Use Request object

Reviewed-on: deblan/side_menu#421
Reviewed-by: Simon Vieille <contact@deblan.fr>

.woodpecker/.publish.yml

@@ -32,7 +32,7 @@ steps:
       - echo "$APP_CERTIFICATE" > "/tmp/side_menu.key"
       - echo "$APP_PUBLIC_CERTIFICATE" > "/tmp/side_menu.crt"
       - mkdir /tmp/app
-      - cp -r README.md CHANGELOG.md appinfo css lib img l10n js src templates screenshots vendor /tmp/app
+      - cp -r README.md CHANGELOG.md appinfo lib img l10n js src templates screenshots vendor /tmp/app
       - /usr/src/nextcloud/occ integrity:sign-app
         --privateKey=/tmp/side_menu.key
         --certificate=/tmp/side_menu.crt

CHANGELOG.md

@@ -1,5 +1,36 @@
 ## [Unreleased]
 
+## 5.0.3
+### Fixed
+* fix #422: undefined array key "HTTP_USER_AGENT"
+
+## 5.0.2
+### Fixed
+* fix #413: add user-agent check for memories mobile app
+* fix #418: allow non admin user to access their settings
+
+## 5.0.1
+### Fixed
+* fix(StandardMenu): appLimit must return a value > 0
+
+## 5.0.0
+### Fixed
+* fix apps's order in the standard menu
+### Added
+* add new translations
+* add route `/apps/side_menu/user/config`
+* add new UI for admin and personals settings
+### Changed
+* migrate to Vue 3 and so add/update or remove dependencies
+* replace CSS with SCSS
+* remove route `/apps/side_menu/js/script`
+* remove generated Javascript using PHP
+* rewrite the standard menu of Nextcloud
+### Security
+* fix CVE-2023-44270
+* fix CVE-2024-9506
+* fix CVE-2024-6783
+
 ## 4.1.1
 ### Fixed
 * fix(CssController): add missing NoCSRFRequired import (#397)

Makefile

@@ -20,7 +20,7 @@ release:
 
 	test -d $$RELEASE_DIRECTORY/$$VERSION && rm -fr $$RELEASE_DIRECTORY/$$VERSION
 	mkdir -p $$RELEASE_DIRECTORY/$$VERSION/side_menu
-	cp -r README.md CHANGELOG.md appinfo css lib img l10n js src templates screenshots vendor $$RELEASE_DIRECTORY/$$VERSION/side_menu
+	cp -r README.md CHANGELOG.md appinfo lib img l10n js src templates screenshots vendor $$RELEASE_DIRECTORY/$$VERSION/side_menu
 	cd $$RELEASE_DIRECTORY/$$VERSION
 	zip -r side_menu_v$$VERSION.zip side_menu
 	tar cvzf side_menu_v$$VERSION.tar.gz side_menu

README.md

@@ -24,8 +24,7 @@ You like this app and you want to support me? ☕ [Buy me a coffee](https://www.
 Requirements
 ------------
 
-* PHP >= 8.0
+* PHP >= 8.1
-* App `theming` enabled
 
 Installation and upgrade
 ------------------------
@@ -41,7 +40,7 @@ If you want to install it from source, go to https://gitnet.fr/deblan/side_menu/
 
 ```
 $ cd /path/to/nextcloud/apps
-$ curl -sS https://gitnet.fr/attachments/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx | tar xvfz -
+$ VERSION=x.y.z; curl -sS https://gitnet.fr/deblan/side_menu/releases/download/v${VERSION}/side_menu_v${VERSION}.tar.gz | tar xvfz -
 ```
 
 Administrators can edit many settings using the administration page.

appinfo/info.xml

@@ -10,14 +10,13 @@ This application is rather suitable for instances that activate a lot of applica
 
 Use the shortcut `Ctrl`+`o` to open and to hide the side menu. Use `tab` to navigate.
 
-You can customize colors depending of the theme (Dark theme and Breeze Dark).
+You can customize colors depending of the theme.
 
-You can report a bug or request a feature by opening an issue.
+To report a bug or request a feature, please open an issue.
 
