mirror/Arsse
1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 13:12:41 +00:00
Code Issues Activity

More code coverage accommodation

Browse source
This commit is contained in:
J. King 2017-07-20 22:40:09 -04:00
parent cbdcacd1c3
commit d3bca6eb47
22 changed files with 640 additions and 229 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -3,6 +3,7 @@ vendor/
#temp files #temp files
documentation/ documentation/
tests/coverage
arsse.db* arsse.db*
# Windows image file caches # Windows image file caches

268
lib/Database.php
View file

@ -42,7 +42,9 @@ class Database {
} }
public function driverSchemaUpdate(): bool { public function driverSchemaUpdate(): bool {
if($this->db->schemaVersion() < self::SCHEMA_VERSION) return $this->db->schemaUpdate(self::SCHEMA_VERSION); if($this->db->schemaVersion() < self::SCHEMA_VERSION) {
return $this->db->schemaUpdate(self::SCHEMA_VERSION);
}
return false; return false;
} }
@ -53,7 +55,9 @@ class Database {
[], // binding values [], // binding values
]; ];
foreach($valid as $prop => $type) { foreach($valid as $prop => $type) {
if(!array_key_exists($prop, $props)) continue; if(!array_key_exists($prop, $props)) {
continue;
}
$out[0][] = "$prop = ?"; $out[0][] = "$prop = ?";
$out[1][] = $type; $out[1][] = $type;
$out[2][] = $props[$prop]; $out[2][] = $props[$prop];
@ -95,37 +99,54 @@ class Database {
} }
public function userExists(string $user): bool { public function userExists(string $user): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
return (bool) $this->db->prepare("SELECT count(*) from arsse_users where id is ?", "str")->run($user)->getValue(); return (bool) $this->db->prepare("SELECT count(*) from arsse_users where id is ?", "str")->run($user)->getValue();
} }
public function userAdd(string $user, string $password = null): string { public function userAdd(string $user, string $password = null): string {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if($this->userExists($user)) throw new User\Exception("alreadyExists", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
if($password===null) $password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get(); } else if($this->userExists($user)) {
throw new User\Exception("alreadyExists", ["action" => __FUNCTION__, "user" => $user]);
}
if($password===null) {
$password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
}
$hash = ""; $hash = "";
if(strlen($password) > 0) $hash = password_hash($password, \PASSWORD_DEFAULT); if(strlen($password) > 0) {
$hash = password_hash($password, \PASSWORD_DEFAULT);
}
$this->db->prepare("INSERT INTO arsse_users(id,password) values(?,?)", "str", "str")->runArray([$user,$hash]); $this->db->prepare("INSERT INTO arsse_users(id,password) values(?,?)", "str", "str")->runArray([$user,$hash]);
return $password; return $password;
} }
public function userRemove(string $user): bool { public function userRemove(string $user): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if($this->db->prepare("DELETE from arsse_users where id is ?", "str")->run($user)->changes() < 1) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if($this->db->prepare("DELETE from arsse_users where id is ?", "str")->run($user)->changes() < 1) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
return true; return true;
} }
public function userList(string $domain = null): array { public function userList(string $domain = null): array {
$out = []; $out = [];
if($domain !== null) { if($domain !== null) {
if(!Arsse::$user->authorize("@".$domain, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $domain]); if(!Arsse::$user->authorize("@".$domain, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $domain]);
}
$domain = str_replace(["\\","%","_"],["\\\\", "\\%", "\\_"], $domain); $domain = str_replace(["\\","%","_"],["\\\\", "\\%", "\\_"], $domain);
$domain = "%@".$domain; $domain = "%@".$domain;
foreach($this->db->prepare("SELECT id from arsse_users where id like ?", "str")->run($domain) as $user) { foreach($this->db->prepare("SELECT id from arsse_users where id like ?", "str")->run($domain) as $user) {
$out[] = $user['id']; $out[] = $user['id'];
} }
} else { } else {
if(!Arsse::$user->authorize("", __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => "global"]); if(!Arsse::$user->authorize("", __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => "global"]);
}
foreach($this->db->prepare("SELECT id from arsse_users")->run() as $user) { foreach($this->db->prepare("SELECT id from arsse_users")->run() as $user) {
$out[] = $user['id']; $out[] = $user['id'];
} }
@ -134,31 +155,48 @@ class Database {
} }
public function userPasswordGet(string $user): string { public function userPasswordGet(string $user): string {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
return (string) $this->db->prepare("SELECT password from arsse_users where id is ?", "str")->run($user)->getValue(); return (string) $this->db->prepare("SELECT password from arsse_users where id is ?", "str")->run($user)->getValue();
} }
public function userPasswordSet(string $user, string $password = null): string { public function userPasswordSet(string $user, string $password = null): string {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
if($password===null) $password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get(); } else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
if($password===null) {
$password = (new PassGen)->length(Arsse::$conf->userTempPasswordLength)->get();
}
$hash = ""; $hash = "";
if(strlen($password) > 0) $hash = password_hash($password, \PASSWORD_DEFAULT); if(strlen($password) > 0) {
$hash = password_hash($password, \PASSWORD_DEFAULT);
}
$this->db->prepare("UPDATE arsse_users set password = ? where id is ?", "str", "str")->run($hash, $user); $this->db->prepare("UPDATE arsse_users set password = ? where id is ?", "str", "str")->run($hash, $user);
return $password; return $password;
} }
public function userPropertiesGet(string $user): array { public function userPropertiesGet(string $user): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$prop = $this->db->prepare("SELECT name,rights from arsse_users where id is ?", "str")->run($user)->getRow(); $prop = $this->db->prepare("SELECT name,rights from arsse_users where id is ?", "str")->run($user)->getRow();
if(!$prop) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); if(!$prop) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
return $prop; return $prop;
} }
public function userPropertiesSet(string $user, array $properties): array { public function userPropertiesSet(string $user, array $properties): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
$valid = [ // FIXME: add future properties $valid = [ // FIXME: add future properties
"name" => "str", "name" => "str",
]; ];
@ -168,13 +206,18 @@ class Database {
} }
public function userRightsGet(string $user): int { public function userRightsGet(string $user): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
return (int) $this->db->prepare("SELECT rights from arsse_users where id is ?", "str")->run($user)->getValue(); return (int) $this->db->prepare("SELECT rights from arsse_users where id is ?", "str")->run($user)->getValue();
} }
public function userRightsSet(string $user, int $rights): bool { public function userRightsSet(string $user, int $rights): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__, $rights)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__, $rights)) {
if(!$this->userExists($user)) throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} else if(!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
}
$this->db->prepare("UPDATE arsse_users set rights = ? where id is ?", "int", "str")->run($rights, $user); $this->db->prepare("UPDATE arsse_users set rights = ? where id is ?", "int", "str")->run($rights, $user);
return true; return true;
} }
@ -198,7 +241,9 @@ class Database {
} else { } else {
// if a parent is specified, make sure it exists and belongs to the user; get its root (first-level) folder if it's a nested folder // if a parent is specified, make sure it exists and belongs to the user; get its root (first-level) folder if it's a nested folder
$p = $this->db->prepare("SELECT id from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $parent)->getValue(); $p = $this->db->prepare("SELECT id from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $parent)->getValue();
if(!$p) throw new Db\ExceptionInput("idMissing", ["action" => __FUNCTION__, "field" => "parent", 'id' => $parent]); if(!$p) {
throw new Db\ExceptionInput("idMissing", ["action" => __FUNCTION__, "field" => "parent", 'id' => $parent]);
}
} }
// check if a folder by the same name already exists, because nulls are wonky in SQL // check if a folder by the same name already exists, because nulls are wonky in SQL
// FIXME: How should folder name be compared? Should a Unicode normalization be applied before comparison and insertion? // FIXME: How should folder name be compared? Should a Unicode normalization be applied before comparison and insertion?
@ -232,24 +277,36 @@ class Database {
} }
public function folderRemove(string $user, int $id): bool { public function folderRemove(string $user, int $id): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$changes = $this->db->prepare("DELETE FROM arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->changes(); $changes = $this->db->prepare("DELETE FROM arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->changes();
if(!$changes) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]); if(!$changes) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]);
}
return true; return true;
} }
public function folderPropertiesGet(string $user, int $id): array { public function folderPropertiesGet(string $user, int $id): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$props = $this->db->prepare("SELECT id,name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow(); $props = $this->db->prepare("SELECT id,name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow();
if(!$props) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]); if(!$props) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]);
}
return $props; return $props;
} }
public function folderPropertiesSet(string $user, int $id, array $data): bool { public function folderPropertiesSet(string $user, int $id, array $data): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// validate the folder ID and, if specified, the parent to move it to // validate the folder ID and, if specified, the parent to move it to
$parent = null; $parent = null;
if(array_key_exists("parent", $data)) $parent = $data['parent']; if(array_key_exists("parent", $data)) {
$parent = $data['parent'];
}
$f = $this->folderValidateId($user, $id, $parent, true); $f = $this->folderValidateId($user, $id, $parent, true);
// if a new name is specified, validate it // if a new name is specified, validate it
if(array_key_exists("name", $data)) { if(array_key_exists("name", $data)) {
@ -279,7 +336,9 @@ class Database {
} }
// check whether the folder exists and is owned by the user // check whether the folder exists and is owned by the user
$f = $this->db->prepare("SELECT name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow(); $f = $this->db->prepare("SELECT name,parent from arsse_folders where owner is ? and id is ?", "str", "int")->run($user, $id)->getRow();
if(!$f) throw new Db\ExceptionInput($subject ? "subjectMissing" : "idMissing", ["action" => $this->caller(), "field" => "folder", 'id' => $parent]); if(!$f) {
throw new Db\ExceptionInput($subject ? "subjectMissing" : "idMissing", ["action" => $this->caller(), "field" => "folder", 'id' => $parent]);
}
// if we're moving a folder to a new parent, check that the parent is valid // if we're moving a folder to a new parent, check that the parent is valid
if(!is_null($parent)) { if(!is_null($parent)) {
// make sure both that the parent exists, and that the parent is not either the folder itself or one of its children (a circular dependence) // make sure both that the parent exists, and that the parent is not either the folder itself or one of its children (a circular dependence)
@ -293,7 +352,9 @@ class Database {
throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]); throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]);
} else { } else {
// if using the desired parent would create a circular dependence, throw a different exception // if using the desired parent would create a circular dependence, throw a different exception
if(!$p['valid']) throw new Db\ExceptionInput("circularDependence", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]); if(!$p['valid']) {
throw new Db\ExceptionInput("circularDependence", ["action" => $this->caller(), "field" => "parent", 'id' => $parent]);
}
} }
} }
return $f; return $f;
@ -311,7 +372,9 @@ class Database {
} }
public function subscriptionAdd(string $user, string $url, string $fetchUser = "", string $fetchPassword = ""): int { public function subscriptionAdd(string $user, string $url, string $fetchUser = "", string $fetchPassword = ""): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// check to see if the feed exists // check to see if the feed exists
$feedID = $this->db->prepare("SELECT id from arsse_feeds where url is ? and username is ? and password is ?", "str", "str", "str")->run($url, $fetchUser, $fetchPassword)->getValue(); $feedID = $this->db->prepare("SELECT id from arsse_feeds where url is ? and username is ? and password is ?", "str", "str", "str")->run($url, $fetchUser, $fetchPassword)->getValue();
if(is_null($feedID)) { if(is_null($feedID)) {
@ -331,7 +394,9 @@ class Database {
} }
public function subscriptionList(string $user, int $folder = null, int $id = null): Db\Result { public function subscriptionList(string $user, int $folder = null, int $id = null): Db\Result {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// create a complex query // create a complex query
$q = new Query( $q = new Query(
"SELECT "SELECT
@ -366,24 +431,34 @@ class Database {
} }
public function subscriptionRemove(string $user, int $id): bool { public function subscriptionRemove(string $user, int $id): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$changes = $this->db->prepare("DELETE from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->changes(); $changes = $this->db->prepare("DELETE from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->changes();
if(!$changes) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]); if(!$changes) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "folder", 'id' => $id]);
}
return true; return true;
} }
public function subscriptionPropertiesGet(string $user, int $id): array { public function subscriptionPropertiesGet(string $user, int $id): array {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
// disable authorization checks for the list call // disable authorization checks for the list call
