From 58bfa65b8a2bff888bab7b6162d0c85cbf307fd4 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Thu, 10 Apr 2025 09:26:42 -0300
Subject: [PATCH 1/6] fix: security upgrade

https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-3983-rrqh-mvx5
---
 compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compose.yml b/compose.yml
index df8176b..b561740 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   app:
-    image: quay.io/hedgedoc/hedgedoc:1.10.1
+    image: quay.io/hedgedoc/hedgedoc:1.10.3
     environment:
       - CMD_USECDN=false
       - CMD_URL_ADDPORT=false

From d0191f1c494b6f4568a1d89223e09c98271e4719 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Thu, 10 Apr 2025 09:30:31 -0300
Subject: [PATCH 2/6] fix: prevent unbound variable error

---
 abra.sh                |  2 +-
 compose.postgresql.yml |  1 -
 entrypoint.sh.tmpl     | 13 ++++++++-----
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/abra.sh b/abra.sh
index edf3403..2bcd6ea 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,2 +1,2 @@
-export ENTRYPOINT_CONF_VERSION=v11
+export ENTRYPOINT_CONF_VERSION=v12
 export PG_BACKUP_VERSION=v1
diff --git a/compose.postgresql.yml b/compose.postgresql.yml
index de41691..591ee29 100644
--- a/compose.postgresql.yml
+++ b/compose.postgresql.yml
@@ -2,7 +2,6 @@ version: "3.8"
 services:
   app:
     environment:
-      - POSTGRES_ENABLED=1
       - CMD_DB_NAME=codimd
       - CMD_DB_USER=codimd
       - CMD_DB_HOST=db
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index da23531..c506359 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -22,13 +22,15 @@ file_env() {
 }
 
 load_vars() {
-  file_env "CMD_DB_PASSWORD"
+  if [ -n "${CMD_DB_PASSWORD}" ] ; then
+    file_env "CMD_DB_PASSWORD"
+  fi
   file_env "CMD_OAUTH2_CLIENT_SECRET"
   file_env "CMD_SESSION_SECRET"
 }
 
 main() {
-  set -eu
+  set -e
 
   load_vars
   mkdir -p "/hedgedoc/.npm" && \
@@ -40,8 +42,9 @@ main() {
 
 main
 
-if [ -n "$POSTGRES_ENABLED" ]; then
-export CMD_DB_URL="postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
+if [ -z "${CMD_DB_URL}" ] ; then
+  # TODO: support databases other than postgres and sqlite
+  export CMD_DB_URL="${postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
 fi
 
 # 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
@@ -52,4 +55,4 @@ if [ ! "${1-}" == "-e" ]; then
   /usr/local/bin/docker-entrypoint.sh npm start
 fi
 
-set +eu
+set +e

From 29a7d585dc6ef16da95da88f6399eb742955a08f Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Thu, 10 Apr 2025 15:42:21 -0300
Subject: [PATCH 3/6] fix: provide default values for variables

---
 entrypoint.sh.tmpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index c506359..f7cf908 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -22,7 +22,7 @@ file_env() {
 }
 
 load_vars() {
-  if [ -n "${CMD_DB_PASSWORD}" ] ; then
+  if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
     file_env "CMD_DB_PASSWORD"
   fi
   file_env "CMD_OAUTH2_CLIENT_SECRET"
@@ -30,7 +30,7 @@ load_vars() {
 }
 
 main() {
-  set -e
+  set -eu
 
   load_vars
   mkdir -p "/hedgedoc/.npm" && \
@@ -42,7 +42,7 @@ main() {
 
 main
 
-if [ -z "${CMD_DB_URL}" ] ; then
+if [ -z "${CMD_DB_URL:-""}" ] ; then
   # TODO: support databases other than postgres and sqlite
   export CMD_DB_URL="${postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
 fi
@@ -55,4 +55,4 @@ if [ ! "${1-}" == "-e" ]; then
   /usr/local/bin/docker-entrypoint.sh npm start
 fi
 
-set +e
+set +eu

From ec1735a0055458db80d1cdd92a835ca28db82bbb Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Fri, 11 Apr 2025 17:00:56 -0300
Subject: [PATCH 4/6] feat: set db type

---
 compose.postgresql.yml | 1 +
 entrypoint.sh.tmpl     | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/compose.postgresql.yml b/compose.postgresql.yml
index 591ee29..91a0532 100644
--- a/compose.postgresql.yml
+++ b/compose.postgresql.yml
@@ -2,6 +2,7 @@ version: "3.8"
 services:
   app:
     environment:
+      - CMD_DB_TYPE=postgres
       - CMD_DB_NAME=codimd
       - CMD_DB_USER=codimd
       - CMD_DB_HOST=db
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index f7cf908..b61454e 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -43,8 +43,7 @@ main() {
 main
 
 if [ -z "${CMD_DB_URL:-""}" ] ; then
-  # TODO: support databases other than postgres and sqlite
-  export CMD_DB_URL="${postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
+  export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
 fi
 
 # 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts

From 1db30e2cda2db52386040a1eebdc709d552539f1 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Fri, 11 Apr 2025 17:01:25 -0300
Subject: [PATCH 5/6] fix: typo

---
 entrypoint.sh.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index b61454e..92858bd 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -43,7 +43,7 @@ main() {
 main
 
 if [ -z "${CMD_DB_URL:-""}" ] ; then
-  export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
+  export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
 fi
 
 # 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts

From 29968706fc8320902006ecac251565fe65072e33 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Fri, 11 Apr 2025 17:01:33 -0300
Subject: [PATCH 6/6] fix: check for password file presence to build db url

---
 entrypoint.sh.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 92858bd..74d608c 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -22,7 +22,7 @@ file_env() {
 }
 
 load_vars() {
-  if [ -n "${CMD_DB_PASSWORD:-""}" ] ; then
+  if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
     file_env "CMD_DB_PASSWORD"
   fi
   file_env "CMD_OAUTH2_CLIENT_SECRET"
@@ -42,7 +42,7 @@ main() {
 
 main
 
-if [ -z "${CMD_DB_URL:-""}" ] ; then
+if [ -n "${CMD_DB_PASSWORD_FILE:-""}" ] ; then
   export CMD_DB_URL="${CMD_DB_TYPE}://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME"
 fi