1 files changed, 65 insertions, 8 deletions
diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php
index 7ad610c7..baea6ef2 100644
--- a/application/front/ShaarliMiddleware.php
+++ b/application/front/ShaarliMiddleware.php
@@ -25,6 +25,8 @@ class ShaarliMiddleware
    /**
     * Middleware execution:
+     *   - run updates
+     *   - if not logged in open shaarli, redirect to login
     *   - execute the controller
     *   - return the response
     *
@@ -36,27 +38,82 @@ class ShaarliMiddleware
     *
     * @return Response response.
     */
-    public function __invoke(Request $request, Response $response, callable $next)
+    public function __invoke(Request $request, Response $response, callable $next): Response
    {
        $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
        try {
-            $response = $next($request, $response);
+            $this->runUpdates();
+            $this->checkOpenShaarli($request, $response, $next);
+            return $next($request, $response);
        } catch (ShaarliFrontException $e) {
+            // Possible functional error
+            $this->container->pageBuilder->reset();
            $this->container->pageBuilder->assign('message', $e->getMessage());
+            $response = $response->withStatus($e->getCode());
+            return $response->write($this->container->pageBuilder->render('error'));
+        } catch (UnauthorizedException $e) {
+            return $response->withRedirect($this->container->basePath . '/login');
+        } catch (\Throwable $e) {
+            // Unknown error encountered
+            $this->container->pageBuilder->reset();
            if ($this->container->conf->get('dev.debug', false)) {
+                $this->container->pageBuilder->assign('message', $e->getMessage());
                $this->container->pageBuilder->assign(
                    'stacktrace',
-                    nl2br(get_class($this) .': '. $e->getTraceAsString())
+                    nl2br(get_class($e) .': '. PHP_EOL . $e->getTraceAsString())
                );
+            } else {
+                $this->container->pageBuilder->assign('message', t('An unexpected error occurred.'));
            }
-            $response = $response->withStatus($e->getCode());
+            $response = $response->withStatus(500);
-            $response = $response->write($this->container->pageBuilder->render('error'));
-        } catch (UnauthorizedException $e) {
+            return $response->write($this->container->pageBuilder->render('error'));
-            return $response->withRedirect($this->container->basePath . '/login');
+        }
+    }
+    /**
+     * Run the updater for every requests processed while logged in.
+     */
+    protected function runUpdates(): void
+    {
+        if ($this->container->loginManager->isLoggedIn() !== true) {
+            return;
+        }
+        $newUpdates = $this->container->updater->update();
+        if (!empty($newUpdates)) {
+            $this->container->updater->writeUpdates(
+                $this->container->conf->get('resource.updates'),
+                $this->container->updater->getDoneUpdates()
+            );
+            $this->container->pageCacheManager->invalidateCaches();
+        }
+    }
+    /**
+     * Access is denied to most pages with `hide_public_links` + `force_login` settings.
+     */
+    protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
+    {
+        if (// if the user isn't logged in
+            !$this->container->loginManager->isLoggedIn()
+            // and Shaarli doesn't have public content...
+            && $this->container->conf->get('privacy.hide_public_links')
+            // and is configured to enforce the login
+            && $this->container->conf->get('privacy.force_login')
+            // and the current page isn't already the login page
+            // and the user is not requesting a feed (which would lead to a different content-type as expected)
+            && !in_array($next->getName(), ['login', 'atom', 'rss'], true)
+        ) {
+            throw new UnauthorizedException();
        }
-        return $response;
+        return true;
    }
 }

diff --git a/application/front/ShaarliMiddleware.php b/application/front/ShaarliMiddleware.php index 7ad610c7..baea6ef2 100644 --- a/application/front/ShaarliMiddleware.php +++ b/application/front/ShaarliMiddleware.php
@@ -25,6 +25,8 @@ class ShaarliMiddleware
25		25
26	/**	26	/**
27	* Middleware execution:	27	* Middleware execution:
		28	* - run updates
		29	* - if not logged in open shaarli, redirect to login
28	* - execute the controller	30	* - execute the controller
29	* - return the response	31	* - return the response
30	*	32	*
@@ -36,27 +38,82 @@ class ShaarliMiddleware
36	*	38	*
37	* @return Response response.	39	* @return Response response.
