Files
2026-04-06 10:35:33 +03:00

66 lines
1.8 KiB
Bash
Executable File

#!/bin/zsh
# Verify no secrets remain before pushing to public repo
set -e
cd "$(dirname "$0")/.."
FOUND=0
echo "Checking for secrets..."
# AES/HMAC keys
if grep -rq "V1wmSaHPBtfwGR7jHozwSkRVQrUVtvUMkb\|QpU3hDanhmp67LDTzL2tjzDuG4qIsCIFn3LMY" . --include="*.swift" --include="*.json" 2>/dev/null; then
echo "FAIL: AES/HMAC keys found!"
FOUND=1
fi
# GLEGram API credentials
if grep -rq "31339208\|b7917b274453f075e114f2fef86230d2" . --include="*.swift" --include="*.json" --include="*.bzl" 2>/dev/null; then
echo "FAIL: GLEGram API credentials found!"
FOUND=1
fi
# Team ID
if grep -rq "F8A8NWPL78" . --include="*.swift" --include="*.json" --include="*.bzl" 2>/dev/null; then
echo "FAIL: GLEGram Team ID found!"
FOUND=1
fi
# HMAC salt
if grep -rq "glegram-hmac-v1" . --include="*.swift" 2>/dev/null; then
echo "FAIL: HMAC salt found!"
FOUND=1
fi
# SSL pinning hashes
if grep -rq "brDmHiqwkhgPrFDmkcD2IsDUdKLZlyGjGkn0SOGNKFI" . --include="*.swift" --include="*.json" 2>/dev/null; then
# HMAC salt
if grep -rq "glegram-hmac-v1" . --include="*.swift" 2>/dev/null; then
echo "FAIL: HMAC salt found!"
FOUND=1
fi
echo "FAIL: SSL pinning hashes found!"
FOUND=1
fi
# glegram.site in code (not comments)
if grep -rn "glegram.site" . --include="*.swift" --include="*.json" 2>/dev/null | grep -v "//\|/\*\|e\.g\.\|example" | grep -q .; then
echo "FAIL: glegram.site domain in code (not comment)!"
FOUND=1
fi
# Real provisioning profiles
if find build-system/real-codesigning -name "*.mobileprovision" -o -name "*.p12" 2>/dev/null | grep -q .; then
echo "FAIL: Real provisioning profiles found!"
FOUND=1
fi
if [ "$FOUND" -eq 0 ]; then
echo "ALL CLEAR — safe to push to public repo."
else
echo ""
echo "BLOCKED — fix the issues above before pushing!"
exit 1
fi