Beispiel #1
0
 /**
  * Execute the middleware.
  *
  * @param ServerRequestInterface $request
  * @param ResponseInterface      $response
  * @param callable               $next
  *
  * @return ResponseInterface
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 {
     if (empty($this->settings)) {
         throw new RuntimeException('No SettingsStrategyInterface instance has been provided');
     }
     $cors = Analyzer::instance($this->settings)->analyze($request);
     switch ($cors->getRequestType()) {
         case AnalysisResultInterface::ERR_NO_HOST_HEADER:
         case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
         case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
         case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
             return $response->withStatus(403);
         case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
             return $next($request, $response);
         case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
             foreach ($cors->getResponseHeaders() as $name => $value) {
                 $response = $response->withHeader($name, $value);
             }
             return $response->withStatus(200);
         default:
             $response = $next($request, $response);
             foreach ($cors->getResponseHeaders() as $name => $value) {
                 $response = $response->withHeader($name, $value);
             }
             return $response;
     }
 }
Beispiel #2
0
 /**
  * Execute the middleware.
  *
  * @param ServerRequestInterface $request
  * @param ResponseInterface      $response
  * @param callable               $next
  *
  * @return ResponseInterface
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 {
     $settings = $this->settings ?: $this->getFromContainer(SettingsStrategyInterface::CLASS);
     $cors = Analyzer::instance($settings)->analyze($request);
     switch ($cors->getRequestType()) {
         case AnalysisResultInterface::ERR_NO_HOST_HEADER:
         case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
         case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
         case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
             return $response->withStatus(403);
         case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
             return $next($request, $response);
         case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
             foreach ($cors->getResponseHeaders() as $name => $value) {
                 $response = $response->withHeader($name, $value);
             }
             return $response->withStatus(200);
         default:
             $response = $next($request, $response);
             foreach ($cors->getResponseHeaders() as $name => $value) {
                 $response = $response->withHeader($name, $value);
             }
             return $response;
     }
 }
 public function __construct(SettingsStrategyInterface $settings = null, LoggerInterface $logger = null)
 {
     $this->settings = $settings ?? new Settings();
     $this->analyzer = Analyzer::instance($this->settings);
     if (null !== $logger) {
         $this->analyzer->setLogger($logger);
     }
 }
Beispiel #4
0
 /**
  * @param Container $container
  *
  * @return void
  *
  * @SuppressWarnings(PHPMD.StaticAccess)
  */
 protected static function setUpCors(Container $container)
 {
     $container[AnalyzerInterface::class] = function (ContainerInterface $container) {
         /** @var ConfigInterface $config */
         $config = $container->get(ConfigInterface::class);
         $appConfig = $config->getConfig(Application::class);
         $strategy = new Settings($config->getConfig(Settings::class));
         $analyzer = Analyzer::instance($strategy);
         if ($appConfig[Application::KEY_IS_LOG_ENABLED] === true) {
             $logger = $container->get(LoggerInterface::class);
             $analyzer->setLogger($logger);
         }
         return $analyzer;
     };
 }
Beispiel #5
0
 public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
 {
     $analyzer = Analyzer::instance($this->buildSettings($request, $response));
     if ($this->logger) {
         $analyzer->setLogger($this->logger);
     }
     $cors = $analyzer->analyze($request);
     switch ($cors->getRequestType()) {
         case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
             return $this->error($request, $response, ["message" => "CORS request origin is not allowed."])->withStatus(401);
         case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
             return $this->error($request, $response, ["message" => "CORS requested method is not supported."])->withStatus(401);
         case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
             return $this->error($request, $response, ["message" => "CORS requested header is not allowed."])->withStatus(401);
         case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
             $cors_headers = $cors->getResponseHeaders();
             foreach ($cors_headers as $header => $value) {
                 /* Diactoros errors on integer values. */
                 if (false === is_array($value)) {
                     $value = (string) $value;
                 }
                 $response = $response->withHeader($header, $value);
             }
             return $response->withStatus(200);
         case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
             return $next($request, $response);
         default:
             /* Actual CORS request. */
             $response = $next($request, $response);
             $cors_headers = $cors->getResponseHeaders();
             foreach ($cors_headers as $header => $value) {
                 /* Diactoros errors on integer values. */
                 if (false === is_array($value)) {
                     $value = (string) $value;
                 }
                 $response = $response->withHeader($header, $value);
             }
             return $response;
     }
 }
Beispiel #6
0
 /**
  * Set the CORS headers
  *
  * @param  \Psr\Http\Message\ServerRequestInterface $request  PSR7 request
  * @param  \Psr\Http\Message\ResponseInterface      $response PSR7 response
  * @param  callable                                 $next     Next middleware
  *
  * @return \Psr\Http\Message\ResponseInterface
  */
 private function setCORSheaders($request, $response, $next)
 {
     $settings = new Settings();
     $settings->setServerOrigin(['scheme' => $request->getUri()->getScheme(), 'host' => $request->getUri()->getHost(), 'port' => $request->getUri()->getPort()])->setRequestCredentialsSupported(true)->setServerOrigin($request->getHeader('HTTP_ORIGIN'))->setPreFlightCacheMaxAge(86400)->setRequestAllowedMethods(['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'])->setRequestAllowedHeaders(['X-Requested-With']);
     if ($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_METHOD')) {
         $settings->setRequestAllowedMethods($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_METHOD'));
     }
     if ($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) {
         $settings->setRequestAllowedHeaders($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'));
     }
     $cors = Analyzer::instance($settings)->analyze($request);
     switch ($cors->getRequestType()) {
         case AnalysisResultInterface::ERR_NO_HOST_HEADER:
         case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
         case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
         case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
             return $response->withStatus(403);
         case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
             return $next($request, $response);
         case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
             foreach ($cors->getResponseHeaders() as $name => $value) {
                 $response = $response->withHeader($name, $value);
             }
             return $response->withStatus(200);
         default:
             $response = $next($request, $response);
             foreach ($cors->getResponseHeaders() as $name => $value) {
                 $response = $response->withHeader($name, $value);
             }
             return $response;
     }
 }
 /**
  * @return Closure
  */
 protected function getCreateAnalyzerClosure()
 {
     return function ($app) {
         /** @var AnalysisStrategyInterface $strategy */
         $strategy = $app[AnalysisStrategyInterface::class];
         $analyzer = Analyzer::instance($strategy);
         $logger = $this->getLoggerIfEnabled($app);
         $logger === null ?: $analyzer->setLogger($logger);
         return $analyzer;
     };
 }