#!/usr/bin/env bash
set -e
TYPE="$1"
if [ -z "$TYPE" ]; then
TYPE="http"
fi
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
refresh_casdoor_jwt_cert() {
local endpoint="${CASDOOR_ENDPOINT:-http://casdoor:8000}"
local cert_file="${SCRIPT_DIR}/casdoor/token_jwt_key.pem"
local jwks
local cert
if ! command -v python3 >/dev/null 2>&1; then
echo "python3 not found, skipping Casdoor JWT cert refresh"
return 0
fi
jwks=$(curl -fsS "${endpoint}/.well-known/jwks" 2>/dev/null || true)
if [ -z "${jwks}" ]; then
echo "Warning: failed to fetch Casdoor JWKS from ${endpoint}, keeping existing JWT cert"
return 0
fi
cert=$(printf '%s' "${jwks}" | python3 -c '
import json
import sys
try:
data = json.load(sys.stdin)
keys = data.get("keys") or []
x5c = keys[0].get("x5c") or []
value = x5c[0]
except Exception:
sys.exit(1)
print("-----BEGIN CERTIFICATE-----")
for i in range(0, len(value), 64):
print(value[i:i + 64])
print("-----END CERTIFICATE-----")
' 2>/dev/null || true)
if [ -z "${cert}" ]; then
echo "Warning: failed to parse Casdoor JWKS certificate, keeping existing JWT cert"
return 0
fi
printf '%s\n' "${cert}" > "${cert_file}"
echo "Refreshed Casdoor JWT public key at ${cert_file}"
}
echo "=== YuanRong Runtime Local Restart ==="
echo "Project root: ${PROJECT_ROOT}"
echo ""
echo "Step 1: Stopping existing runtime..."
yr stop 2>/dev/null || echo "No running instance found"
echo ""
echo "Step 2: Starting runtime without reinstalling packages..."
export LITEBUS_DATA_KEY=6D792D7365637265742D6B65792D666F722D6A77742D64656D6F
export CONTAINER_EP=unix:///tmp/yr_sessions/runtime-launcher.sock
KEYCLOAK_ENV_FILE="${SCRIPT_DIR}/keycloak/.keycloak.env"
if [ -f "${KEYCLOAK_ENV_FILE}" ]; then
source "${KEYCLOAK_ENV_FILE}"
echo "Loaded Keycloak env from ${KEYCLOAK_ENV_FILE}"
fi
CASDOOR_ENV_FILE="${SCRIPT_DIR}/casdoor/.casdoor.env"
if [ -f "${CASDOOR_ENV_FILE}" ]; then
source "${CASDOOR_ENV_FILE}"
echo "Loaded Casdoor env from ${CASDOOR_ENV_FILE}"
fi
export AUTH_PROVIDER="${AUTH_PROVIDER:-casdoor}"
if [ "${AUTH_PROVIDER}" = "casdoor" ]; then
export KEYCLOAK_ENABLED="${KEYCLOAK_ENABLED:-false}"
export CASDOOR_ENABLED="${CASDOOR_ENABLED:-true}"
else
export KEYCLOAK_ENABLED="${KEYCLOAK_ENABLED:-true}"
export CASDOOR_ENABLED="${CASDOOR_ENABLED:-false}"
fi
export KEYCLOAK_URL="${KEYCLOAK_URL:-http://wyc.pc:18888}"
export KEYCLOAK_INTERNAL_URL="${KEYCLOAK_INTERNAL_URL:-http://yr-keycloak:8080}"
export KEYCLOAK_REALM="${KEYCLOAK_REALM:-yuanrong}"
export KEYCLOAK_CLIENT_ID="${KEYCLOAK_CLIENT_ID:-frontend}"
export KEYCLOAK_CLIENT_SECRET="${KEYCLOAK_CLIENT_SECRET:-}"
export CASDOOR_ENDPOINT="${CASDOOR_ENDPOINT:-http://casdoor:8000}"
export CASDOOR_PUBLIC_ENDPOINT="${CASDOOR_PUBLIC_ENDPOINT:-http://wyc.pc:18888}"
export CASDOOR_CLIENT_ID="${CASDOOR_CLIENT_ID:-}"
export CASDOOR_CLIENT_SECRET="${CASDOOR_CLIENT_SECRET:-}"
export CASDOOR_ORGANIZATION="${CASDOOR_ORGANIZATION:-openyuanrong.org}"
export CASDOOR_APPLICATION="${CASDOOR_APPLICATION:-yuanrong}"
