[TASK] Add proper exception handling to RouterInterface logic
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Middleware / PageResolver.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Frontend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 use TYPO3\CMS\Core\Context\Context;
24 use TYPO3\CMS\Core\Context\UserAspect;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect;
26 use TYPO3\CMS\Core\Database\ConnectionPool;
27 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
28 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendWorkspaceRestriction;
29 use TYPO3\CMS\Core\Routing\PageArguments;
30 use TYPO3\CMS\Core\Routing\RouteNotFoundException;
31 use TYPO3\CMS\Core\Routing\SiteRouteResult;
32 use TYPO3\CMS\Core\Site\Entity\Site;
33 use TYPO3\CMS\Core\Site\Entity\SiteInterface;
34 use TYPO3\CMS\Core\Site\Entity\SiteLanguage;
35 use TYPO3\CMS\Core\Type\Bitmask\Permission;
36 use TYPO3\CMS\Core\Utility\GeneralUtility;
37 use TYPO3\CMS\Core\Utility\MathUtility;
38 use TYPO3\CMS\Frontend\Controller\ErrorController;
39 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
40 use TYPO3\CMS\Frontend\Page\PageAccessFailureReasons;
41
42 /**
43 * Process the ID, type and other parameters.
44 * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
45 *
46 * Now, if there is a backend user logged in and he has NO access to this page,
47 * then re-evaluate the id shown!
48 */
49 class PageResolver implements MiddlewareInterface
50 {
51 /**
52 * @var TypoScriptFrontendController
53 */
54 protected $controller;
55
56 public function __construct(TypoScriptFrontendController $controller = null)
57 {
58 $this->controller = $controller ?? $GLOBALS['TSFE'];
59 }
60
61 /**
62 * Resolve the page ID
63 *
64 * @param ServerRequestInterface $request
65 * @param RequestHandlerInterface $handler
66 * @return ResponseInterface
67 */
68 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
69 {
70 // First, resolve the root page of the site, the Page ID of the current domain
71 if (($site = $request->getAttribute('site', null)) instanceof SiteInterface) {
72 $this->controller->domainStartPage = $site->getRootPageId();
73 }
74 $language = $request->getAttribute('language', null);
75
76 $hasSiteConfiguration = $language instanceof SiteLanguage && $site instanceof Site;
77
78 // Resolve the page ID based on TYPO3's native routing functionality
79 if ($hasSiteConfiguration) {
80 /** @var SiteRouteResult $previousResult */
81 $previousResult = $request->getAttribute('routing', null);
82 if (!$previousResult) {
83 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
84 $request,
85 'The requested page does not exist',
86 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
87 );
88 }
89
90 $requestId = (string)($request->getQueryParams()['id'] ?? '');
91 if (!empty($requestId) && !empty($page = $this->resolvePageId($requestId))) {
92 // Legacy URIs (?id=12345) takes precedence, not matter if a route is given
93 $pageArguments = new PageArguments(
94 (int)($page['l10n_parent'] ?: $page['uid']),
95 (string)($request->getQueryParams()['type'] ?? '0'),
96 [],
97 [],
98 $request->getQueryParams()
99 );
100 } else {
101 // Check for the route
102 try {
103 $pageArguments = $site->getRouter()->matchRequest($request, $previousResult);
104 } catch (RouteNotFoundException $e) {
105 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
106 $request,
107 'The requested page does not exist',
108 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
109 );
110 }
111 }
112 if (!$pageArguments->getPageId()) {
113 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
114 $request,
115 'The requested page does not exist',
116 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
117 );
118 }
119
120 $this->controller->id = $pageArguments->getPageId();
121 $this->controller->type = $pageArguments->getPageType() ?? $this->controller->type;
122 $request = $request->withAttribute('routing', $pageArguments);
123 // stop in case arguments are dirty (=defined twice in route and GET query parameters)
124 if ($pageArguments->areDirty()) {
125 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
126 $request,
127 'The requested URL is not distinct',
128 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
129 );
130 }
131
132 // merge the PageArguments with the request query parameters
133 $queryParams = array_replace_recursive($request->getQueryParams(), $pageArguments->getArguments());
134 $request = $request->withQueryParams($queryParams);
135 $this->controller->setPageArguments($pageArguments);
136
137 // At this point, we later get further route modifiers
138 // for bw-compat we update $GLOBALS[TYPO3_REQUEST] to be used later in TSFE.
139 $GLOBALS['TYPO3_REQUEST'] = $request;
140 } else {
141 // old-school page resolving for realurl, cooluri etc.
142 $this->controller->siteScript = $request->getAttribute('normalizedParams')->getSiteScript();
143 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'])) {
144 trigger_error('The "checkAlternativeIdMethods-PostProc" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED);
145 $this->checkAlternativeIdMethods($this->controller);
146 }
147 }
148
149 $this->controller->determineId();
150
151 // No access? Then remove user & Re-evaluate the page-id
152 if ($this->controller->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($this->controller->page, Permission::PAGE_SHOW)) {
153 unset($GLOBALS['BE_USER']);
154 // Register an empty backend user as aspect
155 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
156 if (!$hasSiteConfiguration) {
157 $this->checkAlternativeIdMethods($this->controller);
158 }
159 $this->controller->determineId();
160 }
161
162 return $handler->handle($request);
163 }
164
165 /**
166 * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites
167 *
168 * Two options:
169 * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
170 * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
171 *
172 * @param TypoScriptFrontendController $tsfe
173 */
174 protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe)
175 {
176 // Call post processing function for custom URL methods.
177 $_params = ['pObj' => &$tsfe];
178 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) {
179 GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe);
180 }
181 }
182
183 /**
184 * @param string $pageId
185 * @return array|null
186 */
187 protected function resolvePageId(string $pageId): ?array
188 {
189 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
190 ->getQueryBuilderForTable('pages');
191 $queryBuilder
192 ->getRestrictions()
193 ->removeAll()
194 ->add(GeneralUtility::makeInstance(DeletedRestriction::class))
195 ->add(GeneralUtility::makeInstance(FrontendWorkspaceRestriction::class));
196
197 if (MathUtility::canBeInterpretedAsInteger($pageId)) {
198 $constraint = $queryBuilder->expr()->eq(
199 'uid',
200 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
201 );
202 } else {
203 $constraint = $queryBuilder->expr()->eq(
204 'alias',
205 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_STR)
206 );
207 }
208
209 $statement = $queryBuilder
210 ->select('uid', 'l10n_parent', 'pid')
211 ->from('pages')
212 ->where($constraint)
213 ->execute();
214
215 $page = $statement->fetch();
216 if (empty($page)) {
217 return null;
218 }
219 return $page;
220 }
221
222 /**
223 * Register the backend user as aspect
224 *
225 * @param Context $context
226 * @param BackendUserAuthentication $user
227 */
228 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user = null)
229 {
230 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
231 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));
232 }
233 }