shukivaknin/gniza4cp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bd75402d18f84d734bb96711efc9bb613002465
gniza4cp/lib/config.sh
shuki a5ab2c788a Remove legacy gniza init CLI command 
The WHM setup wizard handles all configuration (SSH, S3, GDrive),
making the interactive CLI init wizard redundant.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-05 19:00:26 +02:00

124 lines
4.7 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# gniza/lib/config.sh — Shell-variable config loading & validation
# Safe config parser — reads KEY=VALUE lines without executing arbitrary code.
# Only processes lines matching ^[A-Z_][A-Z_0-9]*= and strips surrounding quotes.
_safe_source_config() {
local filepath="$1"
local line key value
while IFS= read -r line || [[ -n "$line" ]]; do
# Skip blank lines and comments
[[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue
# Match KEY=VALUE (optional quotes)
if [[ "$line" =~ ^([A-Z_][A-Z_0-9]*)=(.*) ]]; then
key="${BASH_REMATCH[1]}"
value="${BASH_REMATCH[2]}"
# Strip surrounding double or single quotes
if [[ "$value" =~ ^\"(.*)\"$ ]]; then
value="${BASH_REMATCH[1]}"
elif [[ "$value" =~ ^\'(.*)\'$ ]]; then
value="${BASH_REMATCH[1]}"
fi
declare -g "$key=$value"
fi
done < "$filepath"
}
load_config() {
local config_file="${1:-$DEFAULT_CONFIG_FILE}"
if [[ ! -f "$config_file" ]]; then
die "Config file not found: $config_file (create via WHM or copy gniza.conf.example)"
fi
# Parse the config (safe key=value reader, no code execution)
_safe_source_config "$config_file" || die "Failed to parse config file: $config_file"
# Apply defaults for optional settings
TEMP_DIR="${TEMP_DIR:-$DEFAULT_TEMP_DIR}"
INCLUDE_ACCOUNTS="${INCLUDE_ACCOUNTS:-}"
EXCLUDE_ACCOUNTS="${EXCLUDE_ACCOUNTS:-$DEFAULT_EXCLUDE_ACCOUNTS}"
LOG_DIR="${LOG_DIR:-$DEFAULT_LOG_DIR}"
LOG_LEVEL="${LOG_LEVEL:-$DEFAULT_LOG_LEVEL}"
LOG_RETAIN="${LOG_RETAIN:-$DEFAULT_LOG_RETAIN}"
NOTIFY_EMAIL="${NOTIFY_EMAIL:-}"
NOTIFY_ON="${NOTIFY_ON:-$DEFAULT_NOTIFY_ON}"
SMTP_HOST="${SMTP_HOST:-}"
SMTP_PORT="${SMTP_PORT:-$DEFAULT_SMTP_PORT}"
SMTP_USER="${SMTP_USER:-}"
SMTP_PASSWORD="${SMTP_PASSWORD:-}"
SMTP_FROM="${SMTP_FROM:-}"
SMTP_SECURITY="${SMTP_SECURITY:-$DEFAULT_SMTP_SECURITY}"
LOCK_FILE="${LOCK_FILE:-$DEFAULT_LOCK_FILE}"
SSH_TIMEOUT="${SSH_TIMEOUT:-$DEFAULT_SSH_TIMEOUT}"
SSH_RETRIES="${SSH_RETRIES:-$DEFAULT_SSH_RETRIES}"
RSYNC_EXTRA_OPTS="${RSYNC_EXTRA_OPTS:-}"
USER_RESTORE_REMOTES="${USER_RESTORE_REMOTES:-$DEFAULT_USER_RESTORE_REMOTES}"
# --debug flag overrides config
[[ "${GNIZA_DEBUG:-false}" == "true" ]] && LOG_LEVEL="debug"
export TEMP_DIR INCLUDE_ACCOUNTS EXCLUDE_ACCOUNTS BWLIMIT RETENTION_COUNT
export LOG_DIR LOG_LEVEL LOG_RETAIN NOTIFY_EMAIL NOTIFY_ON
export SMTP_HOST SMTP_PORT SMTP_USER SMTP_PASSWORD SMTP_FROM SMTP_SECURITY
export LOCK_FILE SSH_TIMEOUT SSH_RETRIES RSYNC_EXTRA_OPTS USER_RESTORE_REMOTES
}
validate_config() {
local errors=0
# Per-remote validation is handled by validate_remote() in remotes.sh.
# Here we only validate local/global settings.
case "$NOTIFY_ON" in
always|failure|never) ;;
*) log_error "NOTIFY_ON must be always|failure|never, got: $NOTIFY_ON"; ((errors++)) || true ;;
esac
case "$LOG_LEVEL" in
debug|info|warn|error) ;;
*) log_error "LOG_LEVEL must be debug|info|warn|error, got: $LOG_LEVEL"; ((errors++)) || true ;;
esac
# SMTP validation (only when SMTP_HOST is set)
if [[ -n "${SMTP_HOST:-}" ]]; then
case "$SMTP_SECURITY" in
tls|ssl|none) ;;
*) log_error "SMTP_SECURITY must be tls|ssl|none, got: $SMTP_SECURITY"; ((errors++)) || true ;;
esac
if [[ -n "${SMTP_PORT:-}" ]] && { [[ ! "$SMTP_PORT" =~ ^[0-9]+$ ]] || (( SMTP_PORT < 1 || SMTP_PORT > 65535 )); }; then
log_error "SMTP_PORT must be 1-65535, got: $SMTP_PORT"
((errors++)) || true
fi
fi
# Validate numeric fields
if [[ -n "${SSH_TIMEOUT:-}" ]] && [[ ! "$SSH_TIMEOUT" =~ ^[0-9]+$ ]]; then
log_error "SSH_TIMEOUT must be a non-negative integer, got: $SSH_TIMEOUT"
((errors++)) || true
fi
if [[ -n "${SSH_RETRIES:-}" ]] && [[ ! "$SSH_RETRIES" =~ ^[0-9]+$ ]]; then
log_error "SSH_RETRIES must be a non-negative integer, got: $SSH_RETRIES"
((errors++)) || true
fi
if [[ -n "${LOG_RETAIN:-}" ]] && [[ ! "$LOG_RETAIN" =~ ^[0-9]+$ ]]; then
log_error "LOG_RETAIN must be a non-negative integer, got: $LOG_RETAIN"
((errors++)) || true
fi
# Validate RSYNC_EXTRA_OPTS characters (prevent flag injection)
if [[ -n "${RSYNC_EXTRA_OPTS:-}" ]] && [[ ! "$RSYNC_EXTRA_OPTS" =~ ^[a-zA-Z0-9\ ._=/,-]+$ ]]; then
log_error "RSYNC_EXTRA_OPTS contains invalid characters: $RSYNC_EXTRA_OPTS"
((errors++)) || true
fi
if (( errors > 0 )); then
log_error "Configuration has $errors error(s)"
return 1
fi
return 0
}
Reference in New Issue View Git Blame Copy Permalink