Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-07-07 08:19:49 +03:00
Code Issues Projects Releases Packages Wiki Activity

Replace OpenVKPresenter

Browse source 
Code formatted for nice view.
And removed tracy warning in function onBeforeRender() - added <if> statement to check user session.
This commit is contained in:
FireFox1121 2021-11-11 11:14:07 +03:00 committed by GitHub
parent 610b2bda6d
commit e2141d17af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 126 additions and 131 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

173
Web/Presenters/OpenVKPresenter.php
View file

@ -1,5 +1,9 @@
<?php declare(strict_types=1); <?php
declare(strict_types=1);
namespace openvk\Web\Presenters; namespace openvk\Web\Presenters;
use Chandler\Signaling\SignalManager; use Chandler\Signaling\SignalManager;
use Chandler\MVC\SimplePresenter; use Chandler\MVC\SimplePresenter;
use Chandler\Session\Session; use Chandler\Session\Session;
@ -7,40 +11,40 @@ use Chandler\Security\Authenticator;
use Latte\Engine as TemplatingEngine; use Latte\Engine as TemplatingEngine;
use openvk\Web\Models\Entities\IP; use openvk\Web\Models\Entities\IP;
use openvk\Web\Themes\Themepacks; use openvk\Web\Themes\Themepacks;
use openvk\Web\Models\Repositories\{IPs, Users, APITokens}; use openvk\Web\Models\Repositories\{
IPs,
Users,
APITokens
};
abstract class OpenVKPresenter extends SimplePresenter abstract class OpenVKPresenter extends SimplePresenter {
{
protected $banTolerant = false; protected $banTolerant = false;
protected $errorTemplate = "@error"; protected $errorTemplate = "@error";
protected $user = NULL; protected $user = NULL;
private function calculateQueryString(array $data): string private function calculateQueryString(array $data): string {
{
$rawUrl = "tcp+stratum://fakeurl.net$_SERVER[REQUEST_URI]"; #HTTP_HOST can be tainted $rawUrl = "tcp+stratum://fakeurl.net$_SERVER[REQUEST_URI]"; #HTTP_HOST can be tainted
$url = (object) parse_url($rawUrl); $url = (object) parse_url($rawUrl);
$path = $url->path; $path = $url->path;
return "$path?" . http_build_query(array_merge($_GET, $data)); return "$path?" . http_build_query(array_merge($_GET, $data));
} }
protected function flash(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void protected function flash(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void {
{
Session::i()->set("_error", json_encode([ Session::i()->set("_error", json_encode([
"type" => $type, "type" => $type,
"title" => $title, "title" => $title,
"msg" => $message, "msg" => $message,
"code" => $code, "code" => $code,
])); ]));
} }
protected function setTempTheme(string $theme): void protected function setTempTheme(string $theme): void {
{ Session::i()->set("_tempTheme", $theme);
Session::i()->set("_tempTheme", $theme); }
}
protected function flashFail(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void protected function flashFail(string $type, string $title, ?string $message = NULL, ?int $code = NULL): void {
{
$this->flash($type, $title, $message, $code); $this->flash($type, $title, $message, $code);
$referer = $_SERVER["HTTP_REFERER"] ?? "/"; $referer = $_SERVER["HTTP_REFERER"] ?? "/";
@ -49,35 +53,33 @@ abstract class OpenVKPresenter extends SimplePresenter
exit; exit;
} }
protected function logInUserWithToken(): void protected function logInUserWithToken(): void {
{
$header = $_SERVER["HTTP_AUTHORIZATION"] ?? ""; $header = $_SERVER["HTTP_AUTHORIZATION"] ?? "";
$token; $token;
preg_match("%Bearer (.*)$%", $header, $matches); preg_match("%Bearer (.*)$%", $header, $matches);
$token = $matches[1] ?? ""; $token = $matches[1] ?? "";
$token = (new APITokens)->getByCode($token); $token = (new APITokens)->getByCode($token);
if(!$token) { if (!$token) {
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
header("Content-Type: application/json"); header("Content-Type: application/json");
exit(json_encode(["error" => "The access token is invalid"])); exit(json_encode(["error" => "The access token is invalid"]));
} }
$this->user = (object) []; $this->user = (object) [];
$this->user->identity = $token->getUser(); $this->user->identity = $token->getUser();
$this->user->raw = $this->user->identity->getChandlerUser(); $this->user->raw = $this->user->identity->getChandlerUser();
$this->user->id = $this->user->identity->getId(); $this->user->id = $this->user->identity->getId();
$this->template->thisUser = $this->user->identity; $this->template->thisUser = $this->user->identity;
$this->template->userTainted = false; $this->template->userTainted = false;
} }
protected function assertUserLoggedIn(bool $returnUrl = true): void protected function assertUserLoggedIn(bool $returnUrl = true): void {
{ if (is_null($this->user)) {
if(is_null($this->user)) {
$loginUrl = "/login"; $loginUrl = "/login";