Arsse::$user->authorizationEnabled(false); Arsse::$user->authorizationEnabled(false);
$sub = $this->subscriptionList($user, null, $id)->getRow(); $sub = $this->subscriptionList($user, null, $id)->getRow();
Arsse::$user->authorizationEnabled(true); Arsse::$user->authorizationEnabled(true);
if(!$sub) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $id]); if(!$sub) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $id]);
}
return $sub; return $sub;
} }
public function subscriptionPropertiesSet(string $user, int $id, array $data): bool { public function subscriptionPropertiesSet(string $user, int $id, array $data): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
$tr = $this->db->begin(); $tr = $this->db->begin();
if(!$this->db->prepare("SELECT count(*) from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->getValue()) { if(!$this->db->prepare("SELECT count(*) from arsse_subscriptions where owner is ? and id is ?", "str", "int")->run($user, $id)->getValue()) {
// if the ID doesn't exist or doesn't belong to the user, throw an exception // if the ID doesn't exist or doesn't belong to the user, throw an exception
@ -397,8 +472,11 @@ class Database {
// if the title is null, this signals intended use of the default title; otherwise make sure it's not effectively an empty string // if the title is null, this signals intended use of the default title; otherwise make sure it's not effectively an empty string
if(!is_null($data['title'])) { if(!is_null($data['title'])) {
$title = (string) $data['title']; $title = (string) $data['title'];
if(!strlen($title)) throw new Db\ExceptionInput("missing", ["action" => __FUNCTION__, "field" => "title"]); if(!strlen($title)) {
if(!strlen(trim($title))) throw new Db\ExceptionInput("whitespace", ["action" => __FUNCTION__, "field" => "title"]); throw new Db\ExceptionInput("missing", ["action" => __FUNCTION__, "field" => "title"]);
} else if(!strlen(trim($title))) {
throw new Db\ExceptionInput("whitespace", ["action" => __FUNCTION__, "field" => "title"]);
}
$data['title'] = $title; $data['title'] = $title;
} }
} }
@ -416,7 +494,9 @@ class Database {
protected function subscriptionValidateId(string $user, int $id): array { protected function subscriptionValidateId(string $user, int $id): array {
$out = $this->db->prepare("SELECT feed from arsse_subscriptions where id is ? and owner is ?", "int", "str")->run($id, $user)->getRow(); $out = $this->db->prepare("SELECT feed from arsse_subscriptions where id is ? and owner is ?", "int", "str")->run($id, $user)->getRow();
if(!$out) throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "subscription", 'id' => $id]); if(!$out) {
throw new Db\ExceptionInput("idMissing", ["action" => $this->caller(), "field" => "subscription", 'id' => $id]);
}
return $out; return $out;
} }
@ -429,7 +509,9 @@ class Database {
$tr = $this->db->begin(); $tr = $this->db->begin();
// check to make sure the feed exists // check to make sure the feed exists
$f = $this->db->prepare("SELECT url, username, password, modified, etag, err_count, scrape FROM arsse_feeds where id is ?", "int")->run($feedID)->getRow(); $f = $this->db->prepare("SELECT url, username, password, modified, etag, err_count, scrape FROM arsse_feeds where id is ?", "int")->run($feedID)->getRow();
if(!$f) throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $feedID]); if(!$f) {
throw new Db\ExceptionInput("subjectMissing", ["action" => __FUNCTION__, "field" => "feed", 'id' => $feedID]);
}
// determine whether the feed's items should be scraped for full content from the source Web site // determine whether the feed's items should be scraped for full content from the source Web site
$scrape = (Arsse::$conf->fetchEnableScraping && $f['scrape']); $scrape = (Arsse::$conf->fetchEnableScraping && $f['scrape']);
// the Feed object throws an exception when there are problems, but that isn't ideal // the Feed object throws an exception when there are problems, but that isn't ideal
@ -450,7 +532,9 @@ class Database {
'datetime', 'str', 'int' 'datetime', 'str', 'int'
)->run(Feed::nextFetchOnError($f['err_count']), $e->getMessage(),$feedID); )->run(Feed::nextFetchOnError($f['err_count']), $e->getMessage(),$feedID);
$tr->commit(); $tr->commit();
if($throwError) throw $e; if($throwError) {
throw $e;
}
return false; return false;
} }
//prepare the necessary statements to perform the update //prepare the necessary statements to perform the update
@ -561,7 +645,9 @@ class Database {
} }
public function articleStarredCount(string $user, array $context = []): int { public function articleStarredCount(string $user, array $context = []): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
return $this->db->prepare( return $this->db->prepare(
"WITH RECURSIVE "WITH RECURSIVE
user(user) as (SELECT ?), user(user) as (SELECT ?),
@ -576,8 +662,12 @@ class Database {
} }
public function editionLatest(string $user, Context $context = null): int { public function editionLatest(string $user, Context $context = null): int {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$context) $context = new Context; throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if(!$context) {
$context = new Context;
}
$q = new Query("SELECT max(arsse_editions.id) from arsse_editions left join arsse_articles on article is arsse_articles.id left join arsse_feeds on arsse_articles.feed is arsse_feeds.id"); $q = new Query("SELECT max(arsse_editions.id) from arsse_editions left join arsse_articles on article is arsse_articles.id left join arsse_feeds on arsse_articles.feed is arsse_feeds.id");
if($context->subscription()) { if($context->subscription()) {
// if a subscription is specified, make sure it exists // if a subscription is specified, make sure it exists
@ -592,8 +682,12 @@ class Database {
} }
public function articleList(string $user, Context $context = null): Db\Result { public function articleList(string $user, Context $context = null): Db\Result {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$context) $context = new Context; throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if(!$context) {
$context = new Context;
}
$q = new Query( $q = new Query(
"SELECT "SELECT
arsse_articles.id as id, arsse_articles.id as id,
@ -637,21 +731,37 @@ class Database {
$q->setCTE("subscribed_feeds(id,sub)", "SELECT feed,id from arsse_subscriptions join user on user is owner"); $q->setCTE("subscribed_feeds(id,sub)", "SELECT feed,id from arsse_subscriptions join user on user is owner");
} }
// filter based on edition offset // filter based on edition offset
if($context->oldestEdition()) $q->setWhere("edition >= ?", "int", $context->oldestEdition); if($context->oldestEdition()) {
if($context->latestEdition()) $q->setWhere("edition <= ?", "int", $context->latestEdition); $q->setWhere("edition >= ?", "int", $context->oldestEdition);
}
if($context->latestEdition()) {
$q->setWhere("edition <= ?", "int", $context->latestEdition);
}
// filter based on lastmod time // filter based on lastmod time
if($context->modifiedSince()) $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince); if($context->modifiedSince()) {
if($context->notModifiedSince()) $q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince); $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince);
}
if($context->notModifiedSince()) {
$q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince);
}
// filter for un/read and un/starred status if specified // filter for un/read and un/starred status if specified
if($context->unread()) $q->setWhere("unread is ?", "bool", $context->unread); if($context->unread()) {
if($context->starred()) $q->setWhere("starred is ?", "bool", $context->starred); $q->setWhere("unread is ?", "bool", $context->unread);
}
if($context->starred()) {
$q->setWhere("starred is ?", "bool", $context->starred);
}
// perform the query and return results // perform the query and return results
return $this->db->prepare($q->getQuery(), $q->getTypes())->run($q->getValues()); return $this->db->prepare($q->getQuery(), $q->getTypes())->run($q->getValues());
} }
public function articleMark(string $user, array $data, Context $context = null): bool { public function articleMark(string $user, array $data, Context $context = null): bool {
if(!Arsse::$user->authorize($user, __FUNCTION__)) throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); if(!Arsse::$user->authorize($user, __FUNCTION__)) {
if(!$context) $context = new Context; throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
}
if(!$context) {
$context = new Context;
}
// sanitize input // sanitize input
$values = [ $values = [
isset($data['read']) ? $data['read'] : null, isset($data['read']) ? $data['read'] : null,
@ -683,7 +793,9 @@ class Database {
// make sure the edition exists // make sure the edition exists
$edition = $this->articleValidateEdition($user, $context->edition); $edition = $this->articleValidateEdition($user, $context->edition);
// if the edition is not the latest, do not mark the read flag // if the edition is not the latest, do not mark the read flag
if(!$edition['current']) $values[0] = null; if(!$edition['current']) {
$values[0] = null;
}
} else if($context->article()) { } else if($context->article()) {
// otherwise if an article context is specified, make sure it's valid // otherwise if an article context is specified, make sure it's valid
$this->articleValidateId($user, $context->article); $this->articleValidateId($user, $context->article);
@ -731,8 +843,11 @@ class Database {
} }
if($context->editions()) { if($context->editions()) {
// if multiple specific editions have been requested, prepare a CTE to list them and their articles // if multiple specific editions have been requested, prepare a CTE to list them and their articles
if(!$context->editions) throw new Db\ExceptionInput("tooShort", ['field' => "editions", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element if(!$context->editions) {
if(sizeof($context->editions) > 50) throw new Db\ExceptionInput("tooLong", ['field' => "editions", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements throw new Db\ExceptionInput("tooShort", ['field' => "editions", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element
} else if(sizeof($context->editions) > 50) {
throw new Db\ExceptionInput("tooLong", ['field' => "editions", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements
}
list($inParams, $inTypes) = $this->generateIn($context->editions, "int"); list($inParams, $inTypes) = $this->generateIn($context->editions, "int");
$q->setCTE("requested_articles(id,edition)", $q->setCTE("requested_articles(id,edition)",
"SELECT article,id as edition from arsse_editions where edition in ($inParams)", "SELECT article,id as edition from arsse_editions where edition in ($inParams)",
@ -742,8 +857,11 @@ class Database {
$q->setWhere("arsse_articles.id in (select id from requested_articles)"); $q->setWhere("arsse_articles.id in (select id from requested_articles)");
} else if($context->articles()) { } else if($context->articles()) {
// if multiple specific articles have been requested, prepare a CTE to list them and their articles // if multiple specific articles have been requested, prepare a CTE to list them and their articles
if(!$context->articles) throw new Db\ExceptionInput("tooShort", ['field' => "articles", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element if(!$context->articles) {
if(sizeof($context->articles) > 50) throw new Db\ExceptionInput("tooLong", ['field' => "articles", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements throw new Db\ExceptionInput("tooShort", ['field' => "articles", 'action' => __FUNCTION__, 'min' => 1]); // must have at least one array element
} else if(sizeof($context->articles) > 50) {
throw new Db\ExceptionInput("tooLong", ['field' => "articles", 'action' => __FUNCTION__, 'max' => 50]); // must not have more than 50 array elements
}
list($inParams, $inTypes) = $this->generateIn($context->articles, "int"); list($inParams, $inTypes) = $this->generateIn($context->articles, "int");
$q->setCTE("requested_articles(id,edition)", $q->setCTE("requested_articles(id,edition)",
"SELECT id,(select max(id) from arsse_editions where article is arsse_articles.id) as edition from arsse_articles where arsse_articles.id in ($inParams)", "SELECT id,(select max(id) from arsse_editions where article is arsse_articles.id) as edition from arsse_articles where arsse_articles.id in ($inParams)",
@ -756,11 +874,19 @@ class Database {
$q->setCTE("requested_articles(id,edition)", "SELECT 'empty','table' where 1 is 0"); $q->setCTE("requested_articles(id,edition)", "SELECT 'empty','table' where 1 is 0");
} }
// filter based on edition offset // filter based on edition offset
if($context->oldestEdition()) $q->setWhere("edition >= ?", "int", $context->oldestEdition); if($context->oldestEdition()) {
if($context->latestEdition()) $q->setWhere("edition <= ?", "int", $context->latestEdition); $q->setWhere("edition >= ?", "int", $context->oldestEdition);
}
if($context->latestEdition()) {
$q->setWhere("edition <= ?", "int", $context->latestEdition);
}
// filter based on lastmod time // filter based on lastmod time
if($context->modifiedSince()) $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince); if($context->modifiedSince()) {
if($context->notModifiedSince()) $q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince); $q->setWhere("modified_date >= ?", "datetime", $context->modifiedSince);
}
if($context->notModifiedSince()) {
$q->setWhere("modified_date <= ?", "datetime", $context->notModifiedSince);
}
// push the current query onto the CTE stack and execute the query we're actually interested in // push the current query onto the CTE stack and execute the query we're actually interested in
$q->pushCTE("target_articles(id,edition,modified_date,to_insert,honour_read,honour_star)"); $q->pushCTE("target_articles(id,edition,modified_date,to_insert,honour_read,honour_star)");
$q->setBody($query); $q->setBody($query);
@ -783,7 +909,9 @@ class Database {
arsse_articles.id is ? and arsse_subscriptions.owner is ?", arsse_articles.id is ? and arsse_subscriptions.owner is ?",
"int", "str" "int", "str"
)->run($id, $user)->getRow(); )->run($id, $user)->getRow();
if(!$out) throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "article", 'id' => $id]); if(!$out) {
throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "article", 'id' => $id]);
}
return $out; return $out;
} }
@ -801,7 +929,9 @@ class Database {
edition is ? and arsse_subscriptions.owner is ?", edition is ? and arsse_subscriptions.owner is ?",
"int", "str" "int", "str"
)->run($id, $user)->getRow(); )->run($id, $user)->getRow();
if(!$out) throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "edition", 'id' => $id]); if(!$out) {
throw new Db\ExceptionInput("subjectMissing", ["action" => $this->caller(), "field" => "edition", 'id' => $id]);
}
return $out; return $out;
} }
} }

