Respect base_url config for <base>

composer.json

@@ -49,7 +49,10 @@
             "spouts\\": "src/spouts/",
             "Selfoss\\": "src/",
             "Tests\\": "tests/"
-        }
+        },
+        "files": [
+            "src/constants.php"
+        ]
     },
     "config": {
         "platform": {

docs/content/docs/administration/options.md

@@ -98,7 +98,12 @@ Number of days since the item has been last seen after which it can be deleted.
 ### `base_url`
 <div class="config-option">
 
-base URL of the selfoss page; use this option if you use a ssl proxy which changes the `$_SERVER` globals, most notably the URL path in which the app is installed.
+base URL of the selfoss page. Can be absolute URL or absolute path.
+
+Use this option if you use some kind of proxy and routing does not work:
+
+- Set this option to an absolute URL if you use a ssl proxy which changes the `$_SERVER` globals, most notably the URL path in which the app is installed.
+- Set this option to an absolute path if you use a reverse proxy and want to map selfoss into a subdirectory.
 </div>
 
 ### `username`

index.php

@@ -2,167 +2,13 @@
 
 declare(strict_types=1);
 
+// SPDX-License-Identifier: GPL-3.0-or-later
+// SPDX-FileCopyrightText: 2025 Jan Tojnar <jtojnar@gmail.com>
+
 use Psr\Container\ContainerInterface;
-use Selfoss\controllers;
 
 require __DIR__ . '/src/common.php';
 
 /** @var ContainerInterface $container */
-$router = $container->get(Bramus\Router\Router::class);
-
-// define routes
-
-// all users
-$router->get('/', function() use ($container): void {
-    // json
-    $container->get(controllers\Index::class)->home();
-});
-$router->get('/api/about', function() use ($container): void {
-    // json
-    $container->get(controllers\About::class)->about();
-});
-$router->post('/api/private/hash-password', function() use ($container): void {
-    // json
-    $container->get(controllers\Helpers\HashPassword::class)->hash();
-});
-$router->get('/login', function() use ($container): void {
-    // json, deprecated
-    $container->get(controllers\Authentication::class)->login();
-});
-$router->post('/login', function() use ($container): void {
-    // json
-    $container->get(controllers\Authentication::class)->login();
-});
-$router->get('/logout', function() use ($container): void {
-    // json, deprecated
-    $container->get(controllers\Authentication::class)->logout();
-});
-$router->delete('/api/session/current', function() use ($container): void {
-    // json
-    $container->get(controllers\Authentication::class)->logout();
-});
-$router->get('/update', function() use ($container): void {
-    // text
-    $container->get(controllers\Sources\Update::class)->updateAll();
-});
-
-// only for loggedin users or on public mode
-$router->get('/rss', function() use ($container): void {
-    // rss
-    $container->get(controllers\Rss::class)->rss();
-});
-$router->get('/feed', function() use ($container): void {
-    // rss
-    $container->get(controllers\Rss::class)->rss();
-});
-$router->get('/items', function() use ($container): void {
-    // json
-    $container->get(controllers\Items::class)->listItems();
-});
-$router->get('/tags', function() use ($container): void {
-    // json
-    $container->get(controllers\Tags::class)->listTags();
-});
-$router->get('/stats', function() use ($container): void {
-    // json
-    $container->get(controllers\Items\Stats::class)->stats();
-});
-$router->get('/items/sync', function() use ($container): void {
-    // json
