mvc - larger overhaul replacing Phalcon Application (#6389)

This removes most phalcon code currently being used on our end, except the Volt templates (which are re-wrapped) and a translation class we can easily replace later in a separate commit. Consumers of our controller classes shouldn't notice a difference as the used objects and methods are named the same. The most notable changes are the following ones: * Exceptions about not being able to find a requested path now break down into different exceptions inheriting from DispatchException, which makes it easier from the entrypoint (api.php, index.php) to catch and handle accordingly. * When not in development mode, raw exceptions are not being returned anymore, which increases security * The Dispatcher class is reponsible for object construction and mapping validation (valid uri, but no object found) * The Router class replaces previous Application class, it disects offered uri's into namespaces, classnames and methods to call. In the long run there should be a seperate controller for controllers using volt templates or api calls, but as the existing ones don't distinct between this and the output handling is different now, we can park this for a later moment in time (the performance penalty should be rather low). Some unused functionality has been removed, for example support for the X-HTTP-Method-Override header in Request->getMethod() (see https://github.com/phalcon/cphalcon/blob/44243c07658d060cd8a21761743b0f4fc01641aa/phalcon/Http/Request.zep#L599-L609).
opnsense · May 13, 2024 · 0a239dd · 0a239dd
1 parent 2e010a7
commit 0a239dd
Show file tree

Hide file tree

Showing 23 changed files with 1,272 additions and 517 deletions.
diff --git a/src/opnsense/mvc/app/config/services.php b/src/opnsense/mvc/app/config/services.php
diff --git a/src/opnsense/mvc/app/config/services_api.php b/src/opnsense/mvc/app/config/services_api.php
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@@ -31,6 +31,7 @@
 use OPNsense\Core\ACL;
 use OPNsense\Core\Backend;
 use OPNsense\Core\Config;
+use OPNsense\Mvc\Security;
 use OPNsense\Auth\AuthenticationFactory;
 
 /**
@@ -201,7 +202,7 @@ private function parseJsonBodyData()
  switch (strtolower(str_replace(' ', '', $this->request->getHeader('CONTENT_TYPE')))) {
  case 'application/json':
  case 'application/json;charset=utf-8':
- $jsonRawBody = $this->request->getJsonRawBody(true);
+ $jsonRawBody = $this->request->getJsonRawBody();
  if (empty($this->request->getRawBody()) && empty($jsonRawBody)) {
  return "Invalid JSON syntax";
  }
@@ -366,8 +367,10 @@ public function beforeExecuteRoute($dispatcher)
  }
 
  // check for valid csrf on post requests
- $csrf_token = $this->request->getHeader('X_CSRFTOKEN');
- $csrf_valid = $this->security->checkToken(null, $csrf_token, false);
+ $csrf_valid = (new Security($this->session, $this->request))->checkToken(
+ null,
+ $this->request->getHeader('X_CSRFTOKEN')
+ );
 
  if (
  ($this->request->isPost() ||
@@ -404,6 +407,9 @@ public function afterExecuteRoute($dispatcher)
  } else {
  $this->response->setContent(htmlspecialchars(json_encode($data), ENT_NOQUOTES));
  }
+ } elseif (is_string($data)) {
+ // XXX: fallback, controller returned data as string. a deprecation message might be an option here.
+ $this->response->setContent($data);
  }
 
  return $this->response->send();

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
@@ -30,7 +30,7 @@
 
 use OPNsense\Core\Config;
 use OPNsense\Core\Syslog;
-use Phalcon\Mvc\Controller;
+use OPNsense\Mvc\Controller;
 use Phalcon\Translate\InterpolatorFactory;
 use OPNsense\Core\ACL;
 

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/IndexController.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/IndexController.php
@@ -42,28 +42,4 @@ class IndexController extends ControllerBase
  public function indexAction()
  {
  }
-
- /**
- * log or send error message
- * @param string $message error message
- * @param string|null $sender
- * @return bool
- */
- public function handleErrorAction($message = null, $sender = null)
- {
- // API call, send error to user
- if ($sender == 'API') {
- $this->response->setStatusCode(400, "Bad Request");
- $this->response->setContentType('application/json', 'UTF-8');
- $this->response->setJsonContent(
- array('message' => $message,
- 'status' => 400
- )
- );
- } else {
- $this->getLogger()->error($message);
- $this->response->redirect("/", true);
- }
- return false;
- }
 }
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php
@@ -28,7 +28,6 @@
 
 namespace OPNsense\Syslog\Api;
 
-use Phalcon\Filter\Filter;
 use OPNsense\Base\ApiMutableModelControllerBase;
 use OPNsense\Core\Backend;
 use OPNsense\Core\Config;