From 96e266b1fc52eabeb64fd144478b7dc1c08cf019 Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 14 Feb 2022 21:26:30 +0000 Subject: [PATCH] Moved profile check into Misuzu. --- public/index.php | 1 + src/Http/Handlers/SockChatHandler.php | 81 +++++++++++++++++++++++++++ src/Http/HttpRequestMessage.php | 3 + 3 files changed, 85 insertions(+) diff --git a/public/index.php b/public/index.php index 27f45b2f..59c49002 100644 --- a/public/index.php +++ b/public/index.php @@ -58,6 +58,7 @@ Router::addRoutes( Route::post('/bump', 'bump'), Route::post('/verify', 'verify'), Route::create(['GET', 'OPTIONS'], '/token', 'token'), + Route::create(['GET', 'OPTIONS'], '/profile-check', 'profileCheck'), Route::get('/bans', 'bans')->addChildren( Route::get('/check', 'checkBan'), Route::post('/create', 'createBan'), diff --git a/src/Http/Handlers/SockChatHandler.php b/src/Http/Handlers/SockChatHandler.php index b25eb3b7..00ef0552 100644 --- a/src/Http/Handlers/SockChatHandler.php +++ b/src/Http/Handlers/SockChatHandler.php @@ -430,4 +430,85 @@ final class SockChatHandler extends Handler { 'tkn' => $token->pack(), ]; } + + public function profileCheck(HttpResponse $response, HttpRequest $request) { + $host = $request->getHeaderLine('Host'); + $origin = $request->getHeaderLine('Origin'); + $originHost = strtolower(parse_url($origin, PHP_URL_HOST)); + + if(!empty($originHost) && $originHost !== $host) { + $whitelist = Config::get('sockChat.origins', Config::TYPE_ARR, []); + + if(!in_array($originHost, $whitelist)) + return 403; + + $originProto = strtolower(parse_url($origin, PHP_URL_SCHEME)); + $origin = $originProto . '://' . $originHost; + + $response->setHeader('Access-Control-Allow-Origin', $origin); + $response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET'); + $response->setHeader('Access-Control-Allow-Credentials', 'true'); + $response->setHeader('Vary', 'Origin'); + } + + if($request->getMethod() === 'OPTIONS') + return 204; + + $userId = (int)$request->getQueryParam('u', FILTER_SANITIZE_NUMBER_INT); + $extendedInfo = $request->hasQueryParam('e'); + + if($userId < 1) + $userInfo = User::getCurrent(); + else { + try { + $userInfo = User::byId($userId); + } catch(UserNotFoundException $ex) { + $response->setStatusCode(404); + return ['is_ok' => false]; + } + } + + try { + $hasIntro = (bool)DB::prepare('SELECT COUNT(*) > 0 FROM `msz_forum_topics` WHERE `forum_id` = 6 AND `user_id` = :user AND `topic_deleted` IS NULL') + ->bind('user', $userInfo->getId()) + ->fetchColumn(); + } catch(\PDOException $ex) { + $hasIntro = false; + } + + $isOld = $userInfo->getCreatedTime() < strtotime('1 year ago'); + $hasAvatar = $userInfo->hasAvatar(); + $hasAbout = $userInfo->hasProfileAbout(); + $hasLinks = !empty($userInfo->profileFields()); + $isOk = $isOld; + + if(!$isOk) { + $points = 0; + if($hasAvatar) + ++$points; + if($hasAbout) + ++$points; + if($hasLinks) + ++$points; + if($hasIntro) + ++$points; + $isOk = $points >= ($userInfo->getCreatedTime() < strtotime('1 month ago') ? 1 : 2); + } + + $res = [ + 'user_id' => $userInfo->getId(), + 'is_ok' => $isOk, + ]; + + if($extendedInfo) { + $res['username'] = $userInfo->getUsername(); + $res['is_old'] = $isOld; + $res['has_avatar'] = $hasAvatar; + $res['has_about'] = $hasAbout; + $res['has_links'] = $hasLinks; + $res['has_intro'] = $hasIntro; + } + + return $res; + } } diff --git a/src/Http/HttpRequestMessage.php b/src/Http/HttpRequestMessage.php index 763eef46..7ebd07df 100644 --- a/src/Http/HttpRequestMessage.php +++ b/src/Http/HttpRequestMessage.php @@ -137,6 +137,9 @@ class HttpRequestMessage extends HttpMessage { return null; return filter_var($this->query[$name], $filter, $options); } + public function hasQueryParam(string $name): bool { + return isset($this->query[$name]); + } public function getUploadedFiles() { return $this->files;