16
lib/Db/AbstractDriver.php
View file

@ -35,7 +35,9 @@ abstract class AbstractDriver implements Driver {
} }
public function savepointRelease(int $index = null): bool { public function savepointRelease(int $index = null): bool {
if(is_null($index)) $index = $this->transDepth; if(is_null($index)) {
$index = $this->transDepth;
}
if(array_key_exists($index, $this->transStatus)) { if(array_key_exists($index, $this->transStatus)) {
switch($this->transStatus[$index]) { switch($this->transStatus[$index]) {
case self::TR_PEND: case self::TR_PEND:
@ -43,7 +45,9 @@ abstract class AbstractDriver implements Driver {
$this->transStatus[$index] = self::TR_COMMIT; $this->transStatus[$index] = self::TR_COMMIT;
$a = $index; $a = $index;
while(++$a && $a <= $this->transDepth) { while(++$a && $a <= $this->transDepth) {
if($this->transStatus[$a] <= self::TR_PEND) $this->transStatus[$a] = self::TR_PEND_COMMIT; if($this->transStatus[$a] <= self::TR_PEND) {
$this->transStatus[$a] = self::TR_PEND_COMMIT;
}
} }
$out = true; $out = true;
break; break;
@ -78,7 +82,9 @@ abstract class AbstractDriver implements Driver {
} }
public function savepointUndo(int $index = null): bool { public function savepointUndo(int $index = null): bool {
if(is_null($index)) $index = $this->transDepth; if(is_null($index)) {
$index = $this->transDepth;
}
if(array_key_exists($index, $this->transStatus)) { if(array_key_exists($index, $this->transStatus)) {
switch($this->transStatus[$index]) { switch($this->transStatus[$index]) {
case self::TR_PEND: case self::TR_PEND:
@ -87,7 +93,9 @@ abstract class AbstractDriver implements Driver {
$this->transStatus[$index] = self::TR_ROLLBACK; $this->transStatus[$index] = self::TR_ROLLBACK;
$a = $index; $a = $index;
while(++$a && $a <= $this->transDepth) { while(++$a && $a <= $this->transDepth) {
if($this->transStatus[$a] <= self::TR_PEND) $this->transStatus[$a] = self::TR_PEND_ROLLBACK; if($this->transStatus[$a] <= self::TR_PEND) {
$this->transStatus[$a] = self::TR_PEND_ROLLBACK;
}
} }
$out = true; $out = true;
break; break;

24
lib/Db/AbstractStatement.php
View file

@ -20,7 +20,9 @@ abstract class AbstractStatement implements Statement {
} }
public function rebindArray(array $bindings, bool $append = false): bool { public function rebindArray(array $bindings, bool $append = false): bool {
if(!$append) $this->types = []; if(!$append) {
$this->types = [];
}
foreach($bindings as $binding) { foreach($bindings as $binding) {
if(is_array($binding)) { if(is_array($binding)) {
// recursively flatten any arrays, which may be provided for SET or IN() clauses // recursively flatten any arrays, which may be provided for SET or IN() clauses
@ -34,7 +36,9 @@ abstract class AbstractStatement implements Statement {
} else { } else {
$this->isNullable[] = true; $this->isNullable[] = true;
} }
if(!array_key_exists($binding, self::TYPES)) throw new Exception("paramTypeInvalid", $binding); if(!array_key_exists($binding, self::TYPES)) {
throw new Exception("paramTypeInvalid", $binding);
}
$this->types[] = self::TYPES[$binding]; $this->types[] = self::TYPES[$binding];
} }
} }
@ -44,13 +48,19 @@ abstract class AbstractStatement implements Statement {
protected function cast($v, string $t, bool $nullable) { protected function cast($v, string $t, bool $nullable) {
switch($t) { switch($t) {
case "date": case "date":
if(is_null($v) && !$nullable) $v = 0; if(is_null($v) && !$nullable) {
$v = 0;
}
return Date::transform($v, "date"); return Date::transform($v, "date");
case "time": case "time":
if(is_null($v) && !$nullable) $v = 0; if(is_null($v) && !$nullable) {
$v = 0;
}
return Date::transform($v, "time"); return Date::transform($v, "time");
case "datetime": case "datetime":
if(is_null($v) && !$nullable) $v = 0; if(is_null($v) && !$nullable) {
$v = 0;
}
return Date::transform($v, "sql"); return Date::transform($v, "sql");
case "null": case "null":
case "integer": case "integer":
@ -58,7 +68,9 @@ abstract class AbstractStatement implements Statement {
case "binary": case "binary":
case "string": case "string":
case "boolean": case "boolean":
if($t=="binary") $t = "string"; if($t=="binary") {
$t = "string";
}
if($v instanceof \DateTimeInterface) { if($v instanceof \DateTimeInterface) {
if($t=="string") { if($t=="string") {
return Date::transform($v, "sql"); return Date::transform($v, "sql");

8
lib/Db/SQLite3/Statement.php
View file

@ -59,7 +59,9 @@ class Statement extends \JKingWeb\Arsse\Db\AbstractStatement {
$a += $this->bindValues($value, $a); $a += $this->bindValues($value, $a);
} else if(array_key_exists($a,$this->types)) { } else if(array_key_exists($a,$this->types)) {
// if the parameter type is something other than the known values, this is an error // if the parameter type is something other than the known values, this is an error
if(!array_key_exists($this->types[$a], self::BINDINGS)) throw new Exception("paramTypeUnknown", $this->types[$a]); if(!array_key_exists($this->types[$a], self::BINDINGS)) {
throw new Exception("paramTypeUnknown", $this->types[$a]);
}
// if the parameter type is null or the value is null (and the type is nullable), just bind null // if the parameter type is null or the value is null (and the type is nullable), just bind null
if($this->types[$a]=="null" || ($this->isNullable[$a] && is_null($value))) { if($this->types[$a]=="null" || ($this->isNullable[$a] && is_null($value))) {
$this->st->bindValue($a+1, null, \SQLITE3_NULL); $this->st->bindValue($a+1, null, \SQLITE3_NULL);
@ -68,7 +70,9 @@ class Statement extends \JKingWeb\Arsse\Db\AbstractStatement {
$type = self::BINDINGS[$this->types[$a]]; $type = self::BINDINGS[$this->types[$a]];
$value = $this->cast($value, $this->types[$a], $this->isNullable[$a]); $value = $this->cast($value, $this->types[$a], $this->isNullable[$a]);
// re-adjust for null casts // re-adjust for null casts
if($value===null) $type = \SQLITE3_NULL; if($value===null) {
$type = \SQLITE3_NULL;
}
// perform binding // perform binding
$this->st->bindValue($a+1, $value, $type); $this->st->bindValue($a+1, $value, $type);
} }

