generated from nhcarrigan/template
feat: reorganise bash scripts and add comprehensive documentation (#6)
CI / dependency-pin-check-typescript (push) Successful in 5s
CI / dependency-pin-check-python (push) Successful in 4s
CI / python (push) Successful in 9m28s
CI / typescript (push) Successful in 9m42s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m39s
CI / dependency-pin-check-typescript (push) Successful in 5s
CI / dependency-pin-check-python (push) Successful in 4s
CI / python (push) Successful in 9m28s
CI / typescript (push) Successful in 9m42s
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 1m39s
## Summary This PR completes the bash script restructuring and adds comprehensive documentation across all script categories. ### Bash Restructuring - Moved cohort shell scripts (`remove_github_members.sh`, `update_github_teams.sh`) from `python/cohort/` into a new `bash/cohort/` directory - Moved existing bash utilities (`add-keys-to-git.sh`, `fix-yubikey-perms.sh`, `list-yubikey-ssh-keys.sh`) into a new `bash/yubikey/` subdirectory - Updated `run.sh` to support **Bash** as a third language option alongside TypeScript and Python - Bash scripts are run directly (no 1Password secret injection needed) - Category discovery and script listing works the same as for TS/Python - Removed dead "Root Scripts" logic that was no longer needed ### Documentation Added `README.md` files for all script categories that were missing them: - `bash/cohort/README.md` — cohort GitHub team management scripts - `bash/yubikey/README.md` — YubiKey SSH key and permission utilities - `typescript/src/crowdin/README.md` — Crowdin translation management scripts - `typescript/src/discord/README.md` — Discord bot utility scripts - `typescript/src/discourse/README.md` — Discourse forum management scripts - `typescript/src/gitea/README.md` — Gitea bulk repository operation scripts - `typescript/src/github/README.md` — GitHub API interaction scripts - `typescript/src/music/README.md` — Music file metadata tools - `typescript/src/s3/README.md` — S3-compatible object storage scripts - `typescript/src/security/README.md` — Security analysis and reporting scripts - `python/cohort/README.md` — Updated to remove moved shell scripts, fix usage commands Also updated project-level docs: - **`README.md`** — Corrected project structure, fixed running instructions (removed references to non-existent `make run-ts`/`make run-py` targets), added Bash prerequisites - **`CLAUDE.md`** — Updated project overview, structure, development standards, and script-adding guides to reflect the current state of the project ✨ This PR was created with help from Hikari~ 🌸 Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com> Reviewed-on: #6 Co-authored-by: Hikari <hikari@nhcarrigan.com> Co-committed-by: Hikari <hikari@nhcarrigan.com>
This commit was merged in pull request #6.
This commit is contained in:
@@ -0,0 +1,142 @@
|
||||
#!/usr/bin/env python3
|
||||
"""Check cohort-team-* channels for incorrect @everyone or @cohort permissions.
|
||||
|
||||
Find channels where @everyone or @cohort has Send Messages or
|
||||
Send Messages in Threads enabled.
|
||||
"""
|
||||
|
||||
import asyncio
|
||||
import os
|
||||
|
||||
import aiohttp
|
||||
|
||||
DISCORD_BOT_TOKEN = os.environ["DISCORD_BOT_TOKEN"]
|
||||
BASE_URL = "https://discord.com/api/v10"
|
||||
GUILD_ID = "739845668582981683"
|
||||
|
||||
SEND_MESSAGES = 0x0000000000000800
|
||||
SEND_MESSAGES_IN_THREADS = 0x0000004000000000
|
||||
|
||||
|
||||
async def check_permissions() -> None:
|
||||
"""Check all cohort-team-* channels for permission issues."""
|
||||
headers = {"Authorization": f"Bot {DISCORD_BOT_TOKEN}"}
|
||||
|
||||
async with aiohttp.ClientSession() as session:
|
||||
print("Fetching channels...")
|
||||
async with session.get(
|
||||
f"{BASE_URL}/guilds/{GUILD_ID}/channels", headers=headers
|
||||
) as resp:
|
||||
if resp.status != 200:
|
||||
error = await resp.text()
|
||||
print(f"Error fetching channels: {resp.status} - {error}")
|
||||
return
|
||||
channels = await resp.json()
|
||||
|
||||
print("Fetching roles...")
