Merge pull request #33 from OnePlc/1.0.26-dev

faster routing, whitelist fixes
OnePlc · Apr 1, 2021 · 92491e3 · 92491e3
2 parents 0a242e2 + b5ad8f7
commit 92491e3
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 65 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,15 +5,20 @@ All notable changes to oneplace-event will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [1.0.25] - 
+## [1.0.26] - 2021-04-01
+
+### Changed
+- Faster routing
+
+### Fixed
+- Whitelist is now loading correctly
+
+## [1.0.25] - 2021-04-01
 
 ### Added
 - User Interface for Application Firewall (pre-alpha)
 - Module can now be updated
 - Firewall Whitelist for Logged-in users
-
-### Changed
-
 ## [1.0.24] - 2021-03-31
 
 ### Added

diff --git a/composer.json b/composer.json
@@ -3,7 +3,7 @@
     "description": "onePlace User Module",
     "type": "oneplace-module",
     "license": "BSD-3-Clause",
-    "version": "1.0.25",
+    "version": "1.0.26",
     "keywords": [
         "laminas",
         "mvc",

diff --git a/src/Module.php b/src/Module.php
@@ -34,7 +34,7 @@ class Module
      *
      * @since 1.0.0
      */
-    const VERSION = '1.0.25';
+    const VERSION = '1.0.26';
 
     /**
      * Load module config file
@@ -110,21 +110,21 @@ function ($e) {
                 # set session manager
                 $config = new StandardConfig();
                 $config->setOptions([
-                    'remember_me_seconds' => 1800,
-                    'name'                => 'plcauth',
+                'remember_me_seconds' => 1800,
+                'name'                => 'plcauth',
                 ]);
                 $manager = new SessionManager($config);
-                **/
+                 **/
 
                 $app->getMvcEvent()->getViewModel()->setVariables(['sRouteName' => $sRouteName]);
 
                 /**
                  * preparign for firewall access log
 
                 $log  = "User: ".$_SERVER['REMOTE_ADDR'].' - '.date("F j, Y, g:i a").PHP_EOL.
-                    "URL: ".$sRouteName.PHP_EOL.
-                    "Attempt: ".('Success').PHP_EOL.
-                    "-------------------------".PHP_EOL;
+                "URL: ".$sRouteName.PHP_EOL.
+                "Attempt: ".('Success').PHP_EOL.
+                "-------------------------".PHP_EOL;
                 //Save string to log, use FILE_APPEND to append.
                 file_put_contents('./log_'.date("Y-m-d").'.log', $log, FILE_APPEND);
                  * */
@@ -139,20 +139,25 @@ function ($e) {
                     # check permissions
                     CoreController::$oTranslator->setLocale($container->oUser->getLang());
 
-
+                    $oSettingsTbl = new TableGateway('settings', $oDbAdapter);
                     //echo 'check for '.$aRouteInfo['action'].'-'.$aRouteInfo['controller'];
 
                     $container->oUser->setAdapter($oDbAdapter);
 
                     $bIsSetupController = stripos($aRouteInfo['controller'], 'InstallController');
                     if ($bIsSetupController === false) {
                         $aWhiteListedRoutes = [];
-                        $aWhiteListedRoutesDB = json_decode(CoreController::$aGlobalSettings['firewall-user-whitelist']);
-                        if(is_array($aWhiteListedRoutesDB)) {
-                            foreach($aWhiteListedRoutesDB as $sWhiteRoute) {
-                                $aWhiteListedRoutes[$sWhiteRoute] = [];
+                        $oWhiteList = $oSettingsTbl->select(['settings_key' => 'firewall-user-whitelist']);
+                        if(count($oWhiteList) > 0) {
+                            $oWhiteList = $oWhiteList->current();
+                            $aWhiteListedRoutesDB = json_decode($oWhiteList->settings_value);
+                            if(is_array($aWhiteListedRoutesDB)) {
+                                foreach($aWhiteListedRoutesDB as $sWhiteRoute) {
+                                    $aWhiteListedRoutes[$sWhiteRoute] = [];
+                                }
                             }
                         }
+
                         if(!array_key_exists($sRouteName, $aWhiteListedRoutes)) {
                             if (! $container->oUser->hasPermission($aRouteInfo['action'], $aRouteInfo['controller'])
                                 && $sRouteName != 'denied') {
@@ -171,70 +176,75 @@ function ($e) {
                     } else {
                         # let user install module
                     }
-                }
+                } else {
 
