XBackBone/app/Controllers/Controller.php

<?php

namespace App\Controllers;

use App\Database\DB;
use App\Web\Lang;
use App\Web\Session;
use App\Web\View;
use DI\Container;
use DI\DependencyException;
use DI\NotFoundException;
use League\Flysystem\FileNotFoundException;
use League\Flysystem\Filesystem;
use Monolog\Logger;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Exception\HttpNotFoundException;
use Slim\Exception\HttpUnauthorizedException;

/**
 * @property Session|null session
 * @property View view
 * @property DB|null database
 * @property Logger|null logger
 * @property Filesystem|null storage
 * @property Lang lang
 * @property array config
 */
abstract class Controller
{
    /** @var Container */
    protected $container;

    public function __construct(Container $container)
    {
        $this->container = $container;
    }

    /**
     * @param $name
     *
     * @return mixed|null
     * @throws NotFoundException
     *
     * @throws DependencyException
     */
    public function __get($name)
    {
        if ($this->container->has($name)) {
            return $this->container->get($name);
        }
    }

    /**
     * @param $id
     *
     * @return int
     */
    protected function getUsedSpaceByUser($id): int
    {
        $medias = $this->database->query('SELECT `uploads`.`storage_path` FROM `uploads` WHERE `user_id` = ?', $id);

        $totalSize = 0;

        $filesystem = $this->storage;
        foreach ($medias as $media) {
            try {
                $totalSize += $filesystem->getSize($media->storage_path);
            } catch (FileNotFoundException $e) {
                $this->logger->error('Error calculating file size', ['exception' => $e]);
            }
        }

        return $totalSize;
    }

    /**
     * @param  Request  $request
     * @param $userId
     * @param $fileSize
     * @param  bool  $dec
     * @return bool
     * @throws HttpNotFoundException
     * @throws HttpUnauthorizedException
     */
    protected function updateUserQuota(Request $request, $userId, $fileSize, $dec = false)
    {
        $user = $this->getUser($request, $userId);

        if ($dec) {
            $tot = max($user->current_disk_quota - $fileSize, 0);
        } else {
            $tot = $user->current_disk_quota + $fileSize;

            $quotaEnabled = $this->database->query('SELECT `value` FROM `settings` WHERE `key` = \'quota_enabled\'')->fetch()->value ?? 'off';
            if ($quotaEnabled === 'on' && $user->max_disk_quota > 0 && $user->max_disk_quota < $tot) {
                return false;
            }
        }

        $this->database->query('UPDATE `users` SET `current_disk_quota`=? WHERE `id` = ?', [
            $tot,
            $user->id
        ]);

        return true;
    }

    /**
     * @param  Request  $request
     * @param $id
     * @param  bool  $authorize
     *
     * @return mixed
     * @throws HttpUnauthorizedException
     *
     * @throws HttpNotFoundException
     */
    protected function getUser(Request $request, $id, $authorize = false)
    {
        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();

        if (!$user) {
            throw new HttpNotFoundException($request);
        }

        if ($authorize && $user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
            throw new HttpUnauthorizedException($request);
        }

        return $user;
    }

    /**
     * @param $userId
     * @throws \Exception
     */
    protected function refreshRememberCookie($userId)
    {
        $selector = bin2hex(random_bytes(8));
        $token = bin2hex(random_bytes(32));
        $expire = time() + 604800; // a week

        $this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
            $selector,
            password_hash($token, PASSWORD_DEFAULT),
            date('Y-m-d\TH:i:s', $expire),
            $userId,
        ]);

        // Workaround for php <= 7.3
        if (PHP_VERSION_ID < 70300) {
            setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);
        } else {
            setcookie('remember', "{$selector}:{$token}", [
                'expires' => $expire,
                'httponly' => true,
                'samesite' => 'Lax',
            ]);
        }
    }


