X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=862c53efa5d6716ba6faef19b0adf073266a5587;hb=f00600a283617286c813dc902fe3a2d66938b5fc;hp=4627438e523bf16a68530ac1d34d0790a271e9c2;hpb=c4ad3d4f061d05a01db25aa54dda830ba776792d;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 4627438e..862c53ef 100644 --- a/index.php +++ b/index.php @@ -1,4 +1,5 @@ /shaarli/ -define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); - -// High execution time in case of problematic imports/exports. -ini_set('max_input_time', '60'); - -// Try to set max upload file size and read -ini_set('memory_limit', '128M'); -ini_set('post_max_size', '16M'); -ini_set('upload_max_filesize', '16M'); - -// See all error except warnings -error_reporting(E_ALL^E_WARNING); - -// 3rd-party libraries -if (! file_exists(__DIR__ . '/vendor/autoload.php')) { - header('Content-Type: text/plain; charset=utf-8'); - echo "Error: missing Composer configuration\n\n" - ."If you installed Shaarli through Git or using the development branch,\n" - ."please refer to the installation documentation to install PHP" - ." dependencies using Composer:\n" - ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" - ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; - exit; -} require_once 'inc/rain.tpl.class.php'; require_once __DIR__ . '/vendor/autoload.php'; @@ -55,62 +21,28 @@ require_once 'application/bookmark/LinkUtils.php'; require_once 'application/config/ConfigPlugin.php'; require_once 'application/http/HttpUtils.php'; require_once 'application/http/UrlUtils.php'; -require_once 'application/updater/UpdaterUtils.php'; -require_once 'application/FileUtils.php'; require_once 'application/TimeZone.php'; require_once 'application/Utils.php'; -use Shaarli\ApplicationUtils; +require_once __DIR__ . '/init.php'; + +use Katzgrau\KLogger\Logger; +use Psr\Log\LogLevel; use Shaarli\Config\ConfigManager; use Shaarli\Container\ContainerBuilder; use Shaarli\Languages; use Shaarli\Plugin\PluginManager; +use Shaarli\Security\BanManager; use Shaarli\Security\CookieManager; use Shaarli\Security\LoginManager; use Shaarli\Security\SessionManager; use Slim\App; -// Ensure the PHP version is supported -try { - ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION); -} catch (Exception $exc) { - header('Content-Type: text/plain; charset=utf-8'); - echo $exc->getMessage(); - exit; -} - -define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); - -// Force cookie path (but do not change lifetime) -$cookie = session_get_cookie_params(); -$cookiedir = ''; -if (dirname($_SERVER['SCRIPT_NAME']) != '/') { - $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; -} -// Set default cookie expiration and path. -session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); -// Set session parameters on server side. -// Use cookies to store session. -ini_set('session.use_cookies', 1); -// Force cookies for session (phpsessionID forbidden in URL). -ini_set('session.use_only_cookies', 1); -// Prevent PHP form using sessionID in URL if cookies are disabled. -ini_set('session.use_trans_sid', false); - -session_name('shaarli'); -// Start session if needed (Some server auto-start sessions). -if (session_status() == PHP_SESSION_NONE) { - session_start(); -} - -// Regenerate session ID if invalid or not defined in cookie. -if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { - session_regenerate_id(true); - $_COOKIE['shaarli'] = session_id(); -} - $conf = new ConfigManager(); +// Manually override root URL for complex server configurations +define('SHAARLI_ROOT_URL', $conf->get('general.root_url', null)); + // In dev mode, throw exception on any warning if ($conf->get('dev.debug', false)) { // See all errors (for debugging only) @@ -121,16 +53,23 @@ if ($conf->get('dev.debug', false)) { }); } +$logger = new Logger( + dirname($conf->get('resource.log')), + !