mapguesser/web.php

<?php

use SokoWeb\Response\HttpResponse;
use SokoWeb\Routing\RouteCollection;
use SokoWeb\Session\DatabaseSessionHandler;
use SokoWeb\Request\Request;
use SokoWeb\Request\Session;
use MapGuesser\Controller\MapsController;
use MapGuesser\Controller\HomeController;
use MapGuesser\Controller\LoginController;
use MapGuesser\Controller\UserController;
use MapGuesser\Controller\GameController;
use MapGuesser\Controller\GameFlowController;
use MapGuesser\Controller\MapAdminController;
use MapGuesser\Repository\UserRepository;

require 'main.php';

error_reporting(E_ALL);
if (!empty($_ENV['DEV'])) {
    ini_set('display_errors', '1');
} else {
    ini_set('display_errors', '0');
}

Container::$routeCollection = new RouteCollection();

Container::$routeCollection->get('index', '', [MapsController::class, 'getMaps']);
Container::$routeCollection->get('startSession', 'startSession.json', [HomeController::class, 'startSession']);
Container::$routeCollection->group('login', function (RouteCollection $routeCollection) {
    $routeCollection->get('login', '', [LoginController::class, 'getLoginForm']);
    $routeCollection->post('login-action', '', [LoginController::class, 'login']);
    $routeCollection->get('login-google', 'google', [LoginController::class, 'getGoogleLoginRedirect']);
    $routeCollection->get('login-google-action', 'google/code', [LoginController::class, 'loginWithGoogle']);
});
Container::$routeCollection->group('signup', function (RouteCollection $routeCollection) {
    $routeCollection->get('signup', '', [LoginController::class, 'getSignupForm']);
    $routeCollection->post('signup-action', '', [LoginController::class, 'signup']);
    $routeCollection->get('signup-google', 'google', [LoginController::class, 'getSignupWithGoogleForm']);
    $routeCollection->post('signup.reset', 'reset', [LoginController::class, 'resetSignup']);
    $routeCollection->post('signup-google.reset', 'google/reset', [LoginController::class, 'resetGoogleSignup']);
    $routeCollection->get('signup.success', 'success', [LoginController::class, 'getSignupSuccess']);
    $routeCollection->get('signup.activate', 'activate/{token}', [LoginController::class, 'activate']);
    $routeCollection->get('signup.cancel', 'cancel/{token}', [LoginController::class, 'cancel']);
});
Container::$routeCollection->group('password', function (RouteCollection $routeCollection) {
    $routeCollection->get('password-requestReset', 'requestReset', [LoginController::class, 'getRequestPasswordResetForm']);
    $routeCollection->post('password-requestReset-action', 'requestReset', [LoginController::class, 'requestPasswordReset']);
    $routeCollection->get('password-requestReset.success', 'requestReset/success', [LoginController::class, 'getRequestPasswordResetSuccess']);
    $routeCollection->get('password-reset', 'reset/{token}', [LoginController::class, 'getResetPasswordForm']);
    $routeCollection->post('password-reset.action', 'reset/{token}', [LoginController::class, 'resetPassword']);
});
Container::$routeCollection->get('logout', 'logout', [LoginController::class, 'logout']);
Container::$routeCollection->group('account', function (RouteCollection $routeCollection) {
    $routeCollection->get('account', '', [UserController::class, 'getAccount']);
    $routeCollection->post('account-action', '', [UserController::class, 'saveAccount']);
    $routeCollection->get('account.delete', 'delete', [UserController::class, 'getDeleteAccount']);
    $routeCollection->post('account.delete-action', 'delete', [UserController::class, 'deleteAccount']);
