Setting.php at 0a360f7 ⋅ terrylinooo/shieldon

<?php
/**
 * This file is part of the Shieldon package.
 *
 * (c) Terry L. <contact@terryl.in>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 * 
 * php version 7.1.0
 * 
 * @category  Web-security
 * @package   Shieldon
 * @author    Terry Lin <contact@terryl.in>
 * @copyright 2019 terrylinooo
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
 * @link      https://github.com/terrylinooo/shieldon
 * @see       https://shieldon.io
 */

declare(strict_types=1);

namespace Shieldon\Firewall\Panel;

use Psr\Http\Message\ResponseInterface;
use Shieldon\Firewall\Panel\BaseController;
use function Shieldon\Firewall\__;
use function Shieldon\Firewall\get_request;
use function Shieldon\Firewall\get_response;
use function Shieldon\Firewall\get_session_instance;
use function Shieldon\Firewall\unset_superglobal;
use function array_keys;
use function array_values;
use function explode;
use function filter_var;
use function json_decode;
use function json_last_error;
use const JSON_PRETTY_PRINT;

/**
 * Home
 */
class Setting extends BaseController
{
    /**
     *   Public methods       | Desctiotion
     *  ----------------------|---------------------------------------------
     *   basic                | The page for managing page authentication.
     *   ipManager            | The page for managing XSS protection.
     *   exclusion            | The page for managing excluded list.
     *   export               | Export the settings as a JSON file.
     *   import               | Improt the setting by a JSON file.
     *  ----------------------|---------------------------------------------
     */

    /**
     * Constructor
     */
    public function __construct() 
    {
        parent::__construct();
    }

    /**
     * Set up basic settings.
     *
     * @return ResponseInterface
     */
    public function basic(): ResponseInterface
    {
        $data = [];

        $postParams = get_request()->getParsedBody();

        if (isset($postParams['tab'])) {
            unset_superglobal('tab', 'post');
            $this->saveConfig();
        }

        $data['title'] = __('panel', 'title_basic_setting', 'Basic Setting');

        return $this->renderPage('panel/setting', $data);
    }

    /**
     * Set up basic settings.
     *
     * @return ResponseInterface
     */
    public function messenger(): ResponseInterface
    {
        $data = [];

        $postParams = get_request()->getParsedBody();

        $data['ajaxUrl'] = $this->url('ajax/tryMessenger');

        if (isset($postParams['tab'])) {
            unset_superglobal('tab', 'post');
            $this->saveConfig();
        }

        $data['title'] = __('panel', 'title_messenger', 'Messenger');

        return $this->renderPage('panel/messenger', $data);
    }

    /**
     * IP manager.
     *
     * @return ResponseInterface
     */
    public function ipManager(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if (
            isset($postParams['ip']) &&
            filter_var(explode('/', $postParams['ip'])[0], FILTER_VALIDATE_IP)
        ) {

            $url = $postParams['url'];
            $ip = $postParams['ip'];
            $rule = $postParams['action'];
            $order = (int) $postParams['order'];

            if ($order > 0) {
                $order--;
            }

            $ipList = (array) $this->getConfig('ip_manager');

            if ('allow' === $rule || 'deny' === $rule) {

                $newIpList = [];
                $newIpList[$order]['url'] = $url;
                $newIpList[$order]['ip'] = $ip;
                $newIpList[$order]['rule'] = $rule;

                array_splice($ipList, $order, 0, $newIpList);

                $this->setConfig('ip_manager', $ipList);

            } elseif ('remove' === $rule) {
                unset($ipList[$order]);
                $ipList = array_values($ipList);
                $this->setConfig('ip_manager', $ipList);
            }

            unset_superglobal('url', 'post');
            unset_superglobal('ip', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['ip_list'] = $this->getConfig('ip_manager');

        $data['title'] = __('panel', 'title_ip_manager', 'IP Manager');

        return $this->renderPage('panel/ip_manager', $data);
    }

    /**
     * Exclude the URLs that they don't need protection.
     *
     * @return ResponseInterface
     */
    public function exclusion(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if (isset($postParams['url'])) {

            $url = $postParams['url'];
            $action = $postParams['action'];
            $order = (int) $postParams['order'];

            $excludedUrls = (array) $this->getConfig('excluded_urls');

            if ('add' === $action) {
                array_push(
                    $excludedUrls,
                    [
                        'url' => $url
                    ]
                );