$conf->get('dev.debug') ? LogLevel::INFO : LogLevel::DEBUG, + ['filename' => basename($conf->get('resource.log'))] +); $sessionManager = new SessionManager($_SESSION, $conf, session_save_path()); +$sessionManager->initialize(); $cookieManager = new CookieManager($_COOKIE); -$loginManager = new LoginManager($conf, $sessionManager, $cookieManager); +$banManager = new BanManager( + $conf->get('security.trusted_proxies', []), + $conf->get('security.ban_after'), + $conf->get('security.ban_duration'), + $conf->get('resource.ban_file', 'data/ipbans.php'), + $logger +); +$loginManager = new LoginManager($conf, $sessionManager, $cookieManager, $banManager, $logger); $loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); -$clientIpId = client_ip_id($_SERVER); - -// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. -if (! defined('LC_MESSAGES')) { - define('LC_MESSAGES', LC_COLLATE); -} // Sniff browser language and set date format accordingly. if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { @@ -140,140 +79,30 @@ if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { new Languages(setlocale(LC_MESSAGES, 0), $conf); $conf->setEmpty('general.timezone', date_default_timezone_get()); -$conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER))); -RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory -RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory +$conf->setEmpty('general.title', t('Shared bookmarks on ') . escape(index_url($_SERVER))); -$pluginManager = new PluginManager($conf); -$pluginManager->load($conf->get('general.enabled_plugins')); +RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl') . '/' . $conf->get('resource.theme') . '/'; // template directory +RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory date_default_timezone_set($conf->get('general.timezone', 'UTC')); -ob_start(); // Output buffering for the page cache. - -// Prevent caching on client side or proxy: (yes, it's ugly) -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -$loginManager->checkLoginState($clientIpId); - -// ------------------------------------------------------------------------------------------ -// Process login form: Check if login/password is correct. -if (isset($_POST['login'])) { - if (! $loginManager->canLogin($_SERVER)) { - die(t('I said: NO. You are banned for the moment. Go away.')); - } - if (isset($_POST['password']) - && $sessionManager->checkToken($_POST['token']) - && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password']) - ) { - $loginManager->handleSuccessfulLogin($_SERVER); - - $cookiedir = ''; - if (dirname($_SERVER['SCRIPT_NAME']) != '/') { - // Note: Never forget the trailing slash on the cookie path! - $cookiedir = dirname($_SERVER["SCRIPT_NAME"]) . '/'; - } - - if (!empty($_POST['longlastingsession'])) { - // Keep the session cookie even after the browser closes - $sessionManager->setStaySignedIn(true); - $expirationTime = $sessionManager->extendSession(); - - setcookie( - CookieManager::STAY_SIGNED_IN, - $loginManager->getStaySignedInToken(), - $expirationTime, - WEB_PATH - ); - } else { - // Standard session expiration (=when browser closes) - $expirationTime = 0; - } - - // Send cookie with the new expiration date to the browser - session_destroy(); - session_set_cookie_params($expirationTime, $cookiedir, $_SERVER['SERVER_NAME']); - session_start(); - session_regenerate_id(true); - - // Optional redirect after login: - if (isset($_GET['post'])) { - $uri = './?post='. urlencode($_GET['post']); - foreach (array('description', 'source', 'title', 'tags') as $param) { - if (!empty($_GET[$param])) { - $uri .= '&'.$param.'='.urlencode($_GET[$param]); - } - } - header('Location: '. $uri); - exit; - } - - if (isset($_GET['edit_link'])) { - header('Location: ./?edit_link='. escape($_GET['edit_link'])); - exit; - } - - if (isset($_POST['returnurl'])) { - // Prevent loops over login screen. - if (strpos($_POST['returnurl'], '/login') === false) { - header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST'])); - exit; - } - } - header('Location: ./?'); - exit; - } else { - $loginManager->handleFailedLogin($_SERVER); - $redir = '?username='. urlencode($_POST['login']); - if (isset($_GET['post'])) { - $redir .= '&post=' . urlencode($_GET['post']); - foreach (array('description', 'source', 'title', 'tags') as $param) { - if (!empty($_GET[$param])) { - $redir .