From c0439c0fd83d3a0e0d57fa238b3d57d90a3ac3f7 Mon Sep 17 00:00:00 2001
From: Yao Cai <67412196+cy948@users.noreply.github.com>
Date: Thu, 5 Dec 2024 09:33:11 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20docs:=20support=20use=20custom?=
 =?UTF-8?q?=20`host`=20in=20docker-compose=20setup=20script=20&=20regenera?=
 =?UTF-8?q?te=20secrets=20(#4576)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-compose/local/init_data.json |   2 +-
 docker-compose/local/setup.sh       | 134 ++++++++++++++++++++++++++--
 2 files changed, 129 insertions(+), 7 deletions(-)

diff --git a/docker-compose/local/init_data.json b/docker-compose/local/init_data.json
index a4a637e7c997..c87d9c58baed 100644
--- a/docker-compose/local/init_data.json
+++ b/docker-compose/local/init_data.json
@@ -152,7 +152,7 @@
           "name": "Logo",
           "visible": true,
           "label": "",
-          "customCss": ".login-logo-box {}",
+          "customCss": ".login-logo-box {} \n.panel-logo {\n    width: 80px;\n}",
           "placeholder": "",
           "rule": "None",
           "isCustom": false
diff --git a/docker-compose/local/setup.sh b/docker-compose/local/setup.sh
index 17a80179be1a..903eb209b8b8 100644
--- a/docker-compose/local/setup.sh
+++ b/docker-compose/local/setup.sh
@@ -21,6 +21,10 @@ LANGUAGE="en_US"
 # Determine the source URL to download files
 SOURCE_URL="https://raw.githubusercontent.com/lobehub/lobe-chat/main"
 
+# Arg: --host
+# Determine the server host
+HOST=""
+
 # 2. Parse script arguments
 while getopts "fl:-:" opt; do
   case $opt in
@@ -40,8 +44,12 @@ while getopts "fl:-:" opt; do
           SOURCE_URL="${!OPTIND}"
           OPTIND=$(($OPTIND + 1))
           ;;
+        host)
+          HOST="${!OPTIND}"
+          OPTIND=$(($OPTIND + 1))
+          ;;
         *)
-          echo "Usage: $0 [-f] [-l language|--lang language] [--url source]" >&2
+          echo "Usage: $0 [-f] [-l language|--lang language] [--url source] [--host serverhost]" >&2
           exit 1
           ;;
       esac
@@ -122,13 +130,43 @@ show_message() {
           ;;
       esac
       ;;
+    security_secrect_regenerate)
+      case $LANGUAGE in
+        zh_CN)
+          echo "重新生成安全密钥..."
+          ;;
+        *)
+          echo "Regenerate security secrets..."
+          ;;
+      esac
+      ;;
+    security_secrect_regenerate_failed)
+      case $LANGUAGE in
+        zh_CN)
+          echo "无法重新生成安全密钥："
+          ;;
+        *)
+          echo "Failed to regenerate security secrets: "
+          ;;
+      esac
+      ;;
+    security_secrect_regenerate_report)
+      case $LANGUAGE in
+        zh_CN)
+          echo "安全密钥生成结果如下："
+          ;;
+        *)
+          echo "Security secret generation results are as follows:"
+          ;;
+      esac
+      ;;
     tips_run_command)
       case $LANGUAGE in
         zh_CN)
-          echo "您已经完成了所有配置文件的下载。请运行以下命令启动LobeChat："
+          echo "您已经完成了所有配置。请运行以下命令启动LobeChat："
           ;;
         *)
-          echo "You have completed downloading all configuration files. Please run this command to start LobeChat:"
+          echo "You have completed all configurations. Please run this command to start LobeChat:"
           ;;
       esac
       ;;
@@ -155,10 +193,10 @@ show_message() {
     tips_warning)
       case $LANGUAGE in
         zh_CN)
-          echo "警告：不要在生产环境中使用此演示应用程序！！！"
+          echo "警告：如果你正在生产环境中使用，请在日志中检查密钥是否已经生成！！！"
           ;;
         *)
-          echo "Warning: do not use this demo application in production!!!"
+          echo "Warning: If you are using it in a production environment, please check if the keys have been generated in the logs!!!"
           ;;
       esac
       ;;
@@ -235,7 +273,91 @@ download_file "$SOURCE_URL/${FILES[3]}" "s3_data.tar.gz"
 extract_file "s3_data.tar.gz" "."
 rm s3_data.tar.gz
 
