CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-27 02:31:04 +12:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1154 from lohanidamodar/feat-auto-generate-secret-keys

Browse source 
feat-auto-generate-secret-keys
This commit is contained in:
Eldad A. Fux 2021-05-18 22:30:37 +03:00 committed by GitHub
parent e9e501bf8e a0daea0bb9
commit cb97b8cc6a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 98 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
app/config/variables.php
View file

@ -14,6 +14,7 @@ return [
'default' => 'production',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_LOCALE',
@ -22,6 +23,7 @@ return [
'default' => 'en',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_OPTIONS_ABUSE',
@ -30,6 +32,7 @@ return [
'default' => 'enabled',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_OPTIONS_FORCE_HTTPS',
@ -38,6 +41,7 @@ return [
'default' => 'disabled',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_OPENSSL_KEY_V1',
@ -46,6 +50,7 @@ return [
'default' => 'your-secret-key',
'required' => true,
'question' => 'Choose a secret API key, make sure to make a backup of your key in a secure location',
'filter' => 'token'
],
[
'name' => '_APP_DOMAIN',
@ -54,6 +59,7 @@ return [
'default' => 'localhost',
'required' => true,
'question' => 'Enter your Appwrite hostname',
'filter' => ''
],
[
'name' => '_APP_DOMAIN_TARGET',
@ -62,6 +68,7 @@ return [
'default' => 'localhost',
'required' => true,
'question' => 'Enter a DNS A record hostname to serve as a CNAME for your custom domains.\nYou can use the same value as used for the Appwrite hostname.',
'filter' => ''
],
[
'name' => '_APP_CONSOLE_WHITELIST_ROOT',
@ -70,6 +77,7 @@ return [
'default' => 'enabled',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_CONSOLE_WHITELIST_EMAILS',
@ -78,6 +86,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
// [
// 'name' => '_APP_CONSOLE_WHITELIST_DOMAINS',
@ -94,6 +103,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SYSTEM_EMAIL_NAME',
@ -102,6 +112,7 @@ return [
'default' => 'Appwrite',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SYSTEM_EMAIL_ADDRESS',
@ -110,6 +121,7 @@ return [
'default' => 'team@appwrite.io',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SYSTEM_RESPONSE_FORMAT',
@ -118,6 +130,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SYSTEM_SECURITY_EMAIL_ADDRESS',
@ -126,6 +139,7 @@ return [
'default' => 'certs@appwrite.io',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_USAGE_STATS',
@ -134,6 +148,7 @@ return [
'default' => 'enabled',
'required' => false,
'question' => '',
'filter' => ''
]
],
],
@ -148,6 +163,7 @@ return [
'default' => 'redis',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_REDIS_PORT',
@ -156,6 +172,7 @@ return [
'default' => '6379',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_REDIS_USER',
@ -164,6 +181,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_REDIS_PASS',
@ -172,6 +190,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
],
],
@ -186,6 +205,7 @@ return [
'default' => 'mariadb',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_DB_PORT',
@ -194,6 +214,7 @@ return [
'default' => '3306',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_DB_SCHEMA',
@ -202,6 +223,7 @@ return [
'default' => 'appwrite',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_DB_USER',
@ -210,6 +232,7 @@ return [
'default' => 'user',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_DB_PASS',
@ -218,6 +241,16 @@ return [
'default' => 'password',
'required' => false,
'question' => '',
'filter' => 'password'
],
[
'name' => '_APP_DB_ROOT_PASS',
'description' => 'MariaDB server root password. Default value is: \'rootsecretpassword\'.',
'introduction' => '',
'default' => 'rootsecretpassword',
'required' => false,
'question' => '',
'filter' => 'password'
],
],
],
@ -232,6 +265,7 @@ return [
'default' => 'influxdb',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_INFLUXDB_PORT',
@ -240,6 +274,7 @@ return [
'default' => '8086',
'required' => false,
'question' => '',
'filter' => ''
],
],
],
@ -254,6 +289,7 @@ return [
'default' => 'telegraf',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_STATSD_PORT',
@ -262,6 +298,7 @@ return [
'default' => '8125',
'required' => false,
'question' => '',
'filter' => ''
],
],
],
@ -276,6 +313,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SMTP_PORT',
@ -284,6 +322,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SMTP_SECURE',
@ -292,6 +331,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SMTP_USERNAME',
@ -300,6 +340,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_SMTP_PASSWORD',
@ -308,6 +349,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
],
],
@ -322,6 +364,7 @@ return [
'default' => '10000000',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_STORAGE_ANTIVIRUS',
@ -330,6 +373,7 @@ return [
'default' => 'disabled',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_STORAGE_ANTIVIRUS_HOST',
@ -338,6 +382,7 @@ return [
'default' => 'clamav',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_STORAGE_ANTIVIRUS_PORT',
@ -346,6 +391,7 @@ return [
'default' => '3310',
'required' => false,
'question' => '',
'filter' => ''
],
],
],
@ -360,6 +406,7 @@ return [
'default' => '900',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_FUNCTIONS_CONTAINERS',
@ -368,6 +415,7 @@ return [
'default' => '10',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_FUNCTIONS_CPUS',
@ -376,6 +424,7 @@ return [
'default' => '',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_FUNCTIONS_MEMORY',
@ -384,6 +433,7 @@ return [
'default' => '256',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_FUNCTIONS_MEMORY_SWAP',
@ -392,6 +442,7 @@ return [
'default' => '256',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_FUNCTIONS_RUNTIMES',
@ -400,6 +451,7 @@ return [
'default' => 'node-15.5,deno-1.8,php-8.0,python-3.9,ruby-3.0,dotnet-5.0',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_FUNCTIONS_ENVS',
@ -408,6 +460,7 @@ return [
'default' => 'node-14.5,deno-1.8,php-7.4,python-3.9,ruby-3.0,dotnet-5.0',
'required' => false,
'question' => '',
'filter' => ''
],
],
[
@ -421,6 +474,7 @@ return [
'default' => '86400',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_MAINTENANCE_RETENTION_EXECUTION',
@ -429,6 +483,7 @@ return [
'default' => '1209600',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_MAINTENANCE_RETENTION_AUDIT',
@ -437,6 +492,7 @@ return [
'default' => '1209600',
'required' => false,
'question' => '',
'filter' => ''
],
[
'name' => '_APP_MAINTENANCE_RETENTION_ABUSE',
@ -445,6 +501,7 @@ return [
'default' => '86400',
'required' => false,
'question' => '',
'filter' => ''
]
],
],

