59 lines
1.6 KiB
Bash
Executable File
59 lines
1.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Generate a 32-byte (64 hex chars) AUTH_SECRET for web session signing.
|
|
set -euo pipefail
|
|
|
|
usage() {
|
|
cat <<'EOF'
|
|
Generate AUTH_SECRET.
|
|
|
|
Usage:
|
|
scripts/gen_auth_secret.sh Print a fresh secret to stdout.
|
|
scripts/gen_auth_secret.sh --write Set AUTH_SECRET= in ./.env.development
|
|
(creates if missing, replaces if present).
|
|
scripts/gen_auth_secret.sh --write PATH Same, against an explicit env path.
|
|
EOF
|
|
}
|
|
|
|
generate() {
|
|
if command -v openssl >/dev/null 2>&1; then
|
|
openssl rand -hex 32
|
|
else
|
|
head -c 32 /dev/urandom | xxd -p -c 64
|
|
fi
|
|
}
|
|
|
|
write_into() {
|
|
local target="$1"
|
|
local secret
|
|
secret="$(generate)"
|
|
if [[ -f "${target}" ]] && grep -q '^AUTH_SECRET=' "${target}"; then
|
|
local tmp
|
|
tmp="$(mktemp)"
|
|
awk -v s="${secret}" '
|
|
/^AUTH_SECRET=/ { print "AUTH_SECRET=" s; next }
|
|
{ print }
|
|
' "${target}" > "${tmp}"
|
|
mv "${tmp}" "${target}"
|
|
echo "Replaced AUTH_SECRET in ${target}"
|
|
else
|
|
[[ -f "${target}" ]] || touch "${target}"
|
|
if [[ -s "${target}" && -n "$(tail -c 1 "${target}")" ]]; then
|
|
printf '\n' >> "${target}"
|
|
fi
|
|
printf 'AUTH_SECRET=%s\n' "${secret}" >> "${target}"
|
|
echo "Appended AUTH_SECRET to ${target}"
|
|
fi
|
|
}
|
|
|
|
case "${1:-}" in
|
|
-h|--help) usage ;;
|
|
--write)
|
|
target="${2:-.env.development}"
|
|
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
[[ "${target}" = /* ]] || target="${ROOT_DIR}/${target}"
|
|
write_into "${target}"
|
|
;;
|
|
"") generate ;;
|
|
*) echo "Unknown option: $1" >&2; usage >&2; exit 2 ;;
|
|
esac
|