Fixes #4425: generate cookie validation keys in local config files.

2025-08-26 06:15:19 +08:00 · 2014-08-01 15:00:15 -04:00
parent 2a8ca600c5
commit 066989f0b0
9 changed files with 181 additions and 128 deletions
--- a/apps/advanced/backend/config/main.php
+++ b/apps/advanced/backend/config/main.php
@ -13,10 +13,6 @@ return [
    'bootstrap' => ['log'],
    'modules' => [],
    'components' => [
        'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '',
        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
--- a/apps/advanced/composer.json
+++ b/apps/advanced/composer.json
@ -32,8 +32,7 @@
    },
    "scripts": {
        "post-create-project-cmd": [
-            "yii\\composer\\Installer::setPermission",
+            "yii\\composer\\Installer::setPermission"
            "yii\\composer\\Installer::generateCookieValidationKey"
        ]
    },
    "config": {
@ -46,10 +45,6 @@
            "frontend/runtime",
            "frontend/web/assets"
        ],
        "config": [
            "frontend/config/main.php",
            "backend/config/main.php"
        ]
    }
 }
--- a/apps/advanced/environments/dev/backend/config/main-local.php
+++ b/apps/advanced/environments/dev/backend/config/main-local.php
@ -1,6 +1,13 @@
 <?php
-$config = [];
+$config = [
    'components' => [
        'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '',
        ],
    ],
 ];
 if (!YII_ENV_TEST) {
    // configuration adjustments for 'dev' environment
--- a/apps/advanced/environments/dev/frontend/config/main-local.php
+++ b/apps/advanced/environments/dev/frontend/config/main-local.php
@ -1,6 +1,13 @@
 <?php
-$config = [];
+$config = [
    'components' => [
        'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '',
        ],
    ],
 ];
 if (!YII_ENV_TEST) {
    // configuration adjustments for 'dev' environment
--- a/apps/advanced/environments/index.php
+++ b/apps/advanced/environments/index.php
@ -9,9 +9,15 @@
 * return [
 *     'environment name' => [
 *         'path' => 'directory storing the local files',
- *         'writable' => [
+ *         'setWritable' => [
 *             // list of directories that should be set writable
 *         ],
 *         'setExecutable' => [
 *             // list of directories that should be set executable
 *         ],
 *         'setCookieValidationKey' => [
 *             // list of config files that need to be inserted with automatically generated cookie validation keys
 *         ],
 *     ],
 * ];
 * ```
@ -19,26 +25,34 @@
 return [
    'Development' => [
        'path' => 'dev',
-        'writable' => [
+        'setWritable' => [
            'backend/runtime',
            'backend/web/assets',
            'frontend/runtime',
            'frontend/web/assets',
        ],
-        'executable' => [
+        'setExecutable' => [
            'yii',
        ],
        'setCookieValidationKey' => [
            'backend/config/main-local.php',
            'frontend/config/main-local.php',
        ],
    ],
    'Production' => [
        'path' => 'prod',
-        'writable' => [
+        'setWritable' => [
            'backend/runtime',
            'backend/web/assets',
            'frontend/runtime',
            'frontend/web/assets',
        ],
-        'executable' => [
+        'setExecutable' => [
            'yii',
        ],
        'setCookieValidationKey' => [
            'backend/config/main-local.php',
            'frontend/config/main-local.php',
        ],
    ],
 ];
--- a/apps/advanced/environments/prod/backend/config/main-local.php
+++ b/apps/advanced/environments/prod/backend/config/main-local.php
@ -1,3 +1,9 @@
 <?php
 return [
    'components' => [
        'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '',
        ],
    ],
 ];
--- a/apps/advanced/environments/prod/frontend/config/main-local.php
+++ b/apps/advanced/environments/prod/frontend/config/main-local.php
@ -1,3 +1,9 @@
 <?php
 return [
    'components' => [
        'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '',
        ],
    ],
 ];
--- a/apps/advanced/frontend/config/main.php
+++ b/apps/advanced/frontend/config/main.php
@ -12,10 +12,6 @@ return [
    'bootstrap' => ['log'],
    'controllerNamespace' => 'frontend\controllers',
    'components' => [
        'request' => [
            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
            'cookieValidationKey' => '',
        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,
