67 lines
2.6 KiB
Bash
67 lines
2.6 KiB
Bash
#!/bin/sh
|
|
set -eu
|
|
|
|
cd /usr/local/indiekit
|
|
|
|
# Optional: load environment from local .env file
|
|
# (dotenv syntax, supports spaces in values).
|
|
if [ -f .env ]; then
|
|
eval "$(${NODE_BIN:-/usr/local/bin/node} -e '
|
|
const fs = require("node:fs");
|
|
const dotenv = require("dotenv");
|
|
const parsed = dotenv.parse(fs.readFileSync(".env"));
|
|
for (const [key, value] of Object.entries(parsed)) {
|
|
const safe = String(value).split("\x27").join("\x27\"\x27\"\x27");
|
|
process.stdout.write(`export ${key}=\x27${safe}\x27\n`);
|
|
}
|
|
')"
|
|
fi
|
|
|
|
: "${SECRET:?SECRET is required}"
|
|
if [ "${INDIEKIT_ALLOW_PASSWORD_SETUP:-0}" != "1" ]; then
|
|
: "${PASSWORD_SECRET:?PASSWORD_SECRET is required}"
|
|
fi
|
|
|
|
# Allow either full Mongo URL or decomposed credentials.
|
|
if [ -z "${MONGO_URL:-}" ]; then
|
|
: "${MONGO_USERNAME:?MONGO_USERNAME is required when MONGO_URL is not set}"
|
|
: "${MONGO_PASSWORD:?MONGO_PASSWORD is required when MONGO_URL is not set}"
|
|
export MONGO_AUTH_SOURCE="${MONGO_AUTH_SOURCE:-admin}"
|
|
fi
|
|
|
|
if [ -z "${GH_CONTENT_TOKEN:-}" ] && [ -z "${GITHUB_TOKEN:-}" ]; then
|
|
echo "GH_CONTENT_TOKEN or GITHUB_TOKEN is required" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Force production runtime and keep debug logging disabled.
|
|
export NODE_ENV="production"
|
|
export INDIEKIT_DEBUG="0"
|
|
unset DEBUG
|
|
|
|
# Verify production auth/session hardening before launching server.
|
|
/usr/local/bin/node scripts/preflight-production-security.mjs
|
|
|
|
# Verify MongoDB credentials/connectivity before launching server.
|
|
/usr/local/bin/node scripts/preflight-mongo-connection.mjs
|
|
|
|
# Normalize ActivityPub profile URL fields (icon/image/aliases) in MongoDB.
|
|
/usr/local/bin/node scripts/preflight-activitypub-profile-urls.mjs
|
|
|
|
# Ensure runtime dependency patches are applied even if node_modules already exists.
|
|
/usr/local/bin/node scripts/patch-lightningcss.mjs
|
|
/usr/local/bin/node scripts/patch-endpoint-media-scope.mjs
|
|
/usr/local/bin/node scripts/patch-endpoint-media-sharp-runtime.mjs
|
|
/usr/local/bin/node scripts/patch-frontend-sharp-runtime.mjs
|
|
/usr/local/bin/node scripts/patch-endpoint-files-upload-route.mjs
|
|
/usr/local/bin/node scripts/patch-endpoint-files-upload-locales.mjs
|
|
/usr/local/bin/node scripts/patch-endpoint-activitypub-locales.mjs
|
|
/usr/local/bin/node scripts/patch-frontend-serviceworker-file.mjs
|
|
/usr/local/bin/node scripts/patch-conversations-collection-guards.mjs
|
|
/usr/local/bin/node scripts/patch-indiekit-routes-rate-limits.mjs
|
|
/usr/local/bin/node scripts/patch-indiekit-error-production-stack.mjs
|
|
/usr/local/bin/node scripts/patch-indieauth-devmode-guard.mjs
|
|
/usr/local/bin/node scripts/patch-listening-endpoint-runtime-guards.mjs
|
|
|
|
exec /usr/local/bin/node node_modules/@indiekit/indiekit/bin/cli.js serve --config indiekit.config.mjs
|