nextcloud /
server
@@ -43,142 +43,142 @@ |
||
| 43 | 43 | */ |
| 44 | 44 | class Dispatcher { |
| 45 | 45 | |
| 46 | - private $middlewareDispatcher; |
|
| 47 | - private $protocol; |
|
| 48 | - private $reflector; |
|
| 49 | - private $request; |
|
| 50 | - |
|
| 51 | - /** |
|
| 52 | - * @param Http $protocol the http protocol with contains all status headers |
|
| 53 | - * @param MiddlewareDispatcher $middlewareDispatcher the dispatcher which |
|
| 54 | - * runs the middleware |
|
| 55 | - * @param ControllerMethodReflector $reflector the reflector that is used to inject |
|
| 56 | - * the arguments for the controller |
|
| 57 | - * @param IRequest $request the incoming request |
|
| 58 | - */ |
|
| 59 | - public function __construct(Http $protocol, |
|
| 60 | - MiddlewareDispatcher $middlewareDispatcher, |
|
| 61 | - ControllerMethodReflector $reflector, |
|
| 62 | - IRequest $request) { |
|
| 63 | - $this->protocol = $protocol; |
|
| 64 | - $this->middlewareDispatcher = $middlewareDispatcher; |
|
| 65 | - $this->reflector = $reflector; |
|
| 66 | - $this->request = $request; |
|
| 67 | - } |
|
| 68 | - |
|
| 69 | - |
|
| 70 | - /** |
|
| 71 | - * Handles a request and calls the dispatcher on the controller |
|
| 72 | - * @param Controller $controller the controller which will be called |
|
| 73 | - * @param string $methodName the method name which will be called on |
|
| 74 | - * the controller |
|
| 75 | - * @return array $array[0] contains a string with the http main header, |
|
| 76 | - * $array[1] contains headers in the form: $key => value, $array[2] contains |
|
| 77 | - * the response output |
|
| 78 | - * @throws \Exception |
|
| 79 | - */ |
|
| 80 | - public function dispatch(Controller $controller, $methodName) { |
|
| 81 | - $out = array(null, array(), null); |
|
| 82 | - |
|
| 83 | - try { |
|
| 84 | - // prefill reflector with everything thats needed for the |
|
| 85 | - // middlewares |
|
| 86 | - $this->reflector->reflect($controller, $methodName); |
|
| 87 | - |
|
| 88 | - $this->middlewareDispatcher->beforeController($controller, |
|
| 89 | - $methodName); |
|
| 90 | - $response = $this->executeController($controller, $methodName); |
|
| 91 | - |
|
| 92 | - // if an exception appears, the middleware checks if it can handle the |
|
| 93 | - // exception and creates a response. If no response is created, it is |
|
| 94 | - // assumed that theres no middleware who can handle it and the error is |
|
| 95 | - // thrown again |
|
| 96 | - } catch(\Exception $exception){ |
|
| 97 | - $response = $this->middlewareDispatcher->afterException( |
|
| 98 | - $controller, $methodName, $exception); |
|
| 99 | - if (is_null($response)) { |
|
| 100 | - throw $exception; |
|
| 101 | - } |
|
| 102 | - } |
|
| 103 | - |
|
| 104 | - $response = $this->middlewareDispatcher->afterController( |
|
| 105 | - $controller, $methodName, $response); |
|
| 106 | - |
|
| 107 | - // depending on the cache object the headers need to be changed |
|
| 108 | - $out[0] = $this->protocol->getStatusHeader($response->getStatus(), |
|
| 109 | - $response->getLastModified(), $response->getETag()); |
|
| 110 | - $out[1] = array_merge($response->getHeaders()); |
|
| 111 | - $out[2] = $response->getCookies(); |
|
| 112 | - $out[3] = $this->middlewareDispatcher->beforeOutput( |
|
| 113 | - $controller, $methodName, $response->render() |
|
| 114 | - ); |
|
| 115 | - $out[4] = $response; |
|
| 116 | - |
|
| 117 | - return $out; |
|
| 118 | - } |
|
| 119 | - |
|
| 120 | - |
|
| 121 | - /** |
|
| 122 | - * Uses the reflected parameters, types and request parameters to execute |
|
| 123 | - * the controller |
|
| 124 | - * @param Controller $controller the controller to be executed |
|
| 125 | - * @param string $methodName the method on the controller that should be executed |
|
| 126 | - * @return Response |
|
| 127 | - */ |
|
| 128 | - private function executeController($controller, $methodName) { |
|
| 129 | - $arguments = array(); |
|
| 130 | - |
|
| 131 | - // valid types that will be casted |
|
| 132 | - $types = array('int', 'integer', 'bool', 'boolean', 'float'); |
|
| 133 | - |
|
