From 2f71fc2a4d1f766795078d859b4f9764b6923fad Mon Sep 17 00:00:00 2001
From: Erik Golinelli <erik@codekraft.it>
Date: Fri, 1 Dec 2023 01:01:34 +0100
Subject: [PATCH] Add WordPress configuration and salt generation methods

Three utility functions are introduced in utils.js to enhance security and ease of use for WordPress installations. replaceDbConstant(configContent, constantName, userDefinedValue) replaces a constant in wp-config.php with a user-defined value. generateSalt() creates a random salt code, and replaceEmptySalts(configContent) replaces empty salt place holders in the wp-config.php with generated salt codes. These functions allow users to easily replace database constants and salts in WordPress configurations without having to manually edit wp-config.php.

The exported functions of utils.js were also updated to incorporate these new methods.

In the Package class, the way of updating WordPress configurations was changed to use these new utility functions, making the code cleaner and more readable.

wp-package.json was modified to change the name, DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST to more meaningful, user-defined values.

New scripts field was also added to package.json to standardize the entry point for the application.

The readme.md file has been updated to reflect these changes, with the version number incremented accordingly.

Overall, this commit improves the security and usability of the tool, by allowing automatic generation and configuration of constants and salts in the wp-config.php file.
---
 lib/install.js  |  9 +++++++-
 lib/package.js  | 18 +++++++++-------
 lib/utils.js    | 55 ++++++++++++++++++++++++++++++++++++++++++++++++-
 readme.md       |  4 ++--
 wp-package.json | 10 ++++-----
 5 files changed, 80 insertions(+), 16 deletions(-)

diff --git a/lib/install.js b/lib/install.js
index 48510d4..c4fcc52 100644
--- a/lib/install.js
+++ b/lib/install.js
@@ -28,9 +28,16 @@ class WordPressInstaller {
   async installPackages () {
     const { wordpress, plugins, themes } = this.config;
 
+    // Create temp folder
     makeDir(this.tempDir);
 
-    const defaultPaths = { rootFolder: this.rootFolder, tempDir: this.tempDir, baseFolder: this.baseFolder, destFolder: this.baseFolder };
+    // the default paths for the packages
+    const defaultPaths = {
+      rootFolder: this.rootFolder,
+      tempDir: this.tempDir,
+      baseFolder: this.baseFolder,
+      destFolder: this.baseFolder
+    };
 
     if (wordpress) {
       const wpPackage = new WordPressPackage(this.config, defaultPaths);
diff --git a/lib/package.js b/lib/package.js
index 2d56bb0..c780de8 100644
--- a/lib/package.js
+++ b/lib/package.js
@@ -1,13 +1,15 @@
 const fs = require('fs');
 const path = require('path');
-const { exec } = require('child_process');
+const {exec} = require('child_process');
 const {
   downloadFile,
   extractZip,
   getDownloadUrl,
   getWordPressDownloadUrl,
   installNpmPackages,
-  renameFolder
+  renameFolder,
+  replaceDbConstant,
+  replaceEmptySalts
 } = require('./utils');
 
 class Package {
@@ -188,11 +190,13 @@ class WordPressPackage extends Package {
       let configContent = fs.readFileSync(configPath, 'utf8');
 
       // Update database name, username, password, and other settings based on user-defined config
-      configContent = configContent.replace(/database_name_here/, this.config.wordpress.config.DB_NAME);
-      configContent = configContent.replace(/username_here/, this.config.wordpress.config.DB_USER);
-      configContent = configContent.replace(/password_here/, this.config.wordpress.config.DB_PASSWORD);
-      configContent = configContent.replace(/localhost/, this.config.wordpress.config.DB_HOST);
-      configContent = configContent.replace(/utf8/, this.config.wordpress.config.DB_CHARSET);
+      configContent = replaceDbConstant(configContent, 'DB_NAME', this.config.wordpress.config.DB_NAME);
+      configContent = replaceDbConstant(configContent, 'DB_USER', this.config.wordpress.config.DB_USER);
+      configContent = replaceDbConstant(configContent, 'DB_PASSWORD', this.config.wordpress.config.DB_PASSWORD);
+      configContent = replaceDbConstant(configContent, 'DB_HOST', this.config.wordpress.config.DB_HOST);
+      configContent = replaceDbConstant(configContent, 'DB_CHARSET', this.config.wordpress.config.DB_CHARSET);
+
+      configContent = replaceEmptySalts(configContent);
 