            } elseif ('remove' === $action) {
                unset($excludedUrls[$order]);

                $excludedUrls = array_values($excludedUrls);
            }

            $this->setConfig('excluded_urls', $excludedUrls);

            unset_superglobal('url', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['exclusion_list'] = $this->getConfig('excluded_urls');

        $data['title'] = __('panel', 'title_exclusion_list', 'Exclusion');

        return $this->renderPage('panel/exclusion', $data);
    }

    /**
     * Export settings.
     *
     * @return ResponseInterface
     */
    public function export(): ResponseInterface
    {
        $response = get_response();

        $stream = $response->getBody();
        $stream->write(json_encode($this->configuration, JSON_PRETTY_PRINT));
        $stream->rewind();

        $filename = 'shieldon_' . date('Y-m-d-Hi') . '.json';

        $response = $response->withHeader('Content-Type', 'text/plain');
        $response = $response->withHeader('Content-Disposition', 'attachment; filename=' . $filename);
        $response = $response->withHeader('Expires', '0');
        $response = $response->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0');
        $response = $response->withHeader('Pragma', 'public');
        $response = $response->withBody($stream);

        return $response;
    }

    /**
     * Import settings.
     *
     * @return ResponseInterface
     */
    public function import(): ResponseInterface
    {
        $request = get_request();
        $response = get_response();

        $uploadedFileArr = $request->getUploadedFiles();
        $importedFileContent = $uploadedFileArr['json_file']->getStream()->getContents();

        if (!empty($importedFileContent)) {
            $jsonData = json_decode($importedFileContent, true);

            if (json_last_error() !== JSON_ERROR_NONE) {
                $this->pushMessage(
                    'error',
                    __(
                        'panel',
                        'error_invalid_json_file',
                        'Invalid JSON file.'
                    )
                );
                get_session_instance()->set('flash_messages', $this->messages);

                // Return failed result message.
                return $response->withHeader('Location', $this->url('setting/basic'));
            }

            $checkFileVaild = true;

            foreach (array_keys($this->configuration) as $key) {
                if (!isset($jsonData[$key])) {
                    $checkFileVaild = false;
                }
            }

            if ($checkFileVaild) {
                foreach (array_keys($jsonData) as $key) {
                    if (isset($this->configuration[$key])) {
                        unset($this->configuration[$key]);
                    }
                }

                $this->configuration = $this->configuration + $jsonData;

                // Save settings into a configuration file.
                $configFilePath = $this->directory . '/' . $this->filename;
                file_put_contents($configFilePath, json_encode($this->configuration));

                $this->pushMessage(
                    'success',
                    __(
                        'panel',
                        'success_json_imported',
                        'JSON file imported successfully.'
                    )
                );

                get_session_instance()->set('flash_messages', $this->messages);

                // Return succesfull result message.
                return $response->withHeader('Location', $this->url('setting/basic'));
            }
        }

        $this->pushMessage(
            'error',
            __(
                'panel',
                'error_invalid_config_file',
                'Invalid Shieldon configuration file.'
            )
        );

        get_session_instance()->set('flash_messages', $this->messages);

        return $response->withHeader('Location', $this->url('setting/basic'));
    }
}

Read our documentation on viewing source code .

Navigation	Overlay
`t` Navigate files	`h` Toggle hits
`y` Change url to tip of branch	`m` Toggle misses
`b / v` Jump to prev/next hit line	`p` Toggle partial
`z / x` Jump to prev/next missed or partial line	`1..9` Toggle flags
`shift + o` Open current page in GitHub	`a` Toggle all on
`/ or ?` Show keyboard shortcuts dialog	`c` Toggle context lines or commits

