mirror of
https://github.com/friendica/friendica
synced 2025-04-19 08:30:11 +00:00
Split and delete ModuleController
- $moduleName is part of the argument string => App\Arguments - $isBackend boolean already part of App\Mode::isBackend() - $module is now the direct return of App\Router::getModule() - ModuleController::run() moved to BaseModule::run()
This commit is contained in:
Philipp
parent
a5ab184fb8
commit
b5d2d32b44
17 changed files with 299 additions and 793 deletions
|
|
@ -21,10 +21,15 @@
|
|||
|
||||
namespace Friendica;
|
||||
|
||||
use Friendica\App\Router;
|
||||
use Friendica\Capabilities\ICanHandleRequests;
|
||||
use Friendica\Core\L10n;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Module\HTTPException\PageNotFound;
|
||||
use Friendica\Network\HTTPException\NoContentException;
|
||||
use Friendica\Util\Profiler;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
/**
|
||||
* All modules in Friendica should extend BaseModule, although not all modules
|
||||
|
|
@ -121,6 +126,94 @@ abstract class BaseModule implements ICanHandleRequests
|
|||
return static::class;
|
||||
}
|
||||
|
||||
public function run(App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, array $server, array $post)
|
||||
{
|
||||
/* The URL provided does not resolve to a valid module.
|
||||
*
|
||||
* On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
|
||||
* We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
|
||||
* we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
|
||||
* this will often succeed and eventually do the right thing.
|
||||
*
|
||||
* Otherwise we are going to emit a 404 not found.
|
||||
*/
|
||||
if (static::class === PageNotFound::class) {
|
||||
$queryString = $server['QUERY_STRING'];
|
||||
// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
|
||||
if (!empty($queryString) && preg_match('/{[0-9]}/', $queryString) !== 0) {
|
||||
exit();
|
||||
}
|
||||
|
||||
if (!empty($queryString) && ($queryString === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
|
||||
$logger->info('index.php: dreamhost_error_hack invoked.', ['Original URI' => $server['REQUEST_URI']]);
|
||||
$baseUrl->redirect($server['REQUEST_URI']);
|
||||
}
|
||||
|
||||
$logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]);
|
||||
}
|
||||
|
||||
// @see https://github.com/tootsuite/mastodon/blob/c3aef491d66aec743a3a53e934a494f653745b61/config/initializers/cors.rb
|
||||
if (substr($_REQUEST['pagename'] ?? '', 0, 12) == '.well-known/') {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Headers: *');
|
||||
header('Access-Control-Allow-Methods: ' . Router::GET);
|
||||
header('Access-Control-Allow-Credentials: false');
|
||||
} elseif (substr($_REQUEST['pagename'] ?? '', 0, 8) == 'profile/') {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Headers: *');
|
||||
header('Access-Control-Allow-Methods: ' . Router::GET);
|
||||
header('Access-Control-Allow-Credentials: false');
|
||||
} elseif (substr($_REQUEST['pagename'] ?? '', 0, 4) == 'api/') {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Headers: *');
|
||||
header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
|
||||
header('Access-Control-Allow-Credentials: false');
|
||||
header('Access-Control-Expose-Headers: Link');
|
||||
} elseif (substr($_REQUEST['pagename'] ?? '', 0, 11) == 'oauth/token') {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Headers: *');
|
||||
header('Access-Control-Allow-Methods: ' . Router::POST);
|
||||
header('Access-Control-Allow-Credentials: false');
|
||||
}
|
||||
|
||||
// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
|
||||
// @todo Check allowed methods per requested path
|
||||
if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
|
||||
header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
|
||||
throw new NoContentException();
|
||||
}
|
||||
|
||||
$placeholder = '';
|
||||
|
||||
$profiler->set(microtime(true), 'ready');
|
||||
$timestamp = microtime(true);
|
||||
|
||||
Core\Hook::callAll($args->getModuleName() . '_mod_init', $placeholder);
|
||||
|
||||
$profiler->set(microtime(true) - $timestamp, 'init');
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::DELETE) {
|
||||
$this->delete();
|
||||
}
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::PATCH) {
|
||||
$this->patch();
|
||||
}
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::POST) {
|
||||
Core\Hook::callAll($args->getModuleName() . '_mod_post', $post);
|
||||
$this->post();
|
||||
}
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::PUT) {
|
||||
$this->put();
|
||||
}
|
||||
|
||||
// "rawContent" is especially meant for technical endpoints.
|
||||
// This endpoint doesn't need any theme initialization or other comparable stuff.
|
||||
$this->rawContent();
|
||||
}
|
||||
|
||||
/*
|
||||
* Functions used to protect against Cross-Site Request Forgery
|
||||
* The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue