projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-12-01 01:47:59 +01:00
parent 5ad9c9327a
commit 4b533f2d8f
3 changed files with 110 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
api/v1/result/browser.quick.test.php
View File

@@ -12,12 +12,19 @@ declare(strict_types=1);
*/ */
function browser_quick_test_handle_request(): array function browser_quick_test_handle_request(): array
{ {
// Session sicherstellen (sollte über fileload.php schon aktiv sein, // Session sicherstellen
// aber doppelt schadlos)
if (session_status() !== PHP_SESSION_ACTIVE) { if (session_status() !== PHP_SESSION_ACTIVE) {
session_start(); session_start();
} }
// ---------------------------------------------------------------------
// 0. client_id sicherstellen (persistent browser identifier)
// ---------------------------------------------------------------------
if (empty($_SESSION['client_id'])) {
$_SESSION['client_id'] = bin2hex(random_bytes(32)); // 64 chars
}
$clientId = $_SESSION['client_id'];
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
// 1. JSON einlesen // 1. JSON einlesen
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
@@ -32,21 +39,21 @@ function browser_quick_test_handle_request(): array
} }
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
// 2. User / Session ermitteln (robust, mehrere Varianten) // 2. User / Session ermitteln (robust)
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
$userId = null; $userId = null;
$isLoggedIn = 0; $isLoggedIn = 0;
// A) Klassisch: user_id direkt in der Session // A) user_id direkt in Session
if (!empty($_SESSION['user_id'])) { if (!empty($_SESSION['user_id'])) {
$userId = (int)$_SESSION['user_id']; $userId = (int)$_SESSION['user_id'];
} }
// B) Dein aktuelles Login verwendet $_SESSION['user']['id'] // B) dein Login: $_SESSION['user']['id']
elseif (!empty($_SESSION['user']) && is_array($_SESSION['user']) && !empty($_SESSION['user']['id'])) { elseif (!empty($_SESSION['user']['id'])) {
$userId = (int)$_SESSION['user']['id']; $userId = (int)$_SESSION['user']['id'];
} }
// C) Optionaler auth-Block // C) optional auth-Block
elseif (!empty($_SESSION['auth']) && is_array($_SESSION['auth']) && !empty($_SESSION['auth']['user_id'])) { elseif (!empty($_SESSION['auth']['user_id'])) {
$userId = (int)$_SESSION['auth']['user_id']; $userId = (int)$_SESSION['auth']['user_id'];
} }
@@ -60,48 +67,44 @@ function browser_quick_test_handle_request(): array
$userAgent = $_SERVER['HTTP_USER_AGENT'] ?? null; $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? null;
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
// 3. Grobe Auswertung aus dem Report (optional) // 3. Grobe Auswertung aus dem Report
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
$modeRequested = $data['mode_requested'] ?? 'unknown'; $modeRequested = $data['mode_requested'] ?? 'unknown';
$meta = $data['meta'] ?? []; $meta = $data['meta'] ?? [];
// Browser/OS vorerst leer, später per Parser füllen
$browserName = null; $browserName = null;
$browserVersion = null; $browserVersion = null;
$osName = null; $osName = null;
$osVersion = null; $osVersion = null;
// Gesamtmenge geschriebener/verifizierter Bytes aggregieren // Byte-Summe aus allen Tests
$measuredBytes = 0; $measuredBytes = 0;
if (!empty($data['quick']) && is_array($data['quick'])) { if (!empty($data['quick']['size_bytes'])) {
$measuredBytes += (int)($data['quick']['size_bytes'] ?? 0); $measuredBytes += (int)$data['quick']['size_bytes'];
} }
if (!empty($data['benchmark']) && is_array($data['benchmark'])) { if (!empty($data['benchmark']['size_bytes'])) {
$measuredBytes += (int)($data['benchmark']['size_bytes'] ?? 0); $measuredBytes += (int)$data['benchmark']['size_bytes'];
} }
if (!empty($data['writeverify']) && is_array($data['writeverify'])) { if (!empty($data['writeverify']['total_bytes'])) {
$measuredBytes += (int)($data['writeverify']['total_bytes'] ?? 0); $measuredBytes += (int)$data['writeverify']['total_bytes'];
} }
// Kapazitätsstatus vorerst neutral
$capacityStatus = 'unknown'; $capacityStatus = 'unknown';
// Volume-/Stick-Daten aktuell noch nicht separat ermittelt // noch nicht im Browser ermittelt
$volumeLabel = null; $volumeLabel = null;
$manufacturer = null; $manufacturer = null;