--- a/apps/advanced/init
+++ b/apps/advanced/init
@ -14,6 +14,10 @@
 * @license http://www.yiiframework.com/license/
 */
 if (!extension_loaded('mcrypt')) {
    die('The mcrypt PHP extension is required by Yii2.');
 }
 $params = getParams();
 $root = str_replace('\\', '/', __DIR__);
 $envs = require("$root/environments/index.php");
@ -23,147 +27,169 @@ echo "Yii Application Initialization Tool v1.0\n\n";
 $envName = null;
 if (empty($params['env']) || $params['env'] === '1') {
-	echo "Which environment do you want the application to be initialized in?\n\n";
+    echo "Which environment do you want the application to be initialized in?\n\n";
-	foreach ($envNames as $i => $name) {
+    foreach ($envNames as $i => $name) {
-		echo "  [$i] $name\n";
+        echo "  [$i] $name\n";
-	}
+    }
-	echo "\n  Your choice [0-" . (count($envs) - 1) . ', or "q" to quit] ';
+    echo "\n  Your choice [0-" . (count($envs) - 1) . ', or "q" to quit] ';
-	$answer = trim(fgets(STDIN));
+    $answer = trim(fgets(STDIN));
-	if (!ctype_digit($answer) || !in_array($answer, range(0, count($envs) - 1))) {
+    if (!ctype_digit($answer) || !in_array($answer, range(0, count($envs) - 1))) {
-		echo "\n  Quit initialization.\n";
+        echo "\n  Quit initialization.\n";
-		exit(0);
+        exit(0);
-	}
+    }
-	if (isset($envNames[$answer])) {
+    if (isset($envNames[$answer])) {
-		$envName = $envNames[$answer];
+        $envName = $envNames[$answer];
-	}
+    }
 } else {
-	$envName = $params['env'];
+    $envName = $params['env'];
 }
 if (!in_array($envName, $envNames)) {
-	$envsList = implode(', ', $envNames);
+    $envsList = implode(', ', $envNames);
-	echo "\n  $envName is not a valid environment. Try one of the following: $envsList. \n";
+    echo "\n  $envName is not a valid environment. Try one of the following: $envsList. \n";
-	exit(2);
+    exit(2);
 }
 $env = $envs[$envName];
 if (empty($params['env'])) {
-	echo "\n  Initialize the application under '{$envNames[$answer]}' environment? [yes|no] ";
+    echo "\n  Initialize the application under '{$envNames[$answer]}' environment? [yes|no] ";
-	$answer = trim(fgets(STDIN));
+    $answer = trim(fgets(STDIN));
-	if (strncasecmp($answer, 'y', 1)) {
+    if (strncasecmp($answer, 'y', 1)) {
-		echo "\n  Quit initialization.\n";
+        echo "\n  Quit initialization.\n";
-		exit(0);
+        exit(0);
-	}
+    }
 }
 echo "\n  Start initialization ...\n\n";
 $files = getFileList("$root/environments/{$env['path']}");
 $all = false;
 foreach ($files as $file) {
-	if (!copyFile($root, "environments/{$env['path']}/$file", $file, $all, $params)) {
+    if (!copyFile($root, "environments/{$env['path']}/$file", $file, $all, $params)) {
-		break;
+        break;
-	}
+    }
 }
-if (isset($env['writable'])) {
+$callbacks = ['setCookieValidationKey', 'setWritable', 'setExecutable'];
-	foreach ($env['writable'] as $writable) {
+foreach ($callbacks as $callback) {
-		echo "      chmod 0777 $writable\n";
+    if (!empty($env[$callback])) {
-		@chmod("$root/$writable", 0777);
+        $callback($root, $env[$callback]);
-	}
+    }
 }
 if (isset($env['executable'])) {
 	foreach ($env['executable'] as $executable) {
 		echo "      chmod 0755 $executable\n";
 		@chmod("$root/$executable", 0755);
 	}
 }
 echo "\n  ... initialization completed.\n\n";
 function getFileList($root, $basePath = '')
 {
-	$files = [];
+    $files = [];
-	$handle = opendir($root);
+    $handle = opendir($root);
-	while (($path = readdir($handle)) !== false) {
+    while (($path = readdir($handle)) !== false) {
-		if ($path === '.svn' || $path === '.' || $path === '..') {
+        if ($path === '.svn' || $path === '.' || $path === '..') {
-			continue;
+            continue;
-		}
+        }
-		$fullPath = "$root/$path";
+        $fullPath = "$root/$path";
-		$relativePath = $basePath === '' ? $path : "$basePath/$path";
+        $relativePath = $basePath === '' ? $path : "$basePath/$path";
-		if (is_dir($fullPath)) {
+        if (is_dir($fullPath)) {
-			$files = array_merge($files, getFileList($fullPath, $relativePath));
+            $files = array_merge($files, getFileList($fullPath, $relativePath));
-		} else {
+        } else {
-			$files[] = $relativePath;
+            $files[] = $relativePath;
-		}
+        }
-	}
+    }
-	closedir($handle);
+    closedir($handle);
-	return $files;
+    return $files;
 }
