warengroup/wx
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactoring Code

Browse Source
This commit is contained in:
Christer Warén
2025-11-10 12:40:35 +02:00
parent 5a666e6f60
commit fbaa5780d9
39 changed files with 1559 additions and 1223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
maintainer.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
bash $0
exit 1
fi

75
src/base.sh
View File

@@ -1,31 +1,68 @@
#!/bin/bash
if [ ! "$BASH_VERSION" ] ; then
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
exit 1
fi
wxRed=$(tput setaf 196)
wxGreen=$(tput setaf 46)
wxYellow=$(tput setaf 226)
wxBlue=$(tput setaf 21)
wxPurple=$(tput setaf 165)
wxTurquoise=$(tput setaf 14)
wxPink=$(tput setaf 198)
wxOrange=$(tput setaf 202)
wxUnderline=$(tput smul)
wxBold=$(tput bold)
wxNormal=$(tput sgr0)
#if [ ! "$BASH_VERSION" ] ; then
# bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
# exit 1
#fi
declare -Ax args
declare -Ax config
declare -Ax messages
{{ FUNCTIONS }}
{{ UI }}
{{ COMMANDS }}
if [[ ! -z $1 ]] && [[ $(type -t wx-$1) == function ]]
i=1
while [[ "$1" != "" ]]
do
case $1 in
--*)
key="${1%%=*}"
value="${1#*=}"
if [[ "$value" == "$key" ]]
then
shift
value="$1"
fi
if [[ -z $value ]]
then
value=true
fi
args["${key#--}"]="$value"
;;
-*)
key="${1%=*}"
value="${1#*=}"
if [[ "$value" == "$key" ]]
then
shift
value="$1"
fi
if [[ -z $value ]]
then
value=true
fi
args["${key#-}"]="$value"
;;
*)
args["$i"]="${1%%=*}"
i=$((i + 1))
;;
esac
shift
done
if [[ ! -z ${args['1']} ]] && [[ $(type -t wx-${args['1']}) == function ]]
then
wx-$1 $2 $3 $4 $5 $6 $7 $8 $9
wx-${args['1']}
else
wx-welcome
fi
wx-stop
wxi-stop

