Skip to content

Commit 0b5341b

Browse files
committed
feat: streamline initing of modAI and it's security
1 parent 7411d03 commit 0b5341b

File tree

4 files changed

+39
-11
lines changed

4 files changed

+39
-11
lines changed

core/components/modai/bootstrap.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,11 @@
88

99
if (!$modx->services->has('modai')) {
1010
$modx->services->add('modai', function($c) use ($modx) {
11-
return new \modAI\modAI($modx);
11+
try {
12+
return new \modAI\modAI($modx);
13+
} catch (\Exception $e) {
14+
return null;
15+
}
1216
});
1317

1418
}

core/components/modai/elements/plugins/modai.php

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,11 @@
99

1010
if (!$modx->services->has('modai')) return;
1111

12-
/** @var \modAI\modAI $modAI */
12+
/** @var \modAI\modAI | null $modAI */
1313
$modAI = $modx->services->get('modai');
1414

15+
if ($modAI === null) return;
16+
1517
$action = '';
1618

1719
if (isset($modx->controller) && is_object($modx->controller) && property_exists($modx->controller, 'action')) {
@@ -23,17 +25,12 @@
2325
if (in_array($action, ['resource/create', 'resource/update'])) {
2426
$modx->controller->addLexiconTopic('modai:default');
2527

26-
$firstName = explode(' ', $modx->user->Profile->fullname)[0];
27-
28+
$baseConfig = $modAI->getBaseConfig();
2829
$modx->controller->addHtml('
2930
<script type="text/javascript">
3031
let modAI;
3132
Ext.onReady(function() {
32-
modAI = ModAI.init({
33-
name: "' . $firstName . '",
34-
apiURL: "' . $modAI->getAPIUrl() . '",
35-
cssURL: "' . $modAI->getCSSFile() . '",
36-
});
33+
modAI = ModAI.init(' . json_encode($baseConfig). ');
3734
3835
Ext.defer(function () {
3936
modAI.initOnResource({

core/components/modai/src/API/API.php

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
namespace modAI\API;
33

44
use modAI\Exceptions\LexiconException;
5+
use modAI\modAI;
56
use modAI\Services\Response\AIResponse;
67
use modAI\Settings;
78
use MODX\Revolution\modX;
@@ -11,16 +12,23 @@
1112
abstract class API {
1213
protected modX $modx;
1314

15+
/** @var modAI|null */
16+
protected $modAI = null;
17+
1418
public function __construct(modX $modx)
1519
{
1620
$this->modx = $modx;
1721
$this->modx->lexicon->load('modai:default');
22+
23+
if ($this->modx->services->has('modai')) {
24+
$this->modAI = $this->modx->services->get('modai');
25+
}
1826
}
1927

2028
public function handleRequest(ServerRequestInterface $request): void
2129
{
2230
try {
23-
if (empty($this->modx->user) || empty($this->modx->user->id) || !$this->modx->hasPermission('frames')) {
31+
if ($this->modAI === null) {
2432
throw APIException::unauthorized();
2533
}
2634

core/components/modai/src/modAI.php

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,10 @@ function __construct(modX &$modx, array $config = [])
2020
{
2121
$this->modx =& $modx;
2222

23+
if (!$this->hasAccess()) {
24+
throw new \Exception('Unauthorized');
25+
}
26+
2327
$corePath = $this->getOption('core_path', $config, $this->modx->getOption('core_path', null, MODX_CORE_PATH) . 'components/modai/');
2428
$assetsUrl = $this->getOption('assets_url', $config, $this->modx->getOption('assets_url', null, MODX_ASSETS_URL) . 'components/modai/');
2529

@@ -33,7 +37,6 @@ function __construct(modX &$modx, array $config = [])
3337
'jsUrl' => $assetsUrl . 'js/',
3438

3539
'templatesPath' => $corePath . 'templates/',
36-
'processorsPath' => $corePath . 'src/Processors',
3740
],
3841
$config
3942
);
@@ -148,4 +151,20 @@ public function getCSSFile()
148151

149152
return "{$assetsUrl}css/modai.css?lit=$lit";
150153
}
154+
155+
public function getBaseConfig()
156+
{
157+
$firstName = explode(' ', $this->modx->user->Profile->fullname)[0];
158+
159+
return [
160+
'name' => $firstName,
161+
'apiURL'=> $this->getAPIUrl(),
162+
'cssURL' => $this->getCSSFile(),
163+
];
164+
}
165+
166+
public function hasAccess()
167+
{
168+
return !empty($this->modx->user) && !empty($this->modx->user->id) && $this->modx->hasPermission('frames');
169+
}
151170
}

0 commit comments

Comments
 (0)