Move PHP and config init to dedicated file
in order to keep index.php as minimal as possible
This commit is contained in:
parent
a8c11451e8
commit
fabff3835d
4 changed files with 122 additions and 140 deletions
|
@ -158,10 +158,6 @@ class PageBuilder
|
||||||
*/
|
*/
|
||||||
protected function finalize(): void
|
protected function finalize(): void
|
||||||
{
|
{
|
||||||
//FIXME - DEV _ REMOVE ME
|
|
||||||
$this->assign('base_path', '/Shaarli');
|
|
||||||
$this->assign('asset_path', '/Shaarli/tpl/default');
|
|
||||||
|
|
||||||
// TODO: use the SessionManager
|
// TODO: use the SessionManager
|
||||||
$messageKeys = [
|
$messageKeys = [
|
||||||
SessionManager::KEY_SUCCESS_MESSAGES,
|
SessionManager::KEY_SUCCESS_MESSAGES,
|
||||||
|
@ -248,20 +244,4 @@ class PageBuilder
|
||||||
|
|
||||||
return $this->tpl->draw($page, true);
|
return $this->tpl->draw($page, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Render a 404 page (uses the template : tpl/404.tpl)
|
|
||||||
* usage: $PAGE->render404('The link was deleted')
|
|
||||||
*
|
|
||||||
* @param string $message A message to display what is not found
|
|
||||||
*/
|
|
||||||
public function render404($message = '')
|
|
||||||
{
|
|
||||||
if (empty($message)) {
|
|
||||||
$message = t('The page you are trying to reach does not exist or has been deleted.');
|
|
||||||
}
|
|
||||||
header($_SERVER['SERVER_PROTOCOL'] . ' ' . t('404 Not Found'));
|
|
||||||
$this->tpl->assign('error_message', $message);
|
|
||||||
$this->renderPage('404');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,6 +48,20 @@ class SessionManager
|
||||||
$this->savePath = $savePath;
|
$this->savePath = $savePath;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Initialize XSRF token and links per page session variables.
|
||||||
|
*/
|
||||||
|
public function initialize(): void
|
||||||
|
{
|
||||||
|
if (!isset($this->session['tokens'])) {
|
||||||
|
$this->session['tokens'] = [];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!isset($this->session['LINKS_PER_PAGE'])) {
|
||||||
|
$this->session['LINKS_PER_PAGE'] = $this->conf->get('general.links_per_page', 20);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Define whether the user should stay signed in across browser sessions
|
* Define whether the user should stay signed in across browser sessions
|
||||||
*
|
*
|
||||||
|
|
143
index.php
143
index.php
|
@ -12,41 +12,6 @@
|
||||||
* Licence: http://www.opensource.org/licenses/zlib-license.php
|
* Licence: http://www.opensource.org/licenses/zlib-license.php
|
||||||
*/
|
*/
|
||||||
|
|
||||||
// Set 'UTC' as the default timezone if it is not defined in php.ini
|
|
||||||
// See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
|
|
||||||
if (date_default_timezone_get() == '') {
|
|
||||||
date_default_timezone_set('UTC');
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* PHP configuration
|
|
||||||
*/
|
|
||||||
|
|
||||||
// http://server.com/x/shaarli --> /shaarli/
|
|
||||||
define('WEB_PATH', substr($_SERVER['REQUEST_URI'], 0, 1+strrpos($_SERVER['REQUEST_URI'], '/', 0)));
|
|
||||||
|
|
||||||
// High execution time in case of problematic imports/exports.