80
lib/Feed.php
View file

@ -42,11 +42,17 @@ class Feed {
// ascertain whether there are any articles not in the database // ascertain whether there are any articles not in the database
$this->matchToDatabase($feedID); $this->matchToDatabase($feedID);
// if caching header fields are not sent by the server, try to ascertain a last-modified date from the feed contents // if caching header fields are not sent by the server, try to ascertain a last-modified date from the feed contents
if(!$this->lastModified) $this->lastModified = $this->computeLastModified(); if(!$this->lastModified) {
$this->lastModified = $this->computeLastModified();
}
// we only really care if articles have been modified; if there are no new articles, act as if the feed is unchanged // we only really care if articles have been modified; if there are no new articles, act as if the feed is unchanged
if(!sizeof($this->newItems) && !sizeof($this->changedItems)) $this->modified = false; if(!sizeof($this->newItems) && !sizeof($this->changedItems)) {
$this->modified = false;
}
// if requested, scrape full content for any new and changed items // if requested, scrape full content for any new and changed items
if($scrape) $this->scrape(); if($scrape) {
$this->scrape();
}
} }
// compute the time at which the feed should next be fetched // compute the time at which the feed should next be fetched
$this->nextFetch = $this->computeNextFetch(); $this->nextFetch = $this->computeNextFetch();
@ -116,11 +122,17 @@ class Feed {
// prefer an Atom ID as the item's ID // prefer an Atom ID as the item's ID
$id = (string) $f->xml->children('http://www.w3.org/2005/Atom')->id; $id = (string) $f->xml->children('http://www.w3.org/2005/Atom')->id;
// otherwise use the RSS2 guid element // otherwise use the RSS2 guid element
if(!strlen($id)) $id = (string) $f->xml->guid; if(!strlen($id)) {
$id = (string) $f->xml->guid;
}
// otherwise use the Dublin Core identifier element // otherwise use the Dublin Core identifier element
if(!strlen($id)) $id = (string) $f->xml->children('http://purl.org/dc/elements/1.1/')->identifier; if(!strlen($id)) {
$id = (string) $f->xml->children('http://purl.org/dc/elements/1.1/')->identifier;
}
// otherwise there is no ID; if there is one, hash it // otherwise there is no ID; if there is one, hash it
if(strlen($id)) $f->id = hash('sha256', $id); if(strlen($id)) {
$f->id = hash('sha256', $id);
}
// PicoFeed also doesn't gather up categories, so we do this as well // PicoFeed also doesn't gather up categories, so we do this as well
$f->categories = []; $f->categories = [];
@ -129,19 +141,27 @@ class Feed {
// if the category has a label, use that // if the category has a label, use that
$name = (string) $c->attributes()->label; $name = (string) $c->attributes()->label;
// otherwise use the term // otherwise use the term
if(!strlen($name)) $name = (string) $c->attributes()->term; if(!strlen($name)) {
$name = (string) $c->attributes()->term;
}
// ... assuming it has that much // ... assuming it has that much
if(strlen($name)) $f->categories[] = $name; if(strlen($name)) {
$f->categories[] = $name;
}
} }
// next add RSS2 categories // next add RSS2 categories
foreach($f->xml->children()->category as $c) { foreach($f->xml->children()->category as $c) {
$name = (string) $c; $name = (string) $c;
if(strlen($name)) $f->categories[] = $name; if(strlen($name)) {
$f->categories[] = $name;
}
} }
// and finally try Dublin Core subjects // and finally try Dublin Core subjects
foreach($f->xml->children('http://purl.org/dc/elements/1.1/')->subject as $c) { foreach($f->xml->children('http://purl.org/dc/elements/1.1/')->subject as $c) {
$name = (string) $c; $name = (string) $c;
if(strlen($name)) $f->categories[] = $name; if(strlen($name)) {
$f->categories[] = $name;
}
} }
//sort the results //sort the results
sort($f->categories); sort($f->categories);
@ -161,7 +181,9 @@ class Feed {
foreach($items as $item) { foreach($items as $item) {
foreach($out as $index => $check) { foreach($out as $index => $check) {
// if the two items both have IDs and they differ, they do not match, regardless of hashes // if the two items both have IDs and they differ, they do not match, regardless of hashes
if($item->id && $check->id && $item->id != $check->id) continue; if($item->id && $check->id && $item->id != $check->id) {
continue;
}
// if the two items have the same ID or any one hash matches, they are two versions of the same item // if the two items have the same ID or any one hash matches, they are two versions of the same item
if( if(
($item->id && $check->id && $item->id == $check->id) || ($item->id && $check->id && $item->id == $check->id) ||
@ -208,10 +230,18 @@ class Feed {
// if we need to, perform a second pass on the database looking specifically for IDs and hashes of the new items // if we need to, perform a second pass on the database looking specifically for IDs and hashes of the new items
$ids = $hashesUT = $hashesUC = $hashesTC = []; $ids = $hashesUT = $hashesUC = $hashesTC = [];
foreach($this->newItems as $i) { foreach($this->newItems as $i) {
if($i->id) $ids[] = $i->id; if($i->id) {
if($i->urlTitleHash) $hashesUT[] = $i->urlTitleHash; $ids[] = $i->id;
if($i->urlContentHash) $hashesUC[] = $i->urlContentHash; }
if($i->titleContentHash) $hashesTC[] = $i->titleContentHash; if($i->urlTitleHash) {
$hashesUT[] = $i->urlTitleHash;
}
if($i->urlContentHash) {
$hashesUC[] = $i->urlContentHash;
}
if($i->titleContentHash) {
$hashesTC[] = $i->titleContentHash;
}
} }
$articles = Arsse::$db->feedMatchIds($feedID, $ids, $hashesUT, $hashesUC, $hashesTC)->getAll(); $articles = Arsse::$db->feedMatchIds($feedID, $ids, $hashesUT, $hashesUC, $hashesTC)->getAll();
list($this->newItems, $changed) = $this->matchItems($this->newItems, $articles); list($this->newItems, $changed) = $this->matchItems($this->newItems, $articles);
@ -228,7 +258,9 @@ class Feed {
$found = false; $found = false;
foreach($articles as $a) { foreach($articles as $a) {
// if the item has an ID and it doesn't match the article ID, the two don't match, regardless of hashes // if the item has an ID and it doesn't match the article ID, the two don't match, regardless of hashes
if($i->id && $i->id !== $a['guid']) continue; if($i->id && $i->id !== $a['guid']) {
continue;
}
if( if(
// the item matches if the GUID matches... // the item matches if the GUID matches...
($i->id && $i->id === $a['guid']) || ($i->id && $i->id === $a['guid']) ||
@ -255,7 +287,9 @@ class Feed {
} }
} }
} }
if(!$found) $new[] = $i; if(!$found) {
$new[] = $i;
}
} }
return [$new, $edited]; return [$new, $edited];
} }
@ -319,7 +353,9 @@ class Feed {
} }
protected function computeLastModified() { protected function computeLastModified() {
if(!$this->modified) return $this->lastModified; if(!$this->modified) {
return $this->lastModified;
}
$dates = $this->gatherDates(); $dates = $this->gatherDates();
if(sizeof($dates)) { if(sizeof($dates)) {
return Date::normalize($dates[0]); return Date::normalize($dates[0]);
@ -331,8 +367,12 @@ class Feed {
protected function gatherDates(): array { protected function gatherDates(): array {
$dates = []; $dates = [];
foreach($this->data->items as $item) { foreach($this->data->items as $item) {
if($item->updatedDate) $dates[] = $item->updatedDate->getTimestamp(); if($item->updatedDate) {
if($item->publishedDate) $dates[] = $item->publishedDate->getTimestamp(); $dates[] = $item->updatedDate->getTimestamp();
}
if($item->publishedDate) {
$dates[] = $item->publishedDate->getTimestamp();
}
} }
$dates = array_unique($dates, \SORT_NUMERIC); $dates = array_unique($dates, \SORT_NUMERIC);
rsort($dates); rsort($dates);

55
lib/Lang.php
View file

@ -29,24 +29,32 @@ class Lang {
public function set(string $locale, bool $immediate = false): string { public function set(string $locale, bool $immediate = false): string {
// make sure the Intl extension is loaded // make sure the Intl extension is loaded
if(!static::$requirementsMet) static::checkRequirements(); if(!static::$requirementsMet) {
static::checkRequirements();
}
// if requesting the same locale as already wanted, just return (but load first if we've requested an immediate load) // if requesting the same locale as already wanted, just return (but load first if we've requested an immediate load)
if($locale==$this->wanted) { if($locale==$this->wanted) {
if($immediate && !$this->synched) $this->load(); if($immediate && !$this->synched) {
$this->load();
}
return $locale; return $locale;
} }
// if we've requested a locale other than the null locale, fetch the list of available files and find the closest match e.g. en_ca_somedialect -> en_ca // if we've requested a locale other than the null locale, fetch the list of available files and find the closest match e.g. en_ca_somedialect -> en_ca
if($locale != "") { if($locale != "") {
$list = $this->listFiles(); $list = $this->listFiles();
// if the default locale is unavailable, this is (for now) an error // if the default locale is unavailable, this is (for now) an error
if(!in_array(self::DEFAULT, $list)) throw new Lang\Exception("defaultFileMissing", self::DEFAULT); if(!in_array(self::DEFAULT, $list)) {
throw new Lang\Exception("defaultFileMissing", self::DEFAULT);
}
$this->wanted = $this->match($locale, $list); $this->wanted = $this->match($locale, $list);
} else { } else {
$this->wanted = ""; $this->wanted = "";
} }
$this->synched = false; $this->synched = false;
// load right now if asked to, otherwise load later when actually required // load right now if asked to, otherwise load later when actually required
if($immediate) $this->load(); if($immediate) {
$this->load();
}
return $this->wanted; return $this->wanted;
} }
@ -74,7 +82,9 @@ class Lang {
} }
// if the requested message is not present in any of the currently loaded language files, throw an exception // if the requested message is not present in any of the currently loaded language files, throw an exception
// note that this is indicative of a programming error since the default locale should have all strings // note that this is indicative of a programming error since the default locale should have all strings
if(!array_key_exists($msgID, $this->strings)) throw new Lang\Exception("stringMissing", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]); if(!array_key_exists($msgID, $this->strings)) {
throw new Lang\Exception("stringMissing", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]);
}
$msg = $this->strings[$msgID]; $msg = $this->strings[$msgID];
// variables fed to MessageFormatter must be contained in an array // variables fed to MessageFormatter must be contained in an array
if($vars===null) { if($vars===null) {
@ -84,7 +94,9 @@ class Lang {
$vars = [$vars]; $vars = [$vars];
} }
$msg = \MessageFormatter::formatMessage($this->locale, $msg, $vars); $msg = \MessageFormatter::formatMessage($this->locale, $msg, $vars);
if($msg===false) throw new Lang\Exception("stringInvalid", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]); if($msg===false) {
throw new Lang\Exception("stringInvalid", ['msgID' => $msgID, 'fileList' => implode(", ",$this->loaded)]);
}
return $msg; return $msg;
} }
@ -98,13 +110,17 @@ class Lang {
} }
public function match(string $locale, array $list = null): string { public function match(string $locale, array $list = null): string {
if($list===null) $list = $this->listFiles(); if($list===null) {
$list = $this->listFiles();
}
$default = ($this->locale=="") ? self::DEFAULT : $this->locale; $default = ($this->locale=="") ? self::DEFAULT : $this->locale;
return \Locale::lookup($list,$locale, true, $default); return \Locale::lookup($list,$locale, true, $default);
} }
static protected function checkRequirements(): bool { static protected function checkRequirements(): bool {
if(!extension_loaded("intl")) throw new ExceptionFatal("The \"Intl\" extension is required, but not loaded"); if(!extension_loaded("intl")) {
throw new ExceptionFatal("The \"Intl\" extension is required, but not loaded");
}
static::$requirementsMet = true; static::$requirementsMet = true;
return true; return true;
} }
@ -128,7 +144,9 @@ class Lang {
} }
protected function load(): bool { protected function load(): bool {
if(!self::$requirementsMet) self::checkRequirements(); if(!self::$requirementsMet) {
self::checkRequirements();
}
// if we've requested no locale (""), just load the fallback strings and return // if we've requested no locale (""), just load the fallback strings and return
if($this->wanted=="") { if($this->wanted=="") {
$this->strings = self::REQUIRED; $this->strings = self::REQUIRED;
@ -144,13 +162,17 @@ class Lang {
$tag = array_pop($tags); $tag = array_pop($tags);
} }
// include the default locale as the base if the most general locale requested is not the default // include the default locale as the base if the most general locale requested is not the default
if($tag != self::DEFAULT) $files[] = self::DEFAULT; if($tag != self::DEFAULT) {
$files[] = self::DEFAULT;
}
// save the list of files to be loaded for later reference // save the list of files to be loaded for later reference
$loaded = $files; $loaded = $files;
// reduce the list of files to be loaded to the minimum necessary (e.g. if we go from "fr" to "fr_ca", we don't need to load "fr" or "en") // reduce the list of files to be loaded to the minimum necessary (e.g. if we go from "fr" to "fr_ca", we don't need to load "fr" or "en")
$files = []; $files = [];
foreach($loaded as $file) { foreach($loaded as $file) {
if($file==$this->locale) break; if($file==$this->locale) {
break;
}
$files[] = $file; $files[] = $file;
} }
// if we need to load all files, start with the fallback strings // if we need to load all files, start with the fallback strings
@ -164,8 +186,11 @@ class Lang {
// read files in reverse order // read files in reverse order
$files = array_reverse($files); $files = array_reverse($files);
foreach($files as $file) { foreach($files as $file) {
if(!file_exists($this->path."$file.php")) throw new Lang\Exception("fileMissing", $file); if(!file_exists($this->path."$file.php")) {
if(!is_readable($this->path."$file.php")) throw new Lang\Exception("fileUnreadable", $file); throw new Lang\Exception("fileMissing", $file);
} else if(!is_readable($this->path."$file.php")) {
throw new Lang\Exception("fileUnreadable", $file);
}
try { try {
// we use output buffering in case the language file is corrupted // we use output buffering in case the language file is corrupted
ob_start(); ob_start();
@ -175,7 +200,9 @@ class Lang {
} finally { } finally {
ob_end_clean(); ob_end_clean();
} }
if(!is_array($arr)) throw new Lang\Exception("fileCorrupt", $file); if(!is_array($arr)) {
throw new Lang\Exception("fileCorrupt", $file);
}
$strings[] = $arr; $strings[] = $arr;
} }
// apply the results and return // apply the results and return

