Initial commit: ROA2WEB - FastAPI + Vue.js + Telegram Bot
Modern ERP Reports Application with microservices architecture Tech Stack: - Backend: FastAPI + python-oracledb (Oracle DB integration) - Frontend: Vue.js 3 + PrimeVue + Vite - Telegram Bot: python-telegram-bot + SQLite - Infrastructure: Shared database pool, JWT authentication, SSH tunnel Features: - FastAPI backend with async Oracle connection pool - Vue.js 3 responsive frontend with PrimeVue components - Telegram bot alternative interface - Microservices architecture with shared components - Complete deployment support (Linux Docker + Windows IIS) - Comprehensive testing (Playwright E2E + pytest) Repository Structure: - reports-app/ - Main application (backend, frontend, telegram-bot) - shared/ - Shared components (database pool, auth, utils) - deployment/ - Deployment scripts (Linux & Windows) - docs/ - Project documentation - security/ - Security scanning and git hooks
This commit is contained in:
204
security/setup_security.sh
Normal file
204
security/setup_security.sh
Normal file
@@ -0,0 +1,204 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# 🔒 ROA2WEB Security Setup Script
|
||||
# Complete security implementation for the ROA2WEB project
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
# Colors
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
BLUE='\033[0;34m'
|
||||
NC='\033[0m'
|
||||
|
||||
echo -e "${GREEN}"
|
||||
echo "=============================================="
|
||||
echo "🔒 ROA2WEB SECURITY IMPLEMENTATION SETUP"
|
||||
echo "=============================================="
|
||||
echo -e "${NC}"
|
||||
|
||||
# Function to print step headers
|
||||
print_step() {
|
||||
echo -e "${BLUE}📋 Step $1: $2${NC}"
|
||||
echo "----------------------------------------"
|
||||
}
|
||||
|
||||
# Function to check if command exists
|
||||
command_exists() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# Check prerequisites
|
||||
print_step "1" "Checking Prerequisites"
|
||||
|
||||
if ! command_exists python3; then
|
||||
echo -e "${RED}❌ Python 3 is required but not installed${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! command_exists git; then
|
||||
echo -e "${RED}❌ Git is required but not installed${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -d ".git" ]]; then
|
||||
echo -e "${RED}❌ Not in a git repository${NC}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "${GREEN}✅ Prerequisites check passed${NC}"
|
||||
echo
|
||||
|
||||
# Install git hooks
|
||||
print_step "2" "Installing Git Security Hooks"
|
||||
|
||||
if [[ -f "security/install_hooks.sh" ]]; then
|
||||
chmod +x security/install_hooks.sh
|
||||
./security/install_hooks.sh
|
||||
else
|
||||
echo -e "${RED}❌ Hook installer not found${NC}"
|
||||
exit 1
|
||||
fi
|
||||
echo
|
||||
|
||||
# Make scripts executable
|
||||
print_step "3" "Setting Script Permissions"
|
||||
|
||||
chmod +x security/secrets_scanner.py
|
||||
chmod +x security/git_cleanup.py
|
||||
|
||||
echo -e "${GREEN}✅ Script permissions set${NC}"
|
||||
echo
|
||||
|
||||
# Run initial security scan
|
||||
print_step "4" "Running Initial Security Scan"
|
||||
|
||||
echo -e "${YELLOW}🔍 Scanning repository for secrets...${NC}"
|
||||
python3 security/secrets_scanner.py --save-report initial_security_scan.json
|
||||
|
||||
echo
|
||||
|
||||
# Check git history for secrets
|
||||
print_step "5" "Checking Git History"
|
||||
|
||||
echo -e "${YELLOW}🕐 Scanning git history (this may take a moment)...${NC}"
|
||||
python3 security/secrets_scanner.py --scan-git-history --save-report git_history_scan.json
|
||||
|
||||
echo
|
||||
|
||||
# Verify .gitignore protection
|
||||
print_step "6" "Verifying .gitignore Protection"
|
||||
|
||||
echo "🔍 Checking .gitignore coverage..."
