-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathapp.php
248 lines (229 loc) Β· 10.2 KB
/
app.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
<?php
// This script is the main entry point for the app. Routes are defined here and
// other PHP files are also loaded from here. This script and gets loaded from
// the file [public\index.php].
// ------------------------------------------------------------------
// Classes used in this file. Classes are not loaded unless used.
// ------------------------------------------------------------------
use FastSitePHP\Lang\I18N;
use FastSitePHP\Web\Response;
// --------------------------------------------------------------------------------------
// Site Configuration
// By default FastSitePHP does not require any site configuration in order to run.
// Config is used for this site to allow template rendering and language translations.
// --------------------------------------------------------------------------------------
// General Application Settings
$app->controller_root = 'App\Controllers';
$app->middleware_root = 'App\Middleware';
$app->template_dir = __DIR__ . '/Views/';
$app->header_templates = '_header.php';
$app->footer_templates = '_footer.php';
$app->error_template = 'error.php';
$app->not_found_template = 'error.php';
$app->config['APP_DATA'] = __DIR__ . '/../app_data';
// Show detailed errors if desired.
// By default detailed errors will only show on localhost.
//
// $app->show_detailed_errors = true;
// Translation Settings
$app->config['I18N_DIR'] = __DIR__ . '/../app_data/i18n';
$app->config['I18N_FALLBACK_LANG'] = 'en';
I18N::setup($app);
// Uncomment the following line if desired to prevent
// browsers or client from caching responses:
//
// $app->noCache();
// Include a CSP (Content-Security-Policy) Response Header for HTML Content.
// CSP is used to reduce the risk from cross-site scripting (XSS), click-jacking,
// and other code injection attacks. Helpful Links:
// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
// https://developers.google.com/web/fundamentals/security/csp
//
// Uncomment the code block to turn this feature on. Currently this feature is
// commented out by default to allow for easier initial development for developers
// when testing or developing with the Starter Site. If you publish a site that
// allows users to enter comments or other content then researching and
// implementing CSP for your site is recommended because it can help
// prevent users from creating malicious content.
/*
$app->onRender(function() use ($app) {
// By default this is set to work with the current template using strict
// rules so that only content from the current domain can be included.
// This is a very strict policy so it even blocks inline styles such as
// <style> and <div style="...."> from being used on a site.
$app->header('Content-Security-Policy', "default-src 'self'");
// For many sites CDN or other links will typically be included.
// The below example uses the following rules:
// - Only content from the current domain can be included
// - For CSS inline [style] attributes can be used and bootstrap CDN can be used.
// - Inline <script> tags are blocked because 'unsafe-inline' is not specified as default or for [script-src].
//
// $app->header('Content-Security-Policy', "default-src 'self'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com;");
});
*/
// ----------------------------------------------------------------------------
// Routes
// FastSitePHP provides a number of different methods of defining routes.
// The code below provides several different examples.
// ----------------------------------------------------------------------------
/**
* Root URL, redirect to the user's default language based the 'Accept-Language'
* request header. Defaults to 'en = English' if no language is matched.
*
* This route is defined as a callback function (Closure in PHP).
* Defining routes with callback functions allows for fast prototyping
* and works well when minimal logic is used. As code grows in size it
* can be organized into controller classes.
*
* Unlike JavaScript PHP functions do not have access to variables in the
* parent scope. The [use] keyword as shown below can be used to pass
* variables from the parent scope.
*
* The response header [Vary: Accept-Language] is used for Content
* negotiation to let bots know that the content will change based
* on language. For example this applies to Googlebot and Bingbot.
*/
$app->get('/', function() use ($app) {
$res = new Response();
return $res
->vary('Accept-Language')
->redirect($app->rootUrl() . I18N::getUserDefaultLang() . '/');
// If your server does not support `index.php` as a fallback resource but
// still uses it as the default page you can then use the following:
/*
$root_url = $app->rootUrl();
if (stripos($root_url, 'index.php/') === false) {
$root_url .= 'index.php/';
}
$res = new Response();
return $res
->vary('Accept-Language')
->redirect($root_url . I18N::getUserDefaultLang() . '/');
*/
});
/**
* Home Page
*
* The template [home-page.php] exits in the [Views] folder/directory
* which is specified from the setting [$app->template_dir] near the top
* of this file. Additionally header and footer templates will be included
* because they are also defined in the site settings.