-                /**
-                 * Api Login
-                 */
-                $bIsApiController = stripos($aRouteInfo['controller'], 'ApiController');
-                if (isset($_REQUEST['authkey']) && $bIsApiController !== false) {
-                    try {
-                        # Do Authtoken login
-                        $oKeysTbl = new TableGateway('core_api_key', $oDbAdapter);
-                        $oKeyActive = $oKeysTbl->select(['api_key' => $_REQUEST['authkey']]);
-                        if (count($oKeyActive) > 0) {
-                            $oKey = $oKeyActive->current();
-                            if (password_verify($_REQUEST['authtoken'], $oKey->api_token)) {
-                                $bLoggedIn = true;
+                    /**
+                     * Api Login
+                     */
+                    $bIsApiController = stripos($aRouteInfo['controller'], 'ApiController');
+                    if (isset($_REQUEST['authkey']) && $bIsApiController !== false) {
+                        try {
+                            # Do Authtoken login
+                            $oKeysTbl = new TableGateway('core_api_key', $oDbAdapter);
+                            $oKeyActive = $oKeysTbl->select(['api_key' => $_REQUEST['authkey']]);
+                            if (count($oKeyActive) > 0) {
+                                $oKey = $oKeyActive->current();
+                                if (password_verify($_REQUEST['authtoken'], $oKey->api_token)) {
+                                    $bLoggedIn = true;
+                                }
                             }
+                        } catch (\RuntimeException $e) {
+                            # could not load auth key
                         }
-                    } catch (\RuntimeException $e) {
-                        # could not load auth key
                     }
-                }
 
-                # Whitelisted routes that need no authentication
-                $aWhiteListedRoutes = [
-                    'setup' => [],
-                    'login' => [],
-                ];
-                if(isset(CoreController::$aGlobalSettings['firewall-whitelist'])) {
-                    $aWhiteListedRoutesDB = json_decode(CoreController::$aGlobalSettings['firewall-whitelist']);
-                    if(is_array($aWhiteListedRoutesDB)) {
-                        foreach($aWhiteListedRoutesDB as $sWhiteRoute) {
-                            $aWhiteListedRoutes[$sWhiteRoute] = [];
+                    # Whitelisted routes that need no authentication
+                    $oSettingsTbl = new TableGateway('settings', $oDbAdapter);
+
+                    $aWhiteListedRoutes = [
+                        'setup' => [],
+                        'login' => [],
+                    ];
+                    $oWhiteList = $oSettingsTbl->select(['settings_key' => 'firewall-whitelist']);
+                    if(count($oWhiteList) > 0) {
+                        $oWhiteList = $oWhiteList->current();
+                        $aWhiteListedRoutesDB = json_decode($oWhiteList->settings_value);
+                        if(is_array($aWhiteListedRoutesDB)) {
+                            foreach($aWhiteListedRoutesDB as $sWhiteRoute) {
+                                $aWhiteListedRoutes[$sWhiteRoute] = [];
+                            }
                         }
                     }
-                }
 
-                /**
-                 * Redirect to Login Page if not logged in
-                 */
-                if (! $bLoggedIn && ! array_key_exists($sRouteName, $aWhiteListedRoutes)) {
                     /**
-                     * Setup before First Login
+                     * Redirect to Login Page if not logged in
                      */
-                    $sBaseConf = 'config/autoload/local.php';
-                    if (! file_exists($sBaseConf) && $sRouteName != 'setup') {
-                        $sTravisPath = $sTravisBase.'/vendor/oneplace/oneplace-core/config/autoload/local.php';
-                        if (! file_exists($sTravisPath)) {
-                            $response = $e->getResponse();
-                            $response->getHeaders()
-                                ->addHeaderLine('Location', $e->getRouter()->assemble([], ['name' => 'setup']));
-                            $response->setStatusCode(302);
-                            //return $response;
+                    if (! $bLoggedIn && ! array_key_exists($sRouteName, $aWhiteListedRoutes)) {
+                        /**
+                         * Setup before First Login
+                         */
+                        $sBaseConf = 'config/autoload/local.php';
+                        if (! file_exists($sBaseConf) && $sRouteName != 'setup') {
+                            $sTravisPath = $sTravisBase.'/vendor/oneplace/oneplace-core/config/autoload/local.php';
+                            if (! file_exists($sTravisPath)) {
+                                $response = $e->getResponse();
+                                $response->getHeaders()
+                                    ->addHeaderLine('Location', $e->getRouter()->assemble([], ['name' => 'setup']));
+                                $response->setStatusCode(302);
+                                //return $response;
+                            } else {
+                                $response = $e->getResponse();
+                                $response->getHeaders()
+                                    ->addHeaderLine('Location', $e->getRouter()->assemble([], ['name' => 'login']));
+                                $response->setStatusCode(302);
+                            }
                         } else {
                             $response = $e->getResponse();
                             $response->getHeaders()
                                 ->addHeaderLine('Location', $e->getRouter()->assemble([], ['name' => 'login']));
                             $response->setStatusCode(302);
+                            //return $response;
                         }
-                    } else {
-                        $response = $e->getResponse();
-                        $response->getHeaders()
-                            ->addHeaderLine('Location', $e->getRouter()->assemble([], ['name' => 'login']));
-                        $response->setStatusCode(302);
-                        //return $response;
                     }
                 }
             },