X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=index.php;h=8fe862361330fd59274eeceddbd8c1518255ba0e;hb=b3bd8c3e8d367975980043e772f7cd78b7f96bc6;hp=1a121f37a4883f0eaeb0e69ee26cff5c6d6bb938;hpb=a8c11451e8d885a243c1ad52012093ba8d121e2c;p=github%2Fshaarli%2FShaarli.git diff --git a/index.php b/index.php index 1a121f37..8fe86236 100644 --- a/index.php +++ b/index.php @@ -12,41 +12,6 @@ * Licence: http://www.opensource.org/licenses/zlib-license.php */ -// Set 'UTC' as the default timezone if it is not defined in php.ini -// See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone -if (date_default_timezone_get() == '') { - date_default_timezone_set('UTC'); -} - -/* - * PHP configuration - */ - -// http://server.com/x/shaarli --> /shaarli/ -define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0))); - -// High execution time in case of problematic imports/exports. -ini_set('max_input_time', '60'); - -// Try to set max upload file size and read -ini_set('memory_limit', '128M'); -ini_set('post_max_size', '16M'); -ini_set('upload_max_filesize', '16M'); - -// See all error except warnings -error_reporting(E_ALL^E_WARNING); - -// 3rd-party libraries -if (! file_exists(__DIR__ . '/vendor/autoload.php')) { - header('Content-Type: text/plain; charset=utf-8'); - echo "Error: missing Composer configuration\n\n" - ."If you installed Shaarli through Git or using the development branch,\n" - ."please refer to the installation documentation to install PHP" - ." dependencies using Composer:\n" - ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n" - ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/"; - exit; -} require_once 'inc/rain.tpl.class.php'; require_once __DIR__ . '/vendor/autoload.php'; @@ -55,62 +20,27 @@ require_once 'application/bookmark/LinkUtils.php'; require_once 'application/config/ConfigPlugin.php'; require_once 'application/http/HttpUtils.php'; require_once 'application/http/UrlUtils.php'; -require_once 'application/updater/UpdaterUtils.php'; -require_once 'application/FileUtils.php'; require_once 'application/TimeZone.php'; require_once 'application/Utils.php'; -use Shaarli\ApplicationUtils; +require_once __DIR__ . '/init.php'; + +use Katzgrau\KLogger\Logger; +use Psr\Log\LogLevel; use Shaarli\Config\ConfigManager; use Shaarli\Container\ContainerBuilder; use Shaarli\Languages; -use Shaarli\Plugin\PluginManager; +use Shaarli\Security\BanManager; use Shaarli\Security\CookieManager; use Shaarli\Security\LoginManager; use Shaarli\Security\SessionManager; use Slim\App; -// Ensure the PHP version is supported -try { - ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION); -} catch (Exception $exc) { - header('Content-Type: text/plain; charset=utf-8'); - echo $exc->getMessage(); - exit; -} - -define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE)); - -// Force cookie path (but do not change lifetime) -$cookie = session_get_cookie_params(); -$cookiedir = ''; -if (dirname($_SERVER['SCRIPT_NAME']) != '/') { - $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/'; -} -// Set default cookie expiration and path. -session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']); -// Set session parameters on server side. -// Use cookies to store session. -ini_set('session.use_cookies', 1); -// Force cookies for session (phpsessionID forbidden in URL). -ini_set('session.use_only_cookies', 1); -// Prevent PHP form using sessionID in URL if cookies are disabled. -ini_set('session.use_trans_sid', false); - -session_name('shaarli'); -// Start session if needed (Some server auto-start sessions). -if (session_status() == PHP_SESSION_NONE) { - session_start(); -} - -// Regenerate session ID if invalid or not defined in cookie. -if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) { - session_regenerate_id(true); - $_COOKIE['shaarli'] = session_id(); -} - $conf = new ConfigManager(); +// Manually override root URL for complex server configurations +define('SHAARLI_ROOT_URL', $conf->get('general.root_url', null)); + // In dev mode, throw exception on any warning if ($conf->get('dev.debug', false)) { // See all errors (for debugging only) @@ -121,16 +51,23 @@ if ($conf->get('dev.debug', false)) { }); } +$logger = new Logger( + dirname($conf->get('resource.log')), + !