If multiple headers were received for the specified field only the
value of the first header is returned. Applications may use
Request::getHeaderArray() to retrieve a list of all header values
received for a given field.
All header $field names are treated case-insensitively.
A null return indicates the requested header field was not present.
public function authorize(Request $request, Response $response) { if (!$request->getHeader("authorization")) { $response->setStatus(401); $response->setHeader("www-authenticate", "Basic realm=\"Use your ID as username and token as password!\""); $response->send(""); return; } $authorization = $request->getHeader("authorization"); $authorization = explode(" ", $authorization, 2); if (count($authorization) < 2) { $result = new Error("bad_request", "invalid authorization header", 400); $this->writeResponse($request, $response, $result); return; } switch (strtolower($authorization[0])) { case "token": break; case "basic": $authorization[1] = (string) @base64_decode($authorization[1]); break; default: $result = new Error("bad_request", "invalid authorization header", 400); $this->writeResponse($request, $response, $result); return; } try { $user = (yield resolve($this->authentication->authenticateWithToken($authorization[1]))); $request->setLocalVar("chat.api.user", $user); } catch (AuthenticationException $e) { $result = new Error("bad_authentication", "invalid token in authorization header", 403); $this->writeResponse($request, $response, $result); } // a callable further down the chain will send the body }
public function onHandshake(Request $request, Response $response) { // During handshakes, you should always check the origin header, otherwise any site will // be able to connect to your endpoint. Websockets are not restricted by the same-origin-policy! $origin = $request->getHeader("origin"); if ($origin !== "http://localhost:1337") { $response->setStatus(403); $response->send("<h1>origin not allowed</h1>"); return null; } // returned values will be passed to onOpen, that way you can pass cookie values or the whole request object. return $request->getConnectionInfo()["client_addr"]; }
/** * @param Request $req * @param array $options available options are: * - size (default: 131072) * - input_vars (default: 200) * - field_len (default: 16384) */ public function __construct(Request $req, array $options = []) { $this->req = $req; $type = $req->getHeader("content-type"); $this->body = $req->getBody($this->totalSize = $this->size = $options["size"] ?? 131072); $this->maxFieldLen = $options["field_len"] ?? 16384; $this->maxInputVars = $options["input_vars"] ?? 200; if ($type !== null && strncmp($type, "application/x-www-form-urlencoded", \strlen("application/x-www-form-urlencoded"))) { if (!preg_match('#^\\s*multipart/(?:form-data|mixed)(?:\\s*;\\s*boundary\\s*=\\s*("?)([^"]*)\\1)?$#', $type, $m)) { $this->req = null; $this->parsing = true; $this->result = new ParsedBody([]); return; } $this->boundary = $m[2]; } $this->body->when(function ($e, $data) { $this->req = null; \Amp\immediately(function () use($e, $data) { if ($e) { if ($e instanceof ClientSizeException) { $e = new ClientException("", 0, $e); } $this->error = $e; } else { $this->result = $this->end($data); } if (!$this->parsing) { $this->parsing = true; foreach ($this->result->getNames() as $field) { foreach ($this->result->getArray($field) as $_) { foreach ($this->watchers as list($cb, $cbData)) { $cb($field, $cbData); } } } } $this->parsing = true; foreach ($this->whens as list($cb, $cbData)) { $cb($this->error, $this->result, $cbData); } $this->whens = $this->watchers = []; }); }); }
private function getJsonRequestBody(AerysRequest $request, AerysResponse $response) : \Generator { if ($request->getHeader('Content-Type') !== 'application/json') { $this->respondWithError($response, 400, 'Type of request body must be application/json'); return null; } $body = $request->getBody(); $bodyText = ''; while ((yield $body->valid())) { $bodyText .= $body->consume(); } try { $json = json_try_decode($bodyText, true); } catch (JSONDecodeErrorException $e) { $this->respondWithError($response, 400, 'Unable to decode request body as application/json'); return null; } if (!is_array($json)) { $this->respondWithError($response, 400, 'Invalid request data structure'); return null; } return $json; }
