From 1a95a0e76074fbaedfeec9a9d04b85be9d12d6dc Mon Sep 17 00:00:00 2001 From: Daniel Speichert Date: Fri, 11 Mar 2016 19:15:29 +0100 Subject: [PATCH] SensioLabsInsight violations part 2 --- DevAAC/DevAAC.php | 151 ++++++++++++++++--------------------- DevAAC/Models/Player.php | 2 +- DevAAC/routes/accounts.php | 6 +- DevAAC/routes/players.php | 2 +- composer.json | 2 + plugins/ratelimiter.php | 8 +- 6 files changed, 77 insertions(+), 94 deletions(-) diff --git a/DevAAC/DevAAC.php b/DevAAC/DevAAC.php index 075c588..d98bcaa 100644 --- a/DevAAC/DevAAC.php +++ b/DevAAC/DevAAC.php @@ -37,7 +37,7 @@ //////////////////////// CREATE Slim APPLICATION ////////////////////////////////// $DevAAC = new \Slim\Slim( [ - 'debug' => ENABLE_DEBUG + 'debug' => ENABLE_DEBUG, ] ); @@ -57,12 +57,9 @@ function ($a) { ); // Send blank 200 to every OPTIONS request } -$DevAAC->container->singleton( - 'request', - function ($c) { - return new DevAAC\Http\Request($c['environment']); - } -); +$DevAAC->container->singleton('request', function ($c) { + return new DevAAC\Http\Request($c['environment']); +}); //////////////////// DEFINE AUTHENTICATION MIDDLEWARE //////////////////////////// // http://docs.slimframework.com/#Middleware-Overview @@ -81,8 +78,7 @@ public function call() if (!$this->app->auth_account) { $this->app->auth_account = DevAAC\Models\Account::where('name', $auth_user)->where('password', sha1($auth_pass))->first(); } - //else - // $res->header('WWW-Authenticate', sprintf('Basic realm="%s"', 'AAC')); + $this->next->call(); } } @@ -112,7 +108,7 @@ function ($e) use ($DevAAC) { json_encode( [ 'code' => $e->getCode(), - 'message' => 'Fatal error occured: ' . $e->getMessage() . ' at line ' . $e->getLine() . ' in file ' . $e->getFile() + 'message' => 'Fatal error occured: ' . $e->getMessage() . ' at line ' . $e->getLine() . ' in file ' . $e->getFile(), ], JSON_PRETTY_PRINT ) @@ -123,20 +119,19 @@ function ($e) use ($DevAAC) { //////////////////////////// LOAD TFS CONFIG //////////////////////////////////// // you need to define TFS_CONFIG to be an array with config.lua options or a path to config.lua -$DevAAC->tfsConfigFile = is_file(TFS_CONFIG) ? parse_tfs_config(TFS_CONFIG) : unserialize(TFS_CONFIG) or die('TFS_CONFIG is not defined properly.'); +$DevAAC->tfsConfigFile = is_file(TFS_CONFIG) ? parse_tfs_config(TFS_CONFIG) : unserialize(TFS_CONFIG) || die('TFS_CONFIG is not defined properly.'); /////////////////////////// VOCATION PROVIDER/////////////////////////////////// -$DevAAC->container->singleton( - 'vocations', - function ($c) { - if (file_exists(TFS_ROOT . '/data/XML/vocations.xml')) { - $xml = simplexml_load_file(TFS_ROOT . '/data/XML/vocations.xml'); - if (property_exists($xml, 'vocation')) { - return $xml; - } +$DevAAC->container->singleton('vocations', function ($c) { + if (file_exists(TFS_ROOT . '/data/XML/vocations.xml')) { + $xml = simplexml_load_file(TFS_ROOT . '/data/XML/vocations.xml'); + if (property_exists($xml, 'vocation')) { + return $xml; } } -); + + return null; +}); ////////////////////////// CONNECT TO DATABASE ///////////////////////////////// // Bootstrap Eloquent ORM @@ -173,19 +168,16 @@ function ($c) { // https://github.com/zircote/swagger-php/blob/master/library/Swagger/Swagger.php use Swagger\Swagger; -$DevAAC->get( - ROUTES_API_PREFIX . '/docs(/:path)', - function ($path = '/') use ($DevAAC) { - $swagger = new Swagger('../', '../vendor'); - $DevAAC->response->headers->set('Access-Control-Allow-Origin', '*'); - $DevAAC->response->headers->set('Content-Type', 'application/json'); - if ($path != '/') { - $DevAAC->response->setBody($swagger->getResource('/' . $path, ['output' => 'json'])); - } else { - $DevAAC->response->setBody($swagger->getResourceList(['output' => 'json'])); - } +$DevAAC->get(ROUTES_API_PREFIX . '/docs(/:path)', function ($path = '/') use ($DevAAC) { + $swagger = new Swagger('../', '../vendor'); + $DevAAC->response->headers->set('Access-Control-Allow-Origin', '*'); + $DevAAC->response->headers->set('Content-Type', 'application/json'); + if ($path != '/') { + $DevAAC->response->setBody($swagger->getResource('/' . $path, ['output' => 