polr/app/Http/Controllers/SetupController.php

<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Http\Redirect;
use Illuminate\Support\Facades\Artisan;

use App\Helpers\CryptoHelper;
use App\Models\User;
use App\Factories\UserFactory;
use Cache;

class SetupController extends Controller {
    protected static function parseExitCode($exitCode) {
        if ($exitCode == 0) {
            return true;
        }
        else {
            return false;
        }
    }

    private static function setupAlreadyRan() {
        return view('error', [
            'message' => 'Sorry, but you have already ran the setup script previously.'
        ]);
    }

    private function resetDatabase() {
        $exitCode = Artisan::call('migrate:refresh', [
            '--force' => true,
        ]);
        return self::parseExitCode($exitCode);
    }

    private static function createDatabase() {
        $exitCode = Artisan::call('migrate', [
            '--force' => true,
        ]);
        return self::parseExitCode($exitCode);
    }

    public static function displaySetupPage(Request $request) {
        if (env('POLR_SETUP_RAN')) {
            return self::setupAlreadyRan();
        }

        return view('setup');
    }

    public static function performSetup(Request $request) {
        if (env('POLR_SETUP_RAN')) {
            return self::setupAlreadyRan();
        }

        $app_key = CryptoHelper::generateRandomHex(16);
        $setup_auth_key = CryptoHelper::generateRandomHex(16);

        $app_name = $request->input('app:name');
        $app_protocol = $request->input('app:protocol');

        $app_address = $request->input('app:external_url');
        $app_protocol = $request->input('app:protocol');
        $app_stylesheet = $request->input('app:stylesheet');

        date_default_timezone_set('UTC');
        $date_today = date('F jS, Y');

        $polr_setup_ran = 'true';
        $db_host = $request->input('db:host');
        $db_port = $request->input('db:port');
        $db_name = $request->input('db:name');
        $db_username = $request->input('db:username');
        $db_password = $request->input('db:password');

        $st_public_interface = $request->input('setting:public_interface');

        $polr_registration_setting = $request->input('setting:registration_permission');

        if ($polr_registration_setting == 'no-verification') {
            $polr_acct_activation = false;
            $polr_allow_acct_creation = true;
        }
        else if ($polr_registration_setting == 'none') {
            $polr_acct_activation = false;
            $polr_allow_acct_creation = false;
        }
        else if ($polr_registration_setting == 'email') {
            $polr_acct_activation = true;
            $polr_allow_acct_creation = true;
        }
        else {
            return view('error', [
                'message' => 'Invalid registration settings'
            ]);
        }

        $acct_username = $request->input('acct:username');
        $acct_email = $request->input('acct:email');
        $acct_password = $request->input('acct:password');
        $acct_group = "admin";

        // if true, only logged in users can shorten
        $st_shorten_permission = $request->input('setting:shorten_permission');
        $st_index_redirect = $request->input('setting:index_redirect');
        $st_password_recov = $request->input('setting:password_recovery');

        $st_base = $request->input('setting:base');

        $st_auto_api_key = $request->input('setting:auto_api_key');
        $st_anon_api = $request->input('setting:anon_api');

        $mail_host = $request->input('app:smtp_server');
        $mail_port = $request->input('app:smtp_port');
        $mail_username = $request->input('app:smtp_username');
        $mail_password = $request->input('app:smtp_password');
        $mail_from = $request->input('app:smtp_from');
        $mail_from_name = $request->input('app:smtp_from_name');

        if ($mail_host) {
            $mail_enabled = true;
        }
        else {
            $mail_enabled = false;
        }

        $compiled_configuration = view('env', [
            'APP_KEY' => $app_key,
            'APP_NAME' => $app_name,
            'APP_PROTOCOL' => $app_protocol,
            'APP_ADDRESS' => $app_address,
            'APP_STYLESHEET' => $app_stylesheet,
            'POLR_GENERATED_AT' => $date_today,
            'POLR_SETUP_RAN' => $polr_setup_ran,

            'DB_HOST' => $db_host,
            'DB_PORT' => $db_port,
            'DB_USERNAME' => $db_username,
            'DB_PASSWORD' => $db_password,
            'DB_DATABASE' => $db_name,

            'ST_PUBLIC_INTERFACE' => $st_public_interface,
            'POLR_ALLOW_ACCT_CREATION' => $polr_allow_acct_creation,
            'POLR_ACCT_ACTIVATION' => $polr_acct_activation,
            'ST_SHORTEN_PERMISSION' => $st_shorten_permission,
            'ST_INDEX_REDIRECT' => $st_index_redirect,
            'ST_PASSWORD_RECOV' => $st_password_recov,

            'MAIL_ENABLED' => $mail_enabled,
            'MAIL_HOST' => $mail_host,
            'MAIL_PORT' => $mail_port,
            'MAIL_USERNAME' => $mail_username,
            'MAIL_PASSWORD' => $mail_password,
            'MAIL_FROM_ADDRESS' => $mail_from,
            'MAIL_FROM_NAME' => $mail_from_name,

            'ST_BASE' => $st_base,
            'ST_AUTO_API' => $st_auto_api_key,
            'ST_ANON_API' => $st_anon_api,

            'TMP_SETUP_AUTH_KEY' => $setup_auth_key
        ])->render();

        $handle = fopen('../.env', 'w');
        if (fwrite($handle, $compiled_configuration) === FALSE) {
            $response = view('error', [
                'message' => 'Could not write configuration to disk.'
            ]);
        } else {
            Cache::flush();

            $setup_finish_arguments = json_encode([
                'acct_username' => $acct_username,
                'acct_email' => $acct_email,
                'acct_password' => $acct_password,
                'setup_auth_key' => $setup_auth_key
            ]);

            $response = redirect(route('setup_finish'));

            // set cookie with information needed for finishSetup, expire in 60 seconds
            // we use PHP's setcookie rather than Laravel's cookie capabilities because
            // our app key changes and Laravel encrypts cookies.
            setcookie('setup_arguments', $setup_finish_arguments, time()+60);
        }
        fclose($handle);

        return $response;

    }

    public static function finishSetup(Request $request) {
        // get data from cookie, decode JSON
        if (!isset($_COOKIE['setup_arguments'])) {
            abort(404);
        }

        $setup_finish_args_raw = $_COOKIE['setup_arguments'];
        $setup_finish_args = json_decode($setup_finish_args_raw);

        // unset cookie
        setcookie('setup_arguments', '', time()-3600);

        $transaction_authorised = env('TMP_SETUP_AUTH_KEY') == $setup_finish_args->setup_auth_key;

        if ($transaction_authorised != true) {
            abort(403, 'Transaction unauthorised.');
        }

        $database_created = self::createDatabase();
        if (!$database_created) {
            return redirect(route('setup'))->with('error', 'Could not create database. Perhaps some credentials were incorrect?');
        }

        $user = UserFactory::createUser($setup_finish_args->acct_username, $setup_finish_args->acct_email, $setup_finish_args->acct_password, 1, $request->ip());
        $user->role = 'admin';
        $user->save();

        return view('setup_thanks')->with('success', 'Set up completed! Thanks for using Polr!');
    }
}