$conf->get('dev.debug') ? LogLevel::INFO : LogLevel::DEBUG, + ['filename' => basename($conf->get('resource.log'))] +); $sessionManager = new SessionManager($_SESSION, $conf, session_save_path()); +$sessionManager->initialize(); $cookieManager = new CookieManager($_COOKIE); -$loginManager = new LoginManager($conf, $sessionManager, $cookieManager); +$banManager = new BanManager( + $conf->get('security.trusted_proxies', []), + $conf->get('security.ban_after'), + $conf->get('security.ban_duration'), + $conf->get('resource.ban_file', 'data/ipbans.php'), + $logger +); +$loginManager = new LoginManager($conf, $sessionManager, $cookieManager, $banManager, $logger); $loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); -$clientIpId = client_ip_id($_SERVER); - -// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. -if (! defined('LC_MESSAGES')) { - define('LC_MESSAGES', LC_COLLATE); -} // Sniff browser language and set date format accordingly. if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { @@ -141,56 +78,19 @@ new Languages(setlocale(LC_MESSAGES, 0), $conf); $conf->setEmpty('general.timezone', date_default_timezone_get()); $conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER))); + RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory -$pluginManager = new PluginManager($conf); -$pluginManager->load($conf->get('general.enabled_plugins')); - date_default_timezone_set($conf->get('general.timezone', 'UTC')); -ob_start(); // Output buffering for the page cache. - -// Prevent caching on client side or proxy: (yes, it's ugly) -header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); -header("Cache-Control: no-store, no-cache, must-revalidate"); -header("Cache-Control: post-check=0, pre-check=0", false); -header("Pragma: no-cache"); - -$loginManager->checkLoginState($clientIpId); - -// ------------------------------------------------------------------------------------------ -// Token management for XSRF protection -// Token should be used in any form which acts on data (create,update,delete,import...). -if (!isset($_SESSION['tokens'])) { - $_SESSION['tokens']=array(); // Token are attached to the session. -} - -if (!isset($_SESSION['LINKS_PER_PAGE'])) { - $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20); -} +$loginManager->checkLoginState(client_ip_id($_SERVER)); -$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager); +$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager, $logger); $container = $containerBuilder->build(); $app = new App($container); -// REST API routes -$app->group('/api/v1', function () { - $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); - $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); - $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); - $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); - $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); - $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); - - $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); - $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); - $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); - $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); - - $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory'); -})->add('\Shaarli\Api\ApiMiddleware'); - +// Main Shaarli routes $app->group('', function () { $this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall'); $this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest'); @@ -212,41 +112,71 @@ $app->group('', function () { $this->get('/add-tag/{newTag}', '\Shaarli\Front\Controller\Visitor\TagController:addTag'); $this->get('/remove-tag/{tag}', '\Shaarli\Front\Controller\Visitor\TagController:removeTag'); + $this->get('/links-per-page', '\Shaarli\Front\Controller\Visitor\PublicSessionFilterController:linksPerPage'); + $this->get('/untagged-only', '\Shaarli\Front\Controller\Visitor\PublicSessionFilterController:untaggedOnly'); +})->add('\Shaarli\Front\ShaarliMiddleware'); - /* -- LOGGED IN -- */ +$app->group('/admin', function () { $this->get('/logout', '\Shaarli\Front\Controller\Admin\LogoutController:index'); - $this->get('/admin/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index'); - $this->get('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:index'); - $this->post('/admin/password', '\Shaarli\Front\Controller\Admin\PasswordController:change'); - $this->get('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:index'); - $this->post('/admin/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:save'); - $this->get('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:index'); - $this->post('/admin/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:save'); - $this->get('/admin/add-shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:addShaare'); - $this->get('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayCreateForm'); - $this->get('/admin/shaare/{id:[0-9]+}', '\Shaarli\Front\Controller\Admin\ManageShaareController:displayEditForm'); - $this->post('/admin/shaare', '\Shaarli\Front\Controller\Admin\ManageShaareController:save'); - $this->get('/admin/shaare/delete', '\Shaarli\Front\Controller\Admin\ManageShaareController:deleteBookmark'); - $this->get('/admin/shaare/visibility', '\Shaarli\Front\Controller\Admin\ManageShaareController:changeVisibility'); - $this->get('/admin/shaare/{id:[0-9]+}/pin', '\Shaarli\Front\Controller\Admin\ManageShaareController:pinBookmark'); + $this->get('/tools', '\Shaarli\Front\Controller\Admin\ToolsController:index'); + $this->get('/password', '\Shaarli\Front\Controller\Admin\PasswordController:index'); + $this->post('/password', '\Shaarli\Front\Controller\Admin\PasswordController:change'); + $this->get('/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:index'); + $this->post('/configure', '\Shaarli\Front\Controller\Admin\ConfigureController:save'); + $this->get('/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:index'); + $this->post('/tags', '\Shaarli\Front\Controller\Admin\ManageTagController:save'); + $this->post('/tags/change-separator', '\Shaarli\Front\Controller\Admin\ManageTagController:changeSeparator'); + $this->get('/add-shaare', '\Shaarli\Front\Controller\Admin\ShaareAddController:addShaare'); + $this->get('/shaare', '\Shaarli\Front\Controller\Admin\ShaarePublishController:displayCreateForm'); + $this->get('/shaare/{id:[0-9]+}', '\Shaarli\Front\Controller\Admin\ShaarePublishController:displayEditForm'); + $this->get('/shaare/private/{hash}', '\Shaarli\Front\Controller\Admin\ShaareManageController:sharePrivate'); + $this->post('/shaare-batch', '\Shaarli\Front\Controller\Admin\ShaarePublishController:displayCreateBatchForms'); + $this->post('/shaare', '\Shaarli\Front\Controller\Admin\ShaarePublishController:save'); + $this->get('/shaare/delete', '\Shaarli\Front\Controller\Admin\ShaareManageController:deleteBookmark'); + $this->get('/shaare/visibility', '\Shaarli\Front\Controller\Admin\ShaareManageController:changeVisibility'); + $this->get('/shaare/{id:[0-9]+}/pin', '\Shaarli\Front\Controller\Admin\ShaareManageController:pinBookmark'); $this->patch( - '/admin/shaare/{id:[0-9]+}/update-thumbnail', + '/shaare/{id:[0-9]+}/update-thumbnail', '\Shaarli\Front\Controller\Admin\ThumbnailsController:ajaxUpdate' ); - $this->get('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:index'); - $this->post('/admin/export', '\Shaarli\Front\Controller\Admin\ExportController:export'); - $this->get('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:index'); - $this->post('/admin/import', '\Shaarli\Front\Controller\Admin\ImportController:import'); - $this->get('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index'); - $this->post('/admin/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save'); - $this->get('/admin/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken'); - $this->get('/admin/thumbnails', '\Shaarli\Front\Controller\Admin\ThumbnailsController:index'); - - $this->get('/links-per-page', '\Shaarli\Front\Controller\Admin\SessionFilterController:linksPerPage'); + $this->get('/export', '\Shaarli\Front\Controller\Admin\ExportController:index'); + $this->post('/export', '\Shaarli\Front\Controller\Admin\ExportController:export'); + $this->get('/import', '\Shaarli\Front\Controller\Admin\ImportController:index'); + $this->post('/import', '\Shaarli\Front\Controller\Admin\ImportController:import'); + $this->get('/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:index'); + $this->post('/plugins', '\Shaarli\Front\Controller\Admin\PluginsController:save'); + $this->get('/token', '\Shaarli\Front\Controller\Admin\TokenController:getToken'); + $this->get('/server', '\Shaarli\Front\Controller\Admin\ServerController:index'); + $this->get('/clear-cache', '\Shaarli\Front\Controller\Admin\ServerController:clearCache'); + $this->get('/thumbnails', '\Shaarli\Front\Controller\Admin\ThumbnailsController:index'); + $this->get('/metadata', '\Shaarli\Front\Controller\Admin\MetadataController:ajaxRetrieveTitle'); $this->get('/visibility/{visibility}', '\Shaarli\Front\Controller\Admin\SessionFilterController:visibility'); - $this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly'); -})->add('\Shaarli\Front\ShaarliMiddleware'); +})->add('\Shaarli\Front\ShaarliAdminMiddleware'); + + +// REST API routes +$app->group('/api/v1', function () { + $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo'); + $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks'); + $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink'); + $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink'); + $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink'); + $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink'); + + $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags'); + $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag'); + $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag'); + $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag'); -$response = $app->run(true); + $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory'); +})->add('\Shaarli\Api\ApiMiddleware'); -$app->respond($response); +try { + $response = $app->run(true); + $app->respond($response); +} catch (Throwable $e) { + die(nl2br( + 'An unexpected error happened, and the error template could not be displayed.' . PHP_EOL . PHP_EOL . + exception2text($e) + )); +}