diff --git a/services/bstein-dev-home/kustomization.yaml b/services/bstein-dev-home/kustomization.yaml index bdcd593..f9d3c87 100644 --- a/services/bstein-dev-home/kustomization.yaml +++ b/services/bstein-dev-home/kustomization.yaml @@ -22,7 +22,7 @@ images: - name: registry.bstein.dev/bstein/bstein-dev-home-frontend newTag: 0.1.1-102 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-frontend"} - name: registry.bstein.dev/bstein/bstein-dev-home-backend - newTag: 0.1.1-102 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"} + newTag: 0.1.1-103 # {"$imagepolicy": "bstein-dev-home:bstein-dev-home-backend"} configMapGenerator: - name: chat-ai-gateway namespace: bstein-dev-home diff --git a/services/nextcloud-mail-sync/scripts/nextcloud-mail-sync.sh b/services/nextcloud-mail-sync/scripts/nextcloud-mail-sync.sh index 681308e..e75ec91 100755 --- a/services/nextcloud-mail-sync/scripts/nextcloud-mail-sync.sh +++ b/services/nextcloud-mail-sync/scripts/nextcloud-mail-sync.sh @@ -54,38 +54,26 @@ list_mail_accounts() { local export_out # Nextcloud Mail does not provide a list command; export is safe (does not print passwords). - # Some occ commands emit to stderr; capture both streams so we don't mis-detect "no accounts". - if ! export_out=$(/usr/sbin/runuser -u www-data -- php occ mail:account:export "${user_id}" 2>&1); then + if ! export_out=$(/usr/sbin/runuser -u www-data -- php occ mail:account:export --output json "${user_id}"); then echo "WARN: unable to export mail accounts for ${user_id}; skipping sync for safety" >&2 return 1 fi - # The export output is human-readable and includes blocks like: - # Account 10: - # - E-Mail: user@example.com - # Extract "account-id email" pairs. - awk ' - /^Account[[:space:]]+[0-9]+:/ { - id=$2; - sub(/:$/, "", id); - next; - } - id != "" && /@/ { - # Keep the regex simple (mawk does not support interval expressions like {2,}). - if (match($0, /[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+/)) { - printf("%s\t%s\n", id, substr($0, RSTART, RLENGTH)); - id=""; - } - } - ' <<<"${export_out}" | sort -u + if ! jq -e 'type == "array"' >/dev/null 2>&1 <<<"${export_out}"; then + echo "WARN: unexpected mail export output for ${user_id}; skipping sync for safety" >&2 + return 1 + fi + + jq -r '.[] | "\(.id)\t\(.email)"' <<<"${export_out}" | sort -u } token=$( - curl -fsS -d "grant_type=password" \ - -d "client_id=admin-cli" \ - -d "username=${KC_ADMIN_USER}" \ - -d "password=${KC_ADMIN_PASS}" \ - "${KC_BASE}/realms/master/protocol/openid-connect/token" | jq -r '.access_token' + curl -fsS \ + --data-urlencode "grant_type=password" \ + --data-urlencode "client_id=admin-cli" \ + --data-urlencode "username=${KC_ADMIN_USER}" \ + --data-urlencode "password=${KC_ADMIN_PASS}" \ + "${KC_BASE}/realms/master/protocol/openid-connect/token" | jq -r '.access_token // empty' ) if [[ -z "${token}" || "${token}" == "null" ]]; then