mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-04-27 06:13:32 +09:00
Move SSL redirection logic to Context::init()
This commit is contained in:
Kijin Sung
parent
65df40ad9f
commit
b5740052fc
15 changed files with 199 additions and 126 deletions
|
|
@ -25,18 +25,6 @@ class board extends ModuleObject
|
|||
*/
|
||||
function __construct()
|
||||
{
|
||||
if(!Context::isInstalled()) return;
|
||||
|
||||
if(!Context::isExistsSSLAction('dispBoardWrite') && Context::getSslStatus() == 'optional')
|
||||
{
|
||||
$ssl_actions = array('dispBoardWrite', 'dispBoardWriteComment', 'dispBoardReplyComment', 'dispBoardModifyComment', 'dispBoardDelete', 'dispBoardDeleteComment', 'procBoardInsertDocument', 'procBoardDeleteDocument', 'procBoardInsertComment', 'procBoardDeleteComment', 'procBoardVerificationPassword');
|
||||
Context::addSSLActions($ssl_actions);
|
||||
}
|
||||
if(!Context::isExistsSSLAction('dispTempSavedList') && Context::getSslStatus() == 'optional')
|
||||
{
|
||||
Context::addSSLAction('dispTempSavedList');
|
||||
}
|
||||
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -68,25 +68,25 @@
|
|||
<route route="category/$category:int/page/$page:int" priority="40" />
|
||||
<route route="page/$page:int" priority="10" />
|
||||
</action>
|
||||
<action name="dispBoardWrite" type="view" permission="write_document" standalone="false" meta-noindex="true">
|
||||
<action name="dispBoardWrite" type="view" permission="write_document" standalone="false" meta-noindex="true" use-ssl="true">
|
||||
<route route="write" />
|
||||
<route route="$document_srl/edit" />
|
||||
</action>
|
||||
<action name="dispBoardDelete" type="view" permission="write_document" standalone="false" meta-noindex="true" route="$document_srl/delete" />
|
||||
<action name="dispBoardWriteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" route="$document_srl/comment" />
|
||||
<action name="dispBoardReplyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true">
|
||||
<action name="dispBoardDelete" type="view" permission="write_document" standalone="false" meta-noindex="true" use-ssl="true" route="$document_srl/delete" />
|
||||
<action name="dispBoardWriteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true" route="$document_srl/comment" />
|
||||
<action name="dispBoardReplyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true">
|
||||
<route route="comment/$comment_srl/reply" />
|
||||
<route route="comment/$comment_srl/reply$document_srl:delete" />
|
||||
</action>
|
||||
<action name="dispBoardModifyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true">
|
||||
<action name="dispBoardModifyComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true">
|
||||
<route route="comment/$comment_srl/edit" />
|
||||
<route route="comment/$comment_srl/edit$document_srl:delete" />
|
||||
</action>
|
||||
<action name="dispBoardDeleteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true">
|
||||
<action name="dispBoardDeleteComment" type="view" permission="write_comment" standalone="false" meta-noindex="true" use-ssl="true">
|
||||
<route route="comment/$comment_srl/delete" />
|
||||
<route route="comment/$comment_srl/delete$document_srl:delete" />
|
||||
</action>
|
||||
<action name="dispBoardDeleteTrackback" type="view" permission="list,view" standalone="false" meta-noindex="true" />
|
||||
<action name="dispBoardDeleteTrackback" type="view" permission="list,view" standalone="false" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispBoardContentList" type="view" permission="list" standalone="false" />
|
||||
<action name="dispBoardContentView" type="view" permission="view" standalone="false" />
|
||||
<action name="dispBoardUpdateLog" type="view" permission="update_view" standalone="false" />
|
||||
|
|
@ -102,13 +102,13 @@
|
|||
<action name="dispBoardCommentPage" type="view" permission="view" standalone="false" />
|
||||
<action name="getBoardCommentPage" type="mobile" permission="view" standalone="false" />