232
src/commands/auth/login.sh
View File

@@ -1,164 +1,138 @@
wx-login(){
if [[ ! -z $1 ]]
wxi-header "Login"
wxi-restricted --user
wxi-restricted --org
wxi-restricted --vault
wxi-header "$ORG_HEADER" h3
if [[ ! -z ${args['login-type']} ]]
then
ORG=$1
jq '.org = "'$ORG'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
elif [[ $(hostname -d) = *"devices.waren.io" ]]
LOGIN_TYPE=${args['login-type']}
elif [[ ! -z ${args['token']} ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.cwinfo.net" ]]
LOGIN_TYPE=token
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then
ORG=cwinfo
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
LOGIN_TYPE=token
elif [[ ! -z ${args['username']} ]]
then
ORG=cwchristerw
elif [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .org) != "null" ]]
then
ORG=$(cat $HOME/.warengroup/config.json | jq -r .org)
LOGIN_TYPE=ldap
else
wx-header "Login"
echo "Status: Organization Required"
wx-stop
LOGIN_TYPE=ldap
fi
if [[ $ORG == "warengroup" ]]
then
DOMAIN=waren.io
elif [[ $ORG == "cwinfo" ]]
then
DOMAIN=cwinfo.net
elif [[ $ORG == "cwchristerw" ]]
then
DOMAIN=christerwaren.fi
else
wx-header "Login"
echo "Status: Organization Unsupported"
wx-stop
fi
FOLDER=$ORG
DEVICE_DOMAIN="devices.$DOMAIN"
IDM_DOMAIN="idm.waren.io"
VAULT_DOMAIN="vault.cwinfo.net"
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
then
if [[ -z $SUDO_USER ]]
then
if [[ -z LOGNAME ]]
then
wx-header "Login"
echo "Status: Username Required"
wx-stop
else
USERNAME=$LOGNAME
fi
else
USERNAME=$SUDO_USER
fi
else
USERNAME=$USER
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ $VAULT_STATUS -eq 200 ]]
then
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
then
if [[ $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username) != "null" ]]
then
USERNAME="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.username)"
fi
TOKEN="$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)"
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $VAULT_LOGIN && ${#VAULT_LOGIN} == 95 ]]
then
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
else
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
if [[ $IDM_STATUS -eq 301 ]]
then
wx-header "Login"
echo $wxBold$ORG$wxNormal
if [[ -z $USERNAME || $USERNAME == "root" || $USERNAME == "local" || $USERNAME == "nobody" ]]
if [[ ! -z $LOGIN_TYPE ]]
then
case $LOGIN_TYPE in
ldap)
echo -n "Username: "
read USERNAME
if [[ ! -z ${args['username']} ]]
then
USERNAME=${args['username']}
wxi-content text "$USERNAME"
else
echo "Username: $USERNAME"
read USERNAME
fi
jq '.login.'$ORG'.username = "'$USERNAME'"' $HOME/.warengroup/config.json 1> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
echo -n "Password: "
if [[ ! -z ${args['password']} ]]
then
PASSWORD=${args['password']}
else
read -s PASSWORD
echo "****************"
fi
if [[ ! -z $PASSWORD ]]
then
wxi-content text "****************"
else
wxi-content text ""
fi
if [[ -z $USERNAME || -z $PASSWORD ]]
then
echo "Status: Username & Password Required"
wx-stop
else
wxi-content status "Username & Password" "Required"
wxi-footer
wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
wxi-content status "Login" "Failed"
wxi-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
if [[ $USER != "root" && $USER != "local" ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
wxi-config login
;;
token)
echo -n "Token: "
read -s TOKEN
echo "****************"
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
if [[ ! -z ${args['token']} ]]
then
echo "Status: Vault Token Required"
wx-stop
if [[ ${args['token']} != "true" ]]
then
TOKEN=${args['token']}
fi
elif [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != '' ]]
then
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
else
read -s TOKEN
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ ! -z $TOKEN ]]
then
wxi-content text "***********************************************************************************************"
fi
if [[ -z $TOKEN ]]
then
wxi-content status "Token" "Required"
wxi-footer
wxi-stop
fi
if [[ ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
then
wxi-content status "Token" "Invalid"
wxi-footer
wxi-stop
fi
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew-self -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
then
echo "Status: Login Failed"
wx-stop
wxi-content status "Login" "Failed"
wxi-stop
fi
config["login",${ORG}]=$VAULT_LOGIN
wxi-config login
;;
*)
wxi-content status "Login Type" "Unsupported"
wxi-footer
wxi-stop
;;
esac
fi
if [[ $USER != "root" && $USER != "local" ]]
VAULT_USERNAME=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET --header "X-Vault-Token: $TOKEN" -s | jq -r '.data.display_name')
if [[ -z $VAULT_USERNAME ]]
then
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
fi
fi
else
wx-header "Login"
echo $wxBold$ORG$wxNormal
echo "Status: Vault Offline"
wx-stop
wxi-content status "Login" "Username Missing"
wxi-stop
elif [[ $VAULT_USERNAME != ldap* && $VAULT_USERNAME != oidc* ]]
then
wxi-content status "Login" "Authentication Method Invalid"
wxi-stop
elif [[ $VAULT_USERNAME == ldap* ]]
then
USERNAME=${VAULT_USERNAME#ldap-}
elif [[ $VAULT_USERNAME == oidc* ]]
then
USERNAME=${VAULT_USERNAME#oidc-}
fi
wxi-footer
}

26
src/commands/auth/logout.sh
View File

@@ -1,13 +1,23 @@
wx-logout(){
wx-header "Logout"
if [[ $USER != "root" && $USER != "local" && -f "$HOME/.warengroup/config.json" ]]
wxi-header "Logout"
wxi-restricted --user
wxi-restricted --org
wxi-restricted --vault
if [[ -f "$HOME/.warengroup/config.json" && $(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token) != 'null' ]]
then
VAULT_LOGIN=$(cat $HOME/.warengroup/config.json | jq -r .login)
if [[ $VAULT_LOGIN != null && $VAULT_LOGIN != "{}" ]]
TOKEN=$(cat $HOME/.warengroup/config.json | jq -r .login.$ORG.token)
fi
VAULT_STATUS=$(curl https://$VAULT_DOMAIN/v1/auth/token/revoke-self -X POST --header "X-Vault-Token: $TOKEN" -s -o /dev/null -w "%{http_code}")
if [[ $VAULT_STATUS -eq 204 || $VAULT_STATUS -eq 403 ]]
then
wx-clean &> /dev/null
jq '.login = {}' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
fi
wxi-header "$ORG_HEADER" h3
echo "Logging Out..."
TOKEN=""
wxi-config login
wxi-footer
wxi-stop
fi
}