| 134 | - foreach($this->reflector->getParameters() as $param => $default) { |
|
| 135 | - |
|
| 136 | - // try to get the parameter from the request object and cast |
|
| 137 | - // it to the type annotated in the @param annotation |
|
| 138 | - $value = $this->request->getParam($param, $default); |
|
| 139 | - $type = $this->reflector->getType($param); |
|
| 140 | - |
|
| 141 | - // if this is submitted using GET or a POST form, 'false' should be |
|
| 142 | - // converted to false |
|
| 143 | - if(($type === 'bool' || $type === 'boolean') && |
|
| 144 | - $value === 'false' && |
|
| 145 | - ( |
|
| 146 | - $this->request->method === 'GET' || |
|
| 147 | - strpos($this->request->getHeader('Content-Type'), |
|
| 148 | - 'application/x-www-form-urlencoded') !== false |
|
| 149 | - ) |
|
| 150 | - ) { |
|
| 151 | - $value = false; |
|
| 152 | - |
|
| 153 | - } elseif($value !== null && in_array($type, $types)) { |
|
| 154 | - settype($value, $type); |
|
| 155 | - } |
|
| 156 | - |
|
| 157 | - $arguments[] = $value; |
|
| 158 | - } |
|
| 159 | - |
|
| 160 | - $response = call_user_func_array(array($controller, $methodName), $arguments); |
|
| 161 | - |
|
| 162 | - // format response |
|
| 163 | - if($response instanceof DataResponse || !($response instanceof Response)) { |
|
| 164 | - |
|
| 165 | - // get format from the url format or request format parameter |
|
| 166 | - $format = $this->request->getParam('format'); |
|
| 167 | - |
|
| 168 | - // if none is given try the first Accept header |
|
| 169 | - if($format === null) { |
|
| 170 | - $headers = $this->request->getHeader('Accept'); |
|
| 171 | - $format = $controller->getResponderByHTTPHeader($headers, null); |
|
| 172 | - } |
|
| 173 | - |
|
| 174 | - if ($format !== null) { |
|
| 175 | - $response = $controller->buildResponse($response, $format); |
|
| 176 | - } else { |
|
| 177 | - $response = $controller->buildResponse($response); |
|
| 178 | - } |
|
| 179 | - } |
|
| 180 | - |
|
| 181 | - return $response; |
|
| 182 | - } |
|
| 46 | + private $middlewareDispatcher; |
|
| 47 | + private $protocol; |
|
| 48 | + private $reflector; |
|
| 49 | + private $request; |
|
| 50 | + |
|
| 51 | + /** |
|
| 52 | + * @param Http $protocol the http protocol with contains all status headers |
|
| 53 | + * @param MiddlewareDispatcher $middlewareDispatcher the dispatcher which |
|
| 54 | + * runs the middleware |
|
| 55 | + * @param ControllerMethodReflector $reflector the reflector that is used to inject |
|
| 56 | + * the arguments for the controller |
|
| 57 | + * @param IRequest $request the incoming request |
|
| 58 | + */ |
|
| 59 | + public function __construct(Http $protocol, |
|
| 60 | + MiddlewareDispatcher $middlewareDispatcher, |
|
| 61 | + ControllerMethodReflector $reflector, |
|
| 62 | + IRequest $request) { |
|
| 63 | + $this->protocol = $protocol; |
|
| 64 | + $this->middlewareDispatcher = $middlewareDispatcher; |
|
| 65 | + $this->reflector = $reflector; |
|
| 66 | + $this->request = $request; |
|
| 67 | + } |
|
| 68 | + |
|
| 69 | + |
|
| 70 | + /** |
|
| 71 | + * Handles a request and calls the dispatcher on the controller |
|
| 72 | + * @param Controller $controller the controller which will be called |
|
| 73 | + * @param string $methodName the method name which will be called on |
|
| 74 | + * the controller |
|
| 75 | + * @return array $array[0] contains a string with the http main header, |
|
| 76 | + * $array[1] contains headers in the form: $key => value, $array[2] contains |
|
| 77 | + * the response output |
|
| 78 | + * @throws \Exception |
|
| 79 | + */ |
|
| 80 | + public function dispatch(Controller $controller, $methodName) { |
|
| 81 | + $out = array(null, array(), null); |
|
| 82 | + |
|
| 83 | + try { |
|
| 84 | + // prefill reflector with everything thats needed for the |
|
| 85 | + // middlewares |
|
| 86 | + $this->reflector->reflect($controller, $methodName); |
|
| 87 | + |
|
| 88 | + $this->middlewareDispatcher->beforeController($controller, |
|
| 89 | + $methodName); |
|
| 90 | + $response = $this->executeController($controller, $methodName); |
|
| 91 | + |
|
| 92 | + // if an exception appears, the middleware checks if it can handle the |
|