 function copyFile($root, $source, $target, &$all, $params)
 {
-	if (!is_file($root . '/' . $source)) {
+    if (!is_file($root . '/' . $source)) {
-		echo "       skip $target ($source not exist)\n";
+        echo "       skip $target ($source not exist)\n";
-		return true;
+        return true;
-	}
+    }
-	if (is_file($root . '/' . $target)) {
+    if (is_file($root . '/' . $target)) {
-		if (file_get_contents($root . '/' . $source) === file_get_contents($root . '/' . $target)) {
+        if (file_get_contents($root . '/' . $source) === file_get_contents($root . '/' . $target)) {
-			echo "  unchanged $target\n";
+            echo "  unchanged $target\n";
-			return true;
+            return true;
-		}
+        }
-		if ($all) {
+        if ($all) {
-			echo "  overwrite $target\n";
+            echo "  overwrite $target\n";
-		} else {
+        } else {
-			echo "      exist $target\n";
+            echo "      exist $target\n";
-			echo "            ...overwrite? [Yes|No|All|Quit] ";
+            echo "            ...overwrite? [Yes|No|All|Quit] ";
-			$answer = !empty($params['overwrite']) ? $params['overwrite'] : trim(fgets(STDIN));
+            $answer = !empty($params['overwrite']) ? $params['overwrite'] : trim(fgets(STDIN));
-			if (!strncasecmp($answer, 'q', 1)) {
+            if (!strncasecmp($answer, 'q', 1)) {
-				return false;
+                return false;
-			} else {
+            } else {
-				if (!strncasecmp($answer, 'y', 1)) {
+                if (!strncasecmp($answer, 'y', 1)) {
-					echo "  overwrite $target\n";
+                    echo "  overwrite $target\n";
-				} else {
+                } else {
-					if (!strncasecmp($answer, 'a', 1)) {
+                    if (!strncasecmp($answer, 'a', 1)) {
-						echo "  overwrite $target\n";
+                        echo "  overwrite $target\n";
-						$all = true;
+                        $all = true;
-					} else {
+                    } else {
-						echo "       skip $target\n";
+                        echo "       skip $target\n";
-						return true;
+                        return true;
-					}
+                    }
-				}
+                }
-			}
+            }
-		}
+        }
-		file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
+        file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
-		return true;
+        return true;
-	}
+    }
-	echo "   generate $target\n";
+    echo "   generate $target\n";
-	@mkdir(dirname($root . '/' . $target), 0777, true);
+    @mkdir(dirname($root . '/' . $target), 0777, true);
-	file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
+    file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
-	return true;
+    return true;
 }
 function getParams()
 {
-	$rawParams = [];
+    $rawParams = [];
-	if (isset($_SERVER['argv'])) {
+    if (isset($_SERVER['argv'])) {
-		$rawParams = $_SERVER['argv'];
+        $rawParams = $_SERVER['argv'];
-		array_shift($rawParams);
+        array_shift($rawParams);
-	}
+    }
-	$params = [];
+    $params = [];
-	foreach ($rawParams as $param) {
+    foreach ($rawParams as $param) {
-		if (preg_match('/^--(\w+)(=(.*))?$/', $param, $matches)) {
+        if (preg_match('/^--(\w+)(=(.*))?$/', $param, $matches)) {
-			$name = $matches[1];
+            $name = $matches[1];
-			$params[$name] = isset($matches[3]) ? $matches[3] : true;
+            $params[$name] = isset($matches[3]) ? $matches[3] : true;
-		} else {
+        } else {
-			$params[] = $param;
+            $params[] = $param;
-		}
+        }
-	}
+    }
-	return $params;
+    return $params;
 }
 function setWritable($root, $paths)
 {
    foreach ($paths as $writable) {
        echo "      chmod 0777 $writable\n";
        @chmod("$root/$writable", 0777);
    }
 }
 function setExecutable($root, $paths)
 {
    foreach ($paths as $executable) {
        echo "      chmod 0755 $executable\n";
        @chmod("$root/$executable", 0755);
    }
 }
 function setCookieValidationKey($root, $paths)
 {
    foreach ($paths as $file) {
        echo "      generating cookie validation key $file\n";
        $file = $root . '/' . $file;
        $length = 32;
        $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
        $key = strtr(substr(base64_encode($bytes), 0, $length), '+/=', '_-.');
        $content = preg_replace('/(("|\')cookieValidationKey("|\')\s*=>\s*)(""|\'\')/', "\\1'$key'", file_get_contents($file));
        file_put_contents($file, $content);
    }
 }