Allow overwriting config options with environment variables.HEADmaster

1 files changed, 18 insertions, 10 deletions

diff --git a/auth.php b/auth.php
index 5c0ef9b..364ace6 100644
--- a/auth.php
+++ b/auth.php
@@ -14,20 +14,28 @@ $lockfile = fopen(__FILE__, 'r');
 if ($lockfile === FALSE) die("Cannot open lock file\n");
 if (!flock($lockfile, LOCK_EX)) die("Cannot acquire exclisive lock\n");
 
-$options = getopt("c:", [
-  'secret:',
-  'period:',
-  'window:',
-  'digest:',
-  'digits:',
-  'delay:'
-]);
+$config_options = ['secret', 'period', 'window', 'digest', 'digits', 'delay'];
+$options = getopt("c:e::", array_map(function($e){return "$e:";}, $config_options));
 if (isset($options['secret'])) echo "!!! PODAWANIE SEKRETU JAKO ARGUMENT NIE JEST BEZPIECZNE !!!\n";
 if (isset($options['c'])) $config = load_config($options['c']); else $config = new stdClass();
 $config_default = load_config(__DIR__.'/config_default.json');
 
-foreach($config_default as $k => $v) if (!isset($config->{$k})) $config->{$k} = $v;
-foreach($options as $k => $v) if ($k !== 'c') $config->{$k} = $v;
+foreach($config_options as $opt) {
+  if (isset($options[$opt])) {
+    $config->{$opt} = $options[$opt];
+    continue;
+  }
+  if (isset($options['e'])) {
+    $env_k = 'TOTP_'.strtoupper($opt);
+    $env_v = getenv($env_k);
+    if ($env_v !== FALSE) {
+      $config->{$opt} = $env_v;
+      putenv($env_k);
+      continue;
+    }
+  }
+  if (!isset($config->{$opt})) $config->{$opt} = $config_default->{$opt};
+}
 
 $config->secret = strtr($config->secret, [' ' => '']);
 if (!preg_match('/^[A-Z2-7]+$/i', $config->secret)) die("Base32 encoded secret required\n");