mirror/php-rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2025-01-17 06:08:27 +01:00
Code Issues Releases Wiki Activity

refactor: implement middleware chain (#4240)

Browse Source 
* refactor: implement middleware chain

* refactor
This commit is contained in:
Dag 2024-08-30 00:07:58 +02:00 committed by GitHub
parent e7ae06dcf0
commit 39952c2d95
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 128 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
lib/RssBridge.php
View File

@ -12,63 +12,6 @@ final class RssBridge
public function main(Request $request): Response public function main(Request $request): Response
{ {
foreach ($request->toArray() as $key => $value) {
if (!is_string($value)) {
return new Response(render(__DIR__ . '/../templates/error.html.php', [
'message' => "Query parameter \"$key\" is not a string.",
]), 400);
}
}
if (Configuration::getConfig('system', 'enable_maintenance_mode')) {
return new Response(render(__DIR__ . '/../templates/error.html.php', [
'title' => '503 Service Unavailable',
'message' => 'RSS-Bridge is down for maintenance.',
]), 503);
}
// HTTP Basic auth check
if (Configuration::getConfig('authentication', 'enable')) {
if (Configuration::getConfig('authentication', 'password') === '') {
return new Response('The authentication password cannot be the empty string', 500);
}
$user = $request->server('PHP_AUTH_USER');
$password = $request->server('PHP_AUTH_PW');
if ($user === null || $password === null) {
$html = render(__DIR__ . '/../templates/error.html.php', [
'message' => 'Please authenticate in order to access this instance!',
]);
return new Response($html, 401, ['WWW-Authenticate' => 'Basic realm="RSS-Bridge"']);
}
if (
(Configuration::getConfig('authentication', 'username') !== $user)
|| (! hash_equals(Configuration::getConfig('authentication', 'password'), $password))
) {
$html = render(__DIR__ . '/../templates/error.html.php', [
'message' => 'Please authenticate in order to access this instance!',
]);
return new Response($html, 401, ['WWW-Authenticate' => 'Basic realm="RSS-Bridge"']);
}
// At this point the username and password was correct
}
// Add token as attribute to request
$request = $request->withAttribute('token', $request->get('token'));
// Token authentication check
if (Configuration::getConfig('authentication', 'token')) {
if (! $request->attribute('token')) {
return new Response(render(__DIR__ . '/../templates/token.html.php', [
'message' => '',
]), 401);
}
if (! hash_equals(Configuration::getConfig('authentication', 'token'), $request->attribute('token'))) {
return new Response(render(__DIR__ . '/../templates/token.html.php', [
'message' => 'Invalid token',
]), 401);
}
}
$action = $request->get('action', 'Frontpage'); $action = $request->get('action', 'Frontpage');
$actionName = strtolower($action) . 'Action'; $actionName = strtolower($action) . 'Action';
$actionName = implode(array_map('ucfirst', explode('-', $actionName))); $actionName = implode(array_map('ucfirst', explode('-', $actionName)));
@ -77,11 +20,21 @@ final class RssBridge
return new Response(render(__DIR__ . '/../templates/error.html.php', ['message' => 'Invalid action']), 400); return new Response(render(__DIR__ . '/../templates/error.html.php', ['message' => 'Invalid action']), 400);
} }
$controller = self::$container[$actionName]; $handler = self::$container[$actionName];
$response = $controller($request); $middlewares = [
new SecurityMiddleware(),
return $response; new MaintenanceMiddleware(),
new BasicAuthMiddleware(),
new TokenAuthenticationMiddleware(),
];
$action = function ($req) use ($handler) {
return $handler($req);
};
foreach (array_reverse($middlewares) as $middleware) {
$action = fn ($req) => $middleware($req, $action);
}
return $action($request);
} }
public static function getLogger(): Logger public static function getLogger(): Logger

