admin/campaign_connector
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
campaign_connector/scripts/update-api-keys.sh
admin 30c2cfeba5 feat(security): Implement comprehensive security fixes and enhancements 
- Added Security Handoff Report detailing resolved issues and current configurations.
- Implemented CSRF protection using Flask-WTF, including token management in templates and JavaScript.
- Created standardized error handling module to log detailed errors while returning generic messages.
- Developed phone number validation module to ensure compliance with E.164 standards.
- Added CSV injection prevention measures during file uploads.
- Updated installation guide for clarity and completeness.
- Created script to update API keys from Android device, ensuring secure key management.
- Enhanced Docker security configurations to remove privileged mode and host networking.
- Implemented logging and sanitization for error messages to prevent information disclosure.
- Added verification script to test security setup flow and validate configurations.
2026-01-01 17:18:50 -07:00

227 lines
8.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Ubuntu Homelab - Update API Keys from Android Device
# Syncs the SMS_API_SECRET from Android Termux to the local .env file
#
# Color codes
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
BOLD='\033[1m'
NC='\033[0m'
# Configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
ENV_FILE="$PROJECT_DIR/.env"
ENV_EXAMPLE="$PROJECT_DIR/.env.example"
# Banner
clear
echo -e "${CYAN}╔════════════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${CYAN}${NC} ${BOLD}🔐 SMS Campaign Manager - API Key Configuration${NC} ${CYAN}${NC}"
echo -e "${CYAN}╚════════════════════════════════════════════════════════════════════════╝${NC}"
echo ""
# Check if .env exists
if [ ! -f "$ENV_FILE" ]; then
echo -e "${YELLOW}⚠️ .env file not found${NC}"
if [ -f "$ENV_EXAMPLE" ]; then
echo -e "${BLUE}Creating .env from .env.example...${NC}"
cp "$ENV_EXAMPLE" "$ENV_FILE"
echo -e "${GREEN}✅ Created .env file${NC}"
else
echo -e "${RED}❌ ERROR: .env.example not found${NC}"
exit 1
fi
echo ""
fi
# Function to update or add key in .env
update_env_key() {
local key=$1
local value=$2
if grep -q "^${key}=" "$ENV_FILE"; then
# Update existing key
sed -i.bak "s|^${key}=.*|${key}=${value}|" "$ENV_FILE"
echo -e "${GREEN}✅ Updated ${key}${NC}"
elif grep -q "^#${key}=" "$ENV_FILE"; then
# Uncomment and update
sed -i.bak "s|^#${key}=.*|${key}=${value}|" "$ENV_FILE"
echo -e "${GREEN}✅ Enabled and updated ${key}${NC}"
else
# Add new key
echo "${key}=${value}" >> "$ENV_FILE"
echo -e "${GREEN}✅ Added ${key}${NC}"
fi
}
echo -e "${BOLD}Choose an option:${NC}"
echo ""
echo -e " ${CYAN}1.${NC} Enter API key manually"
echo -e " ${CYAN}2.${NC} Fetch from Android device via SSH"
echo -e " ${CYAN}3.${NC} Generate new keys for both systems"
echo ""
echo -n "Enter choice (1-3): "
read -r choice
echo ""
case $choice in
1)
# Manual entry
echo -e "${BLUE}📝 Manual API Key Entry${NC}"
echo ""
echo -e "${YELLOW}Enter the API key from your Android device:${NC}"
echo -e "${CYAN}(It should be a 64-character hex string)${NC}"
echo ""
read -r API_KEY
if [ -z "$API_KEY" ]; then
echo -e "${RED}❌ No API key provided${NC}"
exit 1
fi
# Validate format (should be 64 hex characters)
if [[ ! "$API_KEY" =~ ^[a-f0-9]{64}$ ]]; then
echo -e "${YELLOW}⚠️ Warning: API key format looks unusual${NC}"
echo -e "${YELLOW}Expected: 64 hexadecimal characters (0-9, a-f)${NC}"
echo -e "${YELLOW}Got: ${#API_KEY} characters${NC}"
echo ""
echo -n "Continue anyway? (y/n): "
read -r confirm
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
echo -e "${YELLOW}Cancelled${NC}"
exit 0
fi
fi
;;
2)
# Fetch via SSH
echo -e "${BLUE}📡 Fetching from Android Device${NC}"
echo ""
