Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2025-02-08 23:39:46 +01:00
Code Releases Wiki Activity

Merge pull request #852 from perdedora/new-mod

Browse Source 
mod.php: rework for better organization and removing dead code
This commit is contained in:
Lorenzo Yario 2024-12-08 08:47:35 -08:00 committed by GitHub
commit c1cc3daf93
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 368 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

325
mod.php
View File

@ -1,8 +1,10 @@
<?php <?php
/* /*
* Copyright (c) 2010-2014 Tinyboard Development Group * Copyright (c) 2010-2024 Tinyboard Development Group
*/ */
use Vichan\Context;
require_once 'inc/bootstrap.php'; require_once 'inc/bootstrap.php';
if ($config['debug']) { if ($config['debug']) {
@ -11,14 +13,48 @@ if ($config['debug']) {
require_once 'inc/mod/pages.php'; require_once 'inc/mod/pages.php';
/**
* Class Router
*
* Handles HTTP request routing.
*/
class Router {
/** @var array $pages Array of URL patterns and their corresponding handlers */
private array $pages;
$ctx = Vichan\build_context($config); /** @var string $query The query string from the HTTP request */
private string $query;
check_login($ctx, true); /** @var mixed $mod Mod information for the current user session */
private mixed $mod;
$query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : ''; /** @var array $config Configuration settings for the application */
private array $config;
$pages = [ /** @var bool $securePostOnly Indicates if the current handler requires a secure POST request */
private bool $securePostOnly = false;
/**
* Router constructor.
*
* @param Context $ctx The application context object
* @param mixed|null $mod Mod information for the current user session
*/
public function __construct(Context $ctx, mixed $mod = null) {
$this->config = $ctx->get('config');
$this->mod = $mod;
$this->query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
$this->initializePages();
}
/**
* Initializes the array of pages and their handlers.
*
* This method sets up the routing table for various endpoints.
*/
private function initializePages(): void {
$this->pages = [
'' => ':?/', // redirect to dashboard '' => ':?/', // redirect to dashboard
'/' => 'dashboard', // dashboard '/' => 'dashboard', // dashboard
'/confirm/(.+)' => 'confirm', // confirm action (if javascript didn't work) '/confirm/(.+)' => 'confirm', // confirm action (if javascript didn't work)
@ -44,10 +80,10 @@ $pages = [
'/edit_news/(\d+)' => 'secure_POST news', // view news '/edit_news/(\d+)' => 'secure_POST news', // view news
'/edit_news/delete/(\d+)' => 'secure news_delete', // delete from news '/edit_news/delete/(\d+)' => 'secure news_delete', // delete from news
'/edit_pages(?:/?(\%b)?)' => 'secure_POST pages', '/edit_pages(?:/?(\%b)?)' => 'secure_POST pages', // edit static pages from board
'/edit_page/(\d+)' => 'secure_POST edit_page', '/edit_page/(\d+)' => 'secure_POST edit_page', // edit site-wide static pages
'/edit_pages/delete/([a-z0-9]+)' => 'secure delete_page', '/edit_pages/delete/([a-z0-9]+)' => 'secure delete_page', // delete site-wide static pages
'/edit_pages/delete/([a-z0-9]+)/(\%b)' => 'secure delete_page_board', '/edit_pages/delete/([a-z0-9]+)/(\%b)' => 'secure delete_page_board', // delete static pages from board
'/noticeboard' => 'secure_POST noticeboard', // view noticeboard '/noticeboard' => 'secure_POST noticeboard', // view noticeboard
'/noticeboard/(\d+)' => 'secure_POST noticeboard', // view noticeboard '/noticeboard/(\d+)' => 'secure_POST noticeboard', // view noticeboard
@ -66,7 +102,7 @@ $pages = [
'/ban' => 'secure_POST ban', // new ban '/ban' => 'secure_POST ban', // new ban
'/bans' => 'secure_POST bans', // ban list '/bans' => 'secure_POST bans', // ban list
'/bans.json' => 'secure bans_json', // ban list JSON '/bans.json' => 'secure bans_json', // ban list JSON
'/edit_ban/(\d+)' => 'secure_POST edit_ban', '/edit_ban/(\d+)' => 'secure_POST edit_ban', // edit ban
'/ban-appeals' => 'secure_POST ban_appeals', // view ban appeals '/ban-appeals' => 'secure_POST ban_appeals', // view ban appeals
'/recent/(\d+)' => 'recent_posts', // view recent posts '/recent/(\d+)' => 'recent_posts', // view recent posts
@ -96,113 +132,254 @@ $pages = [
'/config' => 'secure_POST config', // config editor '/config' => 'secure_POST config', // config editor
'/config/(\%b)' => 'secure_POST config', // config editor '/config/(\%b)' => 'secure_POST config', // config editor
// these pages aren't listed in the dashboard without $config['debug']
//'/debug/antispam' => 'debug_antispam',
//'/debug/recent' => 'debug_recent_posts',
//'/debug/sql' => 'secure_POST debug_sql',
// This should always be at the end: // This should always be at the end:
'/(\%b)/' => 'view_board', '/(\%b)/' => 'view_board',
'/(\%b)/' . preg_quote($config['file_index'], '!') => 'view_board', '/(\%b)/' . preg_quote($this->config['file_index'], '!') => 'view_board',
'/(\%b)/' . preg_quote($config['file_catalog'], '!') => 'view_catalog', '/(\%b)/' . str_replace('%d', '(\d+)',
'/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board', preg_quote($this->config['file_page'], '!')) => 'view_board',
'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
str_replace('%d', '(\d+)', preg_quote($config['file_page50'], '!')) => 'view_thread50',
'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread',
'/(\%b)/' . preg_quote($config['dir']['res'], '!') . '/(\%b)/' . preg_quote($this->config['file_catalog'], '!') => 'view_catalog',
str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ], preg_quote($config['file_page50_slug'], '!')) => 'view_thread50',
'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ], preg_quote($config['file_page_slug'], '!')) => 'view_thread',
];
'/(\%b)/' . preg_quote($this->config['dir']['res'], '!') .
