From 4b95cc3dcb151aba92cce243555678181b0b4983 Mon Sep 17 00:00:00 2001 From: Florian Heinz Date: Sat, 11 Apr 2026 19:21:07 +0200 Subject: [PATCH] Improve tracking UX, archive editing, branding, and proxy-safe auth flow --- src/App.php | 18 +++++++++++++----- src/bootstrap.php | 8 +++++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/App.php b/src/App.php index c140c8b..403a922 100644 --- a/src/App.php +++ b/src/App.php @@ -27,16 +27,24 @@ final class App $path = request_path(); $method = $_SERVER['REQUEST_METHOD'] ?? 'GET'; + $hasUsers = $this->users->hasAnyUsers(); + $isAuthenticated = $this->auth->check(); - if (!$this->users->hasAnyUsers()) { - if ($path !== '/setup') { + if (!$hasUsers) { + if ($path === '/login') { + $path = '/setup'; + } elseif ($path !== '/setup') { redirect('/setup'); } - } elseif (!$this->auth->check() && $path !== '/login') { - redirect('/login'); + } elseif (!$isAuthenticated) { + if ($path === '/setup') { + $path = '/login'; + } elseif ($path !== '/login') { + redirect('/login'); + } } - if ($this->auth->check() && in_array($path, ['/login', '/setup'], true)) { + if ($isAuthenticated && in_array($path, ['/login', '/setup'], true)) { redirect('/'); } diff --git a/src/bootstrap.php b/src/bootstrap.php index 05d37b3..f3e76c4 100644 --- a/src/bootstrap.php +++ b/src/bootstrap.php @@ -15,7 +15,13 @@ require __DIR__ . '/App.php'; date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'Europe/Berlin'); -$isSecure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'; +$forwardedProto = strtolower((string) ($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '')); +$forwardedSsl = strtolower((string) ($_SERVER['HTTP_X_FORWARDED_SSL'] ?? '')); +$isSecure = ( + (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') + || $forwardedProto === 'https' + || $forwardedSsl === 'on' +); ini_set('session.use_only_cookies', '1'); ini_set('session.use_strict_mode', '1');