143 lines
4.6 KiB
PowerShell
143 lines
4.6 KiB
PowerShell
|
<#
|
|||
|
|
AZA – Diagnose: Are auth env vars actually present in the running container?
|
|||
|
|
|
|||
|
|
This script:
|
|||
|
|
- Reads deploy\.env (MEDWORK_API_TOKENS / MEDWORK_API_TOKEN)
|
|||
|
|
- Finds running docker compose containers from deploy\docker-compose.yml
|
|||
|
|
- For each container: checks whether MEDWORK_API_TOKENS / MEDWORK_API_TOKEN are set INSIDE,
|
|||
|
|
and prints only lengths (no token values).
|
|||
|
|
|
|||
|
|
Run from deploy\:
|
|||
|
|
powershell -ExecutionPolicy Bypass -File .\diagnose_auth_env.ps1
|
|||
|
|
#>
|
|||
|
|
|
|||
|
|
[CmdletBinding()]
|
|||
|
|
param(
|
|||
|
|
[string]$ComposeFile = ".\docker-compose.yml",
|
|||
|
|
[string]$EnvFile = ".\.env"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
function Load-DotEnv([string]$Path) {
|
|||
|
|
if (-not (Test-Path -LiteralPath $Path)) {
|
|||
|
|
throw "Missing .env file at: $Path"
|
|||
|
|
}
|
|||
|
|
$map = @{}
|
|||
|
|
Get-Content -LiteralPath $Path | ForEach-Object {
|
|||
|
|
$line = $_.Trim()
|
|||
|
|
if ($line.Length -eq 0) { return }
|
|||
|
|
if ($line.StartsWith("#")) { return }
|
|||
|
|
$idx = $line.IndexOf("=")
|
|||
|
|
if ($idx -lt 1) { return }
|
|||
|
|
$k = $line.Substring(0, $idx).Trim()
|
|||
|
|
$v = $line.Substring($idx + 1).Trim()
|
|||
|
|
if (($v.StartsWith('"') -and $v.EndsWith('"')) -or ($v.StartsWith("'") -and $v.EndsWith("'"))) {
|
|||
|
|
$v = $v.Substring(1, $v.Length - 2)
|
|||
|
|
}
|
|||
|
|
$map[$k] = $v
|
|||
|
|
}
|
|||
|
|
return $map
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
function All-TokensFromValue([string]$value) {
|
|||
|
|
if (-not $value) { return @() }
|
|||
|
|
$value = $value.Trim()
|
|||
|
|
return ($value -split "[,\r\n]+" | ForEach-Object { $_.Trim() } | Where-Object { $_ -ne "" })
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
function HostTokenSummary([hashtable]$envMap) {
|
|||
|
|
$src = ""
|
|||
|
|
$tokens = @()
|
|||
|
|
if ($envMap.ContainsKey("MEDWORK_API_TOKENS")) {
|
|||
|
|
$src = "MEDWORK_API_TOKENS"
|
|||
|
|
$tokens = All-TokensFromValue $envMap["MEDWORK_API_TOKENS"]
|
|||
|
|
} elseif ($envMap.ContainsKey("MEDWORK_API_TOKEN")) {
|
|||
|
|
$src = "MEDWORK_API_TOKEN"
|
|||
|
|
$tokens = All-TokensFromValue $envMap["MEDWORK_API_TOKEN"]
|
|||
|
|
}
|
|||
|
|
$firstLen = if ($tokens.Count -gt 0) { $tokens[0].Length } else { 0 }
|
|||
|
|
return @{ src=$src; count=$tokens.Count; firstLen=$firstLen }
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (-not (Test-Path -LiteralPath $ComposeFile)) {
|
|||
|
|
Write-Host "❌ Missing compose file: $ComposeFile"
|
|||
|
|
exit 1
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
try {
|
|||
|
|
$envMap = Load-DotEnv $EnvFile
|
|||
|
|
} catch {
|
|||
|
|
Write-Host "❌ $($_.Exception.Message)"
|
|||
|
|
exit 1
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
$hostSummary = HostTokenSummary $envMap
|
|||
|
|
Write-Host "[AZA] Diagnose auth env"
|
|||
|
|
Write-Host " Host .env: $EnvFile"
|
|||
|
|
Write-Host " TokenSrc: $($hostSummary.src)"
|
|||
|
|
Write-Host " Tokens: $($hostSummary.count)"
|
|||
|
|
Write-Host " TokenLen: $($hostSummary.firstLen) (first token length only)"
|
|||
|
|
Write-Host ""
|
|||
|
|
|
|||
|
|
Write-Host "Checking docker compose containers..."
