Merge pull request #2 from LordRobinCbz/develop

fix(config.inc.php/docker-entrypoint.sh,dockerfile,helpers.php): Move TLS logic from entrypoint to php configuration files

Author: LordRobinCbz

apache/Dockerfile

@@ -140,6 +140,7 @@ RUN set -ex; \
 
 # Copy configuration
 COPY config.inc.php /etc/phpmyadmin/config.inc.php
+COPY helpers.php /etc/phpmyadmin/helpers.php
 RUN chown www-data:www-data -R /etc/phpmyadmin/
 
 # Copy main script

apache/config.inc.php

@@ -1,6 +1,9 @@
 <?php
 
+define('SSL_DIR', '/etc/phpmyadmin/ssl');
+
 require '/etc/phpmyadmin/config.secret.inc.php';
+require '/etc/phpmyadmin/helpers.php';
 
 /* Ensure we got the environment */
 $vars = [
@@ -63,6 +66,47 @@
     $cfg['PmaAbsoluteUri'] = trim($_ENV['PMA_ABSOLUTE_URI']);
 }
 
+if (isset($_ENV['PMA_SSL_CA_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-ca.pem', base64_decode($_ENV['PMA_SSL_CA_BASE64']));
+    $_ENV['PMA_SSL_CA'] = SSL_DIR . '/pma-ssl-ca.pem';
+}
+
+/* Decode and save the SSL key from base64 */
+if (isset($_ENV['PMA_SSL_KEY_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-key.key', base64_decode($_ENV['PMA_SSL_KEY_BASE64']));
+    $_ENV['PMA_SSL_KEY'] = SSL_DIR . '/pma-ssl-key.key';
+}
+
+/* Decode and save the SSL certificate from base64 */
+if (isset($_ENV['PMA_SSL_CERT_BASE64'])) {
+    if (!is_dir(SSL_DIR)) {
+        mkdir(SSL_DIR, 0755, true);
+    }
+    file_put_contents(SSL_DIR . '/pma-ssl-cert.pem', base64_decode($_ENV['PMA_SSL_CERT_BASE64']));
+    $_ENV['PMA_SSL_CERT'] = SSL_DIR . '/pma-ssl-cert.pem';
+}
+
+/* Decode and save multiple SSL CA certificates from base64 */
+if (isset($_ENV['PMA_SSL_CAS_BASE64'])) {
+    $_ENV['PMA_SSL_CAS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CAS_BASE64'], 'CA', 'pem');
+}
+
+/* Decode and save multiple SSL keys from base64 */
+if (isset($_ENV['PMA_SSL_KEYS_BASE64'])) {
+    $_ENV['PMA_SSL_KEYS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_KEYS_BASE64'], 'CERT', 'cert');
+}
+
+/* Decode and save multiple SSL certificates from base64 */
+if (isset($_ENV['PMA_SSL_CERTS_BASE64'])) {
+    $_ENV['PMA_SSL_CERTS'] = decodeAndSaveSslFiles($_ENV['PMA_SSL_CERTS_BASE64'], 'KEY', 'key');
+}
+
 /* Figure out hosts */
 
 /* Fallback to default linked */

apache/docker-entrypoint.sh

@@ -29,45 +29,6 @@ if [ ! -z "${PMA_USER_CONFIG_BASE64}" ]; then
     echo "${PMA_USER_CONFIG_BASE64}" | base64 -d > /etc/phpmyadmin/config.user.inc.php
 fi
 
