subcultureofone/tkr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
tkr/public/index.php
Greg Sarjeant bb58e09cbf
Some checks failed
Run unit tests / run-unit-tests (push) Waiting to run
Details
Prerequisites Testing / test-php-version-requirements (7.4) (push) Has been cancelled
Details
Prerequisites Testing / test-php-version-requirements (8.1) (push) Has been cancelled
Details
Prerequisites Testing / test-php-version-requirements (8.2) (push) Has been cancelled
Details
Prerequisites Testing / test-php-version-requirements (8.3) (push) Has been cancelled
Details
Prerequisites Testing / test-extension-progression (alpine:latest, 8.2) (push) Has been cancelled
Details
Prerequisites Testing / test-extension-progression (alpine:latest, 8.3) (push) Has been cancelled
Details
Prerequisites Testing / test-extension-progression (debian:bookworm, 8.2) (push) Has been cancelled
Details
Prerequisites Testing / test-extension-progression (debian:bookworm, 8.3) (push) Has been cancelled
Details
Prerequisites Testing / test-extension-progression (fedora:39, 8.2) (push) Has been cancelled
Details
Prerequisites Testing / test-extension-progression (fedora:39, 8.3) (push) Has been cancelled
Details
Prerequisites Testing / test-permission-scenarios (push) Has been cancelled
Details
add-runtime-logging (#35) 
Set up logging framework and add runtime logging to foundational operations (database, sessions, auth).

Reviewed-on: https://gitea.subcultureofone.org/greg/tkr/pulls/35
Co-authored-by: Greg Sarjeant <greg@subcultureofone.org>
Co-committed-by: Greg Sarjeant <greg@subcultureofone.org>
2025-07-29 22:45:17 +00:00

103 lines
2.9 KiB
PHP
Raw Blame History

<?php
// Store and validate request data
$method = $_SERVER['REQUEST_METHOD'];
$request = $_SERVER['REQUEST_URI'];
$path = parse_url($request, PHP_URL_PATH);
// return a 404 if a request for a .php file gets this far.
if (preg_match('/\.php$/', $path)) {
http_response_code(404);
echo '<h1>404 Not Found</h1>';
exit;
}
// Define base paths and load classes
include_once(dirname(dirname(__FILE__)) . "/config/bootstrap.php");
// Check prerequisites.
$prerequisites = new Prerequisites();
$results = $prerequisites->validate();
if (count($prerequisites->getErrors()) > 0) {
$prerequisites->generateWebSummary($results);
exit;
}
// Do any necessary database migrations
$dbMgr = new Database();
$dbMgr->migrate();
// Make sure the initial setup is complete
// unless we're already heading to setup
//
// TODO: Consider simplifying this.
// Might not need the custom exception now that the prereq checker is more robust.
if (!(preg_match('/setup$/', $path))) {
try {
// Make sure setup has been completed
$dbMgr->confirmSetup();
} catch (SetupException $e) {
$e->handle();
exit;
}
}
// Get a database connection
// TODO: Change from static function.
global $db;
$db = Database::get();
// Initialize core entities
// Defining these as globals isn't great practice,
// but this is a small, single-user app and this data will rarely change.
global $config;
global $user;
$config = ConfigModel::load();
$user = UserModel::load();
// Start a session and generate a CSRF Token
// if there isn't already an active session
Session::start();
Session::generateCsrfToken();
// Remove the base path from the URL
if (strpos($path, $config->basePath) === 0) {
$path = substr($path, strlen($config->basePath));
}
// strip the trailing slash from the resulting route
$path = trim($path, '/');
Log::debug("Path requested: {$path}");
// if this is a POST and we aren't in setup,
// make sure there's a valid session
// if not, redirect to /login or die as appropriate
if ($method === 'POST' && $path != 'setup') {
if ($path != 'login'){
if (!Session::isValid($_POST['csrf_token'])) {
// Invalid session - redirect to /login
Log::info('Attempt to POST with invalid session. Redirecting to login.');
header('Location: ' . $config->basePath . '/login');
exit;
}
} else {
if (!Session::isValidCsrfToken($_POST['csrf_token'])) {
// Just die if the token is invalid on login
Log::error("Attempt to log in with invalid CSRF token.");
die('Invalid CSRF token');
exit;
}
}
}
// Set content type
header('Content-Type: text/html; charset=utf-8');
// Render the requested route or throw a 404
if (!Router::route($path, $method)){
Log::error("No route found for path {$path}");
http_response_code(404);
echo "404 - Page Not Found";
exit;
}
Reference in New Issue View Git Blame Copy Permalink