drop SESSION-specific stuff and move encrypt/decrypt helpers to a separate class; add a command line flag to generate encryption keys

2025-04-08 08:55:44 +03:00
parent 58677fc791
commit 25d3ce4ee8
4 changed files with 75 additions and 52 deletions
--- a/update.php
+++ b/update.php
@@ -84,6 +84,7 @@
 		"update-schema::" => ["[force-yes]", "update database schema, optionally without prompting"],
 		"force-update" => "mark all feeds as pending update",
 		"gen-search-idx" => "generate basic PostgreSQL fulltext search index",
+		"gen-encryption-key" => "generate an encryption key (ChaCha20-Poly1305)",
 		"plugins-list" => "list installed plugins",
 		"debug-feed:" => ["N", "update specified feed with debug output enabled"],
 		"force-refetch" => "debug update: force refetch feed data",
@@ -323,6 +324,10 @@
 		}
 	}

+	if (isset($options["gen-encryption-key"])) {
+		echo "Generated encryption key: " . bin2hex(Crypt::generate_key()) . "\n";
+	}
+
 	if (isset($options["plugins-list"])) {
 		$tmppluginhost = new PluginHost();
 		$tmppluginhost->load_all($tmppluginhost::KIND_ALL);