20
lib/Misc/Context.php
View file

@ -36,15 +36,17 @@ class Context {
$spec = array_values($spec); $spec = array_values($spec);
for($a = 0; $a < sizeof($spec); $a++) { for($a = 0; $a < sizeof($spec); $a++) {
$id = $spec[$a]; $id = $spec[$a];
if(is_int($id) && $id > -1) continue; if(is_int($id) && $id > -1) {
if(is_float($id) && !fmod($id, 1) && $id >= 0) { continue;
} else if(is_float($id) && !fmod($id, 1) && $id >= 0) {
$spec[$a] = (int) $id; $spec[$a] = (int) $id;
continue; continue;
} } else if(is_string($id)) {
if(is_string($id)) {
$ch1 = strval(@intval($id)); $ch1 = strval(@intval($id));
$ch2 = strval($id); $ch2 = strval($id);
if($ch1 !== $ch2 || $id < 1) $id = 0; if($ch1 !== $ch2 || $id < 1) {
$id = 0;
}
} else { } else {
$id = 0; $id = 0;
} }
@ -108,12 +110,16 @@ class Context {
} }
function editions(array $spec = null) { function editions(array $spec = null) {
if($spec) $spec = $this->cleanArray($spec); if($spec) {
$spec = $this->cleanArray($spec);
}
return $this->act(__FUNCTION__, func_num_args(), $spec); return $this->act(__FUNCTION__, func_num_args(), $spec);
} }
function articles(array $spec = null) { function articles(array $spec = null) {
if($spec) $spec = $this->cleanArray($spec); if($spec) {
$spec = $this->cleanArray($spec);
}
return $this->act(__FUNCTION__, func_num_args(), $spec); return $this->act(__FUNCTION__, func_num_args(), $spec);
} }
} }

8
lib/Misc/Date.php
View file

@ -6,9 +6,13 @@ class Date {
static function transform($date, string $outFormat = null, string $inFormat = null, bool $inLocal = false) { static function transform($date, string $outFormat = null, string $inFormat = null, bool $inLocal = false) {
$date = self::normalize($date, $inFormat, $inLocal); $date = self::normalize($date, $inFormat, $inLocal);
if(is_null($date) || is_null($outFormat)) return $date; if(is_null($date) || is_null($outFormat)) {
return $date;
}
$outFormat = strtolower($outFormat); $outFormat = strtolower($outFormat);
if($outFormat=="unix") return $date->getTimestamp(); if($outFormat=="unix") {
return $date->getTimestamp();
}
switch ($outFormat) { switch ($outFormat) {
case 'http': $f = "D, d M Y H:i:s \G\M\T"; break; case 'http': $f = "D, d M Y H:i:s \G\M\T"; break;
case 'iso8601': $f = "Y-m-d\TH:i:s"; break; case 'iso8601': $f = "Y-m-d\TH:i:s"; break;

8
lib/Misc/Query.php
View file

@ -37,7 +37,9 @@ class Query {
$this->tCTE[] = $types; $this->tCTE[] = $types;
$this->vCTE[] = $values; $this->vCTE[] = $values;
} }
if(strlen($join)) $this->jCTE[] = $join; // the CTE might only participate in subqueries rather than a join on the main query if(strlen($join)) { // the CTE might only participate in subqueries rather than a join on the main query
$this->jCTE[] = $join;
}
return true; return true;
} }
@ -77,7 +79,9 @@ class Query {
$this->vWhere = []; $this->vWhere = [];
$this->order = []; $this->order = [];
$this->setLimit(0,0); $this->setLimit(0,0);
if(strlen($join)) $this->jCTE[] = $join; if(strlen($join)) {
$this->jCTE[] = $join;
}
return true; return true;
} }

8
lib/REST.php
View file

@ -31,7 +31,9 @@ class REST {
} }
function dispatch(REST\Request $req = null): bool { function dispatch(REST\Request $req = null): bool {
if($req===null) $req = new REST\Request(); if($req===null) {
$req = new REST\Request();
}
$api = $this->apiMatch($req->url, $this->apis); $api = $this->apiMatch($req->url, $this->apis);
$req->url = substr($req->url,strlen($this->apis[$api]['strip'])); $req->url = substr($req->url,strlen($this->apis[$api]['strip']));
$req->refreshURL(); $req->refreshURL();
@ -62,7 +64,9 @@ class REST {
uasort($map, function($a, $b) {return (strlen($a['match']) <=> strlen($b['match'])) * -1;}); uasort($map, function($a, $b) {return (strlen($a['match']) <=> strlen($b['match'])) * -1;});
// find a match // find a match
foreach($map as $id => $api) { foreach($map as $id => $api) {
if(strpos($url, $api['match'])===0) return $id; if(strpos($url, $api['match'])===0) {
return $id;
}
} }
// or throw an exception otherwise // or throw an exception otherwise
throw new REST\Exception501(); throw new REST\Exception501();

24
lib/REST/AbstractHandler.php
View file

@ -50,7 +50,9 @@ abstract class AbstractHandler implements Handler {
} }
switch($types[$key]) { switch($types[$key]) {
case "int": case "int":
if($this->validateInt($value)) $out[$key] = (int) $value; if($this->validateInt($value)) {
$out[$key] = (int) $value;
}
break; break;
case "string": case "string":
$out[$key] = (string) $value; $out[$key] = (string) $value;
@ -60,19 +62,29 @@ abstract class AbstractHandler implements Handler {
$out[$key] = $value; $out[$key] = $value;
} else if($this->validateInt($value)) { } else if($this->validateInt($value)) {
$value = (int) $value; $value = (int) $value;
if($value > -1 && $value < 2) $out[$key] = $value; if($value > -1 && $value < 2) {
$out[$key] = $value;
}
} else if(is_string($value)) { } else if(is_string($value)) {
$value = trim(strtolower($value)); $value = trim(strtolower($value));
if($value=="false") $out[$key] = false; if($value=="false") {
if($value=="true") $out[$key] = true; $out[$key] = false;
}
if($value=="true") {
$out[$key] = true;
}
} }
break; break;
case "float": case "float":
if(is_numeric($value)) $out[$key] = (float) $value; if(is_numeric($value)) {
$out[$key] = (float) $value;
}
break; break;
case "datetime": case "datetime":
$t = Date::normalize($value, $dateFormat); $t = Date::normalize($value, $dateFormat);
if($t) $out[$key] = $t; if($t) {
$out[$key] = $t;
}
break; break;
default: default:
throw new Exception("typeUnknown", $types[$key]); throw new Exception("typeUnknown", $types[$key]);

