Bugfix, Document constructor, docker

core/Configuration/CreateDatabase.class.php

@@ -163,6 +163,7 @@ class CreateDatabase extends DatabaseScript {
       ->addRow("/resetPassword", "dynamic", "\\Documents\\Account", json_encode(["account/reset_password.twig"]), true)
       ->addRow("/login", "dynamic", "\\Documents\\Account", json_encode(["account/login.twig"]), true)
       ->addRow("/resendConfirmEmail", "dynamic", "\\Documents\\Account", json_encode(["account/resend_confirm_email.twig"]), true)
+      ->addRow("/debug", "dynamic", "\\Documents\\Info", NULL, true)
       ->addRow("/", "static", "/static/welcome.html", NULL, true);
 
     $queries[] = $sql->createTable("Settings")
@@ -228,7 +229,7 @@ class CreateDatabase extends DatabaseScript {
       ->addDateTime("nextTry", false, $sql->now())
       ->addString("errorMessage", NULL,  true)
       ->primaryKey("uid");
-    $queries = array_merge($queries, \Configuration\Patch\log::createTableLog($sql, "MailQueue", 30));
+    $queries = array_merge($queries, \Configuration\Patch\EntityLog_2021_04_08::createTableLog($sql, "MailQueue", 30));
 
     $queries[] = $sql->createTable("News")
       ->addSerial("uid")

core/Configuration/Patch/EntityLog_2021_04_08.class.php

@@ -11,7 +11,7 @@ use Driver\SQL\Type\CurrentColumn;
 use Driver\SQL\Type\CurrentTable;
 use Driver\SQL\Type\Trigger;
 
-class log extends DatabaseScript {
+class EntityLog_2021_04_08 extends DatabaseScript {
 
   public static function createTableLog(SQL $sql, string $table, int $lifetime = 90): array {
     return [

core/Documents/Account.class.php

@@ -4,12 +4,12 @@
 namespace Documents;
 
 use Elements\TemplateDocument;
-use Objects\User;
+use Objects\Router\Router;
 
 
 class Account extends TemplateDocument {
-  public function __construct(User $user, string $templateName) {
-    parent::__construct($user, $templateName);
+  public function __construct(Router $router, string $templateName) {
+    parent::__construct($router, $templateName);
     $this->enableCSP();
   }
 
@@ -34,13 +34,13 @@ class Account extends TemplateDocument {
         }
       }
     } else if ($this->getTemplateName() === "account/register.twig") {
-      $settings = $this->user->getConfiguration()->getSettings();
-      if ($this->user->isLoggedIn()) {
+      $settings = $this->getSettings();
+      if ($this->getUser()->isLoggedIn()) {
         $this->createError("You are already logged in.");
       } else if (!$settings->isRegistrationAllowed()) {
         $this->createError("Registration is not enabled on this website.");
       }
-    } else if ($this->getTemplateName() === "account/login.twig" && $this->user->isLoggedIn()) {
+    } else if ($this->getTemplateName() === "account/login.twig" && $this->getUser()->isLoggedIn()) {
       header("Location: /admin");
       exit();
     } else if ($this->getTemplateName() === "account/accept_invite.twig") {

core/Documents/Admin.class.php

@@ -3,13 +3,14 @@
 namespace Documents;
 
 use Elements\TemplateDocument;
-use Objects\User;
+use Objects\Router\Router;
 
 class Admin extends TemplateDocument {
-  public function __construct(User $user) {
+  public function __construct(Router $router) {
+    $user = $router->getUser();
     $template = $user->isLoggedIn() ? "admin.twig" : "redirect.twig";
     $params = $user->isLoggedIn() ? [] : ["url" => "/login"];
-    parent::__construct($user, $template, $params);
+    parent::__construct($router, $template, $params);
     $this->enableCSP();
   }
 }

core/Documents/Info.class.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Documents;
+
+use Elements\EmptyHead;
+use Elements\HtmlDocument;
+use Elements\SimpleBody;
+use Objects\Router\Router;
+
+class Info extends HtmlDocument {
+  public function __construct(Router $router) {
+    parent::__construct($router, EmptyHead::class, InfoBody::class);
+  }
+}
+
+class InfoBody extends SimpleBody {
+  protected function getContent(): string {
+    $user = $this->getDocument()->getUser();
+    if ($user->isLoggedIn() && $user->hasGroup(USER_GROUP_ADMIN)) {
+      phpinfo();
+    } else {
+      $message = "You are not logged in or do not have the proper privileges to access this page.";
+      return $this->getDocument()->getRouter()->returnStatusCode(403, [ "message" => $message] );
+    }
+  }
+}

core/Documents/Install.class.php

@@ -5,10 +5,11 @@ namespace Documents {
   use Documents\Install\InstallBody;
   use Documents\Install\InstallHead;
   use Elements\HtmlDocument;
+  use Objects\Router\Router;
 
   class Install extends HtmlDocument {
-    public function __construct($user) {
-      parent::__construct($user, InstallHead::class, InstallBody::class);
+    public function __construct(Router $router) {
+      parent::__construct($router, InstallHead::class, InstallBody::class);
       $this->databaseRequired = false;
     }
   }

core/Elements/Document.class.php

@@ -2,33 +2,39 @@
 
 namespace Elements;
 
