Arsse/lib/REST/TinyTinyRSS/Icon.php

<?php
/** @license MIT
 * Copyright 2017 J. King, Dustin Wilson et al.
 * See LICENSE and AUTHORS files for details */

declare(strict_types=1);

namespace JKingWeb\Arsse\REST\TinyTinyRSS;

use JKingWeb\Arsse\Arsse;
use JKingWeb\Arsse\Db\ExceptionInput;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Laminas\Diactoros\Response\EmptyResponse as Response;

class Icon extends \JKingWeb\Arsse\REST\AbstractHandler {
    public function __construct() {
    }

    public function dispatch(ServerRequestInterface $req): ResponseInterface {
        if ($req->getAttribute("authenticated", false)) {
            // if HTTP authentication was successfully used, set the expected user ID
            Arsse::$user->id = $req->getAttribute("authenticatedUser");
        } elseif ($req->getAttribute("authenticationFailed", false) || Arsse::$conf->userHTTPAuthRequired) {
            // otherwise if HTTP authentication failed or did not occur when it is required, deny access at the HTTP level
            return new Response(401);
        }
        if ($req->getMethod() !== "GET") {
            // only GET requests are allowed
            return new Response(405, ['Allow' => "GET"]);
        } elseif (!preg_match("<^(\d+)\.ico$>", $req->getRequestTarget(), $match) || !((int) $match[1])) {
            return new Response(404);
        }
        try {
            $url = Arsse::$db->subscriptionIcon(Arsse::$user->id ?? null, (int) $match[1], false)['url'] ?? null;
            if (!$url) {
                return new Response(404);
            }
            if (($pos = strpos($url, "\r")) !== false || ($pos = strpos($url, "\n")) !== false) {
                $url = substr($url, 0, $pos);
            }
            return new Response(301, ['Location' => $url]);
        } catch (ExceptionInput $e) {
            return new Response(404);
        }
    }
}
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`<?php`
Added per-file legal boilerplate Includes PHPDoc license tag in the file-level block with accompanying copyright notice. Also added an AUTHORS file on the off chance of outside contributions 2017-11-17 01:51:03 +00:00			`/** @license MIT`
			`* Copyright 2017 J. King, Dustin Wilson et al.`
			`* See LICENSE and AUTHORS files for details */`

Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`declare(strict_types=1);`
Apply new rules 2021-04-14 15:17:01 +00:00
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`namespace JKingWeb\Arsse\REST\TinyTinyRSS;`

			`use JKingWeb\Arsse\Arsse;`
Clean up use of subscriptionFavicon 2020-11-06 15:27:30 +00:00			`use JKingWeb\Arsse\Db\ExceptionInput;`
Replace Resquest objects with PSR-7 request messages; improves #53 2018-01-05 04:08:53 +00:00			`use Psr\Http\Message\ServerRequestInterface;`
			`use Psr\Http\Message\ResponseInterface;`
Replace references to Zend with Laminas 2020-01-20 15:40:05 +00:00			`use Laminas\Diactoros\Response\EmptyResponse as Response;`
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00
			`class Icon extends \JKingWeb\Arsse\REST\AbstractHandler {`
			`public function __construct() {`
			`}`

Replace Resquest objects with PSR-7 request messages; improves #53 2018-01-05 04:08:53 +00:00			`public function dispatch(ServerRequestInterface $req): ResponseInterface {`
Add HTTP authentication support to TTRSS; fixes #133 Also bump version to 0.4.0 2018-10-26 18:40:20 +00:00			`if ($req->getAttribute("authenticated", false)) {`
			`// if HTTP authentication was successfully used, set the expected user ID`
			`Arsse::$user->id = $req->getAttribute("authenticatedUser");`
			`} elseif ($req->getAttribute("authenticationFailed", false) \|\| Arsse::$conf->userHTTPAuthRequired) {`
			`// otherwise if HTTP authentication failed or did not occur when it is required, deny access at the HTTP level`
			`return new Response(401);`
			`}`
Use strict equality when comparing strings 2019-01-11 15:38:06 +00:00			`if ($req->getMethod() !== "GET") {`
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`// only GET requests are allowed`
Replace Response objects with PSR-7 response messages; improves #53 While the test suite passes, this commit yields a broken server: replacing ad hoc request objectss with PSR-7 ones is still required, as is emission of PSR-7 responses. Both will come in subsequent commits, with tests Diactoros was chosen specifically because it includes facilities for emitting responses, something which is awkward to test. The end of this refactoring should see both the Response and Request classes disappear, and the general REST class fully covered (as well as any speculative additions to AbstractHanlder). 2018-01-04 04:13:08 +00:00			`return new Response(405, ['Allow' => "GET"]);`
Replace Resquest objects with PSR-7 request messages; improves #53 2018-01-05 04:08:53 +00:00			`} elseif (!preg_match("<^(\d+)\.ico$>", $req->getRequestTarget(), $match) \|\| !((int) $match[1])) {`
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`return new Response(404);`
			`}`
Clean up use of subscriptionFavicon 2020-11-06 15:27:30 +00:00			`try {`
Adjust users of subscriptionIcon 2021-01-26 18:44:44 +00:00			`$url = Arsse::$db->subscriptionIcon(Arsse::$user->id ?? null, (int) $match[1], false)['url'] ?? null;`
Clean up use of subscriptionFavicon 2020-11-06 15:27:30 +00:00			`if (!$url) {`
			`return new Response(404);`
			`}`
Documentation tweaks and CS fixes 2017-11-30 03:42:50 +00:00			`if (($pos = strpos($url, "\r")) !== false \|\| ($pos = strpos($url, "\n")) !== false) {`
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`$url = substr($url, 0, $pos);`
			`}`
Replace Response objects with PSR-7 response messages; improves #53 While the test suite passes, this commit yields a broken server: replacing ad hoc request objectss with PSR-7 ones is still required, as is emission of PSR-7 responses. Both will come in subsequent commits, with tests Diactoros was chosen specifically because it includes facilities for emitting responses, something which is awkward to test. The end of this refactoring should see both the Response and Request classes disappear, and the general REST class fully covered (as well as any speculative additions to AbstractHanlder). 2018-01-04 04:13:08 +00:00			`return new Response(301, ['Location' => $url]);`
Clean up use of subscriptionFavicon 2020-11-06 15:27:30 +00:00			`} catch (ExceptionInput $e) {`
Implement TTRSS feed icons; fixes #121 This introduces a data model function of unusual privilege: it can retrieve favicon URLs for any subscription, regardless of user ID. This is a single-purpose hack and its use should be avoided if at all possible. 2017-11-10 17:02:59 +00:00			`return new Response(404);`
			`}`
			`}`
Documentation tweaks and CS fixes 2017-11-30 03:42:50 +00:00			`}`