From aa46cb8e358ca875768de4240670e4150c1b3021 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuel=20=C5=A0tancl?= <samuel.stancl@gmail.com>
Date: Fri, 1 Feb 2019 21:36:48 +0100
Subject: [PATCH] Begin work on HTTPS

---
 nginx/includes/tenancy                        |  4 +++
 nginx/includes/tenancy_base                   | 31 ++++++++++++++++++
 nginx/sites-available/example.conf            | 29 +++++++++++++++++
 src/DatabaseManager.php                       |  5 +++
 src/Interfaces/ServerConfigManager.php        |  7 ++++
 .../NginxConfigManager.php                    |  9 ++++++
 src/ServerManager.php                         | 32 +++++++++++++++++++
 src/TenancyServiceProvider.php                |  1 +
 src/TenantManager.php                         | 15 +++++++++
 src/config/tenancy.php                        | 15 +++++++++
 10 files changed, 148 insertions(+)
 create mode 100644 nginx/includes/tenancy
 create mode 100644 nginx/includes/tenancy_base
 create mode 100644 nginx/sites-available/example.conf
 create mode 100644 src/Interfaces/ServerConfigManager.php
 create mode 100644 src/ServerConfigManagers/NginxConfigManager.php
 create mode 100644 src/ServerManager.php

diff --git a/nginx/includes/tenancy b/nginx/includes/tenancy
new file mode 100644
index 00000000..c6cedc56
--- /dev/null
+++ b/nginx/includes/tenancy
@@ -0,0 +1,4 @@
+include includes/tenancy_base;
+
+listen 443 ssl http2;
+listen [::]:443 ssl http2;
\ No newline at end of file
diff --git a/nginx/includes/tenancy_base b/nginx/includes/tenancy_base
new file mode 100644
index 00000000..662c4734
--- /dev/null
+++ b/nginx/includes/tenancy_base
@@ -0,0 +1,31 @@
+include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
+
+access_log      /var/log/nginx/tenancy/access.log;
+error_log       /var/log/nginx/tenancy/error.log;
+rewrite_log     on;
+
+root            /var/www/laravel/tenancy/public;
+index           index.php;
+
+location / {
+    try_files   $uri $uri/ /index.php?$query_string;
+}
+
+# Remove trailing slash to please the routing system.
+if (!-d $request_filename) {
+    rewrite     ^/(.+)/$ /$1 permanent;
+}
+
+location ~* \.php$ {
+    fastcgi_pass                    unix:/var/run/php/php7.2-fpm.sock;
+    fastcgi_index                   index.php;
+    fastcgi_split_path_info         ^(.+\.php)(.*)$;
+    include                         /etc/nginx/fastcgi_params;
+    fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;
+}
+
+location ~ /\.ht {
+    deny all;
+}
\ No newline at end of file
diff --git a/nginx/sites-available/example.conf b/nginx/sites-available/example.conf
new file mode 100644
index 00000000..cd7593b8
--- /dev/null
+++ b/nginx/sites-available/example.conf
@@ -0,0 +1,29 @@
+# certbot -n --staging --nginx -d tenancytest1.ml --preferred-challenges http --must-staple --agree-tos --email samuel.stancl@gmail.com
+
+# Catch-all HTTP (:80) server
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+	return 301 https://$server_name$request_uri;  # Be careful with 301.
+}
+
+# A block like this will be added for each tenant.
+# server {
+# 	include includes/tenancy;
+# 	server_name dev.localhost;
+# }
+
+# If you have some exempt domains, you should create blocks like these
+# for each domain. If you're okay with using a single certificate
+# for these domains, you can create just one block like this:
+#    server {
+#        include includes/tenancy_base;
+# 
+#        listen 443 ssl http2 default_sever;
+#        listen [::]:443 ssl http2 default_sever;
+# 
+#        ssl_certificate ...;
+#        ssl_certificate_key ...;
+#    }
+# Otherwise, use multiple server blocks with
+# server_name instead of default_server
\ No newline at end of file
diff --git a/src/DatabaseManager.php b/src/DatabaseManager.php
index 745efddf..f30025fe 100644
--- a/src/DatabaseManager.php
+++ b/src/DatabaseManager.php
@@ -44,6 +44,11 @@ class DatabaseManager
         return DB::statement("CREATE DATABASE `$name` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci");
     }
 