8
src/commands/help.sh
View File

@@ -1,8 +1,8 @@
wx-help(){
wx-header "Help"
wxi-header "Help"
echo -n "
wxi-content text "
Usage: $0 COMMAND [OPTIONS]
Common Commands:
@@ -20,7 +20,6 @@ Common Commands:
retrieve Retrieve
save Save
sync Sync
delete Delete
clean Clean
Authentication Commands:
@@ -35,6 +34,9 @@ Management Commands:
Maintenance Commands:
install Install
update Update
uninstall Uninstall
";
wxi-footer
}

72
src/commands/infra.sh
View File

@@ -1,16 +1,12 @@
wx-infra(){
wx-login
wx-login &> /dev/null
wx-auto &> /dev/null
wx-header "Infra"
wx-restricted
wxi-header "Infra"
wxi-restricted
case $USERNAME in
cwchristerw)
if [[ -d "$HOME/Desktop/Work in Progress/Programming/warengroup/infra" ]]
then
INFRA_PATH="$HOME/Desktop/Work in Progress/Programming/warengroup/infra"
else
if [[ -d "$HOME/.warengroup/infra" ]]
then
INFRA_PATH="$HOME/.warengroup/infra"
@@ -19,57 +15,63 @@ wx-infra(){
mkdir -p "$INFRA_PATH" &> /dev/null
git clone ssh://git@git.waren.io:2222/warengroup-private/infra.git --config core.sshCommand="ssh -i $HOME/.ssh/keys/warengroup-legacy -o ProxyJump=none" "$INFRA_PATH" &> /dev/null
fi
fi
if [[ ! -f "$INFRA_PATH/vault/cwchristerw" || ! -f "$INFRA_PATH/vault/warengroup" ]]
then
mkdir -p "$INFRA_PATH/vault" &> /dev/null
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-H "X-Vault-Token: $VAULT_TOKEN" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.cwchristerw' > "$INFRA_PATH/vault/cwchristerw"
curl \
-H "X-Vault-Token: ${config["login",$ORG]}" \
-H "X-Vault-Token: $VAULT_TOKEN" \
-X GET \
https://$VAULT_DOMAIN/v1/cli/data/cwchristerw/settings/infra -s | jq -r '.data.data.warengroup' > "$INFRA_PATH/vault/warengroup"
fi
if [[ -z $1 ]]
INFRA_VAULT="--vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw"
;;
*)
wxi-content status "User" "Unsupported"
wxi-footer
wxi-stop
INFRA_PATH="$HOME/.warengroup/infra"
INFRA_VAULT="--vault-id warengroup@vault/warengroup"
;;
esac
if [[ -z ${args['2']} ]]
then
echo "Tag Required"
else
if [[ $1 == "init" ]]
cd "$INFRA_PATH"
#git pull &> /dev/null
#ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
if [[ ${args['2']} == "init" ]]
then
if [[ -z $2 ]]
wxi-header "Init" h3
if [[ -z ${args['3']} ]]
then
2=init
tags=init
else
tags=${args['3']}
fi
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks/init.yml -t $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
elif [[ $1 == "manager" ]]
ansible-playbook $INFRA_VAULT playbooks/init.yml -t $tags --limit "${args['limit']}"
elif [[ ${args['2']} == "manager" ]]
then
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw manager.yml $2 $3 $4 $5 $6 $7 $8 $9
cd "$OLDPWD"
wxi-header "Manager" h3
ansible-playbook $INFRA_VAULT manager.yml --extra-vars "${args['extra-vars']}"
else
cd "$INFRA_PATH"
git pull &> /dev/null
ansible-galaxy collection install -r requirements.yml --upgrade &> /dev/null
ansible-playbook --vault-id warengroup@vault/warengroup --vault-id cwchristerw@vault/cwchristerw playbooks.yml -t $1 $2 $3 $4 $5 $6 $7 $8 $9
wxi-header "Playbooks" h3
tags=${args['2']}
ansible-playbook $INFRA_VAULT playbooks.yml -t $tags --limit "${args['limit']}"
fi
cd "$OLDPWD"
fi
fi
;;
*)
echo "User Unsupported"
;;
esac
wxi-footer
}

