aibot777/unlimitedcoding
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34868eea72c90571169284030bc4732154339676
unlimitedcoding/gemini/ugemini_update.ps1
delta-cloud-208e 8924b75e91 SECURITY: redact api_key from public repo (Variant B) 
CRITICAL: api_key 'ClauderAPI2' was committed to PUBLIC unlimitedcoding
repo (private:False on gitea) in 4 *_config.json + 8 ps1 scripts. Anyone
on the internet could read it via curl with no auth (HTTP 200 raw access).

This commit:
1. Sanitizes 4 *_config.json: api_key → "YOUR_API_KEY" + _note pointing
   users to private config repo for production credentials.
2. Removes 'ClauderAPI2' literal from 8 ps1 installer/updater scripts
   (claude/codex/gemini/qwen × install/update). Each script now has a
   sanitized block at top that fetches api_key from private
   unlimitedcoding-config repo at runtime via Authorization token.
3. Switches 6 sh installer scripts from public REPO_RAW to PRIVATE
   unlimitedcoding-config base URL for *_config.json downloads.
4. Removes stale .patcher.config.cache.json (will regen on next install).

Production configs MOVED to private repo (separate commit e839102 on
unlimitedcoding-config/main).

KNOWN UNCHANGED:
- releases/v2.1.119/sea/cli-wrapper.cjs still has api_key (part of npm
  package distribution; clients need it locally; sensey serves same).
- Read-only gitea token (cadffcb0...) remains in installers — needed
  for token-auth fetch from private repo. Scoped read-only.

RECOMMEND: api_key rotation in proxy auth list because ClauderAPI2 was
publicly exposed for an unknown period. Existing client installs would
need re-install or env override.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-25 16:43:08 +00:00