'json'])); + } else { + $DevAAC->response->setBody($swagger->getResourceList(['output' => 'json'])); } -); +}); //////////////////////////// DEFINE API ROUTES ////////////////////////////////// require('routes/accounts.php'); @@ -195,56 +187,47 @@ function ($path = '/') use ($DevAAC) { require('routes/players.php'); require('routes/server.php'); -$DevAAC->get( - ROUTES_API_PREFIX . '/news', - function () use ($DevAAC) { - $news = []; - if (is_dir(PUBLIC_HTML_PATH . '/news')) { - foreach (glob(PUBLIC_HTML_PATH . '/news/*.md') as $filename) { - $date = new \DevAAC\Helpers\DateTime; - $date->setTimestamp(filectime($filename)); - $news[] = [ - 'title' => basename($filename, '.md'), - 'date' => $date, - 'content' => file_get_contents($filename) - ]; - } +$DevAAC->get(ROUTES_API_PREFIX . '/news', function () use ($DevAAC) { + $news = []; + if (is_dir(PUBLIC_HTML_PATH . '/news')) { + foreach (glob(PUBLIC_HTML_PATH . '/news/*.md') as $filename) { + $date = new \DevAAC\Helpers\DateTime; + $date->setTimestamp(filectime($filename)); + $news[] = [ + 'title' => basename($filename, '.md'), + 'date' => $date, + 'content' => file_get_contents($filename), + ]; } - - $DevAAC->response->headers->set('Content-Type', 'application/json'); - $DevAAC->response->setBody(json_encode($news, JSON_PRETTY_PRINT)); } -); -if (ENABLE_DEBUG) { - $DevAAC->get( - ROUTES_PREFIX . '/debug', - function () use ($DevAAC, $capsule) { - $DevAAC->response->headers->set('Content-Type', 'text'); - /* - var_dump($capsule->getConnection()->getPdo()->getAttribute(PDO::ATTR_CLIENT_VERSION)); - $date = new \DevAAC\Helpers\DateTime(); - $tmp = \DevAAC\Models\Player::find(2); - foreach($tmp->toArray() as $key => $value) - echo "'".$key."' => 0,". PHP_EOL; - //echo '* @SWG\Property(name="'.$key.'", type="string")'. PHP_EOL; - echo $date . PHP_EOL; - echo json_encode($date) . PHP_EOL; - echo serialize($date) . PHP_EOL; - echo PHP_EOL . PHP_EOL . PHP_EOL; - */ - $a = (array)$DevAAC->vocations; - var_dump(xml2array($DevAAC->vocations)['vocation']); - json_encode($a['vocation'], JSON_PRETTY_PRINT); - } - ); + $DevAAC->response->headers->set('Content-Type', 'application/json'); + $DevAAC->response->setBody(json_encode($news, JSON_PRETTY_PRINT)); +}); - $DevAAC->get( - ROUTES_PREFIX . '/phpinfo', - function () use ($DevAAC) { - phpinfo(); - } - ); +if (ENABLE_DEBUG) { + $DevAAC->get(ROUTES_PREFIX . '/debug', function () use ($DevAAC) { + $DevAAC->response->headers->set('Content-Type', 'text'); + /* + var_dump($capsule->getConnection()->getPdo()->getAttribute(PDO::ATTR_CLIENT_VERSION)); + $date = new \DevAAC\Helpers\DateTime(); + $tmp = \DevAAC\Models\Player::find(2); + foreach($tmp->toArray() as $key => $value) + echo "'".$key."' => 0,". PHP_EOL; + //echo '* @SWG\Property(name="'.$key.'", type="string")'. PHP_EOL; + echo $date . PHP_EOL; + echo json_encode($date) . PHP_EOL; + echo serialize($date) . PHP_EOL; + echo PHP_EOL . PHP_EOL . PHP_EOL; + */ + $a = (array)$DevAAC->vocations; + var_dump(xml2array($DevAAC->vocations)['vocation']); + json_encode($a['vocation'], JSON_PRETTY_PRINT); + }); + + $DevAAC->get(ROUTES_PREFIX . '/phpinfo', function () { + phpinfo(); + }); } ////////////////////// PLUGINS SUPPORT /////////////////////////////// @@ -283,13 +266,10 @@ function () use ($DevAAC) { * ) * ) */ -$DevAAC->get( - ROUTES_API_PREFIX . '/plugins', - function () use ($DevAAC) { - $DevAAC->response->setBody(json_encode($DevAAC->plugins), JSON_PRETTY_PRINT); - $DevAAC->response->headers->set('Content-Type', 'application/json'); - } -); +$DevAAC->get(ROUTES_API_PREFIX . '/plugins', function () use ($DevAAC) { + $DevAAC->response->setBody(json_encode($DevAAC->plugins), JSON_PRETTY_PRINT); + $DevAAC->response->headers->set('Content-Type', 'application/json'); +}); ////////////////////////////////////////////////////////////////////// // all done, any code after this call will not matter to the request @@ -337,5 +317,6 @@ function parse_tfs_config($filename) } } $ini = implode("\n", $output); + return parse_ini_string($ini); } diff --git a/DevAAC/Models/Player.php b/DevAAC/Models/Player.php index 9645c46..b10667d 100644 --- a/DevAAC/Models/Player.php +++ b/DevAAC/Models/Player.php @@ -201,7 +201,7 @@ public function online() public function getIsOnlineAttribute() { - return $this->online != null; + return $this->online !