+    public function delete()
+    {
+        // todo: delete database. similar to create()
+    }
+
     public function getDriver(): ?string
     {
         return config("database.connections.tenant.driver");
diff --git a/src/Interfaces/ServerConfigManager.php b/src/Interfaces/ServerConfigManager.php
new file mode 100644
index 00000000..aed294df
--- /dev/null
+++ b/src/Interfaces/ServerConfigManager.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace Stancl\Tenancy\Interfaces;
+
+interface ServerConfigManager
+{
+}
diff --git a/src/ServerConfigManagers/NginxConfigManager.php b/src/ServerConfigManagers/NginxConfigManager.php
new file mode 100644
index 00000000..6d698678
--- /dev/null
+++ b/src/ServerConfigManagers/NginxConfigManager.php
@@ -0,0 +1,9 @@
+<?php
+
+namespace Stancl\Tenancy\ServerConfigManagers;
+
+use Stancl\Tenancy\Interfaces\ServerConfigManager;
+
+class NginxConfigManager implements ServerConfigManager
+{
+}
diff --git a/src/ServerManager.php b/src/ServerManager.php
new file mode 100644
index 00000000..e74cc191
--- /dev/null
+++ b/src/ServerManager.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace Stancl\Tenancy;
+
+use Stancl\Tenancy\Interfaces\ServerConfigManager;
+
+class ServerManager
+{
+    public function __construct(ServerConfigManager $serverConfigManager, TenantManager $tenantManager)
+    {
+        $this->serverConfigManager = $serverConfigManager;
+        $this->tenantManager = $tenantManager;
+    }
+
+    public function getConfigFilePath()
+    {
+        if (config('tenancy.server.file.single')) {
+            return config('tenancy.server.file.path');
+        }
+
+        return config('tenancy.server.file.path.prefix') . $this->tenantManager('uuid') . config('tenancy.server.file.path.suffix');
+    }
+
+    public function create()
+    {
+    }
+
+    public function delete()
+    {
+        // todo
+    }
+}
diff --git a/src/TenancyServiceProvider.php b/src/TenancyServiceProvider.php
index 678ebe24..d7654c6a 100644
--- a/src/TenancyServiceProvider.php
+++ b/src/TenancyServiceProvider.php
@@ -54,6 +54,7 @@ class TenancyServiceProvider extends ServiceProvider
         $this->mergeConfigFrom(__DIR__ . '/config/tenancy.php', 'tenancy');
 
         $this->app->bind(StorageDriver::class, $this->app['config']['tenancy.storage_driver']);
+        $this->app->bind(ServerConfigManager::class, $this->app['config']['tenancy.server.manager']);
         $this->app->singleton(DatabaseManager::class);
         $this->app->singleton(TenantManager::class, function ($app) {
             return new TenantManager($app, $app[StorageDriver::class], $app[DatabaseManager::class]);
diff --git a/src/TenantManager.php b/src/TenantManager.php
index 75568367..c239a230 100644
--- a/src/TenantManager.php
+++ b/src/TenantManager.php
@@ -264,4 +264,19 @@ class TenantManager
 
         return $this->put($this->put($key, $value));
     }
+
+    /**
+     * Return the identified tenant's attribute(s).
+     *
+     * @param string $attribute
+     * @return mixed
+     */
+    public function __invoke($attribute)
+    {
+        if (is_null($attribute)) {
+            return $this->tenant;
+        }
+        
+        return $this->tenant[(string) $attribute];
+    }
 }
diff --git a/src/config/tenancy.php b/src/config/tenancy.php
index 50b6ad75..252d3e8d 100644
--- a/src/config/tenancy.php
+++ b/src/config/tenancy.php
@@ -30,4 +30,19 @@ return [
             // 's3',
         ],
     ],
+    'server' => [
+        'manager' => 'Stancl\Tenancy\ServerConfigManagers\NginxConfigManager',
+        'file' => [
+            'single' => true, // single file for all tenant vhosts
+            'path' => '/etc/nginx/sites-available/tenants.conf',
+            /*
+            'single' => false,
+            'path' => [
+                'prefix' => '/etc/nginx/sites-available/tenants/tenant',
+                'suffix' => '.conf',
+                // results in: '/etc/nginx/sites-available/tenants/tenant' . $uuid . '.conf'
+            ]
+            */
+        ]
+    ]
 ];