@striae-org/striae 5.2.0 → 5.3.0

package/scripts/deploy-config/modules/prompt.sh

@@ -1,372 +0,0 @@
-#!/bin/bash
-
-prompt_for_secrets() {
-    echo -e "\n${BLUE}🔐 Environment Variables Setup${NC}"
-    echo "=============================="
-    echo -e "${YELLOW}Please provide values for the following environment variables.${NC}"
-    echo -e "${YELLOW}Press Enter to keep existing values (if any).${NC}"
-    echo ""
-
-    # Create or backup existing .env
-    if [ -f ".env" ] && [ "$update_env" != "true" ]; then
-        cp .env .env.backup
-        echo -e "${GREEN}📄 Existing .env backed up to .env.backup${NC}"
-    fi
-
-    # Copy .env.example to .env if it doesn't exist
-    if [ ! -f ".env" ]; then
-        cp .env.example .env
-        echo -e "${GREEN}📄 Created .env from .env.example${NC}"
-    fi
-
-    # Function to prompt for a variable
-    is_auto_generated_secret_var() {
-        local var_name=$1
-        case "$var_name" in
-            USER_DB_AUTH|R2_KEY_SECRET|KEYS_AUTH|PDF_WORKER_AUTH|IMAGES_API_TOKEN|IMAGE_SIGNED_URL_SECRET)
-                return 0
-                ;;
-            *)
-                return 1
-                ;;
-        esac
-    }
-
-    is_secret_placeholder_value() {
-        local var_name=$1
-        local value=$2
-        case "$var_name" in
-            USER_DB_AUTH)
-                [ "$value" = "your_custom_user_db_auth_token_here" ]
-                ;;
-            R2_KEY_SECRET)
-                [ "$value" = "your_custom_r2_secret_here" ]
-                ;;
-            KEYS_AUTH)
-                [ "$value" = "your_custom_keys_auth_token_here" ]
-                ;;
-            PDF_WORKER_AUTH)
-                [ "$value" = "your_custom_pdf_worker_auth_token_here" ]
-                ;;
-            IMAGES_API_TOKEN)
-                [ "$value" = "your_cloudflare_images_api_token_here" ]
-                ;;
-            IMAGE_SIGNED_URL_SECRET)
-                [ "$value" = "your_image_signed_url_secret_here" ]
-                ;;
-            *)
-                return 1
-                ;;
-        esac
-    }
-
-    generate_secret_value() {
-        local var_name=$1
-        case "$var_name" in
-            IMAGE_SIGNED_URL_SECRET)
-                openssl rand -base64 48 2>/dev/null | tr '+/' '-_' | tr -d '='
-                ;;
-            *)
-                openssl rand -hex 32 2>/dev/null
-                ;;
-        esac
-    }
-
-    prompt_for_var() {
-        local var_name=$1
-        local description=$2
-        local current_value="${!var_name}"
-        local new_value=""
-        local allow_keep="false"
-
-        current_value=$(strip_carriage_returns "$current_value")
-
-        if [ "$var_name" = "PAGES_CUSTOM_DOMAIN" ]; then
-            current_value=$(resolve_existing_domain_value "$var_name" "$current_value")
-        fi
-
-        # Auto-generate selected secrets - but allow keeping current.
