xref: /webtrees/app/Http/Middleware/UseDatabase.php (revision 5bfc689774bb9a6401271c4ed15a6d50652c991b) 
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2022 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\Middleware;
21
22use Fisharebest\Webtrees\Validator;
23use Fisharebest\Webtrees\Webtrees;
24use Illuminate\Database\Capsule\Manager as DB;
25use PDO;
26use PDOException;
27use Psr\Http\Message\ResponseInterface;
28use Psr\Http\Message\ServerRequestInterface;
29use Psr\Http\Server\MiddlewareInterface;
30use Psr\Http\Server\RequestHandlerInterface;
31use RuntimeException;
32
33/**
34 * Middleware to connect to the database.
35 */
36class UseDatabase implements MiddlewareInterface
37{
38    /**
39     * @param ServerRequestInterface  $request
40     * @param RequestHandlerInterface $handler
41     *
42     * @return ResponseInterface
43     */
44    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
45    {
46        // Earlier versions of webtrees did not have a dbtype config option.  They always used mysql.
47        $driver = Validator::attributes($request)->string('dbtype', 'mysql');
48
49        $dbname = Validator::attributes($request)->string('dbname');
50
51        if ($driver === 'sqlite') {
52            $dbname = Webtrees::ROOT_DIR . 'data/' . $dbname . '.sqlite';
53        }
54
55        $capsule = new DB();
56
57        // Newer versions of webtrees support utf8mb4.  Older ones only support 3-byte utf8
58        if ($driver === 'mysql' && Validator::attributes($request)->boolean('mysql_utf8mb4', false)) {
59            $charset   = 'utf8mb4';
60            $collation = 'utf8mb4_unicode_ci';
61        } else {
62            $charset   = 'utf8';
63            $collation = 'utf8_unicode_ci';
64        }
65
66        $options = [
67            // Some drivers do this and some don't.  Make them consistent.
68            PDO::ATTR_STRINGIFY_FETCHES => true,
69        ];
70
71        $dbkey    = Validator::attributes($request)->string('dbkey', '');
72        $dbcert   = Validator::attributes($request)->string('dbcert', '');
73        $dbca     = Validator::attributes($request)->string('dbca', '');
74        $dbverify = Validator::attributes($request)->boolean('dbverify', false);
75
76        // MySQL/MariaDB support encrypted connections
77        if ($dbkey !== '' && $dbcert !== '' && $dbca !== '') {
78            $options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $dbverify;
79            $options[PDO::MYSQL_ATTR_SSL_KEY]                = Webtrees::ROOT_DIR . 'data/' . $dbkey;
80            $options[PDO::MYSQL_ATTR_SSL_CERT]               = Webtrees::ROOT_DIR . 'data/' . $dbcert;
81            $options[PDO::MYSQL_ATTR_SSL_CA]                 = Webtrees::ROOT_DIR . 'data/' . $dbca;
82        }
83
84        $capsule->addConnection([
85            'driver'                  => $driver,
86            'host'                    => Validator::attributes($request)->string('dbhost'),
87            'port'                    => Validator::attributes($request)->string('dbport'),
88            'database'                => $dbname,
89            'username'                => Validator::attributes($request)->string('dbuser'),
90            'password'                => Validator::attributes($request)->string('dbpass'),
91            'prefix'                  => Validator::attributes($request)->string('tblpfx'),
92            'prefix_indexes'          => true,
93            'options'                 => $options,
94            // For MySQL
95            'charset'                 => $charset,
96            'collation'               => $collation,
97            'timezone'                => '+00:00',
98            'engine'                  => 'InnoDB',
99            'modes'                   => [
100                'ANSI',
101                'STRICT_ALL_TABLES',
102                // Use SQL injection(!) to override MAX_JOIN_SIZE and GROUP_CONCAT_MAX_LEN settings.
103                "', SQL_BIG_SELECTS=1, GROUP_CONCAT_MAX_LEN=1048576, @foobar='"
104            ],
105            // For SQLite
106            'foreign_key_constraints' => true,
107        ]);
108
109        $capsule->setAsGlobal();
110
111        try {
112            // Eager-load the connection, to prevent database credentials appearing in error logs.
113            DB::connection()->getPdo();
114        } catch (PDOException $exception) {
115            throw new RuntimeException($exception->getMessage());
116        }
117
118        return $handler->handle($request);
119    }
120}
121