90 lines
2.4 KiB
PHP
90 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* SPDX-FileCopyrightText: 2025 F7cloud GmbH and F7cloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
|
|
namespace OCA\AppAPI\Migration;
|
|
|
|
use Closure;
|
|
use OCP\DB\ISchemaWrapper;
|
|
use OCP\DB\Types;
|
|
use OCP\IDBConnection;
|
|
use OCP\Migration\IOutput;
|
|
use OCP\Migration\SimpleMigrationStep;
|
|
use OCP\Security\ICrypto;
|
|
|
|
class Version032002Date20250527174907 extends SimpleMigrationStep {
|
|
|
|
public function __construct(
|
|
private IDBConnection $connection,
|
|
private ICrypto $crypto,
|
|
) {
|
|
}
|
|
|
|
/**
|
|
* @param IOutput $output
|
|
* @param Closure(): ISchemaWrapper $schemaClosure
|
|
* @param array $options
|
|
* @return null|ISchemaWrapper
|
|
*/
|
|
public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
|
|
/** @var ISchemaWrapper $schema */
|
|
$schema = $schemaClosure();
|
|
|
|
if ($schema->hasTable('preferences_ex')) {
|
|
$table = $schema->getTable('preferences_ex');
|
|
|
|
if (!$table->hasColumn('sensitive')) {
|
|
$table->addColumn('sensitive', Types::SMALLINT, [
|
|
'notnull' => true,
|
|
'default' => 0,
|
|
]);
|
|
}
|
|
}
|
|
|
|
return $schema;
|
|
}
|
|
|
|
/**
|
|
* @param IOutput $output
|
|
* @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
|
|
* @param array $options
|
|
*
|
|
* @return null|ISchemaWrapper
|
|
*/
|
|
public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
|
|
// encrypt appconfig_ex values that have sensitive flag set
|
|
|
|
$qbSelect = $this->connection->getQueryBuilder();
|
|
$qbSelect->select(['id', 'configvalue'])
|
|
->from('appconfig_ex')
|
|
->where($qbSelect->expr()->eq('sensitive', $qbSelect->createNamedParameter(1, Types::SMALLINT)));
|
|
$req = $qbSelect->executeQuery();
|
|
|
|
while ($row = $req->fetch()) {
|
|
$configValue = $row['configvalue'];
|
|
if (!empty($configValue)) {
|
|
try {
|
|
$encryptedValue = $this->crypto->encrypt($configValue);
|
|
$qbUpdate = $this->connection->getQueryBuilder();
|
|
$qbUpdate->update('appconfig_ex')
|
|
->set('configvalue', $qbUpdate->createNamedParameter($encryptedValue))
|
|
->where(
|
|
$qbUpdate->expr()->eq('id', $qbUpdate->createNamedParameter($row['id'], Types::INTEGER))
|
|
);
|
|
$qbUpdate->executeStatement();
|
|
} catch (\Exception $e) {
|
|
$output->warning(sprintf('Failed to encrypt sensitive value for app config id %s: %s', $row['id'], $e->getMessage()));
|
|
}
|
|
}
|
|
}
|
|
|
|
$req->closeCursor();
|
|
return null;
|
|
}
|
|
}
|