flashii/misuzu
flashii/misuzu
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removed getter/setter methods in favour of property hooks and asymmetric visibility.

Browse source
This commit is contained in:
flash 2024-11-30 04:09:29 +00:00
parent 2cb2918533
commit d103477fe1
149 changed files with 2169 additions and 3565 deletions
public
index.php

35
public/index.php
View file

@ -38,7 +38,7 @@ if(file_exists(MSZ_ROOT . '/.migrating')) {
exit;
}
$tokenPacker = $msz->getAuthContext()->createAuthTokenPacker();
$tokenPacker = $msz->authCtx->createAuthTokenPacker();
if(filter_has_var(INPUT_COOKIE, 'msz_auth'))
$tokenInfo = $tokenPacker->unpack(filter_input(INPUT_COOKIE, 'msz_auth'));
@ -55,32 +55,30 @@ $userInfo = null;
$sessionInfo = null;
$userInfoReal = null;
if($tokenInfo->hasUserId() && $tokenInfo->hasSessionToken()) {
$users = $msz->getUsersContext()->getUsers();
$sessions = $msz->getAuthContext()->getSessions();
if($tokenInfo->hasUserId && $tokenInfo->hasSessionToken) {
$tokenBuilder = new AuthTokenBuilder($tokenInfo);
try {
$sessionInfo = $sessions->getSession(sessionToken: $tokenInfo->getSessionToken());
$sessionInfo = $msz->authCtx->sessions->getSession(sessionToken: $tokenInfo->sessionToken);
if($sessionInfo->hasExpired()) {
if($sessionInfo->expired) {
$tokenBuilder->removeUserId();
$tokenBuilder->removeSessionToken();
} elseif($sessionInfo->getUserId() === $tokenInfo->getUserId()) {
$userInfo = $users->getUser($tokenInfo->getUserId(), 'id');
} elseif($sessionInfo->userId === $tokenInfo->userId) {
$userInfo = $msz->usersCtx->users->getUser($tokenInfo->userId, 'id');
if($userInfo->isDeleted()) {
if($userInfo->deleted) {
$tokenBuilder->removeUserId();
$tokenBuilder->removeSessionToken();
} else {
$users->recordUserActivity($userInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
$sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
if($sessionInfo->shouldBumpExpires())
$msz->usersCtx->users->recordUserActivity($userInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
$msz->authCtx->sessions->recordSessionActivity(sessionInfo: $sessionInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
if($sessionInfo->shouldBumpExpires)
$tokenBuilder->setEdited();
if($tokenInfo->hasImpersonatedUserId()) {
$allowToImpersonate = $userInfo->isSuperUser();
$impersonatedUserId = $tokenInfo->getImpersonatedUserId();
if($tokenInfo->hasImpersonatedUserId) {
$allowToImpersonate = $userInfo->super;
$impersonatedUserId = $tokenInfo->impersonatedUserId;
if(!$allowToImpersonate) {
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->getId()));
@ -91,7 +89,7 @@ if($tokenInfo->hasUserId() && $tokenInfo->hasSessionToken()) {
$userInfoReal = $userInfo;
try {
$userInfo = $users->getUser($impersonatedUserId, 'id');
$userInfo = $msz->usersCtx->users->getUser($impersonatedUserId, 'id');
} catch(RuntimeException $ex) {
$userInfo = $userInfoReal;
$userInfoReal = null;
@ -116,12 +114,11 @@ if($tokenInfo->hasUserId() && $tokenInfo->hasSessionToken()) {
}
}
$authInfo = $msz->getAuthInfo();
$authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
$msz->authInfo->setInfo($tokenInfo, $userInfo, $sessionInfo, $userInfoReal);
CSRF::init(
$cfg->getString('csrf.secret', 'soup'),
($authInfo->isLoggedIn() ? $sessionInfo->getToken() : $_SERVER['REMOTE_ADDR'])
($msz->authInfo->isLoggedIn ? $sessionInfo->token : $_SERVER['REMOTE_ADDR'])
);
// order for these two currently matters i think: it shouldn't.