feat: improve security and code

Author: dewanakl

src/Core/Facades/App.php

@@ -15,7 +15,7 @@ final class App
      *
      * @var Application $app
      */
-    public static $app;
+    private static $app;
 
     /**
      * Bikin objek untuk pertama kalinya.

src/Core/Facades/Service.php

@@ -88,7 +88,6 @@ protected function registerProvider(): void
     {
         foreach ($this->kernel->services() as $service) {
             $this->app->invoke($service, Provider::REGISTRASI);
-            $this->app->clean($service);
         }
     }
 

src/Core/Facades/Web.php

@@ -8,9 +8,7 @@
 use Core\Http\Exception\NotAllowedException;
 use Core\Http\Exception\NotFoundException;
 use Core\Http\Exception\StreamTerminate;
-use Core\Http\Respond;
 use Core\Http\Session;
-use Core\Http\Stream;
 use Core\Middleware\Middleware;
 use Core\Middleware\MiddlewareInterface;
 use Core\Routing\Controller;
@@ -78,33 +76,31 @@ private function process(array $route): mixed
 
         if ($controller) {
             $controller = $this->app->singleton($controller);
-            if (!($controller instanceof Controller)) {
-                throw new Exception(sprintf('Class "%s" is not extends BaseController.', get_class($controller)));
+            if (!($controller instanceof Controller) && !($controller instanceof Provider)) {
+                throw new Exception(sprintf('Class "%s" is not extends Controller or Provider.', get_class($controller)));
             }
         }
 
-        $attributeMiddleware = [];
+        $middlewares = [
+            ...$this->kernel->middlewares(),
+            ...$route['middleware'],
+        ];
+
         if ($controller && $function) {
             foreach ($this->app->getAttribute($controller, $function) as $value) {
-                $name = $value->getName();
-                $object = new $name();
+                $object = $this->app->singleton($value->getName());
 
                 if ($object instanceof MiddlewareInterface) {
-                    $attributeMiddleware[] = $object;
+                    array_push($middlewares, $object);
                 }
             }
         }
 
-        $middleware = new Middleware([
-            ...$this->kernel->middlewares(),
-            ...$route['middleware'],
-            ...$attributeMiddleware
-        ]);
-
-        $result = $middleware->handle(
-            $this->request,
-            $this->coreMiddleware($controller, $function)
-        );
+        $result = $this->app->make(Middleware::class, [$middlewares])
+            ->handle(
+                $this->request,
+                $this->coreMiddleware($controller, $function)
+            );
 
         $error = error_get_last();
         if ($error !== null) {

src/Core/Middleware/Middleware.php

@@ -3,6 +3,7 @@
 namespace Core\Middleware;
 
 use Closure;
+use Core\Facades\App;
 use Core\Http\Request;
 
 /**
@@ -30,7 +31,7 @@ class Middleware
     public function __construct(array $layers = [])
     {
         for ($i = (count($layers) - 1); $i >= 0; $i--) {
-            $this->layers[] = is_object($layers[$i]) ? $layers[$i] : new $layers[$i];
+            $this->layers[] = is_object($layers[$i]) ? $layers[$i] : App::get()->singleton($layers[$i]);
         }
     }
 

src/Core/Valid/Hash.php

@@ -41,9 +41,9 @@ public static function encrypt(string $str): string
     {
         $key = explode(static::SPTR, env('APP_KEY', static::SPTR), 2);
         $iv = openssl_random_pseudo_bytes(intval(openssl_cipher_iv_length(static::CIPHERING)));
-        $encrypted = openssl_encrypt($str, static::CIPHERING, base64_decode($key[1]), OPENSSL_RAW_DATA, $iv);
+        $encrypted = openssl_encrypt($str, static::CIPHERING, strval(base64_decode($key[1], true)), OPENSSL_RAW_DATA, $iv);
 
-        return base64_encode($iv . hash_hmac(static::HASH, $encrypted, base64_decode($key[0]), true) . $encrypted);
+        return base64_encode($iv . hash_hmac(static::HASH, $encrypted, strval(base64_decode($key[0], true)), true) . $encrypted);
     }
 
     /**
@@ -66,12 +66,12 @@ public static function decrypt(string $str): string|null
 
         if (!hash_equals(
             substr($raw, $iv, 64),
-            hash_hmac(static::HASH, $encrypted, base64_decode($key[0]), true)
+            hash_hmac(static::HASH, $encrypted, strval(base64_decode($key[0], true)), true)
         )) {
             return null;
         }
 
-        $result = openssl_decrypt($encrypted, static::CIPHERING, base64_decode($key[1]), OPENSSL_RAW_DATA, substr($raw, 0, $iv));
+        $result = openssl_decrypt($encrypted, static::CIPHERING, strval(base64_decode($key[1], true)), OPENSSL_RAW_DATA, substr($raw, 0, $iv));
         if ($result === false) {
             return null;
         }

src/helpers/helpers.php

@@ -590,7 +590,12 @@ function format_bytes(float $size, int $precision = 2): string
         $base = log($size, 1024);
         $suffixes = ['Byte', 'Kb', 'Mb', 'Gb', 'Tb'];
 
-        return strval(round(pow(1024, $base - floor($base)), $precision)) . $suffixes[intval(floor($base))];
+        $index = intval(floor($base));
+        if ($index === -1) {
+            return 'NaN' . $suffixes[0];
+        }
+
+        return strval(round(pow(1024, $base - floor($base)), $precision)) . $suffixes[$index];
     }
 }
 
@@ -672,9 +677,9 @@ function fake(string $locale = 'id_ID'): \Faker\Generator
     /**
      * Panggil secara satu kali saja.
      *
-     * @template  TReturnType
+     * @template TReturnType
      *
-     * @param  callable(): TReturnType  $callback
+     * @param callable(): TReturnType  $callback
      * @return TReturnType
      */
     function &once(callable $callback): mixed