Twig, Tests, AES,
This commit is contained in:
@@ -2,69 +2,64 @@
|
||||
|
||||
namespace Elements;
|
||||
|
||||
use Driver\SQL\SQL;
|
||||
use Objects\User;
|
||||
|
||||
abstract class Document {
|
||||
|
||||
protected Head $head;
|
||||
protected Body $body;
|
||||
protected User $user;
|
||||
protected bool $databaseRequired;
|
||||
private ?string $activeView;
|
||||
private bool $cspEnabled;
|
||||
private ?string $cspNonce;
|
||||
|
||||
public function __construct(User $user, $headClass, $bodyClass, ?string $view = NULL) {
|
||||
public function __construct(User $user) {
|
||||
$this->user = $user;
|
||||
$this->head = new $headClass($this);
|
||||
$this->body = new $bodyClass($this);
|
||||
$this->cspEnabled = false;
|
||||
$this->cspNonce = null;
|
||||
$this->databaseRequired = true;
|
||||
$this->activeView = $view;
|
||||
}
|
||||
|
||||
public function getHead(): Head { return $this->head; }
|
||||
public function getBody(): Body { return $this->body; }
|
||||
public function getSQL(): ?\Driver\SQL\SQL { return $this->user->getSQL(); }
|
||||
public function getUser(): User { return $this->user; }
|
||||
|
||||
public function getView() : ?View {
|
||||
|
||||
if ($this->activeView === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$view = parseClass($this->activeView);
|
||||
$file = getClassPath($view);
|
||||
if(!file_exists($file) || !is_subclass_of($view, View::class)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return new $view($this);
|
||||
public function getSQL(): ?SQL {
|
||||
return $this->user->getSQL();
|
||||
}
|
||||
|
||||
public function getRequestedView(): string {
|
||||
return $this->activeView;
|
||||
public function getUser(): User {
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
function getCode(): string {
|
||||
public function getCSPNonce(): ?string {
|
||||
return $this->cspNonce;
|
||||
}
|
||||
|
||||
public function isCSPEnabled(): bool {
|
||||
return $this->cspEnabled;
|
||||
}
|
||||
|
||||
public function enableCSP() {
|
||||
$this->cspEnabled = true;
|
||||
$this->cspNonce = generateRandomString(16, "base62");
|
||||
}
|
||||
|
||||
public function getCode(): string {
|
||||
if ($this->databaseRequired) {
|
||||
$sql = $this->user->getSQL();
|
||||
if (is_null($sql)) {
|
||||
die("Database is not configured yet.");
|
||||
} else if(!$sql->isConnected()) {
|
||||
} else if (!$sql->isConnected()) {
|
||||
die("Database is not connected: " . $sql->getLastError());
|
||||
}
|
||||
}
|
||||
|
||||
$body = $this->body->getCode();
|
||||
$head = $this->head->getCode();
|
||||
$lang = $this->user->getLanguage()->getShortCode();
|
||||
if ($this->cspEnabled) {
|
||||
$csp = ["default-src 'self'", "object-src 'none'", "base-uri 'self'", "style-src 'self' 'unsafe-inline'", "script-src 'nonce-$this->cspNonce'"];
|
||||
if ($this->user->getConfiguration()->getSettings()->isRecaptchaEnabled()) {
|
||||
$csp[] = "frame-src https://www.google.com/ 'self'";
|
||||
}
|
||||
|
||||
$html = "<!DOCTYPE html>";
|
||||
$html .= "<html lang=\"$lang\">";
|
||||
$html .= $head;
|
||||
$html .= $body;
|
||||
$html .= "</html>";
|
||||
return $html;
|
||||
$compiledCSP = implode(";", $csp);
|
||||
header("Content-Security-Policy: $compiledCSP;");
|
||||
}
|
||||
|
||||
return "";
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user