Raydium Framework

TenantMiddleware extends AbstractMiddleware
in package

Table of Contents

$configs  : Configs
$isAdminKiosk  : bool|null
$isMultitenant  : bool|null
$isShortInit  : bool|null
$services  : Container
$constManager  : mixed
$dbTenants  : array<string|int, mixed>
$kioskConfig  : mixed
$logger  : LoggerInterface
$tenant  : mixed
$tenantDomain  : array<string|int, mixed>|null
$tenantResolver  : mixed
__construct()  : mixed
matchPaths()  : bool
Matches two URL paths, considering optional trailing slashes.
process()  : ResponseInterface
Process the incoming request and manage multitenant or kiosk-specific logic.
tenantResolver()  : TenantResolver
getAllowedAccessPaths()  : null|array<string|int, mixed>
Retrieve allowed access paths for wp-admin routes.
getSubdomain()  : null|array<string|int, string>
httpsOnlyRoute()  : void
Process the incoming request and enforce HTTPS for specific routes.
isAdminRoute()  : mixed
isAdminRouteRestricted()  : bool
Check if a given URL or route matches the WordPress admin route pattern.
isHybridMode()  : bool
isKiosk()  : bool
isLandlord()  : bool
Checks if the provided tenant ID matches the landlord's UUID.
isMultitenantApp()  : bool
Determines if the application is configured to operate in multi-tenant mode.
isSecureMode()  : bool
isValidTenantId()  : false|int
log()  : LoggerInterface
multiMerge()  : array<string|int, mixed>
Merges two multi-dimensional arrays recursively.
setCurrentTenant()  : null|array<string|int, mixed>
Set the current tenant for the application.
when()  : void
getDBPrefix()  : null|string
Determines the database prefix for the tenant.
isShortInit()  : bool
Determines whether the application should run in "shortinit" mode.
kioskTenant()  : array<string|int, mixed>
resolveTenantIdFromRequest()  : array<string|int, mixed>

Properties

Methods

__construct()

public __construct([Container $serviceContainer = null ]) : mixed
Parameters
$serviceContainer : Container = null
Return values
mixed

matchPaths()

Matches two URL paths, considering optional trailing slashes.

public static matchPaths(string $uriPath, string $dbadminUrlPath) : bool
Parameters
$uriPath : string
$dbadminUrlPath : string
Return values
bool

process()

Process the incoming request and manage multitenant or kiosk-specific logic.

public process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
Parameters
$request : ServerRequestInterface
$handler : RequestHandlerInterface
Tags
throws
Exception

If tenant is disabled or other issues arise.

Return values
ResponseInterface

getAllowedAccessPaths()

Retrieve allowed access paths for wp-admin routes.

protected getAllowedAccessPaths() : null|array<string|int, mixed>

This method fetches a list of allowed paths for the wp-admin directory based on configuration. It is designed to ensure that critical functionality like AJAX handling can operate without unnecessary restrictions while still securing other sensitive admin functionalities.

Configuration behavior:

  • security.restrict_wpadmin.enabled: Enables or disables the restriction mechanism (disabled by default).
  • security.restrict_wpadmin.secure: If true, applies stricter matching for wp-admin paths.
  • security.restrict_wpadmin.allowed: An array of specific paths to allow, e.g., ['admin-ajax.php'].

Example Usage:

  • Allow admin-ajax.php for AJAX requests to ensure plugins function correctly.
  • Restrict paths like theme-editor.php or custom plugin endpoints unless explicitly allowed.
  • Ensure security while allowing flexibility for specific use cases.

Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, 'secure' => false, 'allowed' => [ 'admin-ajax.php' ] ];

Tags
psalm-return

array{allowed: mixed, secure: mixed}|null

Return values
null|array<string|int, mixed>

Returns an array of allowed paths if restriction is enabled, null otherwise.

getSubdomain()

protected getSubdomain(ServerRequestInterface $request) : null|array<string|int, string>
Parameters
$request : ServerRequestInterface
Tags
psalm-return

list{string, string}|null

Return values
null|array<string|int, string>

httpsOnlyRoute()

Process the incoming request and enforce HTTPS for specific routes.

protected httpsOnlyRoute(ServerRequestInterface $request) : void
Parameters
$request : ServerRequestInterface
Return values
void

isAdminRoute()

protected isAdminRoute(ServerRequestInterface $request) : mixed
Parameters
$request : ServerRequestInterface
Return values
mixed

isAdminRouteRestricted()

Check if a given URL or route matches the WordPress admin route pattern.

protected isAdminRouteRestricted(ServerRequestInterface $request) : bool

This method ensures that only specified paths within the wp-admin directory are allowed based on configurations. This is crucial for security as it prevents unauthorized access to sensitive WordPress admin functionalities.