    $routeCollection->get('account.googleConnect', 'googleConnect', [UserController::class, 'getGoogleConnectRedirect']);
    $routeCollection->get('account.googleConnect-confirm', 'googleConnect/code', [UserController::class, 'getGoogleConnectConfirm']);
    $routeCollection->post('account.googleConnect-action', 'googleConnect', [UserController::class, 'connectGoogle']);
    $routeCollection->get('account.googleDisconnect', 'googleDisconnect', [UserController::class, 'getGoogleDisconnectConfirm']);
    $routeCollection->post('account.googleDisconnect-action', 'googleDisconnect', [UserController::class, 'disconnectGoogle']);
    $routeCollection->get('account.googleAuthenticate', 'googleAuthenticate', [UserController::class, 'getGoogleAuthenticateRedirect']);
    $routeCollection->get('account.googleAuthenticate-action', 'googleAuthenticate/code', [UserController::class, 'authenticateWithGoogle']);
});
//Container::$routeCollection->get('maps', 'maps', [MapsController::class, 'getMaps']);
Container::$routeCollection->group('game', function (RouteCollection $routeCollection) {
    $routeCollection->get('game', '{mapId}', [GameController::class, 'getGame']);
    $routeCollection->post('game.prepare-json', '{mapId}/prepare.json', [GameController::class, 'prepareGame']);
    $routeCollection->post('game.initialData-json', '{mapId}/initialData.json', [GameFlowController::class, 'initialData']);
    $routeCollection->post('game.guess-json', '{mapId}/guess.json', [GameFlowController::class, 'guess']);
});
Container::$routeCollection->group('multiGame', function (RouteCollection $routeCollection) {
    $routeCollection->get('multiGame.new', 'new/{mapId}', [GameController::class, 'getNewMultiGame']);
    $routeCollection->get('multiGame', '{roomId}', [GameController::class, 'getMultiGame']);
    $routeCollection->post('multiGame.prepare-json', '{roomId}/prepare.json', [GameController::class, 'prepareMultiGame']);
    $routeCollection->post('multiGame.initialData-json', '{roomId}/initialData.json', [GameFlowController::class, 'multiInitialData']);
    $routeCollection->post('multiGame.nextRound-json', '{roomId}/nextRound.json', [GameFlowController::class, 'multiNextRound']);
    $routeCollection->post('multiGame.guess-json', '{roomId}/guess.json', [GameFlowController::class, 'multiGuess']);
});
Container::$routeCollection->group('challenge', function (RouteCollection $routeCollection) {
    $routeCollection->post('challenge.create', 'create.json', [GameController::class, 'createNewChallenge']);
    $routeCollection->get('challenge', '{challengeToken}', [GameController::class, 'getChallenge']);
    $routeCollection->post('challenge.prepare-json', '{challengeToken}/prepare.json', [GameController::class, 'prepareChallenge']);
    $routeCollection->post('challenge.initialData-json', '{challengeToken}/initialData.json', [GameFlowController::class, 'challengeInitialData']);
    $routeCollection->post('challenge.guess-json', '{challengeToken}/guess.json', [GameFlowController::class, 'challengeGuess']);
});
Container::$routeCollection->group('admin', function (RouteCollection $routeCollection) {
    $routeCollection->get('admin.mapEditor', 'mapEditor/{mapId?}', [MapAdminController::class, 'getMapEditor']);
    $routeCollection->get('admin.place', 'place.json/{placeId}', [MapAdminController::class, 'getPlace']);
    $routeCollection->post('admin.saveMap', 'saveMap/{mapId}/json', [MapAdminController::class, 'saveMap']);
    $routeCollection->post('admin.deleteMap', 'deleteMap/{mapId}', [MapAdminController::class, 'deleteMap']);
});