1		<?php
2		/**
3		* This file is part of the Shieldon package.
4		*
5		* (c) Terry L. <contact@terryl.in>
6		*
7		* For the full copyright and license information, please view the LICENSE
8		* file that was distributed with this source code.
9		*
10		* php version 7.1.0
11		*
12		* @category Web-security
13		* @package Shieldon
14		* @author Terry Lin <contact@terryl.in>
15		* @copyright 2019 terrylinooo
16		* @license https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17		* @link https://github.com/terrylinooo/shieldon
18		* @see https://shieldon.io
19		*/
20
21		declare(strict_types=1);
22
23		namespace Shieldon\Firewall\Panel;
24
25		use Psr\Http\Message\ResponseInterface;
26		use Shieldon\Firewall\Panel\BaseController;
27		use function Shieldon\Firewall\__;
28		use function Shieldon\Firewall\get_request;
29		use function Shieldon\Firewall\get_response;
30		use function Shieldon\Firewall\get_session_instance;
31		use function Shieldon\Firewall\unset_superglobal;
32		use function array_keys;
33		use function array_values;
34		use function explode;
35		use function filter_var;
36		use function json_decode;
37		use function json_last_error;
38		use const JSON_PRETTY_PRINT;
39
40		/**
41		* Home
42		*/
43		class Setting extends BaseController
44		{
45		/**
46		* Public methods \| Desctiotion
47		* ----------------------\|---------------------------------------------
48		* basic \| The page for managing page authentication.
49		* ipManager \| The page for managing XSS protection.
50		* exclusion \| The page for managing excluded list.
51		* export \| Export the settings as a JSON file.
52		* import \| Improt the setting by a JSON file.
53		* ----------------------\|---------------------------------------------
54		*/
55
56		/**
57		* Constructor
58		*/
59	3	public function __construct()
60		{
61	3	parent::__construct();
62		}
63
64		/**
65		* Set up basic settings.
66		*
67		* @return ResponseInterface
68		*/
69	3	public function basic(): ResponseInterface
70		{
71	3	$data = [];
72
73	3	$postParams = get_request()->getParsedBody();
74
75	3	if (isset($postParams['tab'])) {
76	3	unset_superglobal('tab', 'post');
77	3	$this->saveConfig();
78		}
79
80	3	$data['title'] = __('panel', 'title_basic_setting', 'Basic Setting');
81
82	3	return $this->renderPage('panel/setting', $data);
83		}
84
85		/**
86		* Set up basic settings.
87		*
88		* @return ResponseInterface
89		*/
90	3	public function messenger(): ResponseInterface
91		{
92	3	$data = [];
93
94	3	$postParams = get_request()->getParsedBody();
95
96	3	$data['ajaxUrl'] = $this->url('ajax/tryMessenger');
97
98	3	if (isset($postParams['tab'])) {
99	3	unset_superglobal('tab', 'post');
100	3	$this->saveConfig();
101		}
102
103	3	$data['title'] = __('panel', 'title_messenger', 'Messenger');
104
105	3	return $this->renderPage('panel/messenger', $data);
106		}
107
108		/**
109		* IP manager.
110		*
111		* @return ResponseInterface
112		*/
113	3	public function ipManager(): ResponseInterface
114		{
115	3	$postParams = get_request()->getParsedBody();
116
117		if (
118	3	isset($postParams['ip']) &&
119	3	filter_var(explode('/', $postParams['ip'])[0], FILTER_VALIDATE_IP)
120		) {
121
122	3	$url = $postParams['url'];
123	3	$ip = $postParams['ip'];
124	3	$rule = $postParams['action'];
125	3	$order = (int) $postParams['order'];
126
127	3	if ($order > 0) {
128	3	$order--;
129		}
130
131	3	$ipList = (array) $this->getConfig('ip_manager');
132
133	3	if ('allow' === $rule \|\| 'deny' === $rule) {
134
135	3	$newIpList = [];
136	3	$newIpList[$order]['url'] = $url;
137	3	$newIpList[$order]['ip'] = $ip;
138	3	$newIpList[$order]['rule'] = $rule;
139
140	3	array_splice($ipList, $order, 0, $newIpList);
141
142	3	$this->setConfig('ip_manager', $ipList);
143
144	3	} elseif ('remove' === $rule) {
145	3	unset($ipList[$order]);
146	3	$ipList = array_values($ipList);
147	3	$this->setConfig('ip_manager', $ipList);
148		}
149
150	3	unset_superglobal('url', 'post');
151	3	unset_superglobal('ip', 'post');
152	3	unset_superglobal('action', 'post');
153	3	unset_superglobal('order', 'post');
154
155	3	$this->saveConfig();
156		}
157
158	3	$data = [];
159
160	3	$data['ip_list'] = $this->getConfig('ip_manager');
161
162	3	$data['title'] = __('panel', 'title_ip_manager', 'IP Manager');
163
