From 37a4e8d5c5059e5af83d308dd567790c8bb645d8 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Thu, 31 Mar 2022 23:38:54 -0700
Subject: [PATCH] cloudron-setup: add --setup-token

---
 scripts/cloudron-setup | 15 +++++++++++++++
 src/appstore.js        | 10 ----------
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/scripts/cloudron-setup b/scripts/cloudron-setup
index 038a10b7e..51cf59830 100755
--- a/scripts/cloudron-setup
+++ b/scripts/cloudron-setup
@@ -61,6 +61,7 @@ webServerOrigin="https://cloudron.io"
 sourceTarballUrl=""
 rebootServer="true"
 setupToken="" # this is a OTP for securing an installation (https://forum.cloudron.io/topic/6389/add-password-for-initial-configuration)
+appstoreSetupToken=""
 redo="false"
 
 args=$(getopt -o "" -l "help,skip-baseimage-init,provider:,version:,env:,skip-reboot,generate-setup-token,redo" -n "$0" -- "$@")
@@ -87,6 +88,7 @@ while true; do
     --skip-baseimage-init) initBaseImage="false"; shift;;
     --skip-reboot) rebootServer="false"; shift;;
     --redo) redo="true"; shift;;
+    --setup-token) appstoreSetupToken="$2"; shift 2;;
     --generate-setup-token) setupToken="$(openssl rand -hex 10)"; shift;;
     --) break;;
     *) echo "Unknown option $1"; exit 1;;
@@ -209,6 +211,19 @@ fi
 mysql -uroot -ppassword -e "REPLACE INTO box.settings (name, value) VALUES ('api_server_origin', '${apiServerOrigin}');" 2>/dev/null
 mysql -uroot -ppassword -e "REPLACE INTO box.settings (name, value) VALUES ('web_server_origin', '${webServerOrigin}');" 2>/dev/null
 
+if [[ -n "${appstoreSetupToken}" ]]; then
+    if ! setupResponse=$(curl -X POST -H "Content-type: application/json" --data "{\"setupToken\": \"${appstoreSetupToken}\"}" "${apiServerOrigin}/api/v1/cloudron_setup_done"); then
+        echo "Could not complete setup. See ${LOG_FILE} for details"
+        exit 1
+    fi
+
+    cloudronId=$(echo "${setupResponse}" | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["cloudronId"])')
+    mysql -uroot -ppassword -e "REPLACE INTO box.settings (name, value) VALUES ('cloudron_id', '${cloudronId}');" 2>/dev/null
+
+    appstoreApiToken=$(echo "${setupResponse}" | python3 -c 'import json,sys;obj=json.load(sys.stdin);print(obj["accessToken"])')
+    mysql -uroot -ppassword -e "REPLACE INTO box.settings (name, value) VALUES ('appstore_api_token', '${appstoreApiToken}');" 2>/dev/null
+fi
+
 echo -n "=> Waiting for cloudron to be ready (this takes some time) ..."
 while true; do
     echo -n "."
diff --git a/src/appstore.js b/src/appstore.js
index a4d3f76da..b43482b81 100644
--- a/src/appstore.js
+++ b/src/appstore.js
@@ -8,7 +8,6 @@ exports = module.exports = {
     getAppVersion,
 
     registerWithLoginCredentials,
-    registerWithSetupToken,
     updateCloudron,
 
     purchaseApp,
@@ -342,15 +341,6 @@ async function registerWithLoginCredentials(options) {
     await registerCloudron({ domain: settings.dashboardDomain(), accessToken: result.accessToken, version: constants.VERSION });
 }
 
-async function registerWithSetupToken(setupToken) {
-    assert.strictEqual(typeof setupToken, 'string');
-
-    const token = await settings.getAppstoreApiToken();
-    if (token) throw new BoxError(BoxError.CONFLICT, 'Cloudron is already registered');
-
-    await registerCloudron({ domain: settings.dashboardDomain(), setupToken: setupToken, version: constants.VERSION });
-}
-
 async function createTicket(info, auditSource) {
     assert.strictEqual(typeof info, 'object');
     assert.strictEqual(typeof info.email, 'string');