refactor: migrated admin session keepalive to controller (#3257)

Author: thorsten

nginx.conf

@@ -129,7 +129,7 @@ server {
             rewrite admin/api/(.*)                                  /admin/api/index.php last;
 
             # Administration pages
-            rewrite admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|instance/edit|instance/update|instances|stopwords|system|update) /admin/front.php last;
+            rewrite admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|instance/edit|instance/update|instances|session-keep-alive|stopwords|system|update) /admin/front.php last;
 
             # REST API v3.0 and v3.1
             rewrite ^api/v3\.[01]/(.*)                              /api/index.php last;

phpmyfaq/.htaccess

@@ -143,7 +143,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     # Administration API
     RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA]
     # Administration pages
-    RewriteRule ^admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|instance/edit|instance/update|instances|stopwords|system|update) admin/front.php [L,QSA]
+    RewriteRule ^admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|instance/edit|instance/update|instances|session-keep-alive|stopwords|system|update) admin/front.php [L,QSA]
     # Private APIs
     RewriteRule ^api/(autocomplete|bookmark/delete|bookmark/create|user/data/update|user/password/update|user/request-removal|user/remove-twofactor|contact|voting|register|captcha|share|comment/create|faq/create|question/create|webauthn/prepare|webauthn/register|webauthn/prepare-login|webauthn/login) api/index.php [L,QSA]
     # Setup APIs

phpmyfaq/admin/session.keepalive.php

@@ -86,7 +86,7 @@
   </div>
 
   {% if isUserLoggedIn %}
-  <iframe id="keepPMFSessionAlive" src="./session.keepalive.php?lang={{ currentLanguage }}" width="0" height="0"
+  <iframe id="keepPMFSessionAlive" src="./session-keep-alive?lang={{ currentLanguage }}" width="0" height="0"
           style="display: none;" name="keep-phpmyfaq-session-alive"></iframe>
   {% endif %}
 

phpmyfaq/assets/templates/admin/footer.twig

@@ -312,7 +312,7 @@
 </div>
 
 {% if isUserLoggedIn %}
-  <iframe id="keepPMFSessionAlive" src="./session.keepalive.php?lang={{ currentLanguage }}" width="0" height="0"
+  <iframe id="keepPMFSessionAlive" src="./session-keep-alive?lang={{ currentLanguage }}" width="0" height="0"
           style="display: none;" name="keep-phpmyfaq-session-alive"></iframe>
 {% endif %}
 

phpmyfaq/assets/templates/admin/index.twig

@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="{{ metaLanguage }}" class="no-js">
+<html lang="{{ metaLanguage }}">
 <head>
   <meta charset="utf-8">
 

phpmyfaq/assets/templates/admin/session-keepalive.twig

@@ -20,6 +20,7 @@
 use phpMyFAQ\Controller\Administration\ConfigurationController;
 use phpMyFAQ\Controller\Administration\ElasticsearchController;
 use phpMyFAQ\Controller\Administration\InstanceController;
+use phpMyFAQ\Controller\Administration\SessionKeepAliveController;
 use phpMyFAQ\Controller\Administration\StopWordsController;
 use phpMyFAQ\Controller\Administration\SystemInformationController;
 use phpMyFAQ\Controller\Administration\UpdateController;
@@ -74,6 +75,11 @@
         'controller' => [InstanceController::class, 'index'],
         'methods' => 'GET'
     ],
+    'admin.session.keepalive' => [
+        'path' => '/session-keep-alive',
+        'controller' => [SessionKeepAliveController::class, 'index'],
+        'methods' => 'GET'
+    ],
     'admin.stopwords' => [
         'path' => '/stopwords',
         'controller' => [StopwordsController::class, 'index'],

phpmyfaq/src/admin-routes.php

@@ -0,0 +1,59 @@
+<?php
+
+/**
+ * The Session Keepalive Controller
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * @package   phpMyFAQ
+ * @author    Thorsten Rinne <[email protected]>
+ * @copyright 2024 phpMyFAQ Team
+ * @license   https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      https://www.phpmyfaq.de
+ * @since     2024-11-23
+ */
+
+declare(strict_types=1);
+
+namespace phpMyFAQ\Controller\Administration;
+
+use phpMyFAQ\Core\Exception;
+use phpMyFAQ\Filter;
+use phpMyFAQ\Session\Token;
+use phpMyFAQ\System;
+use phpMyFAQ\Translation;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Attribute\Route;
+use Twig\Error\LoaderError;
+
+class SessionKeepAliveController extends AbstractAdministrationController
+{
+    /**
+     * @throws Exception
+     * @throws LoaderError
+     * @throws \Exception
+     */
+    #[Route('/session-keep-alive', name: 'admin.session.keepalive', methods: ['GET'])]
+    public function index(Request $request): Response
+    {
+        $language = Filter::filterVar($request->query->get('lang', 'en'), FILTER_SANITIZE_SPECIAL_CHARS);
+        $refreshTime = (PMF_AUTH_TIMEOUT - PMF_AUTH_TIMEOUT_WARNING) * 60;
+
+        return $this->render(
+            '@admin/session-keepalive.twig',
+            [
+                'metaLanguage' => $language,
+                'phpMyFAQVersion' => System::getVersion(),
+                'currentYear' => date('Y'),
+                'isUserLoggedIn' => $this->currentUser->isLoggedIn(),
+                'csrfToken' => Token::getInstance($this->container->get('session'))->getTokenString('admin-logout'),
+                'msgConfirm' => sprintf(Translation::get('ad_session_expiring'), PMF_AUTH_TIMEOUT_WARNING),
+                'sessionTimeout' => PMF_AUTH_TIMEOUT,
+                'refreshTime' => $refreshTime,
+            ]
+        );
+    }
+}