Issues in Controller.php - All Issues - Inspection of "Add support for Laravel 5.8 (#122)" - beyondcode/laravel-websockets - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( edcf20...3ec6c0 )

by Marcel

created 2019-02-27 14:27 UTC

src/HttpApi/Controllers/Controller.php (3 issues)

Labels

Bug 3

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;

use Exception;
use Pusher\Pusher;
use Illuminate\Support\Arr;
use Illuminate\Http\Request;
use GuzzleHttp\Psr7\Response;
use Ratchet\ConnectionInterface;
use Illuminate\Http\JsonResponse;
use GuzzleHttp\Psr7\ServerRequest;
use Illuminate\Support\Collection;
use Ratchet\Http\HttpServerInterface;
use Psr\Http\Message\RequestInterface;
use BeyondCode\LaravelWebSockets\Apps\App;
use BeyondCode\LaravelWebSockets\QueryParameters;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;

abstract class Controller implements HttpServerInterface
{
    /** @var string */
    protected $requestBuffer = '';

    /** @var RequestInterface */
    protected $request;

    /** @var int */
    protected $contentLength;

    /** @var \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager */
    protected $channelManager;

    public function __construct(ChannelManager $channelManager)
    {
        $this->channelManager = $channelManager;
    }

    public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
    {
        $this->request = $request;

        $this->contentLength = $this->findContentLength($request->getHeaders());
function someFunction(A $objectMaybe = null)
{
    if ($objectMaybe instanceof A) {
        $objectMaybe->doSomething();
    }
}

        $this->requestBuffer = (string) $request->getBody();

        $this->checkContentLength($connection);
    }

    protected function findContentLength(array $headers): int
    {
        return Collection::make($headers)->first(function ($values, $header) {
            return strtolower($header) === 'content-length';
        });
    }

    public function onMessage(ConnectionInterface $from, $msg)
    {
        $this->requestBuffer .= $msg;

        $this->checkContentLength();

    }

    protected function checkContentLength(ConnectionInterface $connection)
    {
        if (strlen($this->requestBuffer) === $this->contentLength) {
            $serverRequest = (new ServerRequest(
                $this->request->getMethod(),
                $this->request->getUri(),
                $this->request->getHeaders(),
                $this->requestBuffer,
                $this->request->getProtocolVersion()
            ))->withQueryParams(QueryParameters::create($this->request)->all());

            $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));

            $this
                ->ensureValidAppId($laravelRequest->appId)
                ->ensureValidSignature($laravelRequest);

            $response = $this($laravelRequest);

            $connection->send(JsonResponse::create($response));
            $connection->close();
        }
    }

    public function onClose(ConnectionInterface $connection)
    {
    }

    public function onError(ConnectionInterface $connection, Exception $exception)
    {
        if (! $exception instanceof HttpException) {
            return;
        }

        $response = new Response($exception->getStatusCode(), [
            'Content-Type' => 'application/json',
        ], json_encode([
            'error' => $exception->getMessage(),
        ]));

        $connection->send(\GuzzleHttp\Psr7\str($response));

        $connection->close();
    }

    public function ensureValidAppId(string $appId)
    {
        if (! App::findById($appId)) {
            throw new HttpException(401, "Unknown app id `{$appId}` provided.");
        }

        return $this;
    }

    protected function ensureValidSignature(Request $request)
    {
        /*
         * The `auth_signature` & `body_md5` parameters are not included when calculating the `auth_signature` value.
         *
         * The `appId`, `appKey` & `channelName` parameters are actually route paramaters and are never supplied by the client.
         */
        $params = Arr::except($request->query(), ['auth_signature', 'body_md5', 'appId', 'appKey', 'channelName']);


        if ($request->getContent() !== '') {
            $params['body_md5'] = md5($request->getContent());
        }

        ksort($params);

        $signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);

        $authSignature = hash_hmac('sha256', $signature, App::findById($request->get('appId'))->secret);

        if ($authSignature !== $request->get('auth_signature')) {
            throw new HttpException(401, 'Invalid auth signature provided.');
        }

