#!/usr/bin/env bash set -euo pipefail ENVFILE="$1"; SECRET_DIR="$2"; OWNER="$3"; MODE="$4"; APP_ID="$5"; GATEWAY="$6"; NOTIFY="$7"; TS="$8"; USE_SUDO="$9" if [ "$USE_SUDO" = "yes" ]; then SUDO="sudo -n"; else SUDO=""; fi APP_PRIV="$SECRET_DIR/app_private_key.pem" ALIPAY_PUB="$SECRET_DIR/alipay_public_key.pem" $SUDO mkdir -p "$SECRET_DIR" $SUDO install -m 0600 -o "${OWNER%%:*}" -g "${OWNER##*:}" "/tmp/sublb_alipay_app_private_$TS.pem" "$APP_PRIV" $SUDO install -m 0644 -o "${OWNER%%:*}" -g "${OWNER##*:}" "/tmp/sublb_alipay_public_$TS.pem" "$ALIPAY_PUB" $SUDO cp "$ENVFILE" "$ENVFILE.bak_alipay_fix_$TS" tmp="/tmp/sublb_env_alipay_fix_$TS" $SUDO awk \ -v app_id="$APP_ID" \ -v gateway="$GATEWAY" \ -v notify="$NOTIFY" \ -v priv="$APP_PRIV" \ -v pub="$ALIPAY_PUB" ' BEGIN{ split("ALIPAY_APP_ID ALIPAY_GATEWAY_URL ALIPAY_NOTIFY_URL ALIPAY_APP_PRIVATE_KEY_PATH ALIPAY_PUBLIC_KEY_PATH ALIPAY_SIGN_TYPE ALIPAY_CHARSET SUBLB_ALIPAY_APP_ID SUBLB_ALIPAY_APP_PRIVATE_KEY_PATH SUBLB_ALIPAY_PUBLIC_KEY_PATH", ks, " "); for (i in ks) repl[ks[i]]=1 } { key=$0; sub(/=.*/, "", key); if (!(key in repl)) print $0; } END{ print ""; print "# Alipay F2F production config added 2026-05-03; values managed consistently across 80/103/74."; print "ALIPAY_APP_ID=" app_id; print "ALIPAY_GATEWAY_URL=" gateway; print "ALIPAY_NOTIFY_URL=" notify; print "ALIPAY_APP_PRIVATE_KEY_PATH=" priv; print "ALIPAY_PUBLIC_KEY_PATH=" pub; print "ALIPAY_SIGN_TYPE=RSA2"; print "ALIPAY_CHARSET=UTF-8"; }' "$ENVFILE" > "$tmp" $SUDO install -m "$MODE" -o "${OWNER%%:*}" -g "${OWNER##*:}" "$tmp" "$ENVFILE" rm -f "$tmp" "/tmp/sublb_alipay_app_private_$TS.pem" "/tmp/sublb_alipay_public_$TS.pem" || true awk -F= '/^ALIPAY_/{k=$1; v=$0; sub(/^[^=]*=/,"",v); if (k ~ /(KEY|APP_ID|PUBLIC|PRIVATE|SECRET|TOKEN|SELLER_ID)/) print k"="; else print k"="v}' "$ENVFILE"