77 lines
2.2 KiB
PHP
Raw Normal View History

<?php
2016-08-24 21:17:58 -04:00
use Miniflux\Router;
use Miniflux\Response;
use Miniflux\Request;
use Miniflux\Session;
use Miniflux\Template;
use Miniflux\Helper;
use Miniflux\Model;
use Miniflux\Translator;
use Miniflux\Handler;
// Called before each action
2016-04-17 19:44:45 -04:00
Router\before(function ($action) {
Session\open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH, 0);
2014-02-08 14:13:14 -05:00
// Select the requested database either from post param database or from the
// session variable. If it fails, logout to destroy session and
// 'remember me' cookie
2016-05-03 17:45:07 +09:00
if (Request\value('database') !== null && ! Model\Database\select(Request\value('database'))) {
Model\User\logout();
Response\redirect('?action=login');
2016-04-17 19:44:45 -04:00
} elseif (! empty($_SESSION['database'])) {
if (! Model\Database\select($_SESSION['database'])) {
Model\User\logout();
2014-05-26 20:47:40 -04:00
Response\redirect('?action=login');
}
}
// These actions are considered to be safe even for unauthenticated users
$safe_actions = array('login', 'bookmark-feed', 'select-db', 'logout', 'notfound');
2015-01-17 18:53:40 -05:00
if (! Model\User\is_loggedin() && ! in_array($action, $safe_actions)) {
if (! Model\RememberMe\authenticate()) {
Model\User\logout();
Response\redirect('?action=login');
}
2016-04-17 19:44:45 -04:00
} elseif (Model\RememberMe\has_cookie()) {
Model\RememberMe\refresh();
}
// Load translations
$language = Model\Config\get('language') ?: 'en_US';
Translator\load($language);
2014-02-25 19:03:46 -05:00
// Set timezone
date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC');
// HTTP secure headers
Response\csp(array(
'media-src' => '*',
'img-src' => '* data:',
'frame-src' => Model\Config\get_iframe_whitelist(),
'child-src' => Model\Config\get_iframe_whitelist(),
'referrer' => 'no-referrer',
));
Response\xframe();
Response\xss();
Response\nosniff();
if (ENABLE_HSTS && Helper\is_secure_connection()) {
Response\hsts();
}
});
// Show help
2016-04-17 19:44:45 -04:00
Router\get_action('show-help', function () {
Response\html(Template\load('show_help'));
2014-02-04 21:47:59 -05:00
});
// Image proxy (avoid SSL mixed content warnings)
2016-04-17 19:44:45 -04:00
Router\get_action('proxy', function () {
2016-08-18 22:41:39 -04:00
Handler\Proxy\download(rawurldecode(Request\param('url')));
exit;
});