From 42fc65abbcee11e12cac004c2aaa6d77a9ff9a16 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Tue, 9 Jun 2020 19:09:59 +0000
Subject: [PATCH] Fixed private mode not working as expected with the router.

---
 misuzu.php                            | 41 ++++++++++++++++-----------
 src/Http/Handlers/AssetsHandler.php   |  1 +
 src/Http/Handlers/AuthHandler.php     |  5 ++++
 src/Http/Handlers/Handler.php         |  6 +++-
 src/Http/Handlers/SockChatHandler.php |  3 ++
 5 files changed, 38 insertions(+), 18 deletions(-)

diff --git a/misuzu.php b/misuzu.php
index 5c96f4cc..eb0aa957 100644
--- a/misuzu.php
+++ b/misuzu.php
@@ -228,31 +228,38 @@ if($authToken->isValid()) {
 CSRF::setGlobalSecretKey(Config::get('csrf.secret', Config::TYPE_STR, 'soup'));
 CSRF::setGlobalIdentity(UserSession::hasCurrent() ? UserSession::getCurrent()->getToken() : IPAddress::remote());
 
-if(Config::get('private.enabled', Config::TYPE_BOOL)) {
-    $onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');
-    $onPasswordPage = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) === url('auth-forgot');
-    $misuzuBypassLockdown = !empty($misuzuBypassLockdown) || $onLoginPage;
+function mszLockdown(): void {
+    global $misuzuBypassLockdown, $userDisplayInfo;
 
-    if(!$misuzuBypassLockdown) {
-        if(UserSession::hasCurrent()) {
-            $privatePermCat = Config::get('private.perm.cat', Config::TYPE_STR);
-            $privatePermVal = Config::get('private.perm.val', Config::TYPE_INT);
+    if(Config::get('private.enabled', Config::TYPE_BOOL)) {
+        $onLoginPage = $_SERVER['PHP_SELF'] === url('auth-login');
+        $onPasswordPage = parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) === url('auth-forgot');
+        $misuzuBypassLockdown = !empty($misuzuBypassLockdown) || $onLoginPage;
 
-            if(!empty($privatePermCat) && $privatePermVal > 0) {
-                if(!perms_check_user($privatePermCat, User::getCurrent()->getId(), $privatePermVal)) {
-                    // au revoir
-                    unset($userDisplayInfo);
-                    UserSession::unsetCurrent();
-                    User::unsetCurrent();
+        if(!$misuzuBypassLockdown) {
+            if(UserSession::hasCurrent()) {
+                $privatePermCat = Config::get('private.perm.cat', Config::TYPE_STR);
+                $privatePermVal = Config::get('private.perm.val', Config::TYPE_INT);
+
+                if(!empty($privatePermCat) && $privatePermVal > 0) {
+                    if(!perms_check_user($privatePermCat, User::getCurrent()->getId(), $privatePermVal)) {
+                        // au revoir
+                        unset($userDisplayInfo);
+                        UserSession::unsetCurrent();
+                        User::unsetCurrent();
+                    }
                 }
+            } elseif(!$onLoginPage && !($onPasswordPage && Config::get('private.allow_password_reset', Config::TYPE_BOOL, true))) {
+                url_redirect('auth-login');
+                exit;
             }
-        } elseif(!$onLoginPage && !($onPasswordPage && Config::get('private.allow_password_reset', Config::TYPE_BOOL, true))) {
-            url_redirect('auth-login');
-            exit;
         }
     }
 }
 
+if(parse_url($_SERVER['PHP_SELF'], PHP_URL_PATH) !== '/index.php')
+    mszLockdown();
+
 // delete these
 if(!empty($userDisplayInfo))
     Template::set('current_user', $userDisplayInfo);
diff --git a/src/Http/Handlers/AssetsHandler.php b/src/Http/Handlers/AssetsHandler.php
index 8baa9f52..6da971a5 100644
--- a/src/Http/Handlers/AssetsHandler.php
+++ b/src/Http/Handlers/AssetsHandler.php
@@ -24,6 +24,7 @@ final class AssetsHandler extends Handler {
 
     public function __construct() {
         $GLOBALS['misuzuBypassLockdown'] = true;
+        parent::__construct();
     }
 
     private static function recurse(string $dir): string {
diff --git a/src/Http/Handlers/AuthHandler.php b/src/Http/Handlers/AuthHandler.php
index 4de2fe9a..4433dbd0 100644
--- a/src/Http/Handlers/AuthHandler.php
+++ b/src/Http/Handlers/AuthHandler.php
@@ -5,6 +5,11 @@ use HttpResponse;
 use HttpRequest;
 
 final class AuthHandler extends Handler {
+    public function __construct() {
+        $GLOBALS['misuzuBypassLockdown'] = true;
+        parent::__construct();
+    }
+
     public static function legacy(HttpResponse $response, HttpRequest $request): void {
         $mode = $request->getQueryParam('m', FILTER_SANITIZE_STRING);
         $destination = [
diff --git a/src/Http/Handlers/Handler.php b/src/Http/Handlers/Handler.php
index 96686fb3..faff757d 100644
--- a/src/Http/Handlers/Handler.php
+++ b/src/Http/Handlers/Handler.php
@@ -1,4 +1,8 @@
 <?php
 namespace Misuzu\Http\Handlers;
 
-abstract class Handler {}
+abstract class Handler {
+    public function __construct() {
+        \Misuzu\mszLockdown();
+    }
+}
diff --git a/src/Http/Handlers/SockChatHandler.php b/src/Http/Handlers/SockChatHandler.php
index 13dfca3b..39162056 100644
--- a/src/Http/Handlers/SockChatHandler.php
+++ b/src/Http/Handlers/SockChatHandler.php
@@ -52,6 +52,9 @@ final class SockChatHandler extends Handler {
 
         if(is_file($hashKeyPath))
             $this->hashKey = file_get_contents($hashKeyPath);
+
+        $GLOBALS['misuzuBypassLockdown'] = true;
+        parent::__construct();
     }
 
     public function phpFile(HttpResponse $response, HttpRequest $request) {