if($returnUrl && $_SERVER["REQUEST_METHOD"] === "GET") { if ($returnUrl && $_SERVER["REQUEST_METHOD"] === "GET") {
$currentUrl = function_exists("get_current_url") ? get_current_url() : $_SERVER["REQUEST_URI"]; $currentUrl = function_exists("get_current_url") ? get_current_url() : $_SERVER["REQUEST_URI"];
$loginUrl .= "?jReturnTo=" . rawurlencode($currentUrl); $loginUrl .= "?jReturnTo=" . rawurlencode($currentUrl);
} }
$this->flash("err", "Недостаточно прав", "Чтобы просматривать эту страницу, нужно зайти на сайт."); $this->flash("err", "Недостаточно прав", "Чтобы просматривать эту страницу, нужно зайти на сайт.");
@ -87,10 +89,9 @@ abstract class OpenVKPresenter extends SimplePresenter
} }
} }
protected function hasPermission(string $model, string $action, int $context): bool protected function hasPermission(string $model, string $action, int $context): bool {
{ if (is_null($this->user)) {
if(is_null($this->user)) { if ($model !== "user") {
if($model !== "user") {
$this->flash("info", "Недостаточно прав", "Чтобы просматривать эту страницу, нужно зайти на сайт."); $this->flash("info", "Недостаточно прав", "Чтобы просматривать эту страницу, нужно зайти на сайт.");
header("HTTP/1.1 302 Found"); header("HTTP/1.1 302 Found");
@ -104,58 +105,55 @@ abstract class OpenVKPresenter extends SimplePresenter
return (bool) $this->user->raw->can($action)->model($model)->whichBelongsTo($context === -1 ? null : $context); return (bool) $this->user->raw->can($action)->model($model)->whichBelongsTo($context === -1 ? null : $context);
} }
protected function assertPermission(string $model, string $action, int $context, bool $throw = false): void protected function assertPermission(string $model, string $action, int $context, bool $throw = false): void {
{ if ($this->hasPermission($model, $action, $context))
if($this->hasPermission($model, $action, $context)) return; return;
if($throw) if ($throw)
throw new SecurityPolicyViolationException("Permission error"); throw new SecurityPolicyViolationException("Permission error");
else else
$this->flashFail("err", "Недостаточно прав", "У вас недостаточно прав чтобы выполнять это действие."); $this->flashFail("err", "Недостаточно прав", "У вас недостаточно прав чтобы выполнять это действие.");
} }
protected function assertCaptchaCheckPassed(): void protected function assertCaptchaCheckPassed(): void {
{ if (!check_captcha())
if(!check_captcha())
$this->flashFail("err", "Неправильно введены символы", "Пожалуйста, убедитесь, что вы правильно заполнили поле с капчей."); $this->flashFail("err", "Неправильно введены символы", "Пожалуйста, убедитесь, что вы правильно заполнили поле с капчей.");
} }
protected function willExecuteWriteAction(): void protected function willExecuteWriteAction(): void {
{ $ip = (new IPs)->get(CONNECTING_IP);
$ip = (new IPs)->get(CONNECTING_IP);
$res = $ip->rateLimit(); $res = $ip->rateLimit();
if(!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) { if (!($res === IP::RL_RESET || $res === IP::RL_CANEXEC)) {
if($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) { if ($res === IP::RL_BANNED && OPENVK_ROOT_CONF["openvk"]["preferences"]["security"]["rateLimits"]["autoban"]) {
$this->user->identity->ban("Account has possibly been stolen"); $this->user->identity->ban("Account has possibly been stolen");
exit("Хакеры? Интересно..."); exit("Хакеры? Интересно...");
} }
$this->flashFail("err", "Чумба, ты совсем ёбнутый?", "Сходи к мозгоправу, попей колёсики. В OpenVK нельзя вбрасывать щитпосты так часто. Код исключения: $res."); $this->flashFail("err", "Чумба, ты совсем ёбнутый?", "Сходи к мозгоправу, попей колёсики. В OpenVK нельзя вбрасывать щитпосты так часто. Код исключения: $res.");
//$this->flashFail("err", "Чумба, ты совсем ёбнутый?", "Пиздуй к мозгоправу, проглоти колёсики. В OpenVK нельзя вбрасывать щитпосты так часто. Код исключения: $res.");
} }
} }
protected function signal(object $event): bool protected function signal(object $event): bool {
{
return (SignalManager::i())->triggerEvent($event, $this->user->id); return (SignalManager::i())->triggerEvent($event, $this->user->id);
} }
protected function logEvent(string $type, array $data): bool protected function logEvent(string $type, array $data): bool {
{
$db = eventdb(); $db = eventdb();
if(!$db) if (!$db)
return false; return false;
$data = array_merge([ $data = array_merge([
"timestamp" => time(), "timestamp" => time(),
"verified" => (int) true, "verified" => (int) true,
], $data); ], $data);
$columns = implode(", ", array_map(function($col) { $columns = implode(", ", array_map(function ($col) {
return "`" . addslashes($col) . "`"; return "`" . addslashes($col) . "`";
}, array_keys($data))); }, array_keys($data)));