= '&' . $param . '=' . urlencode($_GET[$param]); - } - } - } - // Redirect to login screen. - echo ''; - exit; - } -} - -// ------------------------------------------------------------------------------------------ -// Token management for XSRF protection -// Token should be used in any form which acts on data (create,update,delete,import...). -if (!isset($_SESSION['tokens'])) { - $_SESSION['tokens']=array(); // Token are attached to the session. -} - -if (!isset($_SESSION['LINKS_PER_PAGE'])) { - $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20); -} +$loginManager->checkLoginState(client_ip_id($_SERVER)); -$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager); +$pluginManager = new PluginManager($conf); +$pluginManager->load($conf->get('general.enabled_plugins', [])); + +$containerBuilder = new ContainerBuilder( + $conf, + $sessionManager, + $cookieManager, + $loginManager, + $pluginManager, + $logger +); $container = $containerBuilder->build(); $app = new App($container); -// REST API routes -$app->group('/api/v1', function () { - $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); - $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); - $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); - $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); - $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); - $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); - - $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); - $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); - $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); - $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); - - $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory'); -})->add('\Shaarli\Api\ApiMiddleware'); - +// Main Shaarli routes $app->group('', function () { $this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall'); $this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest'); @@ -283,6 +112,7 @@ $app->group('', function () { $this->get('/', '\Shaarli\Front\Controller\Visitor\BookmarkListController:index'); $this->get('/shaare/{hash}', '\Shaarli\Front\Controller\Visitor\BookmarkListController:permalink'); $this->get('/login', '\Shaarli\Front\Controller\Visitor\LoginController:index')->setName('login'); + $this->post('/login', '\Shaarli\Front\Controller\Visitor\LoginController:login')->setName('processLogin'); $this->get('/picture-wall', '\Shaarli\Front\Controller\Visitor\PictureWallController:index'); $this->get('/tags/cloud', '\Shaarli\Front\Controller\Visitor\TagCloudController:cloud'); $this->get('/tags/list', '\Shaarli\Front\Controller\Visitor\TagCloudController:list'); @@ -294,41 +124,80 @@ $app->group('', function () { $this->get('/add-tag/{newTag}', '\Shaarli\Front\Controller\Visitor\TagController:addTag'); $this->get('/remove-tag/{tag}', '\Shaarli\Front\Controller\Visitor\TagController:removeTag'); + $this->get('/links-per-page', '\Shaarli\Front\Controller\Visitor\PublicSessionFilterController:linksPerPage'); + $this->get('/untagged-only', '\Shaarli\Front\Controller\Visitor\PublicSessionFilterController:untaggedOnly'); +})->add('\Shaarli\Front\ShaarliMiddleware'); - /* -- LOGGED IN -- */ +$app->group('/admin', function () { $this->get('/logout', '\Shaarli\Front\Controller\Admin\LogoutController:index'); - $this->get('/admin/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index'); - $this->get('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:index'); - $this->post('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:change'); - $this->get('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:index'); - $this->post('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:save'); - $this->get('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:index'); - $this->post('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:save'); - $this->get('/admin/add-shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:addShaare'); - $this->get('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayCreateForm'); - $this->get('/admin/shaare/{id:[0-9]+}', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayEditForm'); - $this->post('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:save'); - $this->get('/admin/shaare/delete', '\Shaarli\Front\Controller\Admin\ManageShaareController:deleteBookmark'); - $this->get('/admin/shaare/visibility', '\Shaarli\Front\Controller\Admin\ManageShaareController:changeVisibility'); - $this->get('/admin/shaare/{id:[0-9]+}/pin', '\Shaarli\Front\Controller\Admin\ManageShaareController:pinBookmark'); + $this->get('/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index'); + $this->get('/password', '\Shaarli\Front\Controller\Admin\PasswordController:index'); + $this->post('/password', '\Shaarli\Front\Controller\Admin\PasswordController:change'); + $this->get('/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:index'); + $this->post('/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:save'); + $this->get('/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:index'); + $this->post('/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