<?php
/**
 *    Copyright (C) 2015 Deciso B.V.
 *
 *    All rights reserved.
 *
 *    Redistribution and use in source and binary forms, with or without
 *    modification, are permitted provided that the following conditions are met:
 *
 *    1. Redistributions of source code must retain the above copyright notice,
 *       this list of conditions and the following disclaimer.
 *
 *    2. Redistributions in binary form must reproduce the above copyright
 *       notice, this list of conditions and the following disclaimer in the
 *       documentation and/or other materials provided with the distribution.
 *
 *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
 *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *    POSSIBILITY OF SUCH DAMAGE.
 *
 */

namespace OPNsense\Base;

use OPNsense\Core\Config;
use Phalcon\Mvc\Controller;
use Phalcon\Logger\Adapter\Syslog;
use OPNsense\Core\ACL;

/**
 * Class ControllerRoot wrap shared OPNsense controller features (auth, logging)
 * @package OPNsense\Base
 */
class ControllerRoot extends Controller
{
    /**
     * Wrap close session, for long running operations.
     */
    protected function sessionClose()
    {
        session_write_close();
    }

    /**
     * Get lang encoding for gettext
     */
    public static function getLangEncode()
    {
        $lang = 'en_US';

        // Set locale
        foreach (Config::getInstance()->object()->system->children() as $key => $node) {
            if ($key == 'language') {
                $lang = $node->__toString();
                break;
            }
        }

        return $lang . '.UTF-8';
    }

    /**
     * Set locale for gettext
     */
    public static function setLocale($lang_encoding)
    {
        $textdomain = 'OPNsense';

        /* this isn't being done by Phalcon */
        putenv('LANG=' . $lang_encoding);
        textdomain($textdomain);
        bindtextdomain($textdomain, '/usr/local/share/locale');
        bind_textdomain_codeset($textdomain, $lang_encoding);
    }

    /**
     * get system logger
     * @param string $ident syslog identifier
     * @return Syslog log handler
     */
    protected function getLogger($ident = "api")
    {
        $logger = new Syslog($ident, array(
            'option' => LOG_PID,
            'facility' => LOG_LOCAL4
        ));

        return $logger;
    }

    /**
     * perform authentication, redirect user on non successful auth
     * @return bool
     */
    public function doAuth()
    {
        if ($this->session->has("Username") == false) {
            // user unknown
            $this->getLogger()->error("no active session, user not found");
            $this->response->redirect("/", true);
            return false;
        } elseif ($this->session->has("last_access")
            && $this->session->get("last_access") < (time() - 14400)) {
            // session expired (todo, use config timeout)
            $this->getLogger()->error("session expired");
            // cleanup session data
            $this->session->remove("Username");
            $this->session->remove("last_access");
            $this->response->redirect("/", true);
            return false;
        }
        $this->session->set("last_access", time());

        // Authorization using legacy acl structure
        $acl = new ACL();
        if (!$acl->isPageAccessible($this->session->get("Username"), $_SERVER['REQUEST_URI'])) {
            $this->getLogger()->error("uri ".$_SERVER['REQUEST_URI'].
                " not accessible for user ".$this->session->get("Username"));
            $this->response->redirect("/", true);
            return false;
        }

        return true;
    }
}