    /**
     * @return string
     */
    protected function generateUserUploadToken(): string
    {
        do {
            $token = 'token_'.md5(uniqid('', true));
        } while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `token` = ?', $token)->fetch()->count > 0);

        return $token;
    }
}
Initial commit 2018-04-28 12:20:07 +00:00			`<?php`

			`namespace App\Controllers;`

Refactoring and improvements 2019-01-10 22:22:19 +00:00			`use App\Database\DB;`
Improved lang handling 2019-08-20 12:56:41 +00:00			`use App\Web\Lang;`
Refactoring and improvements 2019-01-10 22:22:19 +00:00			`use App\Web\Session;`
Changed lang configuration option 2019-11-19 12:59:17 +00:00			`use App\Web\View;`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`use DI\Container;`
			`use DI\DependencyException;`
			`use DI\NotFoundException;`
theme switcher mysql support used space indicator 2018-11-12 17:56:12 +00:00			`use League\Flysystem\FileNotFoundException;`
Start adding support to use AWS S3, Google Cloud Storage, Dropbox and FTP(s) accounts as storage location 2019-05-19 13:39:42 +00:00			`use League\Flysystem\Filesystem;`
Refactoring and improvements 2019-01-10 22:22:19 +00:00			`use Monolog\Logger;`
User controller refactoring 2019-11-19 11:55:51 +00:00			`use Psr\Http\Message\ServerRequestInterface as Request;`
			`use Slim\Exception\HttpNotFoundException;`
			`use Slim\Exception\HttpUnauthorizedException;`
Initial commit 2018-04-28 12:20:07 +00:00
Refactoring and improvements 2019-01-10 22:22:19 +00:00			`/**`
			`* @property Session\|null session`
Changed lang configuration option 2019-11-19 12:59:17 +00:00			`* @property View view`
Refactoring and improvements 2019-01-10 22:22:19 +00:00			`* @property DB\|null database`
			`* @property Logger\|null logger`
Start adding support to use AWS S3, Google Cloud Storage, Dropbox and FTP(s) accounts as storage location 2019-05-19 13:39:42 +00:00			`* @property Filesystem\|null storage`
Improved lang handling 2019-08-20 12:56:41 +00:00			`* @property Lang lang`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`* @property array config`
Refactoring and improvements 2019-01-10 22:22:19 +00:00			`*/`
Initial commit 2018-04-28 12:20:07 +00:00			`abstract class Controller`
			`{`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`/** @var Container */`
			`protected $container;`
Fix & improvements (#2) * New .gitignore Added violinist.io configuration Start with CI Started moving CSS/JS to NPM * Fix & improvements Security improves (SHA256 instead of MD5) and new PHP7 random function Security fix admin check from database instead of session Security fix user active for every page that require login UX fix admin cannot demote himself Added Gruntfile.js Updated composer.json dependency Addeded PHP >=7.1 to composer.json Moved static file to src * Results of .gitignore "static/" * Fix migration for admin user_code * Travis test for grunt (JS) * Changed user_code generation method Updated Travis test 2018-06-02 20:32:14 +00:00
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`public function __construct(Container $container)`
			`{`
			`$this->container = $container;`
			`}`
Initial commit 2018-04-28 12:20:07 +00:00
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`/**`
			`* @param $name`
Apply fixes from StyleCI (#100) 2019-11-20 17:49:31 +00:00			`*`
Refresh the token after the login 2019-11-23 12:18:00 +00:00			`* @return mixed\|null`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`* @throws NotFoundException`
Apply fixes from StyleCI (#100) 2019-11-20 17:49:31 +00:00			`*`
Refresh the token after the login 2019-11-23 12:18:00 +00:00			`* @throws DependencyException`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`*/`
			`public function __get($name)`
			`{`
			`if ($this->container->has($name)) {`
			`return $this->container->get($name);`
			`}`
			`}`
Initial commit 2018-04-28 12:20:07 +00:00
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`/**`
			`* @param $id`
Apply fixes from StyleCI (#100) 2019-11-20 17:49:31 +00:00			`*`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`* @return int`
			`*/`
			`protected function getUsedSpaceByUser($id): int`
			`{`
			$medias = $this->database->query('SELECT `uploads`.`storage_path` FROM `uploads` WHERE `user_id` = ?', $id);
theme switcher mysql support used space indicator 2018-11-12 17:56:12 +00:00
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`$totalSize = 0;`
theme switcher mysql support used space indicator 2018-11-12 17:56:12 +00:00
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`$filesystem = $this->storage;`
			`foreach ($medias as $media) {`
			`try {`
			`$totalSize += $filesystem->getSize($media->storage_path);`
			`} catch (FileNotFoundException $e) {`
Revert previous CI hell 2019-11-21 17:00:47 +00:00			`$this->logger->error('Error calculating file size', ['exception' => $e]);`
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`}`
			`}`
theme switcher mysql support used space indicator 2018-11-12 17:56:12 +00:00
Upgrade to slim 4 2019-11-12 23:13:23 +00:00			`return $totalSize;`
			`}`
User controller refactoring 2019-11-19 11:55:51 +00:00
Update quota counters on upload and deletion 2020-02-28 13:29:29 +00:00			`/**`
			`* @param Request $request`
			`* @param $userId`
			`* @param $fileSize`
			`* @param bool $dec`
			`* @return bool`
			`* @throws HttpNotFoundException`
			`* @throws HttpUnauthorizedException`
			`*/`
			`protected function updateUserQuota(Request $request, $userId, $fileSize, $dec = false)`
			`{`
			`$user = $this->getUser($request, $userId);`

