lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Adds pipeline in index for all middleware

main
Yasen Pramatarov 2025-04-26 15:36:41 +03:00
parent 315fbcb18f
commit 1f3d331b25
2 changed files with 70 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
app/core/MiddlewarePipeline.php 100644
View File

@ -0,0 +1,30 @@
<?php
namespace App\Core;
class MiddlewarePipeline {
/** @var callable[] */
private $middlewares = [];
/**
* Add a middleware to the pipeline.
* @param callable $middleware Should return false to halt execution.
*/
public function add(callable $middleware): void {
$this->middlewares[] = $middleware;
}
/**
* Execute all middlewares in sequence.
* @return bool False if any middleware returns false, true otherwise.
*/
public function run(): bool {
foreach ($this->middlewares as $middleware) {
$result = call_user_func($middleware);
if ($result === false) {
return false;
}
}
return true;
}
}

59
public_html/index.php
View File

@ -53,11 +53,21 @@ ob_start();
require_once '../app/classes/session.php'; require_once '../app/classes/session.php';
Session::startSession(); Session::startSession();
// Apply security headers // Define page variable early via sanitize
require_once '../app/includes/security_headers_middleware.php'; require_once __DIR__ . '/../app/includes/sanitize.php';
// Ensure $page is defined to avoid undefined variable
if (!isset($page)) {
$page = 'dashboard';
}
// sanitize all input vars that may end up in URLs or forms // Middleware pipeline for security, sanitization & CSRF
require '../app/includes/sanitize.php'; require_once __DIR__ . '/../app/core/MiddlewarePipeline.php';
$pipeline = new \App\Core\MiddlewarePipeline();
$pipeline->add(function() {
// Apply security headers
require_once __DIR__ . '/../app/includes/security_headers_middleware.php';
return true;
});
// Check session validity // Check session validity
$validSession = Session::isValidSession(); $validSession = Session::isValidSession();
@ -144,16 +154,32 @@ if (isset($GLOBALS['user_IP'])) {
$user_IP = $GLOBALS['user_IP']; $user_IP = $GLOBALS['user_IP'];
} }
// Initialize security middleware // CSRF middleware and run pipeline
require_once '../app/includes/csrf_middleware.php'; $pipeline->add(function() {
require_once '../app/helpers/security.php'; // Initialize security middleware
$security = SecurityHelper::getInstance(); require_once __DIR__ . '/../app/includes/csrf_middleware.php';
require_once __DIR__ . '/../app/helpers/security.php';
// Verify CSRF token for POST requests $security = SecurityHelper::getInstance();
applyCsrfMiddleware(); // Verify CSRF token for POST requests
return applyCsrfMiddleware();
// init rate limiter });
require '../app/classes/ratelimiter.php'; $pipeline->add(function() {
// Init rate limiter
global $db, $page, $userId;
require_once __DIR__ . '/../app/includes/rate_limit_middleware.php';
return checkRateLimit($db, $page, $userId);
});
$pipeline->add(function() {
// Init user functions
global $db, $userObject;
require_once __DIR__ . '/../app/classes/user.php';
include __DIR__ . '/../app/helpers/profile.php';
$userObject = new User($db);
return true;
});
if (!$pipeline->run()) {
exit;
}
// get platforms details // get platforms details
require '../app/classes/platform.php'; require '../app/classes/platform.php';
@ -167,11 +193,6 @@ if ($platform_id == '') {
$platformDetails = $platformObject->getPlatformDetails($platform_id); $platformDetails = $platformObject->getPlatformDetails($platform_id);
// init user functions
require '../app/classes/user.php';
include '../app/helpers/profile.php';
$userObject = new User($db);
// logout is a special case, as we can't use session vars for notices // logout is a special case, as we can't use session vars for notices
if ($page == 'logout') { if ($page == 'logout') {
// clean up session // clean up session