|
||||
async with session.get(
|
||||
f"{BASE_URL}/guilds/{GUILD_ID}/roles", headers=headers
|
||||
) as resp:
|
||||
if resp.status != 200:
|
||||
error = await resp.text()
|
||||
print(f"Error fetching roles: {resp.status} - {error}")
|
||||
return
|
||||
roles = await resp.json()
|
||||
|
||||
everyone_role_id = GUILD_ID
|
||||
|
||||
cohort_role_id = None
|
||||
for role in roles:
|
||||
if "cohort" in role["name"].lower():
|
||||
cohort_role_id = role["id"]
|
||||
print(f"Found cohort role: {role['name']} ({role['id']})")
|
||||
break
|
||||
|
||||
if not cohort_role_id:
|
||||
print("Warning: Could not find @cohort role!")
|
||||
|
||||
cohort_channels = [
|
||||
ch
|
||||
for ch in channels
|
||||
if ch["name"].startswith("cohort-team-") and ch["type"] == 0
|
||||
]
|
||||
|
||||
print(f"\nFound {len(cohort_channels)} cohort-team-* channels\n")
|
||||
|
||||
problematic_channels = []
|
||||
|
||||
for channel in sorted(cohort_channels, key=lambda x: x["name"]):
|
||||
channel_name = channel["name"]
|
||||
channel_id = channel["id"]
|
||||
permission_overwrites = channel.get("permission_overwrites", [])
|
||||
|
||||
everyone_perms = None
|
||||
cohort_perms = None
|
||||
|
||||
for overwrite in permission_overwrites:
|
||||
if overwrite["id"] == everyone_role_id:
|
||||
everyone_perms = overwrite
|
||||
elif cohort_role_id and overwrite["id"] == cohort_role_id:
|
||||
cohort_perms = overwrite
|
||||
|
||||
issues = []
|
||||
|
||||
if everyone_perms:
|
||||
deny = int(everyone_perms.get("deny", "0"))
|
||||
allow = int(everyone_perms.get("allow", "0"))
|
||||
|
||||
if (allow & SEND_MESSAGES) or not (deny & SEND_MESSAGES):
|
||||
issues.append("@everyone can send messages")
|
||||
|
||||
if (allow & SEND_MESSAGES_IN_THREADS) or not (
|
||||
deny & SEND_MESSAGES_IN_THREADS
|
||||
):
|
||||
issues.append("@everyone can send messages in threads")
|
||||
else:
|
||||
issues.append(
|
||||
"@everyone has no permission overwrite (inheriting server perms)"
|
||||
)
|
||||
|
||||
if cohort_perms and cohort_role_id:
|
||||
deny = int(cohort_perms.get("deny", "0"))
|
||||
allow = int(cohort_perms.get("allow", "0"))
|
||||
|
||||
if (allow & SEND_MESSAGES) or not (deny & SEND_MESSAGES):
|
||||
issues.append("@cohort can send messages")
|
||||
|
||||
if (allow & SEND_MESSAGES_IN_THREADS) or not (
|
||||
deny & SEND_MESSAGES_IN_THREADS
|
||||
):
|
||||
issues.append("@cohort can send messages in threads")
|
||||
elif cohort_role_id:
|
||||
issues.append(
|
||||
"@cohort has no permission overwrite (inheriting server perms)"
|
||||
)
|
||||
|
||||
if issues:
|
||||
problematic_channels.append(
|
||||
{"name": channel_name, "id": channel_id, "issues": issues}
|
||||
)
|
||||
print(f"❌ {channel_name}")
|
||||
for issue in issues:
|
||||
print(f" - {issue}")
|
||||
else:
|
||||
print(f"✅ {channel_name}")
|
||||
|
||||
print("\n" + "=" * 60)
|
||||
print(
|
||||
f"\nSummary: {len(problematic_channels)} channels with permission issues\n"
|
||||
)
|
||||
|
||||
if problematic_channels:
|
||||
print("Problematic channels:")
|
||||
for ch in problematic_channels:
|
||||
print(f"\n{ch['name']} (ID: {ch['id']})")
|
||||
for issue in ch["issues"]:
|
||||
print(f" • {issue}")
|
||||
else:
|
||||
print("All channels have correct permissions! 🎉")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
asyncio.run(check_permissions())
|
||||
Reference in New Issue
Block a user