#!/usr/bin/env bash set -euo pipefail ENVFILE="$1"; SERVICE="$2"; SECRET_DIR="$3"; OWNER="$4"; MODE="$5"; APP_ID="$6"; GATEWAY="$7"; NOTIFY="$8"; TS="$9" APP_PRIV="$SECRET_DIR/app_private_key.pem" ALIPAY_PUB="$SECRET_DIR/alipay_public_key.pem" if command -v sudo >/dev/null 2>&1; then SUDO="sudo -n"; else SUDO=""; fi $SUDO mkdir -p "$SECRET_DIR" $SUDO install -m 0600 -o "${OWNER%%:*}" -g "${OWNER##*:}" "/tmp/sublb_alipay_app_private_$TS.pem" "$APP_PRIV" $SUDO install -m 0644 -o "${OWNER%%:*}" -g "${OWNER##*:}" "/tmp/sublb_alipay_public_$TS.pem" "$ALIPAY_PUB" $SUDO cp "$ENVFILE" "$ENVFILE.bak_alipay_$TS" tmp="/tmp/sublb_env_alipay_$TS" $SUDO awk ' BEGIN{ split("ALIPAY_APP_ID ALIPAY_GATEWAY_URL ALIPAY_NOTIFY_URL ALIPAY_APP_PRIVATE_KEY_PATH ALIPAY_PUBLIC_KEY_PATH ALIPAY_SIGN_TYPE ALIPAY_CHARSET", ks, " "); for (i in ks) repl[ks[i]]=1 } { key=$0; sub(/=.*/, "", key); if (!(key in repl)) print $0; } END{ print ""; print "# Alipay F2F production config added 2026-05-03; values managed consistently across 80/103/74."; print "ALIPAY_APP_ID=" ENVIRON["SUBLB_ALIPAY_APP_ID_DEPLOY"]; print "ALIPAY_GATEWAY_URL=" ENVIRON["SUBLB_ALIPAY_GATEWAY_DEPLOY"]; print "ALIPAY_NOTIFY_URL=" ENVIRON["SUBLB_ALIPAY_NOTIFY_DEPLOY"]; print "ALIPAY_APP_PRIVATE_KEY_PATH=" ENVIRON["SUBLB_ALIPAY_PRIV_DEPLOY"]; print "ALIPAY_PUBLIC_KEY_PATH=" ENVIRON["SUBLB_ALIPAY_PUB_DEPLOY"]; print "ALIPAY_SIGN_TYPE=RSA2"; print "ALIPAY_CHARSET=UTF-8"; }' "$ENVFILE" > "$tmp" SUBLB_ALIPAY_APP_ID_DEPLOY="$APP_ID" SUBLB_ALIPAY_GATEWAY_DEPLOY="$GATEWAY" SUBLB_ALIPAY_NOTIFY_DEPLOY="$NOTIFY" SUBLB_ALIPAY_PRIV_DEPLOY="$APP_PRIV" SUBLB_ALIPAY_PUB_DEPLOY="$ALIPAY_PUB" \ $SUDO awk ' BEGIN{ split("ALIPAY_APP_ID ALIPAY_GATEWAY_URL ALIPAY_NOTIFY_URL ALIPAY_APP_PRIVATE_KEY_PATH ALIPAY_PUBLIC_KEY_PATH ALIPAY_SIGN_TYPE ALIPAY_CHARSET", ks, " "); for (i in ks) repl[ks[i]]=1 } { key=$0; sub(/=.*/, "", key); if (!(key in repl)) print $0; } END{ print ""; print "# Alipay F2F production config added 2026-05-03; values managed consistently across 80/103/74."; print "ALIPAY_APP_ID=" ENVIRON["SUBLB_ALIPAY_APP_ID_DEPLOY"]; print "ALIPAY_GATEWAY_URL=" ENVIRON["SUBLB_ALIPAY_GATEWAY_DEPLOY"]; print "ALIPAY_NOTIFY_URL=" ENVIRON["SUBLB_ALIPAY_NOTIFY_DEPLOY"]; print "ALIPAY_APP_PRIVATE_KEY_PATH=" ENVIRON["SUBLB_ALIPAY_PRIV_DEPLOY"]; print "ALIPAY_PUBLIC_KEY_PATH=" ENVIRON["SUBLB_ALIPAY_PUB_DEPLOY"]; print "ALIPAY_SIGN_TYPE=RSA2"; print "ALIPAY_CHARSET=UTF-8"; }' "$ENVFILE" > "$tmp" $SUDO install -m "$MODE" -o "${OWNER%%:*}" -g "${OWNER##*:}" "$tmp" "$ENVFILE" rm -f "$tmp" "/tmp/sublb_alipay_app_private_$TS.pem" "/tmp/sublb_alipay_public_$TS.pem" # masked readback only awk -F= '/^ALIPAY_/{k=$1; v=$0; sub(/^[^=]*=/,"",v); if (k ~ /(KEY|APP_ID|PUBLIC|PRIVATE|SECRET|TOKEN|SELLER_ID)/) print k"="; else print k"="v}' "$ENVFILE"