charlesportwoodii /
yii2-api-rest-components
| Conditions | 8 |
| Paths | 10 |
| Total Lines | 70 |
| Code Lines | 48 |
| Lines | 0 |
| Ratio | 0 % |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
| 1 | <?php declare(strict_types=1); |
||
| 20 | protected function formatJson($response) |
||
| 21 | { |
||
| 22 | // Generate a new encryption key |
||
| 23 | $key = EncryptionKey::generate(); |
||
| 24 | $request = Yii::$app->request; |
||
|
|
|||
| 25 | $version = Response::getVersion(\base64_decode($request->getRawBody())); |
||
| 26 | $headers = $response->getHeaders(); |
||
| 27 | |||
| 28 | if ($version === 2) { |
||
| 29 | $rawPublic = Response::getPublicKeyFromResponse(\base64_decode($request->getRawBody())); |
||
| 30 | } else { |
||
| 31 | $public = Yii::$app->request->getHeaders()->get('x-pubkey', null); |
||
| 32 | |||
| 33 | if ($public === null) { |
||
| 34 | $response->statusCode = 400; |
||
| 35 | $response->content = ''; |
||
| 36 | $response->getHeaders('x-reason', Yii::t('yrc', 'Accept: application/vnd.ncryptf+json requires x-pubkey header to be set.')); |
||
| 37 | return; |
||
| 38 | } |
||
| 39 | |||
| 40 | $rawPublic = \base64_decode($public); |
||
| 41 | if (strlen($rawPublic) !== 32) { |
||
| 42 | $response->statusCode = 400; |
||
| 43 | $headers->set('x-reason', Yii::t('yrc', 'Public key is not 32 bytes in length.')); |
||
| 44 | return; |
||
| 45 | } |
||
| 46 | } |
||
| 47 | |||
| 48 | parent::formatJson($response); |
||
| 49 | $headers->set('Content-Type', 'application/vnd.ncryptf+json; charset=UTF-8'); |
||
| 50 | |||
| 51 | if (!Yii::$app->user->isGuest) { |
||
| 52 | $token = Yii::$app->user->getIdentity()->getToken(); |
||
| 53 | |||
| 54 | if ($token === null) { |
||
| 55 | $response->statusCode = 406; |
||
| 56 | $response->content = ''; |
||
| 57 | Yii::warning([ |
||
| 58 | 'message' => 'Could not fetch token keypair. Unable to generate encrypted response.' |
||
| 59 | ], 'yrc'); |
||
| 60 | return; |
||
| 61 | } |
||
| 62 | |||
| 63 | $r = new Request( |
||
| 64 | \base64_decode($key->secret), |
||
| 65 | \base64_decode($token->secret_sign_kp) |
||
| 66 | ); |
||
| 67 | |||
| 68 | $nonce = \random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); |
||
| 69 | |||
| 70 | $content = $r->encrypt( |
||
| 71 | $response->content, |
||
| 72 | $rawPublic, |
||
| 73 | $version, |
||
| 74 | $version === 2 ? null : $nonce |
||
| 75 | ); |
||
| 76 | |||
| 77 | if ($version === 1) { |
||
| 78 | $signature = $r->sign($response->content); |
||
| 79 | // Sign the raw response and send the signature alongside the header |
||
| 80 | $headers->set('x-sigpubkey', \base64_encode($token->getSignPublicKey())); |
||
| 81 | $headers->set('x-signature', \base64_encode($signature)); |
||
| 82 | $headers->set('x-hashid', $key->hash); |
||
| 83 | $headers->set('x-pubkey-expiration', $key->expires_at); |
||
| 84 | $headers->set('x-nonce', \base64_encode($nonce)); |
||
| 85 | $headers->set('x-pubkey', \base64_encode($key->getBoxPublicKey())); |
||
| 86 | } |
||
| 87 | |||
| 88 | $response->content = \base64_encode($content); |
||
| 89 | return; |
||
| 90 | } |
||
| 93 |
Loading history...
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountIdthat can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theidproperty of an instance of theAccountclass. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.