| 93 | + // exception and creates a response. If no response is created, it is |
|
| 94 | + // assumed that theres no middleware who can handle it and the error is |
|
| 95 | + // thrown again |
|
| 96 | + } catch(\Exception $exception){ |
|
| 97 | + $response = $this->middlewareDispatcher->afterException( |
|
| 98 | + $controller, $methodName, $exception); |
|
| 99 | + if (is_null($response)) { |
|
| 100 | + throw $exception; |
|
| 101 | + } |
|
| 102 | + } |
|
| 103 | + |
|
| 104 | + $response = $this->middlewareDispatcher->afterController( |
|
| 105 | + $controller, $methodName, $response); |
|
| 106 | + |
|
| 107 | + // depending on the cache object the headers need to be changed |
|
| 108 | + $out[0] = $this->protocol->getStatusHeader($response->getStatus(), |
|
| 109 | + $response->getLastModified(), $response->getETag()); |
|
| 110 | + $out[1] = array_merge($response->getHeaders()); |
|
| 111 | + $out[2] = $response->getCookies(); |
|
| 112 | + $out[3] = $this->middlewareDispatcher->beforeOutput( |
|
| 113 | + $controller, $methodName, $response->render() |
|
| 114 | + ); |
|
| 115 | + $out[4] = $response; |
|
| 116 | + |
|
| 117 | + return $out; |
|
| 118 | + } |
|
| 119 | + |
|
| 120 | + |
|
| 121 | + /** |
|
| 122 | + * Uses the reflected parameters, types and request parameters to execute |
|
| 123 | + * the controller |
|
| 124 | + * @param Controller $controller the controller to be executed |
|
| 125 | + * @param string $methodName the method on the controller that should be executed |
|
| 126 | + * @return Response |
|
| 127 | + */ |
|
| 128 | + private function executeController($controller, $methodName) { |
|
| 129 | + $arguments = array(); |
|
| 130 | + |
|
| 131 | + // valid types that will be casted |
|
| 132 | + $types = array('int', 'integer', 'bool', 'boolean', 'float'); |
|
| 133 | + |
|
| 134 | + foreach($this->reflector->getParameters() as $param => $default) { |
|
| 135 | + |
|
| 136 | + // try to get the parameter from the request object and cast |
|
| 137 | + // it to the type annotated in the @param annotation |
|
| 138 | + $value = $this->request->getParam($param, $default); |
|
| 139 | + $type = $this->reflector->getType($param); |
|
| 140 | + |
|
| 141 | + // if this is submitted using GET or a POST form, 'false' should be |
|
| 142 | + // converted to false |
|
| 143 | + if(($type === 'bool' || $type === 'boolean') && |
|
| 144 | + $value === 'false' && |
|
| 145 | + ( |
|
| 146 | + $this->request->method === 'GET' || |
|
| 147 | + strpos($this->request->getHeader('Content-Type'), |
|
| 148 | + 'application/x-www-form-urlencoded') !== false |
|
| 149 | + ) |
|
| 150 | + ) { |
|
| 151 | + $value = false; |
|
| 152 | + |
|
| 153 | + } elseif($value !== null && in_array($type, $types)) { |
|
| 154 | + settype($value, $type); |
|
| 155 | + } |
|
| 156 | + |
|
| 157 | + $arguments[] = $value; |
|
| 158 | + } |
|
| 159 | + |
|
| 160 | + $response = call_user_func_array(array($controller, $methodName), $arguments); |
|
| 161 | + |
|
| 162 | + // format response |
|
| 163 | + if($response instanceof DataResponse || !($response instanceof Response)) { |
|
| 164 | + |
|
| 165 | + // get format from the url format or request format parameter |
|
| 166 | + $format = $this->request->getParam('format'); |
|
| 167 | + |
|
| 168 | + // if none is given try the first Accept header |
|
| 169 | + if($format === null) { |
|
| 170 | + $headers = $this->request->getHeader('Accept'); |
|
| 171 | + $format = $controller->getResponderByHTTPHeader($headers, null); |
|
| 172 | + } |
|
| 173 | + |
|
| 174 | + if ($format !== null) { |
|
| 175 | + $response = $controller->buildResponse($response, $format); |
|
| 176 | + } else { |
|
| 177 | + $response = $controller->buildResponse($response); |
|
| 178 | + } |
|
| 179 | + } |
|
| 180 | + |
|
| 181 | + return $response; |
|
| 182 | + } |
|
| 183 | 183 | |
| 184 | 184 | } |
@@ -93,7 +93,7 @@ discard block |
||
| 93 | 93 | // exception and creates a response. If no response is created, it is |
| 94 | 94 | // assumed that theres no middleware who can handle it and the error is |
| 95 | 95 | // thrown again |
| 96 | - } catch(\Exception $exception){ |