if (isset($_COOKIE['COOKIES_CONSENT'])) {
    Container::$sessionHandler = new DatabaseSessionHandler(
        Container::$dbConnection,
        'sessions',
        new DateTime('-7 days')
    );

    session_set_save_handler(Container::$sessionHandler, true);
    session_start([
        'gc_probability' => 0, // old sessions are deleted by MaintainDatabaseCommand
        'cookie_lifetime' => 0,
        'cookie_path' => '/',
        'cookie_httponly' => true,
        'cookie_samesite' => 'Lax'
    ]);

    // this is needed to handle old type of session IDs
    if (!Container::$sessionHandler->validateId(session_id())) {
        session_regenerate_id(true);
    }
} else {
    $_SESSION = [];
}

Container::$request = new Request(
    $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'],
    $_GET,
    $_POST,
    getallheaders(),
    new Session($_SESSION),
    new UserRepository()
);

if (!Container::$request->session()->has('anti_csrf_token')) {
    Container::$request->session()->set('anti_csrf_token', bin2hex(random_bytes(16)));
}

$appConfig = [
    'antiCsrfTokenName' => 'anti_csrf_token',
    'antiCsrfTokenErrorResponse' => ['error' => 'no_valid_anti_csrf_token'],
    'antiCsrfTokenExceptions' => [],
    'loginRouteId' => 'login',
    'error404View' => 'error/404',
    'error500View' => 'error/500'
];

$httpReponse = new HttpResponse(
    Container::$request,
    Container::$dbConnection,
    Container::$routeCollection,
    $appConfig,
    $_SERVER['REQUEST_METHOD'],
    $_SERVER['REQUEST_URI']
);
$httpReponse->render();
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00			`<?php`

adapt code to soko-web 0.4 2023-04-16 21:37:39 +02:00			`use SokoWeb\Response\HttpResponse;`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`use SokoWeb\Routing\RouteCollection;`
			`use SokoWeb\Session\DatabaseSessionHandler;`
			`use SokoWeb\Request\Request;`
adapt to new soko-web interfaces 2023-05-02 13:18:14 +02:00			`use SokoWeb\Request\Session;`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`use MapGuesser\Controller\MapsController;`
			`use MapGuesser\Controller\HomeController;`
			`use MapGuesser\Controller\LoginController;`
			`use MapGuesser\Controller\UserController;`
			`use MapGuesser\Controller\GameController;`
			`use MapGuesser\Controller\GameFlowController;`
			`use MapGuesser\Controller\MapAdminController;`
			`use MapGuesser\Repository\UserRepository;`
adapt code to soko-web 0.4 2023-04-16 21:37:39 +02:00
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00			`require 'main.php';`

error reporting should always be E_ALL 2023-09-26 23:47:50 +02:00			`error_reporting(E_ALL);`
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00			`if (!empty($_ENV['DEV'])) {`
			`ini_set('display_errors', '1');`
			`} else {`
			`ini_set('display_errors', '0');`
			`}`

