-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathstart-services.sh
327 lines (274 loc) · 10.8 KB
/
start-services.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
#!/bin/bash
# author: dbbDylan
# date: 2024.11.07
# note: depends on `jq`
set -e # 监测到错误立即退出
# ========================
# 变量定义
# ========================
# 通过环境变量初始化配置文件功能开关
INIT_ENABLE=${INIT_ENABLE:-1}
CFG_INIT_ENABLE=${CFG_INIT_ENABLE:-1}
CAS_PROPERTIES_INIT_ENABLE=${CAS_PROPERTIES_INIT_ENABLE:-1}
# docker 容器中各(配置)文件以及目录的路径
PATH_ROOT=${PATH_ROOT:-"/oauth-server-lite"}
## oauth-server-lite 目录配置
OAUTH_SERVER_DIR="${PATH_ROOT}/oauth-server-lite"
OAUTH_SERVER_PATH="${OAUTH_SERVER_DIR}/oauth-server-lite"
OAUTH_SERVER_CONFIG_FILE="${OAUTH_SERVER_DIR}/cfg.json"
OAUTH_SERVER_DB_FILE="${OAUTH_SERVER_DIR}/sqlite.db"
## apereo-cas 目录配置
CAS_DIR="${PATH_ROOT}/apereo-cas"
CAS_DB_FILE="${CAS_DIR}/cas.db"
CAS_WAR_PATH="${CAS_DIR}/cas.war"
CAS_PROPERTIES_FILE=${CAS_PROPERTIES_FILE:-"/etc/cas/config/cas.properties"}
## oauth2 认证方式
OAUTH_GRANT_TYPES="password,authorization_code,urn:ietf:params:oauth:grant-type:device_code,client_credentials"
# 可对外暴露的环境变量
OAUTH_CLIENT_ID=${OAUTH_CLIENT_ID:-"oauth"} # OAuth2 Client ID
OAUTH_CLIENT_SECRET=${OAUTH_CLIENT_SECRET:-"123456"} # OAuth2 Client Secret
CAS_USERNAME=${CAS_USERNAME:-"cas"} # CAS 用户名
CAS_PASSWORD=${CAS_PASSWORD:-"123456"} # CAS 用户密码
OAUTH_SERVER_PORT=${OAUTH_SERVER_PORT:-"8081"} # oauth-server-lite 服务端口号
CAS_SERVER_PORT=${CAS_SERVER_PORT:-"8444"} # apereo-cas 服务端口号
CAS_SERVER_HOST=${CAS_SERVER_HOST:-"localhost"} # apereo-cas 服务地址/域名
CAS_SERVER_URL=${CAS_SERVER_URL:-"http://${CAS_SERVER_HOST}:${CAS_SERVER_PORT}"} # apereo-cas 服务 URL
OAUTH_REDIS_DSN=${OAUTH_REDIS_DSN:-"localhost:6379"} # redis 服务域名
OAUTH_REDIS_PASSWORD=${OAUTH_REDIS_PASSWORD:-""} # redis 服务密码
PLAYGROUND_HOST=${PLAYGROUND_HOST:-"localhost"} # oauth2playground 服务地址/域名
PLAYGROUND_PORT=${PLAYGROUND_PORT:-"80"} # oauth2playground 服务端口号
# ========================
# 函数定义
# ========================
init() {
init_dir
init_sqlite
}
# 初始化目录
init_dir() {
mkdir -p "${PATH_ROOT}" && mkdir -p "${OAUTH_SERVER_DIR}" && mkdir -p "${CAS_DIR}"
chmod -R 777 "${PATH_ROOT}"
}
# 初始化 sqlite 配置
init_sqlite() {
if ! command -v sqlite3 &> /dev/null; then
echo "sqlite3 not found, installing..."
apt-get update && apt-get install -y sqlite3
fi
init_cas_db
init_oauth_server_db
}
# 初始化 CAS 数据库
init_cas_db() {
echo "Setting up CAS database at ${CAS_DB_FILE}..."
