xref: /webtrees/app/Http/Middleware/UseSession.php (revision d11be7027e34e3121be11cc025421873364403f9)
1b5979037SGreg Roach<?php
23976b470SGreg Roach
3b5979037SGreg Roach/**
4b5979037SGreg Roach * webtrees: online genealogy
5*d11be702SGreg Roach * Copyright (C) 2023 webtrees development team
6b5979037SGreg Roach * This program is free software: you can redistribute it and/or modify
7b5979037SGreg Roach * it under the terms of the GNU General Public License as published by
8b5979037SGreg Roach * the Free Software Foundation, either version 3 of the License, or
9b5979037SGreg Roach * (at your option) any later version.
10b5979037SGreg Roach * This program is distributed in the hope that it will be useful,
11b5979037SGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
12b5979037SGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13b5979037SGreg Roach * GNU General Public License for more details.
14b5979037SGreg Roach * You should have received a copy of the GNU General Public License
1589f7189bSGreg Roach * along with this program. If not, see <https://www.gnu.org/licenses/>.
16b5979037SGreg Roach */
17fcfa147eSGreg Roach
18b5979037SGreg Roachdeclare(strict_types=1);
19b5979037SGreg Roach
20b5979037SGreg Roachnamespace Fisharebest\Webtrees\Http\Middleware;
21b5979037SGreg Roach
22b5979037SGreg Roachuse Fisharebest\Webtrees\Auth;
231fe542e9SGreg Roachuse Fisharebest\Webtrees\Contracts\UserInterface;
24b5979037SGreg Roachuse Fisharebest\Webtrees\Session;
25e931043eSGreg Roachuse Fisharebest\Webtrees\Webtrees;
266ccdf4f0SGreg Roachuse Psr\Http\Message\ResponseInterface;
276ccdf4f0SGreg Roachuse Psr\Http\Message\ServerRequestInterface;
286ccdf4f0SGreg Roachuse Psr\Http\Server\MiddlewareInterface;
296ccdf4f0SGreg Roachuse Psr\Http\Server\RequestHandlerInterface;
30b5979037SGreg Roach
31dc6156d0SGreg Roachuse function session_destroy;
32dc6156d0SGreg Roachuse function session_status;
33d97083feSGreg Roachuse function time;
34dc6156d0SGreg Roach
35dc6156d0SGreg Roachuse const PHP_SESSION_ACTIVE;
36dc6156d0SGreg Roach
37b5979037SGreg Roach/**
38b5979037SGreg Roach * Middleware to activate sessions.
39b5979037SGreg Roach */
40b5979037SGreg Roachclass UseSession implements MiddlewareInterface
41b5979037SGreg Roach{
42d97083feSGreg Roach    // To avoid read-write contention on the wt_user_setting table, don't update the last-active time on every request.
43d97083feSGreg Roach    private const UPDATE_ACTIVITY_INTERVAL = 60;
44d97083feSGreg Roach
45b5979037SGreg Roach    /**
466ccdf4f0SGreg Roach     * @param ServerRequestInterface  $request
476ccdf4f0SGreg Roach     * @param RequestHandlerInterface $handler
48b5979037SGreg Roach     *
496ccdf4f0SGreg Roach     * @return ResponseInterface
50b5979037SGreg Roach     */
516ccdf4f0SGreg Roach    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
52b5979037SGreg Roach    {
53dc6156d0SGreg Roach        // Some sites (e.g. Wordpress/NinjaFirewall) use the PHP auto_prepend_file
54dc6156d0SGreg Roach        // setting to run their own startup code - which may start a session.
55dc6156d0SGreg Roach        if (session_status() === PHP_SESSION_ACTIVE) {
56dc6156d0SGreg Roach            session_destroy();
57dc6156d0SGreg Roach        }
58dc6156d0SGreg Roach
59b5979037SGreg Roach        // Sessions
604d7dd147SGreg Roach        Session::start($request);
61b5979037SGreg Roach
6257ab2231SGreg Roach        $user = Auth::user();
6357ab2231SGreg Roach
64d97083feSGreg Roach        // Update the last-login time.
65b5979037SGreg Roach        if (Session::get('masquerade') === null) {
66d97083feSGreg Roach            $last = (int) $user->getPreference(UserInterface::PREF_TIMESTAMP_ACTIVE);
67e88d077cSGreg Roach
68d97083feSGreg Roach            if (time() - $last >= self::UPDATE_ACTIVITY_INTERVAL) {
69d97083feSGreg Roach                $user->setPreference(UserInterface::PREF_TIMESTAMP_ACTIVE, (string) time());
70b5979037SGreg Roach            }
71b5979037SGreg Roach        }
72b5979037SGreg Roach
73e931043eSGreg Roach        // Allow request handlers, modules, etc. to have a dependency on the current user.
74e931043eSGreg Roach        Webtrees::set(UserInterface::class, $user);
75e931043eSGreg Roach
7657ab2231SGreg Roach        $request = $request->withAttribute('user', $user);
770c8c69d4SGreg Roach
788246ffa1SGreg Roach        $response = $handler->handle($request);
798246ffa1SGreg Roach
80dc6b8e0eSGreg Roach        Session::save();
818246ffa1SGreg Roach
828246ffa1SGreg Roach        return $response;
83b5979037SGreg Roach    }
84b5979037SGreg Roach}
85