$modelName = null; $modelName = null;
$usbType = null; $usbType = null;
$filesystem = null; $filesystem = null;
// advertised_capacity_bytes kennen wir im Browser noch nicht:
$advCapacityBytes = null; $advCapacityBytes = null;
// test_report_json = kompletter Report (roher JSON-String) // kompletter Report
$testReportJson = $raw ?: json_encode($data, JSON_UNESCAPED_UNICODE); $testReportJson = $raw ?: json_encode($data, JSON_UNESCAPED_UNICODE);
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
// 4. Insert in web_quicktests // 4. Insert
// --------------------------------------------------------------------- // ---------------------------------------------------------------------
/** @var PDO $pdo */ /** @var PDO $pdo */
global $pdo; global $pdo;
@@ -126,7 +129,8 @@ function browser_quick_test_handle_request(): array
filesystem, filesystem,
test_report_json, test_report_json,
ip_address, ip_address,
session_id session_id,
client_id
) )
VALUES ( VALUES (
:user_id, :user_id,
@@ -146,14 +150,15 @@ function browser_quick_test_handle_request(): array
:filesystem, :filesystem,
:test_report_json, :test_report_json,
:ip_address, :ip_address,
:session_id :session_id,
:client_id
) )
"; ";
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute([ $stmt->execute([
'user_id' => $userId, // <- hier sollte 1 stehen, wenn eingeloggt 'user_id' => $userId,
'is_logged_in' => $isLoggedIn, 'is_logged_in' => $isLoggedIn,
'usb_device_id' => null, 'usb_device_id' => null,
'browser_name' => $browserName, 'browser_name' => $browserName,
@@ -171,24 +176,27 @@ function browser_quick_test_handle_request(): array
'test_report_json' => $testReportJson, 'test_report_json' => $testReportJson,
'ip_address' => $ipAddress, 'ip_address' => $ipAddress,
'session_id' => $sessionId, 'session_id' => $sessionId,
'client_id' => $clientId
]); ]);
$id = (int)$pdo->lastInsertId(); $id = (int)$pdo->lastInsertId();
// DEBUG: damit wir im Frontend/NW-Tab sehen, was der Handler glaubt // DEBUG-Ausgabe nur für STAGING
return [ return [
'ok' => true, 'ok' => true,
'id' => $id, 'id' => $id,
'mode' => $modeRequested, 'mode' => $modeRequested,
'measured_bytes' => $measuredBytes ?: null, 'measured_bytes' => $measuredBytes ?: null,
// Debug-Felder später für PROD wieder rauswerfen // Debug-Info
'debug_user_id' => $userId, 'debug_user_id' => $userId,
'debug_is_logged_in' => $isLoggedIn, 'debug_is_logged_in' => $isLoggedIn,
'debug_session_id' => $sessionId, 'debug_session_id' => $sessionId,
'debug_client_id' => $clientId,
'debug_session_has_user' => isset($_SESSION['user']), 'debug_session_has_user' => isset($_SESSION['user']),
'debug_session_user' => $_SESSION['user'] ?? null, 'debug_user' => $_SESSION['user'] ?? null
]; ];
} catch (Throwable $e) { } catch (Throwable $e) {
error_log('[usbcheck] web_quicktests insert failed: ' . $e->getMessage()); error_log('[usbcheck] web_quicktests insert failed: ' . $e->getMessage());

79
config/fileload.php
View File

@@ -3,38 +3,20 @@
// 0) Umgebung / Domains / Error-Level // 0) Umgebung / Domains / Error-Level
require_once __DIR__ . "/config.php"; require_once __DIR__ . "/config.php";
// ---------------------------------------------------------- // -----------------------------------------------------------
// Session starten (gemeinsam für Frontend + API Subdomains) // Session starten
// ----------------------------------------------------------- // -----------------------------------------------------------
if (php_sapi_name() !== 'cli') { if (php_sapi_name() !== 'cli') {
if (session_status() === PHP_SESSION_NONE) { if (session_status() === PHP_SESSION_NONE) {
// Einheitlicher Name für alle Teilbereiche
session_name('usbcheck_session'); session_name('usbcheck_session');
$isHttps = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off');
// Cookie-Domain so wählen, dass ALLE Subdomains von usbcheck.it
// dieselbe Session sehen (staging., api.staging., www., …)
$cookieDomain = '';
if (!empty($_SERVER['HTTP_HOST'])) {
$host = $_SERVER['HTTP_HOST'];
// alles was auf "usbcheck.it" endet, bekommt die gemeinsame Domain
if (substr($host, -strlen('usbcheck.it')) === 'usbcheck.it') {
// wirkt für usbcheck.it, staging.usbcheck.it, api.staging.usbcheck.it, ...