20
src/commands/maintenance/install.sh
View File

@@ -1,19 +1,13 @@
wx-install(){
if [[ -z $1 ]]
wxi-header "Install"
wxi-restricted --user
if [[ -f "./wx" && -f "./maintainer.sh" && -d "./src" ]]
then
wx-header "Install"
./maintainer.sh
fi
wx-restricted
if [[ -f "./wx" ]] && [[ -d "./src" ]]
then
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
mv wx.tmp wx &> /dev/null
chmod +x wx &> /dev/null
fi
mkdir $HOME/bin &> /dev/null
mkdir -p $HOME/bin
if [[ $(curl -s -o /dev/null -w "%{http_code}" https://git.waren.io/warengroup/wx/raw/branch/master/wx) -eq 200 ]]
then
curl https://git.waren.io/warengroup/wx/raw/branch/master/wx -o $HOME/bin/wx &> /dev/null
@@ -26,4 +20,6 @@ wx-install(){
then
(crontab -l ; echo "$CRONJOB_NAME" ; echo "$CRONJOB_TASK") | grep -Fv "no crontab" | crontab -
fi
wxi-footer
}

10
src/commands/maintenance/uninstall.sh
View File

@@ -1,6 +1,6 @@
wx-uninstall(){
wx-header "Uninstall"
wxi-header "Uninstall"
wxi-restricted --user
wx-clean &> /dev/null
if [[ -d "$HOME/.warengroup" ]]
@@ -20,9 +20,7 @@ wx-uninstall(){
rm "$HOME/bin/wx" -rf
fi
echo " "
echo " "
echo " "
wxi-footer
wxi-repeat "\n" 3
exit 1
}

9
src/commands/maintenance/update.sh
View File

@@ -1,4 +1,9 @@
wx-update(){
wx-header "Update"
wx-install --update
wxi-header "Update"
wxi-restricted --user
wx-install &> /dev/null
echo "Updates Completed"
wxi-footer
}

11
src/commands/management/auto.sh
View File

@@ -1,8 +1,9 @@
wx-auto(){
wx-login
wx-header "Auto"
wxi-header "Auto"
wxi-restricted
wxi-footer
wx-ssh-config-sync
wx-ssh-keys-sign
wx-ssh-keys-sync
wxi-ssh-config-sync
wxi-ssh-keys-sign
wxi-ssh-keys-sync
}

10
src/commands/management/clean.sh
View File

@@ -1,6 +1,8 @@
wx-clean(){
wx-login
wx-header "Clean"
wx-ssh-config-clean
wx-ssh-keys-clean
wxi-header "Clean"
wxi-restricted --user
wxi-footer
wxi-ssh-config-clean
wxi-ssh-keys-clean
}

5
src/commands/management/settings.sh
View File

@@ -1,4 +1,5 @@
wx-settings(){
wx-login
wx-header "Settings"
wxi-header "Settings"
wxi-restricted --user
wxi-footer
}

18
src/commands/ssh.sh
View File

@@ -1,16 +1,18 @@
wx-ssh(){
wx-login
wx-login &> /dev/null
wx-auto &> /dev/null
case $1 in
keys)
wx-ssh-keys $2 $3
;;
case ${args['2']} in
config)
wx-ssh-config $2
wxi-ssh-config
;;
keys)
wxi-ssh-keys
;;
*)
wx-header "SSH"
wx-stop
wxi-header "SSH"
wxi-restricted
wxi-footer
;;
esac
}

