standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-08 15:50:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable Patron login required for ebook feeds

Browse source
This commit is contained in:
Alex Cabal 2022-07-25 12:26:29 -05:00
parent 85372aa275
commit 850ad44e83
2 changed files with 28 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/User.php
View file

@ -114,14 +114,15 @@ class User extends PropertiesBase{
return $result[0]; return $result[0];
} }
public static function GetIfRegistered(?string $email): User{ public static function GetIfRegistered(?string $identifier): User{
// We consider a user "registered" if they have a row in the Benefits table. // We consider a user "registered" if they have a row in the Benefits table.
// Emails without that row may only be signed up for the newsletter and thus are not "registered" users // Emails without that row may only be signed up for the newsletter and thus are not "registered" users
if($email === null){ // The identifier is either an email or a UUID (api key)
if($identifier === null){
throw new Exceptions\InvalidUserException(); throw new Exceptions\InvalidUserException();
} }
$result = Db::Query('SELECT u.* from Users u inner join Benefits using (UserId) where u.Email = ?', [$email], 'User'); $result = Db::Query('SELECT u.* from Users u inner join Benefits using (UserId) where u.Email = ? or u.Uuid = ?', [$identifier, $identifier], 'User');
if(sizeof($result) == 0){ if(sizeof($result) == 0){
throw new Exceptions\InvalidUserException(); throw new Exceptions\InvalidUserException();

38
www/feeds/download.php
View file

@ -8,7 +8,6 @@ use function Safe\preg_match;
// a valid user has a session. // a valid user has a session.
$path = HttpInput::Str(GET, 'path', false) ?? ''; $path = HttpInput::Str(GET, 'path', false) ?? '';
$isUserAgentAllowed = false;
try{ try{
$path = '/feeds/' . $path; $path = '/feeds/' . $path;
@ -17,24 +16,33 @@ try{
throw new Exceptions\InvalidFileException(); throw new Exceptions\InvalidFileException();
} }
// Access to the Atom/RSS new releases feed is open to the public
$isNewReleasesFeed = false;
if(preg_match('/^\/feeds\/(rss|atom)\/new-releases\.xml$/ius', $path)){
$isNewReleasesFeed = true;
}
if(!$isNewReleasesFeed){
// Certain user agents may bypass login entirely // Certain user agents may bypass login entirely
// if(isset($_SERVER['HTTP_USER_AGENT'])){ $isUserAgentAllowed = false;
// $isUserAgentAllowed = (bool)Db::QueryInt('select count(*) from FeedUserAgents where instr(?, UserAgent) limit 1', [$_SERVER['HTTP_USER_AGENT']]); if(isset($_SERVER['HTTP_USER_AGENT'])){
// } $isUserAgentAllowed = Db::QueryInt('select count(*) from FeedUserAgents where instr(?, UserAgent) limit 1', [$_SERVER['HTTP_USER_AGENT']]);
}
// if(!$isUserAgentAllowed){ if(!$isUserAgentAllowed){
// if($GLOBALS['User'] === null){ if($GLOBALS['User'] === null){
// throw new Exceptions\LoginRequiredException(); throw new Exceptions\LoginRequiredException();
// } }
// if(!preg_match('/\.xml$/ius', $path)){ if(!preg_match('/\.xml$/ius', $path)){
// throw new Exceptions\InvalidPermissionsException(); throw new Exceptions\InvalidPermissionsException();
// } }
// if(!$GLOBALS['User']->Benefits->CanAccessFeeds){ if(!$GLOBALS['User']->Benefits->CanAccessFeeds){
// throw new Exceptions\InvalidPermissionsException(); throw new Exceptions\InvalidPermissionsException();
// } }
// } }
}
// Everything OK, serve the file using Apache. // Everything OK, serve the file using Apache.
// The xsendfile Apache module tells Apache to serve the file, including not-modified or etag headers. // The xsendfile Apache module tells Apache to serve the file, including not-modified or etag headers.