$cookieDomain = '.usbcheck.it';
}
}
session_set_cookie_params([ session_set_cookie_params([
'lifetime' => 0, 'lifetime' => 0,
'path' => '/', 'path' => '/',
// WICHTIG: hier die Domain, damit API + Frontend teilen 'domain' => '',
'domain' => $cookieDomain ?: '', 'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
'secure' => $isHttps,
'httponly' => true, 'httponly' => true,
// eTLD+1 ist gleich (usbcheck.it), daher reicht Lax für Same-Site
'samesite' => 'Lax', 'samesite' => 'Lax',
]); ]);
@@ -42,7 +24,57 @@ if (php_sapi_name() !== 'cli') {
} }
} }
require_once __DIR__ . '/i18n.php'; // <— zentrale Sprachlogik /**
* ---------------------------------------------------------
* Persistente Client-ID (über Logins & Sessions hinweg)
* ---------------------------------------------------------
* Cookie-Name: usbcheck_client
* Domain:
* - staging: .staging.usbcheck.it
* - live: .usbcheck.it
*/
if (php_sapi_name() !== 'cli') {
$clientId = $_COOKIE['usbcheck_client'] ?? null;
if (!is_string($clientId) || $clientId === '' || !preg_match('/^[a-f0-9]{32}$/', $clientId)) {
// neue ID erzeugen
try {
$clientId = bin2hex(random_bytes(16));
} catch (Throwable $e) {
// Fallback sollte praktisch nie passieren
$clientId = bin2hex(openssl_random_pseudo_bytes(16));
}
$host = $_SERVER['HTTP_HOST'] ?? '';
$cookieDomain = null;
if (preg_match('/\.staging\.usbcheck\.it$/', $host)) {
$cookieDomain = '.staging.usbcheck.it';
} elseif (preg_match('/\.usbcheck\.it$/', $host)) {
$cookieDomain = '.usbcheck.it';
}
$cookieOpts = [
'expires' => time() + 365 * 24 * 60 * 60,
'path' => '/',
'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'),
'httponly' => false, // darf JS lesen, falls du es mal brauchst
'samesite' => 'Lax',
];
if ($cookieDomain) {
$cookieOpts['domain'] = $cookieDomain;
}
setcookie('usbcheck_client', $clientId, $cookieOpts);
$_COOKIE['usbcheck_client'] = $clientId; // lokal auch verfügbar
}
// global verfügbar machen
$GLOBALS['usb_client_id'] = $clientId;
}
require_once __DIR__ . '/i18n.php'; // <— NEU: zentrale Sprachlogik
// ab hier kannst du überall $GLOBALS['lang'] und $GLOBALS['availableLangs'] nutzen // ab hier kannst du überall $GLOBALS['lang'] und $GLOBALS['availableLangs'] nutzen
// und für JS: // und für JS:
@@ -50,7 +82,6 @@ $usbConfig = [
// ... dein sonstiges Zeug ... // ... dein sonstiges Zeug ...
'i18n' => app_i18n_get_frontend_config(), 'i18n' => app_i18n_get_frontend_config(),
]; ];
// ----------------------------------------------------------- // -----------------------------------------------------------
// 7) Rest des Systems laden // 7) Rest des Systems laden
// ----------------------------------------------------------- // -----------------------------------------------------------

20
sql.schema
View File

@@ -38,7 +38,6 @@ CREATE TABLE IF NOT EXISTS users (
-- ============================================================ -- ============================================================
-- USB DEVICES vom Nutzer gespeicherte USB-Sticks -- USB DEVICES vom Nutzer gespeicherte USB-Sticks
-- Ein Benutzer kann mehrere Sticks speichern.