|
||||
|
||||
<action name="procBoardInsertDocument" type="controller" permission="write_document" standalone="false" ruleset="insertDocument" />
|
||||
<action name="procBoardDeleteDocument" type="controller" permission="write_document" standalone="false" />
|
||||
<action name="procBoardRevertDocument" type="controller" permission="update_view" standalone="false" />
|
||||
<action name="procBoardInsertComment" type="controller" permission="write_comment" standalone="false" />
|
||||
<action name="procBoardDeleteComment" type="controller" permission="write_comment" standalone="false" />
|
||||
<action name="procBoardDeleteTrackback" type="controller" permission="list,view" standalone="false" />
|
||||
<action name="procBoardVerificationPassword" type="controller" permission="view" standalone="false" />
|
||||
<action name="procBoardInsertDocument" type="controller" permission="write_document" standalone="false" use-ssl="true" ruleset="insertDocument" />
|
||||
<action name="procBoardDeleteDocument" type="controller" permission="write_document" standalone="false" use-ssl="true" />
|
||||
<action name="procBoardRevertDocument" type="controller" permission="update_view" standalone="false" use-ssl="true" />
|
||||
<action name="procBoardInsertComment" type="controller" permission="write_comment" standalone="false" use-ssl="true" />
|
||||
<action name="procBoardDeleteComment" type="controller" permission="write_comment" standalone="false" use-ssl="true" />
|
||||
<action name="procBoardDeleteTrackback" type="controller" permission="list,view" standalone="false" use-ssl="true" />
|
||||
<action name="procBoardVerificationPassword" type="controller" permission="view" standalone="false" use-ssl="true" />
|
||||
<action name="procBoardVoteDocument" type="controller" permission="view" standalone="false" />
|
||||
|
||||
<action name="dispBoardAdminContent" type="view" admin_index="true" menu_name="board" menu_index="true" />
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
<actions>
|
||||
<action name="dispDocumentPrint" type="view" meta-noindex="true"/>
|
||||
<action name="dispDocumentPreview" type="view" meta-noindex="true"/>
|
||||
<action name="dispTempSavedList" type="view" permission="member" meta-noindex="true"/>
|
||||
<action name="dispTempSavedList" type="view" permission="member" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispDocumentDeclare" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispDocumentManageDocument" type="view" permission="all-managers" meta-noindex="true" />
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ class installAdminController extends install
|
|||
$oInstallController->installModule($module_name, './modules/'.$module_name);
|
||||
$oModuleController = getController('module');
|
||||
$oModuleController->registerActionForwardRoutes($module_name);
|
||||
$oModuleController->registerSecureActions($module_name);
|
||||
$this->setMessage('success_installed');
|
||||
}
|
||||
|
||||
|
|
@ -51,7 +52,13 @@ class installAdminController extends install
|
|||
}
|
||||
|
||||
$oModuleController = getController('module');
|
||||
$oModuleController->registerActionForwardRoutes($module_name);
|
||||
$output = $oModuleController->registerActionForwardRoutes($module_name);
|
||||
if($output instanceof BaseObject && !$output->toBool())
|
||||
{
|
||||
Rhymix\Framework\Session::start();
|
||||
return $output;
|
||||
}
|
||||
$output = $oModuleController->registerSecureActions($module_name);
|
||||
if($output instanceof BaseObject && !$output->toBool())
|
||||
{
|
||||
Rhymix\Framework\Session::start();
|
||||
|
|
|
|||
|
|
@ -2,42 +2,42 @@
|
|||
<module>
|
||||
<grants />
|
||||
<actions>
|
||||
<action name="dispMemberSignUpForm" type="view" meta-noindex="true" route="signup" />
|
||||
<action name="dispMemberLoginForm" type="view" meta-noindex="true" route="login" />
|
||||
<action name="dispMemberFindAccount" type="view" meta-noindex="true" />