60
src/commands/ssh/config.sh
View File

@@ -1,63 +1,21 @@
wx-ssh-config(){
wx-restricted
case $1 in
wxi-ssh-config(){
case ${args['3']} in
edit)
wx-ssh-config-sync
wx-ssh-config-edit
wx-ssh-config-save
wxi-ssh-config-sync
wxi-ssh-config-edit
wxi-ssh-config-save
;;
save)
wx-ssh-config-save
wxi-ssh-config-save
;;
sync)
wx-ssh-config-sync
wxi-ssh-config-sync
;;
clean)
wx-ssh-config-clean
wxi-ssh-config-clean
;;
*)
wx-ssh-config-sync
wx-stop
wxi-ssh-config-sync
;;
esac
}
wx-ssh-config-edit(){
wx-header "SSH / Config / Edit"
wx-restricted
nano ~/.ssh/config
}
wx-ssh-config-save(){
wx-header "SSH / Config / Save"
wx-restricted
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
}
wx-ssh-config-sync(){
wx-header "SSH / Config / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
}
wx-ssh-config-clean(){
wx-header "SSH / Config / Clean"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
}

11
src/commands/ssh/config/clean.sh Normal file
View File

@@ -0,0 +1,11 @@
wxi-ssh-config-clean(){
wxi-header "SSH / Config / Clean"
wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
if [[ -f "$HOME/.ssh/config" && $VAULT_STATUS -eq 200 ]]
then
rm "$HOME/.ssh/config"
fi
wxi-footer
}

7
src/commands/ssh/config/edit.sh Normal file
View File

@@ -0,0 +1,7 @@
wxi-ssh-config-edit(){
wxi-header "SSH / Config / Edit"
wxi-restricted
nano ~/.ssh/config
wxi-footer
}

10
src/commands/ssh/config/save.sh Normal file
View File

@@ -0,0 +1,10 @@
wxi-ssh-config-save(){
wxi-header "SSH / Config / Save"
wxi-restricted
if [[ -f "$HOME/.ssh/config" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"data\": \"$(cat ~/.ssh/config | base64 -w 0)\" } }" -s &> /dev/null
fi
wxi-footer
}

18
src/commands/ssh/config/sync.sh Normal file
View File

@@ -0,0 +1,18 @@
wxi-ssh-config-sync(){
wxi-header "SSH / Config / Sync"
wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN")
if [[ $VAULT_STATUS -eq 200 ]]
then
touch ~/.ssh/config
SSH1_CONFIG_MD5=$(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data' | base64 -d | md5sum | base64)
SSH2_CONFIG_MD5=$(cat ~/.ssh/config | md5sum | base64)
if [[ $SSH1_CONFIG_MD5 != $SSH2_CONFIG_MD5 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/config -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.data') | base64 -d > ~/.ssh/config 2>&1
chmod 700 ~/.ssh/config
fi
fi
wxi-footer
}

165
src/commands/ssh/keys.sh
View File

@@ -1,169 +1,28 @@
wx-ssh-keys(){
wx-restricted
case $1 in
wxi-ssh-keys(){
case ${args['3']} in
generate)
wx-ssh-keys-retrieve $2
wx-ssh-keys-generate $2
wx-ssh-keys-save $2
wxi-ssh-keys-retrieve
wxi-ssh-keys-generate
wxi-ssh-keys-save
;;
sign)
wx-ssh-keys-sign
wxi-ssh-keys-sign
;;
retrieve)
wx-ssh-keys-retrieve $2
wxi-ssh-keys-retrieve
;;
save)
wx-ssh-keys-save $2
wxi-ssh-keys-save
;;
sync)
wx-ssh-keys-sync $2
;;
delete)
wx-ssh-keys-delete $2
wxi-ssh-keys-sync
;;
clean)
wx-ssh-keys-clean $2
wxi-ssh-keys-clean
;;
*)
wx-stop
wxi-header "SSH / Keys"
wxi-footer
;;
esac
}
wx-ssh-keys-generate(){
wx-header "SSH / Keys / Generate"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ ! -f "$HOME/.ssh/keys/$1" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null
fi
fi
}
wx-ssh-keys-sign(){
wx-header "SSH / Keys / Sign"
wx-restricted
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-sign-create cwinfo sysadmin 3600
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
wx-ssh-keys-sign-create cwinfo sysadmin 3600
wx-ssh-keys-sign-create cwchristerw sysadmin 3600
fi
}
wx-ssh-keys-sign-create(){
wx-restricted
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
if [[ ! -f "$HOME/.ssh/keys/$NAME" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME -q -N "" -C "$USERNAME" &> /dev/null
fi
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
echo "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}
wx-ssh-keys-retrieve(){
if [[ -z $2 ]]
then
wx-header "SSH / Keys / Retrieve"
fi
wx-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
}
wx-ssh-keys-save(){
wx-header "SSH / Keys / Save"
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: ${config["login",$ORG]}" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
}
wx-ssh-keys-sync(){
wx-header "SSH / Keys / Sync"
wx-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: ${config["login",$ORG]}" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
}
wx-ssh-keys-clean(){
if [[ -z $1 ]]
then
wx-header "SSH / Keys / Clean"
fi
wx-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" && $(basename "$HOME/.ssh/keys/$1") != "legacy" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
if [[ $ORG == "warengroup" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
elif [[ $ORG == "cwinfo" && $USERNAME != "cwchristerw" ]]
then
wx-ssh-keys-clean cwinfo
elif [[ $ORG == "cwchristerw" || $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
wx-ssh-keys-clean cwinfo
wx-ssh-keys-clean cwchristerw
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: ${config["login",$ORG]}")
if [[ $(basename "$file") != "legacy" && $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
}

