vpndock/vpn-node/sudo-wrapper.sh

#!/bin/bash
# sudo-wrapper.sh
#
# purevpn-cli (pkg/Node.js binary) calls:
#   sudo purevpn-cli --connect <loc> --install-missing-components
#
# The pkg bootstrap uses argv[1] as the main module path when
# --install-missing-components is present. With the original call order,
# argv[1] = '--connect', so pkg tries require('/--connect') → crash.
#
# Fix: move --install-missing-components to argv[1] position so pkg sees it
# as its own bootstrap flag instead of a module path.
#
# We do NOT use env -i — the child needs parent env vars (auth session, etc).
# Instead, a depth counter (PUREVPN_SUDO_DEPTH) prevents infinite recursion
# in case the child also tries to call sudo.

DEPTH="${PUREVPN_SUDO_DEPTH:-0}"
if [[ "$DEPTH" -ge 2 ]]; then
    echo "[sudo-wrapper] recursion depth $DEPTH — exiting 0" >&2
    exit 0
fi
NEXT_DEPTH=$(( DEPTH + 1 ))

binary=""
has_install_flag=false
other_args=()

for a in "$@"; do
    case "$a" in
        -E|-n|-H|--preserve-env|--non-interactive) continue ;;  # sudo flags, ignore
        --install-missing-components) has_install_flag=true ;;
        *)
            if [[ -z "$binary" ]]; then
                binary="$a"
            else
                other_args+=("$a")
            fi
            ;;
    esac
done

if [[ -z "$binary" ]]; then
    echo "[sudo-wrapper] no binary supplied" >&2
    exit 1
fi

if [[ "$has_install_flag" == "true" ]]; then
    echo "[sudo-wrapper] reorder (depth=$NEXT_DEPTH): $binary --install-missing-components ${other_args[*]}" >&2
    exec env PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \
        "$binary" "--install-missing-components" "${other_args[@]}"
else
    echo "[sudo-wrapper] passthrough (depth=$NEXT_DEPTH): $binary ${other_args[*]}" >&2
    exec env PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \
        "$binary" "${other_args[@]}"
fi