Reduce .env contents to the bare minimum (#398)

- Removes all config values that are not really needed for the most basic setup
- Adds a generic standard value for the app key which is checked in the setup middleware and replaced with a secure, random key then

.env.docker

@@ -1,71 +1,29 @@
 ## LINKACE CONFIGURATION
 
 ## Basic app configuration
-# The application name is used internally and may not be changed
-APP_NAME=LinkAce
 COMPOSE_PROJECT_NAME=linkace
-# The URL should be set if you notice issues with URLs generated by Laravel, which might be an issue with
-# nginx configuration or the proxy you use.
-APP_URL=http://localhost
 # The environment is usually 'production' but may be changed to 'local' for development
 APP_ENV=local
 # The app key is generated later, please leave it blank
-APP_KEY=
+APP_KEY=someRandomStringWith32Characters
 # Enable the debug more if you are running into issues or while developing
 APP_DEBUG=true
 # Indicates that the setup was completed and the app can be used now
 SETUP_COMPLETED=false
-# Set the time after a session expires automatically, in minutes. Default is 7 days.
-SESSION_LIFETIME=10080
-
-
-## Backup configuration
-# Enable backups here
-BACKUP_ENABLED=false
-# Choose the destination of the backup. If you set up AWS S3 credentials below you may choose 's3' which is used
-# as a synonym for AWS. Leave blank or set to 'local_backups' if you want to store backups within /storage/app/backups.
-BACKUP_DISK=s3
-# The notification email may be used to get backup notifications
-BACKUP_NOTIFICATION_EMAIL=your@email.com
-# Maximum size of all backups in megabytes
-BACKUP_MAX_SIZE=512
-
-
-## Amazon Web Services (AWS) S3 configuration
-# Define the key ID, the access key, the region and your bucket name here if you want to use AWS S3 for backups.
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=
-
-
-## Mail configuration
-MAIL_FROM_ADDRESS=your@email.com
-MAIL_FROM_NAME=LinkAce
-# Set the driver used for sending email here, default is `smtp`
-MAIL_DRIVER=smtp
-# Set the SMTP host and its port here
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-# Set the username used to connect to the SMTP server here
-MAIL_USERNAME=null
-# Set the password used to connect to the SMTP server here
-MAIL_PASSWORD=null
-# If your SMTP server uses encrypted connections, enable it here by setting the variable to `tls`
-MAIL_ENCRYPTION=null
-
 
 ## Configuration of the database connection
-## If you are using the standard configuration provided by LinkAce, you can leave all values except the password as
-## they are. Docker will automatically create a linkace database and a corresponding user.
+## Attention: Those settings are configured during the web setup, please do not modify them now.
+# Set the database driver (mysql, pgsql, sqlsrv)
 DB_CONNECTION=mysql
+# Set the host of your database here
 DB_HOST=db
+# Set the port of your database here
 DB_PORT=3306
+# Set the database name here
 DB_DATABASE=linkace
-# Even if you use the standard configuration, please set a secure password here.
+# Set both username and password of the user accessing the database
 DB_USERNAME=linkace
-DB_PASSWORD=changeThisPassword
-
+DB_PASSWORD=ChangeThisToASecurePassword!
 
 ## Redis cache configuration
 # Set the Redis connection here if you want to use it
@@ -73,7 +31,6 @@ REDIS_HOST=redis
 REDIS_PASSWORD=changeThisPassword
 REDIS_PORT=6379
 
-
 ## You probably do not want to change any values blow. Only continue if you know what you are doing.
 # Configure various driver
 SESSION_DRIVER=redis
@@ -81,11 +38,3 @@ LOG_CHANNEL=stack
 BROADCAST_DRIVER=log
 CACHE_DRIVER=redis
 QUEUE_DRIVER=database
-
-## Using Redis sockets
-# If you want to use Redis via a Unix socket, you can remove the hash before the following lines, but remove one before
-# the "CACHE_DRIVER" line above. Also, set a proper path to your Redis socket.
-#CACHE_DRIVER=redis-socket
-#SESSION_CONNECTION=redis-socket
-#REDIS_SCHEME=unix
-#REDIS_PATH=/path/to/redis.sock