Context: When the restrict_wpadmin configuration is enabled (disabled by default), all requests to paths under /wp/wp-admin will be restricted with a 401 response unless explicitly allowed. The isAdminRouteRestricted method determines whether a request matches restricted wp-admin routes and handles the restriction logic upstream.

Examples of wp-admin paths to consider:

  • wp-admin/admin-ajax.php: Frequently used by plugins for AJAX requests, should generally be allowed.
  • wp-admin/theme-editor.php: Sensitive path that should typically be restricted.
  • wp-admin/options.php: Core settings path that requires strict access control.
  • wp-admin/admin-post.php: A common custom plugin endpoint that may require special handling.

Example Configuration: 'restrict_wpadmin' => [ 'enabled' => true, // Enables or disables wp-admin restrictions (disabled by default) 'secure' => false, // Enables stricter matching for wp-admin paths 'allowed' => [ 'admin-ajax.php' // Paths allowed even when restrictions are enabled ] ];

Parameters
$request : ServerRequestInterface

The server request instance.

Return values
bool

Returns true if the route matches a restricted wp-admin route, false otherwise.

isKiosk()

protected isKiosk(array<string|int, mixed> $tenantDomain) : bool
Parameters
$tenantDomain : array<string|int, mixed>
Return values
bool

isLandlord()

Checks if the provided tenant ID matches the landlord's UUID.

protected static isLandlord([null|string $tenantId = null ]) : bool

This function determines if a given tenant ID is equivalent to the predefined LANDLORD_UUID constant, identifying if the tenant is the landlord.

Parameters
$tenantId : null|string = null

The tenant ID to check against the landlord's UUID. Default is null.

Return values
bool

True if the tenant ID matches the landlord's UUID, false otherwise.

isMultitenantApp()

Determines if the application is configured to operate in multi-tenant mode.

protected static isMultitenantApp(mixed $composerConfig) : bool
Parameters
$composerConfig : mixed
Return values
bool

Returns true if the application is in multi-tenant mode, otherwise false.

isValidTenantId()

protected isValidTenantId(string $tenantId) : false|int
Parameters
$tenantId : string
Tags
psalm-return

0|1|false

Return values
false|int

multiMerge()

Merges two multi-dimensional arrays recursively.

protected static multiMerge(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : array<string|int, mixed>

This function will recursively merge the values of $array2 into $array1. If the same key exists in both arrays, and both corresponding values are arrays, the values are recursively merged. Otherwise, values from $array2 will overwrite those in $array1.

Parameters
$array1 : array<string|int, mixed>

The base array that will be merged into.

$array2 : array<string|int, mixed>

The array with values to merge into $array1.

Return values
array<string|int, mixed>

The merged array.

setCurrentTenant()

Set the current tenant for the application.

protected setCurrentTenant([null|array<string|int, mixed> $tenant = null ]) : null|array<string|int, mixed>
Parameters
$tenant : null|array<string|int, mixed> = null

Optional tenant data to directly set.

Tags
throws
Exception

If tenant cannot be resolved.

Return values
null|array<string|int, mixed>

The resolved tenant.

getDBPrefix()

Determines the database prefix for the tenant.

private getDBPrefix(string $tenantId) : null|string
Parameters
$tenantId : string

Tenant's UUID.

Return values
null|string

Database prefix or null if not the main site.

isShortInit()

Determines whether the application should run in "shortinit" mode.

private isShortInit() : bool

Shortinit mode is a lightweight mode in WordPress where only a minimal set of core functionalities are loaded. This method checks multiple conditions to determine if shortinit should be enabled.

Conditions checked:

  • If the HYBRIDX constant is defined and set to true, shortinit is disabled.
  • If the application configuration (shortinit.enabled) is set to true, shortinit is enabled.
  • Otherwise, it falls back to checking whether the SHORTINIT constant is defined and set to true.
Return values
bool

True if shortinit mode should be enabled, false otherwise.

kioskTenant()

private kioskTenant() : array<string|int, mixed>
Tags
psalm-return

array{id: mixed, uuid: mixed, enabled: mixed, framework: mixed}

Return values
array<string|int, mixed>

resolveTenantIdFromRequest()

private resolveTenantIdFromRequest(ServerRequestInterface $request) : array<string|int, mixed>
Parameters
$request : ServerRequestInterface
Tags
psalm-return

list{string, string}|null

Return values
array<string|int, mixed>

Search results