|
| 96 | + } catch (\Exception $exception) { |
|
| 97 | 97 | $response = $this->middlewareDispatcher->afterException( |
| 98 | 98 | $controller, $methodName, $exception); |
| 99 | 99 | if (is_null($response)) { |
@@ -131,7 +131,7 @@ discard block |
||
| 131 | 131 | // valid types that will be casted |
| 132 | 132 | $types = array('int', 'integer', 'bool', 'boolean', 'float'); |
| 133 | 133 | |
| 134 | - foreach($this->reflector->getParameters() as $param => $default) { |
|
| 134 | + foreach ($this->reflector->getParameters() as $param => $default) { |
|
| 135 | 135 | |
| 136 | 136 | // try to get the parameter from the request object and cast |
| 137 | 137 | // it to the type annotated in the @param annotation |
@@ -140,7 +140,7 @@ discard block |
||
| 140 | 140 | |
| 141 | 141 | // if this is submitted using GET or a POST form, 'false' should be |
| 142 | 142 | // converted to false |
| 143 | - if(($type === 'bool' || $type === 'boolean') && |
|
| 143 | + if (($type === 'bool' || $type === 'boolean') && |
|
| 144 | 144 | $value === 'false' && |
| 145 | 145 | ( |
| 146 | 146 | $this->request->method === 'GET' || |
@@ -150,7 +150,7 @@ discard block |
||
| 150 | 150 | ) { |
| 151 | 151 | $value = false; |
| 152 | 152 | |
| 153 | - } elseif($value !== null && in_array($type, $types)) { |
|
| 153 | + } elseif ($value !== null && in_array($type, $types)) { |
|
| 154 | 154 | settype($value, $type); |
| 155 | 155 | } |
| 156 | 156 | |
@@ -160,13 +160,13 @@ discard block |
||
| 160 | 160 | $response = call_user_func_array(array($controller, $methodName), $arguments); |
| 161 | 161 | |
| 162 | 162 | // format response |
| 163 | - if($response instanceof DataResponse || !($response instanceof Response)) { |
|
| 163 | + if ($response instanceof DataResponse || !($response instanceof Response)) { |
|
| 164 | 164 | |
| 165 | 165 | // get format from the url format or request format parameter |
| 166 | 166 | $format = $this->request->getParam('format'); |
| 167 | 167 | |
| 168 | 168 | // if none is given try the first Accept header |
| 169 | - if($format === null) { |
|
| 169 | + if ($format === null) { |
|
| 170 | 170 | $headers = $this->request->getHeader('Accept'); |
| 171 | 171 | $format = $controller->getResponderByHTTPHeader($headers, null); |
| 172 | 172 | } |
@@ -45,116 +45,116 @@ |
||
| 45 | 45 | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS |
| 46 | 46 | */ |
| 47 | 47 | class CORSMiddleware extends Middleware { |
| 48 | - /** @var IRequest */ |
|
| 49 | - private $request; |
|
| 50 | - /** @var ControllerMethodReflector */ |
|
| 51 | - private $reflector; |
|
| 52 | - /** @var Session */ |
|
| 53 | - private $session; |
|
| 54 | - /** @var Throttler */ |
|
| 55 | - private $throttler; |
|
| 48 | + /** @var IRequest */ |
|
| 49 | + private $request; |
|
| 50 | + /** @var ControllerMethodReflector */ |
|
| 51 | + private $reflector; |
|
| 52 | + /** @var Session */ |
|
| 53 | + private $session; |
|
| 54 | + /** @var Throttler */ |
|
| 55 | + private $throttler; |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * @param IRequest $request |
|
| 59 | - * @param ControllerMethodReflector $reflector |
|
| 60 | - * @param Session $session |
|
| 61 | - * @param Throttler $throttler |
|
| 62 | - */ |
|
| 63 | - public function __construct(IRequest $request, |
|
| 64 | - ControllerMethodReflector $reflector, |
|
| 65 | - Session $session, |
|
| 66 | - Throttler $throttler) { |
|
| 67 | - $this->request = $request; |
|
| 68 | - $this->reflector = $reflector; |
|
| 69 | - $this->session = $session; |
|
| 70 | - $this->throttler = $throttler; |
|
| 71 | - } |
|
| 57 | + /** |
|
| 58 | + * @param IRequest $request |
|
| 59 | + * @param ControllerMethodReflector $reflector |
|
| 60 | + * @param Session $session |
|
| 61 | + * @param Throttler $throttler |
|
| 62 | + */ |
|
| 63 | + public function __construct(IRequest $request, |
|
| 64 | + ControllerMethodReflector $reflector, |
|
| 65 | + Session $session, |
|
| 66 | + Throttler $throttler) { |
|
| 67 | + $this->request = $request; |
|
| 68 | + $this->reflector = $reflector; |
|
| 69 | + $this->session = $session; |
|