|
||||
<action name="dispMemberResendAuthMail" type="view" meta-noindex="true" />
|
||||
<action name="dispMemberSignUpForm" type="view" meta-noindex="true" use-ssl="true" route="signup" />
|
||||
<action name="dispMemberLoginForm" type="view" meta-noindex="true" use-ssl="true" route="login" />
|
||||
<action name="dispMemberFindAccount" type="view" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberResendAuthMail" type="view" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberInfo" type="view" permission="member" meta-noindex="true" route="member_info" />
|
||||
<action name="dispMemberModifyInfo" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispMemberModifyPassword" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispMemberModifyEmailAddress" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispMemberLeave" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispMemberScrappedDocument" type="view" permission="member" meta-noindex="true" route="my_scrap" />
|
||||
<action name="dispMemberSavedDocument" type="view" permission="member" meta-noindex="true" route="my_saved_documents" />
|
||||
<action name="dispMemberOwnDocument" type="view" permission="member" meta-noindex="true" route="my_documents" />
|
||||
<action name="dispMemberOwnComment" type="view" permission="member" meta-noindex="true" route="my_comments" />
|
||||
<action name="dispMemberActiveLogins" type="view" permission="member" meta-noindex="true" route="active_logins" />
|
||||
<action name="dispMemberModifyNicknameLog" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispMemberModifyInfo" type="view" permission="member" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberModifyPassword" type="view" permission="member" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberModifyEmailAddress" type="view" permission="member" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberLeave" type="view" permission="member" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberScrappedDocument" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_scrap" />
|
||||
<action name="dispMemberSavedDocument" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_saved_documents" />
|
||||
<action name="dispMemberOwnDocument" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_documents" />
|
||||
<action name="dispMemberOwnComment" type="view" permission="member" meta-noindex="true" use-ssl="true" route="my_comments" />
|
||||
<action name="dispMemberActiveLogins" type="view" permission="member" meta-noindex="true" use-ssl="true" route="active_logins" />
|
||||
<action name="dispMemberModifyNicknameLog" type="view" permission="member" meta-noindex="true" use-ssl="true" />
|
||||
<action name="dispMemberLogout" type="view" permission="member" meta-noindex="true" />
|
||||
<action name="dispMemberSpammer" type="view" permission="manager" check_var="module_srl" meta-noindex="true" />
|
||||
|
||||
<action name="getMemberMenu" type="model" />
|
||||
<action name="getApiGroups" type="model" permission="root" />
|
||||
|
||||
<action name="procMemberInsert" type="controller" ruleset="@insertMember" />
|
||||
<action name="procMemberInsert" type="controller" ruleset="@insertMember" use-ssl="true" />
|
||||
<action name="procMemberCheckValue" type="controller" />
|
||||
<action name="procMemberLogin" type="controller" ruleset="@login" />
|
||||
<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" />
|
||||
<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" />
|
||||
<action name="procMemberAuthAccount" type="controller" method="GET|POST" />
|
||||
<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" />
|
||||
<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" />
|
||||
<action name="procMemberSendVerificationSMS" type="controller" />
|
||||
<action name="procMemberConfirmVerificationSMS" type="controller" />
|
||||
<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" />
|
||||