== null; } public function guildMembership() diff --git a/DevAAC/routes/accounts.php b/DevAAC/routes/accounts.php index 5359258..3426ee4 100644 --- a/DevAAC/routes/accounts.php +++ b/DevAAC/routes/accounts.php @@ -466,7 +466,7 @@ if( ! $DevAAC->auth_account ) throw new InputErrorException('You are not logged in.', 401); - if($account->id != $DevAAC->auth_account->id or !$DevAAC->auth_account->isGod()) + if($account->id != $DevAAC->auth_account->id || !$DevAAC->auth_account->isGod()) throw new InputErrorException('You do not have permission to change this account.', 403); if( !$DevAAC->auth_account->isGod() ) @@ -500,7 +500,7 @@ if($req->getAPIParam('email', false)) { - if( !filter_var($req->getAPIParam('email'), FILTER_VALIDATE_EMAIL) or !getmxrr(explode('@', $req->getAPIParam('email'))[1], $trash_) ) + if( !filter_var($req->getAPIParam('email'), FILTER_VALIDATE_EMAIL) || !getmxrr(explode('@', $req->getAPIParam('email'))[1], $trash_) ) throw new InputErrorException('Email address is not valid.', 400); $account->email = $req->getAPIParam('email'); @@ -611,7 +611,7 @@ array("options" => array("regexp" => "/^(.{2,20}|.{40})$/"))) ) throw new InputErrorException('Password must have 2-20 characters or be an SHA-1 hash (40 hexadecimal characters).', 400); - if( !filter_var($req->getAPIParam('email'), FILTER_VALIDATE_EMAIL) or !getmxrr(explode('@', $req->getAPIParam('email'))[1], $trash_) ) + if( !filter_var($req->getAPIParam('email'), FILTER_VALIDATE_EMAIL) || !getmxrr(explode('@', $req->getAPIParam('email'))[1], $trash_) ) throw new InputErrorException('Email address is not valid.', 400); $account = Account::where('name', $req->getAPIParam('name'))->first(); diff --git a/DevAAC/routes/players.php b/DevAAC/routes/players.php index 95f1ae6..b45102e 100644 --- a/DevAAC/routes/players.php +++ b/DevAAC/routes/players.php @@ -416,7 +416,7 @@ $players->skip($req->get('offset')); $limit = intval($req->get('limit')); - if($limit && ($limit <= 100 or ( $DevAAC->auth_account && $DevAAC->auth_account->isGod() ) ) ) + if($limit && ($limit <= 100 || ($DevAAC->auth_account && $DevAAC->auth_account->isGod()) )) $players->take($limit); else $players->take(100); diff --git a/composer.json b/composer.json index f47092f..721677b 100644 --- a/composer.json +++ b/composer.json @@ -1,4 +1,6 @@ { + "name": "DevAAC", + "Description": "Automatic Account Creator for TFS 1.X", "license": "MIT", "require": { "slim/slim": "^2.6", diff --git a/plugins/ratelimiter.php b/plugins/ratelimiter.php index e5fc4b9..db724c9 100644 --- a/plugins/ratelimiter.php +++ b/plugins/ratelimiter.php @@ -40,11 +40,11 @@ return array_merge($meta, array('enabled' => false)); // THIS PLUGIN CURRENTLY SUPPORTS APC ONLY -if(!extension_loaded('apc') or !ini_get('apc.enabled')) +if(!extension_loaded('apc') || !ini_get('apc.enabled')) return array_merge($meta, array('enabled' => false)); // DEFAULT CONFIG -defined('RATELIMITER_RULES') or define('RATELIMITER_RULES', serialize(array( +defined('RATELIMITER_RULES') || define('RATELIMITER_RULES', serialize(array( // DEFINE RULES WITHOUT ROUTES_PREFIX OR ROUTES_API_PREFIX // PATH -> NUMBER OF SECONDS TO WAIT BETWEEN REQUESTS 'GET' => array( @@ -57,7 +57,7 @@ ) ))); // SHOULD WE RESET THE TIMER ON EVERY ATTEMPT? -defined('RATELIMITER_PENALIZE') or define('RATELIMITER_PENALIZE', false); +defined('RATELIMITER_PENALIZE') || define('RATELIMITER_PENALIZE', false); // http://docs.slimframework.com/#How-to-Use-Hooks $DevAAC->hook('slim.before.dispatch', function () use ($DevAAC) { @@ -81,7 +81,7 @@ $path = substr($path, strlen(ROUTES_PREFIX)); // DO WE HAVE A RULE? - if( array_key_exists($method, $rules) && array_key_exists($path, $rules[$method]) ) { + if (array_key_exists($method, $rules) && array_key_exists($path, $rules[$method])) { // every path for every IP is a separate object to be thread safe $objname = $req->getIp() . '_' . $path;