90
lib/REST/NextCloudNews/V1_2.php
View file

@ -40,13 +40,15 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
function dispatch(\JKingWeb\Arsse\REST\Request $req): Response { function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
// try to authenticate // try to authenticate
if(!Arsse::$user->authHTTP()) return new Response(401, "", "", ['WWW-Authenticate: Basic realm="'.self::REALM.'"']); if(!Arsse::$user->authHTTP()) {
// only accept GET, POST, PUT, or DELETE return new Response(401, "", "", ['WWW-Authenticate: Basic realm="'.self::REALM.'"']);
if(!in_array($req->method, ["GET", "POST", "PUT", "DELETE"])) return new Response(405, "", "", ['Allow: GET, POST, PUT, DELETE']); }
// normalize the input // normalize the input
if($req->body) { if($req->body) {
// if the entity body is not JSON according to content type, return "415 Unsupported Media Type" // if the entity body is not JSON according to content type, return "415 Unsupported Media Type"
if(!preg_match("<^application/json\b|^$>", $req->type)) return new Response(415, "", "", ['Accept: application/json']); if(!preg_match("<^application/json\b|^$>", $req->type)) {
return new Response(415, "", "", ['Accept: application/json']);
}
$data = @json_decode($req->body, true); $data = @json_decode($req->body, true);
if(json_last_error() != \JSON_ERROR_NONE) { if(json_last_error() != \JSON_ERROR_NONE) {
// if the body could not be parsed as JSON, return "400 Bad Request" // if the body could not be parsed as JSON, return "400 Bad Request"
@ -68,7 +70,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
} catch(Exception405 $e) { } catch(Exception405 $e) {
return new Response(405, "", "", ["Allow: ".$e->getMessage()]); return new Response(405, "", "", ["Allow: ".$e->getMessage()]);
} }
if(!method_exists($this, $func)) return new Response(501); if(!method_exists($this, $func)) {
return new Response(501);
}
// dispatch // dispatch
try { try {
return $this->$func($req->paths, $data); return $this->$func($req->paths, $data);
@ -129,12 +133,16 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
$scope = $url[0]; $scope = $url[0];
// any URL components which are only digits should be replaced with "0", for easier comparison (integer segments are IDs, and we don't care about the specific ID) // any URL components which are only digits should be replaced with "0", for easier comparison (integer segments are IDs, and we don't care about the specific ID)
for($a = 0; $a < sizeof($url); $a++) { for($a = 0; $a < sizeof($url); $a++) {
if($this->validateInt($url[$a])) $url[$a] = "0"; if($this->validateInt($url[$a])) {
$url[$a] = "0";
}
} }
// normalize the HTTP method to uppercase // normalize the HTTP method to uppercase
$method = strtoupper($method); $method = strtoupper($method);
// if the scope is not supported, return 501 // if the scope is not supported, return 501
if(!array_key_exists($scope, $choices)) throw new Exception501(); if(!array_key_exists($scope, $choices)) {
throw new Exception501();
}
// we now evaluate the supplied URL against every supported path for the selected scope // we now evaluate the supplied URL against every supported path for the selected scope
// the URL is evaluated as an array so as to avoid decoded escapes turning invalid URLs into valid ones // the URL is evaluated as an array so as to avoid decoded escapes turning invalid URLs into valid ones
foreach($choices[$scope] as $path => $funcs) { foreach($choices[$scope] as $path => $funcs) {
@ -251,7 +259,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// rename a folder (also supports moving nesting folders, but this is not a feature of the API) // rename a folder (also supports moving nesting folders, but this is not a feature of the API)
protected function folderRename(array $url, array $data): Response { protected function folderRename(array $url, array $data): Response {
// there must be some change to be made // there must be some change to be made
if(!sizeof($data)) return new Response(422); if(!sizeof($data)) {
return new Response(422);
}
// perform the edit // perform the edit
try { try {
Arsse::$db->folderPropertiesSet(Arsse::$user->id, (int) $url[1], $data); Arsse::$db->folderPropertiesSet(Arsse::$user->id, (int) $url[1], $data);
@ -296,7 +306,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// return list of feeds which should be refreshed // return list of feeds which should be refreshed
protected function feedListStale(array $url, array $data): Response { protected function feedListStale(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// list stale feeds which should be checked for updates // list stale feeds which should be checked for updates
$feeds = Arsse::$db->feedListStale(); $feeds = Arsse::$db->feedListStale();
$out = []; $out = [];
@ -310,9 +322,13 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// refresh a feed // refresh a feed
protected function feedUpdate(array $url, array $data): Response { protected function feedUpdate(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// perform an update of a single feed // perform an update of a single feed
if(!isset($data['feedId'])) return new Response(422); if(!isset($data['feedId'])) {
return new Response(422);
}
try { try {
Arsse::$db->feedUpdate($data['feedId']); Arsse::$db->feedUpdate($data['feedId']);
} catch(ExceptionInput $e) { } catch(ExceptionInput $e) {
@ -324,7 +340,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// add a new feed // add a new feed
protected function subscriptionAdd(array $url, array $data): Response { protected function subscriptionAdd(array $url, array $data): Response {
// normalize the feed URL // normalize the feed URL
if(!isset($data['url'])) return new Response(422); if(!isset($data['url'])) {
return new Response(422);
}
// normalize the folder ID, if specified; zero should be transformed to null // normalize the folder ID, if specified; zero should be transformed to null
$folder = (isset($data['folderId']) && $data['folderId']) ? $data['folderId'] : null; $folder = (isset($data['folderId']) && $data['folderId']) ? $data['folderId'] : null;
// try to add the feed // try to add the feed
@ -350,7 +368,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
$feed = $this->feedTranslate($feed); $feed = $this->feedTranslate($feed);
$out = ['feeds' => [$feed]]; $out = ['feeds' => [$feed]];
$newest = Arsse::$db->editionLatest(Arsse::$user->id, (new Context)->subscription($id)); $newest = Arsse::$db->editionLatest(Arsse::$user->id, (new Context)->subscription($id));
if($newest) $out['newestItemId'] = $newest; if($newest) {
$out['newestItemId'] = $newest;
}
return new Response(200, $out); return new Response(200, $out);
} }
@ -364,7 +384,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
$out = ['feeds' => $out]; $out = ['feeds' => $out];
$out['starredCount'] = Arsse::$db->articleStarredCount(Arsse::$user->id); $out['starredCount'] = Arsse::$db->articleStarredCount(Arsse::$user->id);
$newest = Arsse::$db->editionLatest(Arsse::$user->id); $newest = Arsse::$db->editionLatest(Arsse::$user->id);
if($newest) $out['newestItemId'] = $newest; if($newest) {
$out['newestItemId'] = $newest;
}
return new Response(200, $out); return new Response(200, $out);
} }
@ -456,7 +478,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// set the context options supplied by the client // set the context options supplied by the client
$c = new Context; $c = new Context;
// set the batch size // set the batch size
if(isset($data['batchSize']) && $data['batchSize'] > 0) $c->limit($data['batchSize']); if(isset($data['batchSize']) && $data['batchSize'] > 0) {
$c->limit($data['batchSize']);
}
// set the order of returned items // set the order of returned items
if(isset($data['oldestFirst']) && $data['oldestFirst']) { if(isset($data['oldestFirst']) && $data['oldestFirst']) {
$c->reverse(false); $c->reverse(false);
@ -472,15 +496,23 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
} }
} }
// set whether to only return unread // set whether to only return unread
if(isset($data['getRead']) && !$data['getRead']) $c->unread(true); if(isset($data['getRead']) && !$data['getRead']) {
$c->unread(true);
}
// if no type is specified assume 3 (All) // if no type is specified assume 3 (All)
if(!isset($data['type'])) $data['type'] = 3; if(!isset($data['type'])) {
$data['type'] = 3;
}
switch($data['type']) { switch($data['type']) {
case 0: // feed case 0: // feed
if(isset($data['id'])) $c->subscription($data['id']); if(isset($data['id'])) {
$c->subscription($data['id']);
}
break; break;
case 1: // folder case 1: // folder
if(isset($data['id'])) $c->folder($data['id']); if(isset($data['id'])) {
$c->folder($data['id']);
}
break; break;
case 2: // starred case 2: // starred
$c->starred(true); $c->starred(true);
@ -489,7 +521,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// return all items // return all items
} }
// whether to return only updated items // whether to return only updated items
if(isset($data['lastModified'])) $c->modifiedSince($data['lastModified']); if(isset($data['lastModified'])) {
$c->modifiedSince($data['lastModified']);
}
// perform the fetch // perform the fetch
try { try {
$items = Arsse::$db->articleList(Arsse::$user->id, $c); $items = Arsse::$db->articleList(Arsse::$user->id, $c);
@ -557,7 +591,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// determine whether to mark read or unread // determine whether to mark read or unread
$set = ($url[1]=="read"); $set = ($url[1]=="read");
// if the input data is not at all valid, return an error // if the input data is not at all valid, return an error
if(!isset($data['items']) || !is_array($data['items'])) return new Response(422); if(!isset($data['items']) || !is_array($data['items'])) {
return new Response(422);
}
// start a transaction and loop through the items // start a transaction and loop through the items
$t = Arsse::$db->begin(); $t = Arsse::$db->begin();
$in = array_chunk($data['items'], 50); $in = array_chunk($data['items'], 50);
@ -578,7 +614,9 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
// determine whether to mark starred or unstarred // determine whether to mark starred or unstarred
$set = ($url[1]=="star"); $set = ($url[1]=="star");
// if the input data is not at all valid, return an error // if the input data is not at all valid, return an error
if(!isset($data['items']) || !is_array($data['items'])) return new Response(422); if(!isset($data['items']) || !is_array($data['items'])) {
return new Response(422);
}
// start a transaction and loop through the items // start a transaction and loop through the items
$t = Arsse::$db->begin(); $t = Arsse::$db->begin();
$in = array_chunk(array_column($data['items'], "guidHash"), 50); $in = array_chunk(array_column($data['items'], "guidHash"), 50);
@ -617,14 +655,18 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
protected function cleanupBefore(array $url, array $data): Response { protected function cleanupBefore(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// FIXME: stub // FIXME: stub
return new Response(204); return new Response(204);
} }
protected function cleanupAfter(array $url, array $data): Response { protected function cleanupAfter(array $url, array $data): Response {
// function requires admin rights per spec // function requires admin rights per spec
if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) return new Response(403); if(Arsse::$user->rightsGet(Arsse::$user->id)==User::RIGHTS_NONE) {
return new Response(403);
}
// FIXME: stub // FIXME: stub
return new Response(204); return new Response(204);
} }

20
lib/REST/Request.php
View file

@ -12,9 +12,15 @@ class Request {
public $body = ""; public $body = "";
function __construct(string $method = null, string $url = null, string $body = null, string $contentType = null) { function __construct(string $method = null, string $url = null, string $body = null, string $contentType = null) {
if(is_null($method)) $method = $_SERVER['REQUEST_METHOD']; if(is_null($method)) {
if(is_null($url)) $url = $_SERVER['REQUEST_URI']; $method = $_SERVER['REQUEST_METHOD'];
if(is_null($body)) $body = file_get_contents("php://input"); }
if(is_null($url)) {
$url = $_SERVER['REQUEST_URI'];
}
if(is_null($body)) {
$body = file_get_contents("php://input");
}
if(is_null($contentType)) { if(is_null($contentType)) {
if(isset($_SERVER['HTTP_CONTENT_TYPE'])) { if(isset($_SERVER['HTTP_CONTENT_TYPE'])) {
$contentType = $_SERVER['HTTP_CONTENT_TYPE']; $contentType = $_SERVER['HTTP_CONTENT_TYPE'];
@ -63,8 +69,12 @@ class Request {
if(!in_array($out['path'],["/",""])) { if(!in_array($out['path'],["/",""])) {
$paths = explode("/", $out['path']); $paths = explode("/", $out['path']);
// remove the first and last empty elements, if present (they are artefacts of the splitting; others should remain) // remove the first and last empty elements, if present (they are artefacts of the splitting; others should remain)
if(!strlen($paths[0])) array_shift($paths); if(!strlen($paths[0])) {
if(!strlen($paths[sizeof($paths)-1])) array_pop($paths); array_shift($paths);
}
if(!strlen($paths[sizeof($paths)-1])) {
array_pop($paths);
}
// %-decode each path element // %-decode each path element
$paths = array_map(function($v){return rawurldecode($v);}, $paths); $paths = array_map(function($v){return rawurldecode($v);}, $paths);
$out['paths'] = $paths; $out['paths'] = $paths;

4
lib/Service.php
View file

@ -66,7 +66,9 @@ class Service {
static function hasCheckedIn(): bool { static function hasCheckedIn(): bool {
$checkin = Arsse::$db->metaGet("service_last_checkin"); $checkin = Arsse::$db->metaGet("service_last_checkin");
// if the service has never checked in, return false // if the service has never checked in, return false
if(!$checkin) return false; if(!$checkin) {
return false;
}
// convert the check-in timestamp to a DateTime instance // convert the check-in timestamp to a DateTime instance
$checkin = Date::normalize($checkin, "sql"); $checkin = Date::normalize($checkin, "sql");
// get the checking interval // get the checking interval

2
lib/Service/Curl/Driver.php
View file

@ -42,7 +42,7 @@ class Driver implements \JKingWeb\Arsse\Service\Driver {
curl_multi_setopt($this->queue, \CURLMOPT_PIPELINING, 1); curl_multi_setopt($this->queue, \CURLMOPT_PIPELINING, 1);
} }
function qeueue(int ...$feeds): int { function queue(int ...$feeds): int {
foreach($feeds as $id) { foreach($feeds as $id) {
$h = curl_init(); $h = curl_init();
curl_setopt($h, \CURLOPT_POSTFIELDS, json_encode(['userId' => "", 'feedId' => $id])); curl_setopt($h, \CURLOPT_POSTFIELDS, json_encode(['userId' => "", 'feedId' => $id]));

