[github/shaarli/Shaarli.git] / application / front / ShaarliMiddleware.php

<?php

namespace Shaarli\Front;

use Shaarli\Container\ShaarliContainer;
use Shaarli\Front\Exception\UnauthorizedException;
use Slim\Http\Request;
use Slim\Http\Response;

/**
 * Class ShaarliMiddleware
 *
 * This will be called before accessing any Shaarli controller.
 */
class ShaarliMiddleware
{
    /** @var ShaarliContainer contains all Shaarli DI */
    protected $container;

    public function __construct(ShaarliContainer $container)
    {
        $this->container = $container;
    }

    /**
     * Middleware execution:
     *   - run updates
     *   - if not logged in open shaarli, redirect to login
     *   - execute the controller
     *   - return the response
     *
     * In case of error, the error template will be displayed with the exception message.
     *
     * @param  Request  $request  Slim request
     * @param  Response $response Slim response
     * @param  callable $next     Next action
     *
     * @return Response response.
     */
    public function __invoke(Request $request, Response $response, callable $next): Response
    {
        $this->initBasePath($request);

        try {
            if (
                !is_file($this->container->conf->getConfigFileExt())
                && !in_array($next->getName(), ['displayInstall', 'saveInstall'], true)
            ) {
                return $response->withRedirect($this->container->basePath . '/install');
            }

            $this->runUpdates();
            $this->checkOpenShaarli($request, $response, $next);

            return $next($request, $response);
        } catch (UnauthorizedException $e) {
            $returnUrl = urlencode($this->container->environment['REQUEST_URI']);

            return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
        }
        // Other exceptions are handled by ErrorController
    }

    /**
     * Run the updater for every requests processed while logged in.
     */
    protected function runUpdates(): void
    {
        if ($this->container->loginManager->isLoggedIn() !== true) {
            return;
        }

        $this->container->updater->setBasePath($this->container->basePath);
        $newUpdates = $this->container->updater->update();
        if (!empty($newUpdates)) {
            $this->container->updater->writeUpdates(
                $this->container->conf->get('resource.updates'),
                $this->container->updater->getDoneUpdates()
            );

            $this->container->pageCacheManager->invalidateCaches();
        }
    }

    /**
     * Access is denied to most pages with `hide_public_links` + `force_login` settings.
     */
    protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
    {
        if (
// if the user isn't logged in
            !$this->container->loginManager->isLoggedIn()
            // and Shaarli doesn't have public content...
            && $this->container->conf->get('privacy.hide_public_links')
            // and is configured to enforce the login
            && $this->container->conf->get('privacy.force_login')
            // and the current page isn't already the login page
            // and the user is not requesting a feed (which would lead to a different content-type as expected)
            && !in_array($next->getName(), ['login', 'processLogin', 'atom', 'rss'], true)
        ) {
            throw new UnauthorizedException();
        }

        return true;
    }

    /**
     * Initialize the URL base path if it hasn't been defined yet.
     */
    protected function initBasePath(Request $request): void
    {
        if (null === $this->container->basePath) {
            $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
        }
    }
}
Commit	Line	Data
6c50a6cc A	1	<?php
	2
	3	namespace Shaarli\Front;
	4
	5	use Shaarli\Container\ShaarliContainer;
2899ebb5	6	use Shaarli\Front\Exception\UnauthorizedException;
6c50a6cc A	7	use Slim\Http\Request;
	8	use Slim\Http\Response;
	9
	10	/**
	11	* Class ShaarliMiddleware
	12	*
	13	* This will be called before accessing any Shaarli controller.
	14	*/
	15	class ShaarliMiddleware
	16	{
	17	/** @var ShaarliContainer contains all Shaarli DI */
	18	protected $container;
	19
	20	public function __construct(ShaarliContainer $container)
	21	{
	22	$this->container = $container;
	23	}
	24
	25	/**
	26	* Middleware execution:
1a8ac737 A	27	* - run updates
1a8ac737 A	28	* - if not logged in open shaarli, redirect to login
6c50a6cc A	29	* - execute the controller
	30	* - return the response
	31	*
	32	* In case of error, the error template will be displayed with the exception message.
	33	*
	34	* @param Request $request Slim request
	35	* @param Response $response Slim response
	36	* @param callable $next Next action
	37	*
	38	* @return Response response.
	39	*/
1a8ac737	40	public function __invoke(Request $request, Response $response, callable $next): Response
6c50a6cc	41	{
bedbb845	42	$this->initBasePath($request);
818b3193	43
9c75f877	44	try {
53054b2b A	45	if (
53054b2b A	46	!is_file($this->container->conf->getConfigFileExt())
c4ad3d4f A	47	&& !in_array($next->getName(), ['displayInstall', 'saveInstall'], true)
	48	) {
	49	return $response->withRedirect($this->container->basePath . '/install');
	50	}
	51
1a8ac737 A	52	$this->runUpdates();
	53	$this->checkOpenShaarli($request, $response, $next);
	54
	55	return $next($request, $response);
1a8ac737	56	} catch (UnauthorizedException $e) {
a8c11451 A	57	$returnUrl = urlencode($this->container->environment['REQUEST_URI']);
	58
	59	return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
1a8ac737	60	}
0c6fdbe1	61	// Other exceptions are handled by ErrorController
1a8ac737 A	62	}
	63
	64	/**
	65	* Run the updater for every requests processed while logged in.
	66	*/
	67	protected function runUpdates(): void
	68	{
	69	if ($this->container->loginManager->isLoggedIn() !== true) {
	70	return;
	71	}
	72
f7f08cee	73	$this->container->updater->setBasePath($this->container->basePath);
1a8ac737 A	74	$newUpdates = $this->container->updater->update();
	75	if (!empty($newUpdates)) {
	76	$this->container->updater->writeUpdates(
	77	$this->container->conf->get('resource.updates'),
	78	$this->container->updater->getDoneUpdates()
	79	);
	80
	81	$this->container->pageCacheManager->invalidateCaches();
	82	}
	83	}
	84
	85	/**
	86	* Access is denied to most pages with `hide_public_links` + `force_login` settings.
	87	*/
	88	protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
	89	{
53054b2b A	90	if (
53054b2b A	91	// if the user isn't logged in
1a8ac737 A	92	!$this->container->loginManager->isLoggedIn()
	93	// and Shaarli doesn't have public content...
	94	&& $this->container->conf->get('privacy.hide_public_links')
	95	// and is configured to enforce the login
	96	&& $this->container->conf->get('privacy.force_login')
	97	// and the current page isn't already the login page
	98	// and the user is not requesting a feed (which would lead to a different content-type as expected)
14fcfb52	99	&& !in_array($next->getName(), ['login', 'processLogin', 'atom', 'rss'], true)
1a8ac737 A	100	) {
1a8ac737 A	101	throw new UnauthorizedException();
6c50a6cc A	102	}
6c50a6cc A	103
1a8ac737	104	return true;
6c50a6cc	105	}
bedbb845 A	106
	107	/**
	108	* Initialize the URL base path if it hasn't been defined yet.
	109	*/
	110	protected function initBasePath(Request $request): void
	111	{
	112	if (null === $this->container->basePath) {
	113	$this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
	114	}
	115	}
6c50a6cc	116	}