Issues in Controller.php - Fixed Issues - Inspection of "Add support for Laravel 5.8 (#122)" - beyondcode/laravel-websockets - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( edcf20...3ec6c0 )

by Marcel

created 2019-02-27 14:27 UTC

src/HttpApi/Controllers/Controller.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;

use Exception;
use Pusher\Pusher;
use Illuminate\Http\Request;
use GuzzleHttp\Psr7\Response;
use Ratchet\ConnectionInterface;
use Illuminate\Http\JsonResponse;
use GuzzleHttp\Psr7\ServerRequest;
use Illuminate\Support\Collection;
use Ratchet\Http\HttpServerInterface;
use Psr\Http\Message\RequestInterface;
use BeyondCode\LaravelWebSockets\Apps\App;
use BeyondCode\LaravelWebSockets\QueryParameters;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;

abstract class Controller implements HttpServerInterface
{
    /** @var string */
    protected $requestBuffer = '';

    /** @var RequestInterface */
    protected $request;

    /** @var int */
    protected $contentLength;

    /** @var \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager */
    protected $channelManager;

    public function __construct(ChannelManager $channelManager)
    {
        $this->channelManager = $channelManager;
    }

    public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
    {
        $this->request = $request;

        $this->contentLength = $this->findContentLength($request->getHeaders());

        $this->requestBuffer = (string) $request->getBody();

        $this->checkContentLength($connection);
    }

    protected function findContentLength(array $headers): int
    {
        return Collection::make($headers)->first(function ($values, $header) {
            return strtolower($header) === 'content-length';
        });
    }

    public function onMessage(ConnectionInterface $from, $msg)
    {
        $this->requestBuffer .= $msg;

        $this->checkContentLength();
    }

    protected function checkContentLength(ConnectionInterface $connection)
    {
        if (strlen($this->requestBuffer) === $this->contentLength) {
            $serverRequest = (new ServerRequest(
                $this->request->getMethod(),
                $this->request->getUri(),
                $this->request->getHeaders(),
                $this->requestBuffer,
                $this->request->getProtocolVersion()
            ))->withQueryParams(QueryParameters::create($this->request)->all());

            $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));

            $this
                ->ensureValidAppId($laravelRequest->appId)
                ->ensureValidSignature($laravelRequest);

            $response = $this($laravelRequest);

            $connection->send(JsonResponse::create($response));
            $connection->close();
        }
    }

    public function onClose(ConnectionInterface $connection)
    {
    }

    public function onError(ConnectionInterface $connection, Exception $exception)
    {
        if (! $exception instanceof HttpException) {
            return;
        }

        $response = new Response($exception->getStatusCode(), [
            'Content-Type' => 'application/json',
        ], json_encode([
            'error' => $exception->getMessage(),
        ]));

        $connection->send(\GuzzleHttp\Psr7\str($response));

        $connection->close();
    }

    public function ensureValidAppId(string $appId)
    {
        if (! App::findById($appId)) {
            throw new HttpException(401, "Unknown app id `{$appId}` provided.");
        }

        return $this;
    }

    protected function ensureValidSignature(Request $request)
    {
        /*
         * The `auth_signature` & `body_md5` parameters are not included when calculating the `auth_signature` value.
         *
         * The `appId`, `appKey` & `channelName` parameters are actually route paramaters and are never supplied by the client.
         */
        $params = array_except($request->query(), ['auth_signature', 'body_md5', 'appId', 'appKey', 'channelName']);


        if ($request->getContent() !== '') {
            $params['body_md5'] = md5($request->getContent());
        }

        ksort($params);

        $signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);

        $authSignature = hash_hmac('sha256', $signature, App::findById($request->get('appId'))->secret);

        if ($authSignature !== $request->get('auth_signature')) {
            throw new HttpException(401, 'Invalid auth signature provided.');
        }

