npm - create-prisma-php-app - Versions diffs - 3.3.11 → 3.3.12 - Mend

create-prisma-php-app 3.3.11 → 3.3.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/bootstrap.php +113 -73
package/dist/src/Lib/PHPX/TwMerge.php +366 -166
package/dist/src/Lib/Request.php +4 -1
package/dist/src/app/js/index.js +1 -1
package/package.json +1 -1

package/dist/bootstrap.php CHANGED Viewed

@@ -84,6 +84,13 @@ final class Bootstrap extends RuntimeException
         // Set a function call key as a cookie
         self::functionCallNameEncrypt();
+        self::$secondRequestC69CD = Request::$data['secondRequestC69CD'] ?? false;
+        // Check if the request is for a local store callback
+        if (Request::$isWire && !self::$secondRequestC69CD) {
+            self::isLocalStoreCallback();
+        }
         $contentInfo = self::determineContentToInclude();
         self::$contentToInclude = $contentInfo['path'] ?? '';
         self::$layoutsToInclude = $contentInfo['layouts'] ?? [];
@@ -114,7 +121,6 @@ final class Bootstrap extends RuntimeException
             self::$isContentIncluded = true;
         }
-        self::$secondRequestC69CD = Request::$data['secondRequestC69CD'] ?? false;
         self::$isPartialRequest =
             !empty(Request::$data['pphpSync71163'])
             && !empty(Request::$data['selectors'])
@@ -128,6 +134,31 @@ final class Bootstrap extends RuntimeException
         ErrorHandler::checkFatalError();
     }
+    private static function isLocalStoreCallback(): void
+    {
+        $data = self::getRequestData();
+        if (empty($data['callback'])) {
+            self::jsonExit(['success' => false, 'error' => 'Callback not provided', 'response' => null]);
+        }
+        try {
+            $aesKey = self::getAesKeyFromJwt();
+        } catch (RuntimeException $e) {
+            self::jsonExit(['success' => false, 'error' => $e->getMessage()]);
+        }
+        try {
+            $callbackName = self::decryptCallback($data['callback'], $aesKey);
+        } catch (RuntimeException $e) {
+            self::jsonExit(['success' => false, 'error' => $e->getMessage()]);
+        }
+        if ($callbackName === PrismaPHPSettings::$localStoreKey) {
+            self::jsonExit(['success' => true, 'response' => 'localStorage updated']);
+        }
+    }
     private static function functionCallNameEncrypt(): void
     {
         $hmacSecret = $_ENV['FUNCTION_CALL_SECRET'] ?? '';
@@ -588,108 +619,117 @@ final class Bootstrap extends RuntimeException
     public static function wireCallback(): void
     {
-        $response = [
-            'success'  => false,
-            'error'    => 'Callback not provided',
-            'response' => null,
-        ];
+        $data = self::getRequestData();
-        if (!empty($_FILES)) {
-            $data = $_POST;
-            foreach ($_FILES as $key => $file) {
-                if (is_array($file['name'])) {
-                    $files = [];
-                    foreach ($file['name'] as $i => $name) {
-                        $files[] = [
-                            'name'     => $name,
-                            'type'     => $file['type'][$i],
-                            'tmp_name' => $file['tmp_name'][$i],
-                            'error'    => $file['error'][$i],
-                            'size'     => $file['size'][$i],
-                        ];
-                    }
-                    $data[$key] = $files;
-                } else {
-                    $data[$key] = $file;
-                }
-            }
-        } else {
-            $raw = file_get_contents('php://input');
-            $data = json_decode($raw, true);
-            if (json_last_error() !== JSON_ERROR_NONE) {
-                $data = $_POST;
-            }
+        if (empty($data['callback'])) {
+            self::jsonExit(['success' => false, 'error' => 'Callback not provided', 'response' => null]);
         }
-        if (empty($data['callback'])) {
-            echo json_encode($response, JSON_UNESCAPED_UNICODE);
-            exit;
+        try {
+            $aesKey = self::getAesKeyFromJwt();
+        } catch (RuntimeException $e) {
+            self::jsonExit(['success' => false, 'error' => $e->getMessage()]);
+        }
+        try {
+            $callbackName = self::decryptCallback($data['callback'], $aesKey);
+        } catch (RuntimeException $e) {
+            self::jsonExit(['success' => false, 'error' => $e->getMessage()]);
         }
+        $args = self::convertToArrayObject($data);
+        $out  = str_contains($callbackName, '->') || str_contains($callbackName, '::')
+            ? self::dispatchMethod($callbackName, $args)
+            : self::dispatchFunction($callbackName, $args);
+        if ($out !== null) {
+            self::jsonExit($out);
+        }
+        exit;
+    }
