From deacd0dfc195bca41af631114804d29937337cd8 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Wed, 17 Jan 2024 02:11:31 +0900
Subject: .

---
 .../src/Middlewares/AdminRequiredMiddleware.php    |  43 ++++++++
 .../app/src/Middlewares/AuthRequiredMiddleware.php |  43 ++++++++
 .../Middlewares/CacheControlPrivateMiddleware.php  |  23 +++++
 .../app/src/Middlewares/CurrentUserMiddleware.php  |  43 ++++++++
 services/app/src/Middlewares/TrailingSlash.php     | 113 +++++++++++++++++++++
 services/app/src/Middlewares/TwigMiddleware.php    |  33 ++++++
 6 files changed, 298 insertions(+)
 create mode 100644 services/app/src/Middlewares/AdminRequiredMiddleware.php
 create mode 100644 services/app/src/Middlewares/AuthRequiredMiddleware.php
 create mode 100644 services/app/src/Middlewares/CacheControlPrivateMiddleware.php
 create mode 100644 services/app/src/Middlewares/CurrentUserMiddleware.php
 create mode 100644 services/app/src/Middlewares/TrailingSlash.php
 create mode 100644 services/app/src/Middlewares/TwigMiddleware.php

(limited to 'services/app/src/Middlewares')

diff --git a/services/app/src/Middlewares/AdminRequiredMiddleware.php b/services/app/src/Middlewares/AdminRequiredMiddleware.php
new file mode 100644
index 0000000..dc81b42
--- /dev/null
+++ b/services/app/src/Middlewares/AdminRequiredMiddleware.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nsfisis\Albatross\Middlewares;
+
+use LogicException;
+use Nsfisis\Albatross\Models\User;
+use Psr\Http\Message\ResponseFactoryInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Slim\App;
+
+final class AdminRequiredMiddleware implements MiddlewareInterface
+{
+    private function __construct(
+        private readonly ResponseFactoryInterface $responseFactory,
+    ) {
+    }
+
+    public static function create(App $app): self
+    {
+        return new self($app->getResponseFactory());
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $current_user = $request->getAttribute('current_user');
+        if (!$current_user instanceof User) {
+            throw new LogicException('The route that has this middleware must have the CurrentUserMiddleware before this one');
+        }
+
+        if (!$current_user->is_admin) {
+            $response = $this->responseFactory->createResponse(403);
+            $response->getBody()->write('Forbidden');
+            return $response->withHeader('Content-Type', 'text/plain');
+        }
+
+        return $handler->handle($request);
+    }
+}
diff --git a/services/app/src/Middlewares/AuthRequiredMiddleware.php b/services/app/src/Middlewares/AuthRequiredMiddleware.php
new file mode 100644
index 0000000..1985a0c
--- /dev/null
+++ b/services/app/src/Middlewares/AuthRequiredMiddleware.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nsfisis\Albatross\Middlewares;
+
+use Psr\Http\Message\ResponseFactoryInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Slim\App;
+
+final class AuthRequiredMiddleware implements MiddlewareInterface
+{
+    private function __construct(
+        private readonly ResponseFactoryInterface $responseFactory,
+        private readonly string $loginPath,
+    ) {
+    }
+
+    public static function create(
+        App $app,
+        string $loginRouteName,
+    ): self {
+        return new self(
+            $app->getResponseFactory(),
+            $app->getRouteCollector()->getRouteParser()->urlFor($loginRouteName),
+        );
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $current_user = $request->getAttribute('current_user');
+        if ($current_user === null) {
+            return $this->responseFactory
+                ->createResponse(302)
+                ->withHeader('Location', $this->loginPath . "?to=" . urlencode($request->getUri()->getPath()));
+        }
+
+        return $handler->handle($request);
+    }
+}
diff --git a/services/app/src/Middlewares/CacheControlPrivateMiddleware.php b/services/app/src/Middlewares/CacheControlPrivateMiddleware.php
new file mode 100644
index 0000000..4372d5c
--- /dev/null
+++ b/services/app/src/Middlewares/CacheControlPrivateMiddleware.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nsfisis\Albatross\Middlewares;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+final class CacheControlPrivateMiddleware implements MiddlewareInterface
+{
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $response = $handler->handle($request);
+        if ($request->getAttribute('current_user') !== null) {
+            return $response->withHeader('Cache-Control', 'private');
+        } else {
+            return $response;
+        }
+    }
+}
diff --git a/services/app/src/Middlewares/CurrentUserMiddleware.php b/services/app/src/Middlewares/CurrentUserMiddleware.php
new file mode 100644
index 0000000..a58a327
--- /dev/null
