application/front/controller/visitor/InstallController.php

   1 <?php
   2
   3 declare(strict_types=1);
   4
   5 namespace Shaarli\Front\Controller\Visitor;
   6
   7 use Shaarli\Container\ShaarliContainer;
   8 use Shaarli\Front\Exception\AlreadyInstalledException;
   9 use Shaarli\Front\Exception\ResourcePermissionException;
  10 use Shaarli\Helper\ApplicationUtils;
  11 use Shaarli\Languages;
  12 use Shaarli\Security\SessionManager;
  13 use Slim\Http\Request;
  14 use Slim\Http\Response;
  15
  16 /**
  17  * Slim controller used to render install page, and create initial configuration file.
  18  */
  19 class InstallController extends ShaarliVisitorController
  20 {
  21     public const SESSION_TEST_KEY = 'session_tested';
  22     public const SESSION_TEST_VALUE = 'Working';
  23
  24     public function __construct(ShaarliContainer $container)
  25     {
  26         parent::__construct($container);
  27
  28         if (is_file($this->container->conf->getConfigFileExt())) {
  29             throw new AlreadyInstalledException();
  30         }
  31     }
  32
  33     /**
  34      * Display the install template page.
  35      * Also test file permissions and sessions beforehand.
  36      */
  37     public function index(Request $request, Response $response): Response
  38     {
  39         // Before installation, we'll make sure that permissions are set properly, and sessions are working.
  40         $this->checkPermissions();
  41
  42         if (static::SESSION_TEST_VALUE
  43             !== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
  44         ) {
  45             $this->container->sessionManager->setSessionParameter(static::SESSION_TEST_KEY, static::SESSION_TEST_VALUE);
  46
  47             return $this->redirect($response, '/install/session-test');
  48         }
  49
  50         [$continents, $cities] = generateTimeZoneData(timezone_identifiers_list(), date_default_timezone_get());
  51
  52         $this->assignView('continents', $continents);
  53         $this->assignView('cities', $cities);
  54         $this->assignView('languages', Languages::getAvailableLanguages());
  55
  56         $phpEol = new \DateTimeImmutable(ApplicationUtils::getPhpEol(PHP_VERSION));
  57
  58         $this->assignView('php_version', PHP_VERSION);
  59         $this->assignView('php_eol', format_date($phpEol, false));
  60         $this->assignView('php_has_reached_eol', $phpEol < new \DateTimeImmutable());
  61         $this->assignView('php_extensions', ApplicationUtils::getPhpExtensionsRequirement());
  62         $this->assignView('permissions', ApplicationUtils::checkResourcePermissions($this->container->conf));
  63
  64         $this->assignView('pagetitle', t('Install Shaarli'));
  65
  66         return $response->write($this->render('install'));
  67     }
  68
  69     /**
  70      * Route checking that the session parameter has been properly saved between two distinct requests.
  71      * If the session parameter is preserved, redirect to install template page, otherwise displays error.
  72      */
  73     public function sessionTest(Request $request, Response $response): Response
  74     {
  75         // This part makes sure sessions works correctly.
  76         // (Because on some hosts, session.save_path may not be set correctly,
  77         // or we may not have write access to it.)
  78         if (static::SESSION_TEST_VALUE
  79             !== $this->container->sessionManager->getSessionParameter(static::SESSION_TEST_KEY)
  80         ) {
  81             // Step 2: Check if data in session is correct.
  82             $msg = t(
  83                 '<pre>Sessions do not seem to work correctly on your server.<br>'.
  84                 'Make sure the variable "session.save_path" is set correctly in your PHP config, '.
  85                 'and that you have write access to it.<br>'.
  86                 'It currently points to %s.<br>'.
  87                 'On some browsers, accessing your server via a hostname like \'localhost\' '.
  88                 'or any custom hostname without a dot causes cookie storage to fail. '.
  89                 'We recommend accessing your server via it\'s IP address or Fully Qualified Domain Name.<br>'
  90             );
  91             $msg = sprintf($msg, $this->container->sessionManager->getSavePath());
  92
  93             $this->assignView('message', $msg);
  94
  95             return $response->write($this->render('error'));
  96         }
  97
  98         return $this->redirect($response, '/install');
  99     }
 100
 101     /**
 102      * Save installation form and initialize config file and datastore if necessary.
 103      */
 104     public function save(Request $request, Response $response): Response
 105     {
 106         $timezone = 'UTC';
 107         if (!empty($request->getParam('continent'))
 108             && !empty($request->getParam('city'))
 109             && isTimeZoneValid($request->getParam('continent'), $request->getParam('city'))
 110         ) {
 111             $timezone = $request->getParam('continent') . '/' . $request->getParam('city');
 112         }
 113         $this->container->conf->set('general.timezone', $timezone);
 114
 115         $login = $request->getParam('setlogin');
 116         $this->container->conf->set('credentials.login', $login);
 117         $salt = sha1(uniqid('', true) .'_'. mt_rand());
 118         $this->container->conf->set('credentials.salt', $salt);
 119         $this->container->conf->set('credentials.hash', sha1($request->getParam('setpassword') . $login . $salt));
 120
 121         if (!empty($request->getParam('title'))) {
 122             $this->container->conf->set('general.title', escape($request->getParam('title')));
 123         } else {
 124             $this->container->conf->set(
 125                 'general.title',
 126                 'Shared bookmarks on '.escape(index_url($this->container->environment))
 127             );
 128         }
 129
 130         $this->container->conf->set('translation.language', escape($request->getParam('language')));
 131         $this->container->conf->set('updates.check_updates', !empty($request->getParam('updateCheck')));
 132         $this->container->conf->set('api.enabled', !empty($request->getParam('enableApi')));
 133         $this->container->conf->set(
 134             'api.secret',
 135             generate_api_secret(
 136                 $this->container->conf->get('credentials.login'),
 137                 $this->container->conf->get('credentials.salt')
 138             )
 139         );
 140         $this->container->conf->set('general.header_link', $this->container->basePath . '/');
 141
 142         try {
 143             // Everything is ok, let's create config file.
 144             $this->container->conf->write($this->container->loginManager->isLoggedIn());
 145         } catch (\Exception $e) {
 146             $this->assignView('message', t('Error while writing config file after configuration update.'));
 147             $this->assignView('stacktrace', $e->getMessage() . PHP_EOL . $e->getTraceAsString());
 148
 149             return $response->write($this->render('error'));
 150         }
 151
 152         $this->container->sessionManager->setSessionParameter(
 153             SessionManager::KEY_SUCCESS_MESSAGES,
 154             [t('Shaarli is now configured. Please login and start shaaring your bookmarks!')]
 155         );
 156
 157         return $this->redirect($response, '/login');
 158     }
 159
 160     protected function checkPermissions(): bool
 161     {
 162         // Ensure Shaarli has proper access to its resources
 163         $errors = ApplicationUtils::checkResourcePermissions($this->container->conf, true);
 164         if (empty($errors)) {
 165             return true;
 166         }
 167
 168         $message = t('Insufficient permissions:') . PHP_EOL;
 169         foreach ($errors as $error) {
 170             $message .= PHP_EOL . $error;
 171         }
 172
 173         throw new ResourcePermissionException($message);
 174     }
 175 }