# 初始化数据库
sqlite3 "${CAS_DB_FILE}" <<EOF
CREATE TABLE IF NOT EXISTS user (username TEXT, password TEXT, name TEXT);
DELETE FROM user;
INSERT INTO user (username, password, name) VALUES ('${CAS_USERNAME}', '${CAS_PASSWORD}', '测试用户');
EOF
echo "Database initialized successfully!"
}
# 配置 CAS 属性文件
configure_cas_properties() {
echo "Configuring CAS properties at ${CAS_PROPERTIES_FILE}..."
# 创建临时文件
local TMP_FILE="${CAS_PROPERTIES_FILE}.tmp"
cp "${CAS_PROPERTIES_FILE}" "${TMP_FILE}" || touch "${TMP_FILE}" # 确保临时文件存在
# 配置 server.port
if grep -q "^server.port=" "${TMP_FILE}"; then
sed -i "s#^server.port=.*#server.port=${CAS_SERVER_PORT}#" "${TMP_FILE}"
else
echo "server.port=${CAS_SERVER_PORT}" >> "${TMP_FILE}"
fi
# 配置 cas.server.name
if grep -q "^cas.server.name=" "${TMP_FILE}"; then
sed -i "s#^cas.server.name=.*#cas.server.name=http://${CAS_SERVER_HOST}:${CAS_SERVER_PORT}#" "${TMP_FILE}"
else
echo "cas.server.name=http://${CAS_SERVER_HOST}:${CAS_SERVER_PORT}" >> "${TMP_FILE}"
fi
# 配置 cas.authn.jdbc.query[0].url
if grep -q "^cas.authn.jdbc.query\[0\]\.url=" "${TMP_FILE}"; then
sed -i "s#^cas.authn.jdbc.query\[0\]\.url=.*#cas.authn.jdbc.query[0].url=jdbc:sqlite:${CAS_DB_FILE}#" "${TMP_FILE}"
else
echo "cas.authn.jdbc.query[0].url=jdbc:sqlite:${CAS_DB_FILE}" >> "${TMP_FILE}"
fi
# 替换原配置文件
mv "${TMP_FILE}" "${CAS_PROPERTIES_FILE}"
echo "CAS configuration complete!"
}
# 启动 CAS 服务
start_cas() {
echo "Starting CAS server..."
# 检查服务状态
if curl -s --head "${CAS_SERVER_URL}/cas/login" | grep "200" > /dev/null; then
echo "OAuth server is already running. Skipping startup."
return 0
fi
java -server -noverify -Xmx2048M -jar "${CAS_WAR_PATH}" &
}
configure_cas_properties() {
echo "Configuring CAS properties at ${CAS_PROPERTIES_FILE}..."
# 创建临时文件
local TMP_FILE="${CAS_PROPERTIES_FILE}.tmp"
cp "${CAS_PROPERTIES_FILE}" "${TMP_FILE}" || touch "${TMP_FILE}" # 确保临时文件存在
# 配置 server.port
if grep -q "^server.port=" "${TMP_FILE}"; then
sed -i "s#^server.port=.*#server.port=${CAS_SERVER_PORT}#" "${TMP_FILE}"
else
echo "server.port=${CAS_SERVER_PORT}" >> "${TMP_FILE}"
fi
# 配置 cas.server.name
if grep -q "^cas.server.name=" "${TMP_FILE}"; then
sed -i "s#^cas.server.name=.*#cas.server.name=http://${CAS_SERVER_HOST}:${CAS_SERVER_PORT}#" "${TMP_FILE}"
else
echo "cas.server.name=http://${CAS_SERVER_HOST}:${CAS_SERVER_PORT}" >> "${TMP_FILE}"
fi
# 配置 cas.authn.jdbc.query[0].url
if grep -q "^cas.authn.jdbc.query\[0\]\.url=" "${TMP_FILE}"; then
sed -i "s#^cas.authn.jdbc.query\[0\]\.url=.*#cas.authn.jdbc.query[0].url=jdbc:sqlite:${CAS_DB_FILE}#" "${TMP_FILE}"
else
echo "cas.authn.jdbc.query[0].url=jdbc:sqlite:${CAS_DB_FILE}" >> "${TMP_FILE}"
fi
# 替换原配置文件
mv "${TMP_FILE}" "${CAS_PROPERTIES_FILE}"
echo "CAS configuration complete!"