.env.docker.production

@@ -1,91 +1,28 @@
 ## LINKACE CONFIGURATION
 
 ## Basic app configuration
-# The application name is used internally and may not be changed
-APP_NAME=LinkAce
 COMPOSE_PROJECT_NAME=linkace
-# The URL should be set if you notice issues with URLs generated by Laravel, which might be an issue with
-# nginx configuration or the proxy you use.
-APP_URL=http://localhost
-# The environment is usually 'production' but may be changed to 'local' for development
-APP_ENV=production
 # The app key is generated later, please leave it blank
-APP_KEY=
-# Enable the debug more if you are running into issues or while developing
-APP_DEBUG=false
+APP_KEY=someRandomStringWith32Characters
 # Indicates that the setup was completed and the app can be used now
 SETUP_COMPLETED=false
-# Set the time after a session expires automatically, in minutes. Default is 7 days.
-SESSION_LIFETIME=10080
-
-
-## Backup configuration
-# Enable backups here
-BACKUP_ENABLED=false
-# Choose the destination of the backup. If you set up AWS S3 credentials below you may choose 's3' which is used
-# as a synonym for AWS. Leave blank or set to 'local_backups' if you want to store backups within /storage/app/backups.
-BACKUP_DISK=s3
-# The notification email may be used to get backup notifications
-BACKUP_NOTIFICATION_EMAIL=your@email.com
-# Maximum size of all backups in megabytes
-BACKUP_MAX_SIZE=512
-
-
-## Amazon Web Services (AWS) S3 configuration
-# Define the key ID, the access key, the region and your bucket name here if you want to use AWS S3 for backups.
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=
-
-
-## Mail configuration
-MAIL_FROM_ADDRESS=your@email.com
-MAIL_FROM_NAME=LinkAce
-# Set the driver used for sending email here, default is `smtp`
-MAIL_DRIVER=smtp
-# Set the SMTP host and its port here
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-# Set the username used to connect to the SMTP server here
-MAIL_USERNAME=null
-# Set the password used to connect to the SMTP server here
-MAIL_PASSWORD=null
-# If your SMTP server uses encrypted connections, enable it here by setting the variable to `tls`
-MAIL_ENCRYPTION=null
-
 
 ## Configuration of the database connection
-## If you are using the standard configuration provided by LinkAce, you can leave all values except the password as
-## they are. Docker will automatically create a linkace database and a corresponding user.
+## Attention: Those settings are configured during the web setup, please do not modify them now.
+# Set the database driver (mysql, pgsql, sqlsrv)
 DB_CONNECTION=mysql
+# Set the host of your database here
 DB_HOST=db
+# Set the port of your database here
 DB_PORT=3306
+# Set the database name here
 DB_DATABASE=linkace
-# Even if you use the standard configuration, please set a secure password here.
+# Set both username and password of the user accessing the database
 DB_USERNAME=linkace
 DB_PASSWORD=ChangeThisToASecurePassword!
 
-
 ## Redis cache configuration
 # Set the Redis connection here if you want to use it
 REDIS_HOST=redis
-REDIS_PASSWORD=ChangeThisToASecurePassword!
+REDIS_PASSWORD=changeThisPassword
 REDIS_PORT=6379
-
-
-## You probably do not want to change any values blow. Only continue if you know what you are doing.
-# Configure various driver
-SESSION_DRIVER=file
-LOG_CHANNEL=stack
-BROADCAST_DRIVER=log
-CACHE_DRIVER=file
-QUEUE_DRIVER=database
-
-## Using Redis sockets
-# If you want to use Redis via a Unix socket, you can remove the hash before the following lines, but remove one before
-# the "CACHE_DRIVER" line above. Also, set a proper path to your Redis socket.
-#CACHE_DRIVER=redis-socket
-#SESSION_CONNECTION=redis-socket
-#REDIS_SCHEME=unix
-#REDIS_PATH=/path/to/redis.sock

.env.example

@@ -1,58 +1,10 @@
 ## LINKACE CONFIGURATION
 
 ## Basic app configuration
-# The application name is used internally and may not be changed
-APP_NAME=LinkAce
-# The URL should be set if you notice issues with URLs generated by Laravel, which might be an issue with
-# nginx configuration or the proxy you use.
-APP_URL=http://localhost
-# The environment is usually 'production' but may be changed to 'local' for development
-APP_ENV=production
 # The app key is generated later, please leave it blank
-APP_KEY=
-# Enable the debug more if you are running into issues or while developing
-APP_DEBUG=false
+APP_KEY=someRandomStringWith32Characters
 # Indicates that the setup was completed and the app can be used now
 SETUP_COMPLETED=false
-# Set the time after a session expires automatically, in minutes. Default is 7 days.
-SESSION_LIFETIME=10080
-
-
-## Backup configuration
-# Enable backups here
-BACKUP_ENABLED=false
-# Choose the destination of the backup. If you set up AWS S3 credentials below you may choose 'cloud' which is used
-# as a synonym for AWS. Leave blank or set to 'local_backups' if you want to store backups within /storage/app/backups.
-BACKUP_DISK=s3
-# The notification email may be used to get backup notifications, Mail must be configured for this to work!
-BACKUP_NOTIFICATION_EMAIL=your@email.com
-# Maximum size of the backups in megabytes
-BACKUP_MAX_SIZE=512
-
-
-## Amazon Web Services (AWS) S3 configuration
-# Define the key ID, the access key, the region and your bucket name here if you want to use AWS S3 for backups.
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
-AWS_DEFAULT_REGION=us-east-1
-AWS_BUCKET=
-
-
-## Mail configuration
-MAIL_FROM_ADDRESS=your@email.com
-MAIL_FROM_NAME=LinkAce
-# Set the driver used for sending email here, default is `smtp`
-MAIL_DRIVER=smtp
-# Set the SMTP host and its port here
-MAIL_HOST=smtp.mailtrap.io
-MAIL_PORT=2525
-# Set the username used to connect to the SMTP server here
-MAIL_USERNAME=null
-# Set the password used to connect to the SMTP server here
-MAIL_PASSWORD=null
-# If your SMTP server uses encrypted connections, enable it here by setting the variable to `tls`
-MAIL_ENCRYPTION=null
-
 
