|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace App; |
|
4
|
|
|
|
|
5
|
|
|
use FFMVC\Helpers; |
|
6
|
|
|
|
|
7
|
|
|
/** |
|
8
|
|
|
* fat-free framework application |
|
9
|
|
|
* |
|
10
|
|
|
* @author Vijay Mahrra <[email protected]> |
|
11
|
|
|
* @copyright (c) Copyright 2013 Vijay Mahrra |
|
12
|
|
|
* @license GPLv3 (http://www.gnu.org/licenses/gpl-3.0.html) |
|
13
|
|
|
*/ |
|
14
|
|
|
class App |
|
15
|
|
|
{ |
|
16
|
|
|
/** |
|
17
|
|
|
* Application-wide dependencies are injected |
|
18
|
|
|
* |
|
19
|
|
|
* @param \Log $logger |
|
20
|
|
|
* @param \DB\SQL $db |
|
21
|
|
|
*/ |
|
22
|
|
|
public function __construct(\Log $logger, \DB\SQL $db) |
|
23
|
|
|
{ |
|
24
|
|
|
// single instances to registry |
|
25
|
|
|
\Registry::set('logger', $logger); |
|
26
|
|
|
\Registry::set('db', $db); |
|
27
|
|
|
} |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* The main application to run after environment is loaded |
|
31
|
|
|
*/ |
|
32
|
|
|
public function Main() |
|
33
|
|
|
{ |
|
34
|
|
|
$f3 = \Base::instance(); |
|
35
|
|
|
|
|
36
|
|
|
$hive = []; // storage for $f3->set calls into one big $f3->mset |
|
37
|
|
|
|
|
38
|
|
|
// is the url under /api ? |
|
39
|
|
|
$api = '/api' == substr($f3->get('PATH'), 0, 4); |
|
40
|
|
|
$hive['api'] = $api; |
|
41
|
|
|
|
|
42
|
|
|
$language = $f3->get('LANG'); |
|
43
|
|
|
|
|
44
|
|
|
// do not use sessions for api calls |
|
45
|
|
|
if ($f3->get('CLI') || $api) { |
|
46
|
|
|
if (session_status() !== PHP_SESSION_NONE) { |
|
47
|
|
|
session_write_close(); |
|
48
|
|
|
} |
|
49
|
|
|
} elseif (session_status() == PHP_SESSION_NONE) { |
|
50
|
|
|
session_start(); |
|
51
|
|
|
// this is an array so not in registry |
|
52
|
|
|
$hive['notifications'] = $f3->get('SESSION.notifications'); |
|
53
|
|
|
$hive['uuid'] = $f3->get('SESSION.uuid'); |
|
54
|
|
|
|
|
55
|
|
|
// initialise gettext |
|
56
|
|
|
// override language from request |
|
57
|
|
|
$language = $f3->get('REQUEST.language'); |
|
58
|
|
|
if (!empty($language)) { |
|
59
|
|
|
$hive['SESSION']['language'] = $language; |
|
60
|
|
|
} |
|
61
|
|
|
|
|
62
|
|
|
// get language from session if set |
|
63
|
|
|
if (empty($language)) { |
|
64
|
|
|
$language = $f3->get('SESSION.language'); |
|
65
|
|
|
} |
|
66
|
|
|
} |
|
67
|
|
|
|
|
68
|
|
|
// enable gettext if set |
|
69
|
|
|
if (!empty($f3->get('app.gettext'))) { |
|
70
|
|
|
// will now fall back to client browser language |
|
71
|
|
|
$language = empty($language) ? substr($f3->get('LANGUAGE'), 0, 2) : $language; |
|
72
|
|
|
// use LANG because f3 appends to LANGUAGE when setting |
|
73
|
|
|
$hive['LANG'] = $language; |
|
74
|
|
|
putenv('LANG=' . $language); |
|
75
|
|
|
setlocale(LC_ALL, $language); |
|
76
|
|
|
$domain = 'messages'; |
|
77
|
|
|
bindtextdomain($domain, $f3->get('HOMEDIR') . '/app/i18n'); |
|
78
|
|
|
