From fdb17586ee69b517f786ad17410c742c28bffe0d Mon Sep 17 00:00:00 2001
From: alban <git@albancrommer.com>
Date: Fri, 2 Sep 2022 17:59:36 +0200
Subject: [PATCH] [fix] Adds secrets for #2 and minor fixes

---
 README.md            | 14 ++++++---
 install.sh           |  3 +-
 plugins-install.sh   | 17 +++++++++--
 secure-db-install.sh | 72 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 99 insertions(+), 7 deletions(-)
 create mode 100644 secure-db-install.sh

diff --git a/README.md b/README.md
index 1501868..45c4dab 100644
--- a/README.md
+++ b/README.md
@@ -23,8 +23,14 @@ git clone https://git.interhacker.space/alban/maubot-installer.git
 cd maubot-installer
 bash install.sh
 
-# Optionaly use the plugin installer if you cloned
-$EDITOR plugin-install.sh # Edit the variables
+# 3) Run the secure db install for security
+bash secure-db-install.sh
+
+# Optionnaly use the plugin installer if you cloned
+# Edit the variables
+$EDITOR plugin-install.sh 
+# OR use a config file
+cp config.default config && $EDITOR config
 bash plugin-install.sh
 
 ```
@@ -80,8 +86,8 @@ nano config # Edit
 
 ## Contributing
 
-Feel free to post issues here o
+Feel free to post issues here on https://git.interhacker.space/alban/maubot-installer/issues
 
 ## Known problems
 
-Some plugins might require additional pip packages, you might have to install them by hand.
\ No newline at end of file
+Some plugins might require additional pip packages, you might have to install them by hand.
diff --git a/install.sh b/install.sh
index 3d5adfc..361fe2a 100755
--- a/install.sh
+++ b/install.sh
@@ -12,11 +12,12 @@ packageList=()
 packageList+=("certbot")
 packageList+=("nginx")
 packageList+=("pwgen")
-packageList+=("python-pip")
+packageList+=("python3-pip")
 packageList+=("python3-minimal")
 packageList+=("python3-distutils")
 packageList+=("sqlite3")
 packageList+=("virtualenv")
+packageList+=("wget")
 
 info "Updating packages informations"
 apt-get update >/dev/null
diff --git a/plugins-install.sh b/plugins-install.sh
index 54a4dd9..0d2245f 100644
--- a/plugins-install.sh
+++ b/plugins-install.sh
@@ -3,7 +3,15 @@
 panic(){ echo -e "$@"; exit 2; }
 info(){ echo -e "\e[0;32m$@\e[0m"; }
 
-which zip &>/dev/null || panic "Please install zip and unzip."
+which zip &>/dev/null || {
+    packageList+=("zip")
+    packageList+=("unzip")
+
+    info "Updating packages informations"
+    apt-get update >/dev/null
+    info "Installing packages ${packageList[@]}"
+    apt-get install --no-install-recommends -y ${packageList[@]} >/dev/null
+}
 
 basePath=$( cd `dirname $BASH_SOURCE[0]` && pwd )
 cd "$basePath"
@@ -19,7 +27,7 @@ cd "$basePath"
 # maubot_user=maubot
 # maubot_pass=maubot
 
-[[ -z "$install_dir" ]] || [[ -z "$maubot_user" ]] || [[ -z "$maubot_pass" ]] || [[ -z "$server_address" ]] && panic "Please set variables"
+[[ -z "$install_dir" ]] || [[ -z "$maubot_user" ]] || [[ -z "$maubot_pass" ]] || [[ -z "$server_address" ]] && panic "Please set variables using .config or edit shell script"
 
 declare -A botList
 botList[https://github.com/maubot/jesaribot]="A simple bot that replies with an image when you say "jesari"."
@@ -70,6 +78,11 @@ while [[ "$install" == "y" ]]; do
 			cd "$tempDir"
 			info "Downloading file"
 			wget -q "$zipURL" &>/dev/null 
+            if [[ 0 != $? || ! -f master.zip ]] ; then
+                echo "Something went wrong, zip file not available."
+                read -p "Press enter to continue"
+                continue
+            fi
 			info "Converting"
 			unzip master.zip &>/dev/null
 			cd "$projectName-master" 
diff --git a/secure-db-install.sh b/secure-db-install.sh
new file mode 100644
index 0000000..668514b
--- /dev/null
+++ b/secure-db-install.sh
@@ -0,0 +1,72 @@
+#! /bin/bash
+
+
+panic(){ echo -e "$@"; echo "Exiting."; exit 2; }
+spacer(){ echo -e "\n - - - - - - - - - "; }
+info(){ echo -e "\e[0;32m$@\e[0m"; }
+
+[[ "root" == $(whoami) ]] || panic "Must run as root."
+
+# 
+cd /opt/maubot
+. bin/activate
+
+packageList=()
+packageList+=("libolm-dev")
+packageList+=("python3-dev") 
+packageList+=("build-essential")
+
+pip3_packages=()
+pip3_packages+=("asyncpg")
+pip3_packages+=("python-olm")
+pip3_packages+=("pycryptodome")
+pip3_packages+=("unpaddedbase64")
+pip3_packages+=("urllib3")
+pip3_packages+=("maubot[all]==0.2.2a1")
+info "Updating packages informations"
+apt-get update >/dev/null
+info "Installing packages ${packageList[@]}"
+apt-get install --no-install-recommends -y ${packageList[@]} >/dev/null
+
+info "Installing python packages ${pip3_packages[@]}"
+
+pip3 install ${pip3_packages[@]} >/dev/null 
+
+systemctl stop maubot.service
+
+if egrep -q "^crypto_database" config.yaml; then
+    if egrep -q "^crypto_database: default" config.yaml ; then 
+        sed -i -E 's=^(crypto_database:.*)=crypto_database: sqlite:///crypto.db=' config.yaml 
+    fi
+else 
+    sed -i -E 's=^(database:.*)=\1\ncrypto_database: sqlite:///crypto.db=' config.yaml
+fi 
+
+rm /opt/maubot/maubot.db
+
+systemctl start maubot.service
+alembic upgrade head
+systemctl status maubot.service
+
+
+cat << EOF
+Now we have to authenticate on our maubot account that we created during the installation of maubot and that is accessible from its web-panel, but we will have to do it from the terminal with the mbc tool
+
+Connect to the panel using the login and password provided earlier for install.sh
+EOF
+
+bin/mbc login
+
+
+cat << EOF
+Once the authentication is done, we will use the same tool again to connect to our user account (bot client) that we created on the Matrix homeserver, to generate a unique token code and a device-id in order to allow the bot to have full control over the client (It is important to do it from the terminal, not from a classic matrix client)
+
+It is important that the user used has www-data rights, otherwise the authentication will not work.
+
+Generate the token and the device ID by connecting with the matrix user.
+EOF
+
+bin/mbc auth --update-client
+
+
+EOF