private function checkPreconditions(Request $request, int $mtime, string $etag) { $ifMatch = $request->getHeader("If-Match"); if ($ifMatch && \stripos($ifMatch, $etag) === false) { return self::PRECOND_FAILED; } $ifNoneMatch = $request->getHeader("If-None-Match"); if ($ifNoneMatch && \stripos($ifNoneMatch, $etag) !== false) { return self::PRECOND_NOT_MODIFIED; } $ifModifiedSince = $request->getHeader("If-Modified-Since"); $ifModifiedSince = $ifModifiedSince ? @\strtotime($ifModifiedSince) : 0; if ($ifModifiedSince && $mtime > $ifModifiedSince) { return self::PRECOND_NOT_MODIFIED; } $ifUnmodifiedSince = $request->getHeader("If-Unmodified-Since"); $ifUnmodifiedSince = $ifUnmodifiedSince ? @\strtotime($ifUnmodifiedSince) : 0; if ($ifUnmodifiedSince && $mtime > $ifUnmodifiedSince) { return self::PRECOND_FAILED; } $ifRange = $request->getHeader("If-Range"); if (!($ifRange || $request->getHeader("Range"))) { return self::PRECOND_OK; } /** * This is a really stupid feature of HTTP but ... * If-Range headers may be either an HTTP timestamp or an Etag: * * If-Range = "If-Range" ":" ( entity-tag | HTTP-date ) * * @link http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.27 */ if ($httpDate = @\strtotime($ifRange)) { return $httpDate > $mtime ? self::PRECOND_IF_RANGE_OK : self::PRECOND_IF_RANGE_FAILED; } // If the If-Range header was not an HTTP date we assume it's an Etag return $etag === $ifRange ? self::PRECOND_IF_RANGE_OK : self::PRECOND_IF_RANGE_FAILED; }
/** * Handles all hooks. * * @param Request $request HTTP request * @param Response $response HTTP response * @param array $args URL args */ public function handle(Request $request, Response $response, array $args) { $response->setHeader("content-type", "text/plain"); $token = $request->getQueryVars()["token"] ?? ""; if (!$token || !is_string($token)) { $response->setStatus(401); $response->send("Failure: No token was provided."); return; } // use @ so we don't have to check for invalid strings manually $token = (string) @hex2bin($token); $hook = (yield $this->hookRepository->get($args["id"])); if (!$hook) { $response->setStatus(404); $response->send("Failure: Hook does not exist."); return; } if (!hash_equals($hook->token, $token)) { $response->setStatus(403); $response->send("Failure: Provided token doesn't match."); return; } $name = $args["service"]; if (!isset($this->services[$name])) { $response->setStatus(404); $response->send("Failure: Unknown service."); return; } $contentType = strtok($request->getHeader("content-type"), ";"); $body = (yield $request->getBody()); switch ($contentType) { case "application/json": $payload = json_decode($body); break; case "application/x-www-form-urlencoded": parse_str($body, $payload); $payload = json_decode(json_encode($payload)); break; default: $response->setStatus(415); $response->send("Failure: Content-type not supported."); return; } $service = $this->services[$name]; $headers = $request->getAllHeaders(); $event = $service->getEventName($headers, $payload); if (!isset($this->schemas[$name][$event])) { $response->setStatus(400); $response->send("Failure: Event not supported."); return; } $schema = $this->schemas[$name][$event]; $this->validator->reset(); $this->validator->check($payload, $schema); if (!$this->validator->isValid()) { $errors = $this->validator->getErrors(); $errors = array_reduce($errors, function (string $carry, array $item) : string { if ($item["property"]) { return $carry . sprintf("\n%s: %s", $item["property"], $item["message"]); } else { return $carry . "\n" . $item["message"]; } }, ""); $response->setStatus(400); $response->send("Failure: Payload validation failed." . $errors); return; } $message = $service->handle($headers, $payload); try { if ($message) { $req = (new HttpRequest())->setMethod("PUT")->setUri($this->config["api"] . "/messages")->setHeader("authorization", "Basic " . base64_encode("{$this->config['user_id']}:{$this->config['token']}"))->setBody(json_encode(["room_id" => $hook->room_id, "text" => $message->getText(), "data" => $message->getData()])); $resp = (yield $this->http->request($req)); if (intval($resp->getStatus() / 100) !== 2) { $message = "API request failed: " . $resp->getStatus(); if ($resp->getBody()) { $message .= "\n" . $resp->getBody(); } throw new Exception($message); } } $response->send("Success: " . ($message ? "Message sent." : "Message skipped.")); } catch (Exception $e) { $response->setStatus(500); $response->send("Failure: Couldn't persist message."); } }
public function onHandshake(Request $request, Response $response) { $origin = $request->getHeader("origin"); if (!isOriginAllowed($origin)) { $response->setStatus(400); $response->setReason("Invalid Origin"); $response->send("<h1>Invalid Origin</h1>"); return null; } if ($this->eventSub->getConnectionState() !== ConnectionState::CONNECTED) { $response->setStatus(503); $response->setReason("Service unavailable"); $response->send(""); return null; } return new Session($request); }