mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-15 09:49:48 +00:00
a8b7d2748e
Webhooks now stored encrypted (webhooks.enc) instead of plain text: - Automatic migration from webhooks.json to webhooks.enc - Uses same AES-256-GCM encryption as nodes and email configs - Original file backed up as webhooks.json.backup - Protects sensitive webhook URLs and authentication headers This addresses the security concern where webhook URLs containing API tokens (like Telegram bot tokens) were stored in plain text.
32 lines
No EOL
939 B
Bash
Executable file
32 lines
No EOL
939 B
Bash
Executable file
#!/bin/bash
|
|
|
|
# Migration helper for webhooks encryption
|
|
|
|
echo "Webhook Encryption Migration"
|
|
echo "============================"
|
|
|
|
if [ -f /etc/pulse/webhooks.json ]; then
|
|
echo "Found unencrypted webhooks.json"
|
|
|
|
# Backup the original
|
|
cp /etc/pulse/webhooks.json /etc/pulse/webhooks.json.backup
|
|
echo "Created backup: webhooks.json.backup"
|
|
|
|
# The migration will happen automatically on next webhook save
|
|
# Force a save by updating a webhook through the API
|
|
echo ""
|
|
echo "To complete migration:"
|
|
echo "1. Open Pulse UI"
|
|
echo "2. Go to Settings > Webhooks"
|
|
echo "3. Click Save (even without changes)"
|
|
echo ""
|
|
echo "This will encrypt your webhooks to webhooks.enc"
|
|
echo ""
|
|
echo "After migration, webhooks.json can be deleted."
|
|
else
|
|
echo "No unencrypted webhooks.json found"
|
|
fi
|
|
|
|
if [ -f /etc/pulse/webhooks.enc ]; then
|
|
echo "✓ Encrypted webhooks.enc already exists"
|
|
fi |