Keeps the dashboard sessions from expiring. (#9263)

* Keeps the dashboard sessions from expiring. Route dashboard ajax calls through Laravel. Boots minimal cookies and sessions. Does not fix other pages for now, real fix is to fully port. * Check Laravel auth for the legacy calls. Display Laravel errors in the dashboard. legacy auth checks are mostly extraneous now.
librenms · Oct 1, 2018 · 14a168b · 14a168b
1 parent c36a9e9
commit 14a168b
Show file tree

Hide file tree

Showing 9 changed files with 175 additions and 66 deletions.
diff --git a/LibreNMS/Util/Laravel.php b/LibreNMS/Util/Laravel.php
@@ -33,6 +33,20 @@
 
 class Laravel
 {
+    public static function bootCli()
+    {
+        // make sure Laravel isn't already booted
+        if (class_exists('App') && App::isBooted()) {
+            return;
+        }
+
+        define('LARAVEL_START', microtime(true));
+        $install_dir = realpath(__DIR__ . '/../..');
+        $app = require_once $install_dir . '/bootstrap/app.php';
+        $kernel = $app->make(\Illuminate\Contracts\Console\Kernel::class);
+        $kernel->bootstrap();
+    }
+
     public static function enableQueryDebug()
     {
         $db = Eloquent::DB();

diff --git a/app/Http/Controllers/LegacyController.php b/app/Http/Controllers/LegacyController.php
@@ -21,4 +21,14 @@ public function api($path = '')
     {
         include base_path('html/legacy_api_v0.php');
     }
+
+    public function dash()
+    {
+        ob_start();
+        include base_path('html/legacy/ajax_dash.php');
+        $output = ob_get_contents();
+        ob_end_clean();
+
+        return response($output, 200, ['Content-Type' => 'application/json']);
+    }
 }
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -41,6 +41,11 @@ class Kernel extends HttpKernel
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
         ],
 
+        'minimal' => [
+            \App\Http\Middleware\EncryptCookies::class,
+            \Illuminate\Session\Middleware\StartSession::class,
+        ],
+
         'api' => [
             'bindings',
             'auth:token'

diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php
@@ -35,13 +35,26 @@ public function boot()
      */
     public function map()
     {
+        $this->mapLegacyRoutes();
+
         $this->mapApiRoutes();
 
         $this->mapWebRoutes();
 
         //
     }
 
+    /**
+     * Define legacy routes for the application.
+     * Only initializing minimal middleware: Cookies and Session.
+     */
+    protected function mapLegacyRoutes()
+    {
+        Route::middleware('minimal')
+            ->namespace($this->namespace)
+            ->group(base_path('routes/legacy.php'));
+    }
+
     /**
      * Define the "web" routes for the application.
      *

diff --git a/html/ajax_dash.php b/html/ajax_dash.php
@@ -1,62 +1,61 @@
 <?php
 
-/*
- * LibreNMS
- *
- * Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
+/**
+ * Laravel - A PHP Framework For Web Artisans
  *
- * This program is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation, either version 3 of the License, or (at your
- * option) any later version.  Please see LICENSE.txt at the top level of
- * the source code distribution for details.
+ * @package  Laravel
+ * @author   Taylor Otwell <taylor@laravel.com>
  */
 
