aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php143
1 files changed, 23 insertions, 120 deletions
diff --git a/index.php b/index.php
index 1a121f37..42b853a4 100644
--- a/index.php
+++ b/index.php
@@ -12,41 +12,6 @@
12 * Licence: http://www.opensource.org/licenses/zlib-license.php 12 * Licence: http://www.opensource.org/licenses/zlib-license.php
13 */ 13 */
14 14
15// Set 'UTC' as the default timezone if it is not defined in php.ini
16// See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
17if (date_default_timezone_get() == '') {
18 date_default_timezone_set('UTC');
19}
20
21/*
22 * PHP configuration
23 */
24
25// http://server.com/x/shaarli --> /shaarli/
26define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
27
28// High execution time in case of problematic imports/exports.
29ini_set('max_input_time', '60');
30
31// Try to set max upload file size and read
32ini_set('memory_limit', '128M');
33ini_set('post_max_size', '16M');
34ini_set('upload_max_filesize', '16M');
35
36// See all error except warnings
37error_reporting(E_ALL^E_WARNING);
38
39// 3rd-party libraries
40if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
41 header('Content-Type: text/plain; charset=utf-8');
42 echo "Error: missing Composer configuration\n\n"
43 ."If you installed Shaarli through Git or using the development branch,\n"
44 ."please refer to the installation documentation to install PHP"
45 ." dependencies using Composer:\n"
46 ."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n"
47 ."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
48 exit;
49}
50require_once 'inc/rain.tpl.class.php'; 15require_once 'inc/rain.tpl.class.php';
51require_once __DIR__ . '/vendor/autoload.php'; 16require_once __DIR__ . '/vendor/autoload.php';
52 17
@@ -55,12 +20,11 @@ require_once 'application/bookmark/LinkUtils.php';
55require_once 'application/config/ConfigPlugin.php'; 20require_once 'application/config/ConfigPlugin.php';
56require_once 'application/http/HttpUtils.php'; 21require_once 'application/http/HttpUtils.php';
57require_once 'application/http/UrlUtils.php'; 22require_once 'application/http/UrlUtils.php';
58require_once 'application/updater/UpdaterUtils.php';
59require_once 'application/FileUtils.php';
60require_once 'application/TimeZone.php'; 23require_once 'application/TimeZone.php';
61require_once 'application/Utils.php'; 24require_once 'application/Utils.php';
62 25
63use Shaarli\ApplicationUtils; 26require_once __DIR__ . '/init.php';
27
64use Shaarli\Config\ConfigManager; 28use Shaarli\Config\ConfigManager;
65use Shaarli\Container\ContainerBuilder; 29use Shaarli\Container\ContainerBuilder;
66use Shaarli\Languages; 30use Shaarli\Languages;
@@ -70,45 +34,6 @@ use Shaarli\Security\LoginManager;
70use Shaarli\Security\SessionManager; 34use Shaarli\Security\SessionManager;
71use Slim\App; 35use Slim\App;
72 36
73// Ensure the PHP version is supported
74try {
75 ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION);
76} catch (Exception $exc) {
77 header('Content-Type: text/plain; charset=utf-8');
78 echo $exc->getMessage();
79 exit;
80}
81
82define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
83
84// Force cookie path (but do not change lifetime)
85$cookie = session_get_cookie_params();
86$cookiedir = '';
87if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
88 $cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
89}
90// Set default cookie expiration and path.
91session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
92// Set session parameters on server side.
93// Use cookies to store session.
94ini_set('session.use_cookies', 1);
95// Force cookies for session (phpsessionID forbidden in URL).
96ini_set('session.use_only_cookies', 1);
97// Prevent PHP form using sessionID in URL if cookies are disabled.
98ini_set('session.use_trans_sid', false);
99
100session_name('shaarli');
101// Start session if needed (Some server auto-start sessions).
102if (session_status() == PHP_SESSION_NONE) {
103 session_start();
104}
105
106// Regenerate session ID if invalid or not defined in cookie.