-        if is_auto_generated_secret_var "$var_name"; then
-            echo -e "${BLUE}$var_name${NC}"
-            echo -e "${YELLOW}$description${NC}"
-
-            if [ "$update_env" != "true" ] && [ -n "$current_value" ] && ! is_placeholder "$current_value" && ! is_secret_placeholder_value "$var_name" "$current_value"; then
-                # Current value exists and is not a placeholder
-                echo -e "${GREEN}Current value: [HIDDEN]${NC}"
-                read -p "Generate new secret? (press Enter to keep current, or type 'y' to generate): " gen_choice
-                gen_choice=$(strip_carriage_returns "$gen_choice")
-
-                if [ "$gen_choice" = "y" ] || [ "$gen_choice" = "Y" ]; then
-                    new_value=$(generate_secret_value "$var_name" || echo "")
-                    if [ -n "$new_value" ]; then
-                        echo -e "${GREEN}✅ $var_name auto-generated${NC}"
-                    else
-                        while true; do
-                            echo -e "${RED}❌ Failed to auto-generate, please enter manually:${NC}"
-                            read -p "Enter value: " new_value
-                            new_value=$(strip_carriage_returns "$new_value")
-                            if [ -z "$new_value" ]; then
-                                echo -e "${RED}❌ A value is required.${NC}"
-                                continue
-                            fi
-                            if is_placeholder "$new_value"; then
-                                echo -e "${RED}❌ Placeholder values are not allowed.${NC}"
-                                new_value=""
-                                continue
-                            fi
-                            break
-                        done
-                    fi
-                else
-                    # User wants to keep current value
-                    new_value=""
-                fi
-            else
-                # No current value or placeholder value - auto-generate
-                echo -e "${YELLOW}Auto-generating secret...${NC}"
-                new_value=$(generate_secret_value "$var_name" || echo "")
-                if [ -n "$new_value" ]; then
-                    echo -e "${GREEN}✅ $var_name auto-generated${NC}"
-                else
-                    while true; do
-                        echo -e "${RED}❌ Failed to auto-generate, please enter manually:${NC}"
-                        read -p "Enter value: " new_value
-                        new_value=$(strip_carriage_returns "$new_value")
-                        if [ -z "$new_value" ]; then
-                            echo -e "${RED}❌ A value is required.${NC}"
-                            continue
-                        fi
-                        if is_placeholder "$new_value"; then
-                            echo -e "${RED}❌ Placeholder values are not allowed.${NC}"
-                            new_value=""
-                            continue
-                        fi
-                        break
-                    done
-                fi
-            fi
-        else
-            # Normal prompt for other variables
-            echo -e "${BLUE}$var_name${NC}"
-            echo -e "${YELLOW}$description${NC}"
-            if [ "$update_env" != "true" ] && [ -n "$current_value" ] && ! is_placeholder "$current_value"; then
-                allow_keep="true"
-                if [ "$var_name" = "FIREBASE_SERVICE_ACCOUNT_PRIVATE_KEY" ]; then
-                    echo -e "${GREEN}Current value: [HIDDEN]${NC}"
-                else
-                    echo -e "${GREEN}Current value: $current_value${NC}"
-                fi
-            fi
-
-            while true; do
-                if [ "$allow_keep" = "true" ]; then
-                    read -p "New value (or press Enter to keep current): " new_value
-                    new_value=$(strip_carriage_returns "$new_value")
-                    if [ -z "$new_value" ]; then
-                        break
-                    fi
-                else
-                    read -p "Enter value: " new_value
-                    new_value=$(strip_carriage_returns "$new_value")
-                    if [ -z "$new_value" ]; then
-                        echo -e "${RED}❌ A value is required.${NC}"
-                        continue
-                    fi
-                fi
-
-                if is_placeholder "$new_value"; then
-                    echo -e "${RED}❌ Placeholder values are not allowed.${NC}"
-                    new_value=""
-                    continue
-                fi
-
-                if [[ "$var_name" == *_WORKER_NAME ]]; then
-                    new_value=$(normalize_worker_label_value "$new_value")
-
-                    if [ -z "$new_value" ] || ! is_valid_worker_label "$new_value"; then
-                        echo -e "${RED}❌ $var_name must use only lowercase letters, numbers, and dashes.${NC}"
-                        new_value=""
-                        continue
-                    fi
-                fi
-
-                break
-            done
-        fi
-
-        if [ -n "$new_value" ]; then
-            if [ "$var_name" = "PAGES_CUSTOM_DOMAIN" ]; then
-                new_value=$(normalize_domain_value "$new_value")
-            fi
-
-            # Update the .env file
-            write_env_var "$var_name" "$new_value"
-
-            export "$var_name=$new_value"
-            echo -e "${GREEN}✅ $var_name updated${NC}"
-        elif [ -n "$current_value" ]; then
-            if [[ "$var_name" == *_WORKER_NAME ]]; then
-                current_value=$(normalize_worker_label_value "$current_value")
-            fi
-
-            # Keep values aligned with .env.example ordering and remove stale duplicates.