-use LibreNMS\Authentication\LegacyAuth;
-
-$init_modules = array('web', 'auth');
-require realpath(__DIR__ . '/..') . '/includes/init.php';
-
-set_debug($_REQUEST['debug']);
-
-header('Content-type: application/json');
-
-if (!LegacyAuth::check()) {
-    $response = array(
-        'status'  => 'error',
-        'message' => 'Unauthenticated',
-    );
-    echo _json_encode($response);
-    exit;
-}
-
-$type = $vars['type'];
-
-if ($type == 'placeholder') {
-    $output = "<span style='text-align:left;'><br><h3>Click on the Edit Dashboard button (next to the list of dashboards) to add widgets</h3><br><h4><strong>Remember:</strong> You can only move & resize widgets when you're in <strong>Edit Mode</strong>.</h4><span>";
-    $status = 'ok';
-    $title = 'Placeholder';
-} elseif (is_file('includes/common/'.$type.'.inc.php')) {
-    $results_limit     = 10;
-    $typeahead_limit   = $config['webui']['global_search_result_limit'];
-    $no_form           = true;
-    $unique_id         = str_replace(array("-","."), "_", uniqid($type, true));
-    $widget_id         = $vars['id'];
-    $widget_settings   = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?', array($widget_id)), true);
-    $widget_dimensions = $vars['dimensions'];
-    if (!empty($vars['settings'])) {
-        define('SHOW_SETTINGS', true);
-    }
-    include 'includes/common/'.$type.'.inc.php';
-    $output = implode('', $common_output);
-    $status = 'ok';
-    $title  = display($widget_settings['title']) ?: ucfirst(display($type));
-}
-
-$response = array(
-                  'status' => $status,
-                  'html' => $output,
-                  'title' => $title,
-                 );
-
-echo _json_encode($response);
+/*
+|--------------------------------------------------------------------------
+| Register The Auto Loader
+|--------------------------------------------------------------------------
+|
+| Composer provides a convenient, automatically generated class loader for
+| our application. We just need to utilize it! We'll simply require it
+| into the script here so that we don't have to worry about manual
+| loading any of our classes later on. It feels great to relax.
+|
+*/
+
+require __DIR__.'/../bootstrap/autoload.php';
+
+/*
+|--------------------------------------------------------------------------
+| Turn On The Lights
+|--------------------------------------------------------------------------
+|
+| We need to illuminate PHP development, so let us turn on the lights.
+| This bootstraps the framework and gets it ready for use, then it
+| will load up this application so that we can run it and send
+| the responses back to the browser and delight our users.
+|
+*/
+
+$app = require_once __DIR__.'/../bootstrap/app.php';
+
+/*
+|--------------------------------------------------------------------------
+| Run The Application
+|--------------------------------------------------------------------------
+|
+| Once we have the application, we can handle the incoming request
+| through the kernel, and send the associated response back to
+| the client's browser allowing them to enjoy the creative
+| and wonderful application we have prepared for them.
+|
+*/
+
+$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
+
+// rewrite the request uri
+$_SERVER['REQUEST_URI'] = '/legacy_ajax_dash';
+
+$response = $kernel->handle(
+    $request = Illuminate\Http\Request::capture()
+);
+
+$response->send();
+
+$kernel->terminate($request, $response);
diff --git a/html/legacy/ajax_dash.php b/html/legacy/ajax_dash.php
@@ -0,0 +1,64 @@
+<?php
+
+/*
+ * LibreNMS
+ *
+ * Copyright (c) 2014 Neil Lathwood <https://github.com/laf/ http://www.lathwood.co.uk/fa>
+ *
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or (at your
+ * option) any later version.  Please see LICENSE.txt at the top level of
+ * the source code distribution for details.
+ * @package  Laravel
+ * @author   Taylor Otwell <taylor@laravel.com>
+ */
+
+use LibreNMS\Authentication\LegacyAuth;
+
+$init_modules = ['web', 'auth'];
+require realpath(__DIR__ . '/../..') . '/includes/init.php';
+
+set_debug(isset($_REQUEST['debug']) && $_REQUEST['debug']);
+
+header('Content-type: application/json');
+
+if (!LegacyAuth::check()) {
+    $response = array(
+        'status'  => 'error',
+        'message' => 'Unauthenticated',
+    );
+    echo _json_encode($response);
+    exit;
+}
+
+$type = isset($vars['type']) ? $vars['type'] : 'placeholder';
+
+if ($type == 'placeholder') {
+    $output = "<span style='text-align:left;'><br><h3>Click on the Edit Dashboard button (next to the list of dashboards) to add widgets</h3><br><h4><strong>Remember:</strong> You can only move & resize widgets when you're in <strong>Edit Mode</strong>.</h4><span>";
+    $status = 'ok';
+    $title = 'Placeholder';
+} elseif (is_file('includes/common/'.$type.'.inc.php')) {
+    $results_limit     = 10;
+    $typeahead_limit   = $config['webui']['global_search_result_limit'];
+    $no_form           = true;
+    $unique_id         = str_replace(array("-","."), "_", uniqid($type, true));
+    $widget_id         = $vars['id'];
+    $widget_settings   = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?', array($widget_id)), true);
+    $widget_dimensions = $vars['dimensions'];
+    if (!empty($vars['settings'])) {
+        define('SHOW_SETTINGS', true);
+    }
+    include 'includes/common/'.$type.'.inc.php';
+    $output = implode('', $common_output);
+    $status = 'ok';
+    $title  = display($widget_settings['title']) ?: ucfirst(display($type));
+}
+
+$response = array(
+                  'status' => $status,
+                  'html' => $output,
+                  'title' => $title,
+                 );
+
+echo _json_encode($response);
diff --git a/html/pages/front/tiles.php b/html/pages/front/tiles.php
@@ -653,8 +653,12 @@ function widget_reload(id,data_type) {
                     $("#widget_body_"+id).html('<div class="alert alert-info">' + data.message + '</div>');
                 }
             },
-            error: function () {
-                $("#widget_body_"+id).html('<div class="alert alert-info">Problem with backend</div>');
+            error: function (data) {
+                if (data.responseJSON.error) {
+                    $("#widget_body_"+id).html('<div class="alert alert-info">' + data.responseJSON.error + '</div>');
+                } else {
+                    $("#widget_body_"+id).html('<div class="alert alert-info">Problem with backend</div>');
+                }
             }
         });
     }

diff --git a/includes/init.php b/includes/init.php
@@ -93,13 +93,7 @@ function module_selected($module, $modules)
 }
 
 if (module_selected('laravel', $init_modules)) {
-    // make sure Laravel isn't already booted
-    if (!class_exists('App') || !App::isBooted()) {
-        define(LARAVEL_START, microtime(true));
-        $app = require_once $install_dir . '/bootstrap/app.php';
-        $kernel = $app->make(Illuminate\Contracts\Console\Kernel::class);
-        $kernel->bootstrap();
-    }
+    \LibreNMS\Util\Laravel::bootCli();
 }
 
 if (!module_selected('nodb', $init_modules)) {

diff --git a/routes/legacy.php b/routes/legacy.php
@@ -0,0 +1,6 @@
+<?php
+
+
+Route::group(['middleware' => ['auth'], 'guard' => 'auth'], function () {
+    Route::any('legacy_ajax_dash', 'LegacyController@dash');
+});