 Requirements:
 
 * PHP >= 8.1
-* App `theming` enabled
 
 If you like this application and if you want to support the development:
 
@@ -31,7 +30,7 @@ Notice
 Because I believe in a free and decentralized Internet, [Gitnet](https://gitnet.fr) is **self-hosted at home**.
 In case of downtime, you can download **Custom Menu** from [here](https://kim.deblan.fr/~side_menu/).
 ]]></description>
-    <version>4.1.1</version>
+    <version>5.0.3</version>
     <licence>agpl</licence>
     <author mail="contact@deblan.fr" homepage="https://www.deblan.fr/">Simon Vieille</author>
     <namespace>SideMenu</namespace>
@@ -54,7 +53,7 @@ In case of downtime, you can download **Custom Menu** from [here](https://kim.de
     <screenshot><![CDATA[https://gitnet.fr/deblan/side_menu/raw/branch/master/screenshots/nc25_default_menu.png]]></screenshot>
     <dependencies>
         <php min-version="8.1" max-version="8.4" />
-        <nextcloud min-version="30" max-version="32"/>
+        <nextcloud min-version="31" max-version="32"/>
     </dependencies>
     <settings>
         <admin>OCA\SideMenu\Settings\Admin</admin>

lib/AppInfo/Application.php

@@ -49,6 +49,11 @@ class Application extends App implements IBootstrap
      */
     protected $user;
 
+    /**
+     * @var Request
+     */
+    protected $request;
+
     public function __construct(array $urlParams = [])
     {
         parent::__construct(self::APP_ID, $urlParams);
@@ -96,6 +101,7 @@ class Application extends App implements IBootstrap
         $this->config = \OC::$server->getConfig();
         $this->cspnm = \OC::$server->getContentSecurityPolicyNonceManager();
         $this->user = \OC::$server[IUserSession::class]->getUser();
+        $this->request = \OC::$server->getRequest();
 
         if (!$this->isEnabled()) {
             return;
@@ -106,6 +112,10 @@ class Application extends App implements IBootstrap
 
     protected function isEnabled(): bool
     {
+        if (isset($this->request->server['HTTP_USER_AGENT']) && preg_match('/MemoriesNative/', $this->request->server['HTTP_USER_AGENT'])) {
+            return false;
+        }
+
         $enabled = true;
         $isForced = (bool) $this->config->getAppValue(self::APP_ID, 'force', '0');
 
@@ -128,7 +138,6 @@ class Application extends App implements IBootstrap
     protected function addAssets()
     {
         Util::addScript(self::APP_ID, 'side_menu-menu');
-        // Util::addStyle(self::APP_ID, 'sideMenu');
 
         $assets = [
             'stylesheet' => [
@@ -139,14 +148,6 @@ class Application extends App implements IBootstrap
                     'rel' => 'stylesheet',
                 ],
             ],
-            // 'script' => [
-            //     'route' => 'side_menu.Js.script',
-            //     'type' => 'script',
-            //     'route_attr' => 'src',
-            //     'attr' => [
-            //         'nonce' => $this->cspnm->getNonce(),
-            //     ],
-            // ],
         ];
 
         $cache = $this->config->getAppValue(self::APP_ID, 'cache', '0');

lib/Controller/JsController.php

@@ -54,18 +54,6 @@ class JsController extends Controller
         $this->l10nFactory = $l10nFactory;
     }
 
-    #[NoCSRFRequired]
-    #[NoAdminRequired]
-    #[PublicPage]
-    #[FrontpageRoute(verb: 'GET', url: '/js/script')]
-    public function script(): TemplateResponse
-    {
-        $response = new TemplateResponse(Application::APP_ID, 'js/script', $this->getConfig(), 'blank');
-        $response->addHeader('Content-Type', 'text/javascript');
-
-        return $response;
-    }
-
     #[NoCSRFRequired]
     #[NoAdminRequired]
     #[PublicPage]

lib/Controller/PersonalSettingController.php

@@ -98,6 +98,7 @@ class PersonalSettingController extends Controller
     }
 
     #[NoCSRFRequired]
+    #[NoAdminRequired]
     #[FrontpageRoute(verb: 'GET', url: '/user/config')]
     public function configuration(): JSONResponse
     {

src/menus/StandardMenu.vue

@@ -142,7 +142,7 @@ const appLimit = () => {
     })
   }
 
-  return Math.floor((body.offsetWidth - size) / 70)
+  return Math.max(0, Math.floor((body.offsetWidth - size) / 70))
 }
 
 const makeStyle = (app) => {
@@ -158,6 +158,11 @@ const computeLists = () => {
   popoverAppList.value = appList.value.slice(appLimit()).sort((a, b) => a.order - b.order)
 }
 
+const reComputeLists = (delay) => {
+    window.clearTimeout(resizeTimeout)
+    resizeTimeout = window.setTimeout(computeLists, delay || 100)
+}
+
 onMounted(async () => {
   const config = await configStore.getConfig()
 
@@ -169,10 +174,7 @@ onMounted(async () => {
 
   setApps(await navStore.getCoreApps())
 
-  window.addEventListener('resize', () => {
+  window.addEventListener('resize', reComputeLists)
-    window.clearTimeout(resizeTimeout)
-    resizeTimeout = window.setTimeout(computeLists, 100)
-  })
 })
 </script>