$values = implode(", ", array_map(function($val) { $values = implode(", ", array_map(function ($val) {
return "'" . addslashes((string) (int) $val) . "'"; return "'" . addslashes((string) (int) $val) . "'";
}, array_values($data))); }, array_values($data)));
$db->getConnection()->query("INSERT INTO " . $type . "s($columns) VALUES ($values);"); $db->getConnection()->query("INSERT INTO " . $type . "s($columns) VALUES ($values);");
@ -165,36 +163,33 @@ abstract class OpenVKPresenter extends SimplePresenter
/** /**
* @override * @override
*/ */
protected function sendmail(string $to, string $template, array $params = []): void protected function sendmail(string $to, string $template, array $params = []): void {
{
parent::sendmail($to, __DIR__ . "/../../Email/$template", $params); parent::sendmail($to, __DIR__ . "/../../Email/$template", $params);
} }
function getTemplatingEngine(): TemplatingEngine function getTemplatingEngine(): TemplatingEngine {
{
$latte = parent::getTemplatingEngine(); $latte = parent::getTemplatingEngine();
$latte->addFilter("translate", function($s) { $latte->addFilter("translate", function ($s) {
return tr($s); return tr($s);
}); });
return $latte; return $latte;
} }
function onStartup(): void function onStartup(): void {
{
$user = Authenticator::i()->getUser(); $user = Authenticator::i()->getUser();
$this->template->isXmas = intval(date('d')) >= 15 && date('m') == 12 || intval(date('d')) <= 15 && date('m') == 1 ? true : false; $this->template->isXmas = intval(date('d')) >= 15 && date('m') == 12 || intval(date('d')) <= 15 && date('m') == 1 ? true : false;
if(!is_null($user)) { if (!is_null($user)) {
$this->user = (object) []; $this->user = (object) [];
$this->user->raw = $user; $this->user->raw = $user;
$this->user->identity = (new Users)->getByChandlerUser($user); $this->user->identity = (new Users)->getByChandlerUser($user);
$this->user->id = $this->user->identity->getId(); $this->user->id = $this->user->identity->getId();
$this->template->thisUser = $this->user->identity; $this->template->thisUser = $this->user->identity;
$this->template->userTainted = $user->isTainted(); $this->template->userTainted = $user->isTainted();
if($this->user->identity->isBanned() && !$this->banTolerant) { if ($this->user->identity->isBanned() && !$this->banTolerant) {
header("HTTP/1.1 403 Forbidden"); header("HTTP/1.1 403 Forbidden");
$this->getTemplatingEngine()->render(__DIR__ . "/templates/@banned.xml", [ $this->getTemplatingEngine()->render(__DIR__ . "/templates/@banned.xml", [
"thisUser" => $this->user->identity, "thisUser" => $this->user->identity,
@ -206,7 +201,6 @@ abstract class OpenVKPresenter extends SimplePresenter
$this->user->identity->setOnline(time()); $this->user->identity->setOnline(time());
$this->user->identity->save(); $this->user->identity->save();
} }
} }
setlocale(LC_TIME, ...(explode(";", tr("__locale")))); setlocale(LC_TIME, ...(explode(";", tr("__locale"))));
@ -214,29 +208,30 @@ abstract class OpenVKPresenter extends SimplePresenter
parent::onStartup(); parent::onStartup();
} }
function onBeforeRender(): void function onBeforeRender(): void {
{
parent::onBeforeRender(); parent::onBeforeRender();
if(!is_null($this->user)) { if (!is_null($this->user)) {
$theme = $this->user->identity->getTheme(); $theme = $this->user->identity->getTheme();
if(!is_null($theme) && $theme->overridesTemplates()) { if (!is_null($theme) && $theme->overridesTemplates()) {
$this->template->_templatePath = $theme->getBaseDir() . "/tpl"; $this->template->_templatePath = $theme->getBaseDir() . "/tpl";
} }
} }
if(!is_null(Session::i()->get("_error"))) { if (!is_null(Session::i()->get("_error"))) {
$this->template->flashMessage = json_decode(Session::i()->get("_error")); $this->template->flashMessage = json_decode(Session::i()->get("_error"));
Session::i()->set("_error", NULL); Session::i()->set("_error", NULL);
} }
if(Session::i()->get("_tempTheme")) if (Session::i()->get("_tempTheme"))
$this->template->theme = Themepacks::i()[Session::i()->get("_tempTheme", "ovk")]; $this->template->theme = Themepacks::i()[Session::i()->get("_tempTheme", "ovk")];
else if($this->requestParam("themePreview")) else if ($this->requestParam("themePreview"))
$this->template->theme = Themepacks::i()[$this->requestParam("themePreview")]; $this->template->theme = Themepacks::i()[$this->requestParam("themePreview")];
else if($this->user->identity !== null && $this->user->identity->getTheme()) else if (!is_null($this->user)) {
$this->template->theme = $this->user->identity->getTheme(); if ($this->user->identity !== null && $this->user->identity->getTheme()) {
$this->template->theme = $this->user->identity->getTheme();
// Знаю, каша ебаная, целестора рефактор всё равно сделает :))) }
// Знаю, каша ебаная, целестора рефактор всё равно сделает :)))
}
} }
} }