misuzu/public/index.php

<?php
namespace Misuzu;

use RuntimeException;
use Misuzu\Auth\AuthTokenBuilder;
use Misuzu\Auth\AuthTokenCookie;
use Misuzu\Auth\AuthTokenInfo;

require_once __DIR__ . '/../misuzu.php';

set_exception_handler(function(\Throwable $ex) {
    http_response_code(500);
    ob_clean();

    if(MSZ_DEBUG) {
        header('Content-Type: text/plain; charset=utf-8');
        echo (string)$ex;
    } else {
        header('Content-Type: text/html; charset=utf-8');
        echo file_get_contents(MSZ_TEMPLATES . '/500.html');
    }
    exit;
});

// The whole wall of shit before the router setup and dispatch should be worked away
// Lockdown things should be middleware when there's no more legacy files

$request = \Index\Http\HttpRequest::fromRequest();

ob_start();

if(file_exists(MSZ_ROOT . '/.migrating')) {
    http_response_code(503);
    if(!isset($_GET['_check'])) {
        header('Content-Type: text/html; charset=utf-8');
        echo file_get_contents(MSZ_TEMPLATES . '/503.html');
    }
    exit;
}

if(!MSZ_DEBUG) {
    $twigCacheDirSfx = GitInfo::hash(true);
    if(empty($twigCacheDirSfx))
        $twigCacheDirSfx = md5(MSZ_ROOT);

    $twigCache = sys_get_temp_dir() . '/msz-tpl-' . $twigCacheDirSfx;
    if(!is_dir($twigCache))
        mkdir($twigCache, 0775, true);
}

$globals = $cfg->getValues([
    ['site.name:s', 'Misuzu'],
    'site.desc:s',
    'site.url:s',
    'eeprom.path:s',
    'eeprom.app:s',
    ['csrf.secret:s', 'soup'],
]);

Template::init($msz, $twigCache ?? null, MSZ_DEBUG);

Template::set('globals', [
    'site_name' => $globals['site.name'],
    'site_description' => $globals['site.desc'],
    'site_url' => $globals['site.url'],
    'eeprom' => [
        'path' => $globals['eeprom.path'],
        'app' => $globals['eeprom.app'],
    ],
]);

$mszAssetsInfo = json_decode(file_get_contents(MSZ_ASSETS . '/current.json'));
if(!empty($mszAssetsInfo))
    Template::set('assets', $mszAssetsInfo);
unset($mszAssetsInfo);

Template::addPath(MSZ_TEMPLATES);

$tokenPacker = $msz->createAuthTokenPacker();

if(filter_has_var(INPUT_COOKIE, 'msz_auth'))
    $tokenInfo = $tokenPacker->unpack(filter_input(INPUT_COOKIE, 'msz_auth'));
elseif(filter_has_var(INPUT_COOKIE, 'msz_uid') && filter_has_var(INPUT_COOKIE, 'msz_sid')) {
    $tokenBuilder = new AuthTokenBuilder;
    $tokenBuilder->setUserId((string)filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT));
    $tokenBuilder->setSessionToken((string)filter_input(INPUT_COOKIE, 'msz_sid'));
    $tokenInfo = $tokenBuilder->toInfo();
    $tokenBuilder = null;
} else
    $tokenInfo = AuthTokenInfo::empty();

$userInfo = null;
$sessionInfo = null;
$userInfoReal = null;

if($tokenInfo->hasUserId() && $tokenInfo->hasSessionToken()) {
    $users = $msz->getUsers();
    $sessions = $msz->getSessions();
    $tokenBuilder = new AuthTokenBuilder($tokenInfo);

    try {
        $sessionInfo = $sessions->getSession(sessionToken: $tokenInfo->getSessionToken());

        if($sessionInfo->hasExpired()) {
            $tokenBuilder->removeUserId();
            $tokenBuilder->removeSessionToken();
        } elseif($sessionInfo->getUserId() === $tokenInfo->getUserId()) {
            $userInfo = $users->getUser($tokenInfo->getUserId(), 'id');

            if($userInfo->isDeleted()) {
                $tokenBuilder->removeUserId();
                $tokenBuilder->removeSessionToken();
            } else {
                $users->recordUserActivity($userInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
                $sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
                if($sessionInfo->shouldBumpExpires())
                    $tokenBuilder->setEdited();

                if($tokenInfo->hasImpersonatedUserId()) {
                    $allowToImpersonate = $userInfo->isSuperUser();
                    $impersonatedUserId = $tokenInfo->getImpersonatedUserId();

                    if(!$allowToImpersonate) {
                        $allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->getId()));
                        $allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
                    }

                    if($allowToImpersonate) {
                        $userInfoReal = $userInfo;

                        try {
                            $userInfo = $users->getUser($impersonatedUserId, 'id');
                        } catch(RuntimeException $ex) {
                            $userInfo = $userInfoReal;
                            $userInfoReal = null;
                            $tokenBuilder->removeImpersonatedUserId();
                        }
                    } else $tokenBuilder->removeImpersonatedUserId();
                }
            }
        }
    } catch(RuntimeException $ex) {
        $tokenBuilder->removeUserId();
        $tokenBuilder->removeSessionToken();
        $tokenBuilder->removeImpersonatedUserId();
        $userInfo = null;
        $sessionInfo = null;
        $userInfoReal = null;
    }

    if($tokenBuilder->isEdited()) {
        $tokenInfo = $tokenBuilder->toInfo();
        AuthTokenCookie::apply($tokenPacker->pack($tokenInfo));
    }
}

