-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGenerate-AuthKey.ps1
More file actions
218 lines (182 loc) · 7.53 KB
/
Copy pathGenerate-AuthKey.ps1
File metadata and controls
218 lines (182 loc) · 7.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
#!/usr/bin/env pwsh
# Generate-AuthKey.ps1
# Generates a secure authentication key for build-time injection
param(
[string]$OutputPath = ".",
[string]$KeyLength = "32",
[string]$Environment = "production",
[string]$BuildTimestamp = "",
[string]$BuildId = "",
[switch]$Verbose
)
# Ensure we're using cross-platform PowerShell features
$ErrorActionPreference = "Stop"
function Write-BuildLog {
param([string]$Message, [string]$Level = "INFO")
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
$logMessage = "[$timestamp] [$Level] $Message"
if ($Verbose) {
Write-Host $logMessage -ForegroundColor $(if ($Level -eq "ERROR") { "Red" } elseif ($Level -eq "WARN") { "Yellow" } else { "Green" })
} else {
Write-Host $logMessage
}
}
try {
Write-BuildLog "Starting authentication key generation process"
Write-BuildLog "Environment: $Environment"
# Determine worker URL based on environment
$workerUrl = switch ($Environment.ToLower()) {
"preview" { "https://abuseipdb-preview.devnomadic.workers.dev/" }
"development" { "https://abuseipdb-preview.devnomadic.workers.dev/" }
"dev" { "https://abuseipdb-preview.devnomadic.workers.dev/" }
default { "https://abuseipdb.devnomadic.workers.dev/" }
}
Write-BuildLog "Worker URL: $workerUrl"
# Generate a cryptographically secure random key as a UTF-8 compatible string
$keyBytes = New-Object byte[] $KeyLength
$rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
$rng.GetBytes($keyBytes)
# Convert to a Base64 string that can be safely converted back to UTF-8
$randomBase64 = [System.Convert]::ToBase64String($keyBytes)
# Create a UTF-8 compatible key string (use first 32 chars of Base64 for consistency)
$authKeyString = $randomBase64.Substring(0, [Math]::Min(32, $randomBase64.Length)).Replace("/", "_").Replace("+", "-")
# Convert the UTF-8 string to base64 for storage
$authKeyBytes = [System.Text.Encoding]::UTF8.GetBytes($authKeyString)
$authKey = [System.Convert]::ToBase64String($authKeyBytes)
# Create a more readable version for logging (first 8 chars + ...)
$keyPreview = $authKey.Substring(0, 8) + "..."
Write-BuildLog "Generated authentication key: $keyPreview"
# Create output directory if it doesn't exist
# OutputPath is expected to be the target directory
if (!(Test-Path $OutputPath)) {
New-Item -ItemType Directory -Path $OutputPath -Force | Out-Null
Write-BuildLog "Created output directory: $OutputPath"
}
# Generate build timestamp and ID (use provided values or generate new ones)
if ([string]::IsNullOrWhiteSpace($BuildTimestamp)) {
$buildTimestamp = Get-Date -Format "yyyyMMdd-HHmm"
Write-BuildLog "Generated build timestamp: $buildTimestamp"
} else {
$buildTimestamp = $BuildTimestamp
Write-BuildLog "Using provided build timestamp: $buildTimestamp"
}
if ([string]::IsNullOrWhiteSpace($BuildId)) {
$buildGuid = [System.Guid]::NewGuid().ToString("N").Substring(0, 8)
Write-BuildLog "Generated build ID: $buildGuid"
} else {
$buildGuid = $BuildId
Write-BuildLog "Using provided build ID: $buildGuid"
}
# Create the generated constants file for C#
$csharpContent = @"
// <auto-generated />
// Generated at build time: $(Get-Date -Format "yyyy-MM-dd HH:mm:ss UTC")
// Do not modify this file directly
namespace Albatross.Generated
{
/// <summary>
/// Build-time generated authentication constants
