<?php
class ApplicationController extends Rails\ActionController\Base
{
public function __call($method, $params)
{
if (preg_match("/^(\w+)_only$/", $method, $m)) {
if (current_user()->{'is_' . $m[1] . '_or_higher'}()) {
return true;
} else {
$this->access_denied();
return false;
}
}
# For many actions, GET invokes the HTML UI, and a POST actually invokes
# the action, so we often want to require higher access for POST (so the UI
# can invoke the login dialog).
elseif (preg_match("/^post_(\w+)_only$/", $method, $m)) {
if (!$this->request()->isPost())
return true;
elseif (current_user()->{'is_' . $m[1] . '_or_higher'}())
return true;
else {
$this->access_denied();
return false;
}
}
return parent::__call($method, $params);
}
/**
* This is found in SessionHelper in Moebooru
*/
public function page_number()
{
if (!isset($this->page_number))
$this->page_number = $this->params()->page ?: 1;
return $this->page_number;
}
# LoginSystem {
protected function access_denied()
{
$previous_url = $this->params()->url || $this->request()->fullPath();
$this->respondTo([
'html' => function()use($previous_url) {
$this->notice('Access denied');
$this->redirectTo("user#login", array('url' => $previous_url));
},
'xml' => function() {
$this->render(array('xml' => array('success' => false, 'reason' => "access denied"), 'root' => "response", 'status' => 403));
},
'json' => function() {
$this->render(array('json' => array('success' => false, 'reason' => "access denied"), 'status' => 403));
}
]);
}
public function user_can_see_posts()
{
if (!current_user()->can_see_posts()) {
$this->access_denied();
}
}
protected function set_current_user()
{
$user = null;
$AnonymousUser = array(
'id' => 0,
'level' => 0,
'name' => "Anonymous",
'show_samples' => true,
'language' => '',
'secondary_languages' => '',
'pool_browse_mode' => 1,
'always_resize_images' => true,
'ip_addr' => $this->request()->remoteIp()
);
if (!current_user() && $this->session()->user_id) {
$user = User::where(['id' => $this->session()->user_id])->first();
} else {
if ($this->cookies()->login && $this->cookies()->pass_hash) {
$user = User::authenticate_hash($this->cookies()->login, $this->cookies()->pass_hash);
} elseif (isset($this->params()->login) && isset($this->params()->password_hash)) {
$user = User::authenticate($this->params()->login, $this->params()->password_hash);
} elseif (isset($this->params()->user['name']) && isset($this->params()->user['password'])) {
$user = User::authenticate($this->params()->user['name'], $this->params()->user['password']);
}
$user && $user->updateAttribute('last_logged_in_at', date('Y-m-d H:i:s'));
}
if ($user) {
if ($user->is_blocked() && $user->ban && $user->ban->expires_at < date('Y-m-d H:i:s')) {
$user->updateAttribute('level', CONFIG()->starting_level);
Ban::destroyAll("user_id = ".$user->id);
}
$this->session()->user_id = $user->id;
} else {
$user = new User();
$user->assignAttributes($AnonymousUser, ['without_protection' => true]);
}
User::set_current_user($user);
$this->current_user = $user;
# For convenient access in activerecord models
$user->ip_addr = $this->request()->remoteIp();
Moebooru\Versioning\Versioning::init_history();
if (!current_user()->is_anonymous())
current_user()->log($this->request()->remoteIp());
}
# iTODO:
protected function set_country()
{
current_user()->country = '--';
// current_user()->country = Rails::cache()->fetch(['type' => 'geoip', 'ip' => $this->request()->remote_ip()], ['expires_in' => '+1 month']) do
// begin
// GeoIP->new(Rails.root.join('db', 'GeoIP.dat').to_s).country($this->request()->remote_ip()).country_code2
// rescue
// '--'
// end
// end
}
# } RespondToHelpers {
protected function respond_to_success($notice, $redirect_to_params, array $options = array())
{
$extra_api_params = isset($options['api']) ? $options['api'] : array();
$this->respondTo(array(
'html' => function() use ($notice, $redirect_to_params) {
$this->notice($notice);
$this->redirectTo($redirect_to_params);
},
'json' => function() use ($extra_api_params) {
