From b30e8c534f794d16c195603e80cca1b30bab1e3d Mon Sep 17 00:00:00 2001 From: Janek <6506725+jkrgr0@users.noreply.github.com> Date: Thu, 26 Dec 2024 10:36:17 +0100 Subject: [PATCH] New Script: 2FAuth (#943) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat(2fauth): :sparkles: Added 2FAuth * refactor: :truck: Changed path to user repo * refactor: :truck: Changed path to user repo * refactor: :truck: Changed path to user repo * refactor: :truck: Changed path to user repo * refactor: :truck: Changed path to user repo * fix(2fauth): :bug: Fixed path to build functions file * fix(2fauth): :bug: Fixed unbound variable * fix(2fauth): :bug: Use instead of for the directory name * chore(2fauth): :sparkles: Added dependency package for improved composer performance * chore(2fauth): :sparkles: Added dependency package as it's required * chore(2fauth): :sparkles: Added dependency package `php8.2-fpm` as it's required * fix(2fauth): :bug: Fixed unbound variable * fix(2fauth): :bug: Fixed installation * fix(install): :bug: Fixed unassigned variable * fix(install): :bug: Fixed installation * fix(install): :bug: explicitly set ownership as last step * revert: :rewind: Revert path rewrite to user repo * revert: :rewind: Revert path rewrite to user repo * refactor(2fauth): :coffin: Removed commented-out code * fix(2fauth): :truck: Fixed path to remove correctly * refactor(2fauth): :art: Changed from variables to static as requested * docs(2fauth): :memo: Added notes for db credentials and the first account being an administrator account * fix(2fauth): :loud_sound: Updated progress logging * test(2fauth): :truck: Changed pathes temporarily to user repo to test the App * fix(2fauth): :ambulance: Fixed wrong version file in update_script * fix(2fauth): :lipstick: Removed duplicated version prefix v in messages * Revert 'test(2fauth): 🚚 Changed pathes temporarily to user repo to test the App' --- ct/2fauth.sh | 90 ++++++++++++++++++++++++++++ install/2fauth-install.sh | 123 ++++++++++++++++++++++++++++++++++++++ json/2fauth.json | 43 +++++++++++++ 3 files changed, 256 insertions(+) create mode 100644 ct/2fauth.sh create mode 100644 install/2fauth-install.sh create mode 100644 json/2fauth.json diff --git a/ct/2fauth.sh b/ct/2fauth.sh new file mode 100644 index 00000000..1f930ac4 --- /dev/null +++ b/ct/2fauth.sh @@ -0,0 +1,90 @@ +#!/usr/bin/env bash +source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2024 community-scripts ORG +# Author: jkrgr0 +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://docs.2fauth.app/ + +# App Default Values +APP="2FAuth" +TAGS="2fa;authenticator" +var_cpu="1" +var_ram="512" +var_disk="2" +var_os="debian" +var_version="12" +var_unprivileged="1" + +# App Output & Base Settings +header_info "$APP" +base_settings + +# Core +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + # Check if installation is present | -f for file, -d for folder + if [[ ! -d "/opt/2fauth" ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + # Crawling the new version and checking whether an update is required + RELEASE=$(curl -s https://api.github.com/repos/Bubka/2FAuth/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') + if [[ "${RELEASE}" != "$(cat /opt/2fauth_version.txt)" ]] || [[ ! -f /opt/2fauth_version.txt ]]; then + msg_info "Updating $APP to ${RELEASE}" + + apt-get update &>/dev/null + apt-get -y upgrade &>/dev/null + + # Creating Backup + msg_info "Creating Backup" + mv "/opt/2fauth" "/opt/2fauth-backup" + msg_ok "Backup Created" + + # Execute Update + wget -q "https://github.com/Bubka/2FAuth/archive/refs/tags/${RELEASE}.zip" + unzip -q "${RELEASE}.zip" + mv "2FAuth-${RELEASE//v}/" "/opt/2fauth" + mv "/opt/2fauth-backup/.env" "/opt/2fauth/.env" + mv "/opt/2fauth-backup/storage" "/opt/2fauth/storage" + cd "/opt/2fauth" || return + + chown -R www-data: "/opt/2fauth" + chmod -R 755 "/opt/2fauth" + + export COMPOSER_ALLOW_SUPERUSER=1 + composer install --no-dev --prefer-source &>/dev/null + + php artisan 2fauth:install + + # Cleaning up + msg_info "Cleaning Up" + rm -rf "v${RELEASE}.zip" + $STD apt-get -y autoremove + $STD apt-get -y autoclean + msg_ok "Cleanup Completed" + + # Last Action + echo "${RELEASE}" >/opt/2fauth_version.txt + msg_ok "Updated $APP to ${RELEASE}" + else + msg_ok "No update required. ${APP} is already at ${RELEASE}" + fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:80${CL}" \ No newline at end of file diff --git a/install/2fauth-install.sh b/install/2fauth-install.sh new file mode 100644 index 00000000..949b84b2 --- /dev/null +++ b/install/2fauth-install.