CalvinBackup/GLEGram-iOS
1
0
Fork 0
mirror of https://github.com/GLEGram/GLEGram-iOS.git synced 2026-05-14 04:32:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove publishing docs and secret-handling scripts from public repo

Browse Source
This commit is contained in:
Leeksov
2026-05-11 16:04:58 +03:00
parent d9856616f2
commit ecbe5ba252
3 changed files with 0 additions and 242 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/check-secrets.sh
-65
View File
@@ -1,65 +0,0 @@
#!/bin/zsh
# Verify no secrets remain before pushing to public repo
set -e
cd "$(dirname "$0")/.."
FOUND=0
echo "Checking for secrets..."
# AES/HMAC keys
if grep -rq "V1wmSaHPBtfwGR7jHozwSkRVQrUVtvUMkb\|QpU3hDanhmp67LDTzL2tjzDuG4qIsCIFn3LMY" . --include="*.swift" --include="*.json" 2>/dev/null; then
echo "FAIL: AES/HMAC keys found!"
FOUND=1
fi
# GLEGram API credentials
if grep -rq "31339208\|b7917b274453f075e114f2fef86230d2" . --include="*.swift" --include="*.json" --include="*.bzl" 2>/dev/null; then
echo "FAIL: GLEGram API credentials found!"
FOUND=1
fi
# Team ID
if grep -rq "F8A8NWPL78" . --include="*.swift" --include="*.json" --include="*.bzl" 2>/dev/null; then
echo "FAIL: GLEGram Team ID found!"
FOUND=1
fi
# HMAC salt
if grep -rq "glegram-hmac-v1" . --include="*.swift" 2>/dev/null; then
echo "FAIL: HMAC salt found!"
FOUND=1
fi
# SSL pinning hashes
if grep -rq "brDmHiqwkhgPrFDmkcD2IsDUdKLZlyGjGkn0SOGNKFI" . --include="*.swift" --include="*.json" 2>/dev/null; then
# HMAC salt
if grep -rq "glegram-hmac-v1" . --include="*.swift" 2>/dev/null; then
echo "FAIL: HMAC salt found!"
FOUND=1
fi
echo "FAIL: SSL pinning hashes found!"
FOUND=1
fi
# glegram.site in code (not comments)
if grep -rn "glegram.site" . --include="*.swift" --include="*.json" 2>/dev/null | grep -v "//\|/\*\|e\.g\.\|example" | grep -q .; then
echo "FAIL: glegram.site domain in code (not comment)!"
FOUND=1
fi
# Real provisioning profiles
if find build-system/real-codesigning -name "*.mobileprovision" -o -name "*.p12" 2>/dev/null | grep -q .; then
echo "FAIL: Real provisioning profiles found!"
FOUND=1
fi
if [ "$FOUND" -eq 0 ]; then
echo "ALL CLEAR — safe to push to public repo."
else
echo ""
echo "BLOCKED — fix the issues above before pushing!"
exit 1
fi
scripts/strip-secrets.sh
-90
View File
@@ -1,90 +0,0 @@
#!/bin/zsh
# Strip secrets before publishing to public repo
# Run ONLY on the 'main' branch
set -e
cd "$(dirname "$0")/.."
BRANCH=$(git branch --show-current)
if [ "$BRANCH" != "main" ]; then
echo "ERROR: Run this only on 'main' branch (current: $BRANCH)"
exit 1
fi
echo "Stripping secrets for public release..."
# 1. SGConfig — remove keys
cat > Swiftgram/SGConfig/Sources/File.swift << 'SWIFT'
import Foundation
import BuildConfig
public struct SGConfig: Codable {
public static let isBetaBuild: Bool = true
public var apiUrl: String = "https://api.swiftgram.app"
public var webappUrl: String = "https://my.swiftgram.app"
public var botUsername: String = "SwiftgramBot"
public var publicKey: String?
public var iaps: [String] = []
public var supportersApiUrl: String? = nil
public var supportersAesKey: String? = nil
public var supportersHmacKey: String? = nil
public var supportersPinnedCertHashes: [String] = []
public var demoLoginBackendUrl: String? = nil
public var demoLoginPhonePrefix: String? = nil
}
private func parseSGConfig(_ jsonString: String) -> SGConfig {
let jsonData = Data(jsonString.utf8)
let decoder = JSONDecoder()
decoder.keyDecodingStrategy = .convertFromSnakeCase
return (try? decoder.decode(SGConfig.self, from: jsonData)) ?? SGConfig()
}
private let baseAppBundleId = Bundle.main.bundleIdentifier!
private let buildConfig = BuildConfig(baseAppBundleId: baseAppBundleId)
public let SG_CONFIG: SGConfig = parseSGConfig(buildConfig.sgConfig)
public let SG_API_WEBAPP_URL_PARSED = URL(string: SG_CONFIG.webappUrl)!
SWIFT
echo " Stripped: SGConfig"
# 1.5 SupportersCrypto — remove HMAC salt
sed -i '' 's/private let HMAC_SALT = .*/private let HMAC_SALT = "YOUR_HMAC_SALT"/' GLEGram/SGSupporters/Sources/SupportersCrypto.swift 2>/dev/null
echo " Stripped: HMAC salt"
# 2. Build configs — replace with templates
for cfg in build-system/ipa-build-configuration.json build-system/glegram-appstore-configuration.json; do
cat > "$cfg" << 'JSON'
{
"bundle_id": "com.example.GLEGram",
"api_id": "YOUR_API_ID",
"api_hash": "YOUR_API_HASH",
"team_id": "YOUR_TEAM_ID",
"app_center_id": "0",
"is_internal_build": "false",
"is_appstore_build": "true",
"appstore_id": "0",
"app_specific_url_scheme": "tg",
"premium_iap_product_id": "",
"enable_siri": false,
"enable_icloud": false,
"sg_config": ""
}
JSON
done
echo " Stripped: build configs"
# 3. Real codesigning — empty
rm -rf build-system/real-codesigning/certs/*.p12 build-system/real-codesigning/certs/*.cer 2>/dev/null
rm -rf build-system/real-codesigning/profiles/*.mobileprovision 2>/dev/null
mkdir -p build-system/real-codesigning/certs build-system/real-codesigning/profiles
echo "# Add your certificates here" > build-system/real-codesigning/certs/README.md
echo "# Add your provisioning profiles here" > build-system/real-codesigning/profiles/README.md
echo " Stripped: codesigning"
# 4. Remove binaries
rm -f build-input/bazel-* scripts/Telegram 2>/dev/null
rm -rf build/ 2>/dev/null
echo " Stripped: binaries"
echo ""
echo "Done. Run ./scripts/check-secrets.sh before committing."