Add version lock to dockerfile and hide password

2025-08-01 08:34:53 +02:00 · 2025-01-12 10:39:27 -05:00 · 2025-01-12 10:39:27 -05:00 · 84ee25e441
commit 84ee25e441
parent f5fda5d8ea
4 changed files with 72 additions and 25 deletions
--- a/install/fs/docker-compose.yml
+++ b/install/fs/docker-compose.yml
@ -1,6 +1,6 @@
 services:
  pangolin:
-    image: fosrl/pangolin:latest
+    image: fosrl/pangolin:{{.PangolinVersion}}
    container_name: pangolin
    restart: unless-stopped
    volumes:
@ -12,7 +12,7 @@ services:
      retries: 5

  gerbil:
-    image: fosrl/gerbil:latest
+    image: fosrl/gerbil:{{.GerbilVersion}}
    container_name: gerbil
    restart: unless-stopped
    depends_on:
--- a/install/go.mod
+++ b/install/go.mod
@ -1,3 +1,8 @@
 module installer

 go 1.23.0
+
+require (
+	golang.org/x/sys v0.29.0 // indirect
+	golang.org/x/term v0.28.0 // indirect
+)
--- a/install/go.sum
+++ b/install/go.sum
@ -0,0 +1,4 @@
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
+golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
--- a/install/main.go
+++ b/install/main.go
@ -10,27 +10,37 @@ import (
 	"path/filepath"
 	"runtime"
 	"strings"
+	"syscall"
 	"text/template"
 	"unicode"
+
+	"golang.org/x/term"
 )

+func loadVersions(config *Config) {
+	config.PangolinVersion = "1.0.0-beta.4"
+	config.GerbilVersion = "1.0.0-beta.1"
+}
+
 //go:embed fs/*
 var configFiles embed.FS

 type Config struct {
-	BaseDomain                 string `yaml:"baseDomain"`
-	DashboardDomain            string `yaml:"dashboardUrl"`
-	LetsEncryptEmail           string `yaml:"letsEncryptEmail"`
-	AdminUserEmail             string `yaml:"adminUserEmail"`
-	AdminUserPassword          string `yaml:"adminUserPassword"`
-	DisableSignupWithoutInvite bool   `yaml:"disableSignupWithoutInvite"`
-	DisableUserCreateOrg       bool   `yaml:"disableUserCreateOrg"`
-	EnableEmail                bool   `yaml:"enableEmail"`
-	EmailSMTPHost              string `yaml:"emailSMTPHost"`
-	EmailSMTPPort              int    `yaml:"emailSMTPPort"`
-	EmailSMTPUser              string `yaml:"emailSMTPUser"`
-	EmailSMTPPass              string `yaml:"emailSMTPPass"`
-	EmailNoReply               string `yaml:"emailNoReply"`
+	PangolinVersion            string
+	GerbilVersion              string
+	BaseDomain                 string
+	DashboardDomain            string
+	LetsEncryptEmail           string
+	AdminUserEmail             string
+	AdminUserPassword          string
+	DisableSignupWithoutInvite bool
+	DisableUserCreateOrg       bool
+	EnableEmail                bool
+	EmailSMTPHost              string
+	EmailSMTPPort              int
+	EmailSMTPUser              string
+	EmailSMTPPass              string
+	EmailNoReply               string
 }

 func main() {
@ -45,6 +55,9 @@ func main() {
 	// check if there is already a config file
 	if _, err := os.Stat("config/config.yml"); err != nil {
 		config := collectUserInput(reader)
+
+		loadVersions(&config)
+
 		if err := createConfigFiles(config); err != nil {
 			fmt.Printf("Error creating config files: %v\n", err)
 			os.Exit(1)
@ -82,6 +95,24 @@ func readString(reader *bufio.Reader, prompt string, defaultValue string) string
 	return input
 }

+func readPassword(prompt string) string {
+	fmt.Print(prompt + ": ")
+
+	// Read password without echo
+	password, err := term.ReadPassword(int(syscall.Stdin))
+	fmt.Println() // Add a newline since ReadPassword doesn't add one
+
+	if err != nil {
+		return ""
+	}
+
+	input := strings.TrimSpace(string(password))
+	if input == "" {
+		return readPassword(prompt)
+	}
+	return input
+}
+
 func readBool(reader *bufio.Reader, prompt string, defaultValue bool) bool {
 	defaultStr := "no"
 	if defaultValue {
@ -114,7 +145,13 @@ func collectUserInput(reader *bufio.Reader) Config {
 	fmt.Println("\n=== Admin User Configuration ===")
 	config.AdminUserEmail = readString(reader, "Enter admin user email", "admin@"+config.BaseDomain)
 	for {
-		config.AdminUserPassword = readString(reader, "Enter admin user password", "")
+		pass1 := readPassword("Create admin user password")
+		pass2 := readPassword("Confirm admin user password")
+
+		if pass1 != pass2 {
+			fmt.Println("Passwords do not match")
+		} else {
+			config.AdminUserPassword = pass1
 			if valid, message := validatePassword(config.AdminUserPassword); valid {
 				break
 			} else {
@ -126,6 +163,7 @@ func collectUserInput(reader *bufio.Reader) Config {
 				fmt.Println("- At least one special character")
 			}
 		}
+	}

 	// Security settings
 	fmt.Println("\n=== Security Settings ===")