suro/aza
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4822fc8dc62076ba6391e39cf239cb696abdfc1
aza/AzA march 2026/deploy/diagnose_auth_env.ps1
suro faf4ca10c9 update
2026-03-25 22:03:39 +01:00

143 lines
4.6 KiB
PowerShell
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<#
AZA Diagnose: Are auth env vars actually present in the running container?
This script:
- Reads deploy\.env (MEDWORK_API_TOKENS / MEDWORK_API_TOKEN)
- Finds running docker compose containers from deploy\docker-compose.yml
- For each container: checks whether MEDWORK_API_TOKENS / MEDWORK_API_TOKEN are set INSIDE,
and prints only lengths (no token values).
Run from deploy\:
powershell -ExecutionPolicy Bypass -File .\diagnose_auth_env.ps1
#>
[CmdletBinding()]
param(
[string]$ComposeFile = ".\docker-compose.yml",
[string]$EnvFile = ".\.env"
)
function Load-DotEnv([string]$Path) {
if (-not (Test-Path -LiteralPath $Path)) {
throw "Missing .env file at: $Path"
}
$map = @{}
Get-Content -LiteralPath $Path | ForEach-Object {
$line = $_.Trim()
if ($line.Length -eq 0) { return }
if ($line.StartsWith("#")) { return }
$idx = $line.IndexOf("=")
if ($idx -lt 1) { return }
$k = $line.Substring(0, $idx).Trim()
$v = $line.Substring($idx + 1).Trim()
if (($v.StartsWith('"') -and $v.EndsWith('"')) -or ($v.StartsWith("'") -and $v.EndsWith("'"))) {
$v = $v.Substring(1, $v.Length - 2)
}
$map[$k] = $v
}
return $map
}
function All-TokensFromValue([string]$value) {
if (-not $value) { return @() }
$value = $value.Trim()
return ($value -split "[,\r\n]+" | ForEach-Object { $_.Trim() } | Where-Object { $_ -ne "" })
}
function HostTokenSummary([hashtable]$envMap) {
$src = ""
$tokens = @()
if ($envMap.ContainsKey("MEDWORK_API_TOKENS")) {
$src = "MEDWORK_API_TOKENS"
$tokens = All-TokensFromValue $envMap["MEDWORK_API_TOKENS"]
} elseif ($envMap.ContainsKey("MEDWORK_API_TOKEN")) {
$src = "MEDWORK_API_TOKEN"
$tokens = All-TokensFromValue $envMap["MEDWORK_API_TOKEN"]
}
$firstLen = if ($tokens.Count -gt 0) { $tokens[0].Length } else { 0 }
return @{ src=$src; count=$tokens.Count; firstLen=$firstLen }
}
if (-not (Test-Path -LiteralPath $ComposeFile)) {
Write-Host "❌ Missing compose file: $ComposeFile"
exit 1
}
try {
$envMap = Load-DotEnv $EnvFile
} catch {
Write-Host "$($_.Exception.Message)"
exit 1
}
$hostSummary = HostTokenSummary $envMap
Write-Host "[AZA] Diagnose auth env"
Write-Host " Host .env: $EnvFile"
Write-Host " TokenSrc: $($hostSummary.src)"
Write-Host " Tokens: $($hostSummary.count)"
Write-Host " TokenLen: $($hostSummary.firstLen) (first token length only)"
Write-Host ""
Write-Host "Checking docker compose containers..."
try {
$cids = & docker compose -f $ComposeFile ps -q 2>$null
} catch {
Write-Host "❌ docker compose failed. Is Docker running?"
exit 1
}
if (-not $cids -or $cids.Count -lt 1) {
Write-Host "⚠ No running compose containers found for $ComposeFile"
Write-Host " Trying to find ANY docker container exposing port 8000..."
$portCids = @()
try {
$portCids = & docker ps --filter "publish=8000" --format "{{.ID}}" 2>$null
} catch { }
if ($portCids -and $portCids.Count -gt 0) {
Write-Host " Found container(s) publishing port 8000:"
$cids = $portCids
} else {
Write-Host "❌ No docker container publishing port 8000 found."
Write-Host " This strongly suggests your backend at http://127.0.0.1:8000 is running OUTSIDE docker (e.g. uvicorn)."
Write-Host ""
Write-Host "Next step will be a targeted authorized test against the running backend mode:"
Write-Host " - If docker: ensure env vars are wired into the container"
Write-Host " - If local: ensure the process is started with MEDWORK_API_TOKENS / MEDWORK_API_TOKEN"
exit 1
}
}
foreach ($cid in $cids) {
$cid = $cid.Trim()
if (-not $cid) { continue }
$name = (& docker ps --format "{{.Names}}" --filter "id=$cid" 2>$null | Select-Object -First 1).Trim()
if (-not $name) { $name = $cid }
# Inside-container checks: ONLY lengths + set/unset flags, never print values.
$cmd = @"
sh -lc '
set -e
if [ -n "${MEDWORK_API_TOKENS:-}" ]; then echo "TOKENS_SET=1"; else echo "TOKENS_SET=0"; fi
if [ -n "${MEDWORK_API_TOKEN:-}" ]; then echo "TOKEN_SET=1"; else echo "TOKEN_SET=0"; fi
echo "LEN_TOKENS=${#MEDWORK_API_TOKENS}"
echo "LEN_TOKEN=${#MEDWORK_API_TOKEN}"
'
"@
Write-Host "Container: $name"
try {
$out = & docker exec $cid $cmd 2>$null
$out | ForEach-Object { Write-Host " $_" }
} catch {
Write-Host " ❌ docker exec failed (container might not have sh)."
}
Write-Host ""
}
Write-Host "Interpretation:"
Write-Host " - If TOKENS_SET=0 and TOKEN_SET=0 => container did not receive auth env vars => will 401."
Write-Host " - If LEN_* are non-zero but don't match your expectation => you're likely testing the wrong container/env."
exit 0
Reference in New Issue View Git Blame Copy Permalink