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 community-scripts ORG +# Author: jkrgr0 +# License: MIT +# Source: https://docs.2fauth.app/ + +# Import Functions und Setup +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Installing Dependencies with the 3 core dependencies (curl;sudo;mc) +msg_info "Installing Dependencies" +$STD apt-get install -y \ + curl \ + sudo \ + mc \ + nginx \ + composer \ + php8.2-{bcmath,common,ctype,curl,fileinfo,fpm,gd,mbstring,mysql,xml,cli} \ + mariadb-server +msg_ok "Installed Dependencies" + +# Template: MySQL Database +msg_info "Setting up Database" +DB_NAME=2fauth_db +DB_USER=2fauth +DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) +$STD mysql -u root -e "CREATE DATABASE $DB_NAME;" +$STD mysql -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED WITH mysql_native_password AS PASSWORD('$DB_PASS');" +$STD mysql -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;" +{ + echo "2FAuth Credentials" + echo "Database User: $DB_USER" + echo "Database Password: $DB_PASS" + echo "Database Name: $DB_NAME" +} >> ~/2FAuth.creds +msg_ok "Set up Database" + +# Setup App +msg_info "Setup 2FAuth" +RELEASE=$(curl -s https://api.github.com/repos/Bubka/2FAuth/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') +wget -q "https://github.com/Bubka/2FAuth/archive/refs/tags/${RELEASE}.zip" +unzip -q "${RELEASE}.zip" +mv "2FAuth-${RELEASE//v}/" /opt/2fauth + +cd "/opt/2fauth" || return +cp .env.example .env +IPADDRESS=$(hostname -I | awk '{print $1}') + +sed -i -e "s|^APP_URL=.*|APP_URL=http://$IPADDRESS|" \ + -e "s|^DB_CONNECTION=$|DB_CONNECTION=mysql|" \ + -e "s|^DB_DATABASE=$|DB_DATABASE=$DB_NAME|" \ + -e "s|^DB_HOST=$|DB_HOST=127.0.0.1|" \ + -e "s|^DB_PORT=$|DB_PORT=3306|" \ + -e "s|^DB_USERNAME=$|DB_USERNAME=$DB_USER|" \ + -e "s|^DB_PASSWORD=$|DB_PASSWORD=$DB_PASS|" .env + +export COMPOSER_ALLOW_SUPERUSER=1 +$STD composer update --no-plugins --no-scripts +$STD composer install --no-dev --prefer-source --no-plugins --no-scripts + +$STD php artisan key:generate --force + +$STD php artisan migrate:refresh +$STD php artisan passport:install -q -n +$STD php artisan storage:link +$STD php artisan config:cache + +chown -R www-data: /opt/2fauth +chmod -R 755 /opt/2fauth + +echo "${RELEASE}" >"/opt/2fauth_version.txt" +msg_ok "Setup 2fauth" + +# Configure Service (NGINX) +msg_info "Configure Service" +cat </etc/nginx/conf.d/2fauth.conf +server { + listen 80; + root /opt/2fauth/public; + server_name $IPADDRESS; + index index.php; + charset utf-8; + + location / { + try_files \$uri \$uri/ /index.php?\$query_string; + } + + location = /favicon.ico { access_log off; log_not_found off; } + location = /robots.txt { access_log off; log_not_found off; } + + error_page 404 /index.php; + + location ~ \.php\$ { + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.(?!well-known).* { + deny all; + } +} +EOF + +systemctl reload nginx +msg_ok "Configured Service" + +motd_ssh +customize + +# Cleanup +msg_info "Cleaning up" +rm -f "/opt/v${RELEASE}.zip" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" diff --git a/json/2fauth.json b/json/2fauth.json new file mode 100644 index 00000000..1fb77270 --- /dev/null +++ b/json/2fauth.json @@ -0,0 +1,43 @@ +{ + "name": "2FAuth", + "slug": "2fauth", + "categories": [ + 0 + ], + "date_created": "2024-12-20", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 80, + "documentation": null, + "website": "https://docs.2fauth.app/", + "logo": "https://raw.githubusercontent.com/Bubka/2FAuth/refs/heads/master/public/logo.svg", + "description": "2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop. It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.", + "install_methods": [ + { + "type": "default", + "script": "ct/2fauth.sh", + "resources": { + "cpu": 1, + "ram": 512, + "hdd": 2, + "os": "Debian", + "version": "12" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "Database credentials: `cat ~/2FAuth.creds`", + "type": "info" + }, + { + "text": "The very first account created is automatically set up as an administrator account.", + "type": "info" + } + ] + } \ No newline at end of file