feat: ClientDownload now must be run with the same user as file's owner

.gitignore

@@ -24,7 +24,8 @@ config/.config.php
 config/.config.php.bak
 config/appprofile.php
 
-public/clients/
+public/clients/*.*
+!public/clients/.gitkeep
 
 storage/framework/smarty/cache/*
 storage/framework/smarty/compile/*

composer.json

@@ -7,6 +7,7 @@
         "ext-mysqli": "*",
         "ext-openssl": "*",
         "ext-pdo": "*",
+        "ext-posix": "*",
         "ext-xml": "*",
         "ext-zip": "*",
         "anankke/omnipay-alipay": "^3.1.3",

composer.lock

@@ -123,16 +123,16 @@
         },
         {
             "name": "aws/aws-sdk-php",
-            "version": "3.271.5",
+            "version": "3.272.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/aws/aws-sdk-php.git",
-                "reference": "a583ea7638ebd7710f964ba34aa36ba30ef6a942"
+                "reference": "0c4cba74c79f9b44393c27721fa1fa9138c95387"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/a583ea7638ebd7710f964ba34aa36ba30ef6a942",
-                "reference": "a583ea7638ebd7710f964ba34aa36ba30ef6a942",
+                "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/0c4cba74c79f9b44393c27721fa1fa9138c95387",
+                "reference": "0c4cba74c79f9b44393c27721fa1fa9138c95387",
                 "shasum": ""
             },
             "require": {
@@ -212,9 +212,9 @@
             "support": {
                 "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80",
                 "issues": "https://github.com/aws/aws-sdk-php/issues",
-                "source": "https://github.com/aws/aws-sdk-php/tree/3.271.5"
+                "source": "https://github.com/aws/aws-sdk-php/tree/3.272.2"
             },
-            "time": "2023-05-31T18:26:09+00:00"
+            "time": "2023-06-12T18:21:59+00:00"
         },
         {
             "name": "bacon/bacon-qr-code",
@@ -1166,7 +1166,7 @@
         },
         {
             "name": "illuminate/collections",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/collections.git",
@@ -1221,7 +1221,7 @@
         },
         {
             "name": "illuminate/conditionable",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/conditionable.git",
@@ -1267,7 +1267,7 @@
         },
         {
             "name": "illuminate/container",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/container.git",
@@ -1318,7 +1318,7 @@
         },
         {
             "name": "illuminate/contracts",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/contracts.git",
@@ -1366,7 +1366,7 @@
         },
         {
             "name": "illuminate/database",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/database.git",
@@ -1436,7 +1436,7 @@
         },
         {
             "name": "illuminate/macroable",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/macroable.git",
@@ -1482,7 +1482,7 @@
         },
         {
             "name": "illuminate/pagination",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/pagination.git",
@@ -1532,16 +1532,16 @@
         },
         {
             "name": "illuminate/support",
-            "version": "v9.52.8",
+            "version": "v9.52.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/illuminate/support.git",
-                "reference": "5c38d755c5fa767d5b689867888ee4e5f53fc8a6"
+                "reference": "3fc1d9deb1dc8c256c3394e1547dccdd386bb2f5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/illuminate/support/zipball/5c38d755c5fa767d5b689867888ee4e5f53fc8a6",
-                "reference": "5c38d755c5fa767d5b689867888ee4e5f53fc8a6",
+                "url": "https://api.github.com/repos/illuminate/support/zipball/3fc1d9deb1dc8c256c3394e1547dccdd386bb2f5",
+                "reference": "3fc1d9deb1dc8c256c3394e1547dccdd386bb2f5",
                 "shasum": ""
             },
             "require": {
@@ -1599,7 +1599,7 @@
                 "issues": "https://github.com/laravel/framework/issues",
                 "source": "https://github.com/laravel/framework"
             },
-            "time": "2023-04-04T18:35:58+00:00"
+            "time": "2023-06-01T16:10:43+00:00"
         },
         {
             "name": "irazasyed/telegram-bot-sdk",
@@ -2584,16 +2584,16 @@
         },
         {
             "name": "openai-php/client",
-            "version": "v0.5.2",
+            "version": "v0.5.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/openai-php/client.git",
-                "reference": "ad6ec1e23dce42431df32a1cee7a6985ac22c853"
+                "reference": "a0ca38da78f7420a0b381e4274e416abbf6e563d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/openai-php/client/zipball/ad6ec1e23dce42431df32a1cee7a6985ac22c853",
-                "reference": "ad6ec1e23dce42431df32a1cee7a6985ac22c853",
+                "url": "https://api.github.com/repos/openai-php/client/zipball/a0ca38da78f7420a0b381e4274e416abbf6e563d",
+                "reference": "a0ca38da78f7420a0b381e4274e416abbf6e563d",
                 "shasum": ""
             },
             "require": {
@@ -2606,16 +2606,17 @@
                 "psr/http-message": "^1.1.0|^2.0.0"
             },
             "require-dev": {
-                "guzzlehttp/guzzle": "^7.6.1",
+                "guzzlehttp/guzzle": "^7.7.0",
                 "guzzlehttp/psr7": "^2.5.0",
                 "laravel/pint": "^1.10.0",
                 "nunomaduro/collision": "^7.5.2",
-                "pestphp/pest": "^2.6.1",
-                "pestphp/pest-plugin-arch": "^2.1.2",
+                "pestphp/pest": "dev-develop as 2.6.2",
+                "pestphp/pest-plugin-arch": "^2.2.0",
                 "pestphp/pest-plugin-mock": "^2.0.0",
+                "pestphp/pest-plugin-type-coverage": "^2.0.0",
                 "phpstan/phpstan": "^1.10.15",
-                "rector/rector": "^0.14.8",
-                "symfony/var-dumper": "^6.2.10"
+                "rector/rector": "^0.16.0",
+                "symfony/var-dumper": "^6.3.0"
             },
             "type": "library",
             "autoload": {
@@ -2655,7 +2656,7 @@
             ],
             "support": {
                 "issues": "https://github.com/openai-php/client/issues",
-                "source": "https://github.com/openai-php/client/tree/v0.5.2"
+                "source": "https://github.com/openai-php/client/tree/v0.5.3"
             },
             "funding": [
                 {
@@ -2671,7 +2672,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-05-27T08:25:54+00:00"
+            "time": "2023-06-07T16:17:31+00:00"
         },
         {
             "name": "ozdemir/datatables",
@@ -4766,16 +4767,16 @@
         },
         {
             "name": "stripe/stripe-php",
-            "version": "v10.14.0",
+            "version": "v10.15.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/stripe/stripe-php.git",
-                "reference": "c88a80fa7f361c2d30d6c81fb71f2bb30be1001f"
+                "reference": "d0e48cc85e1aa54cbff3644d1979a4a4c3fdd7bf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/stripe/stripe-php/zipball/c88a80fa7f361c2d30d6c81fb71f2bb30be1001f",
-                "reference": "c88a80fa7f361c2d30d6c81fb71f2bb30be1001f",
+                "url": "https://api.github.com/repos/stripe/stripe-php/zipball/d0e48cc85e1aa54cbff3644d1979a4a4c3fdd7bf",
+                "reference": "d0e48cc85e1aa54cbff3644d1979a4a4c3fdd7bf",
                 "shasum": ""
             },
             "require": {
@@ -4821,9 +4822,9 @@
             ],
             "support": {
                 "issues": "https://github.com/stripe/stripe-php/issues",
-                "source": "https://github.com/stripe/stripe-php/tree/v10.14.0"
+                "source": "https://github.com/stripe/stripe-php/tree/v10.15.0"
             },
-            "time": "2023-05-25T18:09:32+00:00"
+            "time": "2023-06-08T21:47:46+00:00"
         },
         {
             "name": "symfony/console",

