T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fix(ente): replace fragile HMAC email lookup with user_id-based admin/subscription setup

Browse Source
This commit is contained in:
CanbiZ (MickLesk)
2026-04-30 15:00:56 +02:00
parent 8058b92558
commit ca8ddd34a7
1 changed files with 53 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
install/ente-install.sh
View File

@@ -19,8 +19,7 @@ $STD apt install -y \
libsodium-dev \ libsodium-dev \
pkg-config \ pkg-config \
caddy \ caddy \
gcc \ gcc
xxd
msg_ok "Installed Dependencies" msg_ok "Installed Dependencies"
PG_VERSION="17" setup_postgresql PG_VERSION="17" setup_postgresql
@@ -359,29 +358,11 @@ run_psql_exec() {
sudo -u postgres psql -d "$DB_NAME" -c "$1" 2>/dev/null sudo -u postgres psql -d "$DB_NAME" -c "$1" 2>/dev/null
} }
compute_email_hash() {
local email_lower hash_b64 hash_hex
email_lower=$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')
hash_b64=$(awk '/^key:/{f=1;next} /^[^[:space:]]/{f=0} f && /hash:/{print $2}' /opt/ente/server/museum.yaml | tr -d '"'"'")
hash_hex=$(printf '%s' "$hash_b64" | base64 -d | xxd -p -c 256 | tr -d '\n')
printf '%s' "$email_lower" | openssl dgst -sha256 -mac HMAC -macopt hexkey:"$hash_hex" -binary | base64 -w0
}
echo "=== Ente First-Time Setup ===" echo "=== Ente First-Time Setup ==="
echo ""
read -r -p "Enter your account email: " EMAIL
if [[ -z "$EMAIL" ]]; then
echo "Error: Email is required."
exit 1
fi
echo "" echo ""
echo "Step 1/4: Register your account" echo "Step 1/4: Register your account"
echo " Open the web UI: http://${LOCAL_IP}:3000" echo " Open the web UI: http://${LOCAL_IP}:3000"
echo " Create an account with: ${EMAIL}" echo " Click 'Don't have an account?' and submit the signup form."
echo ""
echo " Make sure you click 'Don't have an account?' and complete the signup form."
echo "" echo ""
read -r -p "Press ENTER after you submitted the signup form..." read -r -p "Press ENTER after you submitted the signup form..."
@@ -391,41 +372,38 @@ CODE=""
for i in 1 2 3; do for i in 1 2 3; do
sleep 3 sleep 3
CODE=$(journalctl -u ente-museum --no-pager -n 200 | grep -oP 'Verification code: \K\d+' | tail -1) CODE=$(journalctl -u ente-museum --no-pager -n 200 | grep -oP 'Verification code: \K\d+' | tail -1)
if [[ -n "$CODE" ]]; then [[ -n "$CODE" ]] && break
break
fi
echo " Attempt ${i}/3: Code not found yet, waiting..." echo " Attempt ${i}/3: Code not found yet, waiting..."
done done
if [[ -n "$CODE" ]]; then if [[ -n "$CODE" ]]; then
echo "" echo ""
echo " Your verification code: ${CODE}" echo " Your verification code: ${CODE}"
echo " Enter this code in the web UI to complete registration." echo " Enter this code in the web UI and finish the key/passphrase setup."
else else
echo "" echo ""
echo " Could not find the verification code automatically." echo " Could not find a verification code automatically."
echo " This usually means the signup form was not submitted yet." echo " Run 'ente-get-verification' manually if needed."
echo ""
echo " Are you sure you entered '${EMAIL}' and clicked 'Create account'?"
echo " You can check manually with: ente-get-verification"
fi fi
echo "" echo ""
read -r -p "Press ENTER after you verified the code in the web UI..." read -r -p "Press ENTER once registration is fully complete in the web UI..."
echo "" echo ""
echo "Step 3/4: Looking up user and whitelisting admin..." echo "Step 3/4: Locating your user account..."
EMAIL_HASH=$(compute_email_hash "$EMAIL") USER_COUNT=$(run_psql "SELECT count(*) FROM users;")
USER_ID=$(run_psql "SELECT user_id FROM users WHERE email_hash = '${EMAIL_HASH//\'/\'\'}';") if [[ "$USER_COUNT" == "0" ]]; then
echo " No users found in the database."
if [[ -z "$USER_ID" ]]; then echo " Registration was not completed. Run 'ente-setup' again after signup."
echo " Warning: User '${EMAIL}' not found in database."
echo " Make sure registration was completed successfully."
echo ""
echo "=== Setup incomplete ==="
echo "After completing registration, run ente-setup again."
exit 1 exit 1
fi fi
echo " Found user ID: ${USER_ID}"
USER_ID=$(run_psql "SELECT user_id FROM users ORDER BY user_id DESC LIMIT 1;")
echo " Using most recently registered user (id: ${USER_ID})."
