slawek/azure-node-playground
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update file permissions and enhance setup scripts for better security

Browse Source
This commit is contained in:
Sławek Koszewski
2026-01-26 22:47:18 +01:00
parent 8ec8f8deba
commit 341332b362
2 changed files with 32 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/auth-test.js Normal file → Executable file
View File

@@ -1,3 +1,5 @@
#!/usr/bin/env node
import { ClientSecretCredential } from "@azure/identity"; import { ClientSecretCredential } from "@azure/identity";
import { config } from "../config.js"; import { config } from "../config.js";

24
bin/setup-app.js
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env node #!/usr/bin/env node
import { execSync, spawnSync } from "child_process"; import { exec, execSync, spawnSync } from "child_process";
import { writeFileSync } from "fs"; import { writeFileSync } from "fs";
import { parseArgs } from "util"; import { parseArgs } from "util";
@@ -9,6 +9,8 @@ const args = parseArgs({
"app-name": { type: "string", short: "a" }, "app-name": { type: "string", short: "a" },
help: { type: "boolean", short: "h" }, help: { type: "boolean", short: "h" },
"generate-client-secret": { type: "boolean", short: "s" }, "generate-client-secret": { type: "boolean", short: "s" },
"write-config": { type: "boolean", short: "w" },
"write-env": { type: "boolean", short: "e" },
}, },
}); });
@@ -132,6 +134,7 @@ if (args.values["generate-client-secret"]) {
} }
} }
if (args.values["write-env"] || args.values["generate-client-secret"]) {
// Write the APP_ID to the .env file // Write the APP_ID to the .env file
const envContent = `AZ_APP_NAME="${config.appName}" const envContent = `AZ_APP_NAME="${config.appName}"
ARM_TENANT_ID=${config.tenantId} ARM_TENANT_ID=${config.tenantId}
@@ -140,24 +143,31 @@ ARM_CLIENT_SECRET=${config.clientSecret || ""}
`; `;
writeFileSync(".env", envContent); writeFileSync(".env", envContent);
try {
execSync("chmod 600 .env");
} catch (error) {
console.warn(
"Could not set file permissions for .env. Please ensure it is secured appropriately.",
);
}
console.log(".env file created with application configuration."); console.log(".env file created with application configuration.");
}
if (args.values["write-config"] || args.values["generate-client-secret"]) {
// Save the config to the 'config.js' file. // Save the config to the 'config.js' file.
writeFileSync( writeFileSync(
"config.js", "config.js",
`export const config = ${JSON.stringify(config, null, 4)};\n`, `export const config = ${JSON.stringify(config, null, 4)};\n`,
); );
console.log("config.js file created.");
// Check if we can change file mode permissions (Unix-like systems)
// for sensitive files like .env and config.js.
try { try {
execSync("chmod 600 .env config.js"); execSync("chmod 600 config.js");
console.log("File permissions for .env and config.js set to 600.");
} catch (error) { } catch (error) {
console.warn( console.warn(
"Could not set file permissions. Please ensure .env and config.js are secured appropriately.", "Could not set file permissions for config.js. Please ensure it is secured appropriately.",
); );
} }
console.log("config.js file created.");
}
console.log("Setup complete."); console.log("Setup complete.");