New feature: shareable user query (#6052)

* New feature: shareable user query Share the output of a user query by RSS / HTML / OPML with other people through unique URLs. Replaces the global admin token, which was the only option (but unsafe) to share RSS outputs with other people. Also add a new HTML output for people without an RSS reader. fix https://github.com/FreshRSS/FreshRSS/issues/3066#issuecomment-648977890 fix https://github.com/FreshRSS/FreshRSS/issues/3178#issuecomment-769435504 * Remove unused method * Fix token saving * Implement HTML view * Update i18n for master token * Revert i18n get_favorite * Fix missing i18n for user queries from before this PR * Remove irrelevant tests * Add link to RSS version * Fix getGet * Fix getState * Fix getSearch * Alternative getSearch * Default getOrder * Explicit default state * Fix test * Add OPML sharing * Remove many redundant SQL queries from original implementation of user queries * Fix article tags * Use default user settings * Prepare public search * Fixes * Allow user search on article tags * Implement user search * Revert filter bug * Revert wrong SQL left outer join change * Implement checkboxes * Safe check of OPML * Fix label * Remove RSS button to favour new sharing method That sharing button was using a global admin token * First version of HTTP 304 * Disallow some recusrivity fix https://github.com/FreshRSS/FreshRSS/issues/6086 * Draft of nav * Minor httpConditional * Add support for offset for pagination * Fix offset pagination * Fix explicit order ASC * Add documentation * Help links i18n * Note about deprecated master token * Typo * Doc about format
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-02-26 09:01:03 +0100
committer: GitHub <noreply@github.com> 2024-02-26 09:01:03 +0100
commit: 39cc1c11ec596176e842cc98e6a54337e3c04d7e (patch)
tree: dab89beb80268acb5e4bd58dfc55297bd30a8486 /app/layout
parent: 25166c218be4e1ce1cb098de274a231b623d527e (diff)
4 files changed, 73 insertions, 76 deletions
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index 18e67fd2d..9ab0da4c4 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -1,9 +1,10 @@
 <?php
 	declare(strict_types=1);
+	/** @var FreshRSS_View $this */
 ?>
 <header class="header">
 	<div class="item title">
-		<a href="<?= _url('index', 'index') ?>">
+		<a href="<?= Minz_Url::display(['c' => 'index', 'a' => 'index'], 'html', 'root') ?>">
 			<?php if (FreshRSS_Context::systemConf()->logo_html == '') { ?>
 				<img class="logo" src="<?= _i('FreshRSS-logo', FreshRSS_Themes::ICON_URL) ?>" alt="FreshRSS" loading="lazy" />
 			<?php
@@ -16,32 +17,29 @@
 
