diff options
Diffstat (limited to 'classes/config.php')
-rw-r--r-- | classes/config.php | 336 |
1 files changed, 198 insertions, 138 deletions
diff --git a/classes/config.php b/classes/config.php index 4ae4a2407..cc089b7ba 100644 --- a/classes/config.php +++ b/classes/config.php @@ -6,171 +6,190 @@ class Config { const T_STRING = 2; const T_INT = 3; - const SCHEMA_VERSION = 145; - - /* override defaults, defined below in _DEFAULTS[], prefixing with _ENVVAR_PREFIX: - - DB_TYPE becomes: - - .env: - - TTRSS_DB_TYPE=pgsql - - or config.php: - - putenv('TTRSS_DB_TYPE=pgsql'); - - etc, etc. + const SCHEMA_VERSION = 146; + + /** override default values, defined below in _DEFAULTS[], prefixing with _ENVVAR_PREFIX: + * + * DB_TYPE becomes: + * + * .env (docker environment): + * + * TTRSS_DB_TYPE=pgsql + * + * or config.php: + * + * putenv('TTRSS_DB_TYPE=pgsql'); + * + * note lack of quotes and spaces before and after "=". + * */ + /** database type: pgsql or mysql */ const DB_TYPE = "DB_TYPE"; + + /** database server hostname */ const DB_HOST = "DB_HOST"; + + /** database user */ const DB_USER = "DB_USER"; + + /** database name */ const DB_NAME = "DB_NAME"; + + /** database password */ const DB_PASS = "DB_PASS"; + + /** database server port */ const DB_PORT = "DB_PORT"; - // database credentials + /** connection charset for MySQL. if you have a legacy database and/or experience + * garbage unicode characters with this option, try setting it to a blank string. */ const MYSQL_CHARSET = "MYSQL_CHARSET"; - // connection charset for MySQL. if you have a legacy database and/or experience - // garbage unicode characters with this option, try setting it to a blank string. + /** this should be set to a fully qualified URL used to access + * your tt-rss instance over the net, such as: https://example.com/tt-rss/ + * if your tt-rss instance is behind a reverse proxy, use external URL. + * tt-rss will likely help you pick correct value for this on startup */ const SELF_URL_PATH = "SELF_URL_PATH"; - // this should be set to a fully qualified URL used to access - // your tt-rss instance over the net, such as: https://example.com/tt-rss/ - // if your tt-rss instance is behind a reverse proxy, use external URL. - // tt-rss will likely help you pick correct value for this on startup + /** operate in single user mode, disables all functionality related to + * multiple users and authentication. enabling this assumes you have + * your tt-rss directory protected by other means (e.g. http auth). */ const SINGLE_USER_MODE = "SINGLE_USER_MODE"; - // operate in single user mode, disables all functionality related to - // multiple users and authentication. enabling this assumes you have - // your tt-rss directory protected by other means (e.g. http auth). + /** enables fallback update mode where tt-rss tries to update feeds in + * background while tt-rss is open in your browser. + * if you don't have a lot of feeds and don't want to or can't run + * background processes while not running tt-rss, this method is generally + * viable to keep your feeds up to date. */ const SIMPLE_UPDATE_MODE = "SIMPLE_UPDATE_MODE"; - // enables fallback update mode where tt-rss tries to update feeds in - // background while tt-rss is open in your browser. - // if you don't have a lot of feeds and don't want to or can't run - // background processes while not running tt-rss, this method is generally - // viable to keep your feeds up to date. + /** use this PHP CLI executable to start various tasks */ const PHP_EXECUTABLE = "PHP_EXECUTABLE"; - // use this PHP CLI executable to start various tasks + /** base directory for lockfiles (must be writable) */ const LOCK_DIRECTORY = "LOCK_DIRECTORY"; - // base directory for lockfiles (must be writable) + /** base directory for local cache (must be writable) */ const CACHE_DIR = "CACHE_DIR"; - // base directory for local cache (must be writable) + /** directory for feed favicons (directory must be writable) */ const ICONS_DIR = "ICONS_DIR"; + + /** URL for feed favicons */ const ICONS_URL = "ICONS_URL"; - // directory and URL for feed favicons (directory must be writable) + /** auto create users authenticated via external modules */ const AUTH_AUTO_CREATE = "AUTH_AUTO_CREATE"; - // auto create users authenticated via external