|
||||
|
||||
# Check if critical patterns are in .gitignore
|
||||
critical_patterns=(
|
||||
"*.env"
|
||||
"*.key"
|
||||
"*.pem"
|
||||
"*secret*"
|
||||
"*credential*"
|
||||
"*password*"
|
||||
)
|
||||
|
||||
gitignore_issues=0
|
||||
for pattern in "${critical_patterns[@]}"; do
|
||||
if ! grep -q "$pattern" .gitignore; then
|
||||
echo -e "${YELLOW}⚠️ Pattern '$pattern' not found in .gitignore${NC}"
|
||||
gitignore_issues=$((gitignore_issues + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $gitignore_issues -eq 0 ]]; then
|
||||
echo -e "${GREEN}✅ .gitignore security patterns verified${NC}"
|
||||
else
|
||||
echo -e "${YELLOW}⚠️ $gitignore_issues security patterns missing from .gitignore${NC}"
|
||||
fi
|
||||
|
||||
echo
|
||||
|
||||
# Create security monitoring cron job (optional)
|
||||
print_step "7" "Setting Up Security Monitoring (Optional)"
|
||||
|
||||
echo "📅 Would you like to set up automated daily security scans?"
|
||||
echo "This will add a cron job to run security scans daily at 9 AM"
|
||||
read -p "Setup automated scans? (y/N): " setup_cron
|
||||
|
||||
if [[ "$setup_cron" =~ ^[Yy]$ ]]; then
|
||||
# Get current directory
|
||||
current_dir=$(pwd)
|
||||
|
||||
# Create cron job entry
|
||||
cron_entry="0 9 * * * cd $current_dir && python3 security/secrets_scanner.py --save-report daily_scan_\$(date +\\%Y\\%m\\%d).json >/dev/null 2>&1"
|
||||
|
||||
# Add to crontab
|
||||
(crontab -l 2>/dev/null; echo "$cron_entry") | crontab -
|
||||
|
||||
echo -e "${GREEN}✅ Daily security scan cron job added${NC}"
|
||||
else
|
||||
echo "📝 Skipped automated scan setup"
|
||||
fi
|
||||
|
||||
echo
|
||||
|
||||
# Security setup summary
|
||||
print_step "8" "Security Setup Summary"
|
||||
|
||||
echo -e "${GREEN}🎉 ROA2WEB Security Implementation Complete!${NC}"
|
||||
echo
|
||||
echo "📋 What was installed:"
|
||||
echo " ✅ Git hooks (pre-commit, commit-msg)"
|
||||
echo " ✅ Secrets scanner tool"
|
||||
echo " ✅ Git history cleanup tool"
|
||||
echo " ✅ Enhanced .gitignore patterns"
|
||||
echo " ✅ Security documentation"
|
||||
echo
|
||||
echo "📊 Security scan results:"
|
||||
echo " 📄 Initial scan: initial_security_scan.json"
|
||||
echo " 📄 History scan: git_history_scan.json"
|
||||
echo
|
||||
echo "🔧 Available tools:"
|
||||
echo " 🔍 Security scan: python3 security/secrets_scanner.py"
|
||||
echo " 🧹 Git cleanup: python3 security/git_cleanup.py"
|
||||
echo " 📋 Documentation: security/README.md"
|
||||
echo
|
||||
|
||||
# Critical warnings
|
||||
if [[ -f "initial_security_scan.json" ]]; then
|
||||
critical_violations=$(python3 -c "
|
||||
import json
|
||||
try:
|
||||
with open('initial_security_scan.json', 'r') as f:
|
||||
data = json.load(f)
|
||||
print(data.get('summary', {}).get('critical_violations', 0))
|
||||
except:
|
||||
print(0)
|
||||
" 2>/dev/null || echo "0")
|
||||
|
||||
if [[ "$critical_violations" -gt 0 ]]; then
|
||||
echo -e "${RED}"
|
||||
echo "🚨 CRITICAL SECURITY ALERT!"
|
||||
echo "=============================="
|
||||
echo -e "${NC}"
|
||||
echo -e "${RED}Found $critical_violations critical security violations!${NC}"
|
||||
echo
|
||||
echo "🔧 IMMEDIATE ACTIONS REQUIRED:"
|
||||
echo "1. 🔑 Regenerate all exposed credentials"
|
||||
echo "2. 🧹 Clean git history: python3 security/git_cleanup.py --cleanup"
|
||||
echo "3. 🚀 Force push cleaned history to all remotes"
|
||||
echo "4. 📢 Notify team to re-clone repository"
|
||||
echo
|
||||
echo "📖 See security/README.md for detailed procedures"
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
echo -e "${BLUE}📚 Next Steps:${NC}"
|
||||
echo "1. Review security scan reports"
|
||||
echo "2. Read security/README.md for detailed guidance"
|
||||
echo "3. Follow security/SECURITY_PROCEDURES.md for ongoing security"
|
||||
echo "4. Train team members on new security procedures"
|
||||
echo
|
||||
echo -e "${GREEN}🔒 ROA2WEB is now security-enhanced!${NC}"
|
||||
Reference in New Issue
Block a user