Redirige les requêtes invalides vers la vue d'erreur

2 years ago · 5ca17e7e59
parent 82254c2f79
commit 5ca17e7e59
9 changed files with 68 additions and 51 deletions
--- a/src/Silex/Controller/FrontController.php
+++ b/src/Silex/Controller/FrontController.php
@ -10,15 +10,18 @@ use Silex\Router\Route;

 class FrontController
 {
-    private Route $route;
+    private ?Route $route;

-    public function __construct(Route $route)
+    public function __construct(?Route $route)
    {
        $this->route = $route;
    }

    public function run(DI $di): HttpResponse
    {
+        if ($this->route === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Route not found']]);
+        }
        if ($this->route->getController() instanceof AdminController
            && ($di->getSecurity()->getCurrentUser() === null || !$di->getSecurity()->getCurrentUser()->isAdmin())) {
            HttpResponse::redirect($di->getRouter()->url('login'));
--- a/src/Silex/Controller/VisitorController.php
+++ b/src/Silex/Controller/VisitorController.php
@ -9,6 +9,7 @@ use Silex\DI\DI;
 use Silex\Http\HttpResponse;
 use Silex\Model\Comment;
 use Silex\Util\Pagination;
+use Silex\Validation\CommentValidation;

 class VisitorController {

@ -37,6 +38,9 @@ class VisitorController {
    {
        $newsId = intval($params['id']);
        $news = $di->getNewsGateway()->getById($newsId);
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
        if ($news->getSlug() !== $params['slug']) {
            HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
        }
@ -44,12 +48,19 @@ class VisitorController {
        return new HttpResponse(200, 'newsView', ['news' => $news, 'comments' => $comments]);
    }

-    public function comment(DI $di, array $params): void
+    public function comment(DI $di, array $params): HttpResponse
    {
        $newsId = intval($params['id']);
        $news = $di->getNewsGateway()->getById($newsId);
-        $comment = new Comment(-1, $newsId, new DateTime(), $_POST['content']);
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
        $author = $di->getSecurity()->getCurrentUser();
+        $errors = [];
+        if (!CommentValidation::isValidComment($_POST, $author === null, $errors)) {
+            return new HttpResponse(400, 'errors', ['errors' => $errors]);
+        }
+        $comment = new Comment(-1, $newsId, new DateTime(), $_POST['content']);
        if ($author !== null) {
            $comment->setAuthor($author);
        } else {
@ -58,5 +69,6 @@ class VisitorController {
        }
        $di->getCommentGateway()->insert($comment);
        HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
+        exit();
    }
 }
--- a/src/Silex/Gateway/NewsGateway.php
+++ b/src/Silex/Gateway/NewsGateway.php
@ -65,7 +65,7 @@ class NewsGateway
        return intval($req->fetch()['nb']);
    }

-    public function getById(int $id): News
+    public function getById(int $id): ?News
    {
        $req = $this->pdo->prepare('SELECT * FROM news WHERE id_news=:id;');
        $req->bindValue(':id', $id, PDO::PARAM_INT);
@ -73,8 +73,7 @@ class NewsGateway
            return null;
        }
        $data = $req->fetch();
-        $news = $this->createNews($data);
-        return $news;
+        return $data === false ? null : $this->createNews($data);
    }


--- a/src/Silex/Http/HttpResponse.php
+++ b/src/Silex/Http/HttpResponse.php
@ -35,6 +35,7 @@ class HttpResponse