28
app/tasks/install.php
View file

@ -2,6 +2,7 @@
global $cli;
use Appwrite\Auth\Auth;
use Appwrite\Docker\Compose;
use Appwrite\Docker\Env;
use Utopia\Analytics\GoogleAnalytics;
@ -15,8 +16,10 @@ $cli
->desc('Install Appwrite')
->param('httpPort', '', new Text(4), 'Server HTTP port', true)
->param('httpsPort', '', new Text(4), 'Server HTTPS port', true)
->param('organization', 'appwrite', new Text(0), 'Docker Registry organization', true)
->param('image', 'appwrite', new Text(0), 'Main appwrite docker image', true)
->param('interactive','Y', new Text(1), 'Run an interactive session', true)
->action(function ($httpPort, $httpsPort, $interactive) {
->action(function ($httpPort, $httpsPort, $organization, $image, $interactive) {
/**
* 1. Start - DONE
* 2. Check for older setup and get older version - DONE
@ -64,6 +67,9 @@ $cli
$data = @file_get_contents($path.'/docker-compose.yml');
if($data !== false) {
$time = \time();
Console::info('Compose file found, creating backup: docker-compose.yml.'.$time.'.backup');
file_put_contents($path.'/docker-compose.yml.'.$time.'.backup',$data);
$compose = new Compose($data);
$appwrite = $compose->getService('appwrite');
$oldVersion = ($appwrite) ? $appwrite->getImageVersion() : null;
@ -89,6 +95,8 @@ $cli
$data = @file_get_contents($path.'/.env');
if($data !== false) { // Fetch all env vars from previous .env file
Console::info('Env file found, creating backup: .env.'.$time.'.backup');
file_put_contents($path.'/.env.'.$time.'.backup',$data);
$env = new Env($data);
foreach ($env->list() as $key => $value) {
@ -125,6 +133,22 @@ $cli
$input = [];
foreach($vars as $key => $var) {
if(!empty($var['filter']) && ($interactive !== 'Y' || !Console::isInteractive())) {
if($data && $var['default'] !== null) {
$input[$var['name']] = $var['default'];
continue;
}
if($var['filter'] === 'token') {
$input[$var['name']] = Auth::tokenGenerator();
continue;
}
if($var['filter'] === 'password') {
$input[$var['name']] = Auth::passwordGenerator();
continue;
}
}
if(!$var['required'] || !Console::isInteractive() || $interactive !== 'Y') {
$input[$var['name']] = $var['default'];
continue;
@ -144,6 +168,8 @@ $cli
->setParam('httpPort', $httpPort)
->setParam('httpsPort', $httpsPort)
->setParam('version', APP_VERSION_STABLE)
->setParam('organization', $organization)
->setParam('image', $image)
;
$templateForEnv

