Add WordPress configuration and salt generation methods

Three utility functions are introduced in utils.js to enhance security and ease of use for WordPress installations. replaceDbConstant(configContent, constantName, userDefinedValue) replaces a constant in wp-config.php with a user-defined value. generateSalt() creates a random salt code, and replaceEmptySalts(configContent) replaces empty salt place holders in the wp-config.php with generated salt codes. These functions allow users to easily replace database constants and salts in WordPress configurations without having to manually edit wp-config.php. The exported functions of utils.js were also updated to incorporate these new methods. In the Package class, the way of updating WordPress configurations was changed to use these new utility functions, making the code cleaner and more readable. wp-package.json was modified to change the name, DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST to more meaningful, user-defined values. New scripts field was also added to package.json to standardize the entry point for the application. The readme.md file has been updated to reflect these changes, with the version number incremented accordingly. Overall, this commit improves the security and usability of the tool, by allowing automatic generation and configuration of constants and salts in the wp-config.php file.
wp-blocks · Dec 1, 2023 · 2f71fc2 · 2f71fc2
1 parent b555912
commit 2f71fc2
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 16 deletions.
diff --git a/lib/install.js b/lib/install.js
@@ -28,9 +28,16 @@ class WordPressInstaller {
   async installPackages () {
     const { wordpress, plugins, themes } = this.config;
 
+    // Create temp folder
     makeDir(this.tempDir);
 
-    const defaultPaths = { rootFolder: this.rootFolder, tempDir: this.tempDir, baseFolder: this.baseFolder, destFolder: this.baseFolder };
+    // the default paths for the packages
+    const defaultPaths = {
+      rootFolder: this.rootFolder,
+      tempDir: this.tempDir,
+      baseFolder: this.baseFolder,
+      destFolder: this.baseFolder
+    };
 
     if (wordpress) {
       const wpPackage = new WordPressPackage(this.config, defaultPaths);

diff --git a/lib/package.js b/lib/package.js
@@ -1,13 +1,15 @@
 const fs = require('fs');
 const path = require('path');
-const { exec } = require('child_process');
+const {exec} = require('child_process');
 const {
   downloadFile,
   extractZip,
   getDownloadUrl,
   getWordPressDownloadUrl,
   installNpmPackages,
-  renameFolder
+  renameFolder,
+  replaceDbConstant,
+  replaceEmptySalts
 } = require('./utils');
 
 class Package {
@@ -188,11 +190,13 @@ class WordPressPackage extends Package {
       let configContent = fs.readFileSync(configPath, 'utf8');
 
       // Update database name, username, password, and other settings based on user-defined config
-      configContent = configContent.replace(/database_name_here/, this.config.wordpress.config.DB_NAME);
-      configContent = configContent.replace(/username_here/, this.config.wordpress.config.DB_USER);
-      configContent = configContent.replace(/password_here/, this.config.wordpress.config.DB_PASSWORD);
-      configContent = configContent.replace(/localhost/, this.config.wordpress.config.DB_HOST);
-      configContent = configContent.replace(/utf8/, this.config.wordpress.config.DB_CHARSET);
+      configContent = replaceDbConstant(configContent, 'DB_NAME', this.config.wordpress.config.DB_NAME);
+      configContent = replaceDbConstant(configContent, 'DB_USER', this.config.wordpress.config.DB_USER);
+      configContent = replaceDbConstant(configContent, 'DB_PASSWORD', this.config.wordpress.config.DB_PASSWORD);
+      configContent = replaceDbConstant(configContent, 'DB_HOST', this.config.wordpress.config.DB_HOST);
+      configContent = replaceDbConstant(configContent, 'DB_CHARSET', this.config.wordpress.config.DB_CHARSET);
+
+      configContent = replaceEmptySalts(configContent);
 
       // Write the updated content back to wp-config.php
       fs.writeFileSync(configPath, configContent, 'utf8');

diff --git a/lib/utils.js b/lib/utils.js
@@ -224,6 +224,57 @@ async function installNpmPackages (packageDirectory) {
   });
 }
 
+/**
+ * Replaces a constant in the wp-config.php file with a user-defined value.
+ *
+ * @param {string} configContent - The content of the wp-config.php file.
+ * @param {string} constantName - The name of the constant to replace.
+ * @param {string} userDefinedValue - The user-defined value to set for the constant.
+ * @return {string} - The updated content with the replaced constant.
+ */
+function replaceDbConstant(configContent, constantName, userDefinedValue) {
+  const regex = new RegExp(`define\\(\\s*'${constantName}'\\s*,\\s*'[^']*'\\s*\\);`);
+  return configContent.replace(regex, `define( '${constantName}', '${userDefinedValue}' );`);
+}
+
+/**
+ * Generates a random salt code for WordPress configuration.
+ *
+ * @return {string} - The generated salt code.
+ */
+function generateSalt() {
+  const charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+[]{}|;:,.<>?/';
+  const saltLength = 64;
+  return Array.from({ length: saltLength }, () => charset[Math.floor(Math.random() * charset.length)]).join('');
+}
+
+/**
+ * Replaces empty salts in the WordPress configuration with generated salt codes.
+ *
+ * @param {string} configContent - The content of the wp-config.php file.
+ * @return {string} - The updated content with replaced salts.
+ */
+function replaceEmptySalts(configContent) {
+  const saltConstants = [
+    'AUTH_KEY',
+    'SECURE_AUTH_KEY',
+    'LOGGED_IN_KEY',
+    'NONCE_KEY',
+    'AUTH_SALT',
+    'SECURE_AUTH_SALT',
+    'LOGGED_IN_SALT',
+    'NONCE_SALT',
+  ];
+
+  saltConstants.forEach((constant) => {
+    const emptySaltRegex = new RegExp(`define\\(\\s*'${constant}'\\s*,\\s*'put your unique phrase here'\\s*\\);`);
+    const generatedSalt = generateSalt();
+    configContent = configContent.replace(emptySaltRegex, `define( '${constant}', '${generatedSalt}' );`);
+  });
+
+  return configContent;
+}
+
 module.exports = {
   getConfig,
   makeDir,
@@ -233,5 +284,7 @@ module.exports = {
   getWordPressDownloadUrl,
   getDownloadUrl,
   extractZip,
-  installNpmPackages
+  installNpmPackages,
+  replaceDbConstant,
+  replaceEmptySalts,
 };
diff --git a/readme.md b/readme.md
@@ -16,9 +16,9 @@ Edit the `wp-package.json` file to define the WordPress version, language, theme
 
 ```json
 {
-  "name": "modul-r-blog",
+  "name": "my-blog",
   "wordpress": {
-    "version": "5.8.1",
+    "version": "6.4.1",
     "language": "en_US",
     "config": {
       "DB_NAME": "your_database_name",

diff --git a/wp-package.json b/wp-package.json
@@ -1,13 +1,13 @@
 {
-  "name": "modul-r-blog",
+  "name": "wordpress",
   "wordpress": {
     "version": "6.4.1",
     "language": "en_US",
     "config": {
-      "DB_NAME": "your_database_name",
-      "DB_USER": "your_database_user",
-      "DB_PASSWORD": "your_database_password",
-      "DB_HOST": "localhost",
+      "DB_NAME": "my_db_name",
+      "DB_USER": "my_username",
+      "DB_PASSWORD": "my_password",
+      "DB_HOST": "127.0.0.1",
       "DB_CHARSET": "utf8",
       "DB_COLLATE": "",
       "table_prefix": "wp_",