# Try to get PHONE_IP from .env
PHONE_IP=$(grep "^PHONE_IP=" "$ENV_FILE" | cut -d'=' -f2)
if [ -z "$PHONE_IP" ]; then
echo -n "Enter Android device IP address: "
read -r PHONE_IP
else
echo -e "Using IP from .env: ${CYAN}${PHONE_IP}${NC}"
fi
echo ""
echo -e "${YELLOW}Attempting to fetch API key from $PHONE_IP...${NC}"
echo -e "${CYAN}(You may be prompted for SSH password)${NC}"
echo ""
# Try to fetch the key file or environment variable
API_KEY=$(ssh -p 8022 android-dev@"$PHONE_IP" "cat ~/.sms-api-key 2>/dev/null || echo \$SMS_API_SECRET" 2>/dev/null | tr -d '\n\r')
if [ -z "$API_KEY" ]; then
echo -e "${RED}❌ Could not fetch API key from device${NC}"
echo -e "${YELLOW}Please make sure:${NC}"
echo -e " 1. SSH is enabled on Android device"
echo -e " 2. You've run setup-api-key.sh on the device"
echo -e " 3. The device IP address is correct"
echo ""
echo -e "${YELLOW}Try option 1 (manual entry) instead${NC}"
exit 1
fi
echo -e "${GREEN}✅ Successfully fetched API key from device${NC}"
;;
3)
# Generate new keys
echo -e "${BLUE}🎲 Generating New API Keys${NC}"
echo ""
echo -e "${YELLOW}This will generate a NEW set of keys.${NC}"
echo -e "${YELLOW}You'll need to update the Android device with the new key.${NC}"
echo ""
echo -n "Continue? (y/n): "
read -r confirm
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
echo -e "${YELLOW}Cancelled${NC}"
exit 0
fi
API_KEY=$(python3 -c "import secrets; print(secrets.token_hex(32))")
echo -e "${GREEN}✅ Generated new API key${NC}"
;;
*)
echo -e "${RED}❌ Invalid choice${NC}"
exit 1
;;
esac
# Update .env file
echo ""
echo -e "${BLUE}📝 Updating .env file...${NC}"
echo ""
update_env_key "TERMUX_API_KEY" "$API_KEY"
update_env_key "SMS_API_SECRET" "$API_KEY"
# Cleanup backup
rm -f "$ENV_FILE.bak"
echo ""
echo -e "${CYAN}╔════════════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${CYAN}${NC} ${BOLD}✅ Configuration Updated${NC} ${CYAN}${NC}"
echo -e "${CYAN}╠════════════════════════════════════════════════════════════════════════╣${NC}"
echo -e "${CYAN}${NC} ${CYAN}${NC}"
echo -e "${CYAN}${NC} ${BOLD}API Key:${NC} ${CYAN}${NC}"
echo -e "${CYAN}${NC} ${GREEN}${API_KEY}${NC} ${CYAN}${NC}"
echo -e "${CYAN}${NC} ${CYAN}${NC}"
echo -e "${CYAN}${NC} ${BOLD}Updated in:${NC} ${YELLOW}${ENV_FILE}${NC}"
printf "${CYAN}${NC}\n"
echo -e "${CYAN}${NC} ${GREEN}✅ TERMUX_API_KEY${NC} ${CYAN}${NC}"
echo -e "${CYAN}${NC} ${GREEN}✅ SMS_API_SECRET${NC} ${CYAN}${NC}"
echo -e "${CYAN}${NC} ${CYAN}${NC}"
echo -e "${CYAN}╚════════════════════════════════════════════════════════════════════════╝${NC}"
echo ""
# Show next steps
echo -e "${BOLD}📋 Next Steps:${NC}"
echo ""
if [ "$choice" == "3" ]; then
echo -e " ${YELLOW}1.${NC} ${BOLD}Update Android device with new key:${NC}"
echo -e " ${CYAN}ssh -p 8022 android-dev@${PHONE_IP:-PHONE_IP}${NC}"
echo -e " ${CYAN}echo 'export SMS_API_SECRET=\"${API_KEY}\"' >> ~/.bashrc${NC}"
echo -e " ${CYAN}source ~/.bashrc${NC}"
echo ""
echo -e " ${YELLOW}2.${NC} ${BOLD}Restart SMS API server on Android${NC}"
echo ""
echo -e " ${YELLOW}3.${NC} ${BOLD}Restart Docker container:${NC}"
else
echo -e " ${YELLOW}1.${NC} ${BOLD}Restart Docker container:${NC}"
fi
echo -e " ${CYAN}docker-compose down${NC}"
echo -e " ${CYAN}docker-compose up -d --build${NC}"
echo ""
echo -e "${BOLD}🔍 Verify:${NC}"
echo ""
echo -e " ${CYAN}# Test Termux API${NC}"
echo -e " ${CYAN}curl -H \"X-API-Key: ${API_KEY}\" http://${PHONE_IP:-PHONE_IP}:5001/health${NC}"
echo ""
echo -e " ${CYAN}# Test web interface${NC}"
echo -e " ${CYAN}curl http://localhost:5000/health${NC}"
echo ""
echo -e "${CYAN}═══════════════════════════════════════════════════════════════════════${NC}"
echo -e "${GREEN}${BOLD} Configuration complete! 🎉${NC}"
echo -e "${CYAN}═══════════════════════════════════════════════════════════════════════${NC}"
echo ""
Reference in New Issue View Git Blame Copy Permalink