#!/bin/bash # IPTV Server Patch v2.7.7 - Critical Security Fix: Hardware ID Isolation # This patch fixes a critical vulnerability where Hardware IDs were synchronized between servers set -e echo "=====================================" echo "IPTV Server Security Patch v2.7.7" echo "Critical: Hardware ID Isolation Fix" echo "=====================================" echo # Check if running as root if [ "$EUID" -ne 0 ]; then echo "❌ Please run as root (use sudo)" exit 1 fi # Find IPTV installation directory INSTALL_DIR="/opt/iptv" if [ ! -d "$INSTALL_DIR/app" ]; then echo "❌ IPTV Server not found at $INSTALL_DIR" echo "Looking for alternative locations..." # Check common locations for dir in /home/*/iptv-server* /root/iptv-server*; do if [ -d "$dir/app" ]; then INSTALL_DIR="$dir" echo "✅ Found IPTV installation at: $INSTALL_DIR" break fi done if [ ! -d "$INSTALL_DIR/app" ]; then echo "❌ Could not find IPTV installation" exit 1 fi fi APP_DIR="$INSTALL_DIR/app" echo "🔍 Installation directory: $INSTALL_DIR" echo "📁 Application directory: $APP_DIR" echo # Backup current files echo "📦 Creating backup..." BACKUP_DIR="/tmp/iptv-backup-$(date +%Y%m%d-%H%M%S)" mkdir -p "$BACKUP_DIR" # Backup files that will be modified cp -p "$APP_DIR/license_validator.py" "$BACKUP_DIR/" 2>/dev/null || true cp -p "$APP_DIR/license_manager.py" "$BACKUP_DIR/" 2>/dev/null || true cp -p "$APP_DIR/demo_middleware.py" "$BACKUP_DIR/" 2>/dev/null || true cp -p "$APP_DIR/app.py" "$BACKUP_DIR/" 2>/dev/null || true cp -p "$APP_DIR/startup_fix.py" "$BACKUP_DIR/" 2>/dev/null || true cp -p "$APP_DIR/version.py" "$BACKUP_DIR/" 2>/dev/null || true cp -p "$APP_DIR/VERSION" "$BACKUP_DIR/" 2>/dev/null || true echo "✅ Backup created at: $BACKUP_DIR" echo # Stop services echo "🛑 Stopping IPTV services..." docker-compose -f "$INSTALL_DIR/docker-compose.yml" down 2>/dev/null || \ docker-compose -f "$INSTALL_DIR/docker/docker-compose.iptv.yml" down 2>/dev/null || \ echo "⚠️ Could not stop services automatically" # Apply the patch - copy files from current working directory echo "🔧 Applying security patch..." # Get the directory where this script is located PATCH_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SOURCE_DIR="$(dirname "$PATCH_DIR")/iptv-server-install-v2.0.0-licensed/app" if [ ! -d "$SOURCE_DIR" ]; then echo "❌ Source files not found at: $SOURCE_DIR" echo "Please ensure the patched files are in the correct location" exit 1 fi # Copy the patched files echo "📝 Updating files..." cp "$SOURCE_DIR/license_validator.py" "$APP_DIR/" cp "$SOURCE_DIR/license_manager.py" "$APP_DIR/" cp "$SOURCE_DIR/demo_middleware.py" "$APP_DIR/" cp "$SOURCE_DIR/app.py" "$APP_DIR/" cp "$SOURCE_DIR/startup_fix.py" "$APP_DIR/" cp "$SOURCE_DIR/version.py" "$APP_DIR/" cp "$SOURCE_DIR/VERSION" "$APP_DIR/" echo "✅ Files updated successfully" echo # Clear Redis license cache (critical for this security fix) echo "🗑️ Clearing Redis license cache..." docker exec iptv-redis redis-cli --scan --pattern 'license:*' | xargs docker exec iptv-redis redis-cli del 2>/dev/null || \ echo "⚠️ Could not clear Redis cache automatically - please do this manually" echo echo "📋 Manual Redis cleanup (if automatic failed):" echo " docker exec -it iptv-redis redis-cli" echo " KEYS license:* | xargs DEL" echo " exit" echo # Start services echo "🚀 Starting IPTV services..." docker-compose -f "$INSTALL_DIR/docker-compose.yml" up -d 2>/dev/null || \ docker-compose -f "$INSTALL_DIR/docker/docker-compose.iptv.yml" up -d 2>/dev/null || \ echo "⚠️ Please start services manually" echo echo "=====================================" echo "✅ Security Patch v2.7.7 Applied!" echo "=====================================" echo echo "🔒 SECURITY FIX: Hardware IDs are now isolated per server" echo "🔒 Each server maintains its own license state" echo "🔒 Prevents license sharing between servers" echo echo "🔄 Each server will regenerate its license validation on first run" echo "📝 Backup saved at: $BACKUP_DIR" echo echo "⚠️ IMPORTANT: If you have multiple servers:" echo " - Apply this patch to ALL servers" echo " - Each server will validate independently" echo " - License sharing is no longer possible" echo echo "If you encounter issues:" echo "1. Check logs: docker logs iptv-backend" echo "2. Restore from backup: cp $BACKUP_DIR/* $APP_DIR/" echo "3. Contact support@powerdata.dk" echo