+++ b/services/app/src/Middlewares/CurrentUserMiddleware.php
@@ -0,0 +1,43 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nsfisis\Albatross\Middlewares;
+
+use Nsfisis\Albatross\Repositories\UserRepository;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+final class CurrentUserMiddleware implements MiddlewareInterface
+{
+    public function __construct(
+        private UserRepository $userRepo,
+    ) {
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $request = $this->setCurrentUserAttribute($request);
+        return $handler->handle($request);
+    }
+
+    private function setCurrentUserAttribute(ServerRequestInterface $request): ServerRequestInterface
+    {
+        if (session_status() !== PHP_SESSION_ACTIVE) {
+            return $request;
+        }
+        $user_id = $_SESSION['user_id'] ?? null;
+        if ($user_id === null) {
+            return $request;
+        }
+        assert(is_int($user_id) || (is_string($user_id) && is_numeric($user_id)));
+        $user_id = (int) $user_id;
+        $user = $this->userRepo->findById($user_id);
+        if ($user === null) {
+            return $request;
+        }
+        return $request->withAttribute('current_user', $user);
+    }
+}
diff --git a/services/app/src/Middlewares/TrailingSlash.php b/services/app/src/Middlewares/TrailingSlash.php
new file mode 100644
index 0000000..cd0f333
--- /dev/null
+++ b/services/app/src/Middlewares/TrailingSlash.php
@@ -0,0 +1,113 @@
+<?php
+
+declare(strict_types=1);
+
+// phpcs:disable
+/*
+ * Based on https://github.com/middlewares/trailing-slash
+ *
+ * Original license:
+ *
+ * The MIT License (MIT)
+ *
+ * Copyright (c) 2019
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+// phpcs:enable
+
+namespace Nsfisis\Albatross\Middlewares;
+
+use Psr\Http\Message\ResponseFactoryInterface;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+class TrailingSlash implements MiddlewareInterface
+{
+    /**
+     * @var bool Add or remove the slash
+     */
+    private $trailingSlash;
+
+    /**
+     * @var ResponseFactoryInterface|null
+     */
+    private $responseFactory;
+
+    /**
+     * Configure whether add or remove the slash.
+     */
+    public function __construct(bool $trailingSlash = false)
+    {
+        $this->trailingSlash = $trailingSlash;
+    }
+
+    /**
+     * Whether returns a 301 response to the new path.
+     */
+    public function redirect(ResponseFactoryInterface $responseFactory): self
+    {
+        $this->responseFactory = $responseFactory;
+
+        return $this;
+    }
+
+    /**
+     * Process a request and return a response.
+     */
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $uri = $request->getUri();
+        $path = $this->normalize($uri->getPath());
+
+        if (isset($this->responseFactory) && ($uri->getPath() !== $path)) {
+            return $this->responseFactory->createResponse(301)
+                ->withHeader('Location', $path);
+        }
+
+        return $handler->handle($request->withUri($uri->withPath($path)));
+    }
+
+    /**
+     * Normalize the trailing slash.
+     */
+    private function normalize(string $path): string
+    {
+        if ($path === '') {
+            return '/';
+        }
+        if (str_contains($path, '/api/')) {
+            return $path;
+        }
+
+        if (strlen($path) > 1) {
+            if ($this->trailingSlash) {
+                if (substr($path, -1) !== '/' && pathinfo($path, PATHINFO_EXTENSION) === '') {
+                    return $path . '/';
+                }
+            } else {
+                return rtrim($path, '/');
+            }
+        }
+
+        return $path;
+    }
+}
diff --git a/services/app/src/Middlewares/TwigMiddleware.php b/services/app/src/Middlewares/TwigMiddleware.php
new file mode 100644
index 0000000..5b950ce
--- /dev/null
+++ b/services/app/src/Middlewares/TwigMiddleware.php
@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Nsfisis\Albatross\Middlewares;
+
+use Nsfisis\Albatross\Twig\CsrfExtension;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Slim\App;
+use Slim\Views\Twig;
+use Slim\Views\TwigMiddleware as SlimTwigMiddleware;
+
+final class TwigMiddleware implements MiddlewareInterface
+{
+    private readonly SlimTwigMiddleware $wrapped;
+
+    public function __construct(App $app, CsrfExtension $csrf_extension)
+    {
+        // TODO:
+        // $twig = Twig::create(__DIR__ . '/../../templates', ['cache' => __DIR__ . '/../../twig-cache']);
+        $twig = Twig::create(__DIR__ . '/../../templates', ['cache' => false]);
+        $twig->addExtension($csrf_extension);
+        $this->wrapped = SlimTwigMiddleware::create($app, $twig);
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        return $this->wrapped->process($request, $handler);
+    }
+}
-- 
cgit v1.2.3-70-g09d2