-# Display final message
+# ==========================
+# === Regenerate Secrets ===
+# ==========================
+
+generate_key() {
+  if [[ -z "$1" ]]; then
+    echo "Usage: generate_key <length>"
+    return 1
+  fi
+  echo $(openssl rand -hex $1 | tr -d '\n' | fold -w $1 | head -n 1)
+}
+
+echo $(show_message "security_secrect_regenerate")
+
+# Generate CASDOOR_SECRET
+CASDOOR_SECRET=$(generate_key 32)
+if [ $? -ne 0 ]; then
+  echo $(show_message "security_secrect_regenerate_failed") "CASDOOR_SECRET"
+else
+  # Search and replace the value of CASDOOR_SECRET in .env
+  sed -i "s#^AUTH_CASDOOR_SECRET=.*#AUTH_CASDOOR_SECRET=${CASDOOR_SECRET}#" .env
+  if [ $? -ne 0 ]; then
+    echo $(show_message "security_secrect_regenerate_failed") "AUTH_CASDOOR_SECRET in \`.env\`"
+  fi
+  # replace `clientSecrect` in init_data.json
+  sed -i "s#dbf205949d704de81b0b5b3603174e23fbecc354#${CASDOOR_SECRET}#" init_data.json
+  if [ $? -ne 0 ]; then
+    echo $(show_message "security_secrect_regenerate_failed") "AUTH_CASDOOR_SECRET in \`init_data.json\`"
+  fi
+fi
+
+# Generate Casdoor User
+CASDOOR_USER="admin"
+CASDOOR_PASSWORD=$(generate_key 6)
+if [ $? -ne 0 ]; then
+  echo $(show_message "security_secrect_regenerate_failed") "CASDOOR_PASSWORD"
+else
+  # replace `password` in init_data.json
+  sed -i "s/"123"/${CASDOOR_PASSWORD}/" init_data.json
+  if [ $? -ne 0 ]; then
+    echo $(show_message "security_secrect_regenerate_failed") "CASDOOR_PASSWORD in \`init_data.json\`"
+  fi
+fi
+
+# Generate Minio S3 access key
+# Temporarily disable key gen for minio because 
+# minio can not start with a access key in envs
+#S3_SECRET_ACCESS_KEY=$(generate_key 32)
+#if [ $? -ne 0 ]; then
+#  echo $(show_message "security_secrect_regenerate_failed") "S3_SECRET_ACCESS_KEY"
+#else
+#  # Search and replace the value of S3_SECRET_ACCESS_KEY in .env
+#  sed -i "s#^S3_SECRET_ACCESS_KEY=.*#S3_SECRET_ACCESS_KEY=${S3_SECRET_ACCESS_KEY}#" .env
+#  if [ $? -ne 0 ]; then
+#    echo $(show_message "security_secrect_regenerate_failed") "S3_SECRET_ACCESS_KEY in \`.env\`"
+#  fi
+#fi
+
+# Modify the .env file if the host is specified
+if [ -n "$HOST" ]; then
+  # Modify env
+  sed -i "s/localhost/$HOST/g" .env
+  if [ $? -ne 0 ]; then
+    echo $(show_message "security_secrect_regenerate_failed") "HOST in \`.env\`"
+  fi
+  # Modify casdoor init data
+  sed -i "s/localhost/$HOST/g" init_data.json
+  if [ $? -ne 0 ]; then
+    echo $(show_message "security_secrect_regenerate_failed") "HOST in \`init_data.json\`"
+  fi
+fi
+
+# Display configuration reports
+
+echo $(show_message "security_secrect_regenerate_report")
+
+if [ -n "$HOST" ]; then
+  echo -e "Server Host: $HOST"
+fi
+echo -e "Casdoor: \n - Username: admin\n  - Password: ${CASDOOR_PASSWORD}\n  - Client Secret: ${CASDOOR_SECRET}"
+
+# ===========================
+# == Display final message ==
+# ===========================
+
 printf "\n%s\n\n" "$(show_message "tips_run_command")"
 print_centered "docker compose up -d" "green"
 printf "\n%s" "$(show_message "tips_show_documentation")"