|
|||
|
|
try {
|
|||
|
|
$cids = & docker compose -f $ComposeFile ps -q 2>$null
|
|||
|
|
} catch {
|
|||
|
|
Write-Host "❌ docker compose failed. Is Docker running?"
|
|||
|
|
exit 1
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
if (-not $cids -or $cids.Count -lt 1) {
|
|||
|
|
Write-Host "⚠ No running compose containers found for $ComposeFile"
|
|||
|
|
Write-Host " Trying to find ANY docker container exposing port 8000..."
|
|||
|
|
$portCids = @()
|
|||
|
|
try {
|
|||
|
|
$portCids = & docker ps --filter "publish=8000" --format "{{.ID}}" 2>$null
|
|||
|
|
} catch { }
|
|||
|
|
|
|||
|
|
if ($portCids -and $portCids.Count -gt 0) {
|
|||
|
|
Write-Host " Found container(s) publishing port 8000:"
|
|||
|
|
$cids = $portCids
|
|||
|
|
} else {
|
|||
|
|
Write-Host "❌ No docker container publishing port 8000 found."
|
|||
|
|
Write-Host " This strongly suggests your backend at http://127.0.0.1:8000 is running OUTSIDE docker (e.g. uvicorn)."
|
|||
|
|
Write-Host ""
|
|||
|
|
Write-Host "Next step will be a targeted authorized test against the running backend mode:"
|
|||
|
|
Write-Host " - If docker: ensure env vars are wired into the container"
|
|||
|
|
Write-Host " - If local: ensure the process is started with MEDWORK_API_TOKENS / MEDWORK_API_TOKEN"
|
|||
|
|
exit 1
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
foreach ($cid in $cids) {
|
|||
|
|
$cid = $cid.Trim()
|
|||
|
|
if (-not $cid) { continue }
|
|||
|
|
$name = (& docker ps --format "{{.Names}}" --filter "id=$cid" 2>$null | Select-Object -First 1).Trim()
|
|||
|
|
if (-not $name) { $name = $cid }
|
|||
|
|
|
|||
|
|
# Inside-container checks: ONLY lengths + set/unset flags, never print values.
|
|||
|
|
$cmd = @"
|
|||
|
|
sh -lc '
|
|||
|
|
set -e
|
|||
|
|
if [ -n "${MEDWORK_API_TOKENS:-}" ]; then echo "TOKENS_SET=1"; else echo "TOKENS_SET=0"; fi
|
|||
|
|
if [ -n "${MEDWORK_API_TOKEN:-}" ]; then echo "TOKEN_SET=1"; else echo "TOKEN_SET=0"; fi
|
|||
|
|
echo "LEN_TOKENS=${#MEDWORK_API_TOKENS}"
|
|||
|
|
echo "LEN_TOKEN=${#MEDWORK_API_TOKEN}"
|
|||
|
|
'
|
|||
|
|
"@
|
|||
|
|
|
|||
|
|
Write-Host "Container: $name"
|
|||
|
|
try {
|
|||
|
|
$out = & docker exec $cid $cmd 2>$null
|
|||
|
|
$out | ForEach-Object { Write-Host " $_" }
|
|||
|
|
} catch {
|
|||
|
|
Write-Host " ❌ docker exec failed (container might not have sh)."
|
|||
|
|
}
|
|||
|
|
Write-Host ""
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
Write-Host "Interpretation:"
|
|||
|
|
Write-Host " - If TOKENS_SET=0 and TOKEN_SET=0 => container did not receive auth env vars => will 401."
|
|||
|
|
Write-Host " - If LEN_* are non-zero but don't match your expectation => you're likely testing the wrong container/env."
|
|||
|
|
exit 0
|
|||
|
|
|