use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection = new RouteCollection();`
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->get('index', '', [MapsController::class, 'getMaps']);`
			`Container::$routeCollection->get('startSession', 'startSession.json', [HomeController::class, 'startSession']);`
			`Container::$routeCollection->group('login', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('login', '', [LoginController::class, 'getLoginForm']);`
			`$routeCollection->post('login-action', '', [LoginController::class, 'login']);`
			`$routeCollection->get('login-google', 'google', [LoginController::class, 'getGoogleLoginRedirect']);`
			`$routeCollection->get('login-google-action', 'google/code', [LoginController::class, 'loginWithGoogle']);`
MAPG-69 group routes to better overview 2020-06-21 15:43:49 +02:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->group('signup', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('signup', '', [LoginController::class, 'getSignupForm']);`
			`$routeCollection->post('signup-action', '', [LoginController::class, 'signup']);`
			`$routeCollection->get('signup-google', 'google', [LoginController::class, 'getSignupWithGoogleForm']);`
			`$routeCollection->post('signup.reset', 'reset', [LoginController::class, 'resetSignup']);`
			`$routeCollection->post('signup-google.reset', 'google/reset', [LoginController::class, 'resetGoogleSignup']);`
			`$routeCollection->get('signup.success', 'success', [LoginController::class, 'getSignupSuccess']);`
			`$routeCollection->get('signup.activate', 'activate/{token}', [LoginController::class, 'activate']);`
			`$routeCollection->get('signup.cancel', 'cancel/{token}', [LoginController::class, 'cancel']);`
MAPG-69 group routes to better overview 2020-06-21 15:43:49 +02:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->group('password', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('password-requestReset', 'requestReset', [LoginController::class, 'getRequestPasswordResetForm']);`
			`$routeCollection->post('password-requestReset-action', 'requestReset', [LoginController::class, 'requestPasswordReset']);`
			`$routeCollection->get('password-requestReset.success', 'requestReset/success', [LoginController::class, 'getRequestPasswordResetSuccess']);`
			`$routeCollection->get('password-reset', 'reset/{token}', [LoginController::class, 'getResetPasswordForm']);`
			`$routeCollection->post('password-reset.action', 'reset/{token}', [LoginController::class, 'resetPassword']);`
MAPG-141 add reset password functionality 2020-07-05 00:09:02 +02:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->get('logout', 'logout', [LoginController::class, 'logout']);`
			`Container::$routeCollection->group('account', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('account', '', [UserController::class, 'getAccount']);`
			`$routeCollection->post('account-action', '', [UserController::class, 'saveAccount']);`
			`$routeCollection->get('account.delete', 'delete', [UserController::class, 'getDeleteAccount']);`
			`$routeCollection->post('account.delete-action', 'delete', [UserController::class, 'deleteAccount']);`
add google connect and disconnect to account 2023-09-24 01:30:59 +02:00			`$routeCollection->get('account.googleConnect', 'googleConnect', [UserController::class, 'getGoogleConnectRedirect']);`
			`$routeCollection->get('account.googleConnect-confirm', 'googleConnect/code', [UserController::class, 'getGoogleConnectConfirm']);`
			`$routeCollection->post('account.googleConnect-action', 'googleConnect', [UserController::class, 'connectGoogle']);`
			`$routeCollection->get('account.googleDisconnect', 'googleDisconnect', [UserController::class, 'getGoogleDisconnectConfirm']);`
			`$routeCollection->post('account.googleDisconnect-action', 'googleDisconnect', [UserController::class, 'disconnectGoogle']);`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`$routeCollection->get('account.googleAuthenticate', 'googleAuthenticate', [UserController::class, 'getGoogleAuthenticateRedirect']);`
			`$routeCollection->get('account.googleAuthenticate-action', 'googleAuthenticate/code', [UserController::class, 'authenticateWithGoogle']);`
MAPG-69 group routes to better overview 2020-06-21 15:43:49 +02:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`//Container::$routeCollection->get('maps', 'maps', [MapsController::class, 'getMaps']);`
			`Container::$routeCollection->group('game', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('game', '{mapId}', [GameController::class, 'getGame']);`
			`$routeCollection->post('game.prepare-json', '{mapId}/prepare.json', [GameController::class, 'prepareGame']);`
			`$routeCollection->post('game.initialData-json', '{mapId}/initialData.json', [GameFlowController::class, 'initialData']);`
			`$routeCollection->post('game.guess-json', '{mapId}/guess.json', [GameFlowController::class, 'guess']);`
MAPG-203 add new routes for multiplayer 2021-03-19 23:00:10 +01:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->group('multiGame', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('multiGame.new', 'new/{mapId}', [GameController::class, 'getNewMultiGame']);`
			`$routeCollection->get('multiGame', '{roomId}', [GameController::class, 'getMultiGame']);`
			`$routeCollection->post('multiGame.prepare-json', '{roomId}/prepare.json', [GameController::class, 'prepareMultiGame']);`
			`$routeCollection->post('multiGame.initialData-json', '{roomId}/initialData.json', [GameFlowController::class, 'multiInitialData']);`
			`$routeCollection->post('multiGame.nextRound-json', '{roomId}/nextRound.json', [GameFlowController::class, 'multiNextRound']);`
			`$routeCollection->post('multiGame.guess-json', '{roomId}/guess.json', [GameFlowController::class, 'multiGuess']);`
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->group('challenge', function (RouteCollection $routeCollection) {`
			`$routeCollection->post('challenge.create', 'create.json', [GameController::class, 'createNewChallenge']);`
			`$routeCollection->get('challenge', '{challengeToken}', [GameController::class, 'getChallenge']);`
			`$routeCollection->post('challenge.prepare-json', '{challengeToken}/prepare.json', [GameController::class, 'prepareChallenge']);`
			`$routeCollection->post('challenge.initialData-json', '{challengeToken}/initialData.json', [GameFlowController::class, 'challengeInitialData']);`
			`$routeCollection->post('challenge.guess-json', '{challengeToken}/guess.json', [GameFlowController::class, 'challengeGuess']);`
MAPG-235 new challenge can be created and is prepared 2021-05-12 13:51:06 +02:00			`});`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$routeCollection->group('admin', function (RouteCollection $routeCollection) {`
			`$routeCollection->get('admin.mapEditor', 'mapEditor/{mapId?}', [MapAdminController::class, 'getMapEditor']);`
			`$routeCollection->get('admin.place', 'place.json/{placeId}', [MapAdminController::class, 'getPlace']);`
			`$routeCollection->post('admin.saveMap', 'saveMap/{mapId}/json', [MapAdminController::class, 'saveMap']);`
			`$routeCollection->post('admin.deleteMap', 'deleteMap/{mapId}', [MapAdminController::class, 'deleteMap']);`
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00			`});`

