refactor: use binary and randomize credentials in tinyauth (#4632)

2025-09-16 12:19:43 +00:00 · 2025-05-28 15:55:14 +03:00 · 2025-05-28 15:55:14 +03:00 · f0dd1c264d
commit f0dd1c264d
parent 951782d8f2
3 changed files with 59 additions and 70 deletions
--- a/install/alpine-tinyauth-install.sh
+++ b/install/alpine-tinyauth-install.sh
@ -1,7 +1,7 @@
 #!/usr/bin/env bash

 # Copyright (c) 2021-2025 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
+# Author: Slaviša Arežina (tremor021) | Co-Author: Stavros (steveiliop56)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/steveiliop56/tinyauth

@ -14,44 +14,44 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apk add --no-cache \
-  npm \
-  go
+$STD apk add --no-cache curl openssl apache2-utils
 msg_ok "Installed Dependencies"

-msg_info "Installing tinyauth"
-temp_file=$(mktemp)
-$STD npm install -g bun
+msg_info "Installing Tinyauth"
 mkdir -p /opt/tinyauth
-RELEASE=$(curl -s https://api.github.com/repos/steveiliop56/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-curl -fsSL "https://github.com/steveiliop56/tinyauth/archive/refs/tags/v${RELEASE}.tar.gz" -o "$temp_file"
-tar -xzf "$temp_file" -C /opt/tinyauth --strip-components=1
-cd /opt/tinyauth/frontend
-$STD bun install
-$STD bun run build
-mv dist /opt/tinyauth/internal/assets/
-cd /opt/tinyauth
-$STD go mod download
-CGO_ENABLED=0 go build -ldflags "-s -w"
-{
-  echo "tinyauth Credentials"
-  echo "Username: admin@example.com"
-  echo "Password: admin"
-} >>~/tinyauth.creds
-echo "${RELEASE}" >/opt/tinyauth_version.txt
-msg_ok "Installed tinyauth"

-msg_info "Enabling tinyauth Service"
-SECRET=$(head -c 16 /dev/urandom | xxd -p -c 16 | tr -d '\n')
-{
-  echo "SECRET=${SECRET}"
-  echo "USERS=admin@example.com:\$2a\$10\$CrTK.W7WXSClo3ZY1yJUFupg5UdV8WNcynEhZhJFNjhGQB.Ga0ZDm"
-  echo "APP_URL=http://localhost:3000"
-} >>/opt/tinyauth/.env
+RELEASE=$(curl -s https://api.github.com/repos/steveiliop56/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+curl -fsSL "https://github.com/steveiliop56/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
+chmod +x /opt/tinyauth/tinyauth
+
+PASSWORD=$(openssl rand -base64 8 | tr -dc 'a-zA-Z0-9' | head -c 8)
+USER=$(htpasswd -Bbn "tinyauth" "${PASSWORD}")
+
+cat <<EOF > /opt/tinyauth/credentials.txt
+Tinyauth Credentials
+Username: tinyauth
+Password: ${PASSWORD}
+EOF
+
+echo "${RELEASE}" >/opt/tinyauth_version.txt
+msg_ok "Installed Tinyauth"
+
+read -p "${TAB3}Enter your Tinyauth subdomain (e.g. https://tinyauth.example.com): " app_url
+
+msg_info "Creating Tinyauth Service"
+SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32)
+
+cat <<EOF >/opt/tinyauth/.env
+SECRET=${SECRET}
+USERS=${USER}
+APP_URL=${app_url}
+EOF
+
+sed -i -e 's/\$/\$\$/g' /opt/tinyauth/.env

 cat <<EOF >/etc/init.d/tinyauth
 #!/sbin/openrc-run
-description="tinyauth Service"
+description="Tinyauth Service"

 command="/opt/tinyauth/tinyauth"
 directory="/opt/tinyauth"
@ -72,11 +72,11 @@ EOF

 chmod +x /etc/init.d/tinyauth
 $STD rc-update add tinyauth default
-msg_ok "Enabled tinyauth Service"
+msg_ok "Enabled Tinyauth Service"

-msg_info "Starting tinyauth"
+msg_info "Starting Tinyauth"
 $STD service tinyauth start
-msg_ok "Started tinyauth"
+msg_ok "Started Tinyauth"

 motd_ssh
 customize