164	3	return $this->renderPage('panel/ip_manager', $data);
165		}
166
167		/**
168		* Exclude the URLs that they don't need protection.
169		*
170		* @return ResponseInterface
171		*/
172	3	public function exclusion(): ResponseInterface
173		{
174	3	$postParams = get_request()->getParsedBody();
175
176	3	if (isset($postParams['url'])) {
177
178	3	$url = $postParams['url'];
179	3	$action = $postParams['action'];
180	3	$order = (int) $postParams['order'];
181
182	3	$excludedUrls = (array) $this->getConfig('excluded_urls');
183
184	3	if ('add' === $action) {
185	3	array_push(
186	3	$excludedUrls,
187		[
188	3	'url' => $url
189		]
190		);
191
192	3	} elseif ('remove' === $action) {
193	3	unset($excludedUrls[$order]);
194
195	3	$excludedUrls = array_values($excludedUrls);
196		}
197
198	3	$this->setConfig('excluded_urls', $excludedUrls);
199
200	3	unset_superglobal('url', 'post');
201	3	unset_superglobal('action', 'post');
202	3	unset_superglobal('order', 'post');
203
204	3	$this->saveConfig();
205		}
206
207	3	$data = [];
208
209	3	$data['exclusion_list'] = $this->getConfig('excluded_urls');
210
211	3	$data['title'] = __('panel', 'title_exclusion_list', 'Exclusion');
212
213	3	return $this->renderPage('panel/exclusion', $data);
214		}
215
216		/**
217		* Export settings.
218		*
219		* @return ResponseInterface
220		*/
221	3	public function export(): ResponseInterface
222		{
223	3	$response = get_response();
224
225	3	$stream = $response->getBody();
226	3	$stream->write(json_encode($this->configuration, JSON_PRETTY_PRINT));
227	3	$stream->rewind();
228
229	3	$filename = 'shieldon_' . date('Y-m-d-Hi') . '.json';
230
231	3	$response = $response->withHeader('Content-Type', 'text/plain');
232	3	$response = $response->withHeader('Content-Disposition', 'attachment; filename=' . $filename);
233	3	$response = $response->withHeader('Expires', '0');
234	3	$response = $response->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0');
235	3	$response = $response->withHeader('Pragma', 'public');
236	3	$response = $response->withBody($stream);
237
238	3	return $response;
239		}
240
241		/**
242		* Import settings.
243		*
244		* @return ResponseInterface
245		*/
246	3	public function import(): ResponseInterface
247		{
248	3	$request = get_request();
249	3	$response = get_response();
250
251	3	$uploadedFileArr = $request->getUploadedFiles();
252	3	$importedFileContent = $uploadedFileArr['json_file']->getStream()->getContents();
253
254	3	if (!empty($importedFileContent)) {
255	3	$jsonData = json_decode($importedFileContent, true);
256
257	3	if (json_last_error() !== JSON_ERROR_NONE) {
258	3	$this->pushMessage(
259	3	'error',
260	3	__(
261	3	'panel',
262	3	'error_invalid_json_file',
263	3	'Invalid JSON file.'
264		)
265		);
266	3	get_session_instance()->set('flash_messages', $this->messages);
267
268		// Return failed result message.
269	3	return $response->withHeader('Location', $this->url('setting/basic'));
270		}
271
272	3	$checkFileVaild = true;
273
274	3	foreach (array_keys($this->configuration) as $key) {
275	3	if (!isset($jsonData[$key])) {
276	3	$checkFileVaild = false;
277		}
278		}
279
280	3	if ($checkFileVaild) {
281	3	foreach (array_keys($jsonData) as $key) {
282	3	if (isset($this->configuration[$key])) {
283	3	unset($this->configuration[$key]);
284		}
285		}
286
287	3	$this->configuration = $this->configuration + $jsonData;
288
289		// Save settings into a configuration file.
290	3	$configFilePath = $this->directory . '/' . $this->filename;
291	3	file_put_contents($configFilePath, json_encode($this->configuration));
292
293	3	$this->pushMessage(
294	3	'success',
295	3	__(
296	3	'panel',
297	3	'success_json_imported',
298	3	'JSON file imported successfully.'
299		)
300		);
301
302	3	get_session_instance()->set('flash_messages', $this->messages);
303
304		// Return succesfull result message.
305	3	return $response->withHeader('Location', $this->url('setting/basic'));
306		}
307		}
308
309	3	$this->pushMessage(
310	3	'error',
311	3	__(
312	3	'panel',
313	3	'error_invalid_config_file',
314	3	'Invalid Shieldon configuration file.'
315		)
316		);
317
318	3	get_session_instance()->set('flash_messages', $this->messages);
319
320	3	return $response->withHeader('Location', $this->url('setting/basic'));
321		}
322		}