-            write_env_var "$var_name" "$current_value"
-            export "$var_name=$current_value"
-            echo -e "${GREEN}✅ Keeping current value for $var_name${NC}"
-        fi
-        echo ""
-    }
-
-    set_worker_domain_from_shared_subdomain() {
-        local worker_name_var=$1
-        local worker_domain_var=$2
-        local worker_name_value="${!worker_name_var}"
-        local composed_domain=""
-
-        worker_name_value=$(normalize_worker_label_value "$worker_name_value")
-
-        if [ -z "$worker_name_value" ] || ! is_valid_worker_label "$worker_name_value"; then
-            echo -e "${RED}❌ $worker_name_var must use only lowercase letters, numbers, and dashes.${NC}"
-            exit 1
-        fi
-
-        composed_domain=$(compose_worker_domain "$worker_name_value" "$shared_worker_subdomain" || echo "")
-
-        if [ -z "$composed_domain" ]; then
-            echo -e "${RED}❌ Could not build $worker_domain_var from $worker_name_var and shared worker-subdomain.${NC}"
-            exit 1
-        fi
-
-        write_env_var "$worker_domain_var" "$composed_domain"
-        export "$worker_domain_var=$composed_domain"
-        echo -e "${GREEN}✅ $worker_domain_var set to $composed_domain${NC}"
-    }
-
-    echo -e "${BLUE}📊 CLOUDFLARE CORE CONFIGURATION${NC}"
-    echo "=================================="
-    prompt_for_var "ACCOUNT_ID" "Your Cloudflare Account ID"
-
-    echo -e "${BLUE}🔐 SHARED AUTHENTICATION & STORAGE${NC}"
-    echo "==================================="
-    prompt_for_var "USER_DB_AUTH" "Custom user database authentication token (generate with: openssl rand -hex 16)"
-    prompt_for_var "R2_KEY_SECRET" "Custom R2 storage authentication token (generate with: openssl rand -hex 16)"
-    prompt_for_var "IMAGES_API_TOKEN" "Image worker API token (shared between workers)"
-
-    echo -e "${BLUE}🔥 FIREBASE AUTH CONFIGURATION${NC}"
-    echo "==============================="
-    prompt_for_var "API_KEY" "Firebase API key"
-    prompt_for_var "AUTH_DOMAIN" "Firebase auth domain (project-id.firebaseapp.com)"
-    prompt_for_var "STORAGE_BUCKET" "Firebase storage bucket"
-    prompt_for_var "MESSAGING_SENDER_ID" "Firebase messaging sender ID"
-    prompt_for_var "APP_ID" "Firebase app ID"
-    prompt_for_var "MEASUREMENT_ID" "Firebase measurement ID (optional)"
-    echo -e "${GREEN}Using PROJECT_ID and service account values from app/config/admin-service.json${NC}"
-
-    echo -e "${BLUE}📄 PAGES CONFIGURATION${NC}"
-    echo "======================"
-    prompt_for_var "PAGES_PROJECT_NAME" "Your Cloudflare Pages project name"
-    prompt_for_var "PAGES_CUSTOM_DOMAIN" "Your custom domain (e.g., striae.org) - DO NOT include https://"
-
-    echo -e "${BLUE}🔑 WORKER NAMES & DOMAINS${NC}"
-    echo "========================="
-    echo -e "${YELLOW}Worker names are lowercased automatically and must use only letters, numbers, and dashes.${NC}"
-    echo -e "${YELLOW}Enter one shared worker-subdomain as a hostname (for example: team-name.workers.dev).${NC}"
-    echo -e "${YELLOW}Each worker domain is generated as {worker-name}.{worker-subdomain}.${NC}"
-
-    local shared_worker_subdomain=""
-    local shared_worker_subdomain_default=""
-    local shared_worker_subdomain_input=""
-
-    shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$KEYS_WORKER_NAME" "$KEYS_WORKER_DOMAIN")
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$USER_WORKER_NAME" "$USER_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$DATA_WORKER_NAME" "$DATA_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$AUDIT_WORKER_NAME" "$AUDIT_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$IMAGES_WORKER_NAME" "$IMAGES_WORKER_DOMAIN")
-    fi
-    if [ -z "$shared_worker_subdomain_default" ]; then
-        shared_worker_subdomain_default=$(infer_worker_subdomain_from_domain "$PDF_WORKER_NAME" "$PDF_WORKER_DOMAIN")
-    fi
-
-    while true; do
-        echo -e "${BLUE}WORKER_SUBDOMAIN${NC}"