160
lib/User.php
View file

@ -37,54 +37,86 @@ class User {
} }
public function __toString() { public function __toString() {
if($this->id===null) $this->credentials(); if($this->id===null) {
$this->credentials();
}
return (string) $this->id; return (string) $this->id;
} }
// checks whether the logged in user is authorized to act for the affected user (used especially when granting rights) // checks whether the logged in user is authorized to act for the affected user (used especially when granting rights)
function authorize(string $affectedUser, string $action, int $newRightsLevel = 0): bool { function authorize(string $affectedUser, string $action, int $newRightsLevel = 0): bool {
// if authorization checks are disabled (either because we're running the installer or the background updater) just return true // if authorization checks are disabled (either because we're running the installer or the background updater) just return true
if(!$this->authorizationEnabled()) return true; if(!$this->authorizationEnabled()) {
return true;
}
// if we don't have a logged-in user, fetch credentials // if we don't have a logged-in user, fetch credentials
if($this->id===null) $this->credentials(); if($this->id===null) {
$this->credentials();
}
// if the affected user is the actor and the actor is not trying to grant themselves rights, accept the request // if the affected user is the actor and the actor is not trying to grant themselves rights, accept the request
if($affectedUser==Arsse::$user->id && $action != "userRightsSet") return true; if($affectedUser==Arsse::$user->id && $action != "userRightsSet") {
return true;
}
// if we're authorizing something other than a user function and the affected user is not the actor, make sure the affected user exists // if we're authorizing something other than a user function and the affected user is not the actor, make sure the affected user exists
$this->authorizationEnabled(false); $this->authorizationEnabled(false);
if(Arsse::$user->id != $affectedUser && strpos($action, "user")!==0 && !$this->exists($affectedUser)) throw new User\Exception("doesNotExist", ["action" => $action, "user" => $affectedUser]); if(Arsse::$user->id != $affectedUser && strpos($action, "user")!==0 && !$this->exists($affectedUser)) {
throw new User\Exception("doesNotExist", ["action" => $action, "user" => $affectedUser]);
}
$this->authorizationEnabled(true); $this->authorizationEnabled(true);
// get properties of actor if not already available // get properties of actor if not already available
if(!sizeof($this->actor)) $this->actor = $this->propertiesGet(Arsse::$user->id); if(!sizeof($this->actor)) {
$this->actor = $this->propertiesGet(Arsse::$user->id);
}
$rights = $this->actor["rights"]; $rights = $this->actor["rights"];
// if actor is a global admin, accept the request // if actor is a global admin, accept the request
if($rights==User\Driver::RIGHTS_GLOBAL_ADMIN) return true; if($rights==User\Driver::RIGHTS_GLOBAL_ADMIN) {
return true;
}
// if actor is a common user, deny the request // if actor is a common user, deny the request
if($rights==User\Driver::RIGHTS_NONE) return false; if($rights==User\Driver::RIGHTS_NONE) {
return false;
}
// if actor is not some other sort of admin, deny the request // if actor is not some other sort of admin, deny the request
if(!in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN],true)) return false; if(!in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN],true)) {
return false;
}
// if actor is a domain admin/manager and domains don't match, deny the request // if actor is a domain admin/manager and domains don't match, deny the request
if(Arsse::$conf->userComposeNames && $this->actor["domain"] && $rights != User\Driver::RIGHTS_GLOBAL_MANAGER) { if(Arsse::$conf->userComposeNames && $this->actor["domain"] && $rights != User\Driver::RIGHTS_GLOBAL_MANAGER) {
$test = "@".$this->actor["domain"]; $test = "@".$this->actor["domain"];
if(substr($affectedUser,-1*strlen($test)) != $test) return false; if(substr($affectedUser,-1*strlen($test)) != $test) {
return false;
}
} }
// certain actions shouldn't check affected user's rights // certain actions shouldn't check affected user's rights
if(in_array($action, ["userRightsGet","userExists","userList"], true)) return true; if(in_array($action, ["userRightsGet","userExists","userList"], true)) {
return true;
}
if($action=="userRightsSet") { if($action=="userRightsSet") {
// setting rights above your own is not allowed // setting rights above your own is not allowed
if($newRightsLevel > $rights) return false; if($newRightsLevel > $rights) {
return false;
}
// setting yourself to rights you already have is harmless and can be allowed // setting yourself to rights you already have is harmless and can be allowed
if($this->id==$affectedUser && $newRightsLevel==$rights) return true; if($this->id==$affectedUser && $newRightsLevel==$rights) {
return true;
}
// managers can only set their own rights, and only to normal user // managers can only set their own rights, and only to normal user
if(in_array($rights, [User\Driver::RIGHTS_DOMAIN_MANAGER, User\Driver::RIGHTS_GLOBAL_MANAGER])) { if(in_array($rights, [User\Driver::RIGHTS_DOMAIN_MANAGER, User\Driver::RIGHTS_GLOBAL_MANAGER])) {
if($this->id != $affectedUser || $newRightsLevel != User\Driver::RIGHTS_NONE) return false; if($this->id != $affectedUser || $newRightsLevel != User\Driver::RIGHTS_NONE) {
return false;
}
return true; return true;
} }
} }
$affectedRights = $this->rightsGet($affectedUser); $affectedRights = $this->rightsGet($affectedUser);
// managers can only act on themselves (checked above) or regular users // managers can only act on themselves (checked above) or regular users
if(in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER]) && $affectedRights != User\Driver::RIGHTS_NONE) return false; if(in_array($rights,[User\Driver::RIGHTS_GLOBAL_MANAGER,User\Driver::RIGHTS_DOMAIN_MANAGER]) && $affectedRights != User\Driver::RIGHTS_NONE) {
return false;
}
// domain admins canot act above themselves // domain admins canot act above themselves
if(!in_array($affectedRights,[User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN])) return false; if(!in_array($affectedRights,[User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN])) {
return false;
}
return true; return true;
} }
@ -116,11 +148,15 @@ class User {
} else { } else {
$out = $this->u->auth($user, $password); $out = $this->u->auth($user, $password);
} }
if($out && !Arsse::$db->userExists($user)) $this->autoProvision($user, $password); if($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
if(Arsse::$conf->userPreAuth) { if(Arsse::$conf->userPreAuth) {
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, $password); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $password);
}
return true; return true;
} else { } else {
return $this->u->auth($user, $password); return $this->u->auth($user, $password);
@ -133,7 +169,9 @@ class User {
public function authHTTP(): bool { public function authHTTP(): bool {
$cred = $this->credentials(); $cred = $this->credentials();
if(!$cred["user"]) return false; if(!$cred["user"]) {
return false;
}
return $this->auth($cred["user"], $cred["password"]); return $this->auth($cred["user"], $cred["password"]);
} }
@ -147,9 +185,13 @@ class User {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if($domain===null) { if($domain===null) {
if(!$this->authorize("@".$domain, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $domain]); if(!$this->authorize("@".$domain, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $domain]);
}
} else { } else {
if(!$this->authorize("", $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => "all users"]); if(!$this->authorize("", $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => "all users"]);
}
} }
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -160,9 +202,13 @@ class User {
} }
public function authorizationEnabled(bool $setting = null): bool { public function authorizationEnabled(bool $setting = null): bool {
if(is_null($setting)) return !$this->authz; if(is_null($setting)) {
return !$this->authz;
}
$this->authz += ($setting ? -1 : 1); $this->authz += ($setting ? -1 : 1);
if($this->authz < 0) $this->authz = 0; if($this->authz < 0) {
$this->authz = 0;
}
return !$this->authz; return !$this->authz;
} }
@ -171,9 +217,13 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userExists($user); $out = $this->u->userExists($user);
if($out && !Arsse::$db->userExists($user)) $this->autoProvision($user, ""); if($out && !Arsse::$db->userExists($user)) {
$this->autoProvision($user, "");
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -189,10 +239,14 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$newPassword = $this->u->userAdd($user, $password); $newPassword = $this->u->userAdd($user, $password);
// if there was no exception and we don't have the user in the internal database, add it // if there was no exception and we don't have the user in the internal database, add it
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, $newPassword); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, $newPassword);
}
return $newPassword; return $newPassword;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -207,11 +261,15 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userRemove($user); $out = $this->u->userRemove($user);
if($out && Arsse::$db->userExists($user)) { if($out && Arsse::$db->userExists($user)) {
// if the user was removed and we have it in our data, remove it there // if the user was removed and we have it in our data, remove it there
if(!Arsse::$db->userExists($user)) Arsse::$db->userRemove($user); if(!Arsse::$db->userExists($user)) {
Arsse::$db->userRemove($user);
}
} }
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
@ -227,7 +285,9 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userPasswordSet($user, $newPassword, $oldPassword); $out = $this->u->userPasswordSet($user, $newPassword, $oldPassword);
if(Arsse::$db->userExists($user)) { if(Arsse::$db->userExists($user)) {
// if the password change was successful and the user exists, set the internal password to the same value // if the password change was successful and the user exists, set the internal password to the same value
@ -248,7 +308,9 @@ class User {
public function propertiesGet(string $user, bool $withAvatar = false): array { public function propertiesGet(string $user, bool $withAvatar = false): array {
// prepare default values // prepare default values
$domain = null; $domain = null;
if(Arsse::$conf->userComposeNames) $domain = substr($user,strrpos($user,"@")+1); if(Arsse::$conf->userComposeNames) {
$domain = substr($user,strrpos($user,"@")+1);
}
$init = [ $init = [
"id" => $user, "id" => $user,
"name" => $user, "name" => $user,
@ -259,12 +321,18 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = array_merge($init, $this->u->userPropertiesGet($user)); $out = array_merge($init, $this->u->userPropertiesGet($user));
// remove password if it is return (not exhaustive, but...) // remove password if it is return (not exhaustive, but...)
if(array_key_exists('password', $out)) unset($out['password']); if(array_key_exists('password', $out)) {
unset($out['password']);
}
// if the user does not exist in the internal database, add it // if the user does not exist in the internal database, add it
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, "", $out); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, "", $out);
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -278,13 +346,17 @@ class User {
public function propertiesSet(string $user, array $properties): array { public function propertiesSet(string $user, array $properties): array {
// remove from the array any values which should be set specially // remove from the array any values which should be set specially
foreach(['id', 'domain', 'password', 'rights'] as $key) { foreach(['id', 'domain', 'password', 'rights'] as $key) {
if(array_key_exists($key, $properties)) unset($properties[$key]); if(array_key_exists($key, $properties)) {
unset($properties[$key]);
}
} }
$func = "userPropertiesSet"; $func = "userPropertiesSet";
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userPropertiesSet($user, $properties); $out = $this->u->userPropertiesSet($user, $properties);
if(Arsse::$db->userExists($user)) { if(Arsse::$db->userExists($user)) {
// if the property change was successful and the user exists, set the internal properties to the same values // if the property change was successful and the user exists, set the internal properties to the same values
@ -307,10 +379,14 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userRightsGet($user); $out = $this->u->userRightsGet($user);
// if the user does not exist in the internal database, add it // if the user does not exist in the internal database, add it
if(!Arsse::$db->userExists($user)) $this->autoProvision($user, "", null, $out); if(!Arsse::$db->userExists($user)) {
$this->autoProvision($user, "", null, $out);
}
return $out; return $out;
case User\Driver::FUNC_INTERNAL: case User\Driver::FUNC_INTERNAL:
// internal functions handle their own authorization // internal functions handle their own authorization
@ -326,7 +402,9 @@ class User {
switch($this->u->driverFunctions($func)) { switch($this->u->driverFunctions($func)) {
case User\Driver::FUNC_EXTERNAL: case User\Driver::FUNC_EXTERNAL:
// we handle authorization checks for external drivers // we handle authorization checks for external drivers
if(!$this->authorize($user, $func)) throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]); if(!$this->authorize($user, $func)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => $func, "user" => $user]);
}
$out = $this->u->userRightsSet($user, $level); $out = $this->u->userRightsSet($user, $level);
// if the user does not exist in the internal database, add it // if the user does not exist in the internal database, add it
if($out && Arsse::$db->userExists($user)) { if($out && Arsse::$db->userExists($user)) {
@ -365,7 +443,9 @@ class User {
if($properties===null) { if($properties===null) {
// if nothing is provided but the driver uses an external function, try to get the current values from the external source // if nothing is provided but the driver uses an external function, try to get the current values from the external source
try { try {
if($this->u->driverFunctions("userPropertiesGet")==User\Driver::FUNC_EXTERNAL) Arsse::$db->userPropertiesSet($user, $this->u->userPropertiesGet($user)); if($this->u->driverFunctions("userPropertiesGet")==User\Driver::FUNC_EXTERNAL) {
Arsse::$db->userPropertiesSet($user, $this->u->userPropertiesGet($user));
}
} catch(\Throwable $e) {} } catch(\Throwable $e) {}
} else { } else {
// otherwise if values are provided, use those // otherwise if values are provided, use those