			`if ($dec) {`
			`$tot = max($user->current_disk_quota - $fileSize, 0);`
			`} else {`
			`$tot = $user->current_disk_quota + $fileSize;`

			$quotaEnabled = $this->database->query('SELECT `value` FROM `settings` WHERE `key` = \'quota_enabled\'')->fetch()->value ?? 'off';
			`if ($quotaEnabled === 'on' && $user->max_disk_quota > 0 && $user->max_disk_quota < $tot) {`
			`return false;`
			`}`
			`}`

			$this->database->query('UPDATE `users` SET `current_disk_quota`=? WHERE `id` = ?', [
			`$tot,`
			`$user->id`
			`]);`

			`return true;`
			`}`

User controller refactoring 2019-11-19 11:55:51 +00:00			`/**`
Refresh the token after the login 2019-11-23 12:18:00 +00:00			`* @param Request $request`
User controller refactoring 2019-11-19 11:55:51 +00:00			`* @param $id`
Refresh the token after the login 2019-11-23 12:18:00 +00:00			`* @param bool $authorize`
Apply fixes from StyleCI (#100) 2019-11-20 17:49:31 +00:00			`*`
Refresh the token after the login 2019-11-23 12:18:00 +00:00			`* @return mixed`
User controller refactoring 2019-11-19 11:55:51 +00:00			`* @throws HttpUnauthorizedException`
Apply fixes from StyleCI (#100) 2019-11-20 17:49:31 +00:00			`*`
Refresh the token after the login 2019-11-23 12:18:00 +00:00			`* @throws HttpNotFoundException`
User controller refactoring 2019-11-19 11:55:51 +00:00			`*/`
			`protected function getUser(Request $request, $id, $authorize = false)`
			`{`
			$user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();

			`if (!$user) {`
			`throw new HttpNotFoundException($request);`
			`}`

			`if ($authorize && $user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {`
			`throw new HttpUnauthorizedException($request);`
			`}`

			`return $user;`
			`}`
Refresh the token after the login 2019-11-23 12:18:00 +00:00
			`/**`
			`* @param $userId`
			`* @throws \Exception`
			`*/`
			`protected function refreshRememberCookie($userId)`
			`{`
			`$selector = bin2hex(random_bytes(8));`
			`$token = bin2hex(random_bytes(32));`
			`$expire = time() + 604800; // a week`

			$this->database->query('UPDATE `users` SET `remember_selector`=?, `remember_token`=?, `remember_expire`=? WHERE `id`=?', [
			`$selector,`
			`password_hash($token, PASSWORD_DEFAULT),`
			`date('Y-m-d\TH:i:s', $expire),`
			`$userId,`
			`]);`

			`// Workaround for php <= 7.3`
			`if (PHP_VERSION_ID < 70300) {`
			`setcookie('remember', "{$selector}:{$token}", $expire, '; SameSite=Lax', '', false, true);`
			`} else {`
			`setcookie('remember', "{$selector}:{$token}", [`
			`'expires' => $expire,`
			`'httponly' => true,`
			`'samesite' => 'Lax',`
			`]);`
			`}`
			`}`
Working on user registration, user disk quota, password recovery 2020-02-26 17:26:19 +00:00

			`/**`
			`* @return string`
			`*/`
			`protected function generateUserUploadToken(): string`
			`{`
			`do {`
			`$token = 'token_'.md5(uniqid('', true));`
			} while ($this->database->query('SELECT COUNT(*) AS `count` FROM `users` WHERE `token` = ?', $token)->fetch()->count > 0);

			`return $token;`
			`}`
Apply fixes from StyleCI (#100) 2019-11-20 17:49:31 +00:00			`}`