2015-02-06 04:39:52 +01:00
|
|
|
<?php
|
2017-12-10 09:02:26 +01:00
|
|
|
/**
|
|
|
|
|
* app.php
|
2020-03-17 16:06:30 +00:00
|
|
|
* Copyright (c) 2019 james@firefly-iii.org.
|
2017-12-10 09:02:26 +01:00
|
|
|
*
|
2019-10-02 06:38:00 +02:00
|
|
|
* This file is part of Firefly III (https://github.com/firefly-iii).
|
2017-12-10 09:02:26 +01:00
|
|
|
*
|
2019-10-02 06:38:00 +02:00
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU Affero General Public License as
|
|
|
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
|
|
|
* License, or (at your option) any later version.
|
2017-12-10 09:02:26 +01:00
|
|
|
*
|
2019-10-02 06:38:00 +02:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
2017-12-10 09:02:26 +01:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2019-10-02 06:38:00 +02:00
|
|
|
* GNU Affero General Public License for more details.
|
2017-12-10 09:02:26 +01:00
|
|
|
*
|
2019-10-02 06:38:00 +02:00
|
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
2017-12-10 09:02:26 +01:00
|
|
|
*/
|
|
|
|
|
|
2017-09-14 17:40:02 +02:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
2025-05-27 17:09:35 +02:00
|
|
|
use FireflyIII\Exceptions\Handler;
|
2026-01-24 20:36:20 +01:00
|
|
|
use FireflyIII\Http\Middleware\AcceptHeaders;
|
|
|
|
|
use FireflyIII\Http\Middleware\Authenticate;
|
|
|
|
|
use FireflyIII\Http\Middleware\Binder;
|
|
|
|
|
use FireflyIII\Http\Middleware\EncryptCookies;
|
|
|
|
|
use FireflyIII\Http\Middleware\Installer;
|
|
|
|
|
use FireflyIII\Http\Middleware\InterestingMessage;
|
|
|
|
|
use FireflyIII\Http\Middleware\IsAdmin;
|
2026-03-21 07:27:10 +01:00
|
|
|
use FireflyIII\Http\Middleware\IsAdminApi;
|
2026-01-24 20:36:20 +01:00
|
|
|
use FireflyIII\Http\Middleware\Range;
|
|
|
|
|
use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
|
2026-01-25 17:27:27 +01:00
|
|
|
use FireflyIII\Http\Middleware\SecureHeaders;
|
2026-02-15 07:41:31 +01:00
|
|
|
use FireflyIII\Http\Middleware\StartFireflyIIISession;
|
2026-01-24 20:36:20 +01:00
|
|
|
use FireflyIII\Http\Middleware\VerifyCsrfToken;
|
|
|
|
|
use Illuminate\Contracts\Debug\ExceptionHandler;
|
|
|
|
|
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
|
|
|
|
|
use Illuminate\Foundation\Application;
|
|
|
|
|
use Illuminate\Foundation\Configuration\Exceptions;
|
|
|
|
|
use Illuminate\Foundation\Configuration\Middleware;
|
2026-01-25 17:50:19 +01:00
|
|
|
use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
|
|
|
|
|
use Illuminate\Foundation\Http\Middleware\InvokeDeferredCallbacks;
|
|
|
|
|
use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
|
|
|
|
|
use Illuminate\Foundation\Http\Middleware\TrimStrings;
|
|
|
|
|
use Illuminate\Http\Middleware\HandleCors;
|
|
|
|
|
use Illuminate\Http\Middleware\ValidatePostSize;
|
2026-01-24 20:36:20 +01:00
|
|
|
use Illuminate\View\Middleware\ShareErrorsFromSession;
|
|
|
|
|
use Laravel\Passport\Http\Middleware\CreateFreshApiToken;
|
|
|
|
|
use PragmaRX\Google2FALaravel\Middleware as MFAMiddleware;
|
2025-05-27 17:09:35 +02:00
|
|
|
|
2015-02-06 04:39:52 +01:00
|
|
|
/*
|
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Create The Application
|
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
| The first thing we will do is create a new Laravel application instance
|
|
|
|
|
| which serves as the "glue" for all the components of Laravel, and is
|
2023-03-18 14:35:08 +01:00
|
|
|
| the IoC container for the system binding all the various parts.