config/.config.example.php

@@ -139,5 +139,3 @@ $_ENV['ai_model'] = 'gpt-3.5-turbo';
 
 // ClientDownload 命令解决 API 访问频率高而被限制使用的 Github access token
 $_ENV['github_access_token'] = '';
-
-$_ENV['php_user_group'] = 'www:www';

db/migrations/2023060300-add_user_locale_and_update_data_type.php

@@ -55,7 +55,7 @@ return new class() implements MigrationInterface {
         ALTER TABLE user MODIFY COLUMN `use_new_shop` tinyint(1) NOT NULL DEFAULT 0 COMMENT '是否启用新商店';
         ALTER TABLE user MODIFY COLUMN `is_dark_mode` tinyint(1) NOT NULL DEFAULT 0;
         ALTER TABLE user DROP KEY IF EXISTS `user_name`;
-        ALTER TABLE user ADD UNIQUE KEY `api_token` (`api_token`);
+        ALTER TABLE user ADD UNIQUE KEY IF NOT EXISTS `api_token` (`api_token`);
         ALTER TABLE user ADD KEY IF NOT EXISTS `is_admin` (`is_admin`);
         ALTER TABLE user ADD KEY IF NOT EXISTS `is_banned` (`is_banned`);
         ALTER TABLE user CHANGE COLUMN IF EXISTS `sendDailyMail` `daily_mail_enable` tinyint(1) NOT NULL DEFAULT 0 COMMENT '每日报告开关';

resources/views/tabler/admin/user/edit.tpl

@@ -284,7 +284,7 @@
                 {$key}: $('#{$key}').val(),
                 {/foreach}
                 is_admin: $("#is_admin").is(":checked"),
-                is_banned: $("#enable").is(":checked"),
+                is_banned: $("#is_banned").is(":checked"),
                 ga_enable: $("#ga_enable").is(":checked"),
                 use_new_shop: $("#use_new_shop").is(":checked"),
             },

src/Command/ClientDownload.php

@@ -6,15 +6,13 @@ namespace App\Command;
 
 use Exception;
 use GuzzleHttp\Client;
+use function get_current_user;
 use function json_decode;
 use function json_encode;
+use function posix_geteuid;
+use function posix_getpwuid;
 use function time;
 