str_replace('%d', '(\d+)',
preg_quote($this->config['file_page50'], '!')) => 'view_thread50',
if (!$mod) { '/(\%b)/' . preg_quote($this->config['dir']['res'], '!') .
$pages = [ '!^(.+)?$!' => 'login' ]; str_replace('%d', '(\d+)',
} elseif (isset($_GET['status'], $_GET['r'])) { preg_quote($this->config['file_page'], '!')) => 'view_thread',
header('Location: ' . $_GET['r'], true, (int)$_GET['status']);
exit;
}
if (isset($config['mod']['custom_pages'])) { // slug
$pages = array_merge($pages, $config['mod']['custom_pages']); '/(\%b)/' . preg_quote($this->config['dir']['res'], '!') .
} str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ],
preg_quote($this->config['file_page50_slug'], '!')) => 'view_thread50',
$new_pages = []; '/(\%b)/' . preg_quote($this->config['dir']['res'], '!') .
foreach ($pages as $key => $callback) { str_replace([ '%d','%s' ], [ '(\d+)', '[a-z0-9-]+' ],
preg_quote($this->config['file_page_slug'], '!')) => 'view_thread',
];
if ($this->config['debug']) {
$this->addDebugPages();
}
if (!$this->mod) {
$this->pages = ['!^(.+)?$!' => 'login'];
}
if (isset($this->config['mod']['custom_pages'])) {
$this->pages = array_merge($this->pages, $this->config['mod']['custom_pages']);
}
$this->prepareRoutes();
}
/**
* Adds debugging pages to the routing table if debugging is enabled.
*/
private function addDebugPages(): void {
$this->pages = array_merge_recursive($this->pages, [
'/debug/antispam' => 'debug_antispam',
'/debug/recent' => 'debug_recent_posts',
'/debug/sql' => 'secure_POST debug_sql',
]);
}
/**
* Prepares routes by processing page patterns into regex patterns and updating the pages array.
*/
private function prepareRoutes(): void {
$new_pages = [];
foreach ($this->pages as $key => $callback) {
if (is_string($callback) && preg_match('/^secure /', $callback)) { if (is_string($callback) && preg_match('/^secure /', $callback)) {
$key .= '(/(?P<token>[a-f0-9]{8}))?'; $key .= '(/(?P<token>[a-f0-9]{8}))?';
} }
$key = str_replace('\%b', '?P<board>' . sprintf(substr($config['board_path'], 0, -1), $config['board_regex']), $key);
$new_pages[(!empty($key) and $key[0] == '!') ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
}
$pages = $new_pages;
foreach ($pages as $uri => $handler) { $key = str_replace(
if (preg_match($uri, $query, $matches)) { '\%b',
$matches[0] = $ctx; // Replace the text captured by the full pattern with a reference to the context. '?P<board>' . sprintf(
substr($this->config['board_path'], 0, -1),
$this->config['board_regex']
),
$key
);
$new_pages[
strpos($key, '!') === 0
? $key
: "!^{$key}(?:&[^&=]+=[^&]*)*$!u"
] = $callback;
}
$this->pages = $new_pages;
}
/**
* Handles the incoming request by matching the query string to a route and executing the corresponding handler.
*/
public function handleRequest(Context $ctx): void {
foreach ($this->pages as $uri => $handler) {
if (preg_match($uri, $this->query, $matches)) {
$matches[0] = $ctx;
$this->processBoard($matches);
if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) {
$this->securePostOnly = isset($m[1]);
$this->processSecureHandler($matches);
$handler = $this->processHandler($handler);
}
$this->logDebugInfo($uri, $handler);
$matches = array_values($matches);
$this->executeHandler($handler, $matches);
exit;
}
}
$this->error($this->config['error']['404']);
}
/**
* Processes the handler name, removing security prefixes.
*
* @param string $handler The handler name
* @return string The processed handler name
*/
private function processHandler(string $handler): string {
return preg_replace('/^secure(_POST)? /', '', $handler);
}
/**
* Processes the board information from the route matches.