 	<div class="item search">
 		<?php if (FreshRSS_Auth::hasAccess() || FreshRSS_Context::systemConf()->allow_anonymous) { ?>
-		<form action="<?= _url('index', 'index') ?>" method="get">
+		<form action="<?= $this->html_url ?>" method="get">
 			<div class="stick">
+				<?php if (Minz_Request::controllerName() === 'index'): ?>
+					<?php if (in_array(Minz_Request::actionName(), ['normal', 'global', 'reader'], true)) { ?>
+					<input type="hidden" name="a" value="<?= Minz_Request::actionName() ?>" />
+					<?php } if (Minz_Request::paramString('get') !== '') { ?>
+					<input type="hidden" name="get" value="<?= FreshRSS_Context::currentGet() ?>" />
+					<?php } if (Minz_Request::paramInt('state') !== 0) { ?>
+					<input type="hidden" name="state" value="<?= Minz_Request::paramInt('state') ?>" />
+					<?php } ?>
+				<?php endif; ?>
+				<?php if (Minz_Request::paramString('user') !== '') { ?>
+				<input type="hidden" name="user" value="<?= Minz_User::name() ?>" />
+				<?php } if (ctype_alnum(Minz_Request::paramString('t'))) { ?>
+				<input type="hidden" name="t" value="<?= Minz_Request::paramString('t') ?>" />
+				<?php } if (ctype_upper(Minz_Request::paramString('order'))) { ?>
+				<input type="hidden" name="order" value="<?= FreshRSS_Context::$order ?>" />
+				<?php } if (ctype_lower(Minz_Request::paramString('f'))) { ?>
+				<input type="hidden" name="f" value="<?= Minz_Request::paramString('f') ?>" />
+				<?php } ?>
 				<input type="search" name="search" id="search"
-					value="<?= htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search->getRawInput(), ENT_QUOTES), ENT_COMPAT, 'UTF-8') ?>"
+					value="<?= htmlspecialchars(htmlspecialchars_decode(Minz_Request::paramString('search'), ENT_QUOTES), ENT_COMPAT, 'UTF-8') ?>"
 					placeholder="<?= _t('gen.menu.search') ?>" />
-
-				<?php $param_a = Minz_Request::actionName(); ?>
-				<?php if (in_array($param_a, ['normal', 'global', 'reader'], true)) { ?>
-				<input type="hidden" name="a" value="<?= $param_a ?>" />
-				<?php } ?>
-
-				<?php $get = Minz_Request::paramString('get'); ?>
-				<?php if ($get !== '') { ?>
-				<input type="hidden" name="get" value="<?= $get ?>" />
-				<?php } ?>
-
-				<?php $order = Minz_Request::paramString('order'); ?>
-				<?php if ($order !== '') { ?>
-				<input type="hidden" name="order" value="<?= $order ?>" />
-				<?php } ?>
-
-				<?php $state = Minz_Request::paramString('state'); ?>
-				<?php if ($state !== '') { ?>
-				<input type="hidden" name="state" value="<?= $state ?>" />
-				<?php } ?>
-
 				<button class="btn" type="submit"><?= _i('search') ?></button>
 			</div>
 		</form>
@@ -120,7 +118,7 @@
 	</nav>
 	<?php } elseif (FreshRSS_Auth::accessNeedsAction()) { ?>
 	<div class="item configure">
-		<a class="signin" href="<?= _url('auth', 'login') ?>"><?= _i('login') ?><?= _t('gen.auth.login') ?></a>
+		<a class="signin" href="<?= Minz_Url::display(['c' => 'auth', 'a' => 'login'], 'html', 'root') ?>"><?= _i('login') ?><?= _t('gen.auth.login') ?></a>
 	</div>
 	<?php } ?>
 </header>
diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml
index ba6dc4a96..2183f9804 100644
--- a/app/layout/layout.phtml
+++ b/app/layout/layout.phtml
@@ -2,15 +2,17 @@
 	declare(strict_types=1);
 	/** @var FreshRSS_View $this */
 	FreshRSS::preLayout();
+	$class = '';
+	if (_t('gen.dir') === 'rtl') {
+		echo ' dir="rtl"';
+		$class = 'rtl ';
+	}
+	if (FreshRSS_Context::userConf()->darkMode !== 'no') {
+		$class .= 'darkMode_' . FreshRSS_Context::userConf()->darkMode;
+	}
 ?>
 <!DOCTYPE html>
-<html lang="<?= FreshRSS_Context::userConf()->language ?>" xml:lang="<?= FreshRSS_Context::userConf()->language ?>"<?php
-$class = '';
-if (_t('gen.dir') === 'rtl') {
-	echo ' dir="rtl"';
-	$class = 'rtl ';
-}
-?> class="<?= $class ?><?= (FreshRSS_Context::userConf()->darkMode === 'no') ? '' : 'darkMode_' . FreshRSS_Context::userConf()->darkMode ?>">
+<html lang="<?= FreshRSS_Context::userConf()->language ?>" xml:lang="<?= FreshRSS_Context::userConf()->language ?>" class="<?= $class ?>">
 	<head>
 		<meta charset="UTF-8" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index 3d0027f17..f8b687f74 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -41,26 +41,15 @@
 				<li class="item">
 					<span>
 						<form action="<?= _url('index', 'index') ?>" method="get">
-							<?php $param_a = Minz_Request::actionName(); ?>
-							<?php if (in_array($param_a, ['normal', 'global', 'reader'], true)) { ?>
-							<input type="hidden" name="a" value="<?= $param_a ?>" />
+							<?php if (in_array(Minz_Request::actionName(), ['normal', 'global', 'reader'], true)) { ?>
+							<input type="hidden" name="a" value="<?= Minz_Request::actionName() ?>" />
+							<?php } if (Minz_Request::paramString('get') !== '') { ?>
+							<input type="hidden" name="get" value="<?= FreshRSS_Context::currentGet() ?>" />
+							<?php } if (ctype_upper(Minz_Request::paramString('order'))) { ?>
+							<input type="hidden" name="order" value="<?= FreshRSS_Context::$order ?>" />
+							<?php } if (Minz_Request::paramInt('state') !== 0) { ?>
+							<input type="hidden" name="state" value="<?= FreshRSS_Context::$state ?>" />
 							<?php } ?>
-
-							<?php $get = Minz_Request::paramString('get'); ?>
-							<?php if ($get !== '') { ?>
-							<input type="hidden" name="get" value="<?= $get ?>" />
-							<?php } ?>
-
-							<?php $order = Minz_Request::paramString('order'); ?>
-							<?php if ($order !== '') { ?>
-							<input type="hidden" name="order" value="<?= $order ?>" />
-							<?php } ?>
-
-							<?php $state = Minz_Request::paramString('state'); ?>
-							<?php if ($state !== '') { ?>
-							<input type="hidden" name="state" value="<?= $state ?>" />
-							<?php } ?>
-
 							<div class="stick search">
 								<input type="search" name="search"
 									value="<?= htmlspecialchars(htmlspecialchars_decode(FreshRSS_Context::$search->getRawInput(), ENT_QUOTES), ENT_COMPAT, 'UTF-8'); ?>"
@@ -89,7 +78,7 @@
 						<?php if (!empty($raw_query['url'])): ?>
 							<a href="<?= $raw_query['url'] ?>"><?= $raw_query['name'] ?? $raw_query['url'] ?></a>
 						<?php else: ?>
-						<?php $query = new FreshRSS_UserQuery($raw_query); ?>
+						<?php $query = new FreshRSS_UserQuery($raw_query, FreshRSS_Context::categories(), FreshRSS_Context::labels()); ?>
 							<a href="<?= $query->getUrl() ?>"><?= $query->getName() ?></a>
 						<?php endif; ?>
 					</li>
@@ -210,20 +199,6 @@
 			<?php
 		}
 		?>
-
-		<?php
-			$url_output['a'] = 'rss';
-			if (FreshRSS_Context::userConf()->token) {
-				$url_output['params']['user'] = Minz_User::name();
-				$url_output['params']['token'] = FreshRSS_Context::userConf()->token;
-			}
-			if (FreshRSS_Context::userConf()->since_hours_posts_per_rss) {
-				$url_output['params']['hours'] = FreshRSS_Context::userConf()->since_hours_posts_per_rss;
-			}
-		?>
-		<a class="view-rss btn" target="_blank" rel="noreferrer" title="<?= _t('index.menu.rss_view') ?>" href="<?= Minz_Url::display($url_output) ?>">
-			<?= _i('rss') ?>
-		</a>
 	</div>
 