$this->render(array('json' => array_merge($extra_api_params, array('success' => true))));
},
'xml' => function() use ($extra_api_params) {
$this->render(array('xml' => array_merge($extra_api_params, array('success' => true)), 'root' => "response"));
}
));
}
protected function respond_to_error($obj, $redirect_to_params, $options = array())
{
!is_array($redirect_to_params) && $redirect_to_params = array($redirect_to_params);
$extra_api_params = isset($options['api']) ? $options['api'] : array();
$status = isset($options['status']) ? $options['status'] : 500;
if ($obj instanceof Rails\ActiveRecord\Base) {
$obj = $obj->errors()->fullMessages(", ");
$status = 420;
}
if ($status == 420)
$status = "420 Invalid Record";
elseif ($status == 421)
$status = "421 User Throttled";
elseif ($status == 422)
$status = "422 Locked";
elseif ($status == 423)
$status = "423 Already Exists";
elseif ($status == 424)
$status = "424 Invalid Parameters";
$this->respondTo(array(
'html' => function()use($obj, $redirect_to_params) {
$this->notice("Error: " . $obj);
$this->redirectTo($redirect_to_params);
},
'json' => function()use($obj, $extra_api_params, $status) {
$this->render(array('json' => array_merge($extra_api_params, array('success' => false, 'reason' => $obj)), 'status' => $status));
},
'xml' => function()use($obj, $extra_api_params, $status) {
$this->render(array('xml' => array_merge($extra_api_params, array('success' => false, 'reason' => $obj)), 'root' => "response", 'status' => $status));
}
));
}
protected function respond_to_list($inst_var_name, array $formats = array())
{
$inst_var = $this->$inst_var_name;
$this->respondTo(array(
'html',
isset($formats['atom']) ? 'atom' : null,
'json' => function() use ($inst_var) {
$this->render(array('json' => $inst_var->toJson()));
},
'xml' => function() use ($inst_var, $inst_var_name) {
$this->render(array('xml' => $inst_var, 'root' => $inst_var_name));
}
));
}
protected function _render_error($record)
{
$this->record = $record;
$this->render(['inline' => '<?= $this->record->errors()->fullMessages("<br />") ?>', 'layout' => "bare", 'status' => 500]);
}
# }
// protected :build_cache_key
// protected :get_cache_key
public function get_ip_ban()
{
$ban = IpBans::where("ip_addr = ?", $this->request()->remoteIp())->first();
return $ban ?: null;
}
protected function check_ip_ban()
{
if ($this->request()->controller() == "banned" and $this->request()->action() == "index") {
return;
}
$ban = $this->get_ip_ban();
if (!$ban) {
return;
}
if ($ban->expires_at && $ban->expires_at < date('Y-m-d H:i:s')) {
IpBans::destroyAll("ip_addr = '{$this->request()->remoteIp()}'");
return;
}
$this->redirectTo('banned#index');
}
protected function save_tags_to_cookie()
{
if ($this->params()->tags || (is_array($this->params()->post) && isset($this->params()->post['tags']))) {
$post_tags = isset($this->params()->post['tags']) ? (string)$this->params()->post['tags'] : '';
$tags = TagAlias::to_aliased(explode(' ', (strtolower($this->params()->tags ?: $post_tags))));
if ($recent_tags = trim($this->cookies()->recent_tags))
$tags = array_merge($tags, explode(' ', $recent_tags));
$this->cookies()->recent_tags = implode(" ", array_slice($tags, 0, 20));
}
}
public function set_cache_headers()
{
$this->response()->headers()->add("Cache-Control", "max-age=300");
}
# iTODO:
public function cache_action()
{
// if ($this->request()->method() == 'get' && !preg_match('/Googlebot/', $this->request()->env()) && $this->params()->format != "xml" && $this->params()->format != "json") {
// list($key, $expiry) = $this->get_cache_key($this->controller_name(), $this->action_name(), $this->params(), 'user' => current_user());
// if ($key && count($key) < 200) {
// $cached = Rails::cache()->read($key);
// if ($cached) {
// $this->render(['text' => $cached, 'layout' => false]);
// return;
// }
// }
// $this->yield();
// if ($key && strpos($this->response->headers['Status'], '200') === 0) {
// Rails::cache()->write($key, $this->response->body, ['expires_in' => $expiry]);
// }
// } else {