modules + /** auto log in users authenticated via external modules i.e. auth_remote */ const AUTH_AUTO_LOGIN = "AUTH_AUTO_LOGIN"; - // auto log in users authenticated via external modules i.e. auth_remote + /** unconditinally purge all articles older than this amount, in days + * overrides user-controlled purge interval */ const FORCE_ARTICLE_PURGE = "FORCE_ARTICLE_PURGE"; - // unconditinally purge all articles older than this amount, in days - // overrides user-controlled purge interval + /** default lifetime of a session (e.g. login) cookie. In seconds, + * 0 means cookie will be deleted when browser closes. */ const SESSION_COOKIE_LIFETIME = "SESSION_COOKIE_LIFETIME"; - // default lifetime of a session (e.g. login) cookie. In seconds, - // 0 means cookie will be deleted when browser closes. + /** send email using this name */ const SMTP_FROM_NAME = "SMTP_FROM_NAME"; + + /** send email using this address */ const SMTP_FROM_ADDRESS = "SMTP_FROM_ADDRESS"; - // send email using this name and address + /** default subject for email digest */ const DIGEST_SUBJECT = "DIGEST_SUBJECT"; - // default subject for email digest + /** enable built-in update checker, both for core code and plugins (using git) */ const CHECK_FOR_UPDATES = "CHECK_FOR_UPDATES"; - // enable built-in update checker, both for core code and plugins (using git) + /** system plugins enabled for all users, comma separated list, no quotes + * keep at least one auth module in there (i.e. auth_internal) */ const PLUGINS = "PLUGINS"; - // system plugins enabled for all users, comma separated list, no quotes - // keep at least one auth module in there (i.e. auth_internal) + /** available options: sql (default, event log), syslog, stdout (for debugging) */ const LOG_DESTINATION = "LOG_DESTINATION"; - // available options: sql (default, event log), syslog, stdout (for debugging) + /** link this stylesheet on all pages (if it exists), should be placed in themes.local */ const LOCAL_OVERRIDE_STYLESHEET = "LOCAL_OVERRIDE_STYLESHEET"; - // link this stylesheet on all pages (if it exists), should be placed in themes.local + /** same but this javascript file (you can use that for polyfills), should be placed in themes.local */ const LOCAL_OVERRIDE_JS = "LOCAL_OVERRIDE_JS"; - // same but this javascript file (you can use that for polyfills), should be placed in themes.local + /** in seconds, terminate update tasks that ran longer than this interval */ const DAEMON_MAX_CHILD_RUNTIME = "DAEMON_MAX_CHILD_RUNTIME"; - // in seconds, terminate update tasks that ran longer than this interval + /** max concurrent update jobs forking update daemon starts */ const DAEMON_MAX_JOBS = "DAEMON_MAX_JOBS"; - // max concurrent update jobs forking update daemon starts + /** How long to wait for response when requesting feed from a site (seconds) */ const FEED_FETCH_TIMEOUT = "FEED_FETCH_TIMEOUT"; - // How long to wait for response when requesting feed from a site (seconds) + /** How long to wait for response when requesting uncached feed from a site (seconds) */ const FEED_FETCH_NO_CACHE_TIMEOUT = "FEED_FETCH_NO_CACHE_TIMEOUT"; - // Same but not cached + /** Default timeout when fetching files from remote sites */ const FILE_FETCH_TIMEOUT = "FILE_FETCH_TIMEOUT"; - // Default timeout when fetching files from remote sites + /** How long to wait for initial response from website when fetching remote files */ const FILE_FETCH_CONNECT_TIMEOUT = "FILE_FETCH_CONNECT_TIMEOUT"; - // How long to wait for initial response from website when fetching files from remote sites + /** stop updating feeds if user haven't logged in for X days */ const DAEMON_UPDATE_LOGIN_LIMIT = "DAEMON_UPDATE_LOGIN_LIMIT"; - // stop updating feeds if user haven't logged in for X days + /** how many feeds to update in one batch */ const DAEMON_FEED_LIMIT = "DAEMON_FEED_LIMIT"; - // how many feeds to update in one batch + /** default sleep interval between feed updates (sec) */ const DAEMON_SLEEP_INTERVAL = "DAEMON_SLEEP_INTERVAL"; - // default sleep interval between feed updates (sec) + /** do not cache files larger than that (bytes) */ const MAX_CACHE_FILE_SIZE = "MAX_CACHE_FILE_SIZE"; - // do not cache files larger than that (bytes) + /** do not download files larger than that (bytes) */ const MAX_DOWNLOAD_FILE_SIZE = "MAX_DOWNLOAD_FILE_SIZE"; - // do not download files larger than that (bytes) + /** max file size for downloaded favicons (bytes) */ const MAX_FAVICON_FILE_SIZE = "MAX_FAVICON_FILE_SIZE"; - // max file size for downloaded favicons (bytes) + /** max age in days for various automatically cached (temporary) files */ const CACHE_MAX_DAYS = "CACHE_MAX_DAYS"; - // max age in days for various automatically cached (temporary) files + /** max interval between forced unconditional updates for servers + * not complying with http if-modified-since (seconds) */ const MAX_CONDITIONAL_INTERVAL = "MAX_CONDITIONAL_INTERVAL"; - // max interval between forced unconditional updates for servers not complying with http if-modified-since (seconds) + /** automatically disable updates for feeds which failed to + * update for this amount of days; 0 disables */ const DAEMON_UNSUCCESSFUL_DAYS_LIMIT = "DAEMON_UNSUCCESSFUL_DAYS_LIMIT"; - // automatically disable updates for feeds which failed to - // update for this amount of days; 0 disables + /** log all sent emails in the event log */ const LOG_SENT_MAIL = "LOG_SENT_MAIL"; - // log all sent emails in the event log + /** use HTTP proxy for requests */ const HTTP_PROXY = "HTTP_PROXY"; - // use HTTP proxy for requests + /** prevent users from changing passwords */ const FORBID_PASSWORD_CHANGES = "FORBID_PASSWORD_CHANGES"; - // prevent users from changing passwords + /** default session cookie name */ const SESSION_NAME = "SESSION_NAME"; - // default session cookie name + /** enable plugin update checker (using git) */ const CHECK_FOR_PLUGIN_UPDATES = "CHECK_FOR_PLUGIN_UPDATES"; - // enable plugin update checker (using git) + /** allow installing first party plugins using plugin installer in prefs */ const ENABLE_PLUGIN_INSTALLER = "ENABLE_PLUGIN_INSTALLER"; - // allow installing first party plugins using plugin installer in prefs + /** minimum amount of seconds required between authentication attempts */ const AUTH_MIN_INTERVAL = "AUTH_MIN_INTERVAL"; - // minimum amount of seconds required between authentication attempts - // default values for all of the above: + /** http user agent (changing this is not recommended) */ + const HTTP_USER_AGENT = "HTTP_USER_AGENT"; + + /** default values for all global configuration options */ private const _DEFAULTS = [ Config::DB_TYPE => [ "pgsql", Config::T_STRING ], Config::DB_HOST => [ "db", Config::T_STRING ], @@ -224,15 +243,20 @@ class Config { Config::CHECK_FOR_PLUGIN_UPDATES => [ "true", Config::T_BOOL ], Config::ENABLE_PLUGIN_INSTALLER => [ "true", Config::T_BOOL ], Config::AUTH_MIN_INTERVAL => [ 5, Config::T_INT ], + Config::HTTP_USER_AGENT => [ 'Tiny Tiny RSS/%s (https://tt-rss.org/)', + Config::T_STRING ], ]; + /** @var Config|null */ private static $instance; + /** @var array<string, array<bool|int|string>> */ private $params = []; - private $schema_version = null; + + /** @var array<string, mixed> */ private $version = []; - /** @var Db_Migrations $migrations */ + /** @var Db_Migrations|null $migrations */ private $migrations; public static function get_instance() : Config { @@ -250,24 +274,30 @@ class Config { $ref = new ReflectionClass(get_class($this)); foreach ($ref->getConstants() as $const => $cvalue) { - if (isset($this::_DEFAULTS[$const])) { - $override = getenv($this::_ENVVAR_PREFIX . $const); + if (isset(self::_DEFAULTS[$const])) { + $override = getenv(self::_ENVVAR_PREFIX . $const); - list ($defval, $deftype) = $this::_DEFAULTS[$const]; + list ($defval, $deftype) = self::_DEFAULTS[$const]; $this->params[$cvalue] = [ self::cast_to($override !== false ? $override : $defval, $deftype), $deftype ]; } } } - /* package maintainers who don't use git: if version_static.txt exists in tt-rss root - directory, its contents are displayed instead of git commit-based version, this could be generated - based on source git tree commit used when creating the package */ - + /** determine tt-rss version (using git) + * + * package maintainers who don't use git: if version_static.txt exists in tt-rss root + * directory, its contents are displayed instead of git commit-based version, this could be generated + * based on source git tree commit used when creating the package + * @return array<string, mixed>|string + */ static function