PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-06-25 16:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2cb8d71fe9a5e38a077adea6bb8c041d2c4ee267
xamxam/app/bootstrap.php
Pontoporeia 6f7a02244f maintenance: allow /partage through gate, fix fragment routing, add visibility table in admin 
Extract shared filepond logic into src/FilepondHandler.php class.
Admin filepond endpoints delegate to the handler after AdminAuth check.
New partage filepond endpoints at /partage/actions/filepond/ verify
share_active session flag + CSRF token, no admin auth required.

JS reads filepond-base meta tag to determine endpoint path:
- Admin pages: /admin/actions/filepond (via head.php isAdmin check)
- Partage form: /partage/actions/filepond (explicit meta)

partage/index.php sets share_active = true on form render, cleans up on
successful submit. Partage process endpoint rate-limited to 30/5min per
session. No nginx changes needed — /partage/ location already handles
PHP without auth_basic.
2026-05-19 00:08:06 +02:00

52 lines
1.8 KiB
PHP
Raw Blame History

<?php
/**
* Simple configuration for website
*/
// Define application root
define('APP_ROOT', __DIR__);
// Storage directory for uploaded files — intentionally outside the webroot
// so no uploaded content is ever directly web-accessible (items #3 & #4).
// Files are served through MediaController which validates paths and MIME types.
// In dev (cli-server) use the local storage/ directory; in production use the
// absolute path outside the webroot.
define('STORAGE_ROOT', php_sapi_name() === 'cli-server'
? __DIR__ . '/storage'
: '/var/www/xamxam/storage'
);
// Error reporting
if (php_sapi_name() === 'cli-server') {
// Development mode
error_reporting(E_ALL);
ini_set('display_errors', '1');
} else {
// Production mode
error_reporting(E_ALL);
ini_set('display_errors', '0');
ini_set('log_errors', '1');
}
// Admin password hash is stored in site_settings (DB).
// AdminAuth reads it on demand — no static config file needed.
// Central application helper (boot, auth guard, CSRF, flash, render)
require_once APP_ROOT . '/src/App.php';
// Maintenance mode gate — block public pages; allow /admin/ through.
// The flag file lives in storage/ (outside webroot) to avoid web exposure.
define('MAINTENANCE_FLAG', APP_ROOT . '/storage/maintenance.flag');
if (file_exists(MAINTENANCE_FLAG)) {
// Allow admin panel, partage pages (path prefix), and the maintenance page itself
$requestPath = $_SERVER['REQUEST_URI'] ?? '';
$isAdmin = str_starts_with($requestPath, '/admin');
$isPartage = str_starts_with($requestPath, '/partage');
$isMaintenance = str_contains($requestPath, 'maintenance.php');
if (!$isAdmin && !$isPartage && !$isMaintenance) {
require APP_ROOT . '/public/maintenance.php';
exit();
}
}
Reference in New Issue View Git Blame Copy Permalink