|
|
||||||
ini_set('max_input_time', '60');
|
|
||||||
|
|
||||||
// Try to set max upload file size and read
|
|
||||||
ini_set('memory_limit', '128M');
|
|
||||||
ini_set('post_max_size', '16M');
|
|
||||||
ini_set('upload_max_filesize', '16M');
|
|
||||||
|
|
||||||
// See all error except warnings
|
|
||||||
error_reporting(E_ALL^E_WARNING);
|
|
||||||
|
|
||||||
// 3rd-party libraries
|
|
||||||
if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
|
|
||||||
header('Content-Type: text/plain; charset=utf-8');
|
|
||||||
echo "Error: missing Composer configuration\n\n"
|
|
||||||
."If you installed Shaarli through Git or using the development branch,\n"
|
|
||||||
."please refer to the installation documentation to install PHP"
|
|
||||||
." dependencies using Composer:\n"
|
|
||||||
."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n"
|
|
||||||
."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
require_once 'inc/rain.tpl.class.php';
|
require_once 'inc/rain.tpl.class.php';
|
||||||
require_once __DIR__ . '/vendor/autoload.php';
|
require_once __DIR__ . '/vendor/autoload.php';
|
||||||
|
|
||||||
|
@ -55,12 +20,11 @@ require_once 'application/bookmark/LinkUtils.php';
|
||||||
require_once 'application/config/ConfigPlugin.php';
|
require_once 'application/config/ConfigPlugin.php';
|
||||||
require_once 'application/http/HttpUtils.php';
|
require_once 'application/http/HttpUtils.php';
|
||||||
require_once 'application/http/UrlUtils.php';
|
require_once 'application/http/UrlUtils.php';
|
||||||
require_once 'application/updater/UpdaterUtils.php';
|
|
||||||
require_once 'application/FileUtils.php';
|
|
||||||
require_once 'application/TimeZone.php';
|
require_once 'application/TimeZone.php';
|
||||||
require_once 'application/Utils.php';
|
require_once 'application/Utils.php';
|
||||||
|
|
||||||
use Shaarli\ApplicationUtils;
|
require_once __DIR__ . '/init.php';
|
||||||
|
|
||||||
use Shaarli\Config\ConfigManager;
|
use Shaarli\Config\ConfigManager;
|
||||||
use Shaarli\Container\ContainerBuilder;
|
use Shaarli\Container\ContainerBuilder;
|
||||||
use Shaarli\Languages;
|
use Shaarli\Languages;
|
||||||
|
@ -70,45 +34,6 @@ use Shaarli\Security\LoginManager;
|
||||||
use Shaarli\Security\SessionManager;
|
use Shaarli\Security\SessionManager;
|
||||||
use Slim\App;
|
use Slim\App;
|
||||||
|
|
||||||
// Ensure the PHP version is supported
|
|
||||||
try {
|
|
||||||
ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION);
|
|
||||||
} catch (Exception $exc) {
|
|
||||||
header('Content-Type: text/plain; charset=utf-8');
|
|
||||||
echo $exc->getMessage();
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
|
|
||||||
|
|
||||||
// Force cookie path (but do not change lifetime)
|
|
||||||
$cookie = session_get_cookie_params();
|
|
||||||
$cookiedir = '';
|
|
||||||
if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
|
|
||||||
$cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
|
|
||||||
}
|
|
||||||
// Set default cookie expiration and path.
|
|
||||||
session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
|
|
||||||
// Set session parameters on server side.
|
|
||||||
// Use cookies to store session.
|
|
||||||
ini_set('session.use_cookies', 1);
|
|
||||||
// Force cookies for session (phpsessionID forbidden in URL).
|
|
||||||
ini_set('session.use_only_cookies', 1);
|
|
||||||
// Prevent PHP form using sessionID in URL if cookies are disabled.
|
|
||||||
ini_set('session.use_trans_sid', false);
|
|
||||||
|
|
||||||
session_name('shaarli');
|
|
||||||
// Start session if needed (Some server auto-start sessions).
|
|
||||||
if (session_status() == PHP_SESSION_NONE) {
|
|
||||||
session_start();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Regenerate session ID if invalid or not defined in cookie.
