From 005ce24a8cea7566cf0a829d64c396b09d5c3914 Mon Sep 17 00:00:00 2001
From: Ahmet Bora <byybora@gmail.com>
Date: Wed, 28 Feb 2024 11:55:13 +0300
Subject: [PATCH] New `security` command

---
 README.md             |  1 +
 commands/security.php | 55 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 commands/security.php

diff --git a/README.md b/README.md
index 5585f07..d0b5c7f 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ This should print the Kirby CLI version and a list of available commands
 - kirby register
 - kirby remove:command
 - kirby roots
+- kirby security
 - kirby unzip
 - kirby upgrade
 - kirby uuid:generate
diff --git a/commands/security.php b/commands/security.php
new file mode 100644
index 0000000..59a4e76
--- /dev/null
+++ b/commands/security.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types = 1);
+
+use Kirby\CLI\CLI;
+use Kirby\Http\Remote;
+use Kirby\Http\Url;
+use Kirby\Toolkit\I18n;
+
+return [
+	'description' => 'Performs security checks of the site',
+	'command' => static function (CLI $cli): void {
+		$kirby        = $cli->kirby();
+		$system       = $kirby->system();
+		$updateStatus = $system->updateStatus();
+		$messages     = [
+			...array_column($updateStatus?->messages() ?? [], 'text'),
+			...$updateStatus->exceptionMessages()
+		];
+
+		if ($kirby->option('debug', false) === true) {
+			$messages[] = I18n::translate('system.issues.debug');
+		}
+
+		if ($kirby->environment()->https() !== true) {
+			$messages[] = I18n::translate('system.issues.https');
+		}
+
+		// checks exposable urls of the site
+		// works only site url is absolute since can't get it in CLI mode
+		// and CURL won't work for relative urls
+		if (Url::isAbsolute($kirby->url())) {
+			$urls = [
+				'content' => $system->exposedFileUrl('content'),
+				'git'     => $system->exposedFileUrl('git'),
+				'kirby'   => $system->exposedFileUrl('kirby'),
+				'site'    => $system->exposedFileUrl('site')
+			];
+
+			foreach ($urls as $key => $url) {
+				if (empty($url) === false && Remote::get($url)->code() < 400) {
+					$messages[] = I18n::translate('system.issues.' . $key);
+				}
+			}
+		}
+
+		if (empty($messages) === false) {
+			foreach ($messages as $message) {
+				$cli->error('> ' . $message);
+			}
+		} else {
+			$cli->success('No security warnings were detected');
+		}
+	}
+];