From f9a343a8662f2eecbf57616d7332252ff90a340d Mon Sep 17 00:00:00 2001 From: Andrey Helldar Date: Sun, 14 Sep 2025 17:03:02 +0300 Subject: [PATCH] Fixed token path resolution and validation logic --- app/Services/Token.php | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/app/Services/Token.php b/app/Services/Token.php index 5e46c8f..ba04722 100644 --- a/app/Services/Token.php +++ b/app/Services/Token.php @@ -19,10 +19,19 @@ protected static function fromServer(): ?string protected static function fromComposer(): ?string { foreach (static::composerPath() as $path) { - if (! $data = Process::run('cat ' . $path)) { + $resolved = static::resolvePath($path); + + if (! $resolved || ! is_file($resolved) || ! is_readable($resolved)) { + continue; + } + + $contents = @file_get_contents($resolved); + if ($contents === false) { continue; } + $data = json_decode($contents, true, 512, JSON_THROW_ON_ERROR); + if ($token = $data['github-oauth']['github.com'] ?? null) { return $token; } @@ -42,4 +51,25 @@ protected static function composerPath(): array '%USERPROFILE%/AppData/Roaming/Composer/auth.json', ]; } + + protected static function resolvePath(string $path): ?string + { + if (str_contains($path, '%USERPROFILE%')) { + $userProfile = getenv('USERPROFILE') ?: ($_SERVER['USERPROFILE'] ?? null); + + if ($userProfile) { + $path = str_replace('%USERPROFILE%', rtrim($userProfile, '\\/'), $path); + } + } + + if (str_starts_with($path, '~')) { + $home = getenv('HOME') ?: ($_SERVER['HOME'] ?? null); + + if ($home) { + $path = rtrim($home, '\\/') . substr($path, 1); + } + } + + return str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $path); + } }