web-base/Core/Elements/Document.class.php

152 lines
3.9 KiB
PHP
Raw Normal View History

2020-02-09 23:02:19 +01:00
<?php
2022-11-18 18:06:46 +01:00
namespace Core\Elements;
2020-02-09 23:02:19 +01:00
2022-11-18 18:06:46 +01:00
use Core\Configuration\Settings;
use Core\Driver\Logger\Logger;
use Core\Driver\SQL\SQL;
use Core\Objects\Context;
use Core\Objects\Router\DocumentRoute;
use Core\Objects\Router\Router;
use Core\Objects\DatabaseEntity\User;
use Core\Objects\Search\Searchable;
use Core\Objects\Search\SearchQuery;
use Core\Objects\Search\SearchResult;
2020-04-03 15:56:04 +02:00
2020-02-09 23:02:19 +01:00
abstract class Document {
2022-06-01 12:28:50 +02:00
protected Router $router;
private Logger $logger;
2020-04-03 15:56:04 +02:00
protected bool $databaseRequired;
2021-12-08 16:53:43 +01:00
private bool $cspEnabled;
private ?string $cspNonce;
2022-02-20 16:53:26 +01:00
private array $cspWhitelist;
private string $domain;
2022-08-20 22:17:17 +02:00
protected bool $searchable;
2022-11-30 16:42:24 +01:00
protected array $languageModules;
2020-02-09 23:02:19 +01:00
2022-06-01 12:28:50 +02:00
public function __construct(Router $router) {
$this->router = $router;
2021-12-08 16:53:43 +01:00
$this->cspEnabled = false;
$this->cspNonce = null;
2020-04-02 21:39:02 +02:00
$this->databaseRequired = true;
2022-02-20 16:53:26 +01:00
$this->cspWhitelist = [];
2022-06-01 12:28:50 +02:00
$this->domain = $this->getSettings()->getBaseUrl();
$this->logger = new Logger("Document", $this->getSQL());
2022-08-20 22:17:17 +02:00
$this->searchable = false;
2022-11-30 16:42:24 +01:00
$this->languageModules = [];
2022-08-20 22:17:17 +02:00
}
public abstract function getTitle(): string;
public function isSearchable(): bool {
return $this->searchable;
}
public function getLogger(): Logger {
return $this->logger;
2022-06-01 12:28:50 +02:00
}
2022-06-20 19:52:31 +02:00
public function getUser(): ?User {
return $this->getContext()->getUser();
}
public function getContext(): Context {
return $this->router->getContext();
2020-02-09 23:02:19 +01:00
}
2021-12-08 16:53:43 +01:00
public function getSQL(): ?SQL {
2022-06-20 19:52:31 +02:00
return $this->getContext()->getSQL();
2021-12-08 16:53:43 +01:00
}
2021-04-03 13:05:20 +02:00
2022-06-01 12:28:50 +02:00
public function getSettings(): Settings {
2022-06-20 19:52:31 +02:00
return $this->getContext()->getSettings();
2021-12-08 16:53:43 +01:00
}
2020-02-09 23:02:19 +01:00
2021-12-08 16:53:43 +01:00
public function getCSPNonce(): ?string {
return $this->cspNonce;
}
2021-12-08 16:53:43 +01:00
public function isCSPEnabled(): bool {
return $this->cspEnabled;
2020-02-09 23:02:19 +01:00
}
2021-12-08 16:53:43 +01:00
public function enableCSP() {
$this->cspEnabled = true;
$this->cspNonce = generateRandomString(16, "base62");
}
2020-02-09 23:02:19 +01:00
2022-06-01 12:28:50 +02:00
public function getRouter(): Router {
return $this->router;
}
2022-08-20 22:17:17 +02:00
public function addCSPWhitelist(string $path) {
$urlParts = parse_url($path);
if (!$urlParts || !isset($urlParts["host"])) {
$this->cspWhitelist[] = $this->domain . $path;
} else {
$this->cspWhitelist[] = $path;
}
2022-02-20 16:53:26 +01:00
}
2022-08-20 22:17:17 +02:00
public function sendHeaders() {
2021-12-08 16:53:43 +01:00
if ($this->cspEnabled) {
2022-02-20 16:53:26 +01:00
$cspWhiteList = implode(" ", $this->cspWhitelist);
$csp = [
2022-08-20 22:17:17 +02:00
"default-src $cspWhiteList 'self'",
2022-02-20 16:53:26 +01:00
"object-src 'none'",
"base-uri 'self'",
"style-src 'self' 'unsafe-inline'",
2022-08-20 22:17:17 +02:00
"img-src 'self' 'unsafe-inline' data: https:;",
2022-02-20 16:53:26 +01:00
"script-src $cspWhiteList 'nonce-$this->cspNonce'"
];
2022-06-01 12:28:50 +02:00
if ($this->getSettings()->isRecaptchaEnabled()) {
2021-12-08 16:53:43 +01:00
$csp[] = "frame-src https://www.google.com/ 'self'";
}
2020-02-09 23:02:19 +01:00
2022-02-20 16:53:26 +01:00
$compiledCSP = implode("; ", $csp);
2021-12-08 16:53:43 +01:00
header("Content-Security-Policy: $compiledCSP;");
}
2022-08-20 22:17:17 +02:00
}
public abstract function getCode(array $params = []);
public function load(array $params = []): string {
if ($this->databaseRequired) {
$sql = $this->getSQL();
if (is_null($sql)) {
return "Database is not configured yet.";
} else if (!$sql->isConnected()) {
return "Database is not connected: " . $sql->getLastError();
}
}
2022-11-30 16:42:24 +01:00
$language = $this->getContext()->getLanguage();
foreach ($this->languageModules as $module) {
$language->loadModule($module);
}
2022-08-20 22:17:17 +02:00
2022-11-30 16:42:24 +01:00
$code = $this->getCode($params);
2022-08-20 22:17:17 +02:00
$this->sendHeaders();
return $code;
}
public function doSearch(SearchQuery $query, DocumentRoute $route): array {
$code = $this->getCode();
$results = Searchable::searchHtml($code, $query);
return array_map(function ($res) use ($route) {
return new SearchResult($route->getUrl(), $this->getTitle(), $res["text"]);
}, $results);
}
public function createScript($type, $src, $content = ""): Script {
$script = new Script($type, $src, $content);
if ($this->isCSPEnabled()) {
$script->setNonce($this->getCSPNonce());
}
2020-02-09 23:02:19 +01:00
2022-08-20 22:17:17 +02:00
return $script;
2021-12-08 16:53:43 +01:00
}
2020-04-03 15:56:04 +02:00
}