}
# 初始化 oauth-server-lite 数据库
init_oauth_server_db() {
echo "Setting up Oauth server database at ${OAUTH_SERVER_DB_FILE}..."
# 初始化数据库
sqlite3 "${OAUTH_SERVER_DB_FILE}" <<EOF
CREATE TABLE IF NOT EXISTS oauth_client (
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at DATETIME,
updated_at DATETIME,
deleted_at DATETIME,
app_id INTEGER NOT NULL DEFAULT 0,
app_name TEXT NOT NULL DEFAULT "",
description TEXT NOT NULL DEFAULT "",
client_id TEXT NOT NULL DEFAULT "",
client_secret TEXT NOT NULL DEFAULT "",
grant_types TEXT NOT NULL DEFAULT "",
domains TEXT NOT NULL DEFAULT "",
scope TEXT NOT NULL DEFAULT "",
ignore_authorize NUMERIC NOT NULL DEFAULT 0,
privacy_url TEXT NOT NULL DEFAULT "",
contact_user_name TEXT NOT NULL DEFAULT "",
contact_user_id TEXT NOT NULL DEFAULT "",
contact_user_phone TEXT NOT NULL DEFAULT "",
contact_user_mail TEXT NOT NULL DEFAULT "",
charge_user_name TEXT NOT NULL DEFAULT "",
charge_user_id TEXT NOT NULL DEFAULT ""
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_oauth_client_client_id ON oauth_client(client_id);
CREATE INDEX IF NOT EXISTS idx_oauth_client_app_name ON oauth_client(app_name);
CREATE UNIQUE INDEX IF NOT EXISTS idx_oauth_client_app_id ON oauth_client(app_id);
CREATE INDEX IF NOT EXISTS idx_oauth_client_deleted_at ON oauth_client(deleted_at);
CREATE TABLE IF NOT EXISTS oauth_access_token (
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at DATETIME,
updated_at DATETIME,
access_token TEXT NOT NULL DEFAULT "",
scope TEXT NOT NULL DEFAULT "",
client_id TEXT NOT NULL DEFAULT "",
user_id TEXT NOT NULL DEFAULT "",
expired_at DATETIME NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_oauth_access_token_user_id ON oauth_access_token(user_id);
CREATE UNIQUE INDEX IF NOT EXISTS idx_oauth_access_token_access_token ON oauth_access_token(access_token);
CREATE TABLE IF NOT EXISTS oauth_refresh_token (
id INTEGER PRIMARY KEY AUTOINCREMENT,
created_at DATETIME,
updated_at DATETIME,
refresh_token TEXT NOT NULL DEFAULT "",
client_id TEXT NOT NULL DEFAULT "",
user_id TEXT NOT NULL DEFAULT "",
expired_at DATETIME NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_oauth_refresh_token_user_id ON oauth_refresh_token(user_id);
CREATE UNIQUE INDEX IF NOT EXISTS idx_oauth_refresh_token_refresh_token ON oauth_refresh_token(refresh_token);
DELETE FROM oauth_client;
INSERT INTO oauth_client (
app_id,
client_id,
client_secret,
grant_types,
domains,
scope,
ignore_authorize
) VALUES (
0,
'${OAUTH_CLIENT_ID}',
'${OAUTH_CLIENT_SECRET}',
'${OAUTH_GRANT_TYPES}',
'${PLAYGROUND_HOST}',
'Basic',
0
);
EOF
echo "Database initialized successfully!"
