Compare commits
1 Commits
main
...
policies/a
| Author | SHA1 | Date | |
|---|---|---|---|
|
a766419277 |
9
.editorconfig
Normal file
9
.editorconfig
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
root = true
|
||||||
|
|
||||||
|
[*]
|
||||||
|
indent_style = space
|
||||||
|
indent_size = 2
|
||||||
|
end_of_line = lf
|
||||||
|
charset = utf-8
|
||||||
|
trim_trailing_whitespace = true
|
||||||
|
insert_final_newline = true
|
||||||
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
node_modules/
|
||||||
3
.prettierignore
Normal file
3
.prettierignore
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
node_modules/
|
||||||
|
*.sh
|
||||||
|
package-lock.json
|
||||||
6
.prettierrc
Normal file
6
.prettierrc
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
{
|
||||||
|
"singleQuote": true,
|
||||||
|
"trailingComma": "all",
|
||||||
|
"printWidth": 100,
|
||||||
|
"tabWidth": 2
|
||||||
|
}
|
||||||
17
Makefile
Normal file
17
Makefile
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
export NODE_ENV := development
|
||||||
|
|
||||||
|
.PHONY: check install fmt fmt-check secret-scan
|
||||||
|
|
||||||
|
check: install fmt-check secret-scan
|
||||||
|
|
||||||
|
install:
|
||||||
|
npm install
|
||||||
|
|
||||||
|
fmt:
|
||||||
|
npx prettier --write .
|
||||||
|
|
||||||
|
fmt-check:
|
||||||
|
npx prettier --check .
|
||||||
|
|
||||||
|
secret-scan:
|
||||||
|
bash tools/secret-scan.sh .
|
||||||
27
README.md
27
README.md
@ -12,13 +12,13 @@ One-command deployment of **Mattermost Team Edition** on Ubuntu/Debian, pre-conf
|
|||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
| Requirement | Details |
|
| Requirement | Details |
|
||||||
|---|---|
|
| ----------- | ------------------------------------------------- |
|
||||||
| **OS** | Ubuntu 20.04+ / Debian 11+ |
|
| **OS** | Ubuntu 20.04+ / Debian 11+ |
|
||||||
| **Access** | Root (sudo) |
|
| **Access** | Root (sudo) |
|
||||||
| **Ports** | 80 and 443 open to the internet |
|
| **Ports** | 80 and 443 open to the internet |
|
||||||
| **DNS** | A record pointing your domain to this server's IP |
|
| **DNS** | A record pointing your domain to this server's IP |
|
||||||
| **RAM** | 2 GB minimum (4 GB recommended) |
|
| **RAM** | 2 GB minimum (4 GB recommended) |
|
||||||
|
|
||||||
## Quick Start
|
## Quick Start
|
||||||
|
|
||||||
@ -32,6 +32,7 @@ sudo bash install.sh
|
|||||||
```
|
```
|
||||||
|
|
||||||
The wizard will ask you for:
|
The wizard will ask you for:
|
||||||
|
|
||||||
1. **Domain name** (e.g. `chat.example.com`)
|
1. **Domain name** (e.g. `chat.example.com`)
|
||||||
2. **Email** (for Let's Encrypt SSL)
|
2. **Email** (for Let's Encrypt SSL)
|
||||||
3. **Port** (default: 8000)
|
3. **Port** (default: 8000)
|
||||||
@ -81,12 +82,12 @@ docker compose ps
|
|||||||
|
|
||||||
## Troubleshooting
|
## Troubleshooting
|
||||||
|
|
||||||
| Issue | Fix |
|
| Issue | Fix |
|
||||||
|---|---|
|
| --------------------- | ---------------------------------------------------------------------- |
|
||||||
| SSL cert failed | Verify DNS A record points to this server; check ports 80/443 are open |
|
| SSL cert failed | Verify DNS A record points to this server; check ports 80/443 are open |
|
||||||
| Container won't start | Check logs: `docker compose logs mattermost` |
|
| Container won't start | Check logs: `docker compose logs mattermost` |
|
||||||
| 502 Bad Gateway | Container may still be booting — wait 30s and refresh |
|
| 502 Bad Gateway | Container may still be booting — wait 30s and refresh |
|
||||||
| Permission denied | Run installer with `sudo` |
|
| Permission denied | Run installer with `sudo` |
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|||||||
31
package-lock.json
generated
Normal file
31
package-lock.json
generated
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"name": "openclaw-mattermost",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"lockfileVersion": 3,