bind_textdomain_codeset($domain, 'UTF-8'); |
|
79
|
|
|
textdomain($domain); |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
// load cli routes and finish |
|
83
|
|
|
if ($f3->get('CLI')) { |
|
84
|
|
|
$f3->mset($hive); |
|
85
|
|
|
$f3->route('GET /docs/@page', function ($f3, array $params) { |
|
86
|
|
|
$filename = '../docs/' . strtoupper($params['page']) . '.md'; |
|
87
|
|
|
if (!file_exists($filename)) { |
|
88
|
|
|
echo "Documentation Error!\n\nNo such document exists!\n"; |
|
89
|
|
|
return; |
|
90
|
|
|
} else { |
|
91
|
|
|
echo $f3->read($filename); |
|
92
|
|
|
} |
|
93
|
|
|
}); |
|
94
|
|
|
|
|
95
|
|
|
// @see http://fatfreeframework.com/routing-engine |
|
96
|
|
|
//load routes from ini file |
|
97
|
|
|
$f3->config('config/routes-cli.ini'); |
|
98
|
|
|
$f3->run(); |
|
99
|
|
|
return; |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
// web start |
|
103
|
|
|
|
|
104
|
|
|
// user feedback messages helper, inisialise so methods can be called statically |
|
105
|
|
|
$notifications = Helpers\Notifications::instance(); |
|
106
|
|
|
$notifications->init(); |
|
107
|
|
|
|
|
108
|
|
|
// Use https://github.com/filp/whoops if debug level is 4 |
|
109
|
|
|
$debug = $f3->get('DEBUG'); |
|
110
|
|
|
|
|
111
|
|
|
if (!$api && $debug == 4) { |
|
112
|
|
|
$whoops = new \Whoops\Run; |
|
113
|
|
|
$whoops->pushHandler(new \Whoops\Handler\PrettyPageHandler); |
|
114
|
|
|
$whoops->register(); |
|
115
|
|
|
} |
|
116
|
|
|
|
|
117
|
|
|
// custom error handler if debugging |
|
118
|
|
|
$f3->set('ONERROR', |
|
119
|
|
|
function () use ($f3) { |
|
120
|
|
|
$logger = \Registry::get('logger'); |
|
121
|
|
|
if (is_object($logger)) { |
|
122
|
|
|
$logger->write(print_r($f3->get('ERROR')), $f3->get('log.date')); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
// recursively clear existing output buffers: |
|
126
|
|
|
while (ob_get_level()) { |
|
127
|
|
|
ob_end_clean(); |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
$debug = $f3->get('DEBUG'); |
|
131
|
|
|
$api = !empty($f3->get('api')); |
|
132
|
|
|
$language = $f3->get('LANG'); |
|
133
|
|
|
$e = $f3->get('ERROR'); |
|
134
|
|
|
|
|
135
|
|
|
if (!$api && $e['code'] == '404') { |
|
136
|
|
|
$error_template = 'templates/' . $language . '/website/error/404.phtml'; |
|
137
|
|
|
if (!file_exists($error_template)) { |
|
138
|
|
|
$error_template = 'templates/en/website/error/404.phtml'; |
|
139
|
|
|
} |
|
140
|
|
|
include_once $error_template; |
|
141
|
|
|
} else { |
|
142
|
|
|
if (!$api) { |
|
143
|
|
|
$error_template = 'templates/' . $language . '/website/error/error.phtml'; |
|
144
|
|
|
if (!file_exists($error_template)) { |
|
145
|
|
|
$error_template = 'templates/en/website/error/error.phtml'; |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
$debug_template = 'templates/' . $language . '/website/error/error.phtml'; |
|
149
|
|
|