32
src/commands/ssh/keys/clean.sh Normal file
View File

@@ -0,0 +1,32 @@
wxi-ssh-keys-clean(){
wxi-header "SSH / Keys / Clean"
wxi-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
rm "$HOME/.ssh/keys/$1" &> /dev/null
rm "$HOME/.ssh/keys/$1.pub" &> /dev/null
rm "$HOME/.ssh/keys/$1.sig" &> /dev/null
fi
else
wx-ssh-keys-clean $ORG
if [[ $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-clean warengroup
fi
for file in ~/.ssh/keys/*
do
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$(basename "$file" .pub) -X GET --header "X-Vault-Token: $VAULT_TOKEN")
if [[ $VAULT_STATUS -eq 200 ]]
then
rm "$file" &> /dev/null
fi
done
fi
wxi-footer
}

13
src/commands/ssh/keys/generate.sh Normal file
View File

@@ -0,0 +1,13 @@
wxi-ssh-keys-generate(){
wxi-header "SSH / Keys / Generate"
wxi-restricted
if [[ ! -z $1 ]]
then
if [[ ! -f "$HOME/.ssh/keys/$1" ]]
then
ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$1 -q -N "" -C "$USERNAME" &> /dev/null
fi
fi
wxi-footer
}

18
src/commands/ssh/keys/retrieve.sh Normal file
View File

@@ -0,0 +1,18 @@
wxi-ssh-keys-retrieve(){
wxi-header "SSH / Keys / Retrieve"
wxi-restricted
if [[ ! -z $1 ]]
then
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN")
if [[ $VAULT_STATUS -eq 200 ]]
then
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.private') | base64 -d > ~/.ssh/keys/$1 2>&1
chmod 700 ~/.ssh/keys/$1
echo $(curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X GET --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.data.public') | base64 -d > ~/.ssh/keys/$1.pub 2>&1
chmod 700 ~/.ssh/keys/$1.pub
fi
fi
wxi-footer
}

13
src/commands/ssh/keys/save.sh Normal file
View File

@@ -0,0 +1,13 @@
wxi-ssh-keys-save(){
wxi-header "SSH / Keys / Save"
wxi-restricted
if [[ ! -z $1 ]]
then
if [[ -f "$HOME/.ssh/keys/$1" ]]
then
curl https://$VAULT_DOMAIN/v1/cli/data/$USERNAME/settings/ssh/keys/$1 -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"data\": { \"private\": \"$(cat ~/.ssh/keys/$1 | base64 -w 0)\", \"public\": \"$(cat ~/.ssh/keys/$1.pub | base64 -w 0)\" } }" -s &> /dev/null
fi
fi
wxi-footer
}

27
src/commands/ssh/keys/sign.sh Normal file
View File

@@ -0,0 +1,27 @@
wxi-ssh-keys-sign(){
wxi-header "SSH / Keys / Sign"
wxi-restricted
wx-ssh-keys-sign-create $ORG sysadmin 3600
if [[ $USERNAME == "cwchristerw" ]]
then
wx-ssh-keys-sign-create warengroup sysadmin 3600
fi
wxi-footer
}
wxi-ssh-keys-sign-create(){
NAME=$1
ROLE=$2
PRINCIPALS=$2
TTL=$3
wxi-ssh-keys-generate $NAME &> /dev/null
if [[ -f "$HOME/.ssh/keys/$NAME" ]]
then
wxi-content text "$NAME/$ROLE"
echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: $VAULT_TOKEN" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME.pub)\", \"valid_principals\": \"$PRINCIPALS,$USERNAME\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME.sig 2>&1
fi
}