-/**
- * 世界这么大，何必要让它更艰难呢？
- *
- * By GeekQuerxy
- */
 final class ClientDownload extends Command
 {
     public string $description = '├─=: php xcat ClientDownload - 定时更新客户端' . PHP_EOL;
@@ -38,7 +36,15 @@ final class ClientDownload extends Command
         $clientsPath = BASE_PATH . '/config/clients.json';
 
         if (! is_file($clientsPath)) {
-            echo 'clients.json 不存在，脚本中止.' . PHP_EOL;
+            echo 'clients.json 不存在，脚本中止。' . PHP_EOL;
+            exit(0);
+        }
+
+        $runningUser = posix_getpwuid(posix_geteuid())['name'];
+        $fileOwner = get_current_user();
+
+        if ($runningUser !== $fileOwner) {
+            echo '当前用户为 ' . $runningUser . '，与文件所有者 ' . $fileOwner . ' 不符，脚本中止。' . PHP_EOL;
             exit(0);
         }
 
@@ -56,18 +62,19 @@ final class ClientDownload extends Command
     {
         try {
             if (! file_exists($savePath)) {
-                echo '目标文件夹 ' . $savePath . ' 不存在，创建中...' . PHP_EOL;
-                system('mkdir ' . $savePath);
+                echo '目标文件夹 ' . $savePath . ' 不存在，下載失败。' . PHP_EOL;
+                return false;
             }
+
             echo '- 开始下载 ' . $fileName . '...' . PHP_EOL;
             $request = $this->client->get($url);
             echo '- 下载 ' . $fileName . ' 成功，正在保存...' . PHP_EOL;
             $result = file_put_contents($savePath . $fileName, $request->getBody()->getContents());
+
             if ($result === false) {
-                echo '- 保存 ' . $fileName . ' 至 ' . $savePath . ' 失败.' . PHP_EOL;
+                echo '- 保存 ' . $fileName . ' 至 ' . $savePath . ' 失败。' . PHP_EOL;
             } else {
-                echo '- 保存 ' . $fileName . ' 至 ' . $savePath . ' 成功.' . PHP_EOL;
-                system('chown ' . $_ENV['php_user_group'] . ' ' . $savePath . $fileName);
+                echo '- 保存 ' . $fileName . ' 至 ' . $savePath . ' 成功。' . PHP_EOL;
             }
 
             return true;
@@ -139,7 +146,7 @@ final class ClientDownload extends Command
                 )
             );
             if ($result === false) {
-                echo 'LocalClientVersion.json 创建失败，脚本中止.' . PHP_EOL;
+                echo 'LocalClientVersion.json 创建失败，脚本中止。' . PHP_EOL;
                 exit(0);
             }
         }
@@ -147,7 +154,7 @@ final class ClientDownload extends Command
         $fileContent = file_get_contents($filePath);
 
         if (! $this->isJson($fileContent)) {
-            echo 'LocalClientVersion.json 文件格式异常，脚本中止.' . PHP_EOL;
+            echo 'LocalClientVersion.json 文件格式异常，脚本中止。' . PHP_EOL;
             exit(0);
         }
 
@@ -185,7 +192,7 @@ final class ClientDownload extends Command
             echo '- 本地不存在 ' . $task['name'] . '，检测到当前最新版本为 ' . $tagName . PHP_EOL;
         } else {
             if ($tagName === $this->version[$task['name']]) {
-                echo '- 检测到当前 ' . $task['name'] . ' 最新版本与本地版本一致，跳过此任务.' . PHP_EOL;
+                echo '- 检测到当前 ' . $task['name'] . ' 最新版本与本地版本一致，跳过此任务。' . PHP_EOL;
                 echo '====== ' . $task['name'] . ' 结束 ======' . PHP_EOL;
                 return;
             }

src/Controllers/SubController.php

@@ -355,7 +355,12 @@ final class SubController extends BaseController
             'proxies' => $nodes,
         ];
 
-        return Yaml::dump(array_merge($clash_config, $clash_nodes, $clash_group_config), 4, 1);
+        return Yaml::dump(
+            array_merge($clash_config, $clash_nodes, $clash_group_config),
+            4,
+            1,
+            Yaml::DUMP_EMPTY_ARRAY_AS_SEQUENCE
+        );
     }
 
     // SIP008 SS 订阅