if (!file_exists($debug_template)) { |
|
150
|
|
|
$debug_template = 'templates/en/website/error/debug.phtml'; |
|
151
|
|
|
} |
|
152
|
|
|
|
|
153
|
|
|
include_once ('production' == $f3->get('app.env') && $debug < 1) ? $error_template |
|
154
|
|
|
: $debug_template; |
|
155
|
|
|
} else { |
|
156
|
|
|
$response = Helpers\Response::instance(); |
|
157
|
|
|
|
|
158
|
|
|
$data = [ |
|
159
|
|
|
'method' => $f3->get('VERB'), |
|
160
|
|
|
]; |
|
161
|
|
|
|
|
162
|
|
|
$data['error'] = [ |
|
163
|
|
|
'code' => substr($f3->snakecase(str_replace(' ', '', |
|
164
|
|
|
$e['status'])), 0), |
|
165
|
|
|
'description' => $e['code'] . ' ' . $e['text'], |
|
166
|
|
|
]; |
|
167
|
|
|
if ($debug > 2) { |
|
168
|
|
|
$data['error']['trace'] = $f3->trace(null, false); |
|
169
|
|
|
} |
|
170
|
|
|
$params = ['http_status' => $e['code']]; |
|
171
|
|
|
$response->json($data, $params); |
|
172
|
|
|
} |
|
173
|
|
|
} |
|
174
|
|
|
// http://php.net/manual/en/function.ob-end-flush.php |
|
175
|
|
|
while (@ob_end_flush()); |
|
176
|
|
|
}); |
|
177
|
|
|
|
|
178
|
|
|
// clean ALL incoming user input by default |
|
179
|
|
|
if (!empty($f3->get('security.cleaninput'))) { |
|
180
|
|
|
$request = []; |
|
181
|
|
|
$utf = \UTF::instance(); |
|
182
|
|
|
foreach (['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'COOKIE'] as $var) { |
|
183
|
|
|
$f3->copy($var, $var . '_UNCLEAN'); |
|
184
|
|
|
$input = $f3->get($var); |
|
185
|
|
|
if (is_array($input) && count($input)) { |
|
186
|
|
|
$cleaned = []; |
|
187
|
|
|
foreach ($input as $k => $v) { |
|
188
|
|
|
$cleaned[strtolower($utf->trim($f3->clean($k)))] = $f3->recursive($v, function ($v) use ($f3, $utf) { |
|
189
|
|
|
return $utf->trim($f3->clean($v)); |
|
190
|
|
|
}); |
|
191
|
|
|
} |
|
192
|
|
|
ksort($cleaned); |
|
193
|
|
|
$request = array_merge_recursive($request, $cleaned); |
|
194
|
|
|
$hive[$var] = $cleaned; |
|
195
|
|
|
} |
|
196
|
|
|
} |
|
197
|
|
|
unset($cleaned); |
|
198
|
|
|
|
|
199
|
|
|
// we don't want to include the session name in the request data |
|
200
|
|
|
$session_name = strtolower(session_name()); |
|
201
|
|
|
if (array_key_exists($session_name, $request)) { |
|
202
|
|
|
unset($request[$session_name]); |
|
203
|
|
|
} |
|
204
|
|
|
|
|
205
|
|
|
ksort($request); |
|
206
|
|
|
$f3->copy('REQUEST', 'REQUEST_UNCLEAN'); |
|
207
|
|
|
$hive['REQUEST'] = $request; |
|
208
|
|
|
unset($request); |
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
|
|
// get the access token and basic auth and set it in REQUEST.access_token |
|
212
|
|
|
$token = $f3->get('REQUEST.access_token'); |
|
213
|
|
|
foreach ($f3->get('SERVER') as $k => $header) { |
|
214
|
|
|
if (stristr($k, 'authorization') !== false) { |
|
215
|
|
|
if (preg_match('/Bearer\s+(?P<access_token>.+)$/i', $header, $matches)) { |
|
216
|
|
|
$token = $matches['access_token']; |
|
217
|
|
|