}
# 配置 oauth-server-lite cfg.json 文件
configure_oauth_server() {
echo "Configuring Oauth server configurations..."
# 更新 .cas 字段
jq --arg cas "$CAS_SERVER_URL/cas/" \
'.cas = $cas' \
"$OAUTH_SERVER_CONFIG_FILE" > "$OAUTH_SERVER_CONFIG_FILE.tmp" && mv "$OAUTH_SERVER_CONFIG_FILE.tmp" "$OAUTH_SERVER_CONFIG_FILE"
# 更新 .db (sqlite) 字段
jq --arg sqlite "$OAUTH_SERVER_DB_FILE" \
'.db = {sqlite: $sqlite}' \
"$OAUTH_SERVER_CONFIG_FILE" > "$OAUTH_SERVER_CONFIG_FILE.tmp" && mv "$OAUTH_SERVER_CONFIG_FILE.tmp" "$OAUTH_SERVER_CONFIG_FILE"
# 更新 .redis 字段(只修改 dsn 和 password,保留其他字段)
jq --arg dsn "$OAUTH_REDIS_DSN" \
--arg password "$OAUTH_REDIS_PASSWORD" \
'.redis.dsn = $dsn | .redis.password = $password' \
"$OAUTH_SERVER_CONFIG_FILE" > "$OAUTH_SERVER_CONFIG_FILE.tmp" && mv "$OAUTH_SERVER_CONFIG_FILE.tmp" "$OAUTH_SERVER_CONFIG_FILE"
# 更新 .http 字段(只修改 domain 和 listen,保持其他字段不变)
jq --arg port "$OAUTH_SERVER_PORT" \
--arg domain "$PLAYGROUND_HOST:$PLAYGROUND_PORT" \
'.http.listen = "0.0.0.0:\($port)" | .http.session_options.domain = $domain' \
"$OAUTH_SERVER_CONFIG_FILE" > "$OAUTH_SERVER_CONFIG_FILE.tmp" && mv "$OAUTH_SERVER_CONFIG_FILE.tmp" "$OAUTH_SERVER_CONFIG_FILE"
echo "Oauth server configured successfully!"
}
# 启动 OAuth Server 服务
start_oauth_server() {
echo "Starting OAuth server..."
cd "${OAUTH_SERVER_DIR}" && ${OAUTH_SERVER_PATH} -c "${OAUTH_SERVER_CONFIG_FILE}" &
}
# 检查 CAS 服务是否启动完成
wait_for_cas() {
echo "Waiting for CAS server to be ready at ${CAS_SERVER_URL}..."
while ! curl -s --head "${CAS_SERVER_URL}/cas/login" | grep "200" > /dev/null; do
# echo "Waiting for CAS server to start..."
sleep 1
done
echo "CAS server is ready!"
}
# ========================
# 主执行流程
# ========================
# 判断 INIT_ENABLE 是否为 1
if [ "$INIT_ENABLE" -eq 1 ]; then
echo "Initialization is enabled. Starting initialization process..."
init
else
echo "Initialization is disabled. Skipping initialization process."
fi
# 判断 CAS_PROPERTIES_INIT_ENABLE 是否为 1
if [ "$CAS_PROPERTIES_INIT_ENABLE" -eq 1 ]; then
configure_cas_properties
fi
# 判断 CFG_INIT_ENABLE 是否为 1
if [ "$CFG_INIT_ENABLE" -eq 1 ]; then
configure_oauth_server
fi
start_cas
wait_for_cas
start_oauth_server
# 保持脚本运行
echo "All services started. Keeping script running..."
tail -f /dev/null
# apereo-cas 会一直在后台运行,如果需要停止服务则可以执行以下命令手动 kill 进程
# lsof -i :8444 | awk 'NR>1 {print $2}' | xargs -r kill -9 # kill apereo-cas