| 70 | + $this->throttler = $throttler; |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * This is being run in normal order before the controller is being |
|
| 75 | - * called which allows several modifications and checks |
|
| 76 | - * |
|
| 77 | - * @param Controller $controller the controller that is being called |
|
| 78 | - * @param string $methodName the name of the method that will be called on |
|
| 79 | - * the controller |
|
| 80 | - * @throws SecurityException |
|
| 81 | - * @since 6.0.0 |
|
| 82 | - */ |
|
| 83 | - public function beforeController($controller, $methodName){ |
|
| 84 | - // ensure that @CORS annotated API routes are not used in conjunction |
|
| 85 | - // with session authentication since this enables CSRF attack vectors |
|
| 86 | - if ($this->reflector->hasAnnotation('CORS') && |
|
| 87 | - !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | - $user = $this->request->server['PHP_AUTH_USER']; |
|
| 89 | - $pass = $this->request->server['PHP_AUTH_PW']; |
|
| 73 | + /** |
|
| 74 | + * This is being run in normal order before the controller is being |
|
| 75 | + * called which allows several modifications and checks |
|
| 76 | + * |
|
| 77 | + * @param Controller $controller the controller that is being called |
|
| 78 | + * @param string $methodName the name of the method that will be called on |
|
| 79 | + * the controller |
|
| 80 | + * @throws SecurityException |
|
| 81 | + * @since 6.0.0 |
|
| 82 | + */ |
|
| 83 | + public function beforeController($controller, $methodName){ |
|
| 84 | + // ensure that @CORS annotated API routes are not used in conjunction |
|
| 85 | + // with session authentication since this enables CSRF attack vectors |
|
| 86 | + if ($this->reflector->hasAnnotation('CORS') && |
|
| 87 | + !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | + $user = $this->request->server['PHP_AUTH_USER']; |
|
| 89 | + $pass = $this->request->server['PHP_AUTH_PW']; |
|
| 90 | 90 | |
| 91 | - $this->session->logout(); |
|
| 92 | - try { |
|
| 93 | - if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |
|
| 94 | - throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); |
|
| 95 | - } |
|
| 96 | - } catch (PasswordLoginForbiddenException $ex) { |
|
| 97 | - throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED); |
|
| 98 | - } |
|
| 99 | - } |
|
| 100 | - } |
|
| 91 | + $this->session->logout(); |
|
| 92 | + try { |
|
| 93 | + if (!$this->session->logClientIn($user, $pass, $this->request, $this->throttler)) { |
|
| 94 | + throw new SecurityException('CORS requires basic auth', Http::STATUS_UNAUTHORIZED); |
|
| 95 | + } |
|
| 96 | + } catch (PasswordLoginForbiddenException $ex) { |
|
| 97 | + throw new SecurityException('Password login forbidden, use token instead', Http::STATUS_UNAUTHORIZED); |
|
| 98 | + } |
|
| 99 | + } |
|
| 100 | + } |
|
| 101 | 101 | |
| 102 | - /** |
|
| 103 | - * This is being run after a successful controllermethod call and allows |
|
| 104 | - * the manipulation of a Response object. The middleware is run in reverse order |
|
| 105 | - * |
|
| 106 | - * @param Controller $controller the controller that is being called |
|
| 107 | - * @param string $methodName the name of the method that will be called on |
|
| 108 | - * the controller |
|
| 109 | - * @param Response $response the generated response from the controller |
|
| 110 | - * @return Response a Response object |
|
| 111 | - * @throws SecurityException |
|
| 112 | - */ |
|
| 113 | - public function afterController($controller, $methodName, Response $response){ |
|
| 114 | - // only react if its a CORS request and if the request sends origin and |
|
| 102 | + /** |
|
| 103 | + * This is being run after a successful controllermethod call and allows |
|
| 104 | + * the manipulation of a Response object. The middleware is run in reverse order |
|
| 105 | + * |
|
| 106 | + * @param Controller $controller the controller that is being called |
|
| 107 | + * @param string $methodName the name of the method that will be called on |
|
| 108 | + * the controller |
|
| 109 | + * @param Response $response the generated response from the controller |
|
| 110 | + * @return Response a Response object |
