[TASK] Move BE-related bootstrap code to PSR-15 middleware
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Middleware / LockedBackendGuard.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Backend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Http\RedirectResponse;
23 use TYPO3\CMS\Core\Utility\GeneralUtility;
24
25 /**
26 * Checks various security options for accessing the TYPO3 backend before proceeding
27 *
28 * @internal
29 */
30 class LockedBackendGuard implements MiddlewareInterface
31 {
32 /**
33 * Checks the client's IP address and if typo3conf/LOCK_BACKEND is available
34 *
35 * @param ServerRequestInterface $request
36 * @param RequestHandlerInterface $handler
37 * @return ResponseInterface
38 */
39 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
40 {
41 $redirectToUri = $this->checkLockedBackend();
42 if (!empty($redirectToUri)) {
43 return new RedirectResponse($redirectToUri, 302);
44 }
45 $this->validateVisitorsIpAgainstIpMaskList(
46 $request->getServerParams()['REMOTE_ADDR'],
47 trim((string)$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])
48 );
49
50 return $handler->handle($request);
51 }
52
53 /**
54 * Check adminOnly configuration variable and redirects to an URL in file typo3conf/LOCK_BACKEND
55 *
56 * @throws \RuntimeException
57 * @return string|null
58 */
59 protected function checkLockedBackend()
60 {
61 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
62 throw new \RuntimeException('TYPO3 Backend locked: Backend and Install Tool are locked for maintenance. [BE][adminOnly] is set to "' . (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] . '".', 1517949794);
63 }
64 if (@is_file(PATH_typo3conf . 'LOCK_BACKEND')) {
65 $fileContent = file_get_contents(PATH_typo3conf . 'LOCK_BACKEND');
66 if ($fileContent) {
67 return $fileContent;
68 }
69 throw new \RuntimeException('TYPO3 Backend locked: Browser backend is locked for maintenance. Remove lock by removing the file "typo3conf/LOCK_BACKEND" or use CLI-scripts.', 1517949793);
70 }
71 }
72
73 /**
74 * Compare client IP with IPmaskList and throw an exception
75 *
76 * @param string $ipAddress
77 * @param string $ipMaskList
78 * @throws \RuntimeException
79 */
80 protected function validateVisitorsIpAgainstIpMaskList(string $ipAddress, string $ipMaskList = '')
81 {
82 if ($ipMaskList !== '' && !GeneralUtility::cmpIP($ipAddress, $ipMaskList)) {
83 throw new \RuntimeException('TYPO3 Backend access denied: The IP address of your client does not match the list of allowed IP addresses.', 1517949792);
84 }
85 }
86 }