+use Configuration\Settings;
 use Driver\SQL\SQL;
+use Objects\Router\Router;
 use Objects\User;
 
 abstract class Document {
 
-  protected User $user;
+  protected Router $router;
   protected bool $databaseRequired;
   private bool $cspEnabled;
   private ?string $cspNonce;
   private array $cspWhitelist;
   private string $domain;
 
-  public function __construct(User $user) {
-    $this->user = $user;
+  public function __construct(Router $router) {
+    $this->router = $router;
     $this->cspEnabled = false;
     $this->cspNonce = null;
     $this->databaseRequired = true;
     $this->cspWhitelist = [];
-    $this->domain = $user->getConfiguration()->getSettings()->getBaseUrl();
-  }
-
-  public function getSQL(): ?SQL {
-    return $this->user->getSQL();
+    $this->domain = $this->getSettings()->getBaseUrl();
   }
 
   public function getUser(): User {
-    return $this->user;
+    return $this->router->getUser();
+  }
+
+  public function getSQL(): ?SQL {
+    return $this->getUser()->getSQL();
+  }
+
+  public function getSettings(): Settings {
+    return $this->getUser()->getConfiguration()->getSettings();
   }
 
   public function getCSPNonce(): ?string {
@@ -44,13 +50,17 @@ abstract class Document {
     $this->cspNonce = generateRandomString(16, "base62");
   }
 
+  public function getRouter(): Router {
+    return $this->router;
+  }
+
   protected function addCSPWhitelist(string $path) {
     $this->cspWhitelist[] = $this->domain . $path;
   }
 
   public function getCode(array $params = []): string {
     if ($this->databaseRequired) {
-      $sql = $this->user->getSQL();
+      $sql = $this->getSQL();
       if (is_null($sql)) {
         die("Database is not configured yet.");
       } else if (!$sql->isConnected()) {
@@ -70,7 +80,7 @@ abstract class Document {
         "img-src 'self' data:",
         "script-src $cspWhiteList 'nonce-$this->cspNonce'"
       ];
-      if ($this->user->getConfiguration()->getSettings()->isRecaptchaEnabled()) {
+      if ($this->getSettings()->isRecaptchaEnabled()) {
         $csp[] = "frame-src https://www.google.com/ 'self'";
       }
 

core/Elements/HtmlDocument.class.php

@@ -2,7 +2,7 @@
 
 namespace Elements;
 
-use Objects\User;
+use Objects\Router\Router;
 
 class HtmlDocument extends Document {
 
@@ -10,8 +10,8 @@ class HtmlDocument extends Document {
   protected Body $body;
   private ?string $activeView;
 
-  public function __construct(User $user, $headClass, $bodyClass, ?string $view = NULL) {
-    parent::__construct($user);
+  public function __construct(Router $router, $headClass, $bodyClass, ?string $view = NULL) {
+    parent::__construct($router);
     $this->head = $headClass ? new $headClass($this) : null;
     $this->body = $bodyClass ? new $bodyClass($this) : null;
     $this->activeView = $view;
@@ -49,7 +49,7 @@ class HtmlDocument extends Document {
     return $this->activeView;
   }
 
-  function getCode(): string {
+  function getCode(array $params = []): string {
 
     parent::getCode();
 
@@ -65,7 +65,7 @@ class HtmlDocument extends Document {
     }
 
     $head = $this->head->getCode();
-    $lang = $this->user->getLanguage()->getShortCode();
+    $lang = $this->getUser()->getLanguage()->getShortCode();
 
     $html = "<!DOCTYPE html>";
     $html .= "<html lang=\"$lang\">";

core/Elements/TemplateDocument.class.php

@@ -2,7 +2,7 @@
 
 namespace Elements;
 
-use Objects\User;
+use Objects\Router\Router;
 use Twig\Environment;
 use Twig\Error\LoaderError;
 use Twig\Error\RuntimeError;
@@ -17,8 +17,8 @@ class TemplateDocument extends Document {
   private FilesystemLoader $twigLoader;
   protected string $title;
 
-  public function __construct(User $user, string $templateName, array $params = []) {
-    parent::__construct($user);
+  public function __construct(Router $router, string $templateName, array $params = []) {
+    parent::__construct($router);
     $this->title = "";
     $this->templateName = $templateName;
     $this->parameters = $params;
@@ -46,15 +46,16 @@ class TemplateDocument extends Document {
   public function renderTemplate(string $name, array $params = []): string {
     try {
 
