1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-14 15:13:29 +01:00
invoiceninja/app/Http/Middleware/StartupCheck.php

247 lines
10 KiB
PHP
Raw Normal View History

2017-01-30 20:40:43 +01:00
<?php
namespace App\Http\Middleware;
2015-03-17 02:30:56 +01:00
use App;
2017-01-30 20:40:43 +01:00
use App\Events\UserLoggedIn;
use App\Libraries\CurlUtils;
use App\Models\InvoiceDesign;
use App\Models\Language;
2015-03-23 07:52:01 +01:00
use Auth;
2015-03-30 21:45:10 +02:00
use Cache;
2017-01-30 20:40:43 +01:00
use Closure;
2015-04-02 15:06:16 +02:00
use Event;
2017-01-30 20:40:43 +01:00
use Illuminate\Http\Request;
use Input;
use Redirect;
use Schema;
2017-01-30 20:40:43 +01:00
use Session;
use Utils;
2015-03-17 02:30:56 +01:00
/**
2017-01-30 20:40:43 +01:00
* Class StartupCheck.
*/
2015-04-08 15:19:17 +02:00
class StartupCheck
{
/**
* Handle an incoming request.
*
2017-01-30 20:40:43 +01:00
* @param Request $request
* @param Closure $next
*
2015-04-08 15:19:17 +02:00
* @return mixed
*/
public function handle(Request $request, Closure $next)
2015-04-08 15:19:17 +02:00
{
// Set up trusted X-Forwarded-Proto proxies
// TRUSTED_PROXIES accepts a comma delimited list of subnets
2015-10-14 19:18:19 +02:00
// ie, TRUSTED_PROXIES='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
2018-02-21 11:31:58 +01:00
// set TRUSTED_PROXIES=* if you want to trust every proxy.
if (isset($_ENV['TRUSTED_PROXIES'])) {
2018-02-21 11:31:58 +01:00
if (env('TRUSTED_PROXIES') == '*') {
$request->setTrustedProxies(['127.0.0.1', $request->server->get('REMOTE_ADDR')]);
} else{
$request->setTrustedProxies(array_map('trim', explode(',', env('TRUSTED_PROXIES'))));
}
}
2015-10-14 19:18:19 +02:00
2015-04-08 15:19:17 +02:00
// Ensure all request are over HTTPS in production
2017-01-30 20:40:43 +01:00
if (Utils::requireHTTPS() && ! $request->secure()) {
return Redirect::secure($request->path());
2015-04-08 15:19:17 +02:00
}
// If the database doens't yet exist we'll skip the rest
2017-01-30 20:40:43 +01:00
if (! Utils::isNinja() && ! Utils::isDatabaseSetup()) {
2015-04-08 15:19:17 +02:00
return $next($request);
2015-03-30 21:45:10 +02:00
}
2015-03-17 02:30:56 +01:00
2018-03-23 09:29:30 +01:00
// Check to prevent headless browsers from triggering activity
if (Utils::isNinja() && ! $request->phantomjs && strpos($request->header('User-Agent'), 'Headless') !== false) {
2018-03-25 11:52:45 +02:00
abort(403);
2018-03-23 09:29:30 +01:00
}
2018-07-17 16:14:34 +02:00
if (Utils::isSelfHost()) {
// Check if config:cache may have been run
if (! env('APP_URL')) {
echo "<p>There appears to be a problem with your configuration, please check your .env file.</p>" .
