HTTPS port (cpriego#109)

* Configure HTTPS port

* Error message when tring to share a secured site

* Regenerate HTTPS config when changing HTTP port

* Fix certificates returning final dot

* Valet links display port when needed

* Omit 443 port on https redirect

* Remove share test for https sites

* String replace with associative arrays

Author: TheNodi

cli/Valet/Configuration.php

@@ -197,6 +197,20 @@ public function read()
         return json_decode($this->files->get($this->path()), true);
     }
 
+    /**
+     * Get a configuration value.
+     *
+     * @param string $key
+     * @param mixed $default
+     * @return mixed
+     */
+    public function get($key, $default = null)
+    {
+        $config = $this->read();
+
+        return array_key_exists($key, $config) ? $config[$key] : $default;
+    }
+
     /**
      * Update a specific key in the configuration file.
      *

cli/Valet/Nginx.php

@@ -80,7 +80,12 @@ public function installConfiguration()
 
         $this->files->putAsUser(
             $nginx,
-            str_replace(['VALET_USER', 'VALET_GROUP', 'VALET_HOME_PATH', 'VALET_PID'], [user(), group(), VALET_HOME_PATH, $pid_string], $contents)
+            str_array_replace([
+                'VALET_USER' => user(),
+                'VALET_GROUP' => group(),
+                'VALET_HOME_PATH' => VALET_HOME_PATH,
+                'VALET_PID' => $pid_string,
+            ], $contents)
         );
     }
 

cli/Valet/PhpFpm.php

@@ -75,7 +75,11 @@ public function installConfiguration()
 
         $this->files->putAsUser(
             $this->fpmConfigPath().'/valet.conf',
-            str_replace(['VALET_USER', 'VALET_GROUP','VALET_HOME_PATH'], [user(), group(), VALET_HOME_PATH], $contents)
+            str_array_replace([
+                'VALET_USER' => user(),
+                'VALET_GROUP' => group(),
+                'VALET_HOME_PATH' => VALET_HOME_PATH,
+            ], $contents)
         );
     }
 

cli/Valet/Site.php

@@ -2,8 +2,6 @@
 
 namespace Valet;
 
-use DomainException;
-
 class Site
 {
     public $config;
@@ -89,7 +87,7 @@ public function getCertificates($path)
         return collect($this->files->scanDir($path))->filter(function ($value, $key) {
             return ends_with($value, '.crt');
         })->map(function ($cert) {
-            return substr($cert, 0, -8);
+            return substr($cert, 0, -9);
         })->flip();
     }
 
@@ -104,16 +102,44 @@ public function getLinks($path, $certs)
     {
         $config = $this->config->read();
 
+        $httpPort = $this->httpSuffix();
+        $httpsPort = $this->httpsSuffix();
+
         return collect($this->files->scanDir($path))->mapWithKeys(function ($site) use ($path) {
             return [$site => $this->files->readLink($path . '/' . $site)];
-        })->map(function ($path, $site) use ($certs, $config) {
+        })->map(function ($path, $site) use ($certs, $config, $httpPort, $httpsPort) {
             $secured = $certs->has($site);
-            $url = ($secured ? 'https' : 'http') . '://' . $site . '.' . $config['domain'];
+
+            $url = ($secured ? 'https' : 'http') . '://' . $site . '.' . $config['domain'] . ($secured ? $httpsPort : $httpPort);
 
             return [$site, $secured ? ' X' : '', $url, $path];
         });
     }
 
+    /**
+     * Return http port suffix
+     *
+     * @return string
+     */
+    public function httpSuffix()
+    {
+        $port = $this->config->get('port', 80);
+
+        return ($port == 80) ? '' : ':' . $port;
+    }
+
+    /**
+     * Return https port suffix
+     *
+     * @return string
+     */
+    public function httpsSuffix()
+    {
+        $port = $this->config->get('https_port', 443);
+
+        return ($port == 443) ? '' : ':' . $port;
+    }
+
     /**
      * Unlink the given symbolic link.
      *
@@ -166,14 +192,14 @@ public function resecureForNewDomain($oldDomain, $domain)
     /**
      * Get all of the URLs that are currently secured.
      *
-     * @return array
+     * @return \Illuminate\Support\Collection
      */
     public function secured()
     {
         return collect($this->files->scandir($this->certificatesPath()))
             ->map(function ($file) {
                 return str_replace(['.key', '.csr', '.crt', '.conf'], '', $file);
-            })->unique()->values()->all();
+            })->unique()->values();
     }
 
     /**
@@ -190,10 +216,7 @@ public function secure($url)
 
         $this->createCertificate($url);
 
-        $this->files->putAsUser(
-            VALET_HOME_PATH . '/Nginx/' . $url,
-            $this->buildSecureNginxServer($url)
-        );
+        $this->createSecureNginxServer($url);
     }
 
     /**
@@ -275,6 +298,17 @@ public function trustCertificate($crtPath, $url)
         ));
     }
 
+    /**
+     * @param $url
+     */
+    public function createSecureNginxServer($url)
+    {
+        $this->files->putAsUser(
+            VALET_HOME_PATH . '/Nginx/' . $url,
+            $this->buildSecureNginxServer($url)
+        );
+    }
+
     /**
      * Build the TLS secured Nginx server for the given URL.
      *
@@ -285,9 +319,17 @@ public function buildSecureNginxServer($url)
     {
         $path = $this->certificatesPath();
 