-
-        if [ "$update_env" != "true" ] && [ -n "$shared_worker_subdomain_default" ] && ! is_placeholder "$shared_worker_subdomain_default"; then
-            echo -e "${GREEN}Current value: $shared_worker_subdomain_default${NC}"
-            read -p "New value (or press Enter to keep current): " shared_worker_subdomain_input
-            shared_worker_subdomain_input=$(strip_carriage_returns "$shared_worker_subdomain_input")
-
-            if [ -z "$shared_worker_subdomain_input" ]; then
-                shared_worker_subdomain="$shared_worker_subdomain_default"
-            else
-                shared_worker_subdomain="$shared_worker_subdomain_input"
-            fi
-        else
-            read -p "Enter shared worker-subdomain (e.g., team-name.workers.dev): " shared_worker_subdomain_input
-            shared_worker_subdomain_input=$(strip_carriage_returns "$shared_worker_subdomain_input")
-            shared_worker_subdomain="$shared_worker_subdomain_input"
-        fi
-
-        if [ -z "$shared_worker_subdomain" ] || is_placeholder "$shared_worker_subdomain"; then
-            echo -e "${RED}❌ shared worker-subdomain is required and cannot be a placeholder.${NC}"
-            continue
-        fi
-
-        shared_worker_subdomain=$(normalize_worker_subdomain_value "$shared_worker_subdomain")
-
-        if [ -z "$shared_worker_subdomain" ] || ! is_valid_worker_subdomain "$shared_worker_subdomain"; then
-            echo -e "${RED}❌ shared worker-subdomain must be a valid hostname like team-name.workers.dev (letters, numbers, dashes, and dots).${NC}"
-            continue
-        fi
-
-        echo -e "${GREEN}✅ Shared worker-subdomain set to: $shared_worker_subdomain${NC}"
-        echo ""
-        break
-    done
-
-    prompt_for_var "KEYS_WORKER_NAME" "Keys worker name"
-    prompt_for_var "USER_WORKER_NAME" "User worker name"
-    prompt_for_var "DATA_WORKER_NAME" "Data worker name"
-    prompt_for_var "AUDIT_WORKER_NAME" "Audit worker name"
-    prompt_for_var "IMAGES_WORKER_NAME" "Images worker name"
-    prompt_for_var "PDF_WORKER_NAME" "PDF worker name"
-
-    set_worker_domain_from_shared_subdomain "KEYS_WORKER_NAME" "KEYS_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "USER_WORKER_NAME" "USER_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "DATA_WORKER_NAME" "DATA_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "AUDIT_WORKER_NAME" "AUDIT_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "IMAGES_WORKER_NAME" "IMAGES_WORKER_DOMAIN"
-    set_worker_domain_from_shared_subdomain "PDF_WORKER_NAME" "PDF_WORKER_DOMAIN"
-    echo ""
-
-    echo -e "${BLUE}🗄️ STORAGE CONFIGURATION${NC}"
-    echo "========================="
-    prompt_for_var "DATA_BUCKET_NAME" "Your R2 bucket name for case data storage"
-    prompt_for_var "AUDIT_BUCKET_NAME" "Your R2 bucket name for audit logs (separate from data bucket)"
-    prompt_for_var "FILES_BUCKET_NAME" "Your R2 bucket name for encrypted files storage"
-    prompt_for_var "KV_STORE_ID" "Your KV namespace ID (UUID format)"
-
-    echo -e "${BLUE}🔐 SERVICE-SPECIFIC SECRETS${NC}"
-    echo "============================"
-    prompt_for_var "KEYS_AUTH" "Keys worker authentication token (generate with: openssl rand -hex 16)"
-    prompt_for_var "PDF_WORKER_AUTH" "PDF worker authentication token (generate with: openssl rand -hex 16)"
-    prompt_for_var "IMAGE_SIGNED_URL_SECRET" "Image signed URL secret (generate with: openssl rand -base64 48 | tr '+/' '-_' | tr -d '=')"
-    prompt_for_var "BROWSER_API_TOKEN" "Cloudflare Browser Rendering API token (for PDF Worker)"
-
-    configure_manifest_signing_credentials
-    configure_export_encryption_credentials
-    configure_user_kv_encryption_credentials
-    configure_data_at_rest_encryption_credentials
-
-    # Reload the updated .env file
-    source .env
-
-    echo -e "${GREEN}🎉 Environment variables setup completed!${NC}"
-    echo -e "${BLUE}📄 All values saved to .env file${NC}"
-}