    public function render(DI $di, string $viewBasePath)
    {
+        http_response_code($this->status);
        $router = $di->getRouter();
        $security = $di->getSecurity();
        $params = $this->viewParams;
--- a/src/Silex/Router/RouteNotFoundException.php
+++ b/src/Silex/Router/RouteNotFoundException.php
@ -1,20 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace Silex\Router;
-
-use Exception;
-use Throwable;
-
-/**
- * Lorsqu'aucune route ne correspond à l'url demandée.
- */
-class RouteNotFoundException extends Exception
-{
-
-	public function __construct(string $message, int $code = 0, ?Throwable $previous = null)
-	{
-		parent::__construct($message, $code, $previous);
-	}
-}
--- a/src/Silex/Router/Router.php
+++ b/src/Silex/Router/Router.php
@ -67,14 +67,14 @@ class Router
    public function run(DI $di): HttpResponse
    {
        if (!isset($this->routes[$_SERVER['REQUEST_METHOD']])) {
-            throw new RouteNotFoundException('Unknown HTTP method');
+            return (new FrontController(null))->run($di);
        }
        $url = $this->url;
        if ($this->basePath !== '') {
            if (PathHelper::startsWith($url, $this->basePath)) {
                $url = trim(substr($url, strlen($this->basePath)), '/');
            } else {
-                throw new RouteNotFoundException('No matching routes');
+                return (new FrontController(null))->run($di);
            }
        }
        foreach ($this->routes[$_SERVER['REQUEST_METHOD']] as $route) {
@ -82,6 +82,6 @@ class Router
                return (new FrontController($route))->run($di);
            }
        }
-        throw new RouteNotFoundException('No matching routes');
+        return (new FrontController(null))->run($di);
    }
 }
--- a/src/Silex/Validation/CommentValidation.php
+++ b/src/Silex/Validation/CommentValidation.php
@ -0,0 +1,17 @@
+<?php
+
+namespace Silex\Validation;
+
+final class CommentValidation
+{
+    public static function isValidComment(array $post, bool $requiresName, array &$errors): bool
+    {
+        if ($requiresName) {
+            UserValidation::isValidName($post, $errors, 'name');
+        }
+        if (empty($post['content'])) {
+            $errors[] = 'Empty message';
+        }
+        return empty($errors);
+    }
+}
--- a/src/Silex/Validation/UserValidation.php
+++ b/src/Silex/Validation/UserValidation.php
@ -6,24 +6,18 @@ namespace Silex\Validation;

 final class UserValidation
 {
-    public static function isValidLogin(array &$post, array &$errors): bool
+    public static function isValidLogin(array $post, array &$errors): bool
    {
-        if(empty($post['login'])) {
-            $errors[] = 'Login error';
-        }
-
+        self::isValidName($post, $errors);
        if(empty($post['password'])) {
            $errors[] = 'Password error';
        }
        return empty($errors);
    }

-    public static function isValidUser(array &$post, array &$errors): bool
+    public static function isValidUser(array $post, array &$errors): bool
    {
-        if(empty($post['login'])) {
-            $errors[] = 'Login empty error';
-        }
-
+        self::isValidName($post, $errors);
        if(empty($post['password'])) {
            $errors[] = 'Password empty error';
        }
@ -38,4 +32,14 @@ final class UserValidation

        return empty($errors);
    }
+
+    public static function isValidName(array $post, array &$errors, string $key = 'login'): bool
+    {
+        if(empty($post[$key])) {
+            $errors[] = 'Empty login';
+        } else if(strlen($post[$key]) > 32) {
+            $errors[] = 'Login too long';
+        }
+        return empty($errors);
+    }
 }
--- a/views/errors.php
+++ b/views/errors.php
@ -1,11 +1,12 @@
-<?php if ($params['errors']) : 
-	foreach ($params['errors'] as $error) { ?>
-    <article class="message is-danger">
-        <div class="message-header">
-            <p>Auth failed</p>
-        </div>
-        <div class="message-body">
-            <?= $error?>
-        </div>
-    </article>
-<?php } endif ?>
+<?php if ($params['errors']):
+    foreach ($params['errors'] as $error): ?>
+        <article class="message is-danger">
+            <div class="message-header">
+                <p>Error</p>
+            </div>
+            <div class="message-body">
+                <?= $error ?>
+            </div>
+        </article>
+    <?php endforeach;
+endif; ?>