ldap-matter/db_init/init_postgres.sh

#!/bin/bash
# This script needs root privileges and access to Postgres

set -e
source /docker-entrypoint-initdb.d/config_init.sh

#######################################--Functions--###############################################

ok()   { echo -e '\e[32m'"$1"'\e[m'; }
error(){ echo -e '\e[31m'"$1"'\e[m'; }
info() { echo -e '\e[34m'"$1"'\e[m'; }
warn() { echo -e '\e[33m'"$1"'\e[m'; }

#######################################--SQL STATEMENT--###########################################

# Tables creation
create_table_oauth_client="CREATE TABLE IF NOT EXISTS oauth_clients (client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(100), user_id VARCHAR(80), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id));"
create_table_oauth_access_tokens="CREATE TABLE IF NOT EXISTS oauth_access_tokens (access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT access_token_pk PRIMARY KEY (access_token));"
create_table_oauth_authorization_codes="CREATE TABLE IF NOT EXISTS oauth_authorization_codes (authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code));"
create_table_oauth_refresh_tokens="CREATE TABLE IF NOT EXISTS oauth_refresh_tokens (refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token));"
create_table_users="CREATE TABLE IF NOT EXISTS users (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, CONSTRAINT id_pk PRIMARY KEY (id));"
create_table_oauth_scopes="CREATE TABLE IF NOT EXISTS oauth_scopes (scope TEXT, is_default BOOLEAN);"

# Client creation
create_client="INSERT INTO oauth_clients (client_id,client_secret,redirect_uri,grant_types,scope,user_id) VALUES ('$client_id','$client_secret','$redirect_uri','$grant_types','$scope','$user_id') ON CONFLICT (client_id) DO NOTHING;"

###################################################################################################

# Welcome
info "This script will create a new OAuth role and database for Mattermost-LDAP"
warn "SuperUser rights are required to create role and database in Postgres"
info "Press ctrl+c to stop the script if you are not ready"
sleep 5

# Create role and DB
info "Creating role [$db_user] and database [$db_name] ..."
psql -U postgres -c "CREATE DATABASE $db_name;"
psql -U postgres -c "CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_pass';"
psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE $db_name TO $db_user;"
psql -U postgres -c "ALTER DATABASE $db_name OWNER TO $db_user;"

# Create tables
info "Creating tables in database $db_name (using $db_user)"
psql -U $db_user -d $db_name -c "$create_table_oauth_client"
psql -U $db_user -d $db_name -c "$create_table_oauth_access_tokens"
psql -U $db_user -d $db_name -c "$create_table_oauth_authorization_codes"
psql -U $db_user -d $db_name -c "$create_table_oauth_refresh_tokens"
psql -U $db_user -d $db_name -c "$create_table_users"
psql -U $db_user -d $db_name -c "$create_table_oauth_scopes"

# Insert client
info "Inserting new client into database"
psql -U $db_user -d $db_name -c "$create_client"

# Verification
if psql -U $db_user -d $db_name -c "SELECT * FROM oauth_clients WHERE client_id='$client_id';" | grep -q "$client_id"; then
  ok "Client has been created! OAuth Database is configured."
  info "Client ID     : $client_id"
  warn "Client Secret : $client_secret"
  info "Keep ID and Secret safe, you will need them to configure Mattermost"
else
  error "Client was not created! Please check logs."
fi