/** * get the smd target path in absolute or relative mode for services or base url for smd * output if first parameter is not set. this function will return target in htaccess rewrite * style if the option REWRITE_URL is set. this option can be either boolean true let the smd * resolve the rewrite pattern automatically which is nothing but extending the base path of * the url to contain the service class and function parameter like: "/base/rpc/index.php" * becomes "/base/rpc/class.function" or "/base/rpc/function" because rewrite will remap this * rule to "/base/rpc/index.php?service=class.function". you can also pass a string with your * rewrite rule as "/base/rpc/foo/{$class}/{$function}" with {($|%)} $ or % placeholder values. * always make sure your htaccess rule reflects the rewrite rule and vice versa and that service * values are always rewritten to $_GET "service" parameter. the second parameter defines whether * to return the url as relative or absolute or if not set will look for global option RELATIVE_TARGETS * * @error 14113 * @param null|string $service expects optional the service method/function and class in dot notation * @param null|bool $relative defined whether to return path absolute or relative * @return string * @throws Xapp_Rpc_Smd_Exception */ protected function getTarget($service = null, $relative = null) { $class = null; $function = null; $separator = xapp_get_option(self::CLASS_METHOD_SEPARATOR, $this); $url = Xapp_Rpc_Request::url(null, -1); $host = rtrim($url['host'], '/ '); $path = trim($url['path'], '/ '); if (preg_match('/(\\.([^\\/]+|$))/i', $path, $m, PREG_OFFSET_CAPTURE)) { if (isset($m[1]) && is_array($m[1])) { $path = substr($path, 0, $m[1][1] + strlen($m[1][0])); } } if (xapp_is_option(self::REWRITE_URL, $this) && strpos($path, 'index.') !== false) { $path = substr($path, 0, strpos($path, 'index.')); } if ($service !== null) { if (strpos($service, $separator) !== false) { $class = substr($service, 0, strpos($service, $separator)); $function = substr($service, strpos($service, $separator) + 1); } else { $class = null; $function = $service; } } if ($service !== null) { if (xapp_is_option(self::REWRITE_URL, $this)) { $_url = xapp_get_option(self::REWRITE_URL, $this); if (is_bool($_url) && $_url) { $_url = rtrim($path, '/') . '/{$class}{$separator}{$function}'; } $_url = trim($_url, '/ '); if (($_url = parse_url($_url)) !== false) { $path = trim(preg_replace(array('/\\{(?:\\$|\\%)([^\\}]+)\\}/ie', '/\\/+/'), array("\$\$1", '/'), $_url['path']), '/ '); } else { throw new Xapp_Rpc_Smd_Exception(xapp_sprintf(_("smd rewrite rule: %s is not a valid url or url path value"), $_url), 1411301); } } else { $path = $path . "?service={$service}"; } } if ($relative === null) { $relative = xapp_get_option(self::RELATIVE_TARGETS, $this); } if ((bool) $relative) { return '/' . ltrim($path, '/ '); } else { return $url['scheme'] . '://' . $host . (isset($url['port']) && !empty($url['port']) ? ':' . $url['port'] : '') . '/' . $path; } }
/** * validates all options that have been defined throwing rpc gateway faults if any of the * options fail to validate. see constant descriptions for what each constant does * * @error 14015 * @param string $option expects the option name * @param null|mixed $value expects the options value * @throws Xapp_Rpc_Gateway_Exception * @throws Xapp_Rpc_Fault */ protected function validate($option, $value = null) { $user = null; $option = strtoupper($option); switch ($option) { case self::BASIC_AUTH: if ($this->request()->has('PHP_AUTH_USER', 'SERVER') && $this->request()->has('PHP_AUTH_PW', 'SERVER') && isset($value[0]) && isset($value[1])) { if ($this->server()->request()->getFrom('PHP_AUTH_USER', 'SERVER') !== $value[0] || $this->server()->request()->getFrom('PHP_AUTH_PW', 'SERVER') !== $value[1]) { Xapp_Rpc_Fault::t("basic auth error - user or password not correct", array(1401501, -32001)); } } else { Xapp_Rpc_Fault::t("basic auth error - credentials not set", array(1401502, -32002)); } break; case self::ALLOW_IP: if (Xapp_Rpc_Request::getClientIp() !== null && !in_array(Xapp_Rpc_Request::getClientIp(), $value)) { Xapp_Rpc_Fault::t("request denied from service", array(1401503, -32003)); } break; case self::DENY_IP: if (Xapp_Rpc_Request::getClientIp() !