standardebooks/web
1
0
Fork 0
mirror of https://github.com/standardebooks/web.git synced 2025-07-08 07:40:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Enable Patron login required for ebook feeds

Browse source
This commit is contained in:
Alex Cabal 2022-07-25 12:26:29 -05:00
parent 85372aa275
commit 850ad44e83
2 changed files with 28 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/User.php
View file

@ -114,14 +114,15 @@ class User extends PropertiesBase{
return $result[0];
}
public static function GetIfRegistered(?string $email): User{
public static function GetIfRegistered(?string $identifier): User{
// We consider a user "registered" if they have a row in the Benefits table.
// Emails without that row may only be signed up for the newsletter and thus are not "registered" users
if($email === null){
// The identifier is either an email or a UUID (api key)
if($identifier === null){
throw new Exceptions\InvalidUserException();
}
$result = Db::Query('SELECT u.* from Users u inner join Benefits using (UserId) where u.Email = ?', [$email], 'User');
$result = Db::Query('SELECT u.* from Users u inner join Benefits using (UserId) where u.Email = ? or u.Uuid = ?', [$identifier, $identifier], 'User');
if(sizeof($result) == 0){
throw new Exceptions\InvalidUserException();

40
www/feeds/download.php
View file

@ -8,7 +8,6 @@ use function Safe\preg_match;
// a valid user has a session.
$path = HttpInput::Str(GET, 'path', false) ?? '';
$isUserAgentAllowed = false;
try{
$path = '/feeds/' . $path;
@ -17,24 +16,33 @@ try{
throw new Exceptions\InvalidFileException();
}
// Certain user agents may bypass login entirely
// if(isset($_SERVER['HTTP_USER_AGENT'])){
// $isUserAgentAllowed = (bool)Db::QueryInt('select count(*) from FeedUserAgents where instr(?, UserAgent) limit 1', [$_SERVER['HTTP_USER_AGENT']]);
// }
// Access to the Atom/RSS new releases feed is open to the public
$isNewReleasesFeed = false;
if(preg_match('/^\/feeds\/(rss|atom)\/new-releases\.xml$/ius', $path)){
$isNewReleasesFeed = true;
}
// if(!$isUserAgentAllowed){
// if($GLOBALS['User'] === null){
// throw new Exceptions\LoginRequiredException();
// }
if(!$isNewReleasesFeed){
// Certain user agents may bypass login entirely
$isUserAgentAllowed = false;
if(isset($_SERVER['HTTP_USER_AGENT'])){
$isUserAgentAllowed = Db::QueryInt('select count(*) from FeedUserAgents where instr(?, UserAgent) limit 1', [$_SERVER['HTTP_USER_AGENT']]);
}
// if(!preg_match('/\.xml$/ius', $path)){
// throw new Exceptions\InvalidPermissionsException();
// }
if(!$isUserAgentAllowed){
if($GLOBALS['User'] === null){
throw new Exceptions\LoginRequiredException();
}
// if(!$GLOBALS['User']->Benefits->CanAccessFeeds){
// throw new Exceptions\InvalidPermissionsException();
// }
// }
if(!preg_match('/\.xml$/ius', $path)){
throw new Exceptions\InvalidPermissionsException();
}
if(!$GLOBALS['User']->Benefits->CanAccessFeeds){
throw new Exceptions\InvalidPermissionsException();
}
}
}
// Everything OK, serve the file using Apache.
// The xsendfile Apache module tells Apache to serve the file, including not-modified or etag headers.