Cors - Code Metrics - jdesrosiers/silex-cors-provider - Measure and Improve Code Quality continuously with Scrutinizer

Cors A
last analyzed 2020-04-25 17:55 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	126
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	4

Test Coverage

Coverage

100%

Importance

Changes

Metric	Value
wmc	23
lcom	1
cbo	4
dl	0
loc	126
ccs	70
cts	70
cp	1
rs	10
c	0
b	0
f	0

11 Methods

Rating	Name	Size	Complexity
A	__construct()	4	1
A	isCorsRequest()	4	1
A	isPreflightRequest()	4	2
A	isMethodAllowed()	6	2
A	areHeadersAllowed()	9	2
A	domainToRegex()	10	1
A	doubleQuote()	4	1
A	allowCredentials()	4	2
A	__invoke()	12	1
B	cors()	38	6
A	allowOrigin()	16	4

<?php

namespace JDesrosiers\Silex\Provider;

use Silex\Application;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class Cors
{
    private $options;

    public function __construct($options = [])
    {
        $this->options = $options;
    }

    public function __invoke(Request $request, Response $response, Application $app)
    {
        $defaults = [
            "allowOrigin" => $app["cors.allowOrigin"],
            "allowMethods" => $app["cors.allowMethods"],
            "allowHeaders" => $app["cors.allowHeaders"],
            "maxAge" => $app["cors.maxAge"],
            "allowCredentials" => $app["cors.allowCredentials"],
            "exposeHeaders" => $app["cors.exposeHeaders"]
        ];
        $this->cors($request, $response, $this->options + $defaults);
    }

    private function cors(Request $request, Response $response, $options)
    {
        $headers = [];

        if (!$this->isCorsRequest($request)) {
            return [];
        }

        if ($this->isPreflightRequest($request)) {
            $requestMethod = $request->headers->get("Access-Control-Request-Method");
            $allow = $response->headers->get("Allow");
            if (!$this->isMethodAllowed($requestMethod, $allow, $options["allowMethods"])) {
                return [];
            }

            $requestHeaders = $request->headers->get("Access-Control-Request-Headers");
            if (!$this->areHeadersAllowed($requestHeaders, $options["allowHeaders"])) {
                return [];
            }

            $headers["Access-Control-Allow-Headers"] = $requestHeaders;
            $headers["Access-Control-Allow-Methods"] = $requestMethod;
            $headers["Access-Control-Max-Age"] = $options["maxAge"];
        } else {
            $headers["Access-Control-Expose-Headers"] = $options["exposeHeaders"];
        }

        $allowOrigin = $this->allowOrigin($request, $options["allowOrigin"]);

        if (!$allowOrigin) {
            return [];
        }

        $headers["Access-Control-Allow-Origin"] = $allowOrigin;
        $headers["Access-Control-Allow-Credentials"] = $this->allowCredentials($options["allowCredentials"]);

        $response->headers->add(array_filter($headers));
    }

    private function isCorsRequest(Request $request)
    {
        return $request->headers->has("Origin");
    }

    private function isPreflightRequest(Request $request)
    {
        return $request->getMethod() === "OPTIONS" && $request->headers->has("Access-Control-Request-Method");
    }

    private function isMethodAllowed($requestMethod, $allow, $allowMethods)
    {
        $commaSeparatedMethods = !is_null($allowMethods) ? $allowMethods : $allow;
        $allowedMethods = array_filter(preg_split("/\s*,\s*/", $commaSeparatedMethods));
        return in_array($requestMethod, $allowedMethods);
    }

    private function areHeadersAllowed($commaSeparatedRequestHeaders, $allowHeaders)
    {
        if ($allowHeaders === null) {
            return true;
        }
        $requestHeaders = array_filter(preg_split("/\s*,\s*/", $commaSeparatedRequestHeaders));
        $allowedHeaders = array_filter(preg_split("/\s*,\s*/", $allowHeaders));
        return array_diff($requestHeaders, $allowedHeaders) === [];
    }

    private function allowOrigin(Request $request, $allowOrigin)
    {
        $origin = $request->headers->get("Origin");
        if ($allowOrigin === "*") {
            $allowOrigin = $origin;
        }

        $origins = array_filter(preg_split('/\s+/', $allowOrigin));
        foreach ($origins as $domain) {
            if (preg_match($this->domainToRegex($domain), $origin)) {
                return $origin;
            }
        }

        return false;
    }

    private function domainToRegex($domain)
    {
        $star = $this->doubleQuote("*");
        $slash = $this->doubleQuote("/");
        $dot = $this->doubleQuote(".");
        $wildcard = "/(?<=^|$slash)$star(?=$dot)/";
        $subdomain = "[^.]+";
        $quotedDomain = preg_quote($domain, "/");
        return "/^" . preg_replace($wildcard, $subdomain, $quotedDomain) . "$/";
    }

    private function doubleQuote($subject)
    {
        return preg_quote(preg_quote($subject, "/"), "/");
    }

    private function allowCredentials($allowCredentials)
    {
        return $allowCredentials === true ? "true" : null;
    }
}


