scan-to-paperless/entrypoint.sh at main · hensing/scan-to-paperless · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
#!/bin/bash
# scan-to-paperless entrypoint
# Author: Dr. Henning Dickten (@hensing)

set -e

# --- 0. Fix Permissions & Drop Privileges ---
# Running as root initially
if [ "$(id -u)" = "0" ]; then

    # Read PUID and PGID from environment, default to 1000
    TARGET_UID=${PUID:-1000}
    TARGET_GID=${PGID:-1000}

    echo "[INIT] Setting up user with PUID: $TARGET_UID and PGID: $TARGET_GID"

    # Update internal user 'appuser' to match requested PUID/PGID
    # We use -o to allow non-unique IDs if necessary
    groupmod -o -g "$TARGET_GID" appgroup
    usermod -o -u "$TARGET_UID" -g "$TARGET_GID" appuser

    echo "[INIT] Fixing permissions on /data and /home/appuser..."

    # Ensure directories exist
    mkdir -p /data/inbox /data/archive

    # Fix ownership for data volume
    chown -R appuser:appgroup /data

    # Ensure home directory structure for Samba
    mkdir -p /home/appuser/samba
    chown -R appuser:appgroup /home/appuser

    echo "[INIT] Dropping privileges to appuser..."
    # Restart script as appuser (now with correct UID/GID)
    exec su-exec appuser "$0" "$@"
fi

# =========================================================
# RUNNING AS APPUSER BELOW THIS LINE
# =========================================================

# --- Set Defaults ---
SMB_USER=${SMB_USER:-"scanner"}
SMB_PASSWORD=${SMB_PASSWORD:-"scan123"}
SMB_SHARE=${SMB_SHARE:-"scanner"}
PAPERLESS_URL=${PAPERLESS_URL:-""}
PAPERLESS_API_KEY=${PAPERLESS_API_KEY:-""}
PAPERLESS_VERIFY_SSL=${PAPERLESS_VERIFY_SSL:-true}
PAPERLESS_TAGS=${PAPERLESS_TAGS:-""}
WHITELIST=${WHITELIST:-"pdf,jpg,png,bmp"}
ARCHIVE=${ARCHIVE:-true}
UPLOAD_TIMEOUT=${UPLOAD_TIMEOUT:-30}
SCAN_SETTLE_TIME=${SCAN_SETTLE_TIME:-5}

# Validate required variables
if [ -z "$PAPERLESS_URL" ] || [ -z "$PAPERLESS_API_KEY" ]; then
    echo "[ERROR] PAPERLESS_URL and PAPERLESS_API_KEY must be set in .env"
    exit 1
fi

echo "╔══════════════════════════════╗"
echo "║      SCAN TO PAPERLESS       ║"
echo "║     Dr. Henning Dickten      ║"
echo "║            2025              ║"
echo "╚══════════════════════════════╝"
echo "[CONFIG] Paperless URL: $PAPERLESS_URL"
echo "[CONFIG] SMB Share: $SMB_SHARE"
echo "[CONFIG] Archive: $ARCHIVE"
echo "[CONFIG] Whitelist: $WHITELIST"
echo "[CONFIG] Settle Time: ${SCAN_SETTLE_TIME}s"
echo "[CONFIG] User UID: $(id -u), GID: $(id -g)"

# --- 1. Samba Configuration ---
SMB_CONF="/tmp/smb.conf"
SMB_USERMAP="/tmp/usermap"

# Create Samba directories in User Home
mkdir -p /home/appuser/samba/private /home/appuser/samba/var/locks /home/appuser/samba/var/cache /home/appuser/samba/var/run

# Username map: map scanner to appuser
echo "appuser = $SMB_USER" > "$SMB_USERMAP"

cat > "$SMB_CONF" <<EOF
[global]
   workgroup = WORKGROUP
   server string = Scanner Share
   security = user
   map to guest = Bad User
   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes
   smb ports = 445
   log level = 1
   username map = $SMB_USERMAP
   private dir = /home/appuser/samba/private
   lock directory = /home/appuser/samba/var/locks
   pid directory = /home/appuser/samba/var/run
   state directory = /home/appuser/samba/var/locks
   cache directory = /home/appuser/samba/var/cache
   ncalrpc dir = /home/appuser/samba/var/locks
   log file = /home/appuser/samba/var/log.%m

