New feature: shareable user query (#6052)

* New feature: shareable user query Share the output of a user query by RSS / HTML / OPML with other people through unique URLs. Replaces the global admin token, which was the only option (but unsafe) to share RSS outputs with other people. Also add a new HTML output for people without an RSS reader. fix https://github.com/FreshRSS/FreshRSS/issues/3066#issuecomment-648977890 fix https://github.com/FreshRSS/FreshRSS/issues/3178#issuecomment-769435504 * Remove unused method * Fix token saving * Implement HTML view * Update i18n for master token * Revert i18n get_favorite * Fix missing i18n for user queries from before this PR * Remove irrelevant tests * Add link to RSS version * Fix getGet * Fix getState * Fix getSearch * Alternative getSearch * Default getOrder * Explicit default state * Fix test * Add OPML sharing * Remove many redundant SQL queries from original implementation of user queries * Fix article tags * Use default user settings * Prepare public search * Fixes * Allow user search on article tags * Implement user search * Revert filter bug * Revert wrong SQL left outer join change * Implement checkboxes * Safe check of OPML * Fix label * Remove RSS button to favour new sharing method That sharing button was using a global admin token * First version of HTTP 304 * Disallow some recusrivity fix https://github.com/FreshRSS/FreshRSS/issues/6086 * Draft of nav * Minor httpConditional * Add support for offset for pagination * Fix offset pagination * Fix explicit order ASC * Add documentation * Help links i18n * Note about deprecated master token * Typo * Doc about format
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-02-26 09:01:03 +0100
committer: GitHub <noreply@github.com> 2024-02-26 09:01:03 +0100
commit: 39cc1c11ec596176e842cc98e6a54337e3c04d7e (patch)
tree: dab89beb80268acb5e4bd58dfc55297bd30a8486 /app/Controllers
parent: 25166c218be4e1ce1cb098de274a231b623d527e (diff)
7 files changed, 64 insertions, 63 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 8db36a899..e7f877428 100644
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -301,12 +301,8 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 	public function queriesAction(): void {
 		FreshRSS_View::appendScript(Minz_Url::display('/scripts/draggable.js?' . @filemtime(PUBLIC_PATH . '/scripts/draggable.js')));
 
-		$category_dao = FreshRSS_Factory::createCategoryDao();
-		$feed_dao = FreshRSS_Factory::createFeedDao();
-		$tag_dao = FreshRSS_Factory::createTagDao();
-
 		if (Minz_Request::isPost()) {
-			/** @var array<int,array{'get'?:string,'name'?:string,'order'?:string,'search'?:string,'state'?:int,'url'?:string}> $params */
+			/** @var array<int,array{'get'?:string,'name'?:string,'order'?:string,'search'?:string,'state'?:int,'url'?:string,'token'?:string}> $params */
 			$params = Minz_Request::paramArray('queries');
 
 			$queries = [];
@@ -318,7 +314,7 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 				if (!empty($query['search'])) {
 					$query['search'] = urldecode($query['search']);
 				}
-				$queries[$key] = (new FreshRSS_UserQuery($query, $feed_dao, $category_dao, $tag_dao))->toArray();
+				$queries[$key] = (new FreshRSS_UserQuery($query, FreshRSS_Context::categories(), FreshRSS_Context::labels()))->toArray();
 			}
 			FreshRSS_Context::userConf()->queries = $queries;
 			FreshRSS_Context::userConf()->save();
@@ -327,13 +323,13 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 		} else {
 			$this->view->queries = [];
 			foreach (FreshRSS_Context::userConf()->queries as $key => $query) {
-				$this->view->queries[intval($key)] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao, $tag_dao);
+				$this->view->queries[intval($key)] = new FreshRSS_UserQuery($query, FreshRSS_Context::categories(), FreshRSS_Context::labels());
 			}
 		}
 
-		$this->view->categories = $category_dao->listCategories(false) ?: [];
-		$this->view->feeds = $feed_dao->listFeeds();
-		$this->view->tags = $tag_dao->listTags() ?: [];
+		$this->view->categories = FreshRSS_Context::categories();
+		$this->view->feeds = FreshRSS_Context::feeds();
+		$this->view->tags = FreshRSS_Context::labels();
 
 		if (Minz_Request::paramTernary('id') !== null) {
 			$id = Minz_Request::paramInt('id');
@@ -363,20 +359,21 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 			return;
 		}
 
-		$category_dao = FreshRSS_Factory::createCategoryDao();
-		$feed_dao = FreshRSS_Factory::createFeedDao();
-		$tag_dao = FreshRSS_Factory::createTagDao();
-
-		$query = new FreshRSS_UserQuery(FreshRSS_Context::userConf()->queries[$id], $feed_dao, $category_dao, $tag_dao);
+		$query = new FreshRSS_UserQuery(FreshRSS_Context::userConf()->queries[$id], FreshRSS_Context::categories(), FreshRSS_Context::labels());
 		$this->view->query = $query;
 		$this->view->queryId = $id;
-		$this->view->categories = $category_dao->listCategories(false) ?: [];
-		$this->view->feeds = $feed_dao->listFeeds();
-		$this->view->tags = $tag_dao->listTags() ?: [];
+		$this->view->categories = FreshRSS_Context::categories();
+		$this->view->feeds = FreshRSS_Context::feeds();
+		$this->view->tags = FreshRSS_Context::labels();
 
 		if (Minz_Request::isPost()) {
 			$params = array_filter(Minz_Request::paramArray('query'));
 			$queryParams = [];
+			$name = Minz_Request::paramString('name') ?: _t('conf.query.number', $id + 1);
+			if ('' === $name) {
+				$name = _t('conf.query.number', $id + 1);
+			}
+			$queryParams['name'] = $name;
 			if (!empty($params['get']) && is_string($params['get'])) {
 				$queryParams['get'] = htmlspecialchars_decode($params['get'], ENT_QUOTES);
 			}
@@ -389,15 +386,21 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 			if (!empty($params['state']) && is_array($params['state'])) {
 				$queryParams['state'] = (int)(array_sum($params['state']));
 			}
-			$name = Minz_Request::paramString('name') ?: _t('conf.query.number', $id + 1);
-			if ('' === $name) {
-				$name = _t('conf.query.number', $id + 1);
+			if (empty($params['token']) || !is_string($params['token'])) {
+				$queryParams['token'] = FreshRSS_UserQuery::generateToken($name);
+			} else {
+				$queryParams['token'] = $params['token'];
+			}
+			if (!empty($params['shareRss']) && ctype_digit($params['shareRss'])) {
+				$queryParams['shareRss'] = (bool)$params['shareRss'];
+			}
+			if (!empty($params['shareOpml']) && ctype_digit($params['shareOpml'])) {
+				$queryParams['shareOpml'] = (bool)$params['shareOpml'];
 			}
-			$queryParams['name'] = $name;
 			$queryParams['url'] = Minz_Url::display(['params' => $queryParams]);
 
 			$queries = FreshRSS_Context::userConf()->queries;
-			$queries[$id] = (new FreshRSS_UserQuery($queryParams, $feed_dao, $category_dao, $tag_dao))->toArray();
+			$queries[$id] = (new FreshRSS_UserQuery($queryParams, FreshRSS_Context::categories(), FreshRSS_Context::labels()))->toArray();
 			FreshRSS_Context::userConf()->queries = $queries;
 			FreshRSS_Context::userConf()->save();
 