14
src/commands/ssh/keys/sync.sh Normal file
View File

@@ -0,0 +1,14 @@
wxi-ssh-keys-sync(){
wxi-header "SSH / Keys / Sync"
wxi-restricted
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN")
if [[ $VAULT_STATUS -eq 200 ]]
then
for name in $(curl https://$VAULT_DOMAIN/v1/cli/metadata/$USERNAME/settings/ssh/keys -X LIST --header "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.keys | @sh' | tr -d \')
do
echo $name
wx-ssh-keys-retrieve $name --multiple
done
fi
wxi-footer
}

13
src/commands/welcome.sh
View File

@@ -1,3 +1,14 @@
wx-welcome(){
wx-header "Welcome"
wxi-header "Welcome"
wxi-header "Help" h3
wxi-content text "Use \"wx help\" command"
echo ""
wxi-header "Useful Links" h3
wxi-content link "Infra" "https://infra.waren.io"
wxi-content link "Status" "https://status.waren.io"
wxi-footer
}

12
src/functions/config.sh Normal file
View File

@@ -0,0 +1,12 @@
wxi-config(){
case $1 in
login)
jq '.login.'$ORG'.token = "'$VAULT_LOGIN'"' $HOME/.warengroup/config.json &> $HOME/.warengroup/config.json.tmp
;;
*)
echo -n ""
;;
esac
mv $HOME/.warengroup/config.json.tmp $HOME/.warengroup/config.json &> /dev/null
}

24
src/functions/header.sh
View File

@@ -1,24 +0,0 @@
wx-header(){
if [[ $2 == "h1" ]]
then
echo ""
echo ""
echo ""
echo "=============================="
wx-repeat " " $((30/2-${#1}/2))
echo -n "$wxBold"
echo -n "$1"
echo -n "$wxNormal"
echo ""
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wx-start
wx-repeat " " $((30/2-6/2-${#1}/2))
echo -n ">> $1 <<"
echo ""
echo "------------------------------"
fi
}

5
src/functions/repeat.sh
View File

@@ -1,5 +0,0 @@
wx-repeat() {
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
}

84
src/functions/restricted.sh
View File

@@ -1,10 +1,84 @@
wx-restricted(){
wxi-restricted(){
if [[ -z $1 || $1 == "--user" ]]
then
if [[ $USER == "root" || $USER == "local" ]]
then
echo "Status: Command Restricted"
echo " "
echo " "
echo " "
wxi-content status "Command" "Restricted"
wxi-content text "It's not permitted to execute this command with root or local user."
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
fi
if [[ $1 == "--org" ]]
then
if [[ ! -z ${args['org']} ]]
then
case ${args['org']} in
warengroup)
ORG=warengroup
;;
cwchristerw)
ORG=cwchristerw
;;
*)
wxi-content status "Organization" "Unsupported"
wxi-footer
wxi-stop
;;
esac
elif [[ $(hostname -d) = *"devices.waren.io" ]]
then
ORG=warengroup
elif [[ $(hostname -d) = *"devices.christerwaren.fi" ]]
then
ORG=cwchristerw
fi
if [[ ! -z $ORG ]]
then
case $ORG in
warengroup)
DOMAIN=waren.io
VAULT_DOMAIN=vault.cwinfo.net
ORG_HEADER="Warén Group"
;;
cwchristerw)
DOMAIN=christerwaren.fi
VAULT_DOMAIN=vault.cwinfo.net
ORG_HEADER="Christer Warén"
;;
*)
wxi-content status "Organization" "Unsupported"
wxi-footer
wxi-stop
;;
esac
else
wxi-content status "Organization" "Required"
wxi-footer
wxi-stop
fi
fi
if [[ -z $1 || $1 == "--vault" ]]
then
if [[ -z $VAULT_DOMAIN ]]
then
wxi-content status "Vault" "Unavailable"
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
if [[ ! $VAULT_STATUS -eq 200 ]]
then
wxi-content status "Vault" "Offline"
wxi-footer
wxi-repeat "\n" 3
exit 1
fi
fi
}

