standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-08 15:50:29 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable Patron login required for ebook feeds

Browse source
This commit is contained in:
Alex Cabal 2022-07-25 12:26:29 -05:00
parent 85372aa275
commit 850ad44e83
2 changed files with 28 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/User.php
View file

@ -114,14 +114,15 @@ class User extends PropertiesBase{
return $result[0]; return $result[0];
} }
public static function GetIfRegistered(?string $email): User{ public static function GetIfRegistered(?string $identifier): User{
// We consider a user "registered" if they have a row in the Benefits table. // We consider a user "registered" if they have a row in the Benefits table.
// Emails without that row may only be signed up for the newsletter and thus are not "registered" users // Emails without that row may only be signed up for the newsletter and thus are not "registered" users
if($email === null){ // The identifier is either an email or a UUID (api key)
if($identifier === null){
throw new Exceptions\InvalidUserException(); throw new Exceptions\InvalidUserException();
} }
$result = Db::Query('SELECT u.* from Users u inner join Benefits using (UserId) where u.Email = ?', [$email], 'User'); $result = Db::Query('SELECT u.* from Users u inner join Benefits using (UserId) where u.Email = ? or u.Uuid = ?', [$identifier, $identifier], 'User');
if(sizeof($result) == 0){ if(sizeof($result) == 0){
throw new Exceptions\InvalidUserException(); throw new Exceptions\InvalidUserException();

40
www/feeds/download.php
View file

@ -8,7 +8,6 @@ use function Safe\preg_match;
// a valid user has a session. // a valid user has a session.
$path = HttpInput::Str(GET, 'path', false) ?? ''; $path = HttpInput::Str(GET, 'path', false) ?? '';
$isUserAgentAllowed = false;
try{ try{
$path = '/feeds/' . $path; $path = '/feeds/' . $path;
@ -17,24 +16,33 @@ try{
throw new Exceptions\InvalidFileException(); throw new Exceptions\InvalidFileException();
} }
// Certain user agents may bypass login entirely // Access to the Atom/RSS new releases feed is open to the public
// if(isset($_SERVER['HTTP_USER_AGENT'])){ $isNewReleasesFeed = false;
// $isUserAgentAllowed = (bool)Db::QueryInt('select count(*) from FeedUserAgents where instr(?, UserAgent) limit 1', [$_SERVER['HTTP_USER_AGENT']]); if(preg_match('/^\/feeds\/(rss|atom)\/new-releases\.xml$/ius', $path)){
// } $isNewReleasesFeed = true;
}
// if(!$isUserAgentAllowed){ if(!$isNewReleasesFeed){
// if($GLOBALS['User'] === null){ // Certain user agents may bypass login entirely
// throw new Exceptions\LoginRequiredException(); $isUserAgentAllowed = false;
// } if(isset($_SERVER['HTTP_USER_AGENT'])){
$isUserAgentAllowed = Db::QueryInt('select count(*) from FeedUserAgents where instr(?, UserAgent) limit 1', [$_SERVER['HTTP_USER_AGENT']]);
}
// if(!preg_match('/\.xml$/ius', $path)){ if(!$isUserAgentAllowed){
// throw new Exceptions\InvalidPermissionsException(); if($GLOBALS['User'] === null){
// } throw new Exceptions\LoginRequiredException();
}
// if(!$GLOBALS['User']->Benefits->CanAccessFeeds){ if(!preg_match('/\.xml$/ius', $path)){
// throw new Exceptions\InvalidPermissionsException(); throw new Exceptions\InvalidPermissionsException();
// } }
// }
if(!$GLOBALS['User']->Benefits->CanAccessFeeds){
throw new Exceptions\InvalidPermissionsException();
}
}
}
// Everything OK, serve the file using Apache. // Everything OK, serve the file using Apache.
// The xsendfile Apache module tells Apache to serve the file, including not-modified or etag headers. // The xsendfile Apache module tells Apache to serve the file, including not-modified or etag headers.