 	<?php $nav_menu_hooks = Minz_ExtensionManager::callHookString('nav_menu'); ?>
diff --git a/app/layout/simple.phtml b/app/layout/simple.phtml
index 065b69fb9..e460e283b 100644
--- a/app/layout/simple.phtml
+++ b/app/layout/simple.phtml
@@ -2,17 +2,27 @@
 	declare(strict_types=1);
 	/** @var FreshRSS_View $this */
 	FreshRSS::preLayout();
+	$class = '';
+	if (_t('gen.dir') === 'rtl') {
+		echo ' dir="rtl"';
+		$class = 'rtl ';
+	}
+	if (FreshRSS_Context::userConf()->darkMode !== 'no') {
+		$class .= 'darkMode_' . FreshRSS_Context::userConf()->darkMode;
+	}
 ?>
 <!DOCTYPE html>
-<html lang="<?= FreshRSS_Context::userConf()->language ?>" xml:lang="<?= FreshRSS_Context::userConf()->language ?>">
+<html lang="<?= FreshRSS_Context::userConf()->language ?>" xml:lang="<?= FreshRSS_Context::userConf()->language ?>" class="<?= $class ?>">
 	<head>
 		<meta charset="UTF-8" />
-		<meta name="viewport" content="initial-scale=1.0" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />
+		<?= FreshRSS_View::metaThemeColor() ?>
 		<?= FreshRSS_View::headStyle() ?>
 		<script id="jsonVars" type="application/json">
 <?php $this->renderHelper('javascript_vars'); ?>
 		</script>
 		<?= FreshRSS_View::headScript() ?>
+		<link rel="manifest" href="<?= Minz_Url::display('/themes/manifest.json') ?>" />
 		<link rel="shortcut icon" id="favicon" type="image/x-icon" sizes="16x16 64x64" href="<?= Minz_Url::display('/favicon.ico') ?>" />
 		<link rel="icon msapplication-TileImage apple-touch-icon" type="image/png" sizes="256x256" href="<?= Minz_Url::display('/themes/icons/favicon-256.png') ?>" />
 		<link rel="apple-touch-icon" href="<?= Minz_Url::display('/themes/icons/apple-touch-icon.png') ?>" />
@@ -20,9 +30,15 @@
 		<meta name="apple-mobile-web-app-status-bar-style" content="black" />
 		<meta name="apple-mobile-web-app-title" content="<?= FreshRSS_Context::systemConf()->title ?>">
 		<meta name="msapplication-TileColor" content="#FFF" />
+		<meta name="theme-color" content="#FFF" />
+<?php if (!FreshRSS_Context::systemConf()->allow_referrer) { ?>
 		<meta name="referrer" content="never" />
-		<meta name="robots" content="noindex,nofollow" />
+<?php } ?>
 		<?= FreshRSS_View::headTitle() ?>
+		<?php if ($this->rss_url != ''): ?>
+		<link rel="alternate" type="application/rss+xml" title="<?= $this->rss_title ?>" href="<?= $this->rss_url ?>" />
+		<?php endif; ?>
+		<meta name="robots" content="noindex,nofollow" />
 	</head>
 	<body>
 
