From dd3d6f31725a623ea6b9962e5ef28171f1047e68 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Mon, 21 Dec 2020 11:38:25 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E5=AE=89=E8=A3=85=E8=84=9A?=
 =?UTF-8?q?=E6=9C=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加随机token设置
---
 application/admin/command/Install.php | 33 +++++++++++++++++++--------
 1 file changed, 23 insertions(+), 10 deletions(-)

diff --git a/application/admin/command/Install.php b/application/admin/command/Install.php
index 82dd8c76..eba8d451 100644
--- a/application/admin/command/Install.php
+++ b/application/admin/command/Install.php
@@ -199,21 +199,34 @@ class Install extends Command
         // 后台入口文件
         $adminFile = ROOT_PATH . 'public' . DS . 'admin.php';
 
-        // 生成数据库Env配置文件
-        $envFile = ROOT_PATH . '.env.sample';
-        $envStr = @file_get_contents($envFile);
+        // 数据库配置文件
+        $dbConfigFile = APP_PATH . 'database.php';
+        $dbConfigText = @file_get_contents($dbConfigFile);
         $callback = function ($matches) use ($mysqlHostname, $mysqlHostport, $mysqlUsername, $mysqlPassword, $mysqlDatabase, $mysqlPrefix) {
             $field = "mysql" . ucfirst($matches[1]);
             $replace = $$field;
             return "{$matches[1]} = {$replace}" . PHP_EOL;
         };
-        $envConf = preg_replace_callback('/(hostname|database|username|password|hostport|prefix)\s*=\s*(.*?)\n/', $callback, $envStr);
+        $dbConfigText = preg_replace_callback("/'(hostname|database|username|password|hostport|prefix)'(\s+)=>(\s+)Env::get\((.*)\)\,/", $callback, $config);
 
-        $result = @file_put_contents(ROOT_PATH . '.env', $envConf);
+        // 检测能否成功写入数据库配置
+        $result = @file_put_contents($dbConfigFile, $dbConfigText);
         if (!$result) {
             throw new Exception(__('The current permissions are insufficient to write the file %s', '.env'));
         }
 
+        // 设置新的Token随机密钥key
+        $oldTokenKey = config('token.key');
+        $newTokenKey = \fast\Random::alnum(32);
+        $coreConfigFile = CONF_PATH . 'config.php';
+        $coreConfigText = @file_get_contents($coreConfigFile);
+        $coreConfigText = preg_replace("/'key'(\s+)=>(\s+)'{$oldTokenKey}'/", "'key'\$1=>\$2'{$newTokenKey}'", $coreConfigText);
+
+        $result = @file_put_contents($coreConfigFile, $coreConfigText);
+        if (!$result) {
+            throw new Exception(__('The current permissions are insufficient to write the file %s', 'application/config.php'));
+        }
+
         // 变更默认管理员密码
         $adminPassword = $adminPassword ? $adminPassword : Random::alnum(8);
         $adminEmail = $adminEmail ? $adminEmail : "admin@admin.com";
@@ -237,8 +250,8 @@ class Install extends Command
         //修改站点名称
         if ($siteName != config('site.name')) {
             $instance->name('config')->where('name', 'name')->update(['value' => $siteName]);
-            $configFile = CONF_PATH . 'extra' . DS . 'site.php';
-            $config = include $configFile;
+            $siteConfigFile = CONF_PATH . 'extra' . DS . 'site.php';
+            $siteConfig = include $siteConfigFile;
             $configList = $instance->name("config")->select();
             foreach ($configList as $k => $value) {
                 if (in_array($value['type'], ['selects', 'checkbox', 'images', 'files'])) {
@@ -247,10 +260,10 @@ class Install extends Command
                 if ($value['type'] == 'array') {
                     $value['value'] = (array)json_decode($value['value'], true);
                 }
-                $config[$value['name']] = $value['value'];
+                $siteConfig[$value['name']] = $value['value'];
             }
-            $config['name'] = $siteName;
-            file_put_contents($configFile, '<?php' . "\n\nreturn " . var_export_short($config) . ";\n");
+            $siteConfig['name'] = $siteName;
+            file_put_contents($siteConfigFile, '<?php' . "\n\nreturn " . var_export_short($siteConfig) . ";\n");
         }
 
         $installLockFile = INSTALL_PATH . "install.lock";