|
|
||||||
if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
|
|
||||||
session_regenerate_id(true);
|
|
||||||
$_COOKIE['shaarli'] = session_id();
|
|
||||||
}
|
|
||||||
|
|
||||||
$conf = new ConfigManager();
|
$conf = new ConfigManager();
|
||||||
|
|
||||||
// In dev mode, throw exception on any warning
|
// In dev mode, throw exception on any warning
|
||||||
|
@ -122,15 +47,10 @@ if ($conf->get('dev.debug', false)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$sessionManager = new SessionManager($_SESSION, $conf, session_save_path());
|
$sessionManager = new SessionManager($_SESSION, $conf, session_save_path());
|
||||||
|
$sessionManager->initialize();
|
||||||
$cookieManager = new CookieManager($_COOKIE);
|
$cookieManager = new CookieManager($_COOKIE);
|
||||||
$loginManager = new LoginManager($conf, $sessionManager, $cookieManager);
|
$loginManager = new LoginManager($conf, $sessionManager, $cookieManager);
|
||||||
$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']);
|
$loginManager->generateStaySignedInToken($_SERVER['REMOTE_ADDR']);
|
||||||
$clientIpId = client_ip_id($_SERVER);
|
|
||||||
|
|
||||||
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
|
|
||||||
if (! defined('LC_MESSAGES')) {
|
|
||||||
define('LC_MESSAGES', LC_COLLATE);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Sniff browser language and set date format accordingly.
|
// Sniff browser language and set date format accordingly.
|
||||||
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
|
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
|
||||||
|
@ -141,6 +61,7 @@ new Languages(setlocale(LC_MESSAGES, 0), $conf);
|
||||||
|
|
||||||
$conf->setEmpty('general.timezone', date_default_timezone_get());
|
$conf->setEmpty('general.timezone', date_default_timezone_get());
|
||||||
$conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER)));
|
$conf->setEmpty('general.title', t('Shared bookmarks on '). escape(index_url($_SERVER)));
|
||||||
|
|
||||||
RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
|
RainTPL::$tpl_dir = $conf->get('resource.raintpl_tpl').'/'.$conf->get('resource.theme').'/'; // template directory
|
||||||
RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
|
RainTPL::$cache_dir = $conf->get('resource.raintpl_tmp'); // cache directory
|
||||||
|
|
||||||
|
@ -149,48 +70,13 @@ $pluginManager->load($conf->get('general.enabled_plugins'));
|
||||||
|
|
||||||
date_default_timezone_set($conf->get('general.timezone', 'UTC'));
|
date_default_timezone_set($conf->get('general.timezone', 'UTC'));
|
||||||
|
|
||||||
ob_start(); // Output buffering for the page cache.
|
$loginManager->checkLoginState(client_ip_id($_SERVER));
|
||||||
|
|
||||||
// Prevent caching on client side or proxy: (yes, it's ugly)
|
|
||||||
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
|
||||||
header("Cache-Control: no-store, no-cache, must-revalidate");
|
|
||||||
header("Cache-Control: post-check=0, pre-check=0", false);
|
|
||||||
header("Pragma: no-cache");
|
|
||||||
|
|
||||||
$loginManager->checkLoginState($clientIpId);
|
|
||||||
|
|
||||||
// ------------------------------------------------------------------------------------------
|
|
||||||
// Token management for XSRF protection
|
|
||||||
// Token should be used in any form which acts on data (create,update,delete,import...).
|
|
||||||
if (!isset($_SESSION['tokens'])) {
|
|
||||||
$_SESSION['tokens']=array(); // Token are attached to the session.