 ## Configuration of the database connection
 ## Attention: Those settings are configured during the web setup, please do not modify them now.
@@ -67,27 +19,3 @@ DB_DATABASE=linkace
 # Set both username and password of the user accessing the database
 DB_USERNAME=linkace
 DB_PASSWORD=ChangeThisToASecurePassword!
-
-
-## Redis cache configuration
-# Set the Redis connection here if you want to use it
-REDIS_HOST=127.0.0.1
-REDIS_PASSWORD=ChangeThisToASecurePassword!
-REDIS_PORT=6379
-
-
-## You probably do not want to change any values below. Only continue if you know what you are doing.
-## If you are using Redis, you may switch SESSION_DRIVER and CACHE_DRIVER to "redis" to improve performance.
-SESSION_DRIVER=file
-LOG_CHANNEL=stack
-BROADCAST_DRIVER=log
-CACHE_DRIVER=file
-QUEUE_DRIVER=database
-
-## Using Redis sockets
-# If you want to use Redis via a Unix socket, you can remove the hash before the following lines, but remove one before
-# the "CACHE_DRIVER" line above. Also, set a proper path to your Redis socket.
-#CACHE_DRIVER=redis-socket
-#SESSION_CONNECTION=redis-socket
-#REDIS_SCHEME=unix
-#REDIS_PATH=/path/to/redis.sock

app/Http/Middleware/SetupCheckMiddleware.php

@@ -3,12 +3,18 @@
 namespace App\Http\Middleware;
 
 use Closure;
+use Illuminate\Encryption\Encrypter;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\File;
+use Illuminate\Support\Facades\Log;
 
 class SetupCheckMiddleware
 {
+    public const GENERIC_APP_KEY = 'someRandomStringWith32Characters';
+
     /**
-     * Handle an incoming request.
+     * This middleware checks if LinkAce was correctly set up:
+     * Is a proper app key set and was the setup completed correctly?
      *
      * @param Request $request
      * @param Closure $next
@@ -16,6 +22,15 @@ class SetupCheckMiddleware
      */
     public function handle(Request $request, Closure $next)
     {
+        if (config('app.key') === self::GENERIC_APP_KEY) {
+            $envContent = File::get(base_path('.env'));
+            $envContent = preg_replace('/APP_KEY=(.*)\S/', 'APP_KEY=' . $this->generateRandomAppKey(), $envContent);
+            File::put(base_path('.env'), $envContent);
+
+            Log::warning('APP_KEY variable contained insecure standard value. New key was generated.');
+            return redirect()->refresh();
+        }
+
         if ($request->is('setup/*')) {
             if (config('app.setup_completed') === true) {
                 // Do not allow access to setup after it was completed
@@ -33,4 +48,9 @@ class SetupCheckMiddleware
 
         return $next($request);
     }
+
+    protected function generateRandomAppKey(): string
+    {
+        return 'base64:' . base64_encode(Encrypter::generateKey(config('app.cipher')));
+    }
 }

config/mail.php

@@ -57,7 +57,7 @@ return [
 
     'from' => [
         'address' => env('MAIL_FROM_ADDRESS', 'hello@example.com'),
-        'name' => env('MAIL_FROM_NAME', 'Example'),
+        'name' => env('MAIL_FROM_NAME', 'LinkAce'),
     ],
 
     /*

config/session.php

@@ -31,7 +31,7 @@ return [
     |
     */
 
-    'lifetime' => env('SESSION_LIFETIME', 120),
+    'lifetime' => env('SESSION_LIFETIME', 10080),
 
     'expire_on_close' => false,