10
src/functions/start.sh
View File

@@ -1,13 +1,11 @@
wx-start(){
wx-header "Warén CLI" h1
wxi-start(){
wxi-header "Warén CLI" h1
mkdir -p $HOME/.warengroup &> /dev/null
if [[ ! -f "$HOME/.warengroup/config.json" || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
mkdir -p $HOME/.warengroup
if [[ ! -f $HOME/.warengroup/config.json || $(jq -e . < $HOME/.warengroup/config.json &>/dev/null; echo $?) -gt 0 ]]
then
echo '{}' | jq > $HOME/.warengroup/config.json
fi
mkdir -p $HOME/.ssh/keys
chmod 700 -R $HOME/.ssh/keys
mkdir -p $HOME/.ssh/multiplex

22
src/functions/stop.sh
View File

@@ -1,14 +1,18 @@
wx-stop (){
echo " "
echo " "
echo " "
wx-install --auto
if [[ $USERNAME != $USER && $USERNAME != $SUDO_USER && $USERNAME != $LOGNAME ]]
wxi-stop(){
if [[ ! -f $HOME/bin/wx ]]
then
wx-logout
wx-install &> /dev/null
else
wx-update &> /dev/null
fi
wxi-repeat "\n" 3
for key in "${!args[@]}"
do
echo "$key: ${args[$key]}"
done
wxi-repeat "\n" 3
exit 1
}

16
src/ui/content.sh Normal file
View File

@@ -0,0 +1,16 @@
wxi-content(){
if [[ $1 == "text" ]]
then
echo "$2"
elif [[ $1 == "status" ]]
then
wxi-repeat "\n" 2
echo -n "$wxiBold"
echo "Status"
echo -n "$wxiNormal"
echo "$2 - $3"
elif [[ $1 == "link" ]]
then
echo "$2 - $3"
fi
}

11
src/ui/footer.sh Normal file
View File

@@ -0,0 +1,11 @@
wxi-footer(){
echo ""
echo "------------------------------"
wxi-repeat " " $((30/2-12/2))
echo -n "$wxiBold"
echo "Warén Group™"
echo -n "$wxiNormal"
wxi-repeat " " $((30/2-17/2))
echo "https://waren.io"
echo "=============================="
}

11
src/ui/formatting.sh Normal file
View File

@@ -0,0 +1,11 @@
wxiRed=$(tput setaf 196)
wxiGreen=$(tput setaf 46)
wxiYellow=$(tput setaf 226)
wxiBlue=$(tput setaf 21)
wxiPurple=$(tput setaf 165)
wxiTurquoise=$(tput setaf 14)
wxiPink=$(tput setaf 198)
wxiOrange=$(tput setaf 202)
wxiUnderline=$(tput smul)
wxiBold=$(tput bold)
wxiNormal=$(tput sgr0)

30
src/ui/header.sh Normal file
View File

@@ -0,0 +1,30 @@
wxi-header(){
if [[ $2 == "h1" ]]
then
wxi-repeat "\n" 3
echo "=============================="
wxi-repeat " " $((30/2-${#1}/2))
echo -n "$wxiBold"
echo "$1"
echo -n "$wxiNormal"
echo "=============================="
fi
if [[ $2 == "h2" || -z $2 ]]
then
wxi-start
wxi-repeat " " $((30/2-6/2-${#1}/2))
echo -n "$wxiBold"
echo ">> $1 <<"
echo -n "$wxiNormal"
echo "------------------------------"
echo ""
fi
if [[ $2 == "h3" ]]
then
echo -n "$wxiBold"
echo "$1"
echo -n "$wxiNormal"
fi
}

0
src/ui/messages.sh Normal file
View File

13
src/ui/repeat.sh Normal file
View File

@@ -0,0 +1,13 @@
wxi-repeat() {
if [[ $1 == " " ]]
then
local str=$1 n=$2 spaces
printf -v spaces "%*s" $n " "
printf "%s" "${spaces// /$str}"
else
for i in $(seq 1 $2);
do
echo -en $1
done
fi
}

1085
wx
View File

File diff suppressed because it is too large Load Diff