<action name="procMemberModifyInfo" type="controller" permission="member" ruleset="@insertMember" />
|
||||
<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" />
|
||||
<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" />
|
||||
<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" />
|
||||
<action name="procMemberLogin" type="controller" ruleset="@login" use-ssl="true" />
|
||||
<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" use-ssl="true" />
|
||||
<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" use-ssl="true" />
|
||||
<action name="procMemberAuthAccount" type="controller" method="GET|POST" use-ssl="true" />
|
||||
<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" use-ssl="true" />
|
||||
<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" use-ssl="true" />
|
||||
<action name="procMemberSendVerificationSMS" type="controller" use-ssl="true" />
|
||||
<action name="procMemberConfirmVerificationSMS" type="controller" use-ssl="true" />
|
||||
<action name="procMemberModifyInfoBefore" type="controller" permission="member" ruleset="recheckedPassword" use-ssl="true" />
|
||||
<action name="procMemberModifyInfo" type="controller" permission="member" ruleset="@insertMember" use-ssl="true" />
|
||||
<action name="procMemberModifyPassword" type="controller" permission="member" ruleset="modifyPassword" use-ssl="true" />
|
||||
<action name="procMemberModifyEmailAddress" type="controller" permission="member" ruleset="modifyEmailAddress" use-ssl="true" />
|
||||
<action name="procMemberLeave" type="controller" permission="member" ruleset="leaveMember" use-ssl="true" />
|
||||
<action name="procMemberInsertProfileImage" type="controller" permission="member" ruleset="insertProfileImage" />
|
||||
<action name="procMemberDeleteProfileImage" type="controller" permission="member" />
|
||||
<action name="procMemberInsertImageName" type="controller" permission="member" ruleset="insertImageName" />
|
||||
|
|
|
|||
|
|
@ -20,15 +20,6 @@ class member extends ModuleObject {
|
|||
*/
|
||||
function __construct()
|
||||
{
|
||||
if(!Context::isInstalled()) return;
|
||||
|
||||
// Set to use SSL upon actions related member join/information/password and so on. 2013.02.15
|
||||
if(!Context::isExistsSSLAction('dispMemberModifyPassword') && Context::getSslStatus() == 'optional')
|
||||
{
|
||||
$ssl_actions = array('dispMemberModifyPassword', 'dispMemberSignUpForm', 'dispMemberModifyInfo', 'dispMemberModifyEmailAddress', 'dispMemberResendAuthMail', 'dispMemberLoginForm', 'dispMemberFindAccount', 'dispMemberLeave', 'procMemberLogin', 'procMemberModifyPassword', 'procMemberInsert', 'procMemberModifyInfo', 'procMemberFindAccount', 'procMemberModifyEmailAddress', 'procMemberResendAuthMail', 'procMemberLeave'/*, 'getMemberMenu'*/, 'procMemberFindAccountByQuestion');
|
||||
Context::addSSLActions($ssl_actions);
|
||||
}
|
||||
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -49,6 +49,32 @@ class moduleController extends module
|
|||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Add action security
|
||||
*/
|
||||
function insertActionSecurity($act)
|
||||
{
|
||||
$args = new stdClass();
|
||||
$args->act = $act;
|
||||
$output = executeQuery('module.insertActionSecurity', $args);
|
||||
|
||||
Rhymix\Framework\Cache::delete('action_security');
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Delete action security
|
||||
*/
|
||||
function deleteActionSecurity($act)
|
||||
{
|
||||
$args = new stdClass();
|
||||
$args->act = $act;
|
||||
$output = executeQuery('module.deleteActionSecurity', $args);
|
||||
|
||||
Rhymix\Framework\Cache::delete('action_security');
|
||||
return $output;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Add trigger callback function
|
||||
*
|
||||
|
|
@ -1362,6 +1388,28 @@ class moduleController extends module
|
|||
|
||||
return new BaseObject();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if all secure actions are registered. If not, register them.