*/
$app->get('/:lang', function($lang) use ($app) {
// Load JSON Language File
I18N::langFile('home-page', $lang);
// Render a PHP Template and return the results
// NOTE - On most versions of PHP (5.4+) you can use `[]` instead of `array()`
return $app->render('home-page.php', array(
'nav_active_link' => 'home',
));
});
/**
* Define routes that point to specific Controllers and Methods. The optional
* config option [controller_root] defined near the top of this file is used
* to specify the root class namespace.
*
* The two format options are 'class' and 'class.method'. When using only
* class name then the route function [route(), get(), post(), put(), etc]
* will be used for the method name of the matching controller.
*
* Controller Classes are defined in the folder/directory [app/Controllers]
* because the PHP Autoloader maps the [app] directory to the [App] namespace
* when classes are loaded.
*/
$app->get('/:lang/resources', 'Resources');
$app->get('/:lang/lorem-ipsum', 'LoremIpsumDemo');
$app->get('/:lang/lorem-ipsum/data', 'LoremIpsumDemo.getData');
/**
* Authentication Demo
*
* The page '/:lang/auto-demo' and API route '/api/data-demo' uses a filter
* function with the Auth Middleware Class from [app/Middleware/Auth.php].
* When first viewed a login page will be displayed from the filter function.
* Once logged in and the user has access then they can view the page.
* The filter function is only called if the requested path matches the route.
*
* The provided login page at [app/Views/login-page.php] and App Auth Classes
* can be used as a starting point for your own site and is designed to work well
* with standard Websites, Single Page Apps (SPA), and API's.
*
* Middleware Classes are defined in the folder/directory [app/Middleware]
* which is specified from the [$app->middleware_root] setting near the top
* of this file. [middleware_root] defines the root class namespace.
*/
$app->post('/:lang/auth/login', 'Auth.login');
$app->route('/auth/logout', 'Auth.logout');
$app->route('/:lang/auth/logout', 'Auth.logout');
$app->get('/:lang/auth-demo', 'AuthDemo')->filter('Auth.hasAccess');
/**
* The Auth API demo JSON Service can be tested from a HTTP Client
* or App such as Postman or Hoppscotch. You can also view it from your
* browser once you login.
*
* To test from an HTTP Client add the following request headers when submitting the request:
*
* Content-Type: application/json
* Authorization: Bearer {access-token}
*
* A valid {access-token} can be determined from the 'X-Access-Token' Response Header
* from the Login Service. Full example with the default demo user:
*
* 1) First view the API Service without a Login:
* GET /api/data-demo
* Include Request Header [Content-Type: application/json] for a JSON Response,
* or exclude the header to return and HTML Response with login page.
* Response Returned:
* 401 Unauthorized
* WWW-Authenticate: Bearer
* { "success":false, "authRequired":true }
*
* 2) Login:
* POST /en/auth/login
* Include Request Header:
* Content-Type: application/x-www-form-urlencoded
* Include Form Fields:
* user: Admin
* password: Password123
*
* 3) Get Access Token from Response Header:
* Response Returned:
* X-Access-Token: {{access-token}}
* { "success":true }
*
* 4) Submit valid API Request:
* GET /api/data-demo
* Include Request Headers:
* Content-Type: application/json
* Authorization: Bearer {{access-token}}
* [Content-Type] is not actually needed for a valid response on this
* specific route, rather it is included on the invalid response so
* that a JSON response will be returned.
*/
$app
->get('/api/data-demo', 'AuthDemo.getData')
->filter('Cors.acceptAuth')
->filter('Auth.hasAccess');
/**
* Example of an 500 error page. Because a filter function is used this will
* only run from localhost. See the [Middleware] directory for the source of
* the filter function 'Env.isLocalhost'. Example URL if running locally:
* http://localhost:3000/public/site/example-error
*/
$app->get('/site/example-error', function() {
throw new \Exception('Example Error');
})
->filter('Env.isLocalhost');
/**
* Load additional route files if the requested URL matches.
*
* This feature can be used to limit the number of routes that are loaded
* for each request on a site with many pages and allows for code to be
* organized into smaller files that are related.
*
* When specifying an optional condition (3rd parameter) the file will only
* be loaded if the condition returns [true]. In this example with [sysinfo] routes
* when using the [Env.isLocalhost] function the routes will only be loaded if the user
* is requesting the page from localhost. If the request is coming from someone on
* the internet then a 404 Response 'Page not found' would be returned.
*/
$app->mount('/sysinfo/', 'routes-sysinfo.php', 'Env.isLocalhost');