<?php

// Called before each action
Router\before(function ($action) {
    Session\open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH, 0);

    // Select the requested database either from post param database or from the
    // session variable. If it fails, logout to destroy session and
    // 'remember me' cookie
    if (Request\value('database') !== null && ! Model\Database\select(Request\value('database'))) {
        Model\User\logout();
        Response\redirect('?action=login');
    } elseif (! empty($_SESSION['database'])) {
        if (! Model\Database\select($_SESSION['database'])) {
            Model\User\logout();
            Response\redirect('?action=login');
        }
    }

    // These actions are considered to be safe even for unauthenticated users
    $safe_actions = array('login', 'bookmark-feed', 'select-db', 'logout', 'notfound');

    if (! Model\User\is_loggedin() && ! in_array($action, $safe_actions)) {
        if (! Model\RememberMe\authenticate()) {
            Model\User\logout();
            Response\redirect('?action=login');
        }
    } elseif (Model\RememberMe\has_cookie()) {
        Model\RememberMe\refresh();
    }

    // Load translations
    $language = Model\Config\get('language') ?: 'en_US';
    Translator\load($language);

    // Set timezone
    date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC');

    // HTTP secure headers
    Response\csp(array(
        'media-src' => '*',
        'img-src' => '* data:',
        'frame-src' => Model\Config\get_iframe_whitelist(),
        'referrer' => 'no-referrer',
    ));

    Response\xframe();
    Response\xss();
    Response\nosniff();

    if (ENABLE_HSTS && Helper\is_secure_connection()) {
        Response\hsts();
    }
});

// Show help
Router\get_action('show-help', function () {
    Response\html(Template\load('show_help'));
});

// Show the menu for the mobile view
Router\get_action('more', function () {
    Response\html(Template\layout('show_more', array('menu' => 'more')));
});

// Image proxy (avoid SSL mixed content warnings)
Router\get_action('proxy', function () {
    Model\Proxy\download(rawurldecode(Request\param('url')));
    exit;
});