        return $this;
    }

    abstract public function __invoke(Request $request);
}


1			<?php
2
3			namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;
4
5			use Exception;
6			use Pusher\Pusher;
7			use Illuminate\Support\Arr;
8			use Illuminate\Http\Request;
9			use GuzzleHttp\Psr7\Response;
10			use Ratchet\ConnectionInterface;
11			use Illuminate\Http\JsonResponse;
12			use GuzzleHttp\Psr7\ServerRequest;
13			use Illuminate\Support\Collection;
14			use Ratchet\Http\HttpServerInterface;
15			use Psr\Http\Message\RequestInterface;
16			use BeyondCode\LaravelWebSockets\Apps\App;
17			use BeyondCode\LaravelWebSockets\QueryParameters;
18			use Symfony\Component\HttpKernel\Exception\HttpException;
19			use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
20			use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;
21
22			abstract class Controller implements HttpServerInterface
23			{
24			/** @var string */
25			protected $requestBuffer = '';
26
27			/** @var RequestInterface */
28			protected $request;
29
30			/** @var int */
31			protected $contentLength;
32
33			/** @var \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager */
34			protected $channelManager;
35
36			public function __construct(ChannelManager $channelManager)
37			{
38			$this->channelManager = $channelManager;
39			}
40
41			public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
42			{
43			$this->request = $request;
44
45			$this->contentLength = $this->findContentLength($request->getHeaders());
			0 ignored issues – show Bug introduced 2019-02-27 14:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` is not always an object, but can also be of type `null`. Maybe add an additional type check? If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: function someFunction(A $objectMaybe = null) { if ($objectMaybe instanceof A) { $objectMaybe->doSomething(); } } Loading history...
46
47			$this->requestBuffer = (string) $request->getBody();
48
49			$this->checkContentLength($connection);
50			}
51
52			protected function findContentLength(array $headers): int
53			{
54			return Collection::make($headers)->first(function ($values, $header) {
55			return strtolower($header) === 'content-length';
56			});
57			}
58
59			public function onMessage(ConnectionInterface $from, $msg)
60			{
61			$this->requestBuffer .= $msg;
62
63			$this->checkContentLength();
			0 ignored issues – show Bug introduced 2019-02-27 14:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `checkContentLength()` misses a required argument `$connection`. This check looks for function calls that miss required arguments. Loading history...
64			}
65
66			protected function checkContentLength(ConnectionInterface $connection)
67			{
68			if (strlen($this->requestBuffer) === $this->contentLength) {
69			$serverRequest = (new ServerRequest(
70			$this->request->getMethod(),
71			$this->request->getUri(),
72			$this->request->getHeaders(),
73			$this->requestBuffer,
74			$this->request->getProtocolVersion()
75			))->withQueryParams(QueryParameters::create($this->request)->all());
76
77			$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));
78
79			$this
80			->ensureValidAppId($laravelRequest->appId)
81			->ensureValidSignature($laravelRequest);
82
83			$response = $this($laravelRequest);
84
85			$connection->send(JsonResponse::create($response));
86			$connection->close();
87			}
88			}
89
90			public function onClose(ConnectionInterface $connection)
91			{
92			}
93
94			public function onError(ConnectionInterface $connection, Exception $exception)
95			{
96			if (! $exception instanceof HttpException) {
97			return;
98			}
99
100			$response = new Response($exception->getStatusCode(), [
101			'Content-Type' => 'application/json',
102			], json_encode([
103			'error' => $exception->getMessage(),
104			]));
105
106			$connection->send(\GuzzleHttp\Psr7\str($response));
107
108			$connection->close();
109			}
110
111			public function ensureValidAppId(string $appId)
112			{
113			if (! App::findById($appId)) {
114			throw new HttpException(401, "Unknown app id `{$appId}` provided.");
115			}
116
117			return $this;
118			}
119
120			protected function ensureValidSignature(Request $request)
121			{
122			/*
123			* The `auth_signature` & `body_md5` parameters are not included when calculating the `auth_signature` value.
124			*
125			* The `appId`, `appKey` & `channelName` parameters are actually route paramaters and are never supplied by the client.
126			*/
127			$params = Arr::except($request->query(), ['auth_signature', 'body_md5', 'appId', 'appKey', 'channelName']);
			0 ignored issues – show Bug introduced 2019-02-26 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request->query()` targeting `Illuminate\Http\Concerns...ractsWithInput::query()` can also be of type `null` or `string`; however, `Illuminate\Support\Arr::except()` does only seem to accept `array`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
128
129			if ($request->getContent() !== '') {
130			$params['body_md5'] = md5($request->getContent());
131			}
132
133			ksort($params);
134
135			$signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);
136
137			$authSignature = hash_hmac('sha256', $signature, App::findById($request->get('appId'))->secret);
138
139			if ($authSignature !== $request->get('auth_signature')) {
140			throw new HttpException(401, 'Invalid auth signature provided.');
141			}
142
143			return $this;
144			}
145
146			abstract public function __invoke(Request $request);
147			}
148

beyondcode / laravel-websockets

Push — master ( edcf20...3ec6c0 )

src/HttpApi/Controllers/Controller.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like