/**
* Schedule new cookie. Cookie will be send while dispatching request.
*
* Domain, path, and secure values can be left in null state, in this case cookie manager will
* populate them automatically.
*
* @link http://php.net/manual/en/function.setcookie.php
* @param string $name The name of the cookie.
* @param string $value The value of the cookie. This value is stored on the clients
* computer; do not store sensitive information.
* @param int $lifetime Cookie lifetime. This value specified in seconds and declares period
* of time in which cookie will expire relatively to current time()
* value.
* @param string $path The path on the server in which the cookie will be available on.
* If set to '/', the cookie will be available within the entire
* domain.
* If set to '/foo/', the cookie will only be available within the
* /foo/
* directory and all sub-directories such as /foo/bar/ of domain. The
* default value is the current directory that the cookie is being set
* in.
* @param string $domain The domain that the cookie is available. To make the cookie
* available
* on all subdomains of example.com then you'd set it to
* '.example.com'.
* The . is not required but makes it compatible with more browsers.
* Setting it to www.example.com will make the cookie only available in
* the www subdomain. Refer to tail matching in the spec for details.
* @param bool $secure Indicates that the cookie should only be transmitted over a secure
* HTTPS connection from the client. When set to true, the cookie will
* only be set if a secure connection exists. On the server-side, it's
* on the programmer to send this kind of cookie only on secure
* connection (e.g. with respect to $_SERVER["HTTPS"]).
* @param bool $httpOnly When true the cookie will be made accessible only through the HTTP
* protocol. This means that the cookie won't be accessible by
* scripting
* languages, such as JavaScript. This setting can effectively help to
* reduce identity theft through XSS attacks (although it is not
* supported by all browsers).
* @return $this
*/
public function set($name, $value = null, $lifetime = null, $path = null, $domain = null, $secure = null, $httpOnly = true)
{
if (is_null($domain)) {
$domain = $this->httpConfig->cookiesDomain($this->request->getUri());
}
if (is_null($secure)) {
$secure = $this->request->getMethod() == 'https';
}
return $this->schedule(new Cookie($name, $value, $lifetime, $path, $domain, $secure, $httpOnly));
}
/**
* Write ClientException content into response.
*
* @param Request $request
* @param Response $response
* @param ClientException $exception
* @return Request
*/
public function writeException(Request $request, Response $response, ClientException $exception)
{
//Has to contain valid http code
$response = $response->withStatus($exception->getCode());
if ($request->getHeaderLine('Accept') == 'application/json') {
//Json got requested
return $this->writeJson($response, ['status' => $exception->getCode()]);
}
if (!$this->config->hasView($exception->getCode())) {
//We don't or can't render http error view
return $response;
}
$errorPage = $this->views->render($this->config->errorView($exception->getCode()), ['httpConfig' => $this->config, 'request' => $request]);
$response->getBody()->write($errorPage);
return $response;
}
/**
* Resolve resource uri.
*
* @param string $uri
* @return string
*/
protected function resolveUri($uri)
{
if (!$this->isLocal($uri)) {
//External or non resolved uri
return $uri;
}
return $this->httpConfig->basePath() . ltrim($uri, '/') . '?' . $this->fileHash($uri);
}
/**
* @param Cookie $cookie
* @return Cookie
*/
private function encodeCookie(Cookie $cookie)
{
if ($this->httpConfig->cookieProtection() == HttpConfig::COOKIE_ENCRYPT) {
return $cookie->withValue($this->encrypter()->encrypt($cookie->getValue()));
}
//VALUE.HMAC
return $cookie->withValue($cookie->getValue() . $this->hmacSign($cookie->getValue()));
}
/**
* Get vault specific uri.
*
* @param string $target Target controller and action in a form of "controller::action" or
* "controller:action" or "controller".
* @param array|mixed $parameters
* @return UriInterface
* @throws VaultException
*/
public function uri($target, $parameters = [])
{
$target = str_replace('::', ':', $target);
$controller = $action = '';
if (strpos($target, ':') !== false) {
list($controller, $action) = explode(':', $target);
} else {
$controller = $target;
if (!empty($parameters)) {
throw new VaultException("Unable to generate uri with empty controller action and not empty parameters.");
}
}
if (!isset($this->config->controllers()[$controller])) {
throw new VaultException("Unable to generate uri, undefined controller '{$controller}'.");
}
$parameters['controller'] = $controller;
$parameters['action'] = $action;
return $this->route->uri($parameters, $this->httpConfig->basePath());
}
/**
* {@inheritdoc}
*/
protected function createRouter()
{
return $this->container->make($this->config->routerClass(), $this->config->routerParameters());
}
/**
* @param Request $request
* @param string|null $hash
* @return string
*/
protected function cookieHeader(Request $request, $hash)
{
return Cookie::create($this->cookie, $hash, $this->getLifetime(), $this->httpConfig->basePath(), $this->httpConfig->cookiesDomain($request->getUri()))->createHeader();
}
/**
* Generate session cookie.
*
* @param UriInterface $uri Incoming uri.
* @param string $sessionID
* @return Cookie
*/
private function sessionCookie(UriInterface $uri, $sessionID)
{
return Cookie::create($this->config->sessionCookie(), $sessionID, $this->config->sessionLifetime(), $this->httpConfig->basePath(), $this->httpConfig->cookiesDomain($uri));
}
/**
* Generate CSRF cookie.
*
* @param UriInterface $uri Incoming uri.
* @param string $token
* @return Cookie
*/
protected function tokenCookie(UriInterface $uri, $token)
{
return Cookie::create($this->httpConfig->csrfCookie(), $token, $this->httpConfig->csrfLifetime(), $this->httpConfig->basePath(), $this->httpConfig->cookiesDomain($uri));
}