$msz->getAuthInfo()->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);

if(!empty($userInfo))
    $userInfo = $users->getUser((string)$userInfo->getId(), 'id');
if(!empty($userInfoReal))
    $userInfoReal = $users->getUser((string)$userInfoReal->getId(), 'id');

CSRF::init(
    $globals['csrf.secret'],
    ($msz->isLoggedIn() ? $sessionInfo->getToken() : $_SERVER['REMOTE_ADDR'])
);

if(!empty($userInfo)) {
    Template::set('current_user', $userInfo);
    Template::set('current_user_ban_info', $msz->tryGetActiveBan());
}

if(!empty($userInfoReal)) {
    Template::set('current_user_real', $userInfoReal);
    Template::set('current_user_real_colour', $users->getUserColour($userInfoReal));
}

$inManageMode = str_starts_with($_SERVER['REQUEST_URI'], '/manage');

Template::set('header_menu', $msz->getHeaderMenu($userInfo ?? null));
Template::set('user_menu', $msz->getUserMenu($userInfo ?? null, $inManageMode));
Template::set('display_timings_info', MSZ_DEBUG || $msz->getAuthInfo()->getPerms('global')->check(Perm::G_TIMINGS_VIEW));

if($inManageMode) {
    $hasManageAccess = false;

    if($msz->isLoggedIn() && !$msz->hasActiveBan()) {
        $manageUser = $msz->getActiveUser();
        $manageUserId = $manageUser->getId();
        $manageGlobalPerms = $msz->getAuthInfo()->getPerms('global');

        if($manageGlobalPerms->check(Perm::G_IS_JANITOR)) {
            $hasManageAccess = true;
            $manageMenu = [
                'General' => [
                    'Overview' => url('manage-general-overview'),
                ],
            ];

            if($manageGlobalPerms->check(Perm::G_LOGS_VIEW))
                $manageMenu['General']['Logs'] = url('manage-general-logs');
            if($manageGlobalPerms->check(Perm::G_EMOTES_MANAGE))
                $manageMenu['General']['Emoticons'] = url('manage-general-emoticons');
            if($manageGlobalPerms->check(Perm::G_CONFIG_MANAGE))
                $manageMenu['General']['Settings'] = url('manage-general-settings');

            $manageUserPerms = $msz->getAuthInfo()->getPerms('user');
            if($manageUserPerms->check(Perm::U_USERS_MANAGE))
                $manageMenu['Users & Roles']['Users'] = url('manage-users');
            if($manageUserPerms->check(Perm::U_ROLES_MANAGE))
                $manageMenu['Users & Roles']['Roles'] = url('manage-roles');
            if($manageUserPerms->check(Perm::U_NOTES_MANAGE))
                $manageMenu['Users & Roles']['Notes'] = url('manage-users-notes');
            if($manageUserPerms->check(Perm::U_WARNINGS_MANAGE))
                $manageMenu['Users & Roles']['Warnings'] = url('manage-users-warnings');
            if($manageUserPerms->check(Perm::U_BANS_MANAGE))
                $manageMenu['Users & Roles']['Bans'] = url('manage-users-bans');

            if($manageGlobalPerms->check(Perm::G_NEWS_POSTS_MANAGE))
                $manageMenu['News']['Posts'] = url('manage-news-posts');
            if($manageGlobalPerms->check(Perm::G_NEWS_CATEGORIES_MANAGE))
                $manageMenu['News']['Categories'] = url('manage-news-categories');

            if($manageGlobalPerms->check(Perm::G_FORUM_CATEGORIES_MANAGE))
                $manageMenu['Forum']['Permission Calculator'] = url('manage-forum-categories');
            if($manageGlobalPerms->check(Perm::G_FORUM_TOPIC_REDIRS_MANAGE))
                $manageMenu['Forum']['Topic Redirects'] = url('manage-forum-topic-redirs');

            if($manageGlobalPerms->check(Perm::G_CL_CHANGES_MANAGE))
                $manageMenu['Changelog']['Changes'] = url('manage-changelog-changes');
            if($manageGlobalPerms->check(Perm::G_CL_TAGS_MANAGE))
                $manageMenu['Changelog']['Tags'] = url('manage-changelog-tags');

            Template::set('manage_menu', $manageMenu);
        }
    }

    if(!$hasManageAccess)
        Template::throwError(403);
}

$mszRequestPath = $request->getPath();
$mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/';
$mszLegacyPath = realpath($mszLegacyPathPrefix . $mszRequestPath);

if(!empty($mszLegacyPath) && str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) {
    if(is_dir($mszLegacyPath))
        $mszLegacyPath .= '/index.php';

    if(is_file($mszLegacyPath)) {
        require_once $mszLegacyPath;
        return;
    }
}

$msz->setUpHttp();
$msz->dispatchHttp($request);