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!isset($_SESSION['LINKS_PER_PAGE'])) {
|
|
||||||
$_SESSION['LINKS_PER_PAGE'] = $conf->get('general.links_per_page', 20);
|
|
||||||
}
|
|
||||||
|
|
||||||
$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager);
|
$containerBuilder = new ContainerBuilder($conf, $sessionManager, $cookieManager, $loginManager);
|
||||||
$container = $containerBuilder->build();
|
$container = $containerBuilder->build();
|
||||||
$app = new App($container);
|
$app = new App($container);
|
||||||
|
|
||||||
// REST API routes
|
// Main Shaarli routes
|
||||||
$app->group('/api/v1', function () {
|
|
||||||
$this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo');
|
|
||||||
$this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks');
|
|
||||||
$this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink');
|
|
||||||
$this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink');
|
|
||||||
$this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink');
|
|
||||||
$this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink');
|
|
||||||
|
|
||||||
$this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags');
|
|
||||||
$this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag');
|
|
||||||
$this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag');
|
|
||||||
$this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag');
|
|
||||||
|
|
||||||
$this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory');
|
|
||||||
})->add('\Shaarli\Api\ApiMiddleware');
|
|
||||||
|
|
||||||
$app->group('', function () {
|
$app->group('', function () {
|
||||||
$this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall');
|
$this->get('/install', '\Shaarli\Front\Controller\Visitor\InstallController:index')->setName('displayInstall');
|
||||||
$this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest');
|
$this->get('/install/session-test', '\Shaarli\Front\Controller\Visitor\InstallController:sessionTest');
|
||||||
|
@ -247,6 +133,23 @@ $app->group('', function () {
|
||||||
$this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly');
|
$this->get('/untagged-only', '\Shaarli\Front\Controller\Admin\SessionFilterController:untaggedOnly');
|
||||||
})->add('\Shaarli\Front\ShaarliMiddleware');
|
})->add('\Shaarli\Front\ShaarliMiddleware');
|
||||||
|
|
||||||
|
// REST API routes
|
||||||
|
$app->group('/api/v1', function () {
|
||||||
|
$this->get('/info', '\Shaarli\Api\Controllers\Info:getInfo')->setName('getInfo');
|
||||||
|
$this->get('/links', '\Shaarli\Api\Controllers\Links:getLinks')->setName('getLinks');
|
||||||
|
$this->get('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:getLink')->setName('getLink');
|
||||||
|
$this->post('/links', '\Shaarli\Api\Controllers\Links:postLink')->setName('postLink');
|
||||||
|
$this->put('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:putLink')->setName('putLink');
|
||||||
|
$this->delete('/links/{id:[\d]+}', '\Shaarli\Api\Controllers\Links:deleteLink')->setName('deleteLink');
|
||||||
|
|
||||||
|
$this->get('/tags', '\Shaarli\Api\Controllers\Tags:getTags')->setName('getTags');
|
||||||
|
$this->get('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:getTag')->setName('getTag');
|
||||||
|
$this->put('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:putTag')->setName('putTag');
|
||||||
|
$this->delete('/tags/{tagName:[\w]+}', '\Shaarli\Api\Controllers\Tags:deleteTag')->setName('deleteTag');
|
||||||
|
|
||||||
|
$this->get('/history', '\Shaarli\Api\Controllers\HistoryController:getHistory')->setName('getHistory');
|
||||||
|
})->add('\Shaarli\Api\ApiMiddleware');
|
||||||
|
|
||||||
$response = $app->run(true);
|
$response = $app->run(true);
|
||||||
|
|
||||||
$app->respond($response);
|
$app->respond($response);
|
||||||
|
|
85
init.php
Normal file
85
init.php
Normal file
|
@ -0,0 +1,85 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require_once __DIR__ . '/vendor/autoload.php';
|
||||||
|
|
||||||
|
use Shaarli\ApplicationUtils;
|
||||||
|
use Shaarli\Security\SessionManager;
|
||||||
|
|
||||||
|
// Set 'UTC' as the default timezone if it is not defined in php.ini
|
||||||
|
// See http://php.net/manual/en/datetime.configuration.php#ini.date.timezone
|
||||||
|
if (date_default_timezone_get() == '') {
|
||||||
|
date_default_timezone_set('UTC');
|
||||||
|
}
|
||||||
|
|
||||||
|
// High execution time in case of problematic imports/exports.