|
||||||
|
"requires": true,
|
||||||
|
"packages": {
|
||||||
|
"": {
|
||||||
|
"name": "openclaw-mattermost",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"devDependencies": {
|
||||||
|
"prettier": "^3.2.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"node_modules/prettier": {
|
||||||
|
"version": "3.8.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
|
||||||
|
"integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
|
||||||
|
"dev": true,
|
||||||
|
"license": "MIT",
|
||||||
|
"bin": {
|
||||||
|
"prettier": "bin/prettier.cjs"
|
||||||
|
},
|
||||||
|
"engines": {
|
||||||
|
"node": ">=14"
|
||||||
|
},
|
||||||
|
"funding": {
|
||||||
|
"url": "https://github.com/prettier/prettier?sponsor=1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
9
package.json
Normal file
9
package.json
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
{
|
||||||
|
"name": "openclaw-mattermost",
|
||||||
|
"version": "1.0.0",
|
||||||
|
"private": true,
|
||||||
|
"description": "OpenClaw Mattermost Integration",
|
||||||
|
"devDependencies": {
|
||||||
|
"prettier": "^3.2.0"
|
||||||
|
}
|
||||||
|
}
|
||||||
69
tools/secret-scan.sh
Executable file
69
tools/secret-scan.sh
Executable file
@ -0,0 +1,69 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# secret-scan.sh — Scans for private keys and high-entropy secrets
|
||||||
|
# Usage: bash tools/secret-scan.sh [directory]
|
||||||
|
# Uses .secret-scan-allowlist for false positives (one file path per line)
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
SCAN_DIR="${1:-.}"
|
||||||
|
ALLOWLIST=".secret-scan-allowlist"
|
||||||
|
FINDINGS=0
|
||||||
|
|
||||||
|
# Build find exclusions
|
||||||
|
EXCLUDES=(-not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/coverage/*" -not -path "*/dist/*")
|
||||||
|
|
||||||
|
# Load allowlist
|
||||||
|
ALLOWLIST_PATHS=()
|
||||||
|
if [ -f "$ALLOWLIST" ]; then
|
||||||
|
while IFS= read -r line || [ -n "$line" ]; do
|
||||||
|
[[ "$line" =~ ^#.*$ || -z "$line" ]] && continue
|
||||||
|
ALLOWLIST_PATHS+=("$line")
|
||||||
|
done < "$ALLOWLIST"
|
||||||
|
fi
|
||||||
|
|
||||||
|
is_allowed() {
|
||||||
|
local file="$1"
|
||||||
|
for allowed in "${ALLOWLIST_PATHS[@]}"; do
|
||||||
|
if [[ "$file" == *"$allowed"* ]]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Scanning $SCAN_DIR for secrets..."
|
||||||
|
|
||||||
|
# Scan for private keys
|
||||||
|
while IFS= read -r file; do
|
||||||
|
[ -f "$file" ] || continue
|
||||||
|
is_allowed "$file" && continue
|
||||||
|
if grep -qE '-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----' "$file" 2>/dev/null; then
|
||||||
|
echo "FINDING [private-key]: $file"
|
||||||
|
FINDINGS=$((FINDINGS + 1))
|
||||||
|
fi
|
||||||
|
done < <(find "$SCAN_DIR" "${EXCLUDES[@]}" -type f)
|
||||||
|
|
||||||
|
# Scan for high-entropy hex strings (40+ chars)
|
||||||
|
while IFS= read -r file; do
|
||||||
|
[ -f "$file" ] || continue
|
||||||
|
is_allowed "$file" && continue
|
||||||
|
if grep -qE '[0-9a-f]{40,}' "$file" 2>/dev/null; then
|
||||||
|
# Filter out common false positives (git SHAs in lock files, etc.)
|
||||||
|
BASENAME=$(basename "$file")
|
||||||
|
if [[ "$BASENAME" != "package-lock.json" && "$BASENAME" != "*.lock" ]]; then
|
||||||
|
MATCHES=$(grep -oE '[0-9a-f]{40,}' "$file" 2>/dev/null || true)
|
||||||
|
if [ -n "$MATCHES" ]; then
|
||||||
|
echo "FINDING [high-entropy-hex]: $file"
|
||||||
|
FINDINGS=$((FINDINGS + 1))
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done < <(find "$SCAN_DIR" "${EXCLUDES[@]}" -type f -not -name "package-lock.json" -not -name "*.lock")
|
||||||
|
|
||||||
|
if [ "$FINDINGS" -gt 0 ]; then
|
||||||
|
echo "secret-scan: $FINDINGS finding(s) — FAIL"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "secret-scan: clean — PASS"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
Loading…
Reference in New Issue
Block a user