feat: generate OAuth2 key pair dynamically within PHP (#914)

* feat: generate OAuth2 key pair dynamically within PHP

* job: generate keys for old wikis without keys

* change constant name

Co-authored-by: dena <91744937+deer-wmde@users.noreply.github.com>

* Change file name

---------

Co-authored-by: dena <91744937+deer-wmde@users.noreply.github.com>

Author: dati18

app/Http/Controllers/WikiController.php

@@ -109,12 +109,37 @@ public function create(Request $request): \Illuminate\Http\Response
                 abort(503, 'QS Namespace ready, but failed to assign');
             }
 
+            // Create keys for OAuth2
+            // T336937
+            $keyPair = openssl_pkey_new([
+                'private_key_bits' => 2048,
+                'private_key_type' => OPENSSL_KEYTYPE_RSA,
+            ]);
+            // Extract private key
+            openssl_pkey_export($keyPair, $wgOAuth2PrivateKey);
+            // Extract pub key
+            $keyDetails = openssl_pkey_get_details($keyPair);
+            $wgOAuth2PublicKey = $keyDetails['key'];
+
+            WikiSetting::create([
+                'wiki_id' => $wiki->id,
+                'name' => WikiSetting::wgOAuth2PrivateKey,
+                'value' => $wgOAuth2PrivateKey,
+            ]);
+
+            WikiSetting::create([
+                'wiki_id' => $wiki->id,
+                'name' => WikiSetting::wgOAuth2PublicKey,
+                'value' => $wgOAuth2PublicKey,
+            ]);
+
             // Create initial needed non default settings
             // Docs: https://www.mediawiki.org/wiki/Manual:$wgSecretKey
             WikiSetting::create([
                 'wiki_id' => $wiki->id,
                 'name' => WikiSetting::wgSecretKey,
                 'value' => Str::random(64),
+
             ]);
 
             // Create the elasticsearch setting

app/Jobs/GenerateOAuth2KeysJob.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Jobs;
+
+use App\Wiki;
+use App\WikiSetting;
+use Illuminate\Bus\Queueable;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+
+class GenerateOAuth2KeysJob extends Job implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    public function handle()
+    {
+        $allWikis = Wiki::all();
+
+        foreach ($allWikis as $wiki) {
+            try {
+                $hasPrivateKey = WikiSetting::where('wiki_id', $wiki->id)
+                ->where('name', 'wgOAuth2PrivateKey')
+                ->exists();
+
+                if (!$hasPrivateKey) {
+                    $keyPair = openssl_pkey_new([
+                        'private_key_bits' => 2048,
+                        'private_key_type' => OPENSSL_KEYTYPE_RSA,
+                    ]);
+                    // Extract private key
+                    openssl_pkey_export($keyPair, $wgOAuth2PrivateKey);
+                    // Extract pub key
+                    $keyDetails = openssl_pkey_get_details($keyPair);
+                    $wgOAuth2PublicKey = $keyDetails['key'];
+
+                    WikiSetting::create([
+                        'wiki_id' => $wiki->id,
+                        'name' => WikiSetting::wgOAuth2PrivateKey,
+                        'value' => $wgOAuth2PrivateKey,
+                    ]);
+
+                    WikiSetting::create([
+                        'wiki_id' => $wiki->id,
+                        'name' => WikiSetting::wgOAuth2PublicKey,
+                        'value' => $wgOAuth2PublicKey,
+                    ]);
+                }
+            } catch (\Exception $ex) {
+                $this->job->markAsFailed();
+                Log::error(
+                    'Failure generating keys for '.$wiki->getAttribute('domain').' for sitestats: '.$ex->getMessage()
+                );
+            }
+        }
+
+    }
+}

app/WikiSetting.php

@@ -36,6 +36,8 @@ class WikiSetting extends Model
     public const wgSecretKey = 'wgSecretKey';
     public const wgLogo = 'wgLogo';
     public const wgFavicon = 'wgFavicon';
+    public const wgOAuth2PrivateKey = 'wgOAuth2PrivateKey';
+    public const wgOAuth2PublicKey = 'wgOAuth2PublicKey';
 
     /**
      * The attributes that are mass assignable.