aibot777/unlimitedcoding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06057f864b068b35645122e6173ffabc3a67d2e0
unlimitedcoding/claude/uclaude_install.sh
delta-cloud-208e 8924b75e91 SECURITY: redact api_key from public repo (Variant B) 
CRITICAL: api_key 'ClauderAPI2' was committed to PUBLIC unlimitedcoding
repo (private:False on gitea) in 4 *_config.json + 8 ps1 scripts. Anyone
on the internet could read it via curl with no auth (HTTP 200 raw access).

This commit:
1. Sanitizes 4 *_config.json: api_key → "YOUR_API_KEY" + _note pointing
   users to private config repo for production credentials.
2. Removes 'ClauderAPI2' literal from 8 ps1 installer/updater scripts
   (claude/codex/gemini/qwen × install/update). Each script now has a
   sanitized block at top that fetches api_key from private
   unlimitedcoding-config repo at runtime via Authorization token.
3. Switches 6 sh installer scripts from public REPO_RAW to PRIVATE
   unlimitedcoding-config base URL for *_config.json downloads.
4. Removes stale .patcher.config.cache.json (will regen on next install).

Production configs MOVED to private repo (separate commit e839102 on
unlimitedcoding-config/main).

KNOWN UNCHANGED:
- releases/v2.1.119/sea/cli-wrapper.cjs still has api_key (part of npm
  package distribution; clients need it locally; sensey serves same).
- Read-only gitea token (cadffcb0...) remains in installers — needed
  for token-auth fetch from private repo. Scoped read-only.

RECOMMEND: api_key rotation in proxy auth list because ClauderAPI2 was
publicly exposed for an unknown period. Existing client installs would
need re-install or env override.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 16:43:08 +00:00

135 lines
4.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# UClaude — one-line installer with full auto-install chain
# Usage: curl -fsSL -H "Authorization: token TOKEN" https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/claude/uclaude_install.sh -o /tmp/uclaude.sh && sudo bash /tmp/uclaude.sh
set -uo pipefail
# Error handler
error_handler() {
local line_no=$1
echo "ERROR: Command failed at line $line_no" >&2
echo "Last command: $BASH_COMMAND" >&2
echo "Exiting..." >&2
exit 1
}
trap 'error_handler $LINENO' ERR
# Read-only access token for private repo (scoped: read:repository only)
GITEA_TOKEN="${GITEA_TOKEN:-cadffcb0a6a3be728ac1ff619bb40c86588f6837}"
REPO_URL="https://x-token:${GITEA_TOKEN}@git.sensey24.ru/aibot777/unlimitedcoding.git"
INSTALL_DIR="${UCLAUDE_DIR:-$HOME/unlimitedcoding}"
echo "=== UClaude Installer ==="
echo " Install dir: $INSTALL_DIR"
# ---- Auto-install prerequisites ----
install_pkg() {
# Try apt, then yum/dnf, then brew
if command -v apt-get >/dev/null 2>&1; then
apt-get update -qq && apt-get install -y -qq "$@"
elif command -v dnf >/dev/null 2>&1; then
dnf install -y -q "$@"
elif command -v yum >/dev/null 2>&1; then
yum install -y -q "$@"
elif command -v brew >/dev/null 2>&1; then
brew install "$@"
else
echo "ERROR: No package manager found. Install $* manually."
return 1
fi
}
need_sudo() {
if [ "$(id -u)" -ne 0 ]; then
echo " Root privileges required to install packages."
echo " Re-run with sudo: curl -fsSL -H 'Authorization: token ${GITEA_TOKEN}' https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/claude/uclaude_install.sh -o /tmp/uclaude.sh && sudo bash /tmp/uclaude.sh"
exit 1
fi
}
# Git
if ! command -v git >/dev/null 2>&1; then
echo " git not found, installing..."
need_sudo
install_pkg git
fi
# Python 3
if ! command -v python3 >/dev/null 2>&1; then
echo " python3 not found, installing..."
need_sudo
install_pkg python3
fi
# curl (needed for nodesource)
if ! command -v curl >/dev/null 2>&1; then
echo " curl not found, installing..."
need_sudo
install_pkg curl
fi
# Node.js — updater handles version check and auto-install
if ! command -v node >/dev/null 2>&1; then
echo " Node.js not found. Updater will auto-install."
fi
# ---- Clone / Update repo ----
if [ -d "$INSTALL_DIR/.git" ]; then
echo " Already cloned, updating..."
cd "$INSTALL_DIR"
git fetch --depth 1 origin master 2>/dev/null
git reset --hard origin/master 2>/dev/null
else
echo " Cloning (shallow, sparse — only latest version)..."
# Shallow clone without checkout
git clone --depth 1 --no-checkout "$REPO_URL" "$INSTALL_DIR"
cd "$INSTALL_DIR"
# Enable sparse checkout: root + claude/ + codex/ (so optional codex
# install works) + index.json (first pass)
git sparse-checkout init --no-cone
git sparse-checkout set '/*' 'claude/*' '!claude/releases/v*' 'claude/releases/index.json' 'codex/*'
git checkout 2>/dev/null
# Read latest version from index.json and add only that release dir
if [ -f claude/releases/index.json ]; then
VER=$(python3 -c "import json; print(json.load(open('claude/releases/index.json'))['latest'])")
echo " Latest version: v${VER}"
git sparse-checkout add "claude/releases/v${VER}"
git checkout 2>/dev/null
fi
fi
echo ""
echo " Updating repo to latest version before running updater..."
# Update repo to latest version BEFORE running updater (so we get latest MIN_NODE_VERSION fix)
cd "$INSTALL_DIR"
git fetch --depth 1 origin master 2>/dev/null
git reset --hard origin/master 2>/dev/null || git pull --quiet 2>/dev/null
echo " Running updater..."
# Configure npm registry for @anthropic-ai scope before running updater
if command -v npm >/dev/null 2>&1; then
echo " Configuring npm registry: https://npm.sensey24.ru/"
npm config set "@anthropic-ai:registry" "https://npm.sensey24.ru/" 2>/dev/null || true
fi
# Run updater (needs root for cli.js replacement + node install)
if [ "$(id -u)" -eq 0 ]; then
python3 claude/uclaude_updater.py --force
else
echo " Root privileges required to install cli.js."
sudo python3 claude/uclaude_updater.py --force
fi
echo ""
echo "=== Installation complete ==="
echo " To update later: cd $INSTALL_DIR && sudo bash claude/uclaude_update.sh"
echo ""
echo " To install Codex CLI separately, see README codex section:"
echo " https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/codex/ucodex_install.sh"
Reference in New Issue View Git Blame Copy Permalink