1		<?php
2
3		namespace JDesrosiers\Silex\Provider;
4
5		use Silex\Application;
6		use Symfony\Component\HttpFoundation\Request;
7		use Symfony\Component\HttpFoundation\Response;
8
9		class Cors
10		{
11		private $options;
12
13	38	public function __construct($options = [])
14		{
15	38	$this->options = $options;
16	38	}
17
18	34	public function __invoke(Request $request, Response $response, Application $app)
19		{
20		$defaults = [
21	34	"allowOrigin" => $app["cors.allowOrigin"],
22	34	"allowMethods" => $app["cors.allowMethods"],
23	34	"allowHeaders" => $app["cors.allowHeaders"],
24	34	"maxAge" => $app["cors.maxAge"],
25	34	"allowCredentials" => $app["cors.allowCredentials"],
26	34	"exposeHeaders" => $app["cors.exposeHeaders"]
27		];
28	34	$this->cors($request, $response, $this->options + $defaults);
29	34	}
30
31	34	private function cors(Request $request, Response $response, $options)
32		{
33	34	$headers = [];
34
35	34	if (!$this->isCorsRequest($request)) {
36	2	return [];
37		}
38
39	32	if ($this->isPreflightRequest($request)) {
40	16	$requestMethod = $request->headers->get("Access-Control-Request-Method");
41	16	$allow = $response->headers->get("Allow");
42	16	if (!$this->isMethodAllowed($requestMethod, $allow, $options["allowMethods"])) {
43	2	return [];
44		}
45
46	14	$requestHeaders = $request->headers->get("Access-Control-Request-Headers");
47	14	if (!$this->areHeadersAllowed($requestHeaders, $options["allowHeaders"])) {
48	1	return [];
49		}
50
51	13	$headers["Access-Control-Allow-Headers"] = $requestHeaders;
52	13	$headers["Access-Control-Allow-Methods"] = $requestMethod;
53	13	$headers["Access-Control-Max-Age"] = $options["maxAge"];
54		} else {
55	16	$headers["Access-Control-Expose-Headers"] = $options["exposeHeaders"];
56		}
57
58	29	$allowOrigin = $this->allowOrigin($request, $options["allowOrigin"]);
59
60	29	if (!$allowOrigin) {
61	9	return [];
62		}
63
64	20	$headers["Access-Control-Allow-Origin"] = $allowOrigin;
65	20	$headers["Access-Control-Allow-Credentials"] = $this->allowCredentials($options["allowCredentials"]);
66
67	20	$response->headers->add(array_filter($headers));
68	20	}
69
70	34	private function isCorsRequest(Request $request)
71		{
72	34	return $request->headers->has("Origin");
73		}
74
75	32	private function isPreflightRequest(Request $request)
76		{
77	32	return $request->getMethod() === "OPTIONS" && $request->headers->has("Access-Control-Request-Method");
78		}
79
80	16	private function isMethodAllowed($requestMethod, $allow, $allowMethods)
81		{
82	16	$commaSeparatedMethods = !is_null($allowMethods) ? $allowMethods : $allow;
83	16	$allowedMethods = array_filter(preg_split("/\s,\s/", $commaSeparatedMethods));
84	16	return in_array($requestMethod, $allowedMethods);
85		}
86
87	14	private function areHeadersAllowed($commaSeparatedRequestHeaders, $allowHeaders)
88		{
89	14	if ($allowHeaders === null) {
90	13	return true;
91		}
92	1	$requestHeaders = array_filter(preg_split("/\s,\s/", $commaSeparatedRequestHeaders));
93	1	$allowedHeaders = array_filter(preg_split("/\s,\s/", $allowHeaders));
94	1	return array_diff($requestHeaders, $allowedHeaders) === [];
95		}
96
97	29	private function allowOrigin(Request $request, $allowOrigin)
98		{
99	29	$origin = $request->headers->get("Origin");
100	29	if ($allowOrigin === "*") {
101	14	$allowOrigin = $origin;
102		}
103
104	29	$origins = array_filter(preg_split('/\s+/', $allowOrigin));
105	29	foreach ($origins as $domain) {
106	29	if (preg_match($this->domainToRegex($domain), $origin)) {
107	29	return $origin;
108		}
109		}
110
111	9	return false;
112		}
113
114	29	private function domainToRegex($domain)
115		{
116	29	$star = $this->doubleQuote("*");
117	29	$slash = $this->doubleQuote("/");
118	29	$dot = $this->doubleQuote(".");
119	29	$wildcard = "/(?<=^\|$slash)$star(?=$dot)/";
120	29	$subdomain = "[^.]+";
121	29	$quotedDomain = preg_quote($domain, "/");
122	29	return "/^" . preg_replace($wildcard, $subdomain, $quotedDomain) . "$/";
123		}
124
125	29	private function doubleQuote($subject)
126		{
127	29	return preg_quote(preg_quote($subject, "/"), "/");
128		}
129
130	20	private function allowCredentials($allowCredentials)
131		{
132	20	return $allowCredentials === true ? "true" : null;
133		}
134		}
135

jdesrosiers / silex-cors-provider

GitHub Access Token became invalid

Cors A last analyzed 2020-04-25 17:55 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

11 Methods

Duplication Side-by-Side

Filter issues like

Cors A
last analyzed 2020-04-25 17:55 UTC