public function initCliEnvironment() { $showUsage = true; if (isset($_SERVER['argv']) && $_SERVER['argc'] >= 2) { $urlIni = Ini::parse(Registry::get('applicationPath') . '/configs/url.ini', true); Registry::set('urlIni', $urlIni); $inEnvironment = $urlIni->defaults->environment; $inLocale = $urlIni->defaults->locale; $inVersion = 'cli'; $inAction = array('type' => 'default', 'uri' => null); // default values Registry::set('environment', $inEnvironment); Registry::set('locale', $inLocale); Registry::set('version', $inVersion); // we use the requested section from the config.ini to load our config Config::init($inLocale, $inEnvironment, $inVersion); Registry::set('config', Config::getInstance()); // parse the variables from the .env file or environment $env = Env::init($inLocale, $inEnvironment, $inVersion); Registry::set('env', Env::getInstance()); // create the Settings Object Registry::set('settings', Settings::getInstance()); $arrParams = array(); $ac = 1; while ($ac < count($_SERVER['argv'])) { switch ($_SERVER['argv'][$ac]) { case '-e': case '--environment': $inEnvironment = $_SERVER['argv'][$ac + 1]; $ac += 2; break; case '-l': case '--locale': $inLocale = $_SERVER['argv'][$ac + 1]; $ac += 2; break; case '-v': case '--version': $inVersion = $_SERVER['argv'][$ac + 1]; $ac += 2; break; case '-a': case '--action': $inAction['uri'] = ltrim($_SERVER['argv'][$ac + 1], '/'); $ac += 2; $showUsage = false; break; case '-m': case '--make': $inAction['uri'] = ltrim($_SERVER['argv'][$ac + 1], '/'); $inAction['type'] = 'make'; $showUsage = false; $ac += 2; break; default: $ac += 2; break; } } } if (!$showUsage) { // on lit le config.ini à la section concernée par notre environnement $config = Ini::parse(Registry::get('applicationPath') . '/configs/config.ini', true, $inLocale . '-' . $inEnvironment . '-' . $inVersion); Registry::set('config', $config); // on assigne les variables d'environnement et de langue en registry Registry::set('environment', $inEnvironment); Registry::set('locale', $inLocale); Registry::set('version', $inVersion); return $inAction; } else { echo "Usage : module/controller/action"; echo "\nOr : module/controller/action -variable1 value1 -variable2 value2 -variable3 value3"; echo "\nOr : module/controller/action/variable1/value1/variable2/value2/variable3/value3"; exit(04); } }
public function execute() { $settings = Settings::getInstance(); // reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS // if CORS is enabled in the config+env settings if (isset($settings->security->cors->enable)) { if ($settings->security->cors->enable) { $front = Front::getInstance(); if ($front->getRequest() instanceof Http) { // is it a CORS preflight request ? if (isset($_SERVER['HTTP_ORIGIN']) && isset($_SERVER['HTTP_HOST'])) { $parsedOrigin = parse_url($_SERVER['HTTP_ORIGIN']); $parsedCurrent = []; $parsedCurrent['host'] = $_SERVER['HTTP_HOST']; $parsedCurrent['scheme'] = $_SERVER['REQUEST_SCHEME']; $parsedCurrent['port'] = $_SERVER['SERVER_PORT']; if (!($parsedCurrent['host'] === $parsedOrigin['host']) || !($parsedCurrent['port'] === $parsedOrigin['port']) || !($parsedCurrent['scheme'] === $parsedOrigin['scheme'])) { $corsAllowed = false; // it's a CORS request // origins if (isset($settings->security->cors->allowed_origins)) { $allowedOriginsFromSettings = $settings->security->cors->allowed_origins; } else { $allowedOriginsFromSettings = self::DEFAULT_ALLOWED_ORIGINS; } if ($allowedOriginsFromSettings != '*') { $allowedOrigins = array_map('trim', explode(',', $settings->security->cors->allowed_origins)); if (in_array($parsedCurrent['host'], $allowedOrigins)) { $corsAllowed = true; } } else { $corsAllowed = true; } // methods if (isset($settings->security->cors->allowed_methods)) { $allowedMethodsFromSettings = $settings->security->cors->allowed_methods; } else { $allowedMethodsFromSettings = self::DEFAULT_ALLOWED_METHODS; } $allowedMethods = array_map('strtoupper', array_map('trim', explode(',', $allowedMethodsFromSettings))); if (!in_array(strtoupper($front->getRequest()->getMethod()), $allowedMethods)) { $corsAllowed = false; } // headers if (isset($settings->security->cors->allowed_headers)) { $allowedHeadersFromSettings = $settings->security->cors->allowed_headers; } else { $allowedHeadersFromSettings = self::DEFAULT_ALLOWED_HEADERS; } $allowedHeaders = array_map('trim', explode(',', $allowedHeadersFromSettings)); // sending the response if ($corsAllowed) { header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); if ($allowedOriginsFromSettings == '*') { if (isset($_SERVER['HTTP_VARY'])) { $varyHeaders = array_map('trim', explode(',', $_SERVER['HTTP_VARY'])); } // adding the Vary: Origin for proxied requests $varyHeaders[] = 'Origin'; } header('Vary: ' . implode(', ', $varyHeaders)); if ($front->getRequest()->isOptions()) { header('Access-Control-Allow-Methods: ' . implode(', ', $allowedMethods)); } if (isset($settings->security->cors->allowed_credentials)) { $allowedCredentialsFromSettings = $settings->security->cors->allowed_credentials; } else { $allowedCredentialsFromSettings = self::DEFAULT_ALLOWED_CREDENTIALS; } if ($allowedCredentialsFromSettings) { header('Access-Control-Allow-Credentials: true'); } if ($front->getRequest()->isOptions()) { header('Access-Control-Allow-Headers: ' . implode(', ', $allowedHeaders)); } // max-age if (isset($settings->security->cors->max_age)) { $allowedMaxAgeFromSettings = $settings->security->cors->max_age; } else { $allowedMaxAgeFromSettings = self::DEFAULT_MAX_AGE; } header('Access-Control-Max-Age: ' . $allowedMaxAgeFromSettings); // every OPTIONS request should return a 200 ok and bypass every other middleware if ($front->getRequest()->isOptions()) { return false; } return true; } else { return false; } } } } } } return true; }