"<p>If you've run 'php artisan config:cache' you will need to run 'php artisan config:clear'</p>.";
exit;
}
// Check if a new version was installed
2015-09-25 11:57:40 +02:00
$file = storage_path() . '/version.txt';
$version = @file_get_contents($file);
if ($version != NINJA_VERSION) {
2021-02-19 09:20:45 +01:00
if (version_compare(phpversion(), '7.1.0', '<')) {
dd('Please update PHP to >= 7.1.0');
2016-02-28 13:09:42 +01:00
}
2015-09-25 11:57:40 +02:00
$handle = fopen($file, 'w');
fwrite($handle, NINJA_VERSION);
fclose($handle);
2017-01-30 20:40:43 +01:00
2015-09-25 11:57:40 +02:00
return Redirect::to('/update');
}
}
2017-05-10 11:41:31 +02:00
if (env('MULTI_DB_ENABLED')) {
if ($server = session(SESSION_DB_SERVER)) {
config(['database.default' => $server]);
}
}
2015-04-08 15:19:17 +02:00
if (Auth::check()) {
2017-08-27 22:16:22 +02:00
$company = Auth::user()->account->company;
2015-04-08 15:19:17 +02:00
$count = Session::get(SESSION_COUNTER, 0);
Session::put(SESSION_COUNTER, ++$count);
2017-08-25 12:46:32 +02:00
if (Utils::isNinja()) {
2019-12-03 10:27:30 +01:00
if (($coupon = request()->coupon) && ! $company->hasActivePlan()) {
2017-08-25 12:46:32 +02:00
if ($code = config('ninja.coupon_50_off')) {
if (hash_equals($coupon, $code)) {
$company->applyDiscount(.5);
$company->save();
Session::flash('message', trans('texts.applied_discount', ['discount' => 50]));
}
}
if ($code = config('ninja.coupon_75_off')) {
if (hash_equals($coupon, $code)) {
$company->applyDiscount(.75);
$company->save();
Session::flash('message', trans('texts.applied_discount', ['discount' => 75]));
}
}
if ($code = config('ninja.coupon_free_year')) {
if (hash_equals($coupon, $code)) {
$company->applyFreeYear();
$company->save();
Session::flash('message', trans('texts.applied_free_year'));
}
}
}
}
// Check the application is up to date and for any news feed messages
2017-01-30 20:40:43 +01:00
if (isset($_SERVER['REQUEST_URI']) && ! Utils::startsWith($_SERVER['REQUEST_URI'], '/news_feed') && ! Session::has('news_feed_id')) {
2015-04-08 15:19:17 +02:00
$data = false;
if (Utils::isNinja()) {
$data = Utils::getNewsFeedResponse();
} else {
2016-09-12 08:30:31 +02:00
$file = @CurlUtils::get(NINJA_APP_URL.'/news_feed/'.Utils::getUserType().'/'.NINJA_VERSION);
2015-04-08 15:19:17 +02:00
$data = @json_decode($file);
}
if ($data) {
2015-04-30 19:54:19 +02:00
if (version_compare(NINJA_VERSION, $data->version, '<')) {
2015-04-08 15:19:17 +02:00
$params = [
2015-04-30 19:54:19 +02:00
'user_version' => NINJA_VERSION,
'latest_version' => $data->version,
'releases_link' => link_to(RELEASES_URL, 'Invoice Ninja', ['target' => '_blank']),
];
2015-04-08 15:19:17 +02:00
Session::put('news_feed_id', NEW_VERSION_AVAILABLE);
Session::flash('news_feed_message', trans('texts.new_version_available', $params));
2015-04-08 15:19:17 +02:00
} else {
Session::put('news_feed_id', $data->id);
if ($data->message && $data->id > Auth::user()->news_feed_id) {
Session::flash('news_feed_message', $data->message);
2015-04-08 15:19:17 +02:00
}
}
} else {
Session::put('news_feed_id', true);
}
}
}
2015-03-30 21:56:01 +02:00
2015-04-08 15:19:17 +02:00
// Check if we're requesting to change the account's language
if (Input::has('lang')) {
$locale = Input::get('lang');
App::setLocale($locale);
2018-02-26 10:52:34 +01:00
session([SESSION_LOCALE => $locale]);
2015-04-08 15:19:17 +02:00
if (Auth::check()) {
if ($language = Language::whereLocale($locale)->first()) {
$account = Auth::user()->account;
$account->language_id = $language->id;
$account->save();
}
}
} elseif (Auth::check()) {
$locale = Auth::user()->account->language ? Auth::user()->account->language->locale : DEFAULT_LOCALE;
2015-04-08 15:19:17 +02:00
App::setLocale($locale);
2015-11-18 22:37:11 +01:00
} elseif (session(SESSION_LOCALE)) {
App::setLocale(session(SESSION_LOCALE));
2015-04-08 15:19:17 +02:00
}
// Make sure the account/user localization settings are in the session
2017-01-30 20:40:43 +01:00
if (Auth::check() && ! Session::has(SESSION_TIMEZONE)) {
Event::fire(new UserLoggedIn());
2015-04-08 15:19:17 +02:00
}
// Check if the user is claiming a license (ie, additional invoices, white label, etc.)