+      $user = $this->getUser();
       $params["user"] = [
-        "lang" => $this->user->getLanguage()->getShortCode(),
-        "loggedIn" => $this->user->isLoggedIn(),
-        "session" => (!$this->user->isLoggedIn() ? null : [
-          "csrfToken" => $this->user->getSession()->getCsrfToken()
+        "lang" => $user->getLanguage()->getShortCode(),
+        "loggedIn" => $user->isLoggedIn(),
+        "session" => (!$user->isLoggedIn() ? null : [
+          "csrfToken" => $user->getSession()->getCsrfToken()
         ])
       ];
 
-      $settings = $this->user->getConfiguration()->getSettings();
+      $settings = $this->getSettings();
       $params["site"] = [
         "name" => $settings->getSiteName(),
         "baseUrl" => $settings->getBaseUrl(),

core/Logs/.gitignore

@@ -0,0 +1,2 @@
+*
+!.htaccess

core/Logs/.htaccess

@@ -0,0 +1 @@
+DENY FROM ALL

core/Objects/Router/AbstractRoute.class.php

@@ -58,14 +58,13 @@ abstract class AbstractRoute {
     $patternOffset = 0;
 
     # /test/param/optional/123
-    $urlParts = explode("/", $url);
+    $urlParts = explode("/", Router::cleanURL($url));
     $countUrl = count($urlParts);
     $urlOffset = 0;
 
     $params = [];
     for (; $patternOffset < $countPattern; $patternOffset++) {
-
-      if (!preg_match("/^{.*}$/", $patternParts[$patternOffset])) {
+      if (!preg_match("/^{([^:]+)(:(.*?)(\?)?)?}$/", $patternParts[$patternOffset], $match)) {
 
         // not a parameter? check if it matches
         if ($urlOffset >= $countUrl || $urlParts[$urlOffset] !== $patternParts[$patternOffset]) {
@@ -73,27 +72,32 @@ abstract class AbstractRoute {
         }
 
         $urlOffset++;
-
       } else {
 
         // we got a parameter here
-        $paramDefinition = explode(":", substr($patternParts[$patternOffset], 1, -1));
-        $paramName = array_shift($paramDefinition);
-        $paramType = array_shift($paramDefinition);
-        $paramOptional = endsWith($paramType, "?");
-        if ($paramOptional) {
-          $paramType = substr($paramType, 0, -1);
+        $paramName = $match[1];
+        if (isset($match[2])) {
+          $paramType = self::parseParamType($match[3]) ?? Parameter::TYPE_MIXED;
+          $paramOptional = !empty($match[4] ?? null);
+        } else {
+          $paramType = Parameter::TYPE_MIXED;
+          $paramOptional = false;
         }
 
-        $paramType = self::parseParamType($paramType);
+        $parameter = new Parameter($paramName, $paramType, $paramOptional);
         if ($urlOffset >= $countUrl || $urlParts[$urlOffset] === "") {
-          if ($paramOptional) {
-            $param = $urlParts[$urlOffset] ?? null;
-            if ($param !== null && $paramType !== null && Parameter::parseType($param) !== $paramType) {
-              return false;
+          if ($parameter->optional) {
+            $value = $urlParts[$urlOffset] ?? null;
+            if ($value === null || $value === "") {
+              $params[$paramName] = null;
+            } else {
+              if (!$parameter->parseParam($value)) {
+                return false;
+              } else {
+                $params[$paramName] = $parameter->value;
+              }
             }
 
-            $params[$paramName] = $param;
             if ($urlOffset < $countUrl) {
               $urlOffset++;
             }
@@ -101,13 +105,13 @@ abstract class AbstractRoute {
             return false;
           }
         } else {
-          $param = $urlParts[$urlOffset];
-          if ($paramType !== null && Parameter::parseType($param) !== $paramType) {
+          $value = $urlParts[$urlOffset];
+          if (!$parameter->parseParam($value)) {
             return false;
+          } else {
+            $params[$paramName] = $parameter->value;
+            $urlOffset++;
           }
-
-          $params[$paramName] = $param;
-          $urlOffset++;
         }
       }
     }

core/Objects/Router/ApiRoute.class.php

@@ -16,9 +16,9 @@ class ApiRoute extends AbstractRoute {
     $user = $router->getUser();
     if (empty($params["endpoint"])) {
       header("Content-Type: text/html");
-      $document = new \Elements\TemplateDocument($user, "swagger.twig");
+      $document = new \Elements\TemplateDocument($router, "swagger.twig");
       return $document->getCode();
-    } else if(!preg_match("/[a-zA-Z]+(\/[a-zA-Z]+)*/", $params["endpoint"])) {
+    } else if (!preg_match("/[a-zA-Z]+/", $params["endpoint"])) {
       http_response_code(400);
       $response = createError("Invalid Method");
     } else {

core/Objects/Router/DocumentRoute.class.php

@@ -60,7 +60,7 @@ class DocumentRoute extends AbstractRoute {
     }
 
     try {
-      $args = array_merge([$router->getUser()], $this->args);
+      $args = array_merge([$router], $this->args);
       $document = $this->reflectionClass->newInstanceArgs($args);
       return $document->getCode($params);
     } catch (\ReflectionException $e) {