26
app/views/install/compose.phtml
View file

@ -3,6 +3,8 @@
$httpPort = $this->getParam('httpPort', '');
$httpsPort = $this->getParam('httpsPort', '');
$version = $this->getParam('version', '');
$organization = $this->getParam('organization', '');
$image = $this->getParam('image', '');
?>version: '3'
services:
@ -32,7 +34,7 @@ services:
- appwrite
appwrite:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
container_name: appwrite
restart: unless-stopped
networks:
@ -98,7 +100,7 @@ services:
- _APP_FUNCTIONS_RUNTIMES
appwrite-worker-usage:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-usage
container_name: appwrite-worker-usage
restart: unless-stopped
@ -117,7 +119,7 @@ services:
- _APP_STATSD_PORT
appwrite-worker-audits:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-audits
container_name: appwrite-worker-audits
restart: unless-stopped
@ -139,7 +141,7 @@ services:
- _APP_DB_PASS
appwrite-worker-webhooks:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-webhooks
container_name: appwrite-worker-webhooks
restart: unless-stopped
@ -162,7 +164,7 @@ services:
- _APP_DB_PASS
appwrite-worker-tasks:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-tasks
container_name: appwrite-worker-tasks
restart: unless-stopped
@ -185,7 +187,7 @@ services:
- _APP_DB_PASS
appwrite-worker-deletes:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-deletes
container_name: appwrite-worker-deletes
restart: unless-stopped
@ -211,7 +213,7 @@ services:
- _APP_DB_PASS
appwrite-worker-certificates:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-certificates
container_name: appwrite-worker-certificates
restart: unless-stopped
@ -238,7 +240,7 @@ services:
- _APP_DB_PASS
appwrite-worker-functions:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-functions
container_name: appwrite-worker-functions
restart: unless-stopped
@ -271,7 +273,7 @@ services:
- _APP_USAGE_STATS
appwrite-worker-mails:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: worker-mails
container_name: appwrite-worker-mails
restart: unless-stopped
@ -294,7 +296,7 @@ services:
- _APP_SMTP_PASSWORD
appwrite-maintenance:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: maintenance
container_name: appwrite-maintenance
restart: unless-stopped
@ -315,7 +317,7 @@ services:
appwrite-schedule:
image: appwrite/appwrite:<?php echo $version."\n"; ?>
image: <?php echo $organization; ?>/<?php echo $image; ?>:<?php echo $version."\n"; ?>
entrypoint: schedule
container_name: appwrite-schedule
restart: unless-stopped
@ -339,7 +341,7 @@ services:
volumes:
- appwrite-mariadb:/var/lib/mysql:rw
environment:
- MYSQL_ROOT_PASSWORD=rootsecretpassword
- MYSQL_ROOT_PASSWORD=${_APP_DB_ROOT_PASS}
- MYSQL_DATABASE=${_APP_DB_SCHEMA}
- MYSQL_USER=${_APP_DB_USER}
- MYSQL_PASSWORD=${_APP_DB_PASS}