|
||||
*
|
||||
* @param string $module_name
|
||||
* @return object
|
||||
*/
|
||||
public function registerSecureActions(string $module_name)
|
||||
{
|
||||
$action_security = ModuleModel::getActionSecurity();
|
||||
$module_action_info = ModuleModel::getModuleActionXml($module_name);
|
||||
|
||||
foreach ($module_action_info->action ?: [] as $action_name => $action_info)
|
||||
{
|
||||
if ($action_info->use_ssl === 'true' && !isset($action_security[$action_name]))
|
||||
{
|
||||
$output = $this->insertActionSecurity($action_name);
|
||||
}
|
||||
}
|
||||
|
||||
return new BaseObject();
|
||||
}
|
||||
}
|
||||
/* End of file module.controller.php */
|
||||
/* Location: ./modules/module/module.controller.php */
|
||||
|
|
|
|||
|
|
@ -602,6 +602,38 @@ class moduleModel extends module
|
|||
return $action_forward[$act];
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Get SSL action setting
|
||||
*/
|
||||
public static function getActionSecurity($act = null)
|
||||
{
|
||||
$action_security = Rhymix\Framework\Cache::get('action_security');
|
||||
if($action_security === null)
|
||||
{
|
||||
$args = new stdClass();
|
||||
$output = executeQueryArray('module.getActionSecurity', $args);
|
||||
if(!$output->toBool())
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
$action_security = array();
|
||||
foreach($output->data as $item)
|
||||
{
|
||||
$action_security[$item->act] = true;
|
||||
}
|
||||
|
||||
Rhymix\Framework\Cache::set('action_security', $action_security, 0, true);
|
||||
}
|
||||
|
||||
if(!isset($act))
|
||||
{
|
||||
return $action_security;
|
||||
}
|
||||
|
||||
return isset($action_security[$act]) ? true : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Get trigger functions
|
||||
*/
|
||||
|
|
@ -1347,6 +1379,9 @@ class moduleModel extends module
|
|||
|
||||
// Get action forward
|
||||
$action_forward = self::getActionForward();
|
||||
|
||||
// Get action security
|
||||
$action_security = self::getActionSecurity();
|
||||
|
||||
foreach ($searched_list as $module_name)
|
||||
{
|
||||
|
|
@ -1431,6 +1466,15 @@ class moduleModel extends module
|
|||
$info->need_update = true;
|
||||
}
|
||||
}
|
||||
|
||||
// Check if all secure actions are registered
|
||||
foreach ($module_action_info->action ?: [] as $action_name => $action_info)
|
||||
{
|
||||
if ($action_info->use_ssl === 'true' && !isset($action_security[$action_name]))
|
||||
{
|
||||
$info->need_update = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
$list[] = $info;
|
||||
}
|
||||
|
|
|
|||
8
modules/module/queries/deleteActionSecurity.xml
Normal file
8
modules/module/queries/deleteActionSecurity.xml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
<query id="deleteActionSecurity" action="delete">
|
||||
<tables>
|
||||
<table name="action_security" />
|
||||
</tables>
|
||||
<conditions>
|
||||
<condition operation="equal" column="act" var="act" notnull="notnull" />
|
||||
</conditions>
|
||||
</query>
|
||||
11
modules/module/queries/getActionSecurity.xml
Normal file
11
modules/module/queries/getActionSecurity.xml
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
<query id="getActionSecurity" action="select">
|
||||
<tables>
|
||||
<table name="action_security" />
|
||||
</tables>
|
||||
<columns>
|
||||
<column name="*" />
|
||||
</columns>
|
||||
<conditions>
|
||||
<condition operation="equal" column="act" var="act" />
|
||||
</conditions>
|
||||
</query>
|
||||
8
modules/module/queries/insertActionSecurity.xml
Normal file
8
modules/module/queries/insertActionSecurity.xml
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
<query id="insertActionSecurity" action="insert">
|
||||
<tables>
|
||||
<table name="action_security" />
|
||||
</tables>
|
||||
<columns>
|
||||
<column name="act" var="act" notnull="notnull" />
|
||||
</columns>
|
||||
</query>
|
||||
3
modules/module/schemas/action_security.xml
Normal file
3
modules/module/schemas/action_security.xml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
<table name="action_security">
|
||||
<column name="act" type="varchar" size="80" notnull="notnull" primary_key="primary_key" />
|
||||
</table>
|
||||
Loading…
Add table
Add a link
Reference in a new issue