-    $container->get(controllers\Items\Sync::class)->sync();
-});
-$router->get('/sources/stats', function() use ($container): void {
-    // json
-    $container->get(controllers\Sources::class)->stats();
-});
-
-// only loggedin users
-$router->post('/mark/([0-9]+)', function(string $itemId) use ($container): void {
-    // json
-    $container->get(controllers\Items::class)->mark($itemId);
-});
-$router->post('/mark', function() use ($container): void {
-    // json
-    $container->get(controllers\Items::class)->mark();
-});
-$router->post('/unmark/([0-9]+)', function(string $itemId) use ($container): void {
-    // json
-    $container->get(controllers\Items::class)->unmark($itemId);
-});
-$router->post('/starr/([0-9]+)', function(string $itemId) use ($container): void {
-    // json
-    $container->get(controllers\Items::class)->starr($itemId);
-});
-$router->post('/unstarr/([0-9]+)', function(string $itemId) use ($container): void {
-    // json
-    $container->get(controllers\Items::class)->unstarr($itemId);
-});
-$router->post('/items/sync', function() use ($container): void {
-    // json
-    $container->get(controllers\Items\Sync::class)->updateStatuses();
-});
-
-$router->get('/source/params', function() use ($container): void {
-    // json
-    $container->get(controllers\Sources::class)->params();
-});
-$router->get('/sources', function() use ($container): void {
-    // json
-    $container->get(controllers\Sources::class)->show();
-});
-$router->get('/sources/list', function() use ($container): void {
-    // json
-    $container->get(controllers\Sources::class)->listSources();
-});
-$router->post('/source/((?:new-)?[0-9]+)', function(string $id) use ($container): void {
-    // json
-    $container->get(controllers\Sources\Write::class)->write($id);
-});
-$router->post('/source', function() use ($container): void {
-    // json
-    $container->get(controllers\Sources\Write::class)->write();
-});
-$router->delete('/source/([0-9]+)', function(string $id) use ($container): void {
-    // json
-    $container->get(controllers\Sources::class)->remove($id);
-});
-$router->post('/source/delete/([0-9]+)', function(string $id) use ($container): void {
-    // json, deprecated
-    $container->get(controllers\Sources::class)->remove($id);
-});
-$router->post('/source/([0-9]+)/update', function(string $id) use ($container): void {
-    // json
-    $container->get(controllers\Sources\Update::class)->update($id);
-});
-$router->get('/sources/spouts', function() use ($container): void {
-    // json
-    $container->get(controllers\Sources::class)->spouts();
-});
-
-$router->post('/tags/color', function() use ($container): void {
-    // json
-    $container->get(controllers\Tags::class)->color();
-});
-
-$router->post('/opml', function() use ($container): void {
-    // json
-    $container->get(controllers\Opml\Import::class)->add();
-});
-$router->get('/opmlexport', function() use ($container): void {
-    // xml
-    $container->get(controllers\Opml\Export::class)->export();
-});
-
-// Client side routes need to be directed to index.html.
-$router->get('/sign/in|/opml|/password|/manage/sources(/add)?|/(newest|unread|starred)(/(all|tag-[^/]+|source-[0-9]+)(/[0-9]+)?)?', function() use ($container): void {
-    // html
-    $container->get(controllers\Index::class)->home();
-});
-
-$router->set404(function(): void {
-    header('HTTP/1.1 404 Not Found');
-    echo 'Page not found.';
-});
-
-// dispatch
-$router->run();
+$routes = $container->get(Selfoss\Web\Routes::class);
+$routes->run();

