Add a per-controller-method check for authorization for private routes
All checks were successful
timw4mail/HummingBirdAnimeClient/PR-21 This commit looks good
All checks were successful
timw4mail/HummingBirdAnimeClient/PR-21 This commit looks good
This commit is contained in:
parent
0348d0db00
commit
28146ad909
@ -33,6 +33,12 @@ class Controller {
|
|||||||
|
|
||||||
use ContainerAware;
|
use ContainerAware;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The authentication object
|
||||||
|
* @var \Aviat\AnimeClient\API\Kitsu\Auth $auth ;
|
||||||
|
*/
|
||||||
|
protected $auth;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Cache manager
|
* Cache manager
|
||||||
* @var \Psr\Cache\CacheItemPoolInterface
|
* @var \Psr\Cache\CacheItemPoolInterface
|
||||||
@ -96,6 +102,7 @@ class Controller {
|
|||||||
$session = $container->get('session');
|
$session = $container->get('session');
|
||||||
$urlGenerator = $container->get('url-generator');
|
$urlGenerator = $container->get('url-generator');
|
||||||
|
|
||||||
|
$this->auth = $container->get('auth');
|
||||||
$this->cache = $container->get('cache');
|
$this->cache = $container->get('cache');
|
||||||
$this->config = $container->get('config');
|
$this->config = $container->get('config');
|
||||||
$this->request = $container->get('request');
|
$this->request = $container->get('request');
|
||||||
@ -172,6 +179,22 @@ class Controller {
|
|||||||
$this->session->set('redirect_url', NULL);
|
$this->session->set('redirect_url', NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the current user is authenticated, else error and exit
|
||||||
|
*/
|
||||||
|
protected function checkAuth(): void
|
||||||
|
{
|
||||||
|
if ( ! $this->auth->isAuthenticated())
|
||||||
|
{
|
||||||
|
$this->errorPage(
|
||||||
|
403,
|
||||||
|
'Forbidden',
|
||||||
|
'You must <a href="/login">log in</a> to perform this action.'
|
||||||
|
);
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the string output of a partial template
|
* Get the string output of a partial template
|
||||||
*
|
*
|
||||||
|
@ -67,6 +67,18 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function index($type = KitsuWatchingStatus::WATCHING, string $view = NULL): void
|
public function index($type = KitsuWatchingStatus::WATCHING, string $view = NULL): void
|
||||||
{
|
{
|
||||||
|
if ( ! in_array($type, [
|
||||||
|
'all',
|
||||||
|
'watching',
|
||||||
|
'plan_to_watch',
|
||||||
|
'on_hold',
|
||||||
|
'dropped',
|
||||||
|
'completed',
|
||||||
|
], TRUE))
|
||||||
|
{
|
||||||
|
$this->errorPage(404, 'Not Found', 'Page not found');
|
||||||
|
}
|
||||||
|
|
||||||
$title = array_key_exists($type, AnimeWatchingStatus::ROUTE_TO_TITLE)
|
$title = array_key_exists($type, AnimeWatchingStatus::ROUTE_TO_TITLE)
|
||||||
? $this->formatTitle(
|
? $this->formatTitle(
|
||||||
$this->config->get('whose_list') . "'s Anime List",
|
$this->config->get('whose_list') . "'s Anime List",
|
||||||
@ -100,6 +112,8 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function addForm(): void
|
public function addForm(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
|
|
||||||
$this->setSessionRedirect();
|
$this->setSessionRedirect();
|
||||||
$this->outputHTML('anime/add', [
|
$this->outputHTML('anime/add', [
|
||||||
'title' => $this->formatTitle(
|
'title' => $this->formatTitle(
|
||||||
@ -120,6 +134,8 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function add(): void
|
public function add(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
|
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
|
|
||||||
if (empty($data['mal_id']))
|
if (empty($data['mal_id']))
|
||||||
@ -155,6 +171,7 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function edit(string $id, $status = 'all'): void
|
public function edit(string $id, $status = 'all'): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$item = $this->model->getLibraryItem($id);
|
$item = $this->model->getLibraryItem($id);
|
||||||
$this->setSessionRedirect();
|
$this->setSessionRedirect();
|
||||||
|
|
||||||
@ -192,6 +209,7 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function formUpdate(): void
|
public function formUpdate(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
|
|
||||||
// Do some minor data manipulation for
|
// Do some minor data manipulation for
|
||||||
@ -220,6 +238,8 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function increment(): void
|
public function increment(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
|
|
||||||
if (stripos($this->request->getHeader('content-type')[0], 'application/json') !== FALSE)
|
if (stripos($this->request->getHeader('content-type')[0], 'application/json') !== FALSE)
|
||||||
{
|
{
|
||||||
$data = Json::decode((string)$this->request->getBody());
|
$data = Json::decode((string)$this->request->getBody());
|
||||||
@ -229,6 +249,12 @@ final class Anime extends BaseController {
|
|||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (empty($data))
|
||||||
|
{
|
||||||
|
$this->errorPage(400, 'Bad Request', '');
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
$response = $this->model->incrementLibraryItem(new FormItem($data));
|
$response = $this->model->incrementLibraryItem(new FormItem($data));
|
||||||
|
|
||||||
$this->cache->clear();
|
$this->cache->clear();
|
||||||
@ -242,6 +268,8 @@ final class Anime extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function delete(): void
|
public function delete(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
|
|
||||||
$body = $this->request->getParsedBody();
