL_USE_SSL = Prompt-Default 'EMAIL_USE_SSL' '1'
$EMAIL_HOST_USER = Prompt-Default 'EMAIL_HOST_USER' 'your-email-user@whatever.schon.wiseless.xyz'
$EMAIL_FROM = Prompt-Default 'EMAIL_FROM' $EMAIL_HOST_USER
$EMAIL_HOST_PASSWORD = Prompt-Default 'EMAIL_HOST_PASSWORD' 'SUPERSECRETEMAILHOSTPASSWORD'
$COMPANY_NAME = Prompt-Default 'COMPANY_NAME' 'Schon, Inc.'
$COMPANY_PHONE_NUMBER = Prompt-Default 'COMPANY_PHONE_NUMBER' '+888888888888'
$COMPANY_ADDRESS = Prompt-Default 'COMPANY_ADDRESS' 'The place that does not exist'
$OPENAI_API_KEY = Prompt-Default 'OPENAI_API_KEY' 'Haha, really?'
$ABSTRACT_API_KEY = Prompt-Default 'ABSTRACT_API_KEY' 'Haha, really? x2'
$DEEPL_AUTH_KEY = Prompt-Default 'DEEPL_AUTH_KEY' 'Haha, really? x3'
$lines = @(
"SCHON_PROJECT_NAME=""$SCHON_PROJECT_NAME"""
"SCHON_STOREFRONT_DOMAIN=""$SCHON_STOREFRONT_DOMAIN"""
"SCHON_BASE_DOMAIN=""$SCHON_BASE_DOMAIN"""
"SENTRY_DSN=""$SENTRY_DSN"""
"DEBUG=$DEBUG"
"TIME_ZONE=""$TIME_ZONE"""
"SCHON_LANGUAGE_CODE=""$SCHON_LANGUAGE_CODE"""
""
"SECRET_KEY=""$SECRET_KEY"""
"JWT_SIGNING_KEY=""$JWT_SIGNING_KEY"""
"SALT_KEY=""$SALT_KEY"""
""
"ALLOWED_HOSTS=""$ALLOWED_HOSTS"""
"CSRF_TRUSTED_ORIGINS=""$CSRF_TRUSTED_ORIGINS"""
"CORS_ALLOWED_ORIGINS=""$CORS_ALLOWED_ORIGINS"""
""
"POSTGRES_DB=""$POSTGRES_DB"""
"POSTGRES_USER=""$POSTGRES_USER"""
"POSTGRES_PASSWORD=""$POSTGRES_PASSWORD"""
""
"DBBACKUP_TYPE=""$DBBACKUP_TYPE"""
"DBBACKUP_HOST=""$DBBACKUP_HOST"""
"DBBACKUP_USER=""$DBBACKUP_USER"""
"DBBACKUP_PASS=""$DBBACKUP_PASS"""
""
"ELASTIC_PASSWORD=""$ELASTIC_PASSWORD"""
""
"REDIS_PASSWORD=""$REDIS_PASSWORD"""
'CELERY_BROKER_URL="redis://:' + $REDIS_PASSWORD + '@redis:6379/0"'
'CELERY_RESULT_BACKEND="redis://:' + $REDIS_PASSWORD + '@redis:6379/0"'
""
"PROMETHEUS_USER=""$PROMETHEUS_USER"""
"PROMETHEUS_PASSWORD=""$PROMETHEUS_PASSWORD"""
""
"EMAIL_BACKEND=""$EMAIL_BACKEND"""
"EMAIL_HOST=""$EMAIL_HOST"""
"EMAIL_PORT=""$EMAIL_PORT"""
"EMAIL_USE_TLS=$EMAIL_USE_TLS"
"EMAIL_USE_SSL=$EMAIL_USE_SSL"
"EMAIL_HOST_USER=""$EMAIL_HOST_USER"""
"EMAIL_HOST_PASSWORD=""$EMAIL_HOST_PASSWORD"""
"EMAIL_FROM=""$EMAIL_FROM"""
""
"COMPANY_NAME=""$COMPANY_NAME"""
"COMPANY_PHONE_NUMBER=""$COMPANY_PHONE_NUMBER"""
"COMPANY_ADDRESS=""$COMPANY_ADDRESS"""
""
"OPENAI_API_KEY=""$OPENAI_API_KEY"""
""
"ABSTRACT_API_KEY=""$ABSTRACT_API_KEY"""
""
"DEEPL_AUTH_KEY=""$DEEPL_AUTH_KEY"""
)
$lines | Out-File -FilePath '.env' -Encoding utf8
Write-Host ".env file generated with fresh values." -ForegroundColor Green
Reference in a new issue View git blame Copy permalink