From ad2c6e6fbf3658f08295fb437a0f97e10498eb11 Mon Sep 17 00:00:00 2001
From: Alexis Degrugillier <aledeg@users.noreply.github.com>
Date: Sun, 20 Oct 2024 14:51:49 -0400
Subject: Add privacy settings on extension list retrieval (#4603)

* Add privacy settings on extension list retrieval

There is a new privacy page to handle all configuration related to privacy. At
the moment, only privacy related to extensions can be configured.

The new settings allow to change the location of the extension list file and to
choose if the selected file is cached for a day or retrieved for each request.

Fix #4570

* Update code to pass PHPStan

* make fix-all

---------

Co-authored-by: maTh <math-home@web.de>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---
 app/Controllers/configureController.php | 16 ++++++++++++++++
 app/Controllers/extensionController.php | 13 ++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

(limited to 'app/Controllers')

diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index cc31430b0..6d25493cf 100644
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -503,4 +503,20 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 			Minz_Request::good(_t('feedback.conf.updated'), [ 'c' => 'configure', 'a' => 'system' ]);
 		}
 	}
+
+	public function privacyAction(): void {
+		if (!FreshRSS_Auth::hasAccess('admin')) {
+			Minz_Error::error(403);
+		}
+
+		if (Minz_Request::isPost()) {
+			FreshRSS_Context::userConf()->retrieve_extension_list = Minz_Request::paramBoolean('retrieve_extension_list');
+			FreshRSS_Context::userConf()->save();
+			invalidateHttpCache();
+
+			Minz_Request::good(_t('feedback.conf.updated'), array('c' => 'configure', 'a' => 'privacy'));
+		}
+
+		FreshRSS_View::prependTitle(_t('conf.privacy') . ' · ');
+	}
 }
diff --git a/app/Controllers/extensionController.php b/app/Controllers/extensionController.php
index bf1f01c59..42538153d 100644
--- a/app/Controllers/extensionController.php
+++ b/app/Controllers/extensionController.php
@@ -44,7 +44,18 @@ class FreshRSS_extension_Controller extends FreshRSS_ActionController {
 	 */
 	protected function getAvailableExtensionList(): array {
 		$extensionListUrl = 'https://raw.githubusercontent.com/FreshRSS/Extensions/master/extensions.json';
-		$json = httpGet($extensionListUrl, CACHE_PATH . '/extension_list.json', 'json');
+
+		$cacheFile = CACHE_PATH . '/extension_list.json';
+		if (FreshRSS_Context::userConf()->retrieve_extension_list === true) {
+			if (!file_exists($cacheFile) || (time() - (filemtime($cacheFile) ?: 0) > 86400)) {
+				$json = httpGet($extensionListUrl, $cacheFile, 'json');
+			} else {
+				$json = @file_get_contents($cacheFile) ?: '';
+			}
+		} else {
+			Minz_Log::warning('The extension list retrieval is disabled in privacy configuration');
+			return [];
+		}
 
 		// we ran into problems, simply ignore them
 		if ($json === '') {
-- 
cgit v1.2.3