#!/usr/bin/env bash set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" CONFIG="${1:-$SCRIPT_DIR/../config.ini}" if [[ ! -f "$CONFIG" ]]; then echo "ERROR: config file not found: $CONFIG" echo "Usage: $0 [path/to/config.ini]" echo "Copy config.example.ini to config.ini and fill in your values." exit 1 fi # --- Parse INI --- parse_ini() { local file="$1" section="$2" key="$3" sed -n "/^\[$section\]/,/^\[/p" "$file" | grep "^${key}\s*=" | head -1 | sed 's/^[^=]*=\s*//' | sed 's/\s*$//' } GITEA_API=$(parse_ini "$CONFIG" gitea api_url) OWNER_USER=$(parse_ini "$CONFIG" owner username) OWNER_PASS=$(parse_ini "$CONFIG" owner password) READER_USER=$(parse_ini "$CONFIG" reader username) READER_PASS=$(parse_ini "$CONFIG" reader password) READER_EMAIL=$(parse_ini "$CONFIG" reader email) TOKEN_NAME=$(parse_ini "$CONFIG" reader token_name) TOKEN_SCOPE=$(parse_ini "$CONFIG" reader token_scope) if [[ -z "$GITEA_API" || -z "$OWNER_USER" || -z "$OWNER_PASS" || -z "$READER_USER" || -z "$READER_PASS" ]]; then echo "ERROR: missing required fields in config.ini" exit 1 fi READER_EMAIL="${READER_EMAIL:-${READER_USER}@noreply.local}" TOKEN_NAME="${TOKEN_NAME:-installer-readonly}" TOKEN_SCOPE="${TOKEN_SCOPE:-read:repository}" echo "=== Gitea Reader Account Setup ===" echo "Server: $GITEA_API" echo "Owner: $OWNER_USER" echo "Reader: $READER_USER" echo "" # --- Step 1: Create reader account --- echo "[1/4] Creating reader account '$READER_USER'..." HTTP_CODE=$(curl -s -o /tmp/gitea_create_user.json -w "%{http_code}" \ -X POST "$GITEA_API/admin/users" \ -u "$OWNER_USER:$OWNER_PASS" \ -H "Content-Type: application/json" \ -d "{ \"username\": \"$READER_USER\", \"password\": \"$READER_PASS\", \"email\": \"$READER_EMAIL\", \"must_change_password\": false, \"visibility\": \"public\" }") if [[ "$HTTP_CODE" == "201" ]]; then echo " -> Account created." elif [[ "$HTTP_CODE" == "422" ]]; then echo " -> Account already exists (422), continuing." else echo " -> ERROR: HTTP $HTTP_CODE" cat /tmp/gitea_create_user.json exit 1 fi # --- Step 2: Activate account --- echo "[2/4] Activating account and setting visibility..." curl -s -o /dev/null -w "" \ -X PATCH "$GITEA_API/admin/users/$READER_USER" \ -u "$OWNER_USER:$OWNER_PASS" \ -H "Content-Type: application/json" \ -d '{"active": true, "visibility": "public", "login_name": "'"$READER_USER"'"}' echo " -> Done." # --- Step 3: Delete existing token with same name (if any) --- echo "[3/4] Cleaning up old tokens..." curl -s -o /dev/null -w "" \ -X DELETE "$GITEA_API/users/$READER_USER/tokens/$TOKEN_NAME" \ -u "$READER_USER:$READER_PASS" 2>/dev/null || true echo " -> Done." # --- Step 4: Create API token --- echo "[4/4] Creating API token '$TOKEN_NAME' (scope: $TOKEN_SCOPE)..." TOKEN_RESPONSE=$(curl -s \ -X POST "$GITEA_API/users/$READER_USER/tokens" \ -u "$READER_USER:$READER_PASS" \ -H "Content-Type: application/json" \ -d "{\"name\": \"$TOKEN_NAME\", \"scopes\": [\"$TOKEN_SCOPE\"]}") TOKEN_VALUE=$(echo "$TOKEN_RESPONSE" | grep -o '"sha1":"[^"]*"' | sed 's/"sha1":"//;s/"//') if [[ -z "$TOKEN_VALUE" ]]; then echo " -> ERROR: Failed to extract token from response:" echo "$TOKEN_RESPONSE" exit 1 fi echo " -> Token created: ${TOKEN_VALUE:0:8}..." # --- Write token back to config.ini --- if grep -q "^token\s*=" "$CONFIG" 2>/dev/null; then sed -i "s|^token\s*=.*|token = $TOKEN_VALUE|" "$CONFIG" else # Add token under [reader] section sed -i "/^\[reader\]/,/^\[/{ /^token_scope/a token = $TOKEN_VALUE }" "$CONFIG" fi echo "" echo "=== Setup Complete ===" echo "Reader account: $READER_USER" echo "Token (first 8): ${TOKEN_VALUE:0:8}..." echo "Token written to: $CONFIG" echo "" echo "Next steps:" echo " bash scripts/grant-access.sh " echo " bash scripts/test-access.sh "