Update file permissions and enhance setup scripts for better security
This commit is contained in:
2
bin/auth-test.js
Normal file → Executable file
2
bin/auth-test.js
Normal file → Executable file
@@ -1,3 +1,5 @@
|
||||
#!/usr/bin/env node
|
||||
|
||||
import { ClientSecretCredential } from "@azure/identity";
|
||||
import { config } from "../config.js";
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env node
|
||||
|
||||
import { execSync, spawnSync } from "child_process";
|
||||
import { exec, execSync, spawnSync } from "child_process";
|
||||
import { writeFileSync } from "fs";
|
||||
import { parseArgs } from "util";
|
||||
|
||||
@@ -9,6 +9,8 @@ const args = parseArgs({
|
||||
"app-name": { type: "string", short: "a" },
|
||||
help: { type: "boolean", short: "h" },
|
||||
"generate-client-secret": { type: "boolean", short: "s" },
|
||||
"write-config": { type: "boolean", short: "w" },
|
||||
"write-env": { type: "boolean", short: "e" },
|
||||
},
|
||||
});
|
||||
|
||||
@@ -132,32 +134,40 @@ if (args.values["generate-client-secret"]) {
|
||||
}
|
||||
}
|
||||
|
||||
// Write the APP_ID to the .env file
|
||||
const envContent = `AZ_APP_NAME="${config.appName}"
|
||||
if (args.values["write-env"] || args.values["generate-client-secret"]) {
|
||||
// Write the APP_ID to the .env file
|
||||
const envContent = `AZ_APP_NAME="${config.appName}"
|
||||
ARM_TENANT_ID=${config.tenantId}
|
||||
ARM_CLIENT_ID=${config.appId}
|
||||
ARM_CLIENT_SECRET=${config.clientSecret || ""}
|
||||
`;
|
||||
|
||||
writeFileSync(".env", envContent);
|
||||
console.log(".env file created with application configuration.");
|
||||
writeFileSync(".env", envContent);
|
||||
try {
|
||||
execSync("chmod 600 .env");
|
||||
} catch (error) {
|
||||
console.warn(
|
||||
"Could not set file permissions for .env. Please ensure it is secured appropriately.",
|
||||
);
|
||||
}
|
||||
console.log(".env file created with application configuration.");
|
||||
}
|
||||
|
||||
// Save the config to the 'config.js' file.
|
||||
writeFileSync(
|
||||
"config.js",
|
||||
`export const config = ${JSON.stringify(config, null, 4)};\n`,
|
||||
);
|
||||
console.log("config.js file created.");
|
||||
|
||||
// Check if we can change file mode permissions (Unix-like systems)
|
||||
// for sensitive files like .env and config.js.
|
||||
try {
|
||||
execSync("chmod 600 .env config.js");
|
||||
console.log("File permissions for .env and config.js set to 600.");
|
||||
} catch (error) {
|
||||
console.warn(
|
||||
"Could not set file permissions. Please ensure .env and config.js are secured appropriately.",
|
||||
if (args.values["write-config"] || args.values["generate-client-secret"]) {
|
||||
// Save the config to the 'config.js' file.
|
||||
writeFileSync(
|
||||
"config.js",
|
||||
`export const config = ${JSON.stringify(config, null, 4)};\n`,
|
||||
);
|
||||
|
||||
try {
|
||||
execSync("chmod 600 config.js");
|
||||
} catch (error) {
|
||||
console.warn(
|
||||
"Could not set file permissions for config.js. Please ensure it is secured appropriately.",
|
||||
);
|
||||
}
|
||||
console.log("config.js file created.");
|
||||
}
|
||||
|
||||
console.log("Setup complete.");
|
||||
|
||||
Reference in New Issue
Block a user