qusal/salt/sys-bitcoin/files/server/rpc/qusal.BitcoinAuthGet

#!/bin/sh

# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# Creates a new rpcauth for the client qube if it does not exist. If bitcoind
# is running remotely, there is no way to set a new option with bitcoin-cli.

set -eu

bitcoin_conf="/home/user/.bitcoin/conf.d/rpcauth.conf"
bitcoin_pass="/home/user/.bitcoin/rpcclient.pass"
# shellcheck disable=SC2154
user="${QREXEC_REMOTE_DOMAIN}"

if ! systemctl is-active bitcoind >/dev/null 2>&1; then
  printf '%s\n' "systemd service 'bitcoind' is not active" >&2
  printf '%s\n' "cannot add credentials with remote RPC" >&2
  exit 1
fi

if test -r "${bitcoin_conf}"; then
  if grep -qs -e "^\s*rpcauth=${user}:" -- "${bitcoin_conf}"; then
    grep -m1 -e "^${user}:" -- "${bitcoin_pass}"
    exit
  fi
fi

if ! command -v bitcoin-rpcauth >/dev/null; then
  printf '%s\n' "command not found: bitcoin-rpcauth" >&2
  exit 127
fi

full_auth="$(bitcoin-rpcauth "${user}" | sed -n -e '2p;4p')"
rpcauth="$(printf '%s\n' "${full_auth}" | head -1)"
user="$(printf '%s\n' "${rpcauth}" | cut -d "=" -f2 | cut -d ":" -f1)"
password="$(printf '%s\n' "${full_auth}" | tail -1)"

printf '%s\n' "${rpcauth}" | \
  sudo -u user -- tee -a -- "${bitcoin_conf}" >/dev/null
printf '%s\n' "${user}:${password}" | \
  sudo -u user -- tee -a -- "${bitcoin_pass}" >/dev/null
printf '%s\n' "${user}:${password}"

## Restart bitcoind to apply the configuration changes. Currently, there is no
## prevention of DDoS besides when the client already has an authentication
## configured, it is printed and returned before getting to this part.
systemctl restart bitcoind
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00			`#!/bin/sh`

			`# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>`
			`#`
			`# SPDX-License-Identifier: AGPL-3.0-or-later`
			`#`
			`# Creates a new rpcauth for the client qube if it does not exist. If bitcoind`
			`# is running remotely, there is no way to set a new option with bitcoin-cli.`

			`set -eu`

			`bitcoin_conf="/home/user/.bitcoin/conf.d/rpcauth.conf"`
			`bitcoin_pass="/home/user/.bitcoin/rpcclient.pass"`
feat: enable all optional shellcheck validations Make shell a little bit safer with: - add-default-case - check-extra-masked-returns - check-set-e-suppressed - quote-safe-variables - check-unassigned-uppercase Although there are some stylistic decisions for uniformity: - avoid-nullary-conditions - deprecated-which - require-variable-braces 2024-07-10 08:36:05 -04:00			`# shellcheck disable=SC2154`
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00			`user="${QREXEC_REMOTE_DOMAIN}"`

			`if ! systemctl is-active bitcoind >/dev/null 2>&1; then`
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced. 2024-08-06 12:15:24 -04:00			`printf '%s\n' "systemd service 'bitcoind' is not active" >&2`
			`printf '%s\n' "cannot add credentials with remote RPC" >&2`
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00			`exit 1`
			`fi`

			`if test -r "${bitcoin_conf}"; then`
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it. 2024-08-06 11:04:16 -04:00			`if grep -qs -e "^\s*rpcauth=${user}:" -- "${bitcoin_conf}"; then`
			`grep -m1 -e "^${user}:" -- "${bitcoin_pass}"`
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00			`exit`
			`fi`
			`fi`

			`if ! command -v bitcoin-rpcauth >/dev/null; then`
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced. 2024-08-06 12:15:24 -04:00			`printf '%s\n' "command not found: bitcoin-rpcauth" >&2`
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00			`exit 127`
			`fi`

fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it. 2024-08-06 11:04:16 -04:00			`full_auth="$(bitcoin-rpcauth "${user}" \| sed -n -e '2p;4p')"`
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced. 2024-08-06 12:15:24 -04:00			`rpcauth="$(printf '%s\n' "${full_auth}" \| head -1)"`
			`user="$(printf '%s\n' "${rpcauth}" \| cut -d "=" -f2 \| cut -d ":" -f1)"`
			`password="$(printf '%s\n' "${full_auth}" \| tail -1)"`
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced. 2024-08-06 12:15:24 -04:00			`printf '%s\n' "${rpcauth}" \| \`
			`sudo -u user -- tee -a -- "${bitcoin_conf}" >/dev/null`
			`printf '%s\n' "${user}:${password}" \| \`
fix: avoid operand evaluation as argument Explicit end option parsing as the shell can be quite dangerous without it. 2024-08-06 11:04:16 -04:00			`sudo -u user -- tee -a -- "${bitcoin_pass}" >/dev/null`
fix: avoid echo usage Echo can interpret operand as an option and checking every variable to be echoed is troublesome while with printf, if the format specifier is present before the operand, printing as string can be enforced. 2024-08-06 12:15:24 -04:00			`printf '%s\n' "${user}:${password}"`
feat: Bitcoin Core and Electrum servers and wallet 2024-02-16 18:03:19 -05:00
			`## Restart bitcoind to apply the configuration changes. Currently, there is no`
			`## prevention of DDoS besides when the client already has an authentication`
			`## configured, it is printed and returned before getting to this part.`
			`systemctl restart bitcoind`