} elseif (preg_match('/Basic\s+(?P<data>.+)$/i', $header, $matches)) { |
|
218
|
|
|
$data = preg_split('/:/', base64_decode($matches['data'])); |
|
219
|
|
|
$hive = array_merge($hive, [ |
|
220
|
|
|
'SERVER.PHP_AUTH_USER' => $data[0], |
|
221
|
|
|
'SERVER.PHP_AUTH_PW' => $data[1], |
|
222
|
|
|
'REQUEST.PHP_AUTH_USER' => $data[0], |
|
223
|
|
|
'REQUEST.PHP_AUTH_PW' => $data[1], |
|
224
|
|
|
]); |
|
225
|
|
|
} |
|
226
|
|
|
} |
|
227
|
|
|
} |
|
228
|
|
|
if (!empty($token)) { |
|
229
|
|
|
$hive['REQUEST.access_token'] = $token; |
|
230
|
|
|
} |
|
231
|
|
|
|
|
232
|
|
|
// load /api/* routes and finish |
|
233
|
|
|
if (!empty($api)) { |
|
234
|
|
|
$f3->mset($hive); |
|
235
|
|
|
$f3->config('config/routes-api.ini'); |
|
236
|
|
|
$f3->run(); |
|
237
|
|
|
return; |
|
238
|
|
|
} |
|
239
|
|
|
|
|
240
|
|
|
// check csrf value if present, set input csrf to boolean true/false if matched session csrf |
|
241
|
|
|
if (!empty($f3->get('security.csrf'))) { |
|
242
|
|
|
$csrf = $f3->get('REQUEST.csrf'); |
|
243
|
|
|
if (!$api && !empty($csrf)) { |
|
244
|
|
|
$hive['csrf'] = $csrf == $f3->get('SESSION.csrf'); |
|
245
|
|
|
$hive['SESSION']['csrf'] = null; |
|
246
|
|
|
} |
|
247
|
|
|
} |
|
248
|
|
|
|
|
249
|
|
|
$f3->route('GET /docs/@page', function ($f3, array $params) { |
|
250
|
|
|
|
|
251
|
|
|
$filename = '../docs/' . strtoupper($params['page']) . '.md'; |
|
252
|
|
|
|
|
253
|
|
|
if (!file_exists($filename)) { |
|
254
|
|
|
$html = '<h1>Documentation Error</h1><p>No such document exists!</p>'; |
|
255
|
|
|
$f3->status(404); |
|
256
|
|
|
} else { |
|
257
|
|
|
$html = \Markdown::instance()->convert($f3->read($filename)); |
|
258
|
|
|
} |
|
259
|
|
|
|
|
260
|
|
|
$f3->set('html', $html); |
|
261
|
|
|
echo \View::instance()->render('/markdown-template.phtml'); |
|
262
|
|
|
|
|
263
|
|
|
}, $f3->get('ttl.doc')); |
|
264
|
|
|
|
|
265
|
|
|
// @see http://fatfreeframework.com/optimization |
|
266
|
|
|
$f3->route('GET /minify/@type', |
|
267
|
|
|
function ($f3) { |
|
268
|
|
|
$path = realpath(dirname(__FILE__) . '/../www/'); |
|
269
|
|
|
$files = str_replace('../', '', $f3->get('GET.files')); // close potential hacking attempts |
|
270
|
|
|
echo \Web::instance()->minify($files, null, true, $path); |
|
271
|
|
|
}, |
|
272
|
|
|
$f3->get('ttl.minify') |
|
273
|
|
|
); |
|
274
|
|
|
|
|
275
|
|
|
// mass-set $f3's hive |
|
276
|
|
|
$f3->mset($hive); |
|
277
|
|
|
|
|
278
|
|
|
// load language-based routes, default english |
|
279
|
|
|
$f3->config('config/routes-en.ini'); |
|
280
|
|
|
$file = 'config/routes-' . $language . '.ini'; |
|
281
|
|
|
if (file_exists($file)) { |
|
282
|
|
|
$f3->config($file); |
|
283
|
|
|
} |
|
284
|
|
|
|
|
285
|
|
|
// from here we add-in routes generated from the database (cms routes) |
|
286
|
|
|
$f3->run(); |
|
287
|
|
|
} |
|
288
|
|
|
} |
|
289
|
|
|
|
vijinho /
f3-boilerplate