|
$body = $this->request->getParsedBody();
|
||||||
$response = $this->model->deleteLibraryItem($body['id'], $body['mal_id']);
|
$response = $this->model->deleteLibraryItem($body['id'], $body['mal_id']);
|
||||||
|
|
||||||
|
@ -111,6 +111,7 @@ final class AnimeCollection extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function form($id = NULL): void
|
public function form($id = NULL): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$this->setSessionRedirect();
|
$this->setSessionRedirect();
|
||||||
|
|
||||||
$action = $id === NULL ? 'Add' : 'Edit';
|
$action = $id === NULL ? 'Add' : 'Edit';
|
||||||
@ -138,6 +139,7 @@ final class AnimeCollection extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function edit(): void
|
public function edit(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
if (array_key_exists('hummingbird_id', $data))
|
if (array_key_exists('hummingbird_id', $data))
|
||||||
{
|
{
|
||||||
@ -163,6 +165,7 @@ final class AnimeCollection extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function add(): void
|
public function add(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
if (array_key_exists('id', $data))
|
if (array_key_exists('id', $data))
|
||||||
{
|
{
|
||||||
@ -193,6 +196,7 @@ final class AnimeCollection extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function delete(): void
|
public function delete(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
if ( ! array_key_exists('hummingbird_id', $data))
|
if ( ! array_key_exists('hummingbird_id', $data))
|
||||||
{
|
{
|
||||||
|
@ -66,6 +66,18 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function index($status = 'all', $view = ''): void
|
public function index($status = 'all', $view = ''): void
|
||||||
{
|
{
|
||||||
|
if ( ! in_array($type, [
|
||||||
|
'all',
|
||||||
|
'reading',
|
||||||
|
'plan_to_read',
|
||||||
|
'dropped',
|
||||||
|
'on_hold',
|
||||||
|
'completed',
|
||||||
|
], TRUE))
|
||||||
|
{
|
||||||
|
$this->errorPage(404, 'Not Found', 'Page not found');
|
||||||
|
}
|
||||||
|
|
||||||
$statusTitle = MangaReadingStatus::ROUTE_TO_TITLE[$status];
|
$statusTitle = MangaReadingStatus::ROUTE_TO_TITLE[$status];
|
||||||
|
|
||||||
$title = $this->formatTitle(
|
$title = $this->formatTitle(
|
||||||
@ -99,6 +111,7 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function addForm(): void
|
public function addForm(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$statuses = MangaReadingStatus::KITSU_TO_TITLE;
|
$statuses = MangaReadingStatus::KITSU_TO_TITLE;
|
||||||
|
|
||||||
$this->setSessionRedirect();
|
$this->setSessionRedirect();
|
||||||
@ -121,6 +134,7 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function add(): void
|
public function add(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
if ( ! array_key_exists('id', $data))
|
if ( ! array_key_exists('id', $data))
|
||||||
{
|
{
|
||||||
@ -160,6 +174,7 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function edit($id, $status = 'All'): void
|
public function edit($id, $status = 'All'): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$this->setSessionRedirect();
|
$this->setSessionRedirect();
|
||||||
$item = $this->model->getLibraryItem($id);
|
$item = $this->model->getLibraryItem($id);
|
||||||
$title = $this->formatTitle(
|
$title = $this->formatTitle(
|
||||||
@ -198,6 +213,7 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function formUpdate(): void
|
public function formUpdate(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$data = $this->request->getParsedBody();
|
$data = $this->request->getParsedBody();
|
||||||
|
|
||||||
// Do some minor data manipulation for
|
// Do some minor data manipulation for
|
||||||
@ -225,6 +241,8 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function increment(): void
|
public function increment(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
|
|
||||||
if (stripos($this->request->getHeader('content-type')[0], 'application/json') !== FALSE)
|
if (stripos($this->request->getHeader('content-type')[0], 'application/json') !== FALSE)
|
||||||
{
|
{
|
||||||
$data = Json::decode((string)$this->request->getBody());
|
$data = Json::decode((string)$this->request->getBody());
|
||||||
@ -249,6 +267,8 @@ final class Manga extends Controller {
|
|||||||
*/
|
*/
|
||||||
public function delete(): void
|
public function delete(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
|
|
||||||
$body = $this->request->getParsedBody();
|
$body = $this->request->getParsedBody();
|
||||||
$response = $this->model->deleteLibraryItem($body['id'], $body['mal_id']);
|
$response = $this->model->deleteLibraryItem($body['id'], $body['mal_id']);
|
||||||
|
|
||||||
|
@ -89,6 +89,7 @@ final class Misc extends BaseController {
|
|||||||
*/
|
*/
|
||||||
public function logout(): void
|
public function logout(): void
|
||||||
{
|
{
|
||||||
|
$this->checkAuth();
|
||||||
$auth = $this->container->get('auth');
|
$auth = $this->container->get('auth');
|
||||||
$auth->logout();
|
$auth->logout();
|
||||||
|
|
||||||
|
@ -47,6 +47,9 @@ final class Settings extends BaseController {
|
|||||||
|
|
||||||
$this->anilistModel = $container->get('anilist-model');
|
$this->anilistModel = $container->get('anilist-model');
|
||||||
$this->settingsModel = $container->get('settings-model');
|
$this->settingsModel = $container->get('settings-model');
|
||||||
|
|
||||||
|
// This is a rare controller where every route is private
|
||||||
|
$this->checkAuth();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user