|
||||||
|
ini_set('max_input_time', '60');
|
||||||
|
|
||||||
|
// Try to set max upload file size and read
|
||||||
|
ini_set('memory_limit', '128M');
|
||||||
|
ini_set('post_max_size', '16M');
|
||||||
|
ini_set('upload_max_filesize', '16M');
|
||||||
|
|
||||||
|
// See all error except warnings
|
||||||
|
error_reporting(E_ALL^E_WARNING);
|
||||||
|
|
||||||
|
// 3rd-party libraries
|
||||||
|
if (! file_exists(__DIR__ . '/vendor/autoload.php')) {
|
||||||
|
header('Content-Type: text/plain; charset=utf-8');
|
||||||
|
echo "Error: missing Composer configuration\n\n"
|
||||||
|
."If you installed Shaarli through Git or using the development branch,\n"
|
||||||
|
."please refer to the installation documentation to install PHP"
|
||||||
|
." dependencies using Composer:\n"
|
||||||
|
."- https://shaarli.readthedocs.io/en/master/Server-configuration/\n"
|
||||||
|
."- https://shaarli.readthedocs.io/en/master/Download-and-Installation/";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Ensure the PHP version is supported
|
||||||
|
try {
|
||||||
|
ApplicationUtils::checkPHPVersion('7.1', PHP_VERSION);
|
||||||
|
} catch (Exception $exc) {
|
||||||
|
header('Content-Type: text/plain; charset=utf-8');
|
||||||
|
echo $exc->getMessage();
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Force cookie path (but do not change lifetime)
|
||||||
|
$cookie = session_get_cookie_params();
|
||||||
|
$cookiedir = '';
|
||||||
|
if (dirname($_SERVER['SCRIPT_NAME']) != '/') {
|
||||||
|
$cookiedir = dirname($_SERVER["SCRIPT_NAME"]).'/';
|
||||||
|
}
|
||||||
|
// Set default cookie expiration and path.
|
||||||
|
session_set_cookie_params($cookie['lifetime'], $cookiedir, $_SERVER['SERVER_NAME']);
|
||||||
|
// Set session parameters on server side.
|
||||||
|
// Use cookies to store session.
|
||||||
|
ini_set('session.use_cookies', 1);
|
||||||
|
// Force cookies for session (phpsessionID forbidden in URL).
|
||||||
|
ini_set('session.use_only_cookies', 1);
|
||||||
|
// Prevent PHP form using sessionID in URL if cookies are disabled.
|
||||||
|
ini_set('session.use_trans_sid', false);
|
||||||
|
|
||||||
|
define('SHAARLI_VERSION', ApplicationUtils::getVersion(__DIR__ .'/'. ApplicationUtils::$VERSION_FILE));
|
||||||
|
|
||||||
|
session_name('shaarli');
|
||||||
|
// Start session if needed (Some server auto-start sessions).
|
||||||
|
if (session_status() == PHP_SESSION_NONE) {
|
||||||
|
session_start();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Regenerate session ID if invalid or not defined in cookie.
|
||||||
|
if (isset($_COOKIE['shaarli']) && !SessionManager::checkId($_COOKIE['shaarli'])) {
|
||||||
|
session_regenerate_id(true);
|
||||||
|
$_COOKIE['shaarli'] = session_id();
|
||||||
|
}
|
||||||
|
|
||||||
|
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
|
||||||
|
if (! defined('LC_MESSAGES')) {
|
||||||
|
define('LC_MESSAGES', LC_COLLATE);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prevent caching on client side or proxy: (yes, it's ugly)
|
||||||
|
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
|
||||||
|
header("Cache-Control: no-store, no-cache, must-revalidate");
|
||||||
|
header("Cache-Control: post-check=0, pre-check=0", false);
|
||||||
|
header("Pragma: no-cache");
|
Loading…
Reference in a new issue