From 6505e0619fa5496180d29837579c3fb7dab45617 Mon Sep 17 00:00:00 2001 From: jieggii Date: Wed, 7 Aug 2024 16:05:59 +0300 Subject: [PATCH 1/5] Add support for Docker secrets in Telegram API credentials Read values for TELEGRAM_API_ID and TELEGRAM_API_HASH from files specified by TELEGRAM_API_ID_FILE and TELEGRAM_API_HASH_FILE respectively. This allows for better management of sensitive information through Docker secrets. --- docker-entrypoint.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index dd90962..434a4d5 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -43,6 +43,27 @@ fi COMMAND="telegram-bot-api ${DEFAULT_ARGS}${CUSTOM_ARGS}" +file_env() { + local var_name="$1" + local file_var_name="$2" + + eval file_path="\$${file_var_name}" + eval current_value="\$${var_name}" + + if [ -n "$file_path" ]; then + if [ -n "$current_value" ]; then + echo "Error: both ${file_var_name} and ${var_name} env vars are set, expected only one of them" + exit 1 + fi + + file_content=$(< "$file_path") + export "$var_name=$file_content" + fi +} + +file_env "TELEGRAM_API_ID" "TELEGRAM_API_ID_FILE" +file_env "TELEGRAM_API_HASH" "TELEGRAM_API_HASH_FILE" + echo "$COMMAND" # shellcheck disable=SC2086 exec $COMMAND From 3168dc82ba4897cfa08ce38a5df19d07d0c69731 Mon Sep 17 00:00:00 2001 From: jieggii Date: Thu, 8 Aug 2024 14:20:39 +0300 Subject: [PATCH 2/5] Fixes for `file_env` function - Avoid using eval - Add validation logic for environment variables existence --- docker-entrypoint.sh | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 434a4d5..d5d6947 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -47,17 +47,27 @@ file_env() { local var_name="$1" local file_var_name="$2" - eval file_path="\$${file_var_name}" - eval current_value="\$${var_name}" + var_value=$(printenv "$var_name") || var_value="" + file_path=$(printenv "$file_var_name") || file_path="" - if [ -n "$file_path" ]; then - if [ -n "$current_value" ]; then - echo "Error: both ${file_var_name} and ${var_name} env vars are set, expected only one of them" - exit 1 + if [ -z "$var_value" ] && [ -z "$file_path" ]; then + echo "error: expected $var_name or $file_var_name env vars to be set" + exit 1 + + elif [ -n "$var_value" ] && [ -n "$file_path" ]; then + echo "both and $var_name $file_var_name env vars are set, expected only one of them" + exit 1 + + else + if [ -n $file_path ]; then + if [ -f "$file_path" ]; then + file_content=$(cat "$file_path") + export "$var_name=$file_content" + else + echo "error: file '$file_path' does not exist" + exit 1 + fi fi - - file_content=$(< "$file_path") - export "$var_name=$file_content" fi } From 6609c98025352292cac9b010f0c3c2c6e0a7c5f2 Mon Sep 17 00:00:00 2001 From: jieggii Date: Thu, 8 Aug 2024 14:27:39 +0300 Subject: [PATCH 3/5] Reorganize code in docker-entrypoint.sh --- docker-entrypoint.sh | 63 ++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index d5d6947..985e62a 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,6 +1,34 @@ #!/bin/sh set -e +file_env() { + local var_name="$1" + local file_var_name="$2" + + var_value=$(printenv "$var_name") || var_value="" + file_path=$(printenv "$file_var_name") || file_path="" + + if [ -z "$var_value" ] && [ -z "$file_path" ]; then + echo "error: expected $var_name or $file_var_name env vars to be set" + exit 1 + + elif [ -n "$var_value" ] && [ -n "$file_path" ]; then + echo "both and $var_name $file_var_name env vars are set, expected only one of them" + exit 1 + + else + if [ -n $file_path ]; then + if [ -f "$file_path" ]; then + file_content=$(cat "$file_path") + export "$var_name=$file_content" + else + echo "error: file '$file_path' does not exist" + exit 1 + fi + fi + fi +} + USERNAME=telegram-bot-api GROUPNAME=telegram-bot-api @@ -10,6 +38,9 @@ if [ -n "${1}" ]; then exec "${*}" fi +file_env "TELEGRAM_API_ID" "TELEGRAM_API_ID_FILE" +file_env "TELEGRAM_API_HASH" "TELEGRAM_API_HASH_FILE" + DEFAULT_ARGS="--http-port 8081 --dir=${TELEGRAM_WORK_DIR} --temp-dir=${TELEGRAM_TEMP_DIR} --username=${USERNAME} --groupname=${GROUPNAME}" CUSTOM_ARGS="" @@ -43,37 +74,7 @@ fi COMMAND="telegram-bot-api ${DEFAULT_ARGS}${CUSTOM_ARGS}" -file_env() { - local var_name="$1" - local file_var_name="$2" - - var_value=$(printenv "$var_name") || var_value="" - file_path=$(printenv "$file_var_name") || file_path="" - - if [ -z "$var_value" ] && [ -z "$file_path" ]; then - echo "error: expected $var_name or $file_var_name env vars to be set" - exit 1 - - elif [ -n "$var_value" ] && [ -n "$file_path" ]; then - echo "both and $var_name $file_var_name env vars are set, expected only one of them" - exit 1 - - else - if [ -n $file_path ]; then - if [ -f "$file_path" ]; then - file_content=$(cat "$file_path") - export "$var_name=$file_content" - else - echo "error: file '$file_path' does not exist" - exit 1 - fi - fi - fi -} - -file_env "TELEGRAM_API_ID" "TELEGRAM_API_ID_FILE" -file_env "TELEGRAM_API_HASH" "TELEGRAM_API_HASH_FILE" - echo "$COMMAND" + # shellcheck disable=SC2086 exec $COMMAND From 2d5e9553c891419734c0dc82a0f7340f8022e377 Mon Sep 17 00:00:00 2001 From: jieggii Date: Thu, 8 Aug 2024 14:39:06 +0300 Subject: [PATCH 4/5] Fix condition in docker-entrypoint.sh --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 985e62a..cbac58a 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -17,7 +17,7 @@ file_env() { exit 1 else - if [ -n $file_path ]; then + if [ -n "$file_path" ] && [ "$file_path" != "" ]; then if [ -f "$file_path" ]; then file_content=$(cat "$file_path") export "$var_name=$file_content" From fb47bf7d0a1bca3bae3e314cead781c34352136a Mon Sep 17 00:00:00 2001 From: jieggii Date: Thu, 8 Aug 2024 14:40:02 +0300 Subject: [PATCH 5/5] Add more details to error message in docker-entrypoint.sh --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index cbac58a..9b97d7a 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -22,7 +22,7 @@ file_env() { file_content=$(cat "$file_path") export "$var_name=$file_content" else - echo "error: file '$file_path' does not exist" + echo "error: $var_name=$file_path: file '$file_path' does not exist" exit 1 fi fi