Exemplo n.º 1
0
 public function Render(Response $response, array $data)
 {
     $jsonString = $this->jsonEncode($data);
     if ($this->callback) {
         $response->AddHeader('Content-type', 'text/javascript;charset=utf-8');
         $response->Body = $this->callback . '(' . $jsonString . ');';
     } else {
         $response->AddHeader('Content-type', 'application/json;charset=utf-8');
         $response->Body = $jsonString;
     }
     $response->Send();
 }
Exemplo n.º 2
0
 public function Render(Response $response, array $data)
 {
     $response->AddHeader('Content-type', 'text/plain');
     $response->Body .= "*** The page's data set: ***\n\n";
     $response->Body .= $this->renderData($data);
     $response->Body .= "\n****************************\n";
     $response->Send();
 }
Exemplo n.º 3
0
 public function Authorize($method)
 {
     $allowedMethods = array_map('strtoupper', $this->allowedMethods);
     // always allow OPTIONS requests
     if (!in_array('OPTIONS', $allowedMethods)) {
         array_push($allowedMethods, 'OPTIONS');
     }
     // set CORS headers if configured
     if ($this->crossOriginEnabled) {
         $headers = $this->request->Headers;
         if (isset($headers['Origin'])) {
             $allowedHeaders = isset($headers['Access-Control-Request-Headers']) ? $headers['Access-Control-Request-Headers'] : '';
             $origin = $headers['Origin'];
             if (in_array($origin, $this->crossOriginDomainsAllowed)) {
                 $this->response->AddHeader('Access-Control-Allow-Origin', $origin);
                 $this->response->AddHeader('Access-Control-Allow-Credentials', 'true');
                 $this->response->AddHeader('Access-Control-Allow-Methods', implode(',', $allowedMethods));
                 $this->response->AddHeader('Access-Control-Allow-Headers', $allowedHeaders);
             } else {
                 throw new CrossOriginException(sprintf('The origin "%s" is not permitted.', $origin));
             }
         }
     }
     if (!in_array($this->request->Method, $allowedMethods)) {
         throw new MethodNotAllowedException(sprintf('The %s method is not permitted here (118).', $this->request->Method));
     }
     /*
      * Issue #30: Authorize any OPTIONS request.
      */
     if (strtoupper($this->request->Method) === 'OPTIONS') {
         return true;
     }
     $authorized = true;
     if (isset($this->auth)) {
         if (!(in_array($method, $this->skipAuthentication) || in_array('*', $this->skipAuthentication))) {
             $requireAuth = false;
             // If requireAuthentication is empty, prevent access by default.
             if (empty($this->requireAuthentication)) {
                 $requireAuth = true;
             } else {
                 if (in_array($method, $this->requireAuthentication) || in_array('*', $this->requireAuthentication)) {
                     $requireAuth = true;
                 }
             }
             if ($requireAuth) {
                 /** @var \Fluxoft\Rebar\Auth\Reply $authReply */
                 $authReply = $this->auth->GetAuthenticatedUser($this->request);
                 if (!$authReply->Auth) {
                     // method is limited and user is not authenticated
                     throw new AccessDeniedException(sprintf('Access denied for %s', $method));
                 }
             }
         }
     }
     return $authorized;
 }