#!/bin/bash set -e # SneakyScanner First-Run Setup Script # This script helps you get started quickly with SneakyScanner echo "================================================" echo " SneakyScanner - First Run Setup" echo "================================================" echo "" # Function to generate random key for Flask SECRET_KEY generate_secret_key() { openssl rand -hex 32 2>/dev/null || python3 -c "import secrets; print(secrets.token_hex(32))" } # Function to generate Fernet encryption key (32 url-safe base64-encoded bytes) generate_fernet_key() { python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())" 2>/dev/null || \ openssl rand -base64 32 | head -c 44 } # Check if .env exists if [ -f .env ]; then echo "✓ .env file already exists" read -p "Do you want to regenerate it? (y/N): " REGENERATE if [ "$REGENERATE" != "y" ] && [ "$REGENERATE" != "Y" ]; then echo "Skipping .env creation..." SKIP_ENV=true fi fi # Create or update .env if [ "$SKIP_ENV" != "true" ]; then echo "" echo "Creating .env file..." # Generate secure keys SECRET_KEY=$(generate_secret_key) ENCRYPTION_KEY=$(generate_fernet_key) # Ask for initial password echo "" echo "Set an initial password for the web interface:" read -s -p "Password (or press Enter to generate random password): " INITIAL_PASSWORD echo "" if [ -z "$INITIAL_PASSWORD" ]; then echo "Generating random password..." # Generate a 32-character alphanumeric password INITIAL_PASSWORD=$(cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 32) # Save password to file in project root (avoid permission issues with mounted volumes) echo "$INITIAL_PASSWORD" > admin_password.txt echo "✓ Random password generated and saved to: ./admin_password.txt" PASSWORD_SAVED=true fi # Create .env file cat > .env << EOF # Flask Configuration FLASK_ENV=production FLASK_DEBUG=false # Security Keys (randomly generated) SECRET_KEY=$SECRET_KEY SNEAKYSCANNER_ENCRYPTION_KEY=$ENCRYPTION_KEY # Initial Password INITIAL_PASSWORD=$INITIAL_PASSWORD # Database Configuration DATABASE_URL=sqlite:////app/data/sneakyscanner.db # Optional: Logging LOG_LEVEL=INFO # Optional: CORS (comma-separated origins, or * for all) CORS_ORIGINS=* EOF echo "✓ .env file created with secure keys" # Remove the init marker so the password gets set on next container start rm -f data/.db_initialized echo "✓ Password will be updated on next container start" fi # Create required directories echo "" echo "Creating required directories..." mkdir -p data logs output configs echo "✓ Directories created" # Check if Docker is running echo "" echo "Checking Docker..." if ! docker info > /dev/null 2>&1; then echo "✗ Docker is not running or not installed" echo "Please install Docker and start the Docker daemon" exit 1 fi echo "✓ Docker is running" # Build and start echo "" echo "Building and starting SneakyScanner..." echo "This may take a few minutes on first run..." echo "" docker compose build echo "" echo "Starting SneakyScanner..." docker compose up -d # Wait for service to be healthy echo "" echo "Waiting for application to start..." sleep 5 # Check if container is running if docker ps | grep -q sneakyscanner-web; then echo "" echo "================================================" echo " ✓ SneakyScanner is Running!" echo "================================================" echo "" echo "Web Interface: http://localhost:5000" echo "" echo "Login with:" if [ -z "$SKIP_ENV" ]; then if [ "$PASSWORD_SAVED" = "true" ]; then echo " Password saved in: ./admin_password.txt" echo " Password: $INITIAL_PASSWORD" else echo " Password: $INITIAL_PASSWORD" fi else echo " Password: (check your .env file or ./admin_password.txt)" fi echo "" echo "Useful commands:" echo " docker compose logs -f # View logs" echo " docker compose stop # Stop the service" echo " docker compose restart # Restart the service" echo "" echo "⚠ IMPORTANT: Change your password after first login!" echo "================================================" else echo "" echo "✗ Container failed to start. Check logs with:" echo " docker compose logs" exit 1 fi