v3 Migration Guide

docker-entrypoint.sh

@@ -88,6 +88,32 @@ if [ "$BETTER_AUTH_SECRET" = "your-secret-key-change-this-in-production" ] || [
   echo "BETTER_AUTH_SECRET has been set to a secure random value"
 fi
 
+# Generate a secure ENCRYPTION_SECRET if one isn't provided
+ENCRYPTION_SECRET_FILE="/app/data/.encryption_secret"
+
+if [ -z "$ENCRYPTION_SECRET" ]; then
+  # Check if we have a previously generated secret
+  if [ -f "$ENCRYPTION_SECRET_FILE" ]; then
+    echo "Using previously generated ENCRYPTION_SECRET"
+    export ENCRYPTION_SECRET=$(cat "$ENCRYPTION_SECRET_FILE")
+  else
+    echo "Generating a secure random ENCRYPTION_SECRET"
+    # Generate a 48-character secret for encryption
+    if command -v openssl >/dev/null 2>&1; then
+      GENERATED_ENCRYPTION_SECRET=$(openssl rand -base64 36)
+    else
+      # Fallback to using /dev/urandom if openssl is not available
+      echo "OpenSSL not found, using fallback method for encryption secret generation"
+      GENERATED_ENCRYPTION_SECRET=$(head -c 36 /dev/urandom | base64 | tr -d '\n' | head -c 48)
+    fi
+    export ENCRYPTION_SECRET="$GENERATED_ENCRYPTION_SECRET"
+    # Save the secret to a file for persistence across container restarts
+    echo "$GENERATED_ENCRYPTION_SECRET" > "$ENCRYPTION_SECRET_FILE"
+    chmod 600 "$ENCRYPTION_SECRET_FILE"
+  fi
+  echo "ENCRYPTION_SECRET has been set to a secure random value"
+fi
+
 
 
 # Skip dependency installation entirely for pre-built images
@@ -256,6 +282,69 @@ else
   else
     echo "Warning: Could not find mirror_jobs table update script."
   fi
+
+  # Run v3 migrations if needed
+  echo "Checking for v3 migrations..."
+  
+  # Check if we need to run Better Auth migration (check if accounts table exists)
+  if ! sqlite3 /app/data/gitea-mirror.db "SELECT name FROM sqlite_master WHERE type='table' AND name='accounts';" | grep -q accounts; then
+    echo "🔄 v3 Migration: Creating Better Auth tables..."
+    # Create Better Auth tables
+    sqlite3 /app/data/gitea-mirror.db <<EOF
+    CREATE TABLE IF NOT EXISTS accounts (
+      id TEXT PRIMARY KEY,
+      userId TEXT NOT NULL,
+      accountId TEXT NOT NULL,
+      providerId TEXT NOT NULL,
+      accessToken TEXT,
+      refreshToken TEXT,
+      expiresAt INTEGER,
+      password TEXT,
+      createdAt INTEGER NOT NULL,
+      updatedAt INTEGER NOT NULL,
+      FOREIGN KEY (userId) REFERENCES users(id)
+    );
+    
+    CREATE TABLE IF NOT EXISTS sessions (
+      id TEXT PRIMARY KEY,
+      userId TEXT NOT NULL,
+      token TEXT NOT NULL,
+      expiresAt INTEGER NOT NULL,
+      createdAt INTEGER NOT NULL,
+      updatedAt INTEGER NOT NULL,
+      FOREIGN KEY (userId) REFERENCES users(id)
+    );
+    
+    CREATE TABLE IF NOT EXISTS verification_tokens (
+      id TEXT PRIMARY KEY,
+      identifier TEXT NOT NULL,
+      token TEXT NOT NULL,
+      expires INTEGER NOT NULL
+    );
+    
+    CREATE INDEX IF NOT EXISTS idx_accounts_userId ON accounts(userId);
+    CREATE INDEX IF NOT EXISTS idx_sessions_token ON sessions(token);
+    CREATE INDEX IF NOT EXISTS idx_verification_identifier_token ON verification_tokens(identifier, token);
+EOF
+  fi
+  
+  # Run Better Auth user migration
+  if [ -f "dist/scripts/migrate-better-auth.js" ]; then
+    echo "🔄 v3 Migration: Migrating users to Better Auth..."
+    bun dist/scripts/migrate-better-auth.js
+  elif [ -f "scripts/migrate-better-auth.ts" ]; then
+    echo "🔄 v3 Migration: Migrating users to Better Auth..."
+    bun scripts/migrate-better-auth.ts
+  fi
+  
+  # Run token encryption migration
+  if [ -f "dist/scripts/migrate-tokens-encryption.js" ]; then
+    echo "🔄 v3 Migration: Encrypting stored tokens..."
+    bun dist/scripts/migrate-tokens-encryption.js
+  elif [ -f "scripts/migrate-tokens-encryption.ts" ]; then
+    echo "🔄 v3 Migration: Encrypting stored tokens..."
+    bun scripts/migrate-tokens-encryption.ts
+  fi
 fi
 
 # Extract version from package.json and set as environment variable