-        return str_replace(
-            ['VALET_HOME_PATH', 'VALET_SERVER_PATH', 'VALET_SITE', 'VALET_CERT', 'VALET_KEY'],
-            [VALET_HOME_PATH, VALET_SERVER_PATH, $url, $path . '/' . $url . '.crt', $path . '/' . $url . '.key'],
+        return str_array_replace(
+            [
+                'VALET_HOME_PATH' => VALET_HOME_PATH,
+                'VALET_SERVER_PATH' => VALET_SERVER_PATH,
+                'VALET_SITE' => $url,
+                'VALET_CERT' => $path . '/' . $url . '.crt',
+                'VALET_KEY' => $path . '/' . $url . '.key',
+                'VALET_HTTP_PORT' => $this->config->get('port', 80),
+                'VALET_HTTPS_PORT' => $this->config->get('https_port', 443),
+                'VALET_REDIRECT_PORT' => $this->httpsSuffix(),
+            ],
             $this->files->get(__DIR__ . '/../stubs/secure.valet.conf')
         );
     }
@@ -313,6 +355,18 @@ public function unsecure($url)
         }
     }
 
+    /**
+     * Regenerate all secured file configurations
+     *
+     * @return void
+     */
+    public function regenerateSecuredSitesConfig()
+    {
+        $this->secured()->each(function ($url) {
+            $this->createSecureNginxServer($url);
+        });
+    }
+
     /**
      * Get the path to the linked Valet sites.
      *

cli/includes/helpers.php

@@ -189,3 +189,15 @@ function group()
 
     return exec('id -gn '.$_SERVER['SUDO_USER']);
 }
+
+/**
+ * Search and replace using associative array
+ *
+ * @param array $searchAndReplace
+ * @param string $subject
+ * @return string
+ */
+function str_array_replace($searchAndReplace, $subject)
+{
+    return str_replace(array_keys($searchAndReplace), array_values($searchAndReplace), $subject);
+}

cli/stubs/secure.valet.conf

@@ -1,11 +1,11 @@
 server {
-    listen 80;
+    listen VALET_HTTP_PORT;
     server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
-    return 301 https://$host$request_uri;
+    return 301 https://$hostVALET_REDIRECT_PORT$request_uri;
 }
 
 server {
-    listen 443 ssl http2;
+    listen VALET_HTTPS_PORT ssl http2;
     server_name VALET_SITE www.VALET_SITE *.VALET_SITE;
     root /;
     charset utf-8;

cli/valet.php

@@ -79,21 +79,44 @@
     /**
      * Get or set the port number currently being used by Valet.
      */
-    $app->command('port [port]', function ($port = null) {
+    $app->command('port [port] [--https]', function ($port = null, $https) {
         if ($port === null) {
-            return info('Current Nginx port: ' . Configuration::read()['port']);
+            info('Current Nginx port (HTTP): ' . Configuration::get('port', 80));
+            info('Current Nginx port (HTTPS): ' . Configuration::get('https_port', 443));
+            return;
         }
 
         $port = trim($port);
-        Nginx::updatePort($port);
 
-        Configuration::updateKey('port', $port);
+        if ($https) {
+            Configuration::updateKey('https_port', $port);
+        }else{
+            Nginx::updatePort($port);
+            Configuration::updateKey('port', $port);
+        }
+
+        Site::regenerateSecuredSitesConfig();
+
         Nginx::restart();
         PhpFpm::restart();
 
-        info('Your Nginx port has been updated to ['.$port.'].');
+        $protocol = $https ? 'HTTPS' : 'HTTP';
+        info("Your Nginx {$protocol} port has been updated to [{$port}].");
     })->descriptions('Get or set the port number used for Valet sites');
 
+    /**
+     * Determine if the site is secured or not
+     */
+    $app->command('secured [site]', function ($site) {
+        if (Site::secured()->contains($site)) {
+            info("{$site} is secured.");
+            return 1;
+        }
+
+        info("{$site} is not secured.");
+        return 0;
+    })->descriptions('Determine if the site is secured or not');
+
     /**
      * Add the current working directory to the paths configuration.
      */

tests/Functional/ShareTest.php

@@ -39,27 +39,4 @@ public function test_we_can_share_an_http_site()
 
         $ngrok->stop();
     }
-
-    public function test_we_can_share_an_https_site()
-    {
-        // Secure site
-        $this->valetCommand('secure', $_SERVER['HOME'] . '/valet-site');
-
-        // Start ngrok tunnel
-        $ngrok = $this->background($this->valet().' share', $_SERVER['HOME'] . '/valet-site');
-
-        // Assert tunnel URL is reachable
-        $tunnel = Ngrok::currentTunnelUrl();
-
-        // TODO: Refactor Ngrok class so we can retrieve https tunnel too
-        $tunnel = str_replace('http://', 'https://', $tunnel);
-
-        $this->assertContains('ngrok.io', $tunnel);
-
-        $response = \Httpful\Request::get($tunnel)->send();
-        $this->assertEquals(200, $response->code);
-        $this->assertContains('Valet site', $response->body);
-
-        $ngrok->stop();
-    }
 }

valet

@@ -89,6 +89,11 @@ then
         fi
     done
 
+    php "$DIR/cli/valet.php" secured "$HOST.$DOMAIN" &> /dev/null || (
+        printf "\033[1;31mSecured sites can not be shared.\033[0m\n"
+        exit 1
+    )
+
     # Fetch Ngrok URL In Background...
     bash "$DIR/cli/scripts/fetch-share-url.sh" &
     sudo -u $USER "$DIR/bin/ngrok" http "$HOST.$DOMAIN:$PORT" -host-header=rewrite ${*:2}