web-base/core/Elements/Document.class.php

<?php

namespace Elements;

use Driver\SQL\SQL;
use Objects\User;

abstract class Document {

  protected User $user;
  protected bool $databaseRequired;
  private bool $cspEnabled;
  private ?string $cspNonce;
  private array $cspWhitelist;
  private string $domain;

  public function __construct(User $user) {
    $this->user = $user;
    $this->cspEnabled = false;
    $this->cspNonce = null;
    $this->databaseRequired = true;
    $this->cspWhitelist = [];
    $this->domain = $user->getConfiguration()->getSettings()->getBaseUrl();
  }

  public function getSQL(): ?SQL {
    return $this->user->getSQL();
  }

  public function getUser(): User {
    return $this->user;
  }

  public function getCSPNonce(): ?string {
    return $this->cspNonce;
  }

  public function isCSPEnabled(): bool {
    return $this->cspEnabled;
  }

  public function enableCSP() {
    $this->cspEnabled = true;
    $this->cspNonce = generateRandomString(16, "base62");
  }

  protected function addCSPWhitelist(string $path) {
    $this->cspWhitelist[] = $this->domain . $path;
  }

  public function getCode(array $params = []): string {
    if ($this->databaseRequired) {
      $sql = $this->user->getSQL();
      if (is_null($sql)) {
        die("Database is not configured yet.");
      } else if (!$sql->isConnected()) {
        die("Database is not connected: " . $sql->getLastError());
      }
    }

    if ($this->cspEnabled) {

      $cspWhiteList = implode(" ", $this->cspWhitelist);

      $csp = [
        "default-src 'self'",
        "object-src 'none'",
        "base-uri 'self'",
        "style-src 'self' 'unsafe-inline'",
        "img-src 'self' data:",
        "script-src $cspWhiteList 'nonce-$this->cspNonce'"
      ];
      if ($this->user->getConfiguration()->getSettings()->isRecaptchaEnabled()) {
        $csp[] = "frame-src https://www.google.com/ 'self'";
      }

      $compiledCSP = implode("; ", $csp);
      header("Content-Security-Policy: $compiledCSP;");
    }

    return "";
  }
}
Initial Commit 2020-02-09 23:02:19 +01:00			`<?php`

			`namespace Elements;`

Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`use Driver\SQL\SQL;`
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`use Objects\User;`

Initial Commit 2020-02-09 23:02:19 +01:00			`abstract class Document {`

php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`protected User $user;`
			`protected bool $databaseRequired;`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`private bool $cspEnabled;`
			`private ?string $cspNonce;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`private array $cspWhitelist;`
			`private string $domain;`
Initial Commit 2020-02-09 23:02:19 +01:00
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`public function __construct(User $user) {`
some weird bug 2021-04-02 22:48:14 +02:00			`$this->user = $user;`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`$this->cspEnabled = false;`
			`$this->cspNonce = null;`
Bugfix 2020-04-02 21:39:02 +02:00			`$this->databaseRequired = true;`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`$this->cspWhitelist = [];`
			`$this->domain = $user->getConfiguration()->getSettings()->getBaseUrl();`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`public function getSQL(): ?SQL {`
			`return $this->user->getSQL();`
			`}`
fix 2021-04-03 13:05:20 +02:00
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`public function getUser(): User {`
			`return $this->user;`
			`}`
Initial Commit 2020-02-09 23:02:19 +01:00
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`public function getCSPNonce(): ?string {`
			`return $this->cspNonce;`
Readme, some fixes, rel noopener for _blank links 2021-04-03 10:39:13 +02:00			`}`

Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`public function isCSPEnabled(): bool {`
			`return $this->cspEnabled;`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`public function enableCSP() {`
			`$this->cspEnabled = true;`
			`$this->cspNonce = generateRandomString(16, "base62");`
			`}`
Initial Commit 2020-02-09 23:02:19 +01:00
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`protected function addCSPWhitelist(string $path) {`
			`$this->cspWhitelist[] = $this->domain . $path;`
			`}`

Router, Logger, Bump v1.5 2022-05-31 16:14:49 +02:00			`public function getCode(array $params = []): string {`
Bugfix 2020-04-02 21:39:02 +02:00			`if ($this->databaseRequired) {`
Initial Commit 2020-02-09 23:02:19 +01:00			`$sql = $this->user->getSQL();`
			`if (is_null($sql)) {`
			`die("Database is not configured yet.");`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`} else if (!$sql->isConnected()) {`
Initial Commit 2020-02-09 23:02:19 +01:00			`die("Database is not connected: " . $sql->getLastError());`
			`}`
			`}`

Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`if ($this->cspEnabled) {`
Core Update 1.4.0 2022-02-20 16:53:26 +01:00
			`$cspWhiteList = implode(" ", $this->cspWhitelist);`

			`$csp = [`
			`"default-src 'self'",`
			`"object-src 'none'",`
			`"base-uri 'self'",`
			`"style-src 'self' 'unsafe-inline'",`
			`"img-src 'self' data:",`
			`"script-src $cspWhiteList 'nonce-$this->cspNonce'"`
			`];`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`if ($this->user->getConfiguration()->getSettings()->isRecaptchaEnabled()) {`
			`$csp[] = "frame-src https://www.google.com/ 'self'";`
			`}`
Initial Commit 2020-02-09 23:02:19 +01:00
Core Update 1.4.0 2022-02-20 16:53:26 +01:00			`$compiledCSP = implode("; ", $csp);`
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`header("Content-Security-Policy: $compiledCSP;");`
			`}`
Initial Commit 2020-02-09 23:02:19 +01:00
Twig, Tests, AES, 2021-12-08 16:53:43 +01:00			`return "";`
			`}`
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`}`