echo ""
echo " All users in database:"
run_psql_exec "SELECT user_id, creation_time FROM users ORDER BY user_id DESC;"
echo ""
read -r -p "Press ENTER to whitelist user ${USER_ID} as admin (or Ctrl-C to abort)..."
if grep -q "internal:" /opt/ente/server/museum.yaml; then if grep -q "internal:" /opt/ente/server/museum.yaml; then
if ! grep -qF "${USER_ID}" /opt/ente/server/museum.yaml; then if ! grep -qF "${USER_ID}" /opt/ente/server/museum.yaml; then
@@ -461,31 +439,43 @@ chmod +x /usr/local/bin/ente-setup
cat <<'EOF' >/usr/local/bin/ente-upgrade-subscription cat <<'EOF' >/usr/local/bin/ente-upgrade-subscription
#!/usr/bin/env bash #!/usr/bin/env bash
if [ -z "$1" ]; then
echo "Usage: ente-upgrade-subscription <email>"
echo "Example: ente-upgrade-subscription user@example.com"
exit 1
fi
EMAIL="$1"
DB_NAME="ente_db" DB_NAME="ente_db"
EMAIL_LOWER=$(printf '%s' "$EMAIL" | tr '[:upper:]' '[:lower:]')
HASH_B64=$(awk '/^key:/{f=1;next} /^[^[:space:]]/{f=0} f && /hash:/{print $2}' /opt/ente/server/museum.yaml | tr -d '"'"'") run_psql() {
HASH_HEX=$(printf '%s' "$HASH_B64" | base64 -d | xxd -p -c 256 | tr -d '\n') sudo -u postgres psql -t -d "$DB_NAME" -c "$1" 2>/dev/null | xargs
EMAIL_HASH=$(printf '%s' "$EMAIL_LOWER" | openssl dgst -sha256 -mac HMAC -macopt hexkey:"$HASH_HEX" -binary | base64 -w0) }
echo "Upgrading subscription for: $EMAIL"
USER_ID=$(sudo -u postgres psql -t -d "$DB_NAME" -c "SELECT user_id FROM users WHERE email_hash = '${EMAIL_HASH//\'/\'\'}';") run_psql_exec() {
USER_ID=$(echo "$USER_ID" | xargs) sudo -u postgres psql -d "$DB_NAME" -c "$1"
if [[ -z "$USER_ID" ]]; then }
echo "Error: User not found in database."
if [[ -z "$1" ]]; then
echo "Usage: ente-upgrade-subscription <user_id>"
echo ""
echo "Available users:"
run_psql_exec "SELECT user_id, creation_time FROM users ORDER BY user_id DESC;"
exit 1 exit 1
fi fi
ROWS=$(sudo -u postgres psql -t -d "$DB_NAME" -c "SELECT count(*) FROM subscriptions WHERE user_id = ${USER_ID};" | xargs)
if [[ "$ROWS" == "0" ]]; then USER_ID="$1"
sudo -u postgres psql -d "$DB_NAME" -c "INSERT INTO subscriptions (user_id, storage_in_mbs_per_plan, expiry_time, product_id, payment_provider, transaction_id, original_transaction_id) VALUES (${USER_ID}, 10737418240, 2524608000000000, 'self_hosted_unlimited', 'admin', 'admin_setup', 'admin_setup');" if ! [[ "$USER_ID" =~ ^[0-9]+$ ]]; then
else echo "Error: user_id must be numeric."
sudo -u postgres psql -d "$DB_NAME" -c "UPDATE subscriptions SET storage_in_mbs_per_plan = 10737418240, expiry_time = 2524608000000000 WHERE user_id = ${USER_ID};" exit 1
fi fi
echo "Done. Subscription upgraded to unlimited storage for: $EMAIL"
EXISTS=$(run_psql "SELECT count(*) FROM users WHERE user_id = ${USER_ID};")
if [[ "$EXISTS" != "1" ]]; then
echo "Error: user_id ${USER_ID} not found."
exit 1
fi
ROWS=$(run_psql "SELECT count(*) FROM subscriptions WHERE user_id = ${USER_ID};")
if [[ "$ROWS" == "0" ]]; then
run_psql_exec "INSERT INTO subscriptions (user_id, storage_in_mbs_per_plan, expiry_time, product_id, payment_provider, transaction_id, original_transaction_id) VALUES (${USER_ID}, 10737418240, 2524608000000000, 'self_hosted_unlimited', 'admin', 'admin_setup', 'admin_setup');"
else
run_psql_exec "UPDATE subscriptions SET storage_in_mbs_per_plan = 10737418240, expiry_time = 2524608000000000 WHERE user_id = ${USER_ID};"
fi
echo "Done. Subscription upgraded to unlimited storage for user_id ${USER_ID}."
EOF EOF
chmod +x /usr/local/bin/ente-upgrade-subscription chmod +x /usr/local/bin/ente-upgrade-subscription