diff --git a/Website/launch.sh b/Website/launch.sh index d21d966..99aa751 100755 --- a/Website/launch.sh +++ b/Website/launch.sh @@ -6,7 +6,6 @@ cd "$SCRIPT_DIR" DOCKER_CMD=() SECRETS_FILE="$SCRIPT_DIR/.mongo-secrets.env" -MONGO_VOLUME_NAME="$(basename "$SCRIPT_DIR" | tr '[:upper:]' '[:lower:]')_mongo_data" ensure_mongo_secrets() { if [ -f "$SECRETS_FILE" ]; then @@ -16,8 +15,37 @@ ensure_mongo_secrets() { if [ -z "${MONGO_INITDB_ROOT_PASSWORD:-}" ]; then MONGO_INITDB_ROOT_PASSWORD="$(openssl rand -hex 24)" + + ensure_mongo_app_user() { + "${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" exec -T mongodb mongosh --quiet \ + --username "$MONGO_INITDB_ROOT_USERNAME" \ + --password "$MONGO_INITDB_ROOT_PASSWORD" \ + --authenticationDatabase admin \ + --eval ' + const appDatabase = process.env.MONGO_DB_NAME || "Invario_Website"; + const appUser = process.env.MONGO_APP_USER || "website_app"; + const appPassword = process.env.MONGO_APP_PASSWORD; + + if (!appPassword) { + throw new Error("Missing MONGO_APP_PASSWORD"); + } + + const appDb = db.getSiblingDB(appDatabase); + if (!appDb.getUser(appUser)) { + appDb.createUser({ + user: appUser, + pwd: appPassword, + roles: [{ role: "readWrite", db: appDatabase }], + }); + print("created app user"); + } else { + print("app user already exists"); + } + ' + } fi + ensure_mongo_app_user if [ -z "${MONGO_APP_PASSWORD:-}" ]; then MONGO_APP_PASSWORD="$(openssl rand -hex 24)" fi @@ -82,77 +110,6 @@ fi resolve_docker_cmd "${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" build website - -mongo_bootstrap_needed() { - "${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" exec -T mongodb mongosh --quiet --username "$MONGO_INITDB_ROOT_USERNAME" --password "$MONGO_INITDB_ROOT_PASSWORD" --authenticationDatabase admin --eval 'db.adminCommand({ ping: 1 }).ok' >/dev/null 2>&1 -} - -bootstrap_mongo_users() { - echo "MongoDB bootstrap erforderlich; starte temporären Recovery-Modus ohne Auth..." - "${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" stop mongodb || true - "${DOCKER_CMD[@]}" run -d --rm \ - --name invario-mongo-recovery \ - --network host \ - -v "${MONGO_VOLUME_NAME}:/data/db" \ - mongo:7 \ - mongod --dbpath /data/db --bind_ip 127.0.0.1 --port 27017 --noauth >/dev/null - - trap '"${DOCKER_CMD[@]}" stop invario-mongo-recovery >/dev/null 2>&1 || true' EXIT - - for _ in 1 2 3 4 5 6 7 8 9 10; do - if "${DOCKER_CMD[@]}" run --rm --network host mongo:7 mongosh --quiet mongodb://127.0.0.1:27017 --eval 'db.adminCommand({ ping: 1 }).ok' >/dev/null 2>&1; then - break - fi - sleep 1 - done - - "${DOCKER_CMD[@]}" run --rm --network host --env-file "$SECRETS_FILE" mongo:7 mongosh --quiet mongodb://127.0.0.1:27017 --eval ' -const appDatabase = process.env.MONGO_DB_NAME || "Invario_Website"; -const rootUser = process.env.MONGO_INITDB_ROOT_USERNAME || "website_root"; -const rootPassword = process.env.MONGO_INITDB_ROOT_PASSWORD; -const appUser = process.env.MONGO_APP_USER || "website_app"; -const appPassword = process.env.MONGO_APP_PASSWORD; - -if (!rootPassword || !appPassword) { - throw new Error("Missing Mongo bootstrap credentials"); -} - -const adminDb = db.getSiblingDB("admin"); -try { - adminDb.createUser({ - user: rootUser, - pwd: rootPassword, - roles: [{ role: "root", db: "admin" }], - }); -} catch (error) { - if (!String(error).includes("already exists")) { - throw error; - } -} - -const appDb = db.getSiblingDB(appDatabase); -try { - appDb.createUser({ - user: appUser, - pwd: appPassword, - roles: [{ role: "readWrite", db: appDatabase }], - }); -} catch (error) { - if (!String(error).includes("already exists")) { - throw error; - } -} -' - - "${DOCKER_CMD[@]}" stop invario-mongo-recovery >/dev/null - trap - EXIT - echo "MongoDB bootstrap abgeschlossen. Starte gesicherten Dienst erneut..." -} - -if ! mongo_bootstrap_needed; then - bootstrap_mongo_users -fi - "${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" up -d mongodb "${DOCKER_CMD[@]}" compose --env-file "$SECRETS_FILE" up -d --no-deps website