1
lib/bootstrap.php
View File

@ -37,6 +37,7 @@ spl_autoload_register(function ($className) {
__DIR__ . '/../caches/', __DIR__ . '/../caches/',
__DIR__ . '/../formats/', __DIR__ . '/../formats/',
__DIR__ . '/../lib/', __DIR__ . '/../lib/',
__DIR__ . '/../middlewares/',
]; ];
foreach ($folders as $folder) { foreach ($folders as $folder) {
$file = $folder . $className . '.php'; $file = $folder . $className . '.php';

38
middlewares/BasicAuthMiddleware.php Normal file
View File

@ -0,0 +1,38 @@
<?php
declare(strict_types=1);
/**
* HTTP Basic auth check
*/
class BasicAuthMiddleware implements Middleware
{
public function __invoke(Request $request, $next): Response
{
if (!Configuration::getConfig('authentication', 'enable')) {
return $next($request);
}
if (Configuration::getConfig('authentication', 'password') === '') {
return new Response('The authentication password cannot be the empty string', 500);
}
$user = $request->server('PHP_AUTH_USER');
$password = $request->server('PHP_AUTH_PW');
if ($user === null || $password === null) {
$html = render(__DIR__ . '/../templates/error.html.php', [
'message' => 'Please authenticate in order to access this instance!',
]);
return new Response($html, 401, ['WWW-Authenticate' => 'Basic realm="RSS-Bridge"']);
}
if (
(Configuration::getConfig('authentication', 'username') !== $user)
|| (!hash_equals(Configuration::getConfig('authentication', 'password'), $password))
) {
$html = render(__DIR__ . '/../templates/error.html.php', [
'message' => 'Please authenticate in order to access this instance!',
]);
return new Response($html, 401, ['WWW-Authenticate' => 'Basic realm="RSS-Bridge"']);
}
return $next($request);
}
}

17
middlewares/MaintenanceMiddleware.php Normal file
View File

@ -0,0 +1,17 @@
<?php
declare(strict_types=1);
class MaintenanceMiddleware implements Middleware
{
public function __invoke(Request $request, $next): Response
{
if (!Configuration::getConfig('system', 'enable_maintenance_mode')) {
return $next($request);
}
return new Response(render(__DIR__ . '/../templates/error.html.php', [
'title' => '503 Service Unavailable',
'message' => 'RSS-Bridge is down for maintenance.',
]), 503);
}
}

8
middlewares/Middleware.php Normal file
View File

@ -0,0 +1,8 @@
<?php
declare(strict_types=1);
interface Middleware
{
public function __invoke(Request $request, $next): Response;
}

21
middlewares/SecurityMiddleware.php Normal file
View File

@ -0,0 +1,21 @@
<?php
declare(strict_types=1);
/**
* Make sure that only strings are allowed in GET parameters
*/
class SecurityMiddleware implements Middleware
{
public function __invoke(Request $request, $next): Response
{
foreach ($request->toArray() as $key => $value) {
if (!is_string($value)) {
return new Response(render(__DIR__ . '/../templates/error.html.php', [
'message' => "Query parameter \"$key\" is not a string.",
]), 400);
}
}
return $next($request);
}
}

29
middlewares/TokenAuthenticationMiddleware.php Normal file
View File

@ -0,0 +1,29 @@
<?php
declare(strict_types=1);
class TokenAuthenticationMiddleware implements Middleware
{
public function __invoke(Request $request, $next): Response
{
if (! Configuration::getConfig('authentication', 'token')) {
return $next($request);
}
// Always add token to request attribute
$request = $request->withAttribute('token', $request->get('token'));
if (! $request->attribute('token')) {
return new Response(render(__DIR__ . '/../templates/token.html.php', [
'message' => 'Missing token',
]), 401);
}
if (! hash_equals(Configuration::getConfig('authentication', 'token'), $request->attribute('token'))) {
return new Response(render(__DIR__ . '/../templates/token.html.php', [
'message' => 'Invalid token',
]), 401);
}
return $next($request);
}
}