Cors::cors() - Code Metrics - Inspection of "Allow configuration for each cors-enabled usage" - jdesrosiers/silex-cors-provider - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 7bca64...93a2ce )

by Jason

created 2017-03-10 05:15 UTC

Cors::cors() B

↳ Parent: Cors

Complexity

Conditions	5
Paths	5

Size

Total Lines	32
Code Lines	20

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	21
CRAP Score	5

Importance

Changes

Metric	Value
dl	0
loc	32
ccs	21
cts	21
cp	1
rs	8.439
c	0
b	0
f	0
cc	5
eloc	20
nc	5
nop	2
crap	5

<?php

namespace JDesrosiers\Silex\Provider;

use Silex\Application;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class Cors
{
    private $options;

    public function __construct($options = [])
    {
        $this->options = $options;
    }

    public function __invoke(Request $request, Response $response, Application $app)
    {
        $defaults = [
            "allowOrigin" => $app["cors.allowOrigin"],
            "allowMethods" => $app["cors.allowMethods"],
            "allowHeaders" => $app["cors.allowHeaders"],
            "maxAge" => $app["cors.maxAge"],
            "allowCredentials" => $app["cors.allowCredentials"],
            "exposeHeaders" => $app["cors.exposeHeaders"]
        ];
        $cors = new Cors($this->options + $defaults);
        $cors->cors($request, $response);
    }

    private function cors(Request $request, Response $response)
    {
        $headers = [];

        if (!$this->isCorsRequest($request)) {
            return [];
        }

        if ($this->isPreflightRequest($request)) {
            $requestMethod = $request->headers->get("Access-Control-Request-Method");
            $allow = $response->headers->get("Allow");
            if (!$this->isMethodAllowed($requestMethod, $allow)) {
                return [];
            }

            $requestHeaders = $request->headers->get("Access-Control-Request-Headers");
            if (!$this->areHeadersAllowed($requestHeaders)) {
                return [];
            }

            $headers["Access-Control-Allow-Headers"] = $requestHeaders;
            $headers["Access-Control-Allow-Methods"] = $requestMethod;
            $headers["Access-Control-Max-Age"] = $this->options["maxAge"];
        } else {
            $headers["Access-Control-Expose-Headers"] = $this->options["exposeHeaders"];
        }

        $headers["Access-Control-Allow-Origin"] = $this->allowOrigin($request);
        $headers["Access-Control-Allow-Credentials"] = $this->allowCredentials();

        $response->headers->add(array_filter($headers));
    }

    private function isCorsRequest(Request $request)
    {
        return $request->headers->has("Origin");
    }

    private function isPreflightRequest(Request $request)
    {
        return $request->getMethod() === "OPTIONS" && $request->headers->has("Access-Control-Request-Method");
    }

    private function isMethodAllowed($requestMethod, $allow)
    {
        $commaSeparatedMethods = !is_null($this->options["allowMethods"]) ? $this->options["allowMethods"] : $allow;
        $allowedMethods = array_filter(preg_split("/\s*,\s*/", $commaSeparatedMethods));
        return in_array($requestMethod, $allowedMethods);
    }

    private function areHeadersAllowed($commaSeparatedRequestHeaders)
    {
        if ($this->options["allowHeaders"] === null) {
            return true;
        }
        $requestHeaders = array_filter(preg_split("/\s*,\s*/", $commaSeparatedRequestHeaders));
        $allowedHeaders = array_filter(preg_split("/\s*,\s*/", $this->options["allowHeaders"]));
        return array_diff($requestHeaders, $allowedHeaders) === [];
    }

    private function allowOrigin(Request $request)
    {
        $origin = $request->headers->get("Origin");
        if ($this->options["allowOrigin"] === "*") {
            $this->options["allowOrigin"] = $origin;
        }

        $origins = array_filter(preg_split('/\s+/', $this->options["allowOrigin"]));
        foreach ($origins as $domain) {
            if (preg_match($this->domainToRegex($domain), $origin)) {
                return $origin;
            }
        }

        return "null";
    }

    private function domainToRegex($domain)
    {
        return "/^" . preg_replace("/^\\\\\*/", "[^.]+", preg_quote($domain, "/")) . "$/";
    }

    private function allowCredentials()
    {
        return $this->options["allowCredentials"] === true ? "true" : null;
    }
}


