From 8cb7265eb2f7d8f2837801a717c0b36b7bf2b2c0 Mon Sep 17 00:00:00 2001
From: Dimitri Huisman <diman@huisman.xyz>
Date: Fri, 27 Jan 2023 13:17:36 +0000
Subject: [PATCH] By default disable the API in the setup utility. Generate a
 sample token value for API_TOKEN. Fix small rendering issue when API was
 disabled in setup.

---
 setup/static/render.js            | 21 +++++++++++++++++++--
 setup/templates/steps/config.html |  2 +-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/setup/static/render.js b/setup/static/render.js
index 2d847a2d..b2cdc7c8 100644
--- a/setup/static/render.js
+++ b/setup/static/render.js
@@ -1,3 +1,13 @@
+//API_TOKEN generator
+var chars = "0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*()ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+var tokenLength = 12;
+var token = "";
+
+for (var i = 0; i <= tokenLength; i++) {
+	var randomNumber = Math.floor(Math.random() * chars.length);
+	token += chars.substring(randomNumber, randomNumber +1);
+   }
+
 $(document).ready(function() {
 	if ($("#webmail").val() == 'none') {
 		$("#webmail_path").hide();
@@ -39,8 +49,15 @@ $(document).ready(function() {
 		$("#api_path").val("/api")
 		$("#api_token").show();
 		$("#api_token").prop('required',true);
-		$("#api_token").val("");
+		$("#api_token").val(token);
 		$("#api_token_label").show();
+	} else {
+		$("#api_path").hide();
+		$("#api_path").val("/api")
+		$("#api_token").hide();
+		$("#api_token").prop('required',false);
+		$("#api_token").val("");
+		$("#api_token_label").hide();
 	}
 	$("#api").change(function() {
 		if ($(this).is(":checked")) {
@@ -48,7 +65,7 @@ $(document).ready(function() {
 			$("#api_path").val("/api");
 			$("#api_token").show();
 			$("#api_token").prop('required',true);
-			$("#api_token").val("")
+			$("#api_token").val(token)
 			$("#api_token_label").show();
 		} else {
 			$("#api_path").hide();
diff --git a/setup/templates/steps/config.html b/setup/templates/steps/config.html
index 83a3a813..19736448 100644
--- a/setup/templates/steps/config.html
+++ b/setup/templates/steps/config.html
@@ -93,7 +93,7 @@ manage your email domains, users, etc.</p>
   It is not possible to use the API without an API token.</p>
 
   <div class="form-group">
-      <input type="checkbox" name="api_enabled" value="true" id="api" checked>
+      <input type="checkbox" name="api_enabled" value="false" id="api" >
       <label>Enable the API (and path to the API)</label>
       <input class="form-control" type="text" name="api_path" id="api_path" style="display: none">
       <label name="api_token_label" id="api_token_label">API token</label>