]>
Commit | Line | Data |
---|---|---|
6c50a6cc A |
1 | <?php |
2 | ||
3 | namespace Shaarli\Front; | |
4 | ||
5 | use Shaarli\Container\ShaarliContainer; | |
2899ebb5 A |
6 | use Shaarli\Front\Exception\ShaarliFrontException; |
7 | use Shaarli\Front\Exception\UnauthorizedException; | |
6c50a6cc A |
8 | use Slim\Http\Request; |
9 | use Slim\Http\Response; | |
10 | ||
11 | /** | |
12 | * Class ShaarliMiddleware | |
13 | * | |
14 | * This will be called before accessing any Shaarli controller. | |
15 | */ | |
16 | class ShaarliMiddleware | |
17 | { | |
18 | /** @var ShaarliContainer contains all Shaarli DI */ | |
19 | protected $container; | |
20 | ||
21 | public function __construct(ShaarliContainer $container) | |
22 | { | |
23 | $this->container = $container; | |
24 | } | |
25 | ||
26 | /** | |
27 | * Middleware execution: | |
1a8ac737 A |
28 | * - run updates |
29 | * - if not logged in open shaarli, redirect to login | |
6c50a6cc A |
30 | * - execute the controller |
31 | * - return the response | |
32 | * | |
33 | * In case of error, the error template will be displayed with the exception message. | |
34 | * | |
35 | * @param Request $request Slim request | |
36 | * @param Response $response Slim response | |
37 | * @param callable $next Next action | |
38 | * | |
39 | * @return Response response. | |
40 | */ | |
1a8ac737 | 41 | public function __invoke(Request $request, Response $response, callable $next): Response |
6c50a6cc | 42 | { |
9c75f877 | 43 | $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/'); |
818b3193 | 44 | |
9c75f877 | 45 | try { |
1a8ac737 A |
46 | $this->runUpdates(); |
47 | $this->checkOpenShaarli($request, $response, $next); | |
48 | ||
49 | return $next($request, $response); | |
2899ebb5 | 50 | } catch (ShaarliFrontException $e) { |
1a8ac737 A |
51 | // Possible functional error |
52 | $this->container->pageBuilder->reset(); | |
6c50a6cc | 53 | $this->container->pageBuilder->assign('message', $e->getMessage()); |
1a8ac737 A |
54 | |
55 | $response = $response->withStatus($e->getCode()); | |
56 | ||
57 | return $response->write($this->container->pageBuilder->render('error')); | |
58 | } catch (UnauthorizedException $e) { | |
59 | return $response->withRedirect($this->container->basePath . '/login'); | |
60 | } catch (\Throwable $e) { | |
61 | // Unknown error encountered | |
62 | $this->container->pageBuilder->reset(); | |
6c50a6cc | 63 | if ($this->container->conf->get('dev.debug', false)) { |
1a8ac737 | 64 | $this->container->pageBuilder->assign('message', $e->getMessage()); |
6c50a6cc A |
65 | $this->container->pageBuilder->assign( |
66 | 'stacktrace', | |
1a8ac737 | 67 | nl2br(get_class($e) .': '. PHP_EOL . $e->getTraceAsString()) |
6c50a6cc | 68 | ); |
1a8ac737 A |
69 | } else { |
70 | $this->container->pageBuilder->assign('message', t('An unexpected error occurred.')); | |
6c50a6cc A |
71 | } |
72 | ||
1a8ac737 A |
73 | $response = $response->withStatus(500); |
74 | ||
75 | return $response->write($this->container->pageBuilder->render('error')); | |
76 | } | |
77 | } | |
78 | ||
79 | /** | |
80 | * Run the updater for every requests processed while logged in. | |
81 | */ | |
82 | protected function runUpdates(): void | |
83 | { | |
84 | if ($this->container->loginManager->isLoggedIn() !== true) { | |
85 | return; | |
86 | } | |
87 | ||
88 | $newUpdates = $this->container->updater->update(); | |
89 | if (!empty($newUpdates)) { | |
90 | $this->container->updater->writeUpdates( | |
91 | $this->container->conf->get('resource.updates'), | |
92 | $this->container->updater->getDoneUpdates() | |
93 | ); | |
94 | ||
95 | $this->container->pageCacheManager->invalidateCaches(); | |
96 | } | |
97 | } | |
98 | ||
99 | /** | |
100 | * Access is denied to most pages with `hide_public_links` + `force_login` settings. | |
101 | */ | |
102 | protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool | |
103 | { | |
104 | if (// if the user isn't logged in | |
105 | !$this->container->loginManager->isLoggedIn() | |
106 | // and Shaarli doesn't have public content... | |
107 | && $this->container->conf->get('privacy.hide_public_links') | |
108 | // and is configured to enforce the login | |
109 | && $this->container->conf->get('privacy.force_login') | |
110 | // and the current page isn't already the login page | |
111 | // and the user is not requesting a feed (which would lead to a different content-type as expected) | |
112 | && !in_array($next->getName(), ['login', 'atom', 'rss'], true) | |
113 | ) { | |
114 | throw new UnauthorizedException(); | |
6c50a6cc A |
115 | } |
116 | ||
1a8ac737 | 117 | return true; |
6c50a6cc A |
118 | } |
119 | } |