|
| 111 | + * @throws SecurityException |
|
| 112 | + */ |
|
| 113 | + public function afterController($controller, $methodName, Response $response){ |
|
| 114 | + // only react if its a CORS request and if the request sends origin and |
|
| 115 | 115 | |
| 116 | - if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | - $this->reflector->hasAnnotation('CORS')) { |
|
| 116 | + if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | + $this->reflector->hasAnnotation('CORS')) { |
|
| 118 | 118 | |
| 119 | - // allow credentials headers must not be true or CSRF is possible |
|
| 120 | - // otherwise |
|
| 121 | - foreach($response->getHeaders() as $header => $value) { |
|
| 122 | - if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | - strtolower(trim($value)) === 'true') { |
|
| 124 | - $msg = 'Access-Control-Allow-Credentials must not be '. |
|
| 125 | - 'set to true in order to prevent CSRF'; |
|
| 126 | - throw new SecurityException($msg); |
|
| 127 | - } |
|
| 128 | - } |
|
| 119 | + // allow credentials headers must not be true or CSRF is possible |
|
| 120 | + // otherwise |
|
| 121 | + foreach($response->getHeaders() as $header => $value) { |
|
| 122 | + if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | + strtolower(trim($value)) === 'true') { |
|
| 124 | + $msg = 'Access-Control-Allow-Credentials must not be '. |
|
| 125 | + 'set to true in order to prevent CSRF'; |
|
| 126 | + throw new SecurityException($msg); |
|
| 127 | + } |
|
| 128 | + } |
|
| 129 | 129 | |
| 130 | - $origin = $this->request->server['HTTP_ORIGIN']; |
|
| 131 | - $response->addHeader('Access-Control-Allow-Origin', $origin); |
|
| 132 | - } |
|
| 133 | - return $response; |
|
| 134 | - } |
|
| 130 | + $origin = $this->request->server['HTTP_ORIGIN']; |
|
| 131 | + $response->addHeader('Access-Control-Allow-Origin', $origin); |
|
| 132 | + } |
|
| 133 | + return $response; |
|
| 134 | + } |
|
| 135 | 135 | |
| 136 | - /** |
|
| 137 | - * If an SecurityException is being caught return a JSON error response |
|
| 138 | - * |
|
| 139 | - * @param Controller $controller the controller that is being called |
|
| 140 | - * @param string $methodName the name of the method that will be called on |
|
| 141 | - * the controller |
|
| 142 | - * @param \Exception $exception the thrown exception |
|
| 143 | - * @throws \Exception the passed in exception if it can't handle it |
|
| 144 | - * @return Response a Response object or null in case that the exception could not be handled |
|
| 145 | - */ |
|
| 146 | - public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | - if($exception instanceof SecurityException){ |
|
| 148 | - $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | - if($exception->getCode() !== 0) { |
|
| 150 | - $response->setStatus($exception->getCode()); |
|
| 151 | - } else { |
|
| 152 | - $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
|
| 153 | - } |
|
| 154 | - return $response; |
|
| 155 | - } |
|
| 136 | + /** |
|
| 137 | + * If an SecurityException is being caught return a JSON error response |
|
| 138 | + * |
|
| 139 | + * @param Controller $controller the controller that is being called |
|
| 140 | + * @param string $methodName the name of the method that will be called on |
|
| 141 | + * the controller |
|
| 142 | + * @param \Exception $exception the thrown exception |
|
| 143 | + * @throws \Exception the passed in exception if it can't handle it |
|
| 144 | + * @return Response a Response object or null in case that the exception could not be handled |
|
| 145 | + */ |
|
| 146 | + public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | + if($exception instanceof SecurityException){ |
|
| 148 | + $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | + if($exception->getCode() !== 0) { |
|
| 150 | + $response->setStatus($exception->getCode()); |
|
| 151 | + } else { |
|
| 152 | + $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
|
| 153 | + } |
|
| 154 | + return $response; |
|
| 155 | + } |
|
| 156 | 156 | |
| 157 | - throw $exception; |
|
| 158 | - } |
|
| 157 | + throw $exception; |
|
| 158 | + } |
|
| 159 | 159 | |
| 160 | 160 | } |
@@ -80,11 +80,11 @@ discard block |
