Pilot demo 28.05.2026: closed gendsgn.ru/* (включая trade-in/) basic_auth gate. /health и /preview/* остаются public через route { } wrapper (Caddy 2.x directive ordering fix).
11 users (admin + user1..user10), bcrypt cost=14, snippet в git (audit trail). Scripts: scripts/auth/{add,remove,list}_user.sh.
Fixup PR #426 (route{} wrap + log rotation + base64 busybox-compat + runbook audit log fix).
42 lines
1.2 KiB
Bash
42 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
||
# remove_user.sh — удалить пользователя из caddy/users.caddy.snippet
|
||
# Usage: ./scripts/auth/remove_user.sh <username>
|
||
#
|
||
# НЕ коммитит изменения — это задача разработчика.
|
||
set -euo pipefail
|
||
|
||
SNIPPET="$(dirname "$(dirname "$(realpath "$0")")")/caddy/users.caddy.snippet"
|
||
|
||
usage() {
|
||
echo "Usage: $0 <username>" >&2
|
||
exit 1
|
||
}
|
||
|
||
[[ $# -lt 1 ]] && usage
|
||
|
||
USERNAME="$1"
|
||
|
||
# Validate username format
|
||
if ! [[ "$USERNAME" =~ ^[a-z][a-z0-9-]{2,30}$ ]]; then
|
||
echo "ERROR: invalid username '$USERNAME'. Must match ^[a-z][a-z0-9-]{2,30}$" >&2
|
||
exit 1
|
||
fi
|
||
|
||
# Check user exists
|
||
if ! grep -qP "^\s+${USERNAME}\s" "$SNIPPET" 2>/dev/null; then
|
||
echo "ERROR: user '$USERNAME' not found in $SNIPPET" >&2
|
||
exit 1
|
||
fi
|
||
|
||
# Remove the line with this username (safe in-place via temp file)
|
||
TMP="$(mktemp)"
|
||
trap 'rm -f "$TMP"' EXIT
|
||
|
||
grep -vP "^\s+${USERNAME}\s" "$SNIPPET" > "$TMP"
|
||
mv "$TMP" "$SNIPPET"
|
||
|
||
echo "Removed user '$USERNAME' from $SNIPPET"
|
||
echo ""
|
||
echo "Next steps:"
|
||
echo " 1. Commit caddy/users.caddy.snippet → PR → merge → GHA deploy"
|
||
echo " 2. After deploy, Caddy auto-reloads — user access revoked"
|