phpstan.dist.neon

@@ -9,7 +9,6 @@ parameters:
         - run.php
 
     bootstrapFiles:
-        - src/constants.php
         - vendor/bin/.phpunit/phpunit/vendor/autoload.php
 
     stubFiles:

src/Web/Routes.php

@@ -0,0 +1,191 @@
+<?php
+
+declare(strict_types=1);
+
+// SPDX-License-Identifier: GPL-3.0-or-later
+// SPDX-FileCopyrightText: 2011–2015 Tobias Zeising <tobias.zeising@aditu.de>
+// SPDX-FileCopyrightText: 2025 Jan Tojnar <jtojnar@gmail.com>
+
+namespace Selfoss\Web;
+
+use Bramus\Router\Router;
+use Psr\Container\ContainerInterface;
+use Selfoss\controllers;
+use Selfoss\helpers\Configuration;
+
+/**
+ * Defines API routes serving as an entry point to the web app.
+ */
+final class Routes {
+    public function __construct(
+        private Router $router,
+        private ContainerInterface $container,
+        private Configuration $configuration,
+    ) {
+    }
+
+    private function setupRoutes(): void {
+        // all users
+        $this->router->get('/', function(): void {
+            // html/json
+            $this->container->get(controllers\Index::class)->home();
+        });
+        $this->router->get('/api/about', function(): void {
+            // json
+            $this->container->get(controllers\About::class)->about();
+        });
+        $this->router->post('/api/private/hash-password', function(): void {
+            // json
+            $this->container->get(controllers\Helpers\HashPassword::class)->hash();
+        });
+        $this->router->get('/login', function(): void {
+            // json, deprecated
+            $this->container->get(controllers\Authentication::class)->login();
+        });
+        $this->router->post('/login', function(): void {
+            // json
+            $this->container->get(controllers\Authentication::class)->login();
+        });
+        $this->router->get('/logout', function(): void {
+            // json, deprecated
+            $this->container->get(controllers\Authentication::class)->logout();
+        });
+        $this->router->delete('/api/session/current', function(): void {
+            // json
+            $this->container->get(controllers\Authentication::class)->logout();
+        });
+        $this->router->get('/update', function(): void {
+            // text
+            $this->container->get(controllers\Sources\Update::class)->updateAll();
+        });
+
+        // only for loggedin users or on public mode
+        $this->router->get('/rss', function(): void {
+            // rss
+            $this->container->get(controllers\Rss::class)->rss();
+        });
+        $this->router->get('/feed', function(): void {
+            // rss
+            $this->container->get(controllers\Rss::class)->rss();
+        });
+        $this->router->get('/items', function(): void {
+            // json
+            $this->container->get(controllers\Items::class)->listItems();
+        });
+        $this->router->get('/tags', function(): void {
+            // json
+            $this->container->get(controllers\Tags::class)->listTags();
+        });
+        $this->router->get('/stats', function(): void {
+            // json
+            $this->container->get(controllers\Items\Stats::class)->stats();
+        });
+        $this->router->get('/items/sync', function(): void {
+            // json
+            $this->container->get(controllers\Items\Sync::class)->sync();
+        });
+        $this->router->get('/sources/stats', function(): void {
+            // json
+            $this->container->get(controllers\Sources::class)->stats();
+        });
+
+        // only loggedin users
+        $this->router->post('/mark/([0-9]+)', function(string $itemId): void {
+            // json
+            $this->container->get(controllers\Items::class)->mark($itemId);
+        });
+        $this->router->post('/mark', function(): void {
+            // json
+            $this->container->get(controllers\Items::class)->mark();
+        });
+        $this->router->post('/unmark/([0-9]+)', function(string $itemId): void {
+            // json
+            $this->container->get(controllers\Items::class)->unmark($itemId);
+        });
+        $this->router->post('/starr/([0-9]+)', function(string $itemId): void {
+            // json
+            $this->container->get(controllers\Items::class)->starr($itemId);
+        });
+        $this->router->post('/unstarr/([0-9]+)', function(string $itemId): void {
+            // json
+            $this->container->get(controllers\Items::class)->unstarr($itemId);
+        });
+        $this->router->post('/items/sync', function(): void {
+            // json
+            $this->container->get(controllers\Items\Sync::class)->updateStatuses();
+        });
+
+        $this->router->get('/source/params', function(): void {
+            // json
+            $this->container->get(controllers\Sources::class)->params();
+        });
+        $this->router->get('/sources', function(): void {
+            // json
+            $this->container->get(controllers\Sources::class)->show();
+        });
+        $this->router->get('/sources/list', function(): void {
+            // json
+            $this->container->get(controllers\Sources::class)->listSources();
+        });
+        $this->router->post('/source/((?:new-)?[0-9]+)', function(string $id): void {
+            // json
+            $this->container->get(controllers\Sources\Write::class)->write($id);
+        });
+        $this->router->post('/source', function(): void {
+            // json
+            $this->container->get(controllers\Sources\Write::class)->write();
+        });
+        $this->router->delete('/source/([0-9]+)', function(string $id): void {
+            // json
+            $this->container->get(controllers\Sources::class)->remove($id);
+        });
+        $this->router->post('/source/delete/([0-9]+)', function(string $id): void {
+            // json, deprecated
+            $this->container->get(controllers\Sources::class)->remove($id);
+        });
+        $this->router->post('/source/([0-9]+)/update', function(string $id): void {
+            // json
+            $this->container->get(controllers\Sources\Update::class)->update($id);
+        });
+        $this->router->get('/sources/spouts', function(): void {
+            // json
+            $this->container->get(controllers\Sources::class)->spouts();
+        });
+
+        $this->router->post('/tags/color', function(): void {
+            // json
+            $this->container->get(controllers\Tags::class)->color();
+        });
+
+        $this->router->post('/opml', function(): void {
+            // json
+            $this->container->get(controllers\Opml\Import::class)->add();
+        });
+        $this->router->get('/opmlexport', function(): void {
+            // xml
+            $this->container->get(controllers\Opml\Export::class)->export();
+        });
+
+        // Client side routes need to be directed to index.html.
+        $this->router->get('/sign/in|/opml|/password|/manage/sources(/add)?|/(newest|unread|starred)(/(all|tag-[^/]+|source-[0-9]+)(/[0-9]+)?)?', function(): void {
+            // html
+            $this->container->get(controllers\Index::class)->home();
+        });
+
+        $this->router->set404(function(): void {
+            header('HTTP/1.1 404 Not Found');
+            echo 'Page not found.';
+        });
+
+        if ($this->configuration->baseUrl !== null) {
+            $this->router->setBasePath($this->configuration->baseUrl->getPath());
+        }
+    }
+
+    public function run(): bool {
+        $this->setupRoutes();
+
+        // dispatch
+        return $this->router->run();
+    }
+}