brianhansonxyz/rspade_system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c83cae5a927f2dcca0b0e92c703d3a517ab55ee4
rspade_system/public/index.php
root e678b987c2 Fix unimplemented login route with # prefix 
Fix IDE service routing and path normalization
Refactor IDE services and add session rotation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-22 15:59:42 +00:00

125 lines
4.4 KiB
PHP
Executable File
Raw Blame History

<?php
use Illuminate\Contracts\Http\Kernel;
use Illuminate\Http\Request;
define('LARAVEL_START', microtime(true));
/*
|--------------------------------------------------------------------------
| IDE Service Endpoints (Must be before maintenance check)
|--------------------------------------------------------------------------
|
| Handle IDE service requests that bypass Laravel for performance.
| These provide fast responses for IDE integration features.
|
*/
$request_path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
// Handle IDE service endpoints
if (str_starts_with($request_path, '/_ide/service')) {
// SECURITY-CRITICAL: Authenticate FIRST before any service logic
// This checks session auth OR localhost bypass before proceeding
require_once __DIR__ . '/../app/RSpade/Ide/Services/auth.php';
// If we reach here, authentication passed (auth.php exits on failure)
// SECURITY: Explicit whitelist only - handlers must be explicitly defined here.
// User input (service name) determines WHICH handler, but cannot inject arbitrary paths.
// TODO: Improve the design of this subsystem invocation later.
// Extract service name
$service_name = str_replace('/_ide/service', '', $request_path);
$service_name = trim($service_name, '/');
// Whitelist of allowed handlers
$allowed_handlers = [
'format' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'definition' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'complete' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'exec' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'command' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'resolve_class' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'git' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
'git/diff' => __DIR__ . '/../app/RSpade/Ide/Services/handler.php',
// All other services use the Laravel handler
'default' => __DIR__ . '/../app/RSpade/Ide/Services/laravel_handler.php',
];
// Determine which handler to use
if (isset($allowed_handlers[$service_name])) {
$handler_path = $allowed_handlers[$service_name];
} else {
// Services not explicitly listed use the Laravel handler
$handler_path = $allowed_handlers['default'];
}
// Execute the whitelisted handler
if (file_exists($handler_path)) {
require_once $handler_path;
exit;
}
}
/*
|--------------------------------------------------------------------------
| Check If The Application Is Under Maintenance
|--------------------------------------------------------------------------
|
| If the application is in maintenance / demo mode via the "down" command
| we will load this file so that any pre-rendered content can be shown
| instead of starting the framework, which could cause an exception.
|
*/
if (file_exists($maintenance = __DIR__.'/../storage/framework/maintenance.php')) {
require $maintenance;
}
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader for
| this application. We just need to utilize it! We'll simply require it
| into the script here so we don't need to manually load our classes.
|
*/
require __DIR__.'/../vendor/autoload.php';
/*
|--------------------------------------------------------------------------
| Initialize RSpade Framework
|--------------------------------------------------------------------------
|
| Acquire the global application read lock before anything else happens.
| This ensures proper coordination between processes for operations like
| manifest rebuilding. This MUST happen before the manifest loads.
|
*/
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request using
| the application's HTTP kernel. Then, we will send the response back
| to this client's browser, allowing them to enjoy our application.
|
*/
$app = require_once __DIR__.'/../bootstrap/app.php';
$kernel = $app->make(Kernel::class);
$response = $kernel->handle(
$request = Request::capture()
)->send();
$kernel->terminate($request, $response);
Reference in New Issue View Git Blame Copy Permalink