2017-01-30 17:05:31 +01:00
if (! Utils::isNinjaProd() && isset($_SERVER['REQUEST_URI'])) {
2015-08-20 17:09:04 +02:00
$claimingLicense = Utils::startsWith($_SERVER['REQUEST_URI'], '/claim_license');
2017-01-30 17:05:31 +01:00
if (! $claimingLicense && Input::has('license_key') && Input::has('product_id')) {
2015-08-20 17:09:04 +02:00
$licenseKey = Input::get('license_key');
$productId = Input::get('product_id');
2016-05-15 22:16:08 +02:00
$url = (Utils::isNinjaDev() ? SITE_URL : NINJA_APP_URL) . "/claim_license?license_key={$licenseKey}&product_id={$productId}&get_date=true";
2016-09-12 08:30:31 +02:00
$data = trim(CurlUtils::get($url));
2016-05-15 22:16:08 +02:00
2017-04-30 13:25:27 +02:00
if ($data == RESULT_FAILURE) {
Session::flash('error', trans('texts.invalid_white_label_license'));
} elseif ($data) {
$date = date_create($data)->modify('+1 year');
if ($date < date_create()) {
Session::flash('message', trans('texts.expired_white_label'));
} else {
$company->plan_term = PLAN_TERM_YEARLY;
$company->plan_paid = $data;
$company->plan_expires = $date->format('Y-m-d');
$company->plan = PLAN_WHITE_LABEL;
$company->save();
Session::flash('message', trans('texts.bought_white_label'));
}
2017-04-30 13:25:27 +02:00
} else {
Session::flash('error', trans('texts.white_label_license_error'));
2015-04-08 15:19:17 +02:00
}
}
}
2015-09-20 23:05:02 +02:00
// Check data has been cached
2015-11-19 12:37:30 +01:00
$cachedTables = unserialize(CACHED_TABLES);
2015-09-20 23:05:02 +02:00
if (Input::has('clear_cache')) {
Session::flash('message', 'Cache cleared');
}
foreach ($cachedTables as $name => $class) {
2017-01-30 20:40:43 +01:00
if (Input::has('clear_cache') || ! Cache::has($name)) {
// check that the table exists in case the migration is pending
2017-01-30 20:40:43 +01:00
if (! Schema::hasTable((new $class())->getTable())) {
continue;
}
2015-09-20 23:05:02 +02:00
if ($name == 'paymentTerms') {
$orderBy = 'num_days';
} elseif ($name == 'fonts') {
2016-01-07 08:08:30 +01:00
$orderBy = 'sort_order';
2016-01-20 00:07:31 +01:00
} elseif (in_array($name, ['currencies', 'industries', 'languages', 'countries', 'banks'])) {
2015-09-20 23:05:02 +02:00
$orderBy = 'name';
} else {
$orderBy = 'id';
}
$tableData = $class::orderBy($orderBy)->get();
if ($tableData->count()) {
2015-09-20 23:05:02 +02:00
Cache::forever($name, $tableData);
}
}
}
2016-05-15 22:16:08 +02:00
2015-09-25 11:57:40 +02:00
// Show message to IE 8 and before users
2015-08-03 10:02:35 +02:00
if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match('/(?i)msie [2-8]/', $_SERVER['HTTP_USER_AGENT'])) {
2018-02-20 22:20:38 +01:00
Session::flash('error', trans('texts.old_browser', ['link' => link_to(OUTDATE_BROWSER_URL, trans('texts.newer_browser'), ['target' => '_blank'])]));
2015-07-07 22:08:16 +02:00
}
$response = $next($request);
//$response->headers->set('X-Frame-Options', 'DENY');
2015-07-07 22:08:16 +02:00
return $response;
2015-04-08 15:19:17 +02:00
}
2015-03-17 02:30:56 +01:00
}