-- ============================================================ -- ============================================================
CREATE TABLE IF NOT EXISTS usb_devices ( CREATE TABLE IF NOT EXISTS usb_devices (
@@ -67,7 +66,6 @@ CREATE TABLE IF NOT EXISTS usb_devices (
-- ============================================================ -- ============================================================
-- USB TEST RESULTS Schnelltest + Pro-Test -- USB TEST RESULTS Schnelltest + Pro-Test
-- Jedes Testergebnis gehört zu einem Stick.
-- ============================================================ -- ============================================================
CREATE TABLE IF NOT EXISTS usb_tests ( CREATE TABLE IF NOT EXISTS usb_tests (
@@ -97,7 +95,7 @@ CREATE TABLE IF NOT EXISTS usb_tests (
-- Metadaten -- Metadaten
test_report_json JSON NULL, test_report_json JSON NULL,
ip_address VARCHAR(45) NULL, -- ipv6 kompatibel ip_address VARCHAR(45) NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
@@ -113,7 +111,6 @@ CREATE TABLE IF NOT EXISTS usb_tests (
-- ============================================================ -- ============================================================
-- WEB QUICKTESTS Browser-Schnellcheck (Gast + eingeloggt) -- WEB QUICKTESTS Browser-Schnellcheck (Gast + eingeloggt)
-- Ergebnisse können anonym oder usergebunden sein.
-- ============================================================ -- ============================================================
CREATE TABLE IF NOT EXISTS web_quicktests ( CREATE TABLE IF NOT EXISTS web_quicktests (
@@ -132,13 +129,13 @@ CREATE TABLE IF NOT EXISTS web_quicktests (
os_name VARCHAR(100) NULL, os_name VARCHAR(100) NULL,
os_version VARCHAR(50) NULL, os_version VARCHAR(50) NULL,
-- Stick-Infos aus dem Schnelldurchlauf (soweit ermittelbar) -- Stick-Infos
volume_label VARCHAR(255) NULL, -- z.B. "USB DISK", "NO NAME" volume_label VARCHAR(255) NULL,
manufacturer VARCHAR(255) NULL, manufacturer VARCHAR(255) NULL,
model_name VARCHAR(255) NULL, model_name VARCHAR(255) NULL,
usb_type ENUM('USB 2.0', 'USB 3.0', 'USB 3.1', 'USB 3.2', 'USB 4.0') NULL, usb_type ENUM('USB 2.0', 'USB 3.0', 'USB 3.1', 'USB 3.2', 'USB 4.0') NULL,
-- Kapazitätsdaten (Hersteller vs. gemessen im Schnellcheck) -- Kapazität
advertised_capacity_bytes BIGINT UNSIGNED NULL, advertised_capacity_bytes BIGINT UNSIGNED NULL,
measured_capacity_bytes BIGINT UNSIGNED NULL, measured_capacity_bytes BIGINT UNSIGNED NULL,
@@ -147,13 +144,16 @@ CREATE TABLE IF NOT EXISTS web_quicktests (
filesystem VARCHAR(64) NULL, filesystem VARCHAR(64) NULL,
-- Detaildaten (z.B. Block-Infos, Logs, Messpunkte) -- Vollständiger Testreport
test_report_json JSON NULL, test_report_json JSON NULL,
-- Meta -- Meta
ip_address VARCHAR(45) NULL, ip_address VARCHAR(45) NULL,
session_id VARCHAR(64) NULL, session_id VARCHAR(64) NULL,
-- NEU: persistente Browser-/Client-ID zur Wiedererkennung
client_id VARCHAR(64) NULL,
created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP, created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP updated_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
ON UPDATE CURRENT_TIMESTAMP, ON UPDATE CURRENT_TIMESTAMP,
@@ -162,5 +162,7 @@ CREATE TABLE IF NOT EXISTS web_quicktests (
ON DELETE CASCADE, ON DELETE CASCADE,
FOREIGN KEY (usb_device_id) REFERENCES usb_devices(id) FOREIGN KEY (usb_device_id) REFERENCES usb_devices(id)
ON DELETE CASCADE ON DELETE CASCADE,
INDEX idx_web_quicktests_client_id (client_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;