From fc71030c18568ee6ffb7a799653d94e193c6f044 Mon Sep 17 00:00:00 2001
From: Amir Zarrinkafsh <nightah@me.com>
Date: Fri, 18 Jun 2021 10:01:09 +1000
Subject: [PATCH] feat(examples): improve local setup script (#2094)

The local setup script expects to be run as root and would only work on a fresh clone of the repo. Now if not run as root the user will be prompted for sudo elevation at the beginning of the script and the script will also survive re-runs on a dirty clone.
---
 docs/getting-started.md         |  4 ++--
 examples/compose/local/setup.sh | 42 +++++++++++++++++++++++----------
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/docs/getting-started.md b/docs/getting-started.md
index 690379c41..0f27c3a5d 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -10,12 +10,12 @@ nav_order: 2
 
 ### Steps
 
-These commands are intended to be run sequentially:
+These commands are to be run sequentially:
 
 - `git clone https://github.com/authelia/authelia.git`
 - `cd authelia/examples/compose/local`
 - ``git checkout $(git describe --tags `git rev-list --tags --max-count=1`)``
-- `sudo ./setup.sh` *sudo is required to modify the `/etc/hosts` file*
+- `./setup.sh` *sudo is required to modify the `/etc/hosts` file, the user will be prompted for access if not run as root*
 
 You can now visit the following locations; replace example.com with the domain you specified in the setup script:
 - https://public.example.com - Bypasses Authelia
diff --git a/examples/compose/local/setup.sh b/examples/compose/local/setup.sh
index 53d38398a..d686931ae 100755
--- a/examples/compose/local/setup.sh
+++ b/examples/compose/local/setup.sh
@@ -1,5 +1,13 @@
 #!/usr/bin/env bash
 
+writehosts(){
+  echo "\
+127.0.0.1  authelia.$DOMAIN
+127.0.0.1  public.$DOMAIN
+127.0.0.1  traefik.$DOMAIN
+127.0.0.1  secure.$DOMAIN" | sudo tee -a /etc/hosts > /dev/null
+}
+
 username(){
   read -ep "Enter your username for Authelia: " USERNAME
 }
@@ -27,6 +35,18 @@ fi
 echo "Pulling Authelia docker image for setup"
 docker pull authelia/authelia > /dev/null
 
+if [[ $(id -u)  != 0 ]]; then
+  echo "The script requires root access to perform some functions such as modifying your /etc/hosts file"
+  read -rp "Would you like to elevate access with sudo? [y/N] " confirmsudo
+  if ! [[ "$confirmsudo" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+    echo "Sudo elevation denied, exiting"
+    exit
+  fi
+fi
+
+echo "Resetting docker-compose.yml, configuration.yml and users_database.yml"
+sudo git checkout -- docker-compose.yml authelia/configuration.yml authelia/users_database.yml
+
 read -ep "What root domain would you like to protect? (default/no selection is example.com): " DOMAIN
 
 if [[ $DOMAIN == "" ]]; then
@@ -36,11 +56,7 @@ fi
 MODIFIED=$(cat /etc/hosts | grep $DOMAIN && echo true || echo false)
 
 if [[ $MODIFIED == "false" ]]; then
-echo "\
-127.0.0.1  authelia.$DOMAIN
-127.0.0.1  public.$DOMAIN
-127.0.0.1  traefik.$DOMAIN
-127.0.0.1  secure.$DOMAIN" >> /etc/hosts
+  writehosts
 fi
 
 echo "Generating SSL certificate for *.$DOMAIN"
@@ -48,9 +64,9 @@ docker run -a stdout -v $PWD/traefik/certs:/tmp/certs authelia/authelia authelia
 
 if [[ $DOMAIN != "example.com" ]]; then
   if [[ $(uname) == "Darwin" ]]; then
-    sed -i '' "s/example.com/$DOMAIN/g" {docker-compose.yml,authelia/configuration.yml}
+    sudo sed -i '' "s/example.com/$DOMAIN/g" {docker-compose.yml,authelia/configuration.yml}
   else
-    sed -i "s/example.com/$DOMAIN/g" {docker-compose.yml,authelia/configuration.yml}
+    sudo sed -i "s/example.com/$DOMAIN/g" {docker-compose.yml,authelia/configuration.yml}
   fi
 fi
 
@@ -58,9 +74,9 @@ username
 
 if [[ $USERNAME != "" ]]; then
   if [[ $(uname) == "Darwin" ]]; then
-    sed -i '' "s/<USERNAME>/$USERNAME/g" authelia/users_database.yml
+    sudo sed -i '' "s/<USERNAME>/$USERNAME/g" authelia/users_database.yml
   else
-    sed -i "s/<USERNAME>/$USERNAME/g" authelia/users_database.yml
+    sudo sed -i "s/<USERNAME>/$USERNAME/g" authelia/users_database.yml
   fi
 else
   echo "Username cannot be empty"
@@ -71,9 +87,9 @@ displayname
 
 if [[ $DISPLAYNAME != "" ]]; then
   if [[ $(uname) == "Darwin" ]]; then
-    sed -i '' "s/<DISPLAYNAME>/$DISPLAYNAME/g" authelia/users_database.yml
+    sudo sed -i '' "s/<DISPLAYNAME>/$DISPLAYNAME/g" authelia/users_database.yml
   else
-    sed -i "s/<DISPLAYNAME>/$DISPLAYNAME/g" authelia/users_database.yml
+    sudo sed -i "s/<DISPLAYNAME>/$DISPLAYNAME/g" authelia/users_database.yml
   fi
 else
   echo "Display name cannot be empty"
@@ -85,9 +101,9 @@ password
 if [[ $PASSWORD != "" ]]; then
   PASSWORD=$(docker run authelia/authelia authelia hash-password $PASSWORD | sed 's/Password hash: //g')
   if [[ $(uname) == "Darwin" ]]; then
-    sed -i '' "s/<PASSWORD>/$(echo $PASSWORD | sed -e 's/[\/&]/\\&/g')/g" authelia/users_database.yml
+    sudo sed -i '' "s/<PASSWORD>/$(echo $PASSWORD | sed -e 's/[\/&]/\\&/g')/g" authelia/users_database.yml
   else
-    sed -i "s/<PASSWORD>/$(echo $PASSWORD | sed -e 's/[\/&]/\\&/g')/g" authelia/users_database.yml
+    sudo sed -i "s/<PASSWORD>/$(echo $PASSWORD | sed -e 's/[\/&]/\\&/g')/g" authelia/users_database.yml
   fi
 else
   echo "Password cannot be empty"