/**
* get the smd target path in absolute or relative mode for services or base url for smd
* output if first parameter is not set. this function will return target in htaccess rewrite
* style if the option REWRITE_URL is set. this option can be either boolean true let the smd
* resolve the rewrite pattern automatically which is nothing but extending the base path of
* the url to contain the service class and function parameter like: "/base/rpc/index.php"
* becomes "/base/rpc/class.function" or "/base/rpc/function" because rewrite will remap this
* rule to "/base/rpc/index.php?service=class.function". you can also pass a string with your
* rewrite rule as "/base/rpc/foo/{$class}/{$function}" with {($|%)} $ or % placeholder values.
* always make sure your htaccess rule reflects the rewrite rule and vice versa and that service
* values are always rewritten to $_GET "service" parameter. the second parameter defines whether
* to return the url as relative or absolute or if not set will look for global option RELATIVE_TARGETS
*
* @error 14113
* @param null|string $service expects optional the service method/function and class in dot notation
* @param null|bool $relative defined whether to return path absolute or relative
* @return string
* @throws Xapp_Rpc_Smd_Exception
*/
protected function getTarget($service = null, $relative = null)
{
$class = null;
$function = null;
$separator = xapp_get_option(self::CLASS_METHOD_SEPARATOR, $this);
$url = Xapp_Rpc_Request::url(null, -1);
$host = rtrim($url['host'], '/ ');
$path = trim($url['path'], '/ ');
if (preg_match('/(\\.([^\\/]+|$))/i', $path, $m, PREG_OFFSET_CAPTURE)) {
if (isset($m[1]) && is_array($m[1])) {
$path = substr($path, 0, $m[1][1] + strlen($m[1][0]));
}
}
if (xapp_is_option(self::REWRITE_URL, $this) && strpos($path, 'index.') !== false) {
$path = substr($path, 0, strpos($path, 'index.'));
}
if ($service !== null) {
if (strpos($service, $separator) !== false) {
$class = substr($service, 0, strpos($service, $separator));
$function = substr($service, strpos($service, $separator) + 1);
} else {
$class = null;
$function = $service;
}
}
if ($service !== null) {
if (xapp_is_option(self::REWRITE_URL, $this)) {
$_url = xapp_get_option(self::REWRITE_URL, $this);
if (is_bool($_url) && $_url) {
$_url = rtrim($path, '/') . '/{$class}{$separator}{$function}';
}
$_url = trim($_url, '/ ');
if (($_url = parse_url($_url)) !== false) {
$path = trim(preg_replace(array('/\\{(?:\\$|\\%)([^\\}]+)\\}/ie', '/\\/+/'), array("\$\$1", '/'), $_url['path']), '/ ');
} else {
throw new Xapp_Rpc_Smd_Exception(xapp_sprintf(_("smd rewrite rule: %s is not a valid url or url path value"), $_url), 1411301);
}
} else {
$path = $path . "?service={$service}";
}
}
if ($relative === null) {
$relative = xapp_get_option(self::RELATIVE_TARGETS, $this);
}
if ((bool) $relative) {
return '/' . ltrim($path, '/ ');
} else {
return $url['scheme'] . '://' . $host . (isset($url['port']) && !empty($url['port']) ? ':' . $url['port'] : '') . '/' . $path;
}
}
/**
* validates all options that have been defined throwing rpc gateway faults if any of the
* options fail to validate. see constant descriptions for what each constant does
*
* @error 14015
* @param string $option expects the option name
* @param null|mixed $value expects the options value
* @throws Xapp_Rpc_Gateway_Exception
* @throws Xapp_Rpc_Fault
*/
protected function validate($option, $value = null)
{
$user = null;
$option = strtoupper($option);
switch ($option) {
case self::BASIC_AUTH:
if ($this->request()->has('PHP_AUTH_USER', 'SERVER') && $this->request()->has('PHP_AUTH_PW', 'SERVER') && isset($value[0]) && isset($value[1])) {
if ($this->server()->request()->getFrom('PHP_AUTH_USER', 'SERVER') !== $value[0] || $this->server()->request()->getFrom('PHP_AUTH_PW', 'SERVER') !== $value[1]) {
Xapp_Rpc_Fault::t("basic auth error - user or password not correct", array(1401501, -32001));
}
} else {
Xapp_Rpc_Fault::t("basic auth error - credentials not set", array(1401502, -32002));
}
break;
case self::ALLOW_IP:
if (Xapp_Rpc_Request::getClientIp() !== null && !in_array(Xapp_Rpc_Request::getClientIp(), $value)) {
Xapp_Rpc_Fault::t("request denied from service", array(1401503, -32003));
}
break;
case self::DENY_IP:
if (Xapp_Rpc_Request::getClientIp() !== null && in_array(Xapp_Rpc_Request::getClientIp(), $value)) {
Xapp_Rpc_Fault::t("request denied from service", array(1401503, -32003));
}
break;
case self::DISABLE:
if ((bool) $value) {
Xapp_Rpc_Fault::t("gateway is disabled", array(1401504, -32004));
}
break;