@@ -433,18 +436,15 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 	 * lean data.
 	 */
 	public function bookmarkQueryAction(): void {
-		$category_dao = FreshRSS_Factory::createCategoryDao();
-		$feed_dao = FreshRSS_Factory::createFeedDao();
-		$tag_dao = FreshRSS_Factory::createTagDao();
 		$queries = [];
 		foreach (FreshRSS_Context::userConf()->queries as $key => $query) {
-			$queries[$key] = (new FreshRSS_UserQuery($query, $feed_dao, $category_dao, $tag_dao))->toArray();
+			$queries[$key] = (new FreshRSS_UserQuery($query, FreshRSS_Context::categories(), FreshRSS_Context::labels()))->toArray();
 		}
 		$params = $_GET;
 		unset($params['rid']);
 		$params['url'] = Minz_Url::display(['params' => $params]);
 		$params['name'] = _t('conf.query.number', count($queries) + 1);
-		$queries[] = (new FreshRSS_UserQuery($params, $feed_dao, $category_dao, $tag_dao))->toArray();
+		$queries[] = (new FreshRSS_UserQuery($params, FreshRSS_Context::categories(), FreshRSS_Context::labels()))->toArray();
 
 		FreshRSS_Context::userConf()->queries = $queries;
 		FreshRSS_Context::userConf()->save();
diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index d393a142e..63c358da7 100644
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -776,7 +776,7 @@ class FreshRSS_feed_Controller extends FreshRSS_ActionController {
 	 */
 	private static function applyLabelActions(int $nbNewEntries) {
 		$tagDAO = FreshRSS_Factory::createTagDao();
-		$labels = $tagDAO->listTags() ?: [];
+		$labels = FreshRSS_Context::labels();
 		$labels = array_filter($labels, static function (FreshRSS_Tag $label) {
 			return !empty($label->filtersAction('label'));
 		});
diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php
index 0de75d0ff..2a437e34c 100644
--- a/app/Controllers/importExportController.php
+++ b/app/Controllers/importExportController.php
@@ -364,7 +364,7 @@ class FreshRSS_importExport_Controller extends FreshRSS_ActionController {
 		}
 
 		$tagDAO = FreshRSS_Factory::createTagDao();
-		$labels = $tagDAO->listTags() ?: [];
+		$labels = FreshRSS_Context::labels();
 		$knownLabels = [];
 		foreach ($labels as $label) {
 			$knownLabels[$label->name()]['id'] = $label->id();
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index 20223d340..79e1a6210 100644
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -6,6 +6,10 @@ declare(strict_types=1);
  */
 class FreshRSS_index_Controller extends FreshRSS_ActionController {
 
+	public function firstAction(): void {
+		$this->view->html_url = Minz_Url::display(['c' => 'index', 'a' => 'index'], 'html', 'root');
+	}
+
 	/**
 	 * This action only redirect on the default view mode (normal or global)
 	 */
@@ -36,7 +40,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		}
 
 		try {
-			FreshRSS_Context::updateUsingRequest();
+			FreshRSS_Context::updateUsingRequest(true);
 		} catch (FreshRSS_Context_Exception $e) {
 			Minz_Error::error(404);
 		}
@@ -48,7 +52,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 			'media-src' => '*',
 		]);
 
-		$this->view->categories = FreshRSS_Context::$categories;
+		$this->view->categories = FreshRSS_Context::categories();
 
 		$this->view->rss_title = FreshRSS_Context::$name . ' | ' . FreshRSS_View::title();
 		$title = FreshRSS_Context::$name;
@@ -60,15 +64,10 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		FreshRSS_Context::$id_max = time() . '000000';
 
 		$this->view->callbackBeforeFeeds = static function (FreshRSS_View $view) {
-			try {
-				$tagDAO = FreshRSS_Factory::createTagDao();
-				$view->tags = $tagDAO->listTags(true) ?: [];
-				$view->nbUnreadTags = 0;
-				foreach ($view->tags as $tag) {
-					$view->nbUnreadTags += $tag->nbUnread();
-				}
-			} catch (Exception $e) {
-				Minz_Log::notice($e->getMessage());
+			$view->tags = FreshRSS_Context::labels(true);
+			$view->nbUnreadTags = 0;
+			foreach ($view->tags as $tag) {
+				$view->nbUnreadTags += $tag->nbUnread();
 			}
 		};
 
