hackquest-ai/generate-env.sh at main · purvanshjoshi/hackquest-ai · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
#!/bin/bash
# Generate secure environment variables for HackQuest AI production deployment

echo "======================================"
echo "HackQuest AI - Environment Generator"
echo "======================================"
echo ""

# Function to generate secure random string
generate_secret() {
    openssl rand -hex 32
}

# Function to prompt user for input
prompt_input() {
    local prompt="$1"
    local default="$2"
    local input

    if [ -z "$default" ]; then
        read -p "$prompt: " input
    else
        read -p "$prompt [$default]: " input
        input="${input:-$default}"
    fi

    echo "$input"
}

echo "🔐 GENERATING SECURE ENVIRONMENT VARIABLES"
echo ""

# Generate secrets
SECRET_KEY=$(generate_secret)
JWT_SECRET=$(generate_secret)
DB_PASSWORD=$(openssl rand -base64 16)"Hq@2025!"

echo "✅ Generated:"
echo "   - SECRET_KEY: ${SECRET_KEY:0:16}... (32 chars)"
echo "   - JWT_SECRET: ${JWT_SECRET:0:16}... (32 chars)"
echo "   - DB_PASSWORD: ${DB_PASSWORD:0:10}... (20 chars)"
echo ""

# Prompt for user inputs
echo "📝 ENTER CONFIGURATION VALUES:"
echo ""

GROQ_API_KEY=$(prompt_input "🔑 Groq API Key" "")
PINECONE_API_KEY=$(prompt_input "🔑 Pinecone API Key (optional)" "")
PINECONE_ENV=$(prompt_input "🔑 Pinecone Environment (optional)" "")
FRONTEND_URL=$(prompt_input "🌐 Frontend URL" "https://hackquest-frontend.azurewebsites.net")
DB_SERVER=$(prompt_input "🗄️  PostgreSQL Server" "hackquest-db-server.postgres.database.azure.com")
DB_NAME=$(prompt_input "📊 Database Name" "hackquest_db")
DB_USER=$(prompt_input "👤 Database User" "dbadmin")

echo ""
echo "🔄 CREATING .env.production FILE..."
echo ""

# Create .env.production file
cat > .env.production << EOF
# ============================================
# HackQuest AI - Production Environment
# ============================================
# Generated: $(date)
# IMPORTANT: Keep this file secure and never commit to version control!

# Database Configuration
DATABASE_URL=postgresql+asyncpg://${DB_USER}:${DB_PASSWORD}@${DB_SERVER}:5432/${DB_NAME}

# Security
SECRET_KEY=${SECRET_KEY}
JWT_SECRET=${JWT_SECRET}
JWT_ALGORITHM=HS256
JWT_EXPIRATION_HOURS=24

# API Keys
GROQ_API_KEY=${GROQ_API_KEY}
PINECONE_API_KEY=${PINECONE_API_KEY}
PINECONE_ENVIRONMENT=${PINECONE_ENV}

# Service Configuration
ENVIRONMENT=production
DEBUG=False
LOG_LEVEL=info

# Frontend URL (for CORS)
FRONTEND_URL=${FRONTEND_URL}

# API Configuration
API_HOST=0.0.0.0
API_PORT=8000
API_WORKERS=4
API_TIMEOUT=60

# Database Configuration
DB_ECHO=False
DB_POOL_SIZE=20
DB_MAX_OVERFLOW=10

# Rate Limiting
RATE_LIMIT_ENABLED=True
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_PERIOD=60
EOF

echo "✅ Created: .env.production"
echo ""

# Create frontend .env.production
cat > frontend/.env.production << EOF
# Frontend Production Configuration
# Generated: $(date)

VITE_API_BASE_URL=${FRONTEND_URL%/}/api
VITE_ENV=production
VITE_LOG_LEVEL=error
VITE_ENABLE_ANALYTICS=true
EOF

echo "✅ Created: frontend/.env.production"
echo ""

