Update file permissions and enhance setup scripts for better security
This commit is contained in:
2
bin/auth-test.js
Normal file → Executable file
2
bin/auth-test.js
Normal file → Executable file
@@ -1,3 +1,5 @@
|
|||||||
|
#!/usr/bin/env node
|
||||||
|
|
||||||
import { ClientSecretCredential } from "@azure/identity";
|
import { ClientSecretCredential } from "@azure/identity";
|
||||||
import { config } from "../config.js";
|
import { config } from "../config.js";
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env node
|
#!/usr/bin/env node
|
||||||
|
|
||||||
import { execSync, spawnSync } from "child_process";
|
import { exec, execSync, spawnSync } from "child_process";
|
||||||
import { writeFileSync } from "fs";
|
import { writeFileSync } from "fs";
|
||||||
import { parseArgs } from "util";
|
import { parseArgs } from "util";
|
||||||
|
|
||||||
@@ -9,6 +9,8 @@ const args = parseArgs({
|
|||||||
"app-name": { type: "string", short: "a" },
|
"app-name": { type: "string", short: "a" },
|
||||||
help: { type: "boolean", short: "h" },
|
help: { type: "boolean", short: "h" },
|
||||||
"generate-client-secret": { type: "boolean", short: "s" },
|
"generate-client-secret": { type: "boolean", short: "s" },
|
||||||
|
"write-config": { type: "boolean", short: "w" },
|
||||||
|
"write-env": { type: "boolean", short: "e" },
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
||||||
@@ -132,32 +134,40 @@ if (args.values["generate-client-secret"]) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write the APP_ID to the .env file
|
if (args.values["write-env"] || args.values["generate-client-secret"]) {
|
||||||
const envContent = `AZ_APP_NAME="${config.appName}"
|
// Write the APP_ID to the .env file
|
||||||
|
const envContent = `AZ_APP_NAME="${config.appName}"
|
||||||
ARM_TENANT_ID=${config.tenantId}
|
ARM_TENANT_ID=${config.tenantId}
|
||||||
ARM_CLIENT_ID=${config.appId}
|
ARM_CLIENT_ID=${config.appId}
|
||||||
ARM_CLIENT_SECRET=${config.clientSecret || ""}
|
ARM_CLIENT_SECRET=${config.clientSecret || ""}
|
||||||
`;
|
`;
|
||||||
|
|
||||||
writeFileSync(".env", envContent);
|
writeFileSync(".env", envContent);
|
||||||
console.log(".env file created with application configuration.");
|
try {
|
||||||
|
execSync("chmod 600 .env");
|
||||||
|
} catch (error) {
|
||||||
|
console.warn(
|
||||||
|
"Could not set file permissions for .env. Please ensure it is secured appropriately.",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
console.log(".env file created with application configuration.");
|
||||||
|
}
|
||||||
|
|
||||||
// Save the config to the 'config.js' file.
|
if (args.values["write-config"] || args.values["generate-client-secret"]) {
|
||||||
writeFileSync(
|
// Save the config to the 'config.js' file.
|
||||||
"config.js",
|
writeFileSync(
|
||||||
`export const config = ${JSON.stringify(config, null, 4)};\n`,
|
"config.js",
|
||||||
);
|
`export const config = ${JSON.stringify(config, null, 4)};\n`,
|
||||||
console.log("config.js file created.");
|
|
||||||
|
|
||||||
// Check if we can change file mode permissions (Unix-like systems)
|
|
||||||
// for sensitive files like .env and config.js.
|
|
||||||
try {
|
|
||||||
execSync("chmod 600 .env config.js");
|
|
||||||
console.log("File permissions for .env and config.js set to 600.");
|
|
||||||
} catch (error) {
|
|
||||||
console.warn(
|
|
||||||
"Could not set file permissions. Please ensure .env and config.js are secured appropriately.",
|
|
||||||
);
|
);
|
||||||
|
|
||||||
|
try {
|
||||||
|
execSync("chmod 600 config.js");
|
||||||
|
} catch (error) {
|
||||||
|
console.warn(
|
||||||
|
"Could not set file permissions for config.js. Please ensure it is secured appropriately.",
|
||||||
|
);
|
||||||
|
}
|
||||||
|
console.log("config.js file created.");
|
||||||
}
|
}
|
||||||
|
|
||||||
console.log("Setup complete.");
|
console.log("Setup complete.");
|
||||||
|
|||||||
Reference in New Issue
Block a user