From 0673d323065a2c58b371d579929cb7e8e4e1e1f6 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Mon, 30 Jan 2023 13:16:07 +0000
Subject: [PATCH] Fix setup utility setting correct value to env var API Fix IF
 statement for enabling API in nginx.conf Use safer command for regenerating
 example API token.

---
 core/nginx/conf/nginx.conf        |  2 +-
 setup/static/render.js            | 15 +++++----------
 setup/templates/steps/config.html |  2 +-
 3 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index 38cf7871..4a662dd8 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -252,7 +252,7 @@ http {
       {% endif %}
       {% endif %}
 
-      {% if API %}
+      {% if API == 'true' %}
       location ~ {{ WEB_API or '/api' }} {
         include /etc/nginx/proxy.conf;
         proxy_pass http://$admin;
diff --git a/setup/static/render.js b/setup/static/render.js
index b2cdc7c8..efb5bdbe 100644
--- a/setup/static/render.js
+++ b/setup/static/render.js
@@ -1,12 +1,7 @@
 //API_TOKEN generator
-var chars = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-var tokenLength = 12;
-var token = "";
-
-for (var i = 0; i <= tokenLength; i++) {
-	var randomNumber = Math.floor(Math.random() * chars.length);
-	token += chars.substring(randomNumber, randomNumber +1);
-   }
+var random_array = new Uint32Array(2);
+crypto.getRandomValues(random_array);
+var token =  random_array[0].toString() + random_array[1].toString();
 
 $(document).ready(function() {
 	if ($("#webmail").val() == 'none') {
@@ -53,7 +48,7 @@ $(document).ready(function() {
 		$("#api_token_label").show();
 	} else {
 		$("#api_path").hide();
-		$("#api_path").val("/api")
+		$("#api_path").val("")
 		$("#api_token").hide();
 		$("#api_token").prop('required',false);
 		$("#api_token").val("");
@@ -69,7 +64,7 @@ $(document).ready(function() {
 			$("#api_token_label").show();
 		} else {
 			$("#api_path").hide();
-			$("#api_path").val("/api")
+			$("#api_path").val("")
 			$("#api_token").hide();
 			$("#api_token").prop('required',false);
 			$("#api_token").val("");
diff --git a/setup/templates/steps/config.html b/setup/templates/steps/config.html
index 19736448..03d03c41 100644
--- a/setup/templates/steps/config.html
+++ b/setup/templates/steps/config.html
@@ -93,7 +93,7 @@ manage your email domains, users, etc.</p>
   It is not possible to use the API without an API token.</p>
 
   <div class="form-group">
-      <input type="checkbox" name="api_enabled" value="false" id="api" >
+      <input type="checkbox" name="api_enabled" value="true" id="api" >
       <label>Enable the API (and path to the API)</label>
       <input class="form-control" type="text" name="api_path" id="api_path" style="display: none">
       <label name="api_token_label" id="api_token_label">API token</label>