||
| 80 | 80 | * @throws SecurityException |
| 81 | 81 | * @since 6.0.0 |
| 82 | 82 | */ |
| 83 | - public function beforeController($controller, $methodName){ |
|
| 83 | + public function beforeController($controller, $methodName) { |
|
| 84 | 84 | // ensure that @CORS annotated API routes are not used in conjunction |
| 85 | 85 | // with session authentication since this enables CSRF attack vectors |
| 86 | 86 | if ($this->reflector->hasAnnotation('CORS') && |
| 87 | - !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 87 | + !$this->reflector->hasAnnotation('PublicPage')) { |
|
| 88 | 88 | $user = $this->request->server['PHP_AUTH_USER']; |
| 89 | 89 | $pass = $this->request->server['PHP_AUTH_PW']; |
| 90 | 90 | |
@@ -110,16 +110,16 @@ discard block |
||
| 110 | 110 | * @return Response a Response object |
| 111 | 111 | * @throws SecurityException |
| 112 | 112 | */ |
| 113 | - public function afterController($controller, $methodName, Response $response){ |
|
| 113 | + public function afterController($controller, $methodName, Response $response) { |
|
| 114 | 114 | // only react if its a CORS request and if the request sends origin and |
| 115 | 115 | |
| 116 | - if(isset($this->request->server['HTTP_ORIGIN']) && |
|
| 116 | + if (isset($this->request->server['HTTP_ORIGIN']) && |
|
| 117 | 117 | $this->reflector->hasAnnotation('CORS')) { |
| 118 | 118 | |
| 119 | 119 | // allow credentials headers must not be true or CSRF is possible |
| 120 | 120 | // otherwise |
| 121 | - foreach($response->getHeaders() as $header => $value) { |
|
| 122 | - if(strtolower($header) === 'access-control-allow-credentials' && |
|
| 121 | + foreach ($response->getHeaders() as $header => $value) { |
|
| 122 | + if (strtolower($header) === 'access-control-allow-credentials' && |
|
| 123 | 123 | strtolower(trim($value)) === 'true') { |
| 124 | 124 | $msg = 'Access-Control-Allow-Credentials must not be '. |
| 125 | 125 | 'set to true in order to prevent CSRF'; |
@@ -143,10 +143,10 @@ discard block |
||
| 143 | 143 | * @throws \Exception the passed in exception if it can't handle it |
| 144 | 144 | * @return Response a Response object or null in case that the exception could not be handled |
| 145 | 145 | */ |
| 146 | - public function afterException($controller, $methodName, \Exception $exception){ |
|
| 147 | - if($exception instanceof SecurityException){ |
|
| 148 | - $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | - if($exception->getCode() !== 0) { |
|
| 146 | + public function afterException($controller, $methodName, \Exception $exception) { |
|
| 147 | + if ($exception instanceof SecurityException) { |
|
| 148 | + $response = new JSONResponse(['message' => $exception->getMessage()]); |
|
| 149 | + if ($exception->getCode() !== 0) { |
|
| 150 | 150 | $response->setStatus($exception->getCode()); |
| 151 | 151 | } else { |
| 152 | 152 | $response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR); |
@@ -34,7 +34,7 @@ |
||
| 34 | 34 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 35 | 35 | */ |
| 36 | 36 | class CrossSiteRequestForgeryException extends SecurityException { |
| 37 | - public function __construct() { |
|
| 38 | - parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | - } |
|
| 37 | + public function __construct() { |
|
| 38 | + parent::__construct('CSRF check failed', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | + } |
|
| 40 | 40 | } |
@@ -1,6 +1,5 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | /** |
| 3 | - |
|
| 4 | 3 | * |
| 5 | 4 | * @author Lukas Reschke <[email protected]> |
| 6 | 5 | * |
@@ -32,7 +31,7 @@ discard block |
||
| 32 | 31 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 33 | 32 | */ |
| 34 | 33 | class StrictCookieMissingException extends SecurityException { |
| 35 | - public function __construct() { |
|
| 36 | - parent::__construct('Strict Cookie has not been found in request.', Http::STATUS_PRECONDITION_FAILED); |
|
| 37 | - } |
|
| 34 | + public function __construct() { |
|
| 35 | + parent::__construct('Strict Cookie has not been found in request.', Http::STATUS_PRECONDITION_FAILED); |
|
| 36 | + } |
|
| 38 | 37 | } |
