public function onHandshake(Request $request, Response $response) { // During handshakes, you should always check the origin header, otherwise any site will // be able to connect to your endpoint. Websockets are not restricted by the same-origin-policy! $origin = $request->getHeader("origin"); if ($origin !== "http://localhost:1337") { $response->setStatus(403); $response->send("<h1>origin not allowed</h1>"); return null; } // returned values will be passed to onOpen, that way you can pass cookie values or the whole request object. return $request->getConnectionInfo()["client_addr"]; }
public function doLogOut(Request $request, Response $response) { $session = new Session($request); (yield $session->open()); (yield $session->destroy()); $response->setStatus(302); $response->setHeader("location", "/"); $response->send(""); }
public function handle(Request $request, Response $response, array $args) { $endpoint = $request->getLocalVar("chat.api.endpoint"); $user = $request->getLocalVar("chat.api.user"); if (!$endpoint || !$user) { // if this happens, something's really wrong, e.g. wrong order of callables $response->setStatus(500); $response->send(""); } foreach ($args as $key => $arg) { if (is_numeric($arg)) { $args[$key] = (int) $arg; } } foreach ($request->getQueryVars() as $key => $value) { // Don't allow overriding URL parameters if (isset($args[$key])) { continue; } if (is_numeric($value)) { $args[$key] = (int) $value; } else { if (is_string($value)) { $args[$key] = $value; } else { $result = new Error("bad_request", "invalid query parameter types", 400); $this->writeResponse($request, $response, $result); return; } } } $args = $args ? (object) $args : new stdClass(); $body = (yield $request->getBody()); $payload = $body ? json_decode($body) : null; $result = (yield $this->chat->process(new StandardRequest($endpoint, $args, $payload), $user)); $this->writeResponse($request, $response, $result); }
/** * Handles all hooks. * * @param Request $request HTTP request * @param Response $response HTTP response * @param array $args URL args */ public function handle(Request $request, Response $response, array $args) { $response->setHeader("content-type", "text/plain"); $token = $request->getQueryVars()["token"] ?? ""; if (!$token || !is_string($token)) { $response->setStatus(401); $response->send("Failure: No token was provided."); return; } // use @ so we don't have to check for invalid strings manually $token = (string) @hex2bin($token); $hook = (yield $this->hookRepository->get($args["id"])); if (!$hook) { $response->setStatus(404); $response->send("Failure: Hook does not exist."); return; } if (!hash_equals($hook->token, $token)) { $response->setStatus(403); $response->send("Failure: Provided token doesn't match."); return; } $name = $args["service"]; if (!isset($this->services[$name])) { $response->setStatus(404); $response->send("Failure: Unknown service."); return; } $contentType = strtok($request->getHeader("content-type"), ";"); $body = (yield $request->getBody()); switch ($contentType) { case "application/json": $payload = json_decode($body); break; case "application/x-www-form-urlencoded": parse_str($body, $payload); $payload = json_decode(json_encode($payload)); break; default: $response->setStatus(415); $response->send("Failure: Content-type not supported."); return; } $service = $this->services[$name]; $headers = $request->getAllHeaders(); $event = $service->getEventName($headers, $payload); if (!isset($this->schemas[$name][$event])) { $response->setStatus(400); $response->send("Failure: Event not supported."); return; } $schema = $this->schemas[$name][$event]; $this->validator->reset(); $this->validator->check($payload, $schema); if (!$this->validator->isValid()) { $errors = $this->validator->getErrors(); $errors = array_reduce($errors, function (string $carry, array $item) : string { if ($item["property"]) { return $carry . sprintf("\n%s: %s", $item["property"], $item["message"]); } else { return $carry . "\n" . $item["message"]; } }, ""); $response->setStatus(400); $response->send("Failure: Payload validation failed." . $errors); return; } $message = $service->handle($headers, $payload); try { if ($message) { $req = (new HttpRequest())->setMethod("PUT")->setUri($this->config["api"] . "/messages")->setHeader("authorization", "Basic " . base64_encode("{$this->config['user_id']}:{$this->config['token']}"))->setBody(json_encode(["room_id" => $hook->room_id, "text" => $message->getText(), "data" => $message->getData()])); $resp = (yield $this->http->request($req)); if (intval($resp->getStatus() / 100) !== 2) { $message = "API request failed: " . $resp->getStatus(); if ($resp->getBody()) { $message .= "\n" . $resp->getBody(); } throw new Exception($message); } } $response->send("Success: " . ($message ? "Message sent." : "Message skipped.")); } catch (Exception $e) { $response->setStatus(500); $response->send("Failure: Couldn't persist message."); } }
public function onHandshake(Request $request, Response $response) { $origin = $request->getHeader("origin"); if (!isOriginAllowed($origin)) { $response->setStatus(400); $response->setReason("Invalid Origin"); $response->send("<h1>Invalid Origin</h1>"); return null; } if ($this->eventSub->getConnectionState() !== ConnectionState::CONNECTED) { $response->setStatus(503); $response->setReason("Service unavailable"); $response->send(""); return null; } return new Session($request); }