mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-30 07:59:50 -08:00
e27065fe16
Signed-off-by: snipe <snipe@snipe.net> # Conflicts: # .all-contributorsrc # README.md # app/Console/Commands/ResetDemoSettings.php # app/Helpers/Helper.php # app/Http/Controllers/Api/AccessoriesController.php # app/Http/Controllers/Api/AssetsController.php # app/Http/Controllers/Api/CategoriesController.php # app/Http/Controllers/Api/ComponentsController.php # app/Http/Controllers/Api/ConsumablesController.php # app/Http/Controllers/Api/LocationsController.php # app/Http/Controllers/Api/StatuslabelsController.php # app/Http/Controllers/Api/SuppliersController.php # app/Http/Controllers/AssetMaintenancesController.php # app/Http/Controllers/Auth/ForgotPasswordController.php # app/Http/Controllers/DepreciationsController.php # app/Http/Controllers/ReportsController.php # app/Http/Controllers/SettingsController.php # app/Http/Requests/ImageUploadRequest.php # app/Http/Transformers/ActionlogsTransformer.php # app/Http/Transformers/DepreciationsTransformer.php # app/Listeners/CheckoutableListener.php # app/Models/Accessory.php # app/Models/Asset.php # app/Models/Company.php # app/Models/Ldap.php # app/Models/User.php # app/Presenters/AssetPresenter.php # app/Presenters/CategoryPresenter.php # composer.json # composer.lock # config/version.php # database/factories/AssetModelFactory.php # database/migrations/2020_10_22_233743_move_accessory_checkout_note_to_join_table.php # database/seeds/AssetModelSeeder.php # package-lock.json # public/css/build/AdminLTE.css # public/css/build/app.css # public/css/build/overrides.css # public/css/dist/all.css # public/css/dist/bootstrap-table.css # public/css/dist/skins/skin-black-dark.css # public/css/dist/skins/skin-black-dark.min.css # public/css/dist/skins/skin-black.css # public/css/dist/skins/skin-black.min.css # public/css/dist/skins/skin-blue-dark.css # public/css/dist/skins/skin-blue-dark.min.css # public/css/dist/skins/skin-blue.css # public/css/dist/skins/skin-blue.min.css # public/css/dist/skins/skin-contrast.css # public/css/dist/skins/skin-contrast.min.css # public/css/dist/skins/skin-green-dark.css # public/css/dist/skins/skin-green-dark.min.css # public/css/dist/skins/skin-green.css # public/css/dist/skins/skin-green.min.css # public/css/dist/skins/skin-orange-dark.css # public/css/dist/skins/skin-orange-dark.min.css # public/css/dist/skins/skin-orange.css # public/css/dist/skins/skin-orange.min.css # public/css/dist/skins/skin-purple-dark.css # public/css/dist/skins/skin-purple-dark.min.css # public/css/dist/skins/skin-purple.css # public/css/dist/skins/skin-purple.min.css # public/css/dist/skins/skin-red-dark.css # public/css/dist/skins/skin-red-dark.min.css # public/css/dist/skins/skin-red.css # public/css/dist/skins/skin-red.min.css # public/css/dist/skins/skin-yellow-dark.css # public/css/dist/skins/skin-yellow-dark.min.css # public/css/dist/skins/skin-yellow.css # public/css/dist/skins/skin-yellow.min.css # public/js/build/app.js # public/js/build/vendor.js # public/js/dist/all.js # public/js/dist/bootstrap-table.js # public/mix-manifest.json # resources/assets/js/vue.js # resources/lang/af/validation.php # resources/lang/ar/admin/settings/general.php # resources/lang/ar/validation.php # resources/lang/bg/admin/settings/general.php # resources/lang/bg/validation.php # resources/lang/cs/admin/settings/general.php # resources/lang/cs/validation.php # resources/lang/cy/help.php # resources/lang/cy/validation.php # resources/lang/da/admin/settings/general.php # resources/lang/da/validation.php # resources/lang/de/admin/settings/general.php # resources/lang/de/validation.php # resources/lang/el/validation.php # resources/lang/en-GB/admin/settings/general.php # resources/lang/en-GB/validation.php # resources/lang/en-ID/admin/hardware/table.php # resources/lang/en-ID/admin/settings/general.php # resources/lang/en-ID/validation.php # resources/lang/es-CO/admin/settings/general.php # resources/lang/es-CO/auth/message.php # resources/lang/es-CO/button.php # resources/lang/es-CO/help.php # resources/lang/es-CO/validation.php # resources/lang/es-ES/admin/settings/general.php # resources/lang/es-ES/auth/message.php # resources/lang/es-ES/button.php # resources/lang/es-ES/help.php # resources/lang/es-ES/validation.php # resources/lang/es-MX/admin/settings/general.php # resources/lang/es-MX/validation.php # resources/lang/es-VE/admin/settings/general.php # resources/lang/es-VE/auth/message.php # resources/lang/es-VE/button.php # resources/lang/es-VE/help.php # resources/lang/es-VE/validation.php # resources/lang/et/validation.php # resources/lang/fa/validation.php # resources/lang/fi/admin/settings/general.php # resources/lang/fi/validation.php # resources/lang/fil/validation.php # resources/lang/fr/admin/settings/general.php # resources/lang/fr/validation.php # resources/lang/ga-IE/validation.php # resources/lang/he/admin/settings/general.php # resources/lang/he/general.php # resources/lang/he/validation.php # resources/lang/hr/validation.php # resources/lang/hu/validation.php # resources/lang/id/validation.php # resources/lang/is/admin/categories/general.php # resources/lang/is/admin/companies/message.php # resources/lang/is/admin/companies/table.php # resources/lang/is/admin/components/general.php # resources/lang/is/admin/components/table.php # resources/lang/is/admin/consumables/table.php # resources/lang/is/admin/depreciations/general.php # resources/lang/is/admin/depreciations/message.php # resources/lang/is/admin/hardware/form.php # resources/lang/is/admin/hardware/general.php # resources/lang/is/admin/hardware/message.php # resources/lang/is/admin/hardware/table.php # resources/lang/is/admin/kits/general.php # resources/lang/is/admin/licenses/form.php # resources/lang/is/admin/licenses/general.php # resources/lang/is/admin/locations/table.php # resources/lang/is/admin/manufacturers/table.php # resources/lang/is/admin/reports/message.php # resources/lang/is/admin/settings/general.php # resources/lang/is/admin/settings/message.php # resources/lang/is/admin/statuslabels/message.php # resources/lang/is/admin/suppliers/message.php # resources/lang/is/admin/suppliers/table.php # resources/lang/is/admin/users/table.php # resources/lang/is/mail.php # resources/lang/is/validation.php # resources/lang/it/admin/settings/general.php # resources/lang/it/validation.php # resources/lang/iu/validation.php # resources/lang/ja/mail.php # resources/lang/ja/validation.php # resources/lang/ko/validation.php # resources/lang/lt/validation.php # resources/lang/lv/validation.php # resources/lang/mi/validation.php # resources/lang/mk/validation.php # resources/lang/ml-IN/validation.php # resources/lang/mn/validation.php # resources/lang/ms/validation.php # resources/lang/nl/admin/settings/general.php # resources/lang/nl/validation.php # resources/lang/no/validation.php # resources/lang/pl/admin/settings/general.php # resources/lang/pl/validation.php # resources/lang/pt-BR/admin/settings/general.php # resources/lang/pt-BR/mail.php # resources/lang/pt-BR/validation.php # resources/lang/pt-PT/validation.php # resources/lang/ro/validation.php # resources/lang/ru/validation.php # resources/lang/sl/validation.php # resources/lang/sr-CS/admin/settings/general.php # resources/lang/sr-CS/validation.php # resources/lang/sv-SE/admin/settings/general.php # resources/lang/sv-SE/auth/message.php # resources/lang/sv-SE/button.php # resources/lang/sv-SE/mail.php # resources/lang/sv-SE/validation.php # resources/lang/ta/validation.php # resources/lang/th/validation.php # resources/lang/tl/validation.php # resources/lang/tr/mail.php # resources/lang/tr/validation.php # resources/lang/uk/admin/accessories/table.php # resources/lang/uk/admin/asset_maintenances/message.php # resources/lang/uk/admin/asset_maintenances/table.php # resources/lang/uk/validation.php # resources/lang/ur-PK/validation.php # resources/lang/vi/admin/settings/general.php # resources/lang/vi/validation.php # resources/lang/zh-CN/admin/settings/general.php # resources/lang/zh-CN/validation.php # resources/lang/zh-HK/validation.php # resources/lang/zh-TW/validation.php # resources/lang/zu/validation.php # resources/views/partials/bootstrap-table.blade.php # resources/views/partials/forms/edit/company-select.blade.php # routes/api.php
297 lines
13 KiB
PHP
297 lines
13 KiB
PHP
<?php
|
|
|
|
namespace App\Console\Commands;
|
|
|
|
use Illuminate\Console\Command;
|
|
use ZipArchive;
|
|
|
|
class RestoreFromBackup extends Command
|
|
{
|
|
/**
|
|
* The name and signature of the console command.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $signature = 'snipeit:restore
|
|
{--force : Skip the danger prompt; assuming you hit "y"}
|
|
{filename : The zip file to be migrated}
|
|
{--no-progress : Don\'t show a progress bar}';
|
|
|
|
/**
|
|
* The console command description.
