flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed private mode not working as expected with the router.

Browse source
This commit is contained in:
flash 2020-06-09 19:09:59 +00:00
parent fa80803dd2
commit 42fc65abbc
5 changed files with 38 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
misuzu.php
View file

@ -228,31 +228,38 @@ if($authToken->isValid()) {
CSRF::setGlobalSecretKey(Config::get('csrf.secret', Config::TYPE_STR, 'soup'));
CSRF::setGlobalIdentity(UserSession::hasCurrent() ? UserSession::getCurrent()->getToken() : IPAddress::remote());
if(Config::get('private.enabled', Config::TYPE_BOOL)) {
$onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');
$onPasswordPage = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) === url('auth-forgot');
$misuzuBypassLockdown = !empty($misuzuBypassLockdown) || $onLoginPage;
function mszLockdown(): void {
global $misuzuBypassLockdown, $userDisplayInfo;
if(!$misuzuBypassLockdown) {
if(UserSession::hasCurrent()) {
$privatePermCat = Config::get('private.perm.cat', Config::TYPE_STR);
$privatePermVal = Config::get('private.perm.val', Config::TYPE_INT);
if(Config::get('private.enabled', Config::TYPE_BOOL)) {
$onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');
$onPasswordPage = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) === url('auth-forgot');
$misuzuBypassLockdown = !empty($misuzuBypassLockdown) || $onLoginPage;
if(!empty($privatePermCat) && $privatePermVal > 0) {
if(!perms_check_user($privatePermCat, User::getCurrent()->getId(), $privatePermVal)) {
// au revoir
unset($userDisplayInfo);
UserSession::unsetCurrent();
User::unsetCurrent();
if(!$misuzuBypassLockdown) {
if(UserSession::hasCurrent()) {
$privatePermCat = Config::get('private.perm.cat', Config::TYPE_STR);
$privatePermVal = Config::get('private.perm.val', Config::TYPE_INT);
if(!empty($privatePermCat) && $privatePermVal > 0) {
if(!perms_check_user($privatePermCat, User::getCurrent()->getId(), $privatePermVal)) {
// au revoir
unset($userDisplayInfo);
UserSession::unsetCurrent();
User::unsetCurrent();
}
}
} elseif(!$onLoginPage && !($onPasswordPage && Config::get('private.allow_password_reset', Config::TYPE_BOOL, true))) {
url_redirect('auth-login');
exit;
}
} elseif(!$onLoginPage && !($onPasswordPage && Config::get('private.allow_password_reset', Config::TYPE_BOOL, true))) {
url_redirect('auth-login');
exit;
}
}
}
if(parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) !== '/index.php')
mszLockdown();
// delete these
if(!empty($userDisplayInfo))
Template::set('current_user', $userDisplayInfo);

1
src/Http/Handlers/AssetsHandler.php
View file

@ -24,6 +24,7 @@ final class AssetsHandler extends Handler {
public function __construct() {
$GLOBALS['misuzuBypassLockdown'] = true;
parent::__construct();
}
private static function recurse(string $dir): string {

5
src/Http/Handlers/AuthHandler.php
View file

@ -5,6 +5,11 @@ use HttpResponse;
use HttpRequest;
final class AuthHandler extends Handler {
public function __construct() {
$GLOBALS['misuzuBypassLockdown'] = true;
parent::__construct();
}
public static function legacy(HttpResponse $response, HttpRequest $request): void {
$mode = $request->getQueryParam('m', FILTER_SANITIZE_STRING);
$destination = [

6
src/Http/Handlers/Handler.php
View file

@ -1,4 +1,8 @@
<?php
namespace Misuzu\Http\Handlers;
abstract class Handler {}
abstract class Handler {
public function __construct() {
\Misuzu\mszLockdown();
}
}

3
src/Http/Handlers/SockChatHandler.php
View file

@ -52,6 +52,9 @@ final class SockChatHandler extends Handler {
if(is_file($hashKeyPath))
$this->hashKey = file_get_contents($hashKeyPath);
$GLOBALS['misuzuBypassLockdown'] = true;
parent::__construct();
}
public function phpFile(HttpResponse $response, HttpRequest $request) {