/// </summary>
public static class BuildConstants
{
/// <summary>
/// Base64-encoded authentication key generated at build time
/// </summary>
public const string AuthKeyBase64 = "$authKey";
/// <summary>
/// Build timestamp
/// </summary>
public const string BuildTimestamp = "$buildTimestamp";
/// <summary>
/// Unique build identifier
/// </summary>
public const string BuildId = "$buildGuid";
/// <summary>
/// Build environment
/// </summary>
public const string Environment = "$Environment";
/// <summary>
/// Worker URL for this environment
/// </summary>
public const string WorkerUrl = "$workerUrl";
/// <summary>
/// Decoded authentication key (computed at runtime)
/// </summary>
public static string AuthKey => System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(AuthKeyBase64));
}
}
"@
# Write C# constants file
$csharpPath = Join-Path $OutputPath "BuildConstants.cs"
$csharpContent | Out-File -FilePath $csharpPath -Encoding UTF8
Write-BuildLog "Generated C# constants file: $csharpPath"
# Create the JavaScript constants for the worker
$jsContent = @"
// <auto-generated />
// Generated at build time: $(Get-Date -Format "yyyy-MM-dd HH:mm:ss UTC")
// Do not modify this file directly
// Build-time generated authentication key (base64 encoded)
const GENERATED_AUTH_KEY_B64 = "$authKey";
// Decode the authentication key
const GENERATED_AUTH_KEY = atob(GENERATED_AUTH_KEY_B64);
// Build information
const BUILD_TIMESTAMP = "$buildTimestamp";
const BUILD_ID = "$buildGuid";
// Export for use in worker
if (typeof module !== 'undefined' && module.exports) {
module.exports = {
AUTH_KEY: GENERATED_AUTH_KEY,
AUTH_KEY_B64: GENERATED_AUTH_KEY_B64,
BUILD_TIMESTAMP,
BUILD_ID
};
}
"@
# Write JavaScript constants file
$jsPath = Join-Path $OutputPath "build-constants.js"
$jsContent | Out-File -FilePath $jsPath -Encoding UTF8
Write-BuildLog "Generated JavaScript constants file: $jsPath"
# Create environment file for GitHub Actions
$envContent = @"
# Build-time generated environment variables
# Generated at: $(Get-Date -Format "yyyy-MM-dd HH:mm:ss UTC")
GENERATED_AUTH_KEY_B64=$authKey
BUILD_TIMESTAMP=$buildTimestamp
BUILD_ID=$buildGuid
"@
$envPath = Join-Path $OutputPath "build.env"
$envContent | Out-File -FilePath $envPath -Encoding UTF8
Write-BuildLog "Generated environment file: $envPath"
# Create a JSON manifest for build tools
$manifestContent = @{
authKey = $authKey
buildTimestamp = $buildTimestamp
buildId = $buildGuid
generatedAt = (Get-Date).ToString("o")
keyLength = $KeyLength
} | ConvertTo-Json -Depth 2
$manifestPath = Join-Path $OutputPath "build-manifest.json"
$manifestContent | Out-File -FilePath $manifestPath -Encoding UTF8
Write-BuildLog "Generated build manifest: $manifestPath"
Write-BuildLog "Authentication key generation completed successfully"
Write-BuildLog "Build ID: $buildGuid"
Write-BuildLog "Timestamp: $buildTimestamp"
# Output key for GitHub Actions (if running in CI)
if ($env:GITHUB_ACTIONS -eq "true") {
Write-Host "Setting GitHub Actions output variables..."
"auth-key-b64=$authKey" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding UTF8
"build-id=$buildGuid" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding UTF8
"build-timestamp=$buildTimestamp" | Out-File -FilePath $env:GITHUB_OUTPUT -Append -Encoding UTF8
}
exit 0
}
catch {
Write-BuildLog "Error generating authentication key: $($_.Exception.Message)" "ERROR"
Write-BuildLog "Stack trace: $($_.ScriptStackTrace)" "ERROR"
exit 1
}
finally {
if ($rng) {
$rng.Dispose()
}
}