@@ -30,7 +46,7 @@
 <div class="app-layout app-layout-simple">
 	<div class="header">
 		<div class="item title">
-			<a href="<?= _url('index', 'index') ?>">
+			<a href="<?= Minz_Url::display(['c' => 'index', 'a' => 'index'], 'html', 'root') ?>">
 				<?php if (FreshRSS_Context::systemConf()->logo_html == '') { ?>
 					<img class="logo" src="<?= _i('FreshRSS-logo', FreshRSS_Themes::ICON_URL) ?>" alt="FreshRSS" loading="lazy" />
 				<?php
@@ -43,14 +59,20 @@
 
 		<div class="item"></div>
 
-		<div class="item">
-			<?php if (FreshRSS_Auth::accessNeedsAction()) { ?>
-				<a class="signout" href="<?= _url('auth', 'logout') ?>">
-					<?= _i('logout') . _t('gen.auth.logout') ?>
+		<?php if (FreshRSS_Auth::accessNeedsAction()): ?>
+			<div class="item configure">
+			<?php if (FreshRSS_Auth::hasAccess()): ?>
+				<a class="signout" href="<?= Minz_Url::display(['c' => 'auth', 'a' => 'logout'], 'html', 'root') ?>">
+					<?= _i('logout') ?><?= _t('gen.auth.logout') ?>
 					(<?= htmlspecialchars(Minz_User::name() ?? '', ENT_NOQUOTES, 'UTF-8') ?>)
 				</a>
-			<?php } ?>
-		</div>
+			<?php else: ?>
+				<a class="signin" href="<?= Minz_Url::display(['c' => 'auth', 'a' => 'login'], 'html', 'root') ?>">
+					<?= _i('login') ?><?= _t('gen.auth.login') ?>
+				</a>
+			<?php endif; ?>
+			</div>
+		<?php endif; ?>
 	</div>
 
 	<?php $this->render(); ?>
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-02-26 09:01:03 +0100
committer	GitHub <noreply@github.com>	2024-02-26 09:01:03 +0100
commit	39cc1c11ec596176e842cc98e6a54337e3c04d7e (patch)
tree	dab89beb80268acb5e4bd58dfc55297bd30a8486 /app/layout
parent	25166c218be4e1ce1cb098de274a231b623d527e (diff)