== null && in_array(Xapp_Rpc_Request::getClientIp(), $value)) { Xapp_Rpc_Fault::t("request denied from service", array(1401503, -32003)); } break; case self::DISABLE: if ((bool) $value) { Xapp_Rpc_Fault::t("gateway is disabled", array(1401504, -32004)); } break; case self::DISABLE_SERVICE: if ($this->server()->hasServices()) { foreach ($this->server()->getServices() as $service) { if (preg_match(Xapp_Rpc::regex($value), $service)) { Xapp_Rpc_Fault::t("requested service: {$service} is disabled", array(1401505, -32005)); } } } break; case self::ALLOW_HOST: if (Xapp_Rpc_Request::getHost() !== null && !in_array(Xapp_Rpc_Request::getHost(), $value)) { Xapp_Rpc_Fault::t("host denied from service", array(1401506, -32006)); } break; case self::DENY_HOST: if (Xapp_Rpc_Request::getHost() !== null && in_array(Xapp_Rpc_Request::getHost(), $value)) { Xapp_Rpc_Fault::t("host denied from service", array(1401506, -32006)); } break; case self::FORCE_HTTPS: if ((bool) $value && Xapp_Rpc_Request::getScheme() !== 'HTTPS') { Xapp_Rpc_Fault::t("request from none http secure host denied", array(1401507, -32007)); } break; case self::ALLOW_USER_AGENT: if ($this->request()->has('HTTP_USER_AGENT', 'SERVER') && !preg_match('/(' . implode('|', trim($value, '()')) . ')/i', $this->request()->getFrom('HTTP_USER_AGENT', 'SERVER'))) { Xapp_Rpc_Fault::t("client denied from service", array(1401508, -32008)); } break; case self::DENY_USER_AGENT: if ($this->request()->has('HTTP_USER_AGENT', 'SERVER') && preg_match('/(' . implode('|', trim($value, '()')) . ')/i', $this->request()->getFrom('HTTP_USER_AGENT', 'SERVER'))) { Xapp_Rpc_Fault::t("client denied from service", array(1401508, -32008)); } break; case self::ALLOW_REFERER: if (Xapp_Rpc_Request::getReferer() !== null && !preg_match('/(' . implode('|', trim($value, '()')) . ')/i', Xapp_Rpc_Request::getReferer())) { Xapp_Rpc_Fault::t("referer denied from service", array(1401509, -32009)); } break; case self::SIGNED_REQUEST: if ((bool) $value) { $tmp = array(); if (xapp_is_option(self::SIGNED_REQUEST_EXCLUDES, $this)) { foreach ($this->server()->getServices() as $service) { if (!preg_match(Xapp_Rpc::regex(xapp_get_option(self::SIGNED_REQUEST_EXCLUDES, $this)), $service)) { $tmp[] = $service; } } } if (sizeof($tmp) > 0) { $sign = $this->request()->getParam(xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this), false); $method = strtolower(xapp_get_option(self::SIGNED_REQUEST_METHOD, $this)); switch ($method) { case 'host': $user = $this->request()->getHost(); break; case 'ip': $user = $this->request()->getClientIp(); break; case 'user': $user = $this->request()->getParam(xapp_get_option(self::SIGNED_REQUEST_USER_PARAM, $this), false); break; default: throw new Xapp_Rpc_Gateway_Exception(_("unsupported signed request user identification method"), 1401514); } if ($user === false || $user === null) { Xapp_Rpc_Fault::t(vsprintf("signed request value for: %s not found in request", array(xapp_get_option(self::SIGNED_REQUEST_USER_PARAM, $this))), array(1401512, -32011)); } if ($sign === false || $sign === null) { Xapp_Rpc_Fault::t(vsprintf("signed request value for: %s not found in request", array(xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this))), array(1401513, -32011)); } $key = $this->getKey($user, null); $params = $this->request()->getParams(); if (array_key_exists('xdmTarget', $params)) { unset($params['xdmTarget']); } if (array_key_exists('view', $params)) { unset($params['view']); } if (array_key_exists('xfToken', $params)) { unset($params['xfToken']); } if (array_key_exists('time', $params)) { unset($params['time']); } if (array_key_exists('xdm_e', $params)) { unset($params['xdm_e']); } if (array_key_exists('user', $params)) { unset($params['user']); } if (array_key_exists('xdm_c', $params)) { unset($params['xdm_c']); } if (array_key_exists('xdm_p', $params)) { unset($params['xdm_p']); } if (xapp_is_option(self::SIGNED_REQUEST_CALLBACK, $this)) { if (!(bool) call_user_func_array(xapp_get_option(self::SIGNED_REQUEST_CALLBACK, $this), array($this->request(), $params, $key))) { Xapp_Rpc_Fault::t("verifying signed request failed", array(1401510, -32010)); } } else { if ($key !== null) { if (isset($params[xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this)])) { unset($params[xapp_get_option(self::SIGNED_REQUEST_SIGN_PARAM, $this)]); } if ($sign !== self::sign($params, $key)) { Xapp_Rpc_Fault::t("verifying signed request failed", array(1401510, -32010)); } } else { throw new Xapp_Rpc_Gateway_Exception(_("user identification key must be set when using internal signed request verification"), 1401511); } } } } break; default: } }
/** * class constructor calls parent constructor to initialize class. * * @error 15001 */ public function __construct() { parent::__construct(); }