:save'); + $this->post('/tags/change-separator', '\Shaarli\Front\Controller\Admin\ManageTagController:changeSeparator'); + $this->get('/add-shaare', '\Shaarli\Front\Controller\Admin\ShaareAddController:addShaare'); + $this->get('/shaare', '\Shaarli\Front\Controller\Admin\ShaarePublishController:displayCreateForm'); + $this->get('/shaare/{id:[0-9]+}', '\Shaarli\Front\Controller\Admin\ShaarePublishController:displayEditForm'); + $this->get('/shaare/private/{hash}', '\Shaarli\Front\Controller\Admin\ShaareManageController:sharePrivate'); + $this->post('/shaare-batch', '\Shaarli\Front\Controller\Admin\ShaarePublishController:displayCreateBatchForms'); + $this->post('/shaare', '\Shaarli\Front\Controller\Admin\ShaarePublishController:save'); + $this->get('/shaare/delete', '\Shaarli\Front\Controller\Admin\ShaareManageController:deleteBookmark'); + $this->get('/shaare/visibility', '\Shaarli\Front\Controller\Admin\ShaareManageController:changeVisibility'); + $this->get('/shaare/{id:[0-9]+}/pin', '\Shaarli\Front\Controller\Admin\ShaareManageController:pinBookmark'); $this->patch( - '/admin/shaare/{id:[0-9]+}/update-thumbnail', + '/shaare/{id:[0-9]+}/update-thumbnail', '\Shaarli\Front\Controller\Admin\ThumbnailsController:ajaxUpdate' ); - $this->get('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:index'); - $this->post('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:export'); - $this->get('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:index'); - $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import'); - $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index'); - $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save'); - $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken'); - $this->get('/admin/thumbnails', '\Shaarli\Front\Controller\Admin\ThumbnailsController:index'); - - $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage'); + $this->get('/export', '\Shaarli\Front\Controller\Admin\ExportController:index'); + $this->post('/export', '\Shaarli\Front\Controller\Admin\ExportController:export'); + $this->get('/import', '\Shaarli\Front\Controller\Admin\ImportController:index'); + $this->post('/import', '\Shaarli\Front\Controller\Admin\ImportController:import'); + $this->get('/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index'); + $this->post('/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save'); + $this->get('/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken'); + $this->get('/server', '\Shaarli\Front\Controller\Admin\ServerController:index'); + $this->get('/clear-cache', '\Shaarli\Front\Controller\Admin\ServerController:clearCache'); + $this->get('/thumbnails', '\Shaarli\Front\Controller\Admin\ThumbnailsController:index'); + $this->get('/metadata', '\Shaarli\Front\Controller\Admin\MetadataController:ajaxRetrieveTitle'); $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility'); - $this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly'); +})->add('\Shaarli\Front\ShaarliAdminMiddleware'); + +$app->group('/plugin', function () use ($pluginManager) { + foreach ($pluginManager->getRegisteredRoutes() as $pluginName => $routes) { + $this->group('/' . $pluginName, function () use ($routes) { + foreach ($routes as $route) { + $this->{strtolower($route['method'])}('/' . ltrim($route['route'], '/'), $route['callable']); + } + }); + } })->add('\Shaarli\Front\ShaarliMiddleware'); -$response = $app->run(true); +// REST API routes +$app->group('/api/v1', function () { + $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); + $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); + $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); + $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); + $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); + $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); + + $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); + $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); + $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); + $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); -$app->respond($response); + $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory'); +})->add('\Shaarli\Api\ApiMiddleware'); + +try { + $response = $app->run(true); + $app->respond($response); +} catch (Throwable $e) { + die(nl2br( + 'An unexpected error happened, and the error template could not be displayed.' . PHP_EOL . PHP_EOL . + exception2text($e) + )); +}