+    private static function getAesKeyFromJwt(): string
+    {
         $token     = $_COOKIE['pphp_function_call_jwt'] ?? null;
         $jwtSecret = $_ENV['FUNCTION_CALL_SECRET'] ?? null;
         if (!$token || !$jwtSecret) {
-            echo json_encode(['success' => false, 'error' => 'Missing session key or secret'], JSON_UNESCAPED_UNICODE);
-            exit;
+            throw new RuntimeException('Missing session key or secret');
         }
         try {
             $decoded = JWT::decode($token, new Key($jwtSecret, 'HS256'));
         } catch (Throwable) {
-            echo json_encode(['success' => false, 'error' => 'Invalid session key'], JSON_UNESCAPED_UNICODE);
-            exit;
+            throw new RuntimeException('Invalid session key');
         }
         $aesKey = base64_decode($decoded->k, true);
         if ($aesKey === false || strlen($aesKey) !== 32) {
-            echo json_encode(['success' => false, 'error' => 'Bad key length'], JSON_UNESCAPED_UNICODE);
-            exit;
+            throw new RuntimeException('Bad key length');
         }
-        $parts = explode(':', $data['callback'], 2);
+        return $aesKey;
+    }
+    private static function jsonExit(array $payload): void
+    {
+        echo json_encode($payload, JSON_UNESCAPED_UNICODE);
+        exit;
+    }
+    private static function decryptCallback(string $encrypted, string $aesKey): string
+    {
+        $parts = explode(':', $encrypted, 2);
         if (count($parts) !== 2) {
-            echo json_encode(['success' => false, 'error' => 'Malformed callback payload'], JSON_UNESCAPED_UNICODE);
-            exit;
+            throw new RuntimeException('Malformed callback payload');
         }
-        [$iv_b64, $ct_b64] = $parts;
-        $iv = base64_decode($iv_b64, true);
-        $ct = base64_decode($ct_b64, true);
+        [$ivB64, $ctB64] = $parts;
+        $iv = base64_decode($ivB64, true);
+        $ct = base64_decode($ctB64, true);
         if ($iv === false || strlen($iv) !== 16 || $ct === false) {
-            echo json_encode(['success' => false, 'error' => 'Invalid callback payload'], JSON_UNESCAPED_UNICODE);
-            exit;
+            throw new RuntimeException('Invalid callback payload');
         }
         $plain = openssl_decrypt($ct, 'AES-256-CBC', $aesKey, OPENSSL_RAW_DATA, $iv);
         if ($plain === false) {
-            echo json_encode(['success' => false, 'error' => 'Decryption failed'], JSON_UNESCAPED_UNICODE);
-            exit;
+            throw new RuntimeException('Decryption failed');
         }
-        $callbackName = preg_replace('/[^a-zA-Z0-9_:\->]/', '', $plain);
-        if ($callbackName === '' || $callbackName[0] === '_') {
-            echo json_encode(['success' => false, 'error' => 'Invalid callback'], JSON_UNESCAPED_UNICODE);
-            exit;
+        $callback = preg_replace('/[^a-zA-Z0-9_:\->]/', '', $plain);
+        if ($callback === '' || $callback[0] === '_') {
+            throw new RuntimeException('Invalid callback');
         }
-        if (
-            isset($data['callback']) &&
-            $callbackName === PrismaPHPSettings::$localStoreKey
-        ) {
-            echo json_encode([
-                'success'  => true,
-                'response' => 'localStorage updated',
-            ], JSON_UNESCAPED_UNICODE);
-            exit;
-        }
+        return $callback;
+    }
-        $args = self::convertToArrayObject($data);
-        if (strpos($callbackName, '->') !== false || strpos($callbackName, '::') !== false) {
-            $out = self::dispatchMethod($callbackName, $args);
-        } else {
-            $out = self::dispatchFunction($callbackName, $args);
+    private static function getRequestData(): array
+    {
+        if (!empty($_FILES)) {
+            $data = $_POST;
+            foreach ($_FILES as $key => $file) {
+                $data[$key] = is_array($file['name'])
+                    ? array_map(
+                        fn($i) => [
+                            'name'     => $file['name'][$i],
+                            'type'     => $file['type'][$i],
+                            'tmp_name' => $file['tmp_name'][$i],
+                            'error'    => $file['error'][$i],
+                            'size'     => $file['size'][$i],
+                        ],
+                        array_keys($file['name'])
+                    )
+                    : $file;
+            }
+            return $data;
         }
-        if ($out !== null) {
-            echo json_encode($out, JSON_UNESCAPED_UNICODE);
-        }
-        exit;
+        $raw  = file_get_contents('php://input');
+        $json = json_decode($raw, true);
+        return (json_last_error() === JSON_ERROR_NONE) ? $json : $_POST;
     }
     private static function dispatchFunction(string $fn, mixed $args)