[$SMB_SHARE]
   path = /data/inbox
   comment = Place Scans Here
   valid users = appuser
   force user = appuser
   writable = yes
   browsable = yes
   create mask = 0660
   directory mask = 0770
EOF

# Setup Samba User
echo "[INIT] Setting up Samba user for appuser via pdbedit..."
echo -e "$SMB_PASSWORD\n$SMB_PASSWORD" | pdbedit --configfile "$SMB_CONF" -a -u appuser -t

# --- 2. Start Samba in Background ---
echo "[INFO] Starting smbd on port 445..."
smbd -F -s "$SMB_CONF" --no-process-group < /dev/null &
SAMBA_PID=$!

# --- 3. File Watcher & Upload Logic ---
echo "[INFO] Watching /data/inbox for new files..."

# Helper Functions
check_whitelist() {
    local filename="$1"
    local ext="${filename##*.}"
    ext=$(echo "$ext" | tr '[:upper:]' '[:lower:]')

    IFS=',' read -ra EXT_ARRAY <<< "$WHITELIST"
    for allowed_ext in "${EXT_ARRAY[@]}"; do
        allowed_ext=$(echo "$allowed_ext" | tr '[:upper:]' '[:lower:]' | xargs)
        if [ "$ext" = "$allowed_ext" ]; then
            return 0
        fi
    done
    return 1
}

upload_to_paperless() {
    local filepath="$1"
    local filename=$(basename "$filepath")

    echo "[UPLOAD] Uploading $filename to Paperless-NGX..."

    local curl_opts=()
    if [ "$PAPERLESS_VERIFY_SSL" = "false" ]; then
        curl_opts+=("--insecure")
    fi

    local curl_form=("-F" "document=@$filepath")
    if [ -n "$PAPERLESS_TAGS" ]; then
        curl_form+=("-F" "tags=$PAPERLESS_TAGS")
    fi

    if curl "${curl_opts[@]}" \
          --max-time "$UPLOAD_TIMEOUT" \
          -X POST \
          -H "Authorization: Token $PAPERLESS_API_KEY" \
          "${curl_form[@]}" \
          "$PAPERLESS_URL/api/documents/post_document/"; then
        echo "[SUCCESS] Upload complete."
        return 0
    else
        echo "[ERROR] Upload failed."
        return 1
    fi
}

# Watcher Loop
inotifywait -m "/data/inbox" -e close_write -e moved_to --format '%f' | while read FILENAME; do
    echo "[DETECTED] New file: $FILENAME"
    FILEPATH="/data/inbox/$FILENAME"

    if [ -f "$FILEPATH" ]; then
        # 1. Check whitelist FIRST
        if check_whitelist "$FILENAME"; then

            # 2. Settle Time (Wait for write to finish completely)
            echo "[WAIT] Waiting ${SCAN_SETTLE_TIME}s for file to settle..."
            sleep "$SCAN_SETTLE_TIME"

            # Check if file still exists after sleep (race condition check)
            if [ ! -f "$FILEPATH" ]; then
                 echo "[INFO] File disappeared during wait time. Ignoring."
                 continue
            fi

            echo "[CHECK] File type allowed and settled."

            # 3. Upload
            if upload_to_paperless "$FILEPATH"; then
                # Handle post-upload
                if [ "$ARCHIVE" = "true" ]; then
                    TIMESTAMP=$(date +"%Y%m%d_%H%M%S")
                    mv "$FILEPATH" "/data/archive/${TIMESTAMP}_$FILENAME"
                    echo "[ARCHIVE] File moved to archive."
                else
                    rm "$FILEPATH"
                    echo "[DELETE] File deleted."
                fi
            else
                echo "[SKIP] Upload failed, keeping file in inbox for retry."
            fi
        else
            echo "[SKIP] File type not in whitelist ($WHITELIST), ignoring."
        fi
    fi
done &

# Keep container alive
wait $SAMBA_PID