MAPG-172 don't send session if user didn't consent the cookies 2020-06-24 21:37:58 +02:00			`if (isset($_COOKIE['COOKIES_CONSENT'])) {`
adapt to new soko-web interfaces 2023-05-02 13:18:14 +02:00			`Container::$sessionHandler = new DatabaseSessionHandler(`
			`Container::$dbConnection,`
			`'sessions',`
			`new DateTime('-7 days')`
			`);`
MAPG-131 split web specific code from main.php to web.php set the new session handler as session handler configure session with longer lifetime and with stricter cookie settings 2020-06-13 20:42:07 +02:00
MAPG-172 don't send session if user didn't consent the cookies 2020-06-24 21:37:58 +02:00			`session_set_save_handler(Container::$sessionHandler, true);`
			`session_start([`
MAPG-185 switch off builtin session gc 2020-07-05 16:48:37 +02:00			`'gc_probability' => 0, // old sessions are deleted by MaintainDatabaseCommand`
session should be valid for a session 2023-05-02 13:18:37 +02:00			`'cookie_lifetime' => 0,`
MAPG-230 renew session cookie if it already exists 2021-05-09 15:49:27 +02:00			`'cookie_path' => '/',`
MAPG-172 don't send session if user didn't consent the cookies 2020-06-24 21:37:58 +02:00			`'cookie_httponly' => true,`
			`'cookie_samesite' => 'Lax'`
			`]);`
MAPG-142 redefine tokens and increase OAuth security with nonce 2020-07-05 12:25:25 +02:00
			`// this is needed to handle old type of session IDs`
			`if (!Container::$sessionHandler->validateId(session_id())) {`
			`session_regenerate_id(true);`
			`}`
MAPG-172 don't send session if user didn't consent the cookies 2020-06-24 21:37:58 +02:00			`} else {`
			`$_SESSION = [];`
			`}`
MAPG-133 add basic CSRF protection to server side 2020-06-13 22:38:30 +02:00
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`Container::$request = new Request(`
MAPG-243 replace and adapt to soko-web 2023-04-07 20:28:14 +02:00			`$_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'],`
			`$_GET,`
			`$_POST,`
adapt to soko-web 0.2 2023-04-16 17:01:16 +02:00			`getallheaders(),`
adapt to new soko-web interfaces 2023-05-02 13:18:14 +02:00			`new Session($_SESSION),`
use classes at beginning of web.php 2023-04-16 21:44:11 +02:00			`new UserRepository()`
MAPG-243 replace and adapt to soko-web 2023-04-07 20:28:14 +02:00			`);`
MAPG-69 initialize Request earlier add Request to global Container add base URL to Request 2020-06-14 17:11:48 +02:00
			`if (!Container::$request->session()->has('anti_csrf_token')) {`
MAPG-142 redefine tokens and increase OAuth security with nonce 2020-07-05 12:25:25 +02:00			`Container::$request->session()->set('anti_csrf_token', bin2hex(random_bytes(16)));`
MAPG-133 add basic CSRF protection to server side 2020-06-13 22:38:30 +02:00			`}`
adapt code to soko-web 0.4 2023-04-16 21:37:39 +02:00
			`$appConfig = [`
			`'antiCsrfTokenName' => 'anti_csrf_token',`
			`'antiCsrfTokenErrorResponse' => ['error' => 'no_valid_anti_csrf_token'],`
			`'antiCsrfTokenExceptions' => [],`
			`'loginRouteId' => 'login',`
add error view 500 to app config 2023-04-20 00:04:59 +02:00			`'error404View' => 'error/404',`
			`'error500View' => 'error/500'`
adapt code to soko-web 0.4 2023-04-16 21:37:39 +02:00			`];`

			`$httpReponse = new HttpResponse(`
			`Container::$request,`
pass dbConnection to HttpResponse 2023-04-20 00:04:10 +02:00			`Container::$dbConnection,`
adapt code to soko-web 0.4 2023-04-16 21:37:39 +02:00			`Container::$routeCollection,`
			`$appConfig,`
			`$_SERVER['REQUEST_METHOD'],`
			`$_SERVER['REQUEST_URI']`
			`);`
			`$httpReponse->render();`