|
2015-02-06 04:39:52 +01:00
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
2023-03-18 14:35:08 +01:00
|
|
|
bcscale(12);
|
2017-09-10 09:54:00 +02:00
|
|
|
|
2026-03-06 13:52:11 +01:00
|
|
|
if (!function_exists('envDefaultWhenEmpty')) {
|
2018-04-27 11:29:09 +02:00
|
|
|
/**
|
|
|
|
|
*
|
|
|
|
|
* @return mixed|null
|
|
|
|
|
*/
|
2026-03-06 13:52:11 +01:00
|
|
|
function envDefaultWhenEmpty(mixed $value, string | int | bool | null $default = null): mixed
|
2023-10-28 15:03:33 +02:00
|
|
|
{
|
2026-03-06 13:52:11 +01:00
|
|
|
if(null === $value) {
|
2025-05-27 17:09:35 +02:00
|
|
|
return $default;
|
2018-04-27 11:29:09 +02:00
|
|
|
}
|
2026-03-06 13:52:11 +01:00
|
|
|
if('' === $value) {
|
|
|
|
|
return $default;
|
|
|
|
|
}
|
|
|
|
|
return $value;
|
2018-04-27 06:26:37 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-29 14:17:10 +02:00
|
|
|
if (!function_exists('stringIsEqual')) {
|
2023-10-28 15:03:33 +02:00
|
|
|
function stringIsEqual(string $left, string $right): bool
|
|
|
|
|
{
|
2020-08-22 12:24:01 +02:00
|
|
|
return $left === $right;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-24 20:36:20 +01:00
|
|
|
$app = Application::configure(basePath: dirname(__DIR__))
|
|
|
|
|
->withRouting(
|
|
|
|
|
web : __DIR__ . '/../routes/web.php',
|
2026-02-15 11:25:12 +01:00
|
|
|
api : __DIR__ . '/../routes/api.php',
|
2026-01-24 20:36:20 +01:00
|
|
|
commands: __DIR__ . '/../routes/console.php',
|
2026-02-15 11:25:12 +01:00
|
|
|
health : '/up',
|
2026-01-24 20:36:20 +01:00
|
|
|
)
|
|
|
|
|
->withMiddleware(function (Middleware $middleware): void {
|
2026-02-15 07:41:31 +01:00
|
|
|
|
2026-01-25 17:50:19 +01:00
|
|
|
// overrule the standard middleware
|
2026-01-25 20:13:53 +01:00
|
|
|
$middleware->use(
|
|
|
|
|
[
|
2026-02-15 11:25:12 +01:00
|
|
|
InvokeDeferredCallbacks::class,
|
|
|
|
|
\Illuminate\Http\Middleware\TrustProxies::class, // use the DEFAULT middleware for this.
|
|
|
|
|
HandleCors::class,
|
|
|
|
|
PreventRequestsDuringMaintenance::class,
|
|
|
|
|
ValidatePostSize::class,
|
|
|
|
|
TrimStrings::class,
|
|
|
|
|
ConvertEmptyStringsToNull::class,
|
|
|
|
|
SecureHeaders::class, // is a Firefly III specific middleware class.
|
|
|
|
|
]
|
2026-01-25 20:13:53 +01:00
|
|
|
);
|
2026-01-25 09:02:47 +01:00
|
|
|
|
2026-02-15 11:25:12 +01:00
|
|
|
// append and extend the default "web" middleware
|
|
|
|
|
// to include our own custom "StartFireflyIIISession" class.
|
|
|
|
|
// this class in turns contains a better "previous URL" feature.
|
|
|
|
|
// See https://laravel.com/docs/12.x/middleware for the default list.
|
2026-01-25 20:13:53 +01:00
|
|
|
$middleware->group('web',
|
|
|
|
|
[
|
|
|
|
|
EncryptCookies::class,
|
|
|
|
|
AddQueuedCookiesToResponse::class,
|
2026-02-15 11:25:12 +01:00
|
|
|
StartFireflyIIISession::class, // this is different.
|
2026-01-25 20:13:53 +01:00
|
|
|
ShareErrorsFromSession::class,
|
|
|
|
|
VerifyCsrfToken::class,
|
2026-02-15 11:25:12 +01:00
|
|
|
Binder::class, // this is also different.
|
2026-01-25 20:13:53 +01:00
|
|
|
CreateFreshApiToken::class,
|
|
|
|
|
]
|
|
|
|
|
);
|
2026-01-24 20:36:20 +01:00
|
|
|
|
2026-02-15 11:25:12 +01:00
|
|
|
// the default API group only contains "substitute bindings" middleware
|
|
|
|
|
// so here we replace the entire API group and add more sensible stuff.