*
* @param array &$matches The array of route matches
*/
private function processBoard(array &$matches): void {
if (isset($matches['board'])) { if (isset($matches['board'])) {
$board_match = $matches['board']; $board_match = $matches['board'];
unset($matches['board']); unset($matches['board']);
$key = array_search($board_match, $matches); $key = array_search($board_match, $matches);
if (preg_match('/^' . sprintf(substr($config['board_path'], 0, -1), '(' . $config['board_regex'] . ')') . '$/u', $matches[$key], $board_match)) { if (preg_match(
'/^' . sprintf(
substr($this->config['board_path'], 0, -1),
"({$this->config['board_regex']})"
) . '$/u',
$matches[$key],
$board_match
)) {
$matches[$key] = $board_match[1]; $matches[$key] = $board_match[1];
} }
} }
}
if (is_string($handler) && preg_match('/^secure(_POST)? /', $handler, $m)) { /**
$secure_post_only = isset($m[1]); * Processes POST secure handlers, validating CSRF tokens.
if (!$secure_post_only || $_SERVER['REQUEST_METHOD'] == 'POST') { *
$token = isset($matches['token']) ? $matches['token'] : (isset($_POST['token']) ? $_POST['token'] : false); * @param array &$matches The array of route matches
*/
private function processSecureHandler(array &$matches): void {
if (!$this->securePostOnly || $_SERVER['REQUEST_METHOD'] === 'POST') {
$token = $this->getToken($matches);
if ($token === false) { // CSRF-protected page; validate security token
if ($secure_post_only) $actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $this->query);
error($config['error']['csrf']); if ($token !== make_secure_link_token(substr($actual_query, 1))) {
else { $this->error($this->config['error']['csrf']);
mod_confirm($ctx, substr($query, 1)); }
}
}
/**
* Retrieves the CSRF token from the route matches or POST data.
*
* @param array &$matches The array of route matches
* @return string|null The CSRF token, or null if not found
*/
private function getToken(array &$matches): ?string {
if (isset($matches['token'])) {
return $matches['token'];
} elseif (isset($_POST['token'])) {
return $_POST['token'];
} else {
if ($this->securePostOnly) {
$this->error($this->config['error']['csrf']);
} else {
mod_confirm($this->ctx, substr($this->query, 1));
exit; exit;
} }
} }
// CSRF-protected page; validate security token return null;
$actual_query = preg_replace('!/([a-f0-9]{8})$!', '', $query);
if ($token != make_secure_link_token(substr($actual_query, 1))) {
error($config['error']['csrf']);
}
}
$handler = preg_replace('/^secure(_POST)? /', '', $handler);
} }
if ($config['debug']) { /**
* Logs debug information, if enabled, about the current request.
*
* @param string $uri The matched URI pattern
* @param string $handler The handler name
*/
private function logDebugInfo(string $uri, string $handler): void {
global $debug, $parse_start_time;
if ($this->config['debug']) {
$debug['mod_page'] = [ $debug['mod_page'] = [
'req' => $query, 'req' => $this->query,
'match' => $uri, 'match' => $uri,
'handler' => $handler, 'handler' => $handler,
'type' => gettype($handler),
'secure' => $this->securePostOnly ? 'true' : 'false'
]; ];
$debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms'; $debug['time']['parse_mod_req'] = '~' . round((microtime(true) - $parse_start_time) * 1000, 2) . 'ms';
} }
}
// We don't want to call named parameters (PHP 8). /**
$matches = array_values($matches); * Executes the matched handler with the provided matches.
*
* @param string $handler The handler to execute
* @param array $matches The route matches to pass to the handler
*/
private function executeHandler(string $handler, array $matches): void {
if (is_string($handler)) { if (is_string($handler)) {
if ($handler[0] == ':') { if ($handler[0] === ':') {
header('Location: ' . substr($handler, 1), true, $config['redirect_http']); $this->safeRedirect(substr($handler, 1));
} elseif (is_callable("mod_$handler")) { } elseif (is_callable("mod_{$handler}")) {
call_user_func_array("mod_$handler", $matches); call_user_func_array("mod_{$handler}", $matches);
} else { } else {
error("Mod page '$handler' not found!"); $this->error("Mod page '{$handler}' not found!");
} }
} elseif (is_callable($handler)) { } elseif (is_callable($handler)) {
call_user_func_array($handler, $matches); call_user_func_array($handler, $matches);
} else { } else {
error("Mod page '$handler' not a string, and not callable!"); $this->error("Mod page '{$handler}' not a string, and not callable!");
}
} }
/**
* Safely redirects to the specified location.
*
* @param string $location The URL to redirect to
*/
private function safeRedirect(string $location): void {
header("Location: {$location}", true, $this->config['redirect_http']);
exit; exit;
} }
/**
* Triggers an error with the specified message.
*
* @param string $message The error message
*/
private function error(string $message): void {
error($message);
}
} }
error($config['error']['404']); $ctx = Vichan\build_context($config);
check_login($ctx, true);
$router = new Router($ctx, $mod);
$router->handleRequest($ctx);