From b78ed7750ade2e9cf3ad47dee9f38b74fdccc0ea Mon Sep 17 00:00:00 2001
From: Timmo <contact@timmo.xyz>
Date: Sat, 30 Mar 2019 11:31:16 +0000
Subject: [PATCH] :hammer: Move secret to init script

---
 home-panel/Dockerfile                         |  4 --
 .../rootfs/etc/cont-init.d/20-secrets.sh      |  7 ++++
 home-panel/rootfs/etc/home-panel/default.json | 37 -------------------
 3 files changed, 7 insertions(+), 41 deletions(-)
 create mode 100644 home-panel/rootfs/etc/cont-init.d/20-secrets.sh
 delete mode 100644 home-panel/rootfs/etc/home-panel/default.json

diff --git a/home-panel/Dockerfile b/home-panel/Dockerfile
index 6d220f2..c142c0e 100644
--- a/home-panel/Dockerfile
+++ b/home-panel/Dockerfile
@@ -10,7 +10,6 @@ COPY rootfs /
 RUN \
     apk add --no-cache --virtual .build-dependencies \
         git=2.20.1-r0 \
-        openssl=1.1.1b-r1 \
         yarn=1.12.3-r0 \
     \
     && apk add --no-cache \
@@ -26,9 +25,6 @@ RUN \
         "https://github.com/timmo001/home-panel.git" /tmp/panel \
     && mv /tmp/panel/api /opt/api \
     \
-    && mv /etc/home-panel/default.json /opt/api/config \
-    && sed -i "s/API_AUTH_SECRET/$(openssl rand -base64 32)/g" /opt/api/config/default.json \
-    \
     && cd /opt/api \
     && yarn install \
     \
diff --git a/home-panel/rootfs/etc/cont-init.d/20-secrets.sh b/home-panel/rootfs/etc/cont-init.d/20-secrets.sh
new file mode 100644
index 0000000..a833ca0
--- /dev/null
+++ b/home-panel/rootfs/etc/cont-init.d/20-secrets.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: Home Panel
+# This updates the internal auth secret for the API
+# ==============================================================================
+# shellcheck disable=2094,2016
+bashio::jq /opt/api/config/default.json '.authentication.secret="$(openssl rand -base64 32)"' > /opt/api/config/default.json
diff --git a/home-panel/rootfs/etc/home-panel/default.json b/home-panel/rootfs/etc/home-panel/default.json
deleted file mode 100644
index 743510e..0000000
--- a/home-panel/rootfs/etc/home-panel/default.json
+++ /dev/null
@@ -1,37 +0,0 @@
-{
-    "host": "localhost",
-    "port": 3234,
-    "public": "../public/",
-    "paginate": {
-      "default": 10,
-      "max": 50
-    },
-    "authentication": {
-      "secret": "API_AUTH_SECRET",
-      "strategies": ["jwt", "local"],
-      "path": "/authentication",
-      "service": "users",
-      "jwt": {
-        "header": {
-          "typ": "access"
-        },
-        "audience": "https://timmo.dev/home-panel",
-        "subject": "anonymous",
-        "issuer": "feathers",
-        "algorithm": "HS256",
-        "expiresIn": "1d"
-      },
-      "local": {
-        "entity": "user",
-        "usernameField": "username",
-        "passwordField": "password"
-      },
-      "cookie": {
-        "enabled": true,
-        "name": "feathers-jwt",
-        "httpOnly": false,
-        "secure": false
-      }
-    },
-    "nedb": "/data"
-  }