@@ -117,12 +116,12 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		FreshRSS_View::appendScript(Minz_Url::display('/scripts/global_view.js?' . @filemtime(PUBLIC_PATH . '/scripts/global_view.js')));
 
 		try {
-			FreshRSS_Context::updateUsingRequest();
+			FreshRSS_Context::updateUsingRequest(true);
 		} catch (FreshRSS_Context_Exception $e) {
 			Minz_Error::error(404);
 		}
 
-		$this->view->categories = FreshRSS_Context::$categories;
+		$this->view->categories = FreshRSS_Context::categories();
 
 		$this->view->rss_title = FreshRSS_Context::$name . ' | ' . FreshRSS_View::title();
 		$title = _t('index.feed.title_global');
@@ -141,6 +140,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 
 	/**
 	 * This action displays the RSS feed of FreshRSS.
+	 * @deprecated See user query RSS sharing instead
 	 */
 	public function rssAction(): void {
 		$allow_anonymous = FreshRSS_Context::systemConf()->allow_anonymous;
@@ -156,7 +156,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		}
 
 		try {
-			FreshRSS_Context::updateUsingRequest();
+			FreshRSS_Context::updateUsingRequest(false);
 		} catch (FreshRSS_Context_Exception $e) {
 			Minz_Error::error(404);
 		}
@@ -168,13 +168,19 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 			Minz_Error::error(404);
 		}
 
-		// No layout for RSS output.
-		$this->view->rss_url = PUBLIC_TO_INDEX_PATH . '/' . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']);
+		$this->view->html_url = Minz_Url::display('', 'html', true);
 		$this->view->rss_title = FreshRSS_Context::$name . ' | ' . FreshRSS_View::title();
+		$this->view->rss_url = htmlspecialchars(
+			PUBLIC_TO_INDEX_PATH . '/' . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']), ENT_COMPAT, 'UTF-8');
+
+		// No layout for RSS output.
 		$this->view->_layout(null);
 		header('Content-Type: application/rss+xml; charset=utf-8');
 	}
 
+	/**
+	 * @deprecated See user query OPML sharing instead
+	 */
 	public function opmlAction(): void {
 		$allow_anonymous = FreshRSS_Context::systemConf()->allow_anonymous;
 		$token = FreshRSS_Context::userConf()->token;
@@ -187,7 +193,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		}
 
 		try {
-			FreshRSS_Context::updateUsingRequest();
+			FreshRSS_Context::updateUsingRequest(false);
 		} catch (FreshRSS_Context_Exception $e) {
 			Minz_Error::error(404);
 		}
@@ -196,25 +202,23 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 		$type = (string)$get[0];
 		$id = (int)$get[1];
 
-		$catDAO = FreshRSS_Factory::createCategoryDao();
-		$categories = $catDAO->listCategories(true, true);
 		$this->view->excludeMutedFeeds = true;
 
 		switch ($type) {
 			case 'a':
-				$this->view->categories = $categories;
+				$this->view->categories = FreshRSS_Context::categories();
 				break;
 			case 'c':
-				$cat = $categories[$id] ?? null;
+				$cat = FreshRSS_Context::categories()[$id] ?? null;
 				if ($cat == null) {
 					Minz_Error::error(404);
 					return;
 				}
-				$this->view->categories = [ $cat ];
+				$this->view->categories = [ $cat->id() => $cat ];
 				break;
 			case 'f':
 				// We most likely already have the feed object in cache
-				$feed = FreshRSS_CategoryDAO::findFeed($categories, $id);
+				$feed = FreshRSS_Category::findFeed(FreshRSS_Context::categories(), $id);
 				if ($feed === null) {
 					$feedDAO = FreshRSS_Factory::createFeedDao();
 					$feed = $feedDAO->searchById($id);
@@ -223,7 +227,7 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 						return;
 					}
 				}
-				$this->view->feeds = [ $feed ];
+				$this->view->feeds = [ $feed->id() => $feed ];
 				break;
 			case 's':
 			case 't':
@@ -255,17 +259,14 @@ class FreshRSS_index_Controller extends FreshRSS_ActionController {
 			$id = 0;
 		}
 