|
|
*
|
|
* @var string
|
|
*/
|
|
protected $description = 'Restore from a previously created backup';
|
|
|
|
/**
|
|
* Create a new command instance.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
}
|
|
|
|
/**
|
|
* Execute the console command.
|
|
*
|
|
* @return mixed
|
|
*/
|
|
public function handle()
|
|
{
|
|
$dir = getcwd();
|
|
echo "Current working directory is: $dir\n";
|
|
//
|
|
$filename = $this->argument('filename');
|
|
|
|
if (! $filename) {
|
|
return $this->error('Missing required filename');
|
|
}
|
|
|
|
if (! $this->option('force') && ! $this->confirm('Are you sure you wish to restore from the given backup file? This can lead to MASSIVE DATA LOSS!')) {
|
|
return $this->error('Data loss not confirmed');
|
|
}
|
|
|
|
if (config('database.default') != 'mysql') {
|
|
return $this->error('DB_CONNECTION must be MySQL in order to perform a restore. Detected: '.config('database.default'));
|
|
}
|
|
|
|
$za = new ZipArchive();
|
|
|
|
$errcode = $za->open($filename/* , ZipArchive::RDONLY */); // that constant only exists in PHP 7.4 and higher
|
|
if ($errcode !== true) {
|
|
$errors = [
|
|
ZipArchive::ER_EXISTS => 'File already exists.',
|
|
ZipArchive::ER_INCONS => 'Zip archive inconsistent.',
|
|
ZipArchive::ER_INVAL => 'Invalid argument.',
|
|
ZipArchive::ER_MEMORY => 'Malloc failure.',
|
|
ZipArchive::ER_NOENT => 'No such file.',
|
|
ZipArchive::ER_NOZIP => 'Not a zip archive.',
|
|
ZipArchive::ER_OPEN => "Can't open file.",
|
|
ZipArchive::ER_READ => 'Read error.',
|
|
ZipArchive::ER_SEEK => 'Seek error.',
|
|
];
|
|
|
|
return $this->error('Could not access file: '.$filename.' - '.array_key_exists($errcode, $errors) ? $errors[$errcode] : " Unknown reason: $errcode");
|
|
}
|
|
|
|
$private_dirs = [
|
|
'storage/private_uploads/assets', // these are asset _files_, not the pictures.
|
|
'storage/private_uploads/audits',
|
|
'storage/private_uploads/imports',
|
|
'storage/private_uploads/assetmodels',
|
|
'storage/private_uploads/users',
|
|
'storage/private_uploads/licenses',
|
|
'storage/private_uploads/signatures',
|
|
];
|
|
$private_files = [
|
|
'storage/oauth-private.key',
|
|
'storage/oauth-public.key',
|
|
];
|
|
$public_dirs = [
|
|
'public/uploads/companies',
|
|
'public/uploads/components',
|
|
'public/uploads/categories',
|
|
'public/uploads/manufacturers',
|
|
//'public/uploads/barcodes', // we don't want this, let the barcodes be regenerated
|
|
'public/uploads/consumables',
|
|
'public/uploads/departments',
|
|
'public/uploads/avatars',
|
|
'public/uploads/suppliers',
|
|
'public/uploads/assets', // these are asset _pictures_, not asset files
|
|
'public/uploads/locations',
|
|
'public/uploads/accessories',
|
|
'public/uploads/models',
|
|
'public/uploads/categories',
|
|
'public/uploads/avatars',
|
|
'public/uploads/manufacturers',
|
|
];
|
|
|
|
$public_files = [
|
|
'public/uploads/logo.*',
|
|
'public/uploads/setting-email_logo*',
|
|
'public/uploads/setting-label_logo*',
|
|
'public/uploads/setting-logo*',
|
|
'public/uploads/favicon.*',
|
|
'public/uploads/favicon-uploaded.*',
|
|
];
|
|
|
|
$all_files = $private_dirs + $public_dirs;
|
|
|
|
$sqlfiles = [];
|
|
$sqlfile_indices = [];
|
|
|
|
$interesting_files = [];
|
|
$boring_files = [];
|
|
|
|
for ($i = 0; $i < $za->numFiles; $i++) {
|
|
$stat_results = $za->statIndex($i);
|
|
// echo "index: $i\n";
|
|
// print_r($stat_results);
|
|
|
|
$raw_path = $stat_results['name'];
|
|
if (strpos($raw_path, '\\') !== false) { //found a backslash, swap it to forward-slash
|
|
$raw_path = strtr($raw_path, '\\', '/');
|
|
//print "Translating file: ".$stat_results['name']." to: ".$raw_path."\n";
|
|
}
|
|
|
|
// skip macOS resource fork files (?!?!?!)