// $this->yield();
// }
}
protected function init_cookies()
{
if ($this->request()->format() == "xml" || $this->request()->format() == "json") {
return;
}
$forum_posts = ForumPost::where("parent_id IS NULL")->order("updated_at DESC")->limit(10)->take();
$this->cookies()->current_forum_posts = json_encode(array_map(function($fp) {
if (current_user()->is_anonymous()) {
$updated = false;
} else {
$updated = $fp->updated_at > current_user()->last_forum_topic_read_at;
}
return [$fp->title, $fp->id, $updated, ceil($fp->response_count / 30.0)];
}, $forum_posts->members()));
$this->cookies()->country = current_user()->country;
if (!current_user()->is_anonymous()) {
$this->cookies()->user_id = (string)current_user()->id;
$this->cookies()->user_info = current_user()->user_info_cookie();
$this->cookies()->has_mail = (current_user()->has_mail ? "1" : "0");
$this->cookies()->forum_updated = (current_user()->is_privileged_or_higher() && ForumPost::updated(current_user()) ? "1" : "0");
$this->cookies()->comments_updated = (current_user()->is_privileged_or_higher() && Comment::updated(current_user()) ? "1" : "0");
if (current_user()->is_janitor_or_higher()) {
$mod_pending = Post::where("status = 'flagged' OR status = 'pending'")->count();
$this->cookies()->mod_pending = (string)$mod_pending;
}
if (current_user()->is_blocked()) {
if (current_user()->ban)
$this->cookies()->block_reason = "You have been blocked. Reason: ".current_user()->ban->reason.". Expires: ".substr(current_user()->ban->expires_at, 0, 10);
else
$this->cookies()->block_reason = "You have been blocked.";
} else
$this->cookies()->block_reason = "";
$this->cookies()->resize_image = (current_user()->always_resize_images ? "1" : "0");
$this->cookies()->show_advanced_editing = (current_user()->show_advanced_editing ? "1" : "0");
$this->cookies()->my_tags = current_user()->my_tags;
$this->cookies()->blacklisted_tags = json_encode(current_user()->blacklisted_tags_array());
$this->cookies()->held_post_count = (string)current_user()->held_post_count();
} else {
$this->cookies()->delete('user_info');
$this->cookies()->delete('login');
$this->cookies()->blacklisted_tags = json_encode(CONFIG()->default_blacklists);
}
if ($this->session()->notice) {
$this->cookies()->notice = $this->session()->notice;
$this->session()->delete('notice');
}
}
protected function set_title($title = null)
{
if (!$title)
$title = CONFIG()->app_name;
else
$title .= ' | ' . CONFIG()->app_name;
$this->page_title = $title;
}
protected function notice($str)
{
$this->session()->notice = $str;
}
protected function set_locale()
{
if ($this->params()->locale and in_array($this->params()->locale, CONFIG()->available_locales)) {
$this->cookies()->locale = [ 'value' => $this->params()->locale, 'expires' => '+1 year' ];
$this->I18n()->setLocale($this->params()->locale);
} elseif ($this->cookies()->locale and in_array($this->cookies()->locale, CONFIG()->available_locales)) {
$this->I18n()->setLocale($this->cookies()->locale);
} else
$this->I18n()->setLocale(CONFIG()->default_locale);
}
protected function sanitize_params()
{
if ($this->params()->page) {
if ($this->params()->page < 1)
$this->params()->page = 1;
} else
$this->params()->page = 1;
}
protected function admin_only()
{
if (!current_user()->is_admin())
$this->access_denied();
}
protected function member_only()
{
if (!current_user()->is_member_or_higher())
$this->access_denied();
}
protected function post_privileged_only()
{
if (!current_user()->is_privileged_or_higher())
$this->access_denied();
}
protected function post_member_only()
{
if (!current_user()->is_member_or_higher())
$this->access_denied();
}
protected function no_anonymous()
{
if (current_user()->is_anonymous())
$this->access_denied();
}
protected function sanitize_id()
{
$this->params()->id = (int)$this->params()->id;
}
# iTODO:
protected function filters()
{
return [
'before' => [
'set_current_user',
'set_country',
'set_locale',
'set_title',
'sanitize_params',
'check_ip_ban'
],
'after' => [
'init_cookies'
]
];
}
}