       // Write the updated content back to wp-config.php
       fs.writeFileSync(configPath, configContent, 'utf8');
diff --git a/lib/utils.js b/lib/utils.js
index 250f350..005b105 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -224,6 +224,57 @@ async function installNpmPackages (packageDirectory) {
   });
 }
 
+/**
+ * Replaces a constant in the wp-config.php file with a user-defined value.
+ *
+ * @param {string} configContent - The content of the wp-config.php file.
+ * @param {string} constantName - The name of the constant to replace.
+ * @param {string} userDefinedValue - The user-defined value to set for the constant.
+ * @return {string} - The updated content with the replaced constant.
+ */
+function replaceDbConstant(configContent, constantName, userDefinedValue) {
+  const regex = new RegExp(`define\\(\\s*'${constantName}'\\s*,\\s*'[^']*'\\s*\\);`);
+  return configContent.replace(regex, `define( '${constantName}', '${userDefinedValue}' );`);
+}
+
+/**
+ * Generates a random salt code for WordPress configuration.
+ *
+ * @return {string} - The generated salt code.
+ */
+function generateSalt() {
+  const charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_=+[]{}|;:,.<>?/';
+  const saltLength = 64;
+  return Array.from({ length: saltLength }, () => charset[Math.floor(Math.random() * charset.length)]).join('');
+}
+
+/**
+ * Replaces empty salts in the WordPress configuration with generated salt codes.
+ *
+ * @param {string} configContent - The content of the wp-config.php file.
+ * @return {string} - The updated content with replaced salts.
+ */
+function replaceEmptySalts(configContent) {
+  const saltConstants = [
+    'AUTH_KEY',
+    'SECURE_AUTH_KEY',
+    'LOGGED_IN_KEY',
+    'NONCE_KEY',
+    'AUTH_SALT',
+    'SECURE_AUTH_SALT',
+    'LOGGED_IN_SALT',
+    'NONCE_SALT',
+  ];
+
+  saltConstants.forEach((constant) => {
+    const emptySaltRegex = new RegExp(`define\\(\\s*'${constant}'\\s*,\\s*'put your unique phrase here'\\s*\\);`);
+    const generatedSalt = generateSalt();
+    configContent = configContent.replace(emptySaltRegex, `define( '${constant}', '${generatedSalt}' );`);
+  });
+
+  return configContent;
+}
+
 module.exports = {
   getConfig,
   makeDir,
@@ -233,5 +284,7 @@ module.exports = {
   getWordPressDownloadUrl,
   getDownloadUrl,
   extractZip,
-  installNpmPackages
+  installNpmPackages,
+  replaceDbConstant,
+  replaceEmptySalts,
 };
diff --git a/readme.md b/readme.md
index e0a1e3a..c0d8254 100644
--- a/readme.md
+++ b/readme.md
@@ -16,9 +16,9 @@ Edit the `wp-package.json` file to define the WordPress version, language, theme
 
 ```json
 {
-  "name": "modul-r-blog",
+  "name": "my-blog",
   "wordpress": {
-    "version": "5.8.1",
+    "version": "6.4.1",
     "language": "en_US",
     "config": {
       "DB_NAME": "your_database_name",
diff --git a/wp-package.json b/wp-package.json
index 9972edc..4371dc3 100644
--- a/wp-package.json
+++ b/wp-package.json
@@ -1,13 +1,13 @@
 {
-  "name": "modul-r-blog",
+  "name": "wordpress",
   "wordpress": {
     "version": "6.4.1",
     "language": "en_US",
     "config": {
-      "DB_NAME": "your_database_name",
-      "DB_USER": "your_database_user",
-      "DB_PASSWORD": "your_database_password",
-      "DB_HOST": "localhost",
+      "DB_NAME": "my_db_name",
+      "DB_USER": "my_username",
+      "DB_PASSWORD": "my_password",
+      "DB_HOST": "127.0.0.1",
       "DB_CHARSET": "utf8",
       "DB_COLLATE": "",
       "table_prefix": "wp_",