diff --git a/src/mibew/configs/routing.yml b/src/mibew/configs/routing.yml index 6d960d26..b61d2101 100644 --- a/src/mibew/configs/routing.yml +++ b/src/mibew/configs/routing.yml @@ -49,6 +49,14 @@ chat_user: thread_id: \d{1,10} token: \d{1,10} +chat_user_check: + path: /chat/{thread_id}/{token}/check + defaults: + _controller: Mibew\Controller\Chat\UserChatController::checkAction + requirements: + thread_id: \d{1,10} + token: \d{1,10} + chat_user_invitation: path: /chat/invitation defaults: diff --git a/src/mibew/js/source/chat_popup.js b/src/mibew/js/source/chat_popup.js index 3dee1b17..2881bf21 100644 --- a/src/mibew/js/source/chat_popup.js +++ b/src/mibew/js/source/chat_popup.js @@ -333,7 +333,7 @@ var Mibew = Mibew || {}; if (openedChatUrl) { // The chat was not closed so the popup should be reopened when a // new page is visited. - this.open(openedChatUrl); + this.safeOpen(openedChatUrl); // Check minification status of the popup and toggle it if needed. var minifiedPopup = Mibew.Utils.readCookie('mibew-chat-frame-minified-' + this.id); if (minifiedPopup === 'true') { @@ -430,6 +430,24 @@ var Mibew = Mibew || {}; this.isOpened = true; }; + /** + * Check chat URL via special request, open the chat if check passes, + * close the popup if the check fails. + * + * @param {String} [url] The URL to open in the popup + */ + Mibew.ChatPopup.IFrame.prototype.safeOpen = function(url) { + var check = Mibew.Utils.loadScript(url + '/check', 'mibew-check-iframe-' + this.id); + check.popup = this; + check.url = url; + check.onload = function(){ + this.popup.open(this.url); + } + check.onerror = function(){ + this.popup.close(); + }; + }; + /** * Closes the popup. */ diff --git a/src/mibew/libs/classes/Mibew/Controller/Chat/UserChatController.php b/src/mibew/libs/classes/Mibew/Controller/Chat/UserChatController.php index 1d0debc1..1dcd4cf8 100644 --- a/src/mibew/libs/classes/Mibew/Controller/Chat/UserChatController.php +++ b/src/mibew/libs/classes/Mibew/Controller/Chat/UserChatController.php @@ -74,6 +74,31 @@ class UserChatController extends AbstractController return $this->render('chat', $page); } + /** + * Check chat to exists. + * + * @param Request $request Incoming request. + * @return string Empty string. + * @throws NotFoundException If the thread with specified ID and token is + * not found. + */ + public function checkAction(Request $request) + { + $thread_id = $request->attributes->getInt('thread_id'); + $token = $request->attributes->get('token'); + + // We have to check that the thread is owned by the user. + $is_own_thread = isset($_SESSION[SESSION_PREFIX . 'own_threads']) + && in_array($thread_id, $_SESSION[SESSION_PREFIX . 'own_threads']); + + $thread = Thread::load($thread_id, $token); + if (!$thread || !$is_own_thread) { + throw new NotFoundException('The thread is not found.'); + } + + return ""; + } + /** * Starts the chat. *