1		<?php
2
3		namespace JDesrosiers\Silex\Provider;
4
5		use Silex\Application;
6		use Symfony\Component\HttpFoundation\Request;
7		use Symfony\Component\HttpFoundation\Response;
8
9		class Cors
10		{
11		private $options;
12
13	29	public function __construct($options = [])
14		{
15	29	$this->options = $options;
16	29	}
17
18	25	public function __invoke(Request $request, Response $response, Application $app)
19		{
20		$defaults = [
21	25	"allowOrigin" => $app["cors.allowOrigin"],
22	25	"allowMethods" => $app["cors.allowMethods"],
23	25	"allowHeaders" => $app["cors.allowHeaders"],
24	25	"maxAge" => $app["cors.maxAge"],
25	25	"allowCredentials" => $app["cors.allowCredentials"],
26	25	"exposeHeaders" => $app["cors.exposeHeaders"]
27	25	];
28	25	$cors = new Cors($this->options + $defaults);
29	25	$cors->cors($request, $response);
30	25	}
31
32	25	private function cors(Request $request, Response $response)
33		{
34	25	$headers = [];
35
36	25	if (!$this->isCorsRequest($request)) {
37	2	return [];
38		}
39
40	23	if ($this->isPreflightRequest($request)) {
41	8	$requestMethod = $request->headers->get("Access-Control-Request-Method");
42	8	$allow = $response->headers->get("Allow");
43	8	if (!$this->isMethodAllowed($requestMethod, $allow)) {
44	2	return [];
45		}
46
47	6	$requestHeaders = $request->headers->get("Access-Control-Request-Headers");
48	6	if (!$this->areHeadersAllowed($requestHeaders)) {
49	1	return [];
50		}
51
52	5	$headers["Access-Control-Allow-Headers"] = $requestHeaders;
53	5	$headers["Access-Control-Allow-Methods"] = $requestMethod;
54	5	$headers["Access-Control-Max-Age"] = $this->options["maxAge"];
55	5	} else {
56	15	$headers["Access-Control-Expose-Headers"] = $this->options["exposeHeaders"];
57		}
58
59	20	$headers["Access-Control-Allow-Origin"] = $this->allowOrigin($request);
60	20	$headers["Access-Control-Allow-Credentials"] = $this->allowCredentials();
61
62	20	$response->headers->add(array_filter($headers));
63	20	}
64
65	25	private function isCorsRequest(Request $request)
66		{
67	25	return $request->headers->has("Origin");
68		}
69
70	23	private function isPreflightRequest(Request $request)
71		{
72	23	return $request->getMethod() === "OPTIONS" && $request->headers->has("Access-Control-Request-Method");
73		}
74
75	8	private function isMethodAllowed($requestMethod, $allow)
76		{
77	8	$commaSeparatedMethods = !is_null($this->options["allowMethods"]) ? $this->options["allowMethods"] : $allow;
78	8	$allowedMethods = array_filter(preg_split("/\s,\s/", $commaSeparatedMethods));
79	8	return in_array($requestMethod, $allowedMethods);
80		}
81
82	6	private function areHeadersAllowed($commaSeparatedRequestHeaders)
83		{
84	6	if ($this->options["allowHeaders"] === null) {
85	5	return true;
86		}
87	1	$requestHeaders = array_filter(preg_split("/\s,\s/", $commaSeparatedRequestHeaders));
88	1	$allowedHeaders = array_filter(preg_split("/\s,\s/", $this->options["allowHeaders"]));
89	1	return array_diff($requestHeaders, $allowedHeaders) === [];
90		}
91
92	20	private function allowOrigin(Request $request)
93		{
94	20	$origin = $request->headers->get("Origin");
95	20	if ($this->options["allowOrigin"] === "*") {
96	14	$this->options["allowOrigin"] = $origin;
97	14	}
98
99	20	$origins = array_filter(preg_split('/\s+/', $this->options["allowOrigin"]));
100	20	foreach ($origins as $domain) {
101	20	if (preg_match($this->domainToRegex($domain), $origin)) {
102	19	return $origin;
103		}
104	2	}
105
106	1	return "null";
107		}
108
109	20	private function domainToRegex($domain)
110		{
111	20	return "/^" . preg_replace("/^\\\\\*/", "[^.]+", preg_quote($domain, "/")) . "$/";
112		}
113
114	20	private function allowCredentials()
115		{
116	20	return $this->options["allowCredentials"] === true ? "true" : null;
117		}
118		}
119

jdesrosiers / silex-cors-provider

GitHub Access Token became invalid

Push — master ( 7bca64...93a2ce )

Cors::cors() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like