107if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
108 session_regenerate_id(true);
109 $_COOKIE['shaarli'] = session_id();
110}
111
112$conf = new ConfigManager(); 37$conf = new ConfigManager();
113 38
114// In dev mode, throw exception on any warning 39// In dev mode, throw exception on any warning
@@ -122,15 +47,10 @@ if ($conf->get('dev.debug', false)) {
122} 47}
123 48
124$sessionManager = new SessionManager($_SESSION, $conf, session_save_path()); 49$sessionManager = new SessionManager($_SESSION, $conf, session_save_path());
50$sessionManager->initialize();
125$cookieManager = new CookieManager($_COOKIE); 51$cookieManager = new CookieManager($_COOKIE);
126$loginManager = new LoginManager($conf, $sessionManager, $cookieManager); 52$loginManager = new LoginManager($conf, $sessionManager, $cookieManager);
127$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']); 53$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']);
128$clientIpId = client_ip_id($_SERVER);
129
130// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
131if (! defined('LC_MESSAGES')) {
132 define('LC_MESSAGES', LC_COLLATE);
133}
134 54
135// Sniff browser language and set date format accordingly. 55// Sniff browser language and set date format accordingly.
136if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { 56if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
@@ -141,6 +61,7 @@ new Languages(setlocale(LC_MESSAGES, 0), $conf);
141 61
142$conf->setEmpty('general.timezone', date_default_timezone_get()); 62$conf->setEmpty('general.timezone', date_default_timezone_get());
143$conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER))); 63$conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER)));
64
144RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory 65RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
145RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory 66RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
146 67
@@ -149,48 +70,13 @@ $pluginManager->load($conf->get('general.enabled_plugins'));
149 70
150date_default_timezone_set($conf->get('general.timezone', 'UTC')); 71date_default_timezone_set($conf->get('general.timezone', 'UTC'));
151 72
152ob_start(); // Output buffering for the page cache. 73$loginManager->checkLoginState(client_ip_id($_SERVER));
153
154// Prevent caching on client side or proxy: (yes, it's ugly)
155header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
156header("Cache-Control: no-store, no-cache, must-revalidate");
157header("Cache-Control: post-check=0, pre-check=0", false);
158header("Pragma: no-cache");
159
160$loginManager->checkLoginState($clientIpId);
161
162// ------------------------------------------------------------------------------------------
163// Token management for XSRF protection
164// Token should be used in any form which acts on data (create,update,delete,import...).
165if (!isset($_SESSION['tokens'])) {
166 $_SESSION['tokens']=array(); // Token are attached to the session.
167}
168
169if (!isset($_SESSION['LINKS_PER_PAGE'])) {
170 $_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
171}
172 74
173$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager); 75$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager);
174$container = $containerBuilder->build(); 76$container = $containerBuilder->build();
175$app = new App($container); 77$app = new App($container);
176 78
177// REST API routes 79// Main Shaarli routes
178$app->group('/api/v1', function () {
179 $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo');
180 $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks');
181 $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink');
182 $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink');
183 $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink');
184 $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink');
185
186 $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags');
187 $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag');
188 $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag');
189 $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag');
190
191 $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory');
192})->add('\Shaarli\Api\ApiMiddleware');
193
194$app->group('', function () { 80$app->group('', function () {
195 $this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall'); 81 $this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall');
196 $this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest'); 82 $this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest');
@@ -247,6 +133,23 @@ $app->group('', function () {
247 $this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly'); 133 $this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly');
248})->add('\Shaarli\Front\ShaarliMiddleware'); 134})->add('\Shaarli\Front\ShaarliMiddleware');
249 135
136// REST API routes
137$app->group('/api/v1', function () {
138 $this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo');
139 $this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks');
140 $this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink');
141 $this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink');
142 $this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink');
143 $this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink');
144
145 $this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags');
146 $this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag');
147 $this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag');
148 $this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag');
149
150 $this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory');
151})->add('\Shaarli\Api\ApiMiddleware');
152
250$response = $app->run(true); 153$response = $app->run(true);
251 154
252$app->respond($response); 155$app->respond($response);