get_version(bool $as_string = true) { return self::get_instance()->_get_version($as_string); } + /** + * @return array<string, mixed>|string + */ private function _get_version(bool $as_string = true) { $root_dir = dirname(__DIR__); @@ -278,6 +308,8 @@ class Config { $ttrss_version["version"] = "UNKNOWN (Unsupported, Darwin)"; } else if (file_exists("$root_dir/version_static.txt")) { $this->version["version"] = trim(file_get_contents("$root_dir/version_static.txt")) . " (Unsupported)"; + } else if (ini_get("open_basedir")) { + $this->version["version"] = "UNKNOWN (Unsupported, open_basedir)"; } else if (is_dir("$root_dir/.git")) { $this->version = self::get_version_from_git($root_dir); @@ -285,7 +317,10 @@ class Config { user_error("Unable to determine version: " . $this->version["version"], E_USER_WARNING); $this->version["version"] = "UNKNOWN (Unsupported, Git error)"; + } else if (!getenv("SCRIPT_ROOT") || !file_exists("/.dockerenv")) { + $this->version["version"] .= " (Unsupported)"; } + } else { $this->version["version"] = "UNKNOWN (Unsupported)"; } @@ -294,7 +329,10 @@ class Config { return $as_string ? $this->version["version"] : $this->version; } - static function get_version_from_git(string $dir) { + /** + * @return array<string, int|string> + */ + static function get_version_from_git(string $dir): array { $descriptorspec = [ 1 => ["pipe", "w"], // STDOUT 2 => ["pipe", "w"], // STDERR @@ -321,7 +359,7 @@ class Config { if ($check == "version") { - $rv["version"] = strftime("%y.%m", (int)$timestamp) . "-$commit"; + $rv["version"] = date("y.m", (int)$timestamp) . "-$commit"; $rv["commit"] = $commit; $rv["timestamp"] = $timestamp; @@ -360,6 +398,9 @@ class Config { return self::get_migrations()->get_version(); } + /** + * @return bool|int|string + */ static function cast_to(string $value, int $type_hint) { switch ($type_hint) { case self::T_BOOL: @@ -371,24 +412,30 @@ class Config { } } + /** + * @return bool|int|string + */ private function _get(string $param) { list ($value, $type_hint) = $this->params[$param]; return $this->cast_to($value, $type_hint); } - private function _add(string $param, string $default, int $type_hint) { - $override = getenv($this::_ENVVAR_PREFIX . $param); + private function _add(string $param, string $default, int $type_hint): void { + $override = getenv(self::_ENVVAR_PREFIX . $param); $this->params[$param] = [ self::cast_to($override !== false ? $override : $default, $type_hint), $type_hint ]; } - static function add(string $param, string $default, int $type_hint = Config::T_STRING) { + static function add(string $param, string $default, int $type_hint = Config::T_STRING): void { $instance = self::get_instance(); - return $instance->_add($param, $default, $type_hint); + $instance->_add($param, $default, $type_hint); } + /** + * @return bool|int|string + */ static function get(string $param) { $instance = self::get_instance(); @@ -427,6 +474,9 @@ class Config { /* sanity check stuff */ + /** checks for mysql tables not using InnoDB (tt-rss is incompatible with MyISAM) + * @return array<int, array<string, string>> A list of entries identifying tt-rss tables with bad config + */ private static function check_mysql_tables() { $pdo = Db::pdo(); @@ -443,7 +493,7 @@ class Config { return $bad_tables; } - static function sanity_check() { + static function sanity_check(): void { /* we don't actually need the DB object right now but some checks below might use ORM which won't be initialized @@ -460,16 +510,53 @@ class Config { array_push($errors, "Please enable at least one authentication module via PLUGINS"); } - if (function_exists('posix_getuid') && posix_getuid() == 0) { - array_push($errors, "Please don't run this script as root."); - } + /* we assume our dependencies are sane under docker, so some sanity checks are skipped. + this also allows tt-rss process to run under root if requested (I'm using this for development + under podman because of uidmapping issues with rootless containers, don't use in production -fox) */ + if (!getenv("container")) { + if (function_exists('posix_getuid') && posix_getuid() == 0) { + array_push($errors, "Please don't run this script as root."); + } - if (version_compare(PHP_VERSION, '7.1.0', '<')) { - array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . "."); - } + if (version_compare(PHP_VERSION, '7.1.0', '<')) { + array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . "."); + } + + if (!class_exists("UConverter")) { + array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module."); + } + + if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) { + array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL."); + } + + if (!function_exists("json_encode")) { + array_push($errors, "PHP support for JSON is required, but was not found."); + } + + if (!class_exists("PDO")) { + array_push($errors, "PHP support for PDO is required but was not found."); + } + + if (!function_exists("mb_strlen")) { + array_push($errors, "PHP support for mbstring functions is required but was not found."); + } + + if (!function_exists("hash")) { + array_push($errors, "PHP support for hash() function is required but was not found."); + } + + if (ini_get("safe_mode")) { + array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss."); + } - if (!class_exists("UConverter")) { - array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module."); + if (!function_exists("mime_content_type")) { + array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module."); + } + + if (!class_exists("DOMDocument")) { + array_push($errors, "PHP support for DOMDocument is required, but was not found."); + } } if (!is_writable(self::get(Config::CACHE_DIR) . "/images")) { @@ -484,6 +571,14 @@ class Config { array_push($errors, "Data export cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/export)"); } + if (!is_writable(self::get(Config::ICONS_DIR))) { + array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".self::get(Config::ICONS_DIR).").\n"); + } + + if (!is_writable(self::get(Config::LOCK_DIRECTORY))) { + array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".self::get(Config::LOCK_DIRECTORY).").\n"); + } + // ttrss_users won't be there on initial startup (before migrations are done) if (!Config::is_migration_needed() && self::get(Config::SINGLE_USER_MODE)) { if (UserHelper::get_login_by_id(1) != "admin") { @@ -491,6 +586,7 @@ class Config { } } + // skip check for CLI scripts so that we could install database schema if it is missing. if (php_sapi_name() != "cli") { if (self::get_schema_version() < 0) { @@ -515,46 +611,6 @@ class Config { } } - if (!is_writable(self::get(Config::ICONS_DIR))) { - array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".self::get(Config::ICONS_DIR).").\n"); - } - - if (!is_writable(self::get(Config::LOCK_DIRECTORY))) { - array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".self::get(Config::LOCK_DIRECTORY).").\n"); - } - - if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) { - array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL."); - } - - if (!function_exists("json_encode")) { - array_push($errors, "PHP support for JSON is required, but was not found."); - } - - if (!class_exists("PDO")) { - array_push($errors, "PHP support for PDO is required but was not found."); - } - - if (!function_exists("mb_strlen")) { - array_push($errors, "PHP support for mbstring functions is required but was not found."); - } - - if (!function_exists("hash")) { - array_push($errors, "PHP support for hash() function is required but was not found."); - } - - if (ini_get("safe_mode")) { - array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss."); - } - - if (!function_exists("mime_content_type")) { - array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module."); - } - - if (!class_exists("DOMDocument")) { - array_push($errors, "PHP support for DOMDocument is required, but was not found."); - } - if (self::get(Config::DB_TYPE) == "mysql") { $bad_tables = self::check_mysql_tables(); @@ -617,11 +673,11 @@ class Config { } } - private static function format_error($msg) { + private static function format_error(string $msg): string { return "<div class=\"alert alert-danger\">$msg</div>"; } - static function get_override_links() { + static function get_override_links(): string { $rv = ""; $local_css = get_theme_path(self::get(self::LOCAL_OVERRIDE_STYLESHEET)); @@ -632,4 +688,8 @@ class Config { return $rv; } + + static function get_user_agent(): string { + return sprintf(self::get(self::HTTP_USER_AGENT), self::get_version()); + } } |