X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Ffront%2FShaarliMiddleware.php;h=164217f4f27b83b45754cfcec8d33871a553a26b;hb=53054b2bf6a919fd4ff9b44b6ad1986f21f488b6;hp=fa6c64671d56b9db1ee43cd4c13f71ef15f30958;hpb=6c50a6ccceecf54850e62c312ab2397b84d89ab4;p=github%2Fshaarli%2FShaarli.git diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php index fa6c6467..164217f4 100644 --- a/application/front/ShaarliMiddleware.php +++ b/application/front/ShaarliMiddleware.php @@ -3,7 +3,7 @@ namespace Shaarli\Front; use Shaarli\Container\ShaarliContainer; -use Shaarli\Front\Exception\ShaarliException; +use Shaarli\Front\Exception\UnauthorizedException; use Slim\Http\Request; use Slim\Http\Response; @@ -24,6 +24,8 @@ class ShaarliMiddleware /** * Middleware execution: + * - run updates + * - if not logged in open shaarli, redirect to login * - execute the controller * - return the response * @@ -35,23 +37,80 @@ class ShaarliMiddleware * * @return Response response. */ - public function __invoke(Request $request, Response $response, callable $next) + public function __invoke(Request $request, Response $response, callable $next): Response { + $this->initBasePath($request); + try { - $response = $next($request, $response); - } catch (ShaarliException $e) { - $this->container->pageBuilder->assign('message', $e->getMessage()); - if ($this->container->conf->get('dev.debug', false)) { - $this->container->pageBuilder->assign( - 'stacktrace', - nl2br(get_class($this) .': '. $e->getTraceAsString()) - ); + if ( + !is_file($this->container->conf->getConfigFileExt()) + && !in_array($next->getName(), ['displayInstall', 'saveInstall'], true) + ) { + return $response->withRedirect($this->container->basePath . '/install'); } - $response = $response->withStatus($e->getCode()); - $response = $response->write($this->container->pageBuilder->render('error')); + $this->runUpdates(); + $this->checkOpenShaarli($request, $response, $next); + + return $next($request, $response); + } catch (UnauthorizedException $e) { + $returnUrl = urlencode($this->container->environment['REQUEST_URI']); + + return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl); + } + // Other exceptions are handled by ErrorController + } + + /** + * Run the updater for every requests processed while logged in. + */ + protected function runUpdates(): void + { + if ($this->container->loginManager->isLoggedIn() !== true) { + return; + } + + $this->container->updater->setBasePath($this->container->basePath); + $newUpdates = $this->container->updater->update(); + if (!empty($newUpdates)) { + $this->container->updater->writeUpdates( + $this->container->conf->get('resource.updates'), + $this->container->updater->getDoneUpdates() + ); + + $this->container->pageCacheManager->invalidateCaches(); + } + } + + /** + * Access is denied to most pages with `hide_public_links` + `force_login` settings. + */ + protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool + { + if ( +// if the user isn't logged in + !$this->container->loginManager->isLoggedIn() + // and Shaarli doesn't have public content... + && $this->container->conf->get('privacy.hide_public_links') + // and is configured to enforce the login + && $this->container->conf->get('privacy.force_login') + // and the current page isn't already the login page + // and the user is not requesting a feed (which would lead to a different content-type as expected) + && !in_array($next->getName(), ['login', 'processLogin', 'atom', 'rss'], true) + ) { + throw new UnauthorizedException(); } - return $response; + return true; + } + + /** + * Initialize the URL base path if it hasn't been defined yet. + */ + protected function initBasePath(Request $request): void + { + if (null === $this->container->basePath) { + $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/'); + } } }