export CASDOOR_ADMIN_USER="${CASDOOR_ADMIN_USER:-admin}"
export CASDOOR_ADMIN_PASSWORD="${CASDOOR_ADMIN_PASSWORD:-123}"
refresh_casdoor_jwt_cert
CASDOOR_JWT_PUBLIC_KEY_FILE="${SCRIPT_DIR}/casdoor/token_jwt_key.pem"
if [ -z "${CASDOOR_JWT_PUBLIC_KEY:-}" ] && [ -f "${CASDOOR_JWT_PUBLIC_KEY_FILE}" ]; then
export CASDOOR_JWT_PUBLIC_KEY="$(cat "${CASDOOR_JWT_PUBLIC_KEY_FILE}")"
echo "Loaded Casdoor JWT public key from ${CASDOOR_JWT_PUBLIC_KEY_FILE}"
fi
echo "Auth provider config:"
echo " AUTH_PROVIDER=${AUTH_PROVIDER}"
echo "Keycloak config:"
echo " KEYCLOAK_ENABLED=${KEYCLOAK_ENABLED}"
echo " KEYCLOAK_URL=${KEYCLOAK_URL}"
echo " KEYCLOAK_REALM=${KEYCLOAK_REALM}"
echo " KEYCLOAK_CLIENT_ID=${KEYCLOAK_CLIENT_ID}"
if [ -n "${KEYCLOAK_CLIENT_SECRET}" ]; then
echo " KEYCLOAK_CLIENT_SECRET=***"
else
echo " KEYCLOAK_CLIENT_SECRET=<empty>"
fi
echo "Casdoor config:"
echo " CASDOOR_ENABLED=${CASDOOR_ENABLED}"
echo " CASDOOR_ENDPOINT=${CASDOOR_ENDPOINT}"
echo " CASDOOR_PUBLIC_ENDPOINT=${CASDOOR_PUBLIC_ENDPOINT}"
echo " CASDOOR_ORGANIZATION=${CASDOOR_ORGANIZATION}"
echo " CASDOOR_APPLICATION=${CASDOOR_APPLICATION}"
echo " CASDOOR_ADMIN_USER=${CASDOOR_ADMIN_USER}"
if [ -n "${CASDOOR_CLIENT_ID}" ]; then
echo " CASDOOR_CLIENT_ID=${CASDOOR_CLIENT_ID}"
else
echo " CASDOOR_CLIENT_ID=<empty>"
fi
if [ -n "${CASDOOR_CLIENT_SECRET}" ]; then
echo " CASDOOR_CLIENT_SECRET=***"
else
echo " CASDOOR_CLIENT_SECRET=<empty>"
fi
if [ -n "${CASDOOR_JWT_PUBLIC_KEY:-}" ]; then
echo " CASDOOR_JWT_PUBLIC_KEY=loaded"
else
echo " CASDOOR_JWT_PUBLIC_KEY=<empty>"
fi
if [ -n "${CASDOOR_ADMIN_PASSWORD:-}" ]; then
echo " CASDOOR_ADMIN_PASSWORD=***"
else
echo " CASDOOR_ADMIN_PASSWORD=<empty>"
fi
SERVICES_YAML="${SCRIPT_DIR}/webterminal/services.yaml"
echo "Using services.yaml: ${SERVICES_YAML}"
if [ "${TYPE}" = "http" ]; then
echo "Starting in HTTP mode..."
yr start --master \
--enable_faas_frontend=true \
-l DEBUG \
--port_policy FIX \
--enable_function_scheduler true \
--enable_meta_service true \
--enable_iam_server true \
-p "${SERVICES_YAML}"
elif [ "${TYPE}" = "token" ]; then
echo "Starting in token mode..."
yr start --master --enable_faas_frontend=true -l DEBUG \
--port_policy FIX --enable_function_scheduler true \
--enable_meta_service true \
--ssl_base_path "${SCRIPT_DIR}/webterminal/cert" \
--frontend_ssl_enable true \
--enable_iam_server true \
--frontend_client_auth_type NoClientCert \
--enable_function_token_auth true \
--fs_health_check_retry_times 6000 \
-p "${SERVICES_YAML}"
elif [ "${TYPE}" = "mtls" ]; then
echo "Starting in mtls mode..."
yr start --master --enable_faas_frontend=true -l DEBUG \
--port_policy FIX --enable_function_scheduler true \
--enable_meta_service true \
--ssl_base_path "${SCRIPT_DIR}/webterminal/cert/" \
--frontend_ssl_enable true \
--meta_service_ssl_enable true \
-p "${SERVICES_YAML}"
else
echo "Unknown type: ${TYPE}. Valid options are: http, token, mtls."
exit 1
fi
echo ""
echo "=== Runtime restarted successfully ==="