|
|
if (strpos($raw_path, '__MACOSX') !== false && strpos($raw_path, '._') !== false) {
|
|
//print "SKIPPING macOS Resource fork file: $raw_path\n";
|
|
$boring_files[] = $raw_path;
|
|
continue;
|
|
}
|
|
if (@pathinfo($raw_path)['extension'] == 'sql') {
|
|
echo "Found a sql file!\n";
|
|
$sqlfiles[] = $raw_path;
|
|
$sqlfile_indices[] = $i;
|
|
continue;
|
|
}
|
|
|
|
foreach (array_merge($private_dirs, $public_dirs) as $dir) {
|
|
$last_pos = strrpos($raw_path, $dir.'/');
|
|
if ($last_pos !== false) {
|
|
//print("INTERESTING - last_pos is $last_pos when searching $raw_path for $dir - last_pos+strlen(\$dir) is: ".($last_pos+strlen($dir))." and strlen(\$rawpath) is: ".strlen($raw_path)."\n");
|
|
//print("We would copy $raw_path to $dir.\n"); //FIXME append to a path?
|
|
$interesting_files[$raw_path] = ['dest' =>$dir, 'index' => $i];
|
|
continue 2;
|
|
if ($last_pos + strlen($dir) + 1 == strlen($raw_path)) {
|
|
// we don't care about that; we just want files with the appropriate prefix
|
|
//print("FOUND THE EXACT DIRECTORY: $dir AT: $raw_path!!!\n");
|
|
}
|
|
}
|
|
}
|
|
$good_extensions = ['png', 'gif', 'jpg', 'svg', 'jpeg', 'doc', 'docx', 'pdf', 'txt',
|
|
'zip', 'rar', 'xls', 'xlsx', 'lic', 'xml', 'rtf', 'webp', 'key', 'ico', ];
|
|
foreach (array_merge($private_files, $public_files) as $file) {
|
|
$has_wildcard = (strpos($file, '*') !== false);
|
|
if ($has_wildcard) {
|
|
$file = substr($file, 0, -1); //trim last character (which should be the wildcard)
|
|
}
|
|
$last_pos = strrpos($raw_path, $file); // no trailing slash!
|
|
if ($last_pos !== false) {
|
|
$extension = strtolower(pathinfo($raw_path, PATHINFO_EXTENSION));
|
|
if (! in_array($extension, $good_extensions)) {
|
|
$this->warn('Potentially unsafe file '.$raw_path.' is being skipped');
|
|
$boring_files[] = $raw_path;
|
|
continue 2;
|
|
}
|
|
//print("INTERESTING - last_pos is $last_pos when searching $raw_path for $file - last_pos+strlen(\$file) is: ".($last_pos+strlen($file))." and strlen(\$rawpath) is: ".strlen($raw_path)."\n");
|
|
//no wildcards found in $file, process 'normally'
|
|
if ($last_pos + strlen($file) == strlen($raw_path) || $has_wildcard) { //again, no trailing slash. or this is a wildcard and we just take it.
|
|
// print("FOUND THE EXACT FILE: $file AT: $raw_path!!!\n"); //we *do* care about this, though.
|
|
$interesting_files[$raw_path] = ['dest' => dirname($file), 'index' => $i];
|
|
continue 2;
|
|
}
|
|
}
|
|
}
|
|
$boring_files[] = $raw_path; //if we've gotten to here and haven't continue'ed our way into the next iteration, we don't want this file
|
|
} // end of pre-processing the ZIP file for-loop
|
|
|
|
// print_r($interesting_files);exit(-1);
|
|
|
|
if (count($sqlfiles) != 1) {
|
|
return $this->error('There should be exactly *one* sql backup file found, found: '.(count($sqlfiles) == 0 ? 'None' : implode(', ', $sqlfiles)));
|
|
}
|
|
|
|
if (strpos($sqlfiles[0], 'db-dumps') === false) {
|
|
//return $this->error("SQL backup file is missing 'db-dumps' component of full pathname: ".$sqlfiles[0]);
|
|
//older Snipe-IT installs don't have the db-dumps subdirectory component
|
|
}
|
|
|
|
//how to invoke the restore?