        return $this;
    }

    abstract public function __invoke(Request $request);
}


1			<?php
2
3			namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;
4
5			use Exception;
6			use Pusher\Pusher;
7			use Illuminate\Http\Request;
8			use GuzzleHttp\Psr7\Response;
9			use Ratchet\ConnectionInterface;
10			use Illuminate\Http\JsonResponse;
11			use GuzzleHttp\Psr7\ServerRequest;
12			use Illuminate\Support\Collection;
13			use Ratchet\Http\HttpServerInterface;
14			use Psr\Http\Message\RequestInterface;
15			use BeyondCode\LaravelWebSockets\Apps\App;
16			use BeyondCode\LaravelWebSockets\QueryParameters;
17			use Symfony\Component\HttpKernel\Exception\HttpException;
18			use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
19			use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;
20
21			abstract class Controller implements HttpServerInterface
22			{
23			/** @var string */
24			protected $requestBuffer = '';
25
26			/** @var RequestInterface */
27			protected $request;
28
29			/** @var int */
30			protected $contentLength;
31
32			/** @var \BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager */
33			protected $channelManager;
34
35			public function __construct(ChannelManager $channelManager)
36			{
37			$this->channelManager = $channelManager;
38			}
39
40			public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
41			{
42			$this->request = $request;
43
44			$this->contentLength = $this->findContentLength($request->getHeaders());
45
46			$this->requestBuffer = (string) $request->getBody();
47
48			$this->checkContentLength($connection);
49			}
50
51			protected function findContentLength(array $headers): int
52			{
53			return Collection::make($headers)->first(function ($values, $header) {
54			return strtolower($header) === 'content-length';
55			});
56			}
57
58			public function onMessage(ConnectionInterface $from, $msg)
59			{
60			$this->requestBuffer .= $msg;
61
62			$this->checkContentLength();
63			}
64
65			protected function checkContentLength(ConnectionInterface $connection)
66			{
67			if (strlen($this->requestBuffer) === $this->contentLength) {
68			$serverRequest = (new ServerRequest(
69			$this->request->getMethod(),
70			$this->request->getUri(),
71			$this->request->getHeaders(),
72			$this->requestBuffer,
73			$this->request->getProtocolVersion()
74			))->withQueryParams(QueryParameters::create($this->request)->all());
75
76			$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));
77
78			$this
79			->ensureValidAppId($laravelRequest->appId)
80			->ensureValidSignature($laravelRequest);
81
82			$response = $this($laravelRequest);
83
84			$connection->send(JsonResponse::create($response));
85			$connection->close();
86			}
87			}
88
89			public function onClose(ConnectionInterface $connection)
90			{
91			}
92
93			public function onError(ConnectionInterface $connection, Exception $exception)
94			{
95			if (! $exception instanceof HttpException) {
96			return;
97			}
98
99			$response = new Response($exception->getStatusCode(), [
100			'Content-Type' => 'application/json',
101			], json_encode([
102			'error' => $exception->getMessage(),
103			]));
104
105			$connection->send(\GuzzleHttp\Psr7\str($response));
106
107			$connection->close();
108			}
109
110			public function ensureValidAppId(string $appId)
111			{
112			if (! App::findById($appId)) {
113			throw new HttpException(401, "Unknown app id `{$appId}` provided.");
114			}
115
116			return $this;
117			}
118
119			protected function ensureValidSignature(Request $request)
120			{
121			/*
122			* The `auth_signature` & `body_md5` parameters are not included when calculating the `auth_signature` value.
123			*
124			* The `appId`, `appKey` & `channelName` parameters are actually route paramaters and are never supplied by the client.
125			*/
126			$params = array_except($request->query(), ['auth_signature', 'body_md5', 'appId', 'appKey', 'channelName']);
			0 ignored issues – show Bug introduced 2018-12-07 19:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request->query()` targeting `Illuminate\Http\Concerns...ractsWithInput::query()` can also be of type `null` or `string`; however, `array_except()` does only seem to accept `array`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
127
128			if ($request->getContent() !== '') {
129			$params['body_md5'] = md5($request->getContent());
130			}
131
132			ksort($params);
133
134			$signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);
135
136			$authSignature = hash_hmac('sha256', $signature, App::findById($request->get('appId'))->secret);
137
138			if ($authSignature !== $request->get('auth_signature')) {
139			throw new HttpException(401, 'Invalid auth signature provided.');
140			}
141
142			return $this;
143			}
144
145			abstract public function __invoke(Request $request);
146			}
147

beyondcode / laravel-websockets

Push — master ( edcf20...3ec6c0 )

src/HttpApi/Controllers/Controller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like