-if [ ! -z "${PMA_SSL_CA_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-ca from base64."
-    echo "${PMA_SSL_CA_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-ca.pem
-    export "PMA_SSL_CA"="/etc/phpmyadmin/ssl/pma-ssl-ca.pem"
-fi
-
-if [ ! -z "${PMA_SSL_KEY_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-key from base64."
-    echo "${PMA_SSL_KEY_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-key.key
-    export "PMA_SSL_KEY"="/etc/phpmyadmin/ssl/pma-ssl-key.key"
-fi
-
-if [ ! -z "${PMA_SSL_CERT_BASE64}" ]; then
-    mkdir -p /etc/phpmyadmin/ssl
-    echo "Adding the custom pma-ssl-cert from base64."
-    echo "${PMA_SSL_CERT_BASE64}" | base64 -d > /etc/phpmyadmin/ssl/pma-ssl-cert.pem
-    export "PMA_SSL_CERT"="/etc/phpmyadmin/ssl/pma-ssl-cert.pem"
-fi
-
-if [ ! -z "${PMA_SSL_CAS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-ca from base64."
-    PMA_SSL_CAS=$(generate_ssl_files "${PMA_SSL_CAS_BASE64}" "CA" "pem")
-    export "PMA_SSL_CAS"
-fi
-
-if [ ! -z "${PMA_SSL_KEYS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-key from base64."
-    PMA_SSL_KEYS=$(generate_ssl_files "${PMA_SSL_KEYS_BASE64}" "CERT" "cert")
-    export "PMA_SSL_KEYS"
-fi
-
-if [ ! -z "${PMA_SSL_CERTS_BASE64}" ]; then
-    echo "Adding multiples custom pma-ssl-cert from base64."
-    PMA_SSL_CERTS=$(generate_ssl_files "${PMA_SSL_CERTS_BASE64}" "KEY" "key")
-    export "PMA_SSL_CERTS"
-fi
-
 # start: Apache specific settings
 if [ -n "${APACHE_PORT+x}" ]; then
     echo "Setting apache port to ${APACHE_PORT}."
@@ -89,31 +50,6 @@ get_docker_secret() {
     fi
 }
 
-# This function generates SSL files from a base64 encoded string.
-# Arguments:
-#   1. base64_string: A comma-separated string of base64 encoded SSL files.
-#   2. prefix: A prefix to be used in the output file names.
-#   3. extension: The file extension to be used for the output files.
-# The function creates a directory for the SSL files, decodes each base64 string,
-# writes the decoded content to a file, and returns a comma-separated list of the generated file paths.
-# 
-generate_ssl_files() {
-    local base64_string="${1}"
-    local output_dir="/etc/phpmyadmin/ssl"
-    mkdir -p "${output_dir}"
-    IFS=',' read -ra FILES <<< "${base64_string}"
-    local counter=1
-    local ssl_files=""
-    for file in "${FILES[@]}"; do
-        local output_file="${output_dir}/pma-ssl-${2}-${counter}.${3}"
-        echo "${file}" | base64 -d > "${output_file}"
-        ssl_files="${ssl_files}${output_file},"
-        counter=$((counter + 1))
-    done
-    ssl_files="${ssl_files%,}"
-    echo "${ssl_files}"
-}
-
 get_docker_secret PMA_USER
 get_docker_secret PMA_PASSWORD
 get_docker_secret MYSQL_ROOT_PASSWORD

apache/helpers.php

@@ -0,0 +1,43 @@
+<?php
+
+class SslFileGenerationException extends Exception {}
+
+define('OUTPUT_DIR', '/etc/phpmyadmin/ssl');
+
+/**
+ * Helper function to decode and save multiple SSL files from base64.
+ *
+ * @param string $base64_string The base64 encoded string containing multiple SSL files separated by commas.
+ *                               If no commas are present, the entire string is treated as a single file.
+ * @param string $prefix The prefix to use for the generated SSL file names.
+ * @param string $extension The file extension to use for the generated SSL files.
+ * @return string A comma-separated list of paths to the generated SSL files.
+ */
+function decodeAndSaveSslFiles($base64_string, $prefix, $extension) {
+    // Ensure the output directory exists
+    if (!is_dir(OUTPUT_DIR)) {
+        mkdir(OUTPUT_DIR, 0755, true);
+    }
+
+    // Split the base64 string into an array of files
+    $files = strpos($base64_string, ',') !== false ? explode(',', $base64_string) : [$base64_string];
+    $counter = 1;
+    $ssl_files = [];
+
+    // Process each file
+    foreach ($files as $file) {
+        $output_file = OUTPUT_DIR . "/pma-ssl-$prefix-$counter.$extension";
+        
+        // Write the decoded file to the output directory
+        if (file_put_contents($output_file, base64_decode($file)) === false) {
+            throw new SslFileGenerationException("Failed to write to $output_file");
+        }
+        
+        // Add the output file path to the list
+        $ssl_files[] = $output_file;
+        $counter++;
+    }
+
+    // Return a comma-separated list of the generated file paths
+    return implode(',', $ssl_files);
+}