|
|
|
|
|
$middleware->group('api',
|
|
|
|
|
[
|
|
|
|
|
AcceptHeaders::class,
|
2026-02-15 16:43:35 +01:00
|
|
|
// EnsureFrontendRequestsAreStateful::class,
|
2026-02-15 11:25:12 +01:00
|
|
|
'auth:api',
|
2026-02-15 12:24:33 +01:00
|
|
|
Binder::class,
|
2026-02-15 11:25:12 +01:00
|
|
|
]
|
|
|
|
|
);
|
|
|
|
|
$middleware->appendToGroup('api_basic', [AcceptHeaders::class, Binder::class]);
|
2026-01-24 20:36:20 +01:00
|
|
|
|
|
|
|
|
|
2026-02-15 11:25:12 +01:00
|
|
|
// "simple auth" means the user must be logged in and present,
|
|
|
|
|
// but does not have to be 2FA authenticated. This is so all users
|
|
|
|
|
// can always log out, for example.
|
2026-01-24 20:36:20 +01:00
|
|
|
$middleware->appendToGroup('user-simple-auth', [
|
|
|
|
|
Authenticate::class,
|
|
|
|
|
]);
|
|
|
|
|
|
2026-02-15 11:25:12 +01:00
|
|
|
// This middleware is added for all routes where the user MUST have full authentication.
|
|
|
|
|
// this includes 2FA etc.
|
|
|
|
|
// incidentally, this group also includes the range middleware and the message thing.
|
2026-01-24 20:36:20 +01:00
|
|
|
$middleware->appendToGroup('user-full-auth', [
|
|
|
|
|
Authenticate::class,
|
|
|
|
|
MFAMiddleware::class,
|
|
|
|
|
Range::class,
|
|
|
|
|
InterestingMessage::class,
|
|
|
|
|
]);
|
2026-02-15 11:25:12 +01:00
|
|
|
// This middleware is added to ensure that the user is not only logged in and
|
|
|
|
|
// authenticated (with MFA and everything), but also admin.
|
2026-02-28 06:15:28 +01:00
|
|
|
$middleware->appendToGroup('api-admin', [
|
2026-03-21 07:27:10 +01:00
|
|
|
IsAdminApi::class,
|
2026-02-28 06:15:28 +01:00
|
|
|
]);
|
2026-01-24 20:36:20 +01:00
|
|
|
$middleware->appendToGroup('admin', [
|
|
|
|
|
IsAdmin::class,
|
2026-02-28 06:15:28 +01:00
|
|
|
Range::class,
|
|
|
|
|
InterestingMessage::class
|
2026-01-24 20:36:20 +01:00
|
|
|
]);
|
|
|
|
|
|
2026-02-15 11:25:12 +01:00
|
|
|
// if the user is not logged in, this group applies.
|
|
|
|
|
// on top of everything else of course.
|
|
|
|
|
$middleware->appendToGroup('user-not-logged-in', [
|
|
|
|
|
Installer::class,
|
|
|
|
|
RedirectIfAuthenticated::class,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// the "binders only" group does not need or ask for authentication
|
|
|
|
|
// it just makes sure strings from routes are bound to objects if possible.
|
|
|
|
|
$middleware->group('binders-only',
|
|
|
|
|
[
|
|
|
|
|
Installer::class,
|
|
|
|
|
EncryptCookies::class,
|
|
|
|
|
AddQueuedCookiesToResponse::class,
|
|
|
|
|
Binder::class,
|
|
|
|
|
]);
|
2026-01-24 20:36:20 +01:00
|
|
|
|
2026-02-15 11:25:12 +01:00
|
|
|
// $middleware->priority([StartFireflyIIISession::class, ShareErrorsFromSession::class, Authenticate::class, Binder::class, Authorize::class]);
|
2026-01-24 20:36:20 +01:00
|
|
|
})
|
|
|
|
|
->withEvents(discover: [
|
|
|
|
|
__DIR__ . '/../app/Listeners',
|
|
|
|
|
])
|
|
|
|
|
->withExceptions(function (Exceptions $exceptions): void {
|
|
|
|
|
//
|
|
|
|
|
})->create();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//$app->withEvents(discover: [
|
|
|
|
|
// __DIR__.'/../app/Domain/Orders/Listeners',
|
|
|
|
|
// ]);
|
2015-02-06 04:39:52 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Bind Important Interfaces
|
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
| Next, we need to bind some important interfaces into the container so
|
|
|
|
|
| we will be able to resolve them when needed. The kernels serve the
|
|
|
|
|
| incoming requests to this application from both the web and CLI.
|
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
$app->singleton(
|
2025-05-27 17:09:35 +02:00
|
|
|
ExceptionHandler::class,
|
|
|
|
|
Handler::class
|
2015-02-06 04:39:52 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Return The Application
|
|
|
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
| This script returns the application instance. The instance is given to
|
|
|
|
|
| the calling script so we can separate the building of the instances
|
|
|
|
|
| from the actual running of the application and sending responses.
|
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
return $app;
|