# Create a backup with masked secrets
cat > .env.production.template << EOF
# ============================================
# HackQuest AI - Production Environment Template
# ============================================
# This is a TEMPLATE - fill in actual values before deployment

# Database Configuration
DATABASE_URL=postgresql+asyncpg://USERNAME:PASSWORD@SERVER:5432/DATABASE

# Security (generate with: openssl rand -hex 32)
SECRET_KEY=YOUR_SECRET_KEY_HERE_MIN_32_CHARS
JWT_SECRET=YOUR_JWT_SECRET_HERE_MIN_32_CHARS
JWT_ALGORITHM=HS256
JWT_EXPIRATION_HOURS=24

# API Keys
GROQ_API_KEY=YOUR_GROQ_API_KEY_HERE
PINECONE_API_KEY=YOUR_PINECONE_API_KEY_HERE
PINECONE_ENVIRONMENT=YOUR_PINECONE_ENVIRONMENT_HERE

# Service Configuration
ENVIRONMENT=production
DEBUG=False
LOG_LEVEL=info

# Frontend URL (for CORS)
FRONTEND_URL=https://your-frontend-url.com

# API Configuration
API_HOST=0.0.0.0
API_PORT=8000
API_WORKERS=4
API_TIMEOUT=60

# Database Configuration
DB_ECHO=False
DB_POOL_SIZE=20
DB_MAX_OVERFLOW=10

# Rate Limiting
RATE_LIMIT_ENABLED=True
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_PERIOD=60
EOF

echo "✅ Created: .env.production.template (for version control)"
echo ""

# Create secrets summary
cat > .env.secrets.summary << EOF
# ============================================
# HackQuest AI - Environment Summary
# ============================================
# Generated: $(date)
# Keep this file SECURE - contains sensitive information

DATABASE URL
  Server: ${DB_SERVER}
  Database: ${DB_NAME}
  Username: ${DB_USER}
  Password: [GENERATED - ${DB_PASSWORD:0:10}...]

SECRETS
  SECRET_KEY: ${SECRET_KEY:0:16}...
  JWT_SECRET: ${JWT_SECRET:0:16}...

API KEYS
  GROQ_API_KEY: ${GROQ_API_KEY:0:10}...
  PINECONE_API_KEY: ${PINECONE_API_KEY:0:10}...

FRONTEND
  URL: ${FRONTEND_URL}

DATABASE CONNECTION STRING
  postgresql+asyncpg://${DB_USER}:${DB_PASSWORD}@${DB_SERVER}:5432/${DB_NAME}
EOF

echo "✅ Created: .env.secrets.summary (for reference)"
echo ""

# Display summary
echo "======================================"
echo "✅ ENVIRONMENT GENERATION COMPLETE"
echo "======================================"
echo ""
echo "📋 FILES CREATED:"
echo "   1. .env.production (production config)"
echo "   2. frontend/.env.production (frontend config)"
echo "   3. .env.production.template (for git)"
echo "   4. .env.secrets.summary (for reference)"
echo ""

echo "⚠️  SECURITY REMINDERS:"
echo "   • .env.production contains sensitive data"
echo "   • NEVER commit .env.production to git"
echo "   • Use .env.production.template in version control"
echo "   • Store passwords securely (Azure Key Vault)"
echo "   • Rotate secrets every 90 days"
echo ""

echo "🚀 NEXT STEPS:"
echo "   1. Review .env.production file:"
echo "      cat .env.production"
echo ""
echo "   2. Verify all values are correct"
echo ""
echo "   3. Add to .gitignore if not already:"
echo "      echo '.env.production' >> .gitignore"
echo ""
echo "   4. Deploy using deploy-azure.sh"
echo ""

echo "📝 SAVE THESE CREDENTIALS SECURELY:"
echo ""
echo "Database Password:"
echo "   ${DB_PASSWORD}"
echo ""
echo "SECRET_KEY:"
echo "   ${SECRET_KEY}"
echo ""
echo "JWT_SECRET:"
echo "   ${JWT_SECRET}"
echo ""
echo "======================================"