case self::DISABLE_SERVICE:
if ($this->server()->hasServices()) {
foreach ($this->server()->getServices() as $service) {
if (preg_match(Xapp_Rpc::regex($value), $service)) {
Xapp_Rpc_Fault::t("requested service: {$service} is disabled", array(1401505, -32005));
}
}
}
break;
case self::ALLOW_HOST:
if (Xapp_Rpc_Request::getHost() !== null && !in_array(Xapp_Rpc_Request::getHost(), $value)) {
Xapp_Rpc_Fault::t("host denied from service", array(1401506, -32006));
}
break;
case self::DENY_HOST:
if (Xapp_Rpc_Request::getHost() !== null && in_array(Xapp_Rpc_Request::getHost(), $value)) {
Xapp_Rpc_Fault::t("host denied from service", array(1401506, -32006));
}
break;
case self::FORCE_HTTPS:
if ((bool) $value && Xapp_Rpc_Request::getScheme() !== 'HTTPS') {
Xapp_Rpc_Fault::t("request from none http secure host denied", array(1401507, -32007));
}
break;
case self::ALLOW_USER_AGENT:
if ($this->request()->has('HTTP_USER_AGENT', 'SERVER') && !preg_match('/(' . implode('|', trim($value, '()')) . ')/i', $this->request()->getFrom('HTTP_USER_AGENT', 'SERVER'))) {
Xapp_Rpc_Fault::t("client denied from service", array(1401508, -32008));
}
break;
case self::DENY_USER_AGENT:
if ($this->request()->has('HTTP_USER_AGENT', 'SERVER') && preg_match('/(' . implode('|', trim($value, '()')) . ')/i', $this->request()->getFrom('HTTP_USER_AGENT', 'SERVER'))) {
Xapp_Rpc_Fault::t("client denied from service", array(1401508, -32008));
}
break;
case self::ALLOW_REFERER:
if (Xapp_Rpc_Request::getReferer() !== null && !preg_match('/(' . implode('|', trim($value, '()')) . ')/i', Xapp_Rpc_Request::getReferer())) {
Xapp_Rpc_Fault::t("referer denied from service", array(1401509, -32009));
}
break;
case self::SIGNED_REQUEST:
if ((bool) $value) {
$tmp = array();
if (xapp_is_option(self::SIGNED_REQUEST_EXCLUDES, $this)) {
foreach ($this->server()->getServices() as $service) {
if (!preg_match(Xapp_Rpc::regex(xapp_get_option(self::SIGNED_REQUEST_EXCLUDES, $this)), $service)) {
$tmp[] = $service;
}
}
}
if (sizeof($tmp) > 0) {
$sign = $this->request()->getParam(xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this), false);
$method = strtolower(xapp_get_option(self::SIGNED_REQUEST_METHOD, $this));
switch ($method) {
case 'host':
$user = $this->request()->getHost();
break;
case 'ip':
$user = $this->request()->getClientIp();
break;
case 'user':
$user = $this->request()->getParam(xapp_get_option(self::SIGNED_REQUEST_USER_PARAM, $this), false);
break;
default:
throw new Xapp_Rpc_Gateway_Exception(_("unsupported signed request user identification method"), 1401514);
}
if ($user === false || $user === null) {
Xapp_Rpc_Fault::t(vsprintf("signed request value for: %s not found in request", array(xapp_get_option(self::SIGNED_REQUEST_USER_PARAM, $this))), array(1401512, -32011));
}
if ($sign === false || $sign === null) {
Xapp_Rpc_Fault::t(vsprintf("signed request value for: %s not found in request", array(xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this))), array(1401513, -32011));
}
$key = $this->getKey($user, null);
$params = $this->request()->getParams();
if (array_key_exists('xdmTarget', $params)) {
unset($params['xdmTarget']);
}
if (array_key_exists('view', $params)) {
unset($params['view']);
}
if (array_key_exists('xfToken', $params)) {
unset($params['xfToken']);
}
if (array_key_exists('time', $params)) {
unset($params['time']);
}
if (array_key_exists('xdm_e', $params)) {
unset($params['xdm_e']);
}
if (array_key_exists('user', $params)) {
unset($params['user']);
}
if (array_key_exists('xdm_c', $params)) {
unset($params['xdm_c']);
}
if (array_key_exists('xdm_p', $params)) {
unset($params['xdm_p']);
}
if (xapp_is_option(self::SIGNED_REQUEST_CALLBACK, $this)) {
if (!(bool) call_user_func_array(xapp_get_option(self::SIGNED_REQUEST_CALLBACK, $this), array($this->request(), $params, $key))) {
Xapp_Rpc_Fault::t("verifying signed request failed", array(1401510, -32010));
}
} else {
if ($key !== null) {
if (isset($params[xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this)])) {
unset($params[xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this)]);
}
if ($sign !== self::sign($params, $key)) {
Xapp_Rpc_Fault::t("verifying signed request failed", array(1401510, -32010));
}
} else {
throw new Xapp_Rpc_Gateway_Exception(_("user identification key must be set when using internal signed request verification"), 1401511);
}
}
}
}
break;
default:
}
}
/**
* class constructor calls parent constructor to initialize class.
*
* @error 15001
*/
public function __construct()
{
parent::__construct();
}