38	*/	40	*/
39	public function __invoke(Request $request, Response $response, callable $next)	41	public function __invoke(Request $request, Response $response, callable $next): Response
40	{	42	{
41	$this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');	43	$this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
42		44
43	try {	45	try {
44	$response = $next($request, $response);	46	$this->runUpdates();
		47	$this->checkOpenShaarli($request, $response, $next);
		48
		49	return $next($request, $response);
45	} catch (ShaarliFrontException $e) {	50	} catch (ShaarliFrontException $e) {
		51	// Possible functional error
		52	$this->container->pageBuilder->reset();
46	$this->container->pageBuilder->assign('message', $e->getMessage());	53	$this->container->pageBuilder->assign('message', $e->getMessage());
		54
		55	$response = $response->withStatus($e->getCode());
		56
		57	return $response->write($this->container->pageBuilder->render('error'));
		58	} catch (UnauthorizedException $e) {
		59	return $response->withRedirect($this->container->basePath . '/login');
		60	} catch (\Throwable $e) {
		61	// Unknown error encountered
		62	$this->container->pageBuilder->reset();
47	if ($this->container->conf->get('dev.debug', false)) {	63	if ($this->container->conf->get('dev.debug', false)) {
		64	$this->container->pageBuilder->assign('message', $e->getMessage());
48	$this->container->pageBuilder->assign(	65	$this->container->pageBuilder->assign(
49	'stacktrace',	66	'stacktrace',
50	nl2br(get_class($this) .': '. $e->getTraceAsString())	67	nl2br(get_class($e) .': '. PHP_EOL . $e->getTraceAsString())
51	);	68	);
		69	} else {
		70	$this->container->pageBuilder->assign('message', t('An unexpected error occurred.'));
52	}	71	}
53		72
54	$response = $response->withStatus($e->getCode());	73	$response = $response->withStatus(500);
55	$response = $response->write($this->container->pageBuilder->render('error'));	74
56	} catch (UnauthorizedException $e) {	75	return $response->write($this->container->pageBuilder->render('error'));
57	return $response->withRedirect($this->container->basePath . '/login');	76	}
		77	}
		78
		79	/**
		80	* Run the updater for every requests processed while logged in.
		81	*/
		82	protected function runUpdates(): void
		83	{
		84	if ($this->container->loginManager->isLoggedIn() !== true) {
		85	return;
		86	}
		87
		88	$newUpdates = $this->container->updater->update();
		89	if (!empty($newUpdates)) {
		90	$this->container->updater->writeUpdates(
		91	$this->container->conf->get('resource.updates'),
		92	$this->container->updater->getDoneUpdates()
		93	);
		94
		95	$this->container->pageCacheManager->invalidateCaches();
		96	}
		97	}
		98
		99	/**
		100	* Access is denied to most pages with `hide_public_links` + `force_login` settings.
		101	*/
		102	protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
		103	{
		104	if (// if the user isn't logged in
		105	!$this->container->loginManager->isLoggedIn()
		106	// and Shaarli doesn't have public content...
		107	&& $this->container->conf->get('privacy.hide_public_links')
		108	// and is configured to enforce the login
		109	&& $this->container->conf->get('privacy.force_login')
		110	// and the current page isn't already the login page
		111	// and the user is not requesting a feed (which would lead to a different content-type as expected)
		112	&& !in_array($next->getName(), ['login', 'atom', 'rss'], true)
		113	) {
		114	throw new UnauthorizedException();
58	}	115	}
59		116
60	return $response;	117	return true;
61	}	118	}
62	}	119	}