-		$limit = FreshRSS_Context::$number;
-
 		$date_min = 0;
-		if (FreshRSS_Context::$sinceHours) {
+		if (FreshRSS_Context::$sinceHours > 0) {
 			$date_min = time() - (FreshRSS_Context::$sinceHours * 3600);
-			$limit = FreshRSS_Context::userConf()->max_posts_per_rss;
 		}
 
 		foreach ($entryDAO->listWhere(
 					$type, $id, FreshRSS_Context::$state, FreshRSS_Context::$order,
-					$limit, FreshRSS_Context::$first_id,
+					FreshRSS_Context::$number, FreshRSS_Context::$offset, FreshRSS_Context::$first_id,
 					FreshRSS_Context::$search, $date_min)
 				as $entry) {
 			yield $entry;
diff --git a/app/Controllers/statsController.php b/app/Controllers/statsController.php
index f40f0dd29..8ff2744ae 100644
--- a/app/Controllers/statsController.php
+++ b/app/Controllers/statsController.php
@@ -193,7 +193,7 @@ class FreshRSS_stats_Controller extends FreshRSS_ActionController {
 		if ($id !== 0) {
 			$this->view->displaySlider = true;
 			$feedDAO = FreshRSS_Factory::createFeedDao();
-			$this->view->feed = $feedDAO->searchById($id);
+			$this->view->feed = $feedDAO->searchById($id) ?? FreshRSS_Feed::default();
 		}
 	}
 
@@ -222,7 +222,7 @@ class FreshRSS_stats_Controller extends FreshRSS_ActionController {
 		}
 
 		$this->view->categories 	= $categoryDAO->listCategories(true) ?: [];
-		$this->view->feed 			= $id === null ? null : $feedDAO->searchById($id);
+		$this->view->feed 			= $id === null ? FreshRSS_Feed::default() : ($feedDAO->searchById($id) ?? FreshRSS_Feed::default());
 		$this->view->days 			= $statsDAO->getDays();
 		$this->view->months 		= $statsDAO->getMonths();
 
diff --git a/app/Controllers/subscriptionController.php b/app/Controllers/subscriptionController.php
index cf23c018e..554243725 100644
--- a/app/Controllers/subscriptionController.php
+++ b/app/Controllers/subscriptionController.php
@@ -59,7 +59,7 @@ class FreshRSS_subscription_Controller extends FreshRSS_ActionController {
 					break;
 				default:
 					$feedDAO = FreshRSS_Factory::createFeedDao();
-					$this->view->feed = $feedDAO->searchById($id);
+					$this->view->feed = $feedDAO->searchById($id) ?? FreshRSS_Feed::default();
 					break;
 			}
 		}
diff --git a/app/Controllers/tagController.php b/app/Controllers/tagController.php
index 6233207ed..091da6a6f 100644
--- a/app/Controllers/tagController.php
+++ b/app/Controllers/tagController.php
@@ -199,6 +199,6 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController {
 			Minz_Error::error(403);
 		}
 		$tagDAO = FreshRSS_Factory::createTagDao();
-		$this->view->tags = $tagDAO->listTags() ?: [];
+		$this->view->tags = $tagDAO->listTags(true) ?: [];
 	}
 }
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-02-26 09:01:03 +0100
committer	GitHub <noreply@github.com>	2024-02-26 09:01:03 +0100
commit	39cc1c11ec596176e842cc98e6a54337e3c04d7e (patch)
tree	dab89beb80268acb5e4bd58dfc55297bd30a8486 /app/Controllers
parent	25166c218be4e1ce1cb098de274a231b623d527e (diff)