disable wp REST API in easywp (#169)

This commit consists 3 commits squashed together, dating back from May 2021: * some initial draft that disables REST API? * fix syntax errors, i was stupid * pre-commit Its main goals are: 1. Install `disable-json-api` to ensure no unauthenticated REST API access, and, 2. Help user install wordpress instead of letting users go to their website to set them up, as installation is required for plugins to be installed.
ocf · Mar 12, 2022 · 1f7a1d6 · 1f7a1d6
1 parent 40a0a11
commit 1f7a1d6
Showing 1 changed file with 23 additions and 1 deletion.
diff --git a/makeservices/easywp b/makeservices/easywp
@@ -69,4 +69,26 @@ wp core download
 wp config create --dbname="$user" --dbuser="$user" --dbpass="$sqlpass" --dbhost=mysql --dbcharset=utf8mb4
 # Somehow 644 is the default... See https://core.trac.wordpress.org/ticket/37264
 chmod 600 "$webroot/wp-config.php"
-echo "WordPress install successful. Go to https://www.ocf.berkeley.edu/~$user to finish the setup process."
+
+# This is the real install
+echo "WordPress configuration creation successful. Setting it up..."
+
+read -rp 'Enter your desired site title. (Default: newsite)' sitetitle
+if [ -z "$sitetitle" ]; then
+    sitetitle="newsite"
+fi
+read -rp 'Enter your desired admin username. (Default: admin)' adminname
+if [ -z "$adminname" ]; then
+    adminname="admin"
+fi
+
+echo "You admin e-mail will be '$(whoami)@ocf.berkeley.edu', the confirmation e-mail will not be sent to you."
+echo "WP-CLI will install wordpress for you. If you wish, enter your desired admin password and press enter; if you want one to be randomly generated for you, press enter."
+# Use --prompt so that password is not left in ~/.bash_history
+wp core install --admin_user="$adminname" --admin_email="$(whoami)@ocf.berkeley.edu" --skip-email --title=$sitetitle --url="https://www.ocf.berkeley.edu/~$user/" --prompt=admin_password
+# As we had `set -e`, installation must be complete as otherwise the script will end. If it is incomplete, people will still know as this step is verbose.
+
+echo "Campus web security regulations require us to disable unauthenticated REST API. We will install a WordPress plug-in to do that.
+      You may use other plug-ins that achieve the same thing, you may also disable or remove it afterwards, but it is your responsibility
+      to ensure your site complies with regulations. Failure to do so may result in your account being suspended."
+wp plugin install disable-json-api --activate