application/front/ShaarliMiddleware.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

<?php

namespace Shaarli\Front;

use Shaarli\Container\ShaarliContainer;
use Shaarli\Front\Exception\ShaarliFrontException;
use Shaarli\Front\Exception\UnauthorizedException;
use Slim\Http\Request;
use Slim\Http\Response;

/**
 * Class ShaarliMiddleware
 *
 * This will be called before accessing any Shaarli controller.
 */
class ShaarliMiddleware
{
    /** @var ShaarliContainer contains all Shaarli DI */
    protected $container;

    public function __construct(ShaarliContainer $container)
    {
        $this->container = $container;
    }

    /**
     * Middleware execution:
     *   - run updates
     *   - if not logged in open shaarli, redirect to login
     *   - execute the controller
     *   - return the response
     *
     * In case of error, the error template will be displayed with the exception message.
     *
     * @param  Request  $request  Slim request
     * @param  Response $response Slim response
     * @param  callable $next     Next action
     *
     * @return Response response.
     */
    public function __invoke(Request $request, Response $response, callable $next): Response
    {
        $this->initBasePath($request);

        try {
            if (!is_file($this->container->conf->getConfigFileExt())
                && !in_array($next->getName(), ['displayInstall', 'saveInstall'], true)
            ) {
                return $response->withRedirect($this->container->basePath . '/install');
            }

            $this->runUpdates();
            $this->checkOpenShaarli($request, $response, $next);

            return $next($request, $response);
        } catch (ShaarliFrontException $e) {
            // Possible functional error
            $this->container->pageBuilder->reset();
            $this->container->pageBuilder->assign('message', nl2br($e->getMessage()));

            $response = $response->withStatus($e->getCode());

            return $response->write($this->container->pageBuilder->render('error', $this->container->basePath));
        } catch (UnauthorizedException $e) {
            $returnUrl = urlencode($this->container->environment['REQUEST_URI']);

            return $response->withRedirect($this->container->basePath . '/login?returnurl=' . $returnUrl);
        } catch (\Throwable $e) {
            // Unknown error encountered
            $this->container->pageBuilder->reset();
            if ($this->container->conf->get('dev.debug', false)) {
                $this->container->pageBuilder->assign('message', $e->getMessage());
                $this->container->pageBuilder->assign(
                    'stacktrace',
                    nl2br(get_class($e) .': '. PHP_EOL . $e->getTraceAsString())
                );
            } else {
                $this->container->pageBuilder->assign('message', t('An unexpected error occurred.'));
            }

            $response = $response->withStatus(500);

            return $response->write($this->container->pageBuilder->render('error', $this->container->basePath));
        }
    }

    /**
     * Run the updater for every requests processed while logged in.
     */
    protected function runUpdates(): void
    {
        if ($this->container->loginManager->isLoggedIn() !== true) {
            return;
        }

        $this->container->updater->setBasePath($this->container->basePath);
        $newUpdates = $this->container->updater->update();
        if (!empty($newUpdates)) {
            $this->container->updater->writeUpdates(
                $this->container->conf->get('resource.updates'),
                $this->container->updater->getDoneUpdates()
            );

            $this->container->pageCacheManager->invalidateCaches();
        }
    }

    /**
     * Access is denied to most pages with `hide_public_links` + `force_login` settings.
     */
    protected function checkOpenShaarli(Request $request, Response $response, callable $next): bool
    {
        if (// if the user isn't logged in
            !$this->container->loginManager->isLoggedIn()
            // and Shaarli doesn't have public content...
            && $this->container->conf->get('privacy.hide_public_links')
            // and is configured to enforce the login
            && $this->container->conf->get('privacy.force_login')
            // and the current page isn't already the login page
            // and the user is not requesting a feed (which would lead to a different content-type as expected)
            && !in_array($next->getName(), ['login', 'atom', 'rss'], true)
        ) {
            throw new UnauthorizedException();
        }

        return true;
    }

    /**
     * Initialize the URL base path if it hasn't been defined yet.
     */
    protected function initBasePath(Request $request): void
    {
        if (null === $this->container->basePath) {
            $this->container->basePath = rtrim($request->getUri()->getBasePath(), '/');
        }
    }
}