|
|
$pipes = [];
|
|
|
|
$env_vars = getenv();
|
|
$env_vars['MYSQL_PWD'] = config('database.connections.mysql.password');
|
|
$proc_results = proc_open('mysql -h '.escapeshellarg(config('database.connections.mysql.host')).' -u '.escapeshellarg(config('database.connections.mysql.username')).' '.escapeshellarg(config('database.connections.mysql.database')), // yanked -p since we pass via ENV
|
|
[0 => ['pipe', 'r'], 1 => ['pipe', 'w'], 2 => ['pipe', 'w']],
|
|
$pipes,
|
|
null,
|
|
$env_vars); // this is not super-duper awesome-secure, but definitely more secure than showing it on the CLI, or dropping temporary files with passwords in them.
|
|
if ($proc_results === false) {
|
|
return $this->error('Unable to invoke mysql via CLI');
|
|
}
|
|
|
|
// $this->info("Stdout says? ".fgets($pipes[1])); //FIXME: I think we might need to set non-blocking mode to use this properly?
|
|
// $this->info("Stderr says? ".fgets($pipes[2])); //FIXME: ditto, same.
|
|
// should we read stdout?
|
|
// fwrite($pipes[0],config("database.connections.mysql.password")."\n"); //this doesn't work :(
|
|
|
|
//$sql_contents = fopen($sqlfiles[0], "r"); //NOPE! This isn't a real file yet, silly-billy!
|
|
|
|
$sql_stat = $za->statIndex($sqlfile_indices[0]);
|
|
//$this->info("SQL Stat is: ".print_r($sql_stat,true));
|
|
$sql_contents = $za->getStream($sql_stat['name']);
|
|
if ($sql_contents === false) {
|
|
$stdout = fgets($pipes[1]);
|
|
$this->info($stdout);
|
|
$stderr = fgets($pipes[2]);
|
|
$this->info($stderr);
|
|
|
|
return false;
|
|
}
|
|
|
|
while (($buffer = fgets($sql_contents)) !== false) {
|
|
//$this->info("Buffer is: '$buffer'");
|
|
$bytes_written = fwrite($pipes[0], $buffer);
|
|
if ($bytes_written === false) {
|
|
$stdout = fgets($pipes[1]);
|
|
$this->info($stdout);
|
|
$stderr = fgets($pipes[2]);
|
|
$this->info($stderr);
|
|
|
|
return false;
|
|
}
|
|
}
|
|
fclose($pipes[0]);
|
|
fclose($sql_contents);
|
|
|
|
$this->line(stream_get_contents($pipes[1]));
|
|
fclose($pipes[1]);
|
|
|
|
$this->error(stream_get_contents($pipes[2]));
|
|
fclose($pipes[2]);
|
|
|
|
//wait, have to do fclose() on all pipes first?
|
|
$close_results = proc_close($proc_results);
|
|
if ($close_results != 0) {
|
|
return $this->error('There may have been a problem with the database import: Error number '.$close_results);
|
|
}
|
|
|
|
//and now copy the files over too (right?)
|
|
//FIXME - we don't prune the filesystem space yet!!!!
|
|
if ($this->option('no-progress')) {
|
|
$bar = null;
|
|
} else {
|
|
$bar = $this->output->createProgressBar(count($interesting_files));
|
|
}
|
|
foreach ($interesting_files as $pretty_file_name => $file_details) {
|
|
$ugly_file_name = $za->statIndex($file_details['index'])['name'];
|
|
$fp = $za->getStream($ugly_file_name);
|
|
//$this->info("Weird problem, here are file details? ".print_r($file_details,true));
|
|
$migrated_file = fopen($file_details['dest'].'/'.basename($pretty_file_name), 'w');
|
|
while (($buffer = fgets($fp)) !== false) {
|
|
fwrite($migrated_file, $buffer);
|
|
}
|
|
fclose($migrated_file);
|
|
fclose($fp);
|
|
//$this->info("Wrote $ugly_file_name to $pretty_file_name");
|
|
if ($bar) {
|
|
$bar->advance();
|
|
}
|
|
}
|
|
if ($bar) {
|
|
$bar->finish();
|
|
$this->line('');
|
|
} else {
|
|
$this->info(count($interesting_files).' files were succesfully transferred');
|
|
}
|
|
foreach ($boring_files as $boring_file) {
|
|
$this->warn($boring_file.' was skipped.');
|
|
}
|
|
}
|
|
}
|