4
lib/User/Internal/Driver.php
View file

@ -24,7 +24,9 @@ final class Driver implements \JKingWeb\Arsse\User\Driver {
} }
public function driverFunctions(string $function = null) { public function driverFunctions(string $function = null) {
if($function===null) return $this->functions; if($function===null) {
return $this->functions;
}
if(array_key_exists($function, $this->functions)) { if(array_key_exists($function, $this->functions)) {
return $this->functions[$function]; return $this->functions[$function];
} else { } else {

31
lib/User/Internal/InternalFunctions.php
View file

@ -2,54 +2,59 @@
declare(strict_types=1); declare(strict_types=1);
namespace JKingWeb\Arsse\User\Internal; namespace JKingWeb\Arsse\User\Internal;
use JKingWeb\Arsse\Arsse; use JKingWeb\Arsse\Arsse;
use JKingWeb\Arsse\User\Exception;
trait InternalFunctions { trait InternalFunctions {
protected $actor = []; protected $actor = [];
public function __construct() { public function __construct() {
$this->db = Arsse::$db;
} }
function auth(string $user, string $password): bool { function auth(string $user, string $password): bool {
if(!Arsse::$user->exists($user)) return false; try {
$hash = $this->db->userPasswordGet($user); $hash = Arsse::$db->userPasswordGet($user);
if($password==="" && $hash==="") return true; } catch(Exception $e) {
return false;
}
if($password==="" && $hash==="") {
return true;
}
return password_verify($password, $hash); return password_verify($password, $hash);
} }
function userExists(string $user): bool { function userExists(string $user): bool {
return $this->db->userExists($user); return Arsse::$db->userExists($user);
} }
function userAdd(string $user, string $password = null): string { function userAdd(string $user, string $password = null): string {
return $this->db->userAdd($user, $password); return Arsse::$db->userAdd($user, $password);
} }
function userRemove(string $user): bool { function userRemove(string $user): bool {
return $this->db->userRemove($user); return Arsse::$db->userRemove($user);
} }
function userList(string $domain = null): array { function userList(string $domain = null): array {
return $this->db->userList($domain); return Arsse::$db->userList($domain);
} }
function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string { function userPasswordSet(string $user, string $newPassword = null, string $oldPassword = null): string {
return $this->db->userPasswordSet($user, $newPassword); return Arsse::$db->userPasswordSet($user, $newPassword);
} }
function userPropertiesGet(string $user): array { function userPropertiesGet(string $user): array {
return $this->db->userPropertiesGet($user); return Arsse::$db->userPropertiesGet($user);
} }
function userPropertiesSet(string $user, array $properties): array { function userPropertiesSet(string $user, array $properties): array {
return $this->db->userPropertiesSet($user, $properties); return Arsse::$db->userPropertiesSet($user, $properties);
} }
function userRightsGet(string $user): int { function userRightsGet(string $user): int {
return $this->db->userRightsGet($user); return Arsse::$db->userRightsGet($user);
} }
function userRightsSet(string $user, int $level): bool { function userRightsSet(string $user, int $level): bool {
return $this->db->userRightsSet($user, $level); return Arsse::$db->userRightsSet($user, $level);
} }
} }

8
tests/Misc/TestContext.php
View file

@ -9,7 +9,9 @@ class TestContext extends Test\AbstractTest {
function testVerifyInitialState() { function testVerifyInitialState() {
$c = new Context; $c = new Context;
foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) { foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) {
if($m->isConstructor() || $m->isStatic()) continue; if($m->isConstructor() || $m->isStatic()) {
continue;
}
$method = $m->name; $method = $m->name;
$this->assertFalse($c->$method(), "Context method $method did not initially return false"); $this->assertFalse($c->$method(), "Context method $method did not initially return false");
$this->assertEquals(null, $c->$method, "Context property $method is not initially falsy"); $this->assertEquals(null, $c->$method, "Context property $method is not initially falsy");
@ -37,7 +39,9 @@ class TestContext extends Test\AbstractTest {
$times = ['modifiedSince','notModifiedSince']; $times = ['modifiedSince','notModifiedSince'];
$c = new Context; $c = new Context;
foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) { foreach((new \ReflectionObject($c))->getMethods(\ReflectionMethod::IS_PUBLIC) as $m) {
if($m->isConstructor() || $m->isStatic()) continue; if($m->isConstructor() || $m->isStatic()) {
continue;
}
$method = $m->name; $method = $m->name;
$this->assertArrayHasKey($method, $v, "Context method $method not included in test"); $this->assertArrayHasKey($method, $v, "Context method $method not included in test");
$this->assertInstanceOf(Context::class, $c->$method($v[$method])); $this->assertInstanceOf(Context::class, $c->$method($v[$method]));

2
tests/REST/NextCloudNews/TestNCNV1_2.php
View file

@ -10,7 +10,7 @@ use JKingWeb\Arsse\Db\ExceptionInput;
use JKingWeb\Arsse\Db\Transaction; use JKingWeb\Arsse\Db\Transaction;
use Phake; use Phake;
/** @covers \JKingWeb\Arsse\REST\NextCloudNews\V1_2 */ /** @covers \JKingWeb\Arsse\REST\NextCloudNews\V1_2<extended> */
class TestNCNV1_2 extends Test\AbstractTest { class TestNCNV1_2 extends Test\AbstractTest {
protected $h; protected $h;
protected $feeds = [ // expected sample output of a feed list from the database, and the resultant expected transformation by the REST handler protected $feeds = [ // expected sample output of a feed list from the database, and the resultant expected transformation by the REST handler

28
tests/User/TestAuthorization.php
View file

@ -87,7 +87,9 @@ class TestAuthorization extends Test\AbstractTest {
function testRegularUserLogic() { function testRegularUserLogic() {
foreach(self::USERS as $actor => $rights) { foreach(self::USERS as $actor => $rights) {
if($rights != User\Driver::RIGHTS_NONE) continue; if($rights != User\Driver::RIGHTS_NONE) {
continue;
}
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(array_keys(self::USERS) as $affected) { foreach(array_keys(self::USERS) as $affected) {
// regular users should only be able to act for themselves // regular users should only be able to act for themselves
@ -112,7 +114,9 @@ class TestAuthorization extends Test\AbstractTest {
function testDomainManagerLogic() { function testDomainManagerLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_DOMAIN_MANAGER) continue; if($actorRights != User\Driver::RIGHTS_DOMAIN_MANAGER) {
continue;
}
$actorDomain = substr($actor,strrpos($actor,"@")+1); $actorDomain = substr($actor,strrpos($actor,"@")+1);
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(self::USERS as $affected => $affectedRights) { foreach(self::USERS as $affected => $affectedRights) {
@ -151,7 +155,9 @@ class TestAuthorization extends Test\AbstractTest {
function testDomainAdministratorLogic() { function testDomainAdministratorLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_DOMAIN_ADMIN) continue; if($actorRights != User\Driver::RIGHTS_DOMAIN_ADMIN) {
continue;
}
$actorDomain = substr($actor,strrpos($actor,"@")+1); $actorDomain = substr($actor,strrpos($actor,"@")+1);
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
$allowed = [User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN]; $allowed = [User\Driver::RIGHTS_NONE,User\Driver::RIGHTS_DOMAIN_MANAGER,User\Driver::RIGHTS_DOMAIN_ADMIN];
@ -191,7 +197,9 @@ class TestAuthorization extends Test\AbstractTest {
function testGlobalManagerLogic() { function testGlobalManagerLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_GLOBAL_MANAGER) continue; if($actorRights != User\Driver::RIGHTS_GLOBAL_MANAGER) {
continue;
}
$actorDomain = substr($actor,strrpos($actor,"@")+1); $actorDomain = substr($actor,strrpos($actor,"@")+1);
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(self::USERS as $affected => $affectedRights) { foreach(self::USERS as $affected => $affectedRights) {
@ -222,7 +230,9 @@ class TestAuthorization extends Test\AbstractTest {
function testGlobalAdministratorLogic() { function testGlobalAdministratorLogic() {
foreach(self::USERS as $actor => $actorRights) { foreach(self::USERS as $actor => $actorRights) {
if($actorRights != User\Driver::RIGHTS_GLOBAL_ADMIN) continue; if($actorRights != User\Driver::RIGHTS_GLOBAL_ADMIN) {
continue;
}
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
// global admins can do anything // global admins can do anything
foreach(self::USERS as $affected => $affectedRights) { foreach(self::USERS as $affected => $affectedRights) {
@ -240,7 +250,9 @@ class TestAuthorization extends Test\AbstractTest {
function testInvalidLevelLogic() { function testInvalidLevelLogic() {
foreach(self::USERS as $actor => $rights) { foreach(self::USERS as $actor => $rights) {
if(in_array($rights, self::LEVELS)) continue; if(in_array($rights, self::LEVELS)) {
continue;
}
Arsse::$user->auth($actor, ""); Arsse::$user->auth($actor, "");
foreach(array_keys(self::USERS) as $affected) { foreach(array_keys(self::USERS) as $affected) {
// users with unknown/invalid rights should be treated just like regular users and only be able to act for themselves // users with unknown/invalid rights should be treated just like regular users and only be able to act for themselves
@ -297,7 +309,9 @@ class TestAuthorization extends Test\AbstractTest {
$err = []; $err = [];
foreach($tests as $func => $args) { foreach($tests as $func => $args) {
// list method does not take an affected user, so do not unshift for that one // list method does not take an affected user, so do not unshift for that one
if($func != "list") array_unshift($args, $user); if($func != "list") {
array_unshift($args, $user);
}
try { try {
call_user_func_array(array(Arsse::$user, $func), $args); call_user_func_array(array(Arsse::$user, $func), $args);
} catch(User\ExceptionAuthz $e) { } catch(User\ExceptionAuthz $e) {