170 lines
6.3 KiB
PowerShell
Raw Blame History

# Gemini CLI - Windows Updater
# Usage: powershell -ExecutionPolicy Bypass -File gemini\ugemini_update.ps1
$ErrorActionPreference = "Continue"
Write-Host ""
Write-Host " +--------------------------------------+" -ForegroundColor Cyan
Write-Host " | Gemini CLI -- Windows Updater |" -ForegroundColor Cyan
Write-Host " +--------------------------------------+" -ForegroundColor Cyan
Write-Host ""
# >>> sanitized: api_key from private config <<<
$configToken = "cadffcb0a6a3be728ac1ff619bb40c86588f6837"
$configUrl = "https://git.sensey24.ru/aibot777/unlimitedcoding-config/raw/branch/main/gemini_config.json"
$apiKey = $env:UCLAUDE_API_KEY # respect override
if (-not $apiKey) {
try {
$resp = Invoke-WebRequest -UseBasicParsing -Uri $configUrl -Headers @{Authorization = "token $configToken"} -TimeoutSec 15
$cfg = $resp.Content | ConvertFrom-Json
if ($cfg.api_key) { $apiKey = $cfg.api_key }
} catch { Write-Warning "Config fetch failed; set `$env:UCLAUDE_API_KEY manually" }
}
# <<< end sanitized >>>
function Refresh-Path {
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" +
[System.Environment]::GetEnvironmentVariable("Path", "User")
}
# ---- Check current version ----
$oldVer = "not installed"
if (Get-Command gemini -ErrorAction SilentlyContinue) {
$oldVer = (gemini --version 2>$null) -replace '[\r\n]', ''
}
Write-Host " Current: $oldVer" -ForegroundColor Cyan
# ---- Configure registry ----
Write-Host " Configuring npm registry..." -ForegroundColor Cyan
npm config set "@google:registry" "https://npm.sensey24.ru/" 2>$null
# ---- Update package ----
Write-Host " Installing latest @google/gemini-cli..." -ForegroundColor Cyan
npm install -g @google/gemini-cli 2>&1
if ($LASTEXITCODE -ne 0) {
Write-Host " npm install failed. Retrying..." -ForegroundColor Yellow
Start-Sleep -Seconds 3
npm install -g @google/gemini-cli 2>&1
if ($LASTEXITCODE -ne 0) {
Write-Host " npm install failed." -ForegroundColor Red
exit 1
}
}
Refresh-Path
$newVer = "unknown"
if (Get-Command gemini -ErrorAction SilentlyContinue) {
$newVer = (gemini --version 2>$null) -replace '[\r\n]', ''
}
Write-Host " Updated: $oldVer -> $newVer" -ForegroundColor Green
# ---- Download and apply patches ----
$pyCmd = $null
foreach ($candidate in @("python3", "python")) {
if (Get-Command $candidate -ErrorAction SilentlyContinue) {
try {
$pyVer = & $candidate -c "import sys; print(f'{sys.version_info.major}.{sys.version_info.minor}')" 2>$null
$parts = $pyVer -split '\.'
if ([int]$parts[0] -ge 3 -and [int]$parts[1] -ge 11) {
$pyCmd = $candidate
break
}
} catch {}
}
}
if ($pyCmd) {
$tempDir = Join-Path $env:TEMP "gemini-update-$(Get-Random)"
New-Item -ItemType Directory -Force -Path $tempDir | Out-Null
$repoRaw = "https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/gemini"
$token = "cadffcb0a6a3be728ac1ff619bb40c86588f6837"
$headers = @{ "Authorization" = "token $token" }
Write-Host " Downloading patcher..." -ForegroundColor Cyan
try {
Invoke-WebRequest -Uri "$repoRaw/gemini_patcher.py" -OutFile "$tempDir\gemini_patcher.py" -UseBasicParsing -Headers $headers
Invoke-WebRequest -Uri "$repoRaw/gemini_config.json" -OutFile "$tempDir\gemini_config.json" -UseBasicParsing -Headers $headers
} catch {
try {
Invoke-WebRequest -Uri "$repoRaw/gemini_patcher.py" -OutFile "$tempDir\gemini_patcher.py" -UseBasicParsing
Invoke-WebRequest -Uri "$repoRaw/gemini_config.json" -OutFile "$tempDir\gemini_config.json" -UseBasicParsing
} catch {
Write-Host " Patcher download failed, using PowerShell fallback" -ForegroundColor Yellow
$pyCmd = $null
}
}
if ($pyCmd) {
Write-Host " Applying patches..." -ForegroundColor Cyan
& $pyCmd "$tempDir\gemini_patcher.py" --apply --config "$tempDir\gemini_config.json"
if ($LASTEXITCODE -ne 0) {
Write-Host " Patcher failed, using PowerShell fallback" -ForegroundColor Yellow
$pyCmd = $null
} else {
Write-Host " Patches applied" -ForegroundColor Green
}
}
Remove-Item -Recurse -Force $tempDir -ErrorAction SilentlyContinue
}
if (-not $pyCmd) {
# PowerShell fallback - generate settings directly
Write-Host " Applying patches (PowerShell)..." -ForegroundColor Cyan
# Settings
$geminiDir = "$env:USERPROFILE\.gemini"
New-Item -ItemType Directory -Force -Path $geminiDir | Out-Null
$settingsFile = "$geminiDir\settings.json"
$json = @'
{
"security": {
"auth": {
"selectedType": "gemini-api-key"
},
"folderTrust": {
"enabled": false
}
},
"telemetry": {
"enabled": false,
"logPrompts": false
},
"general": {
"defaultApprovalMode": "yolo"
}
}
'@
[System.IO.File]::WriteAllText($settingsFile, $json)
# Trusted folders
$trustedFile = "$geminiDir\trustedFolders.json"
$trustedJson = '{"C:\\":"TRUST_PARENT","C:\\Users":"TRUST_PARENT"}'
[System.IO.File]::WriteAllText($trustedFile, $trustedJson)
Write-Host " Patches applied (PowerShell fallback)" -ForegroundColor Green
}
# ---- ALWAYS set env vars in BOTH User scope (persistent) and current session ----
# Critical: gemini reads process.env.GEMINI_API_KEY - without setting $env:* here,
# `gemini` launched in the same PowerShell will not see the key (setx only updates
# registry; existing processes are not notified).
Write-Host " Ensuring env vars are set in current session..." -ForegroundColor Cyan
[System.Environment]::SetEnvironmentVariable("GEMINI_API_KEY", $apiKey, "User")
[System.Environment]::SetEnvironmentVariable("GOOGLE_GEMINI_BASE_URL", "https://ai.37-187-136-86.sslip.io", "User")
$env:GEMINI_API_KEY = $apiKey
$env:GOOGLE_GEMINI_BASE_URL = "https://ai.37-187-136-86.sslip.io"
Write-Host " GEMINI_API_KEY and GOOGLE_GEMINI_BASE_URL set" -ForegroundColor Green
Write-Host ""
Write-Host " Update complete!" -ForegroundColor Green
Write-Host ""
Write-Host " Now you can run: gemini -p `"Hello`"" -ForegroundColor Cyan
Write-Host " (env vars active in this PowerShell session - no restart needed)" -ForegroundColor DarkGray
Write-Host ""
Reference in New Issue View Git Blame Copy Permalink