public function execute(Request $request, array $routeConfig)
{
// only relevant if the request comes from a browser
if (false === mb_strpos($request->getHeader('Accept'), 'text/html')) {
return;
}
// these methods do not require CSRF protection as they are not
// supposed to have side effects on the server
$safeMethods = ['GET', 'HEAD', 'OPTIONS'];
if (!in_array($request->getMethod(), $safeMethods)) {
$referrer = $request->getHeader('HTTP_REFERER');
$rootUrl = $request->getUrl()->getRootUrl();
if (null === $referrer) {
throw new BadRequestException('HTTP_REFERER header missing');
}
if (0 !== mb_strpos($referrer, $rootUrl)) {
throw new BadRequestException('HTTP_REFERER has unexpected value');
}
}
}
public function getDocument(Path $path, Request $request, TokenInfo $tokenInfo = null)
{
if (null !== $tokenInfo) {
if ($path->getUserId() !== $tokenInfo->getUserId()) {
throw new ForbiddenException('path does not match authorized subject');
}
if (!$this->hasReadScope($tokenInfo->getScope(), $path->getModuleName())) {
throw new ForbiddenException('path does not match authorized scope');
}
}
$documentVersion = $this->remoteStorage->getVersion($path);
if (null === $documentVersion) {
throw new NotFoundException(sprintf('document "%s" not found', $path->getPath()));
}
$requestedVersion = $this->stripQuotes($request->getHeader('If-None-Match'));
$documentContentType = $this->remoteStorage->getContentType($path);
if (null !== $requestedVersion) {
if (in_array($documentVersion, $requestedVersion)) {
$response = new Response(304, $documentContentType);
$response->setHeader('ETag', '"' . $documentVersion . '"');
return $response;
}
}
$rsr = new Response(200, $documentContentType);
$rsr->setHeader('ETag', '"' . $documentVersion . '"');
if ('development' !== $this->options['server_mode']) {
$rsr->setHeader('Accept-Ranges', 'bytes');
}
if ('GET' === $request->getMethod()) {
if ('development' === $this->options['server_mode']) {
// use body
$rsr->setBody(file_get_contents($this->remoteStorage->getDocument($path, $requestedVersion)));
} else {
// use X-SendFile
$rsr->setFile($this->remoteStorage->getDocument($path, $requestedVersion));
}
}
return $rsr;
}
private function runService(Request $request)
{
// support method override when _METHOD is set in a form POST
if ('POST' === $request->getMethod()) {
$methodOverride = $request->getPostParameter('_METHOD');
if (null !== $methodOverride) {
$request->setMethod($methodOverride);
}
}
foreach ($this->routes as $route) {
if (false !== ($availableRouteCallbackParameters = $route->isMatch($request->getMethod(), $request->getUrl()->getPathInfo()))) {
return $this->executeCallback($request, $route, $availableRouteCallbackParameters);
}
}
// figure out all supported methods by all routes
$supportedMethods = [];
foreach ($this->routes as $route) {
$routeMethods = $route->getMethods();
foreach ($routeMethods as $method) {
if (!in_array($method, $supportedMethods)) {
$supportedMethods[] = $method;
}
}
}
// requested method supported, document is just not available
if (in_array($request->getMethod(), $supportedMethods)) {
throw new NotFoundException('url not found', $request->getUrl()->getRoot() . mb_substr($request->getUrl()->getPathInfo(), 1));
}
// requested method net supported...
throw new MethodNotAllowedException($request->getMethod(), $supportedMethods);
}