@@ -34,7 +34,7 @@ |
||
| 34 | 34 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 35 | 35 | */ |
| 36 | 36 | class AppNotEnabledException extends SecurityException { |
| 37 | - public function __construct() { |
|
| 38 | - parent::__construct('App is not enabled', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | - } |
|
| 37 | + public function __construct() { |
|
| 38 | + parent::__construct('App is not enabled', Http::STATUS_PRECONDITION_FAILED); |
|
| 39 | + } |
|
| 40 | 40 | } |
@@ -34,7 +34,7 @@ |
||
| 34 | 34 | * @package OC\AppFramework\Middleware\Security\Exceptions |
| 35 | 35 | */ |
| 36 | 36 | class NotLoggedInException extends SecurityException { |
| 37 | - public function __construct() { |
|
| 38 | - parent::__construct('Current user is not logged in', Http::STATUS_UNAUTHORIZED); |
|
| 39 | - } |
|
| 37 | + public function __construct() { |
|
| 38 | + parent::__construct('Current user is not logged in', Http::STATUS_UNAUTHORIZED); |
|
| 39 | + } |
|
| 40 | 40 | } |
@@ -143,7 +143,7 @@ |
||
| 143 | 143 | $format = $this->request->getParam('format'); |
| 144 | 144 | |
| 145 | 145 | // if none is given try the first Accept header |
| 146 | - if($format === null) { |
|
| 146 | + if ($format === null) { |
|
| 147 | 147 | $headers = $this->request->getHeader('Accept'); |
| 148 | 148 | $format = $controller->getResponderByHTTPHeader($headers, 'xml'); |
| 149 | 149 | } |
@@ -1,6 +1,5 @@ discard block |
||
| 1 | 1 | <?php |
| 2 | 2 | /** |
| 3 | - |
|
| 4 | 3 | * |
| 5 | 4 | * @author Roeland Jago Douma <[email protected]> |
| 6 | 5 | * |
@@ -31,57 +30,57 @@ discard block |
||
| 31 | 30 | |
| 32 | 31 | class OCSMiddleware extends Middleware { |
| 33 | 32 | |
| 34 | - /** @var IRequest */ |
|
| 35 | - private $request; |
|
| 33 | + /** @var IRequest */ |
|
| 34 | + private $request; |
|
| 36 | 35 | |
| 37 | - /** |
|
| 38 | - * @param IRequest $request |
|
| 39 | - */ |
|
| 40 | - public function __construct(IRequest $request) { |
|
| 41 | - $this->request = $request; |
|
| 42 | - } |
|
| 36 | + /** |
|
| 37 | + * @param IRequest $request |
|
| 38 | + */ |
|
| 39 | + public function __construct(IRequest $request) { |
|
| 40 | + $this->request = $request; |
|
| 41 | + } |
|
| 43 | 42 | |
| 44 | - /** |
|
| 45 | - * @param \OCP\AppFramework\Controller $controller |
|
| 46 | - * @param string $methodName |
|
| 47 | - * @param \Exception $exception |
|
| 48 | - * @throws \Exception |
|
| 49 | - * @return OCSResponse |
|
| 50 | - */ |
|
| 51 | - public function afterException($controller, $methodName, \Exception $exception) { |
|
| 52 | - if ($controller instanceof OCSController && $exception instanceof OCSException) { |
|
| 53 | - $format = $this->getFormat($controller); |
|
| 43 | + /** |
|
| 44 | + * @param \OCP\AppFramework\Controller $controller |
|
| 45 | + * @param string $methodName |
|
| 46 | + * @param \Exception $exception |
|
| 47 | + * @throws \Exception |
|
| 48 | + * @return OCSResponse |
|
| 49 | + */ |
|
| 50 | + public function afterException($controller, $methodName, \Exception $exception) { |
|
| 51 | + if ($controller instanceof OCSController && $exception instanceof OCSException) { |
|
| 52 | + $format = $this->getFormat($controller); |
|
| 54 | 53 | |
| 55 | - $code = $exception->getCode(); |
|
| 56 | - if ($code === 0) { |
|
| 57 | - $code = Http::STATUS_INTERNAL_SERVER_ERROR; |
|
| 58 | - } |
|
| 54 | + $code = $exception->getCode(); |
|
| 55 | + if ($code === 0) { |
|
| 56 | + $code = Http::STATUS_INTERNAL_SERVER_ERROR; |
|
| 57 | + } |
|
| 59 | 58 | |
| 60 | - $response = new OCSResponse($format, $code, $exception->getMessage()); |
|
| 59 | + $response = new OCSResponse($format, $code, $exception->getMessage()); |
|
| 61 | 60 | |
| 62 | - if (substr_compare($this->request->getScriptName(), '/ocs/v2.php', -strlen('/ocs/v2.php')) === 0) { |
|
| 63 | - $response->setStatus($code); |
|
| 64 | - } |
|
| 65 | - return $response; |
|
| 66 | - } |
|
| 61 | + if (substr_compare($this->request->getScriptName(), '/ocs/v2.php', -strlen('/ocs/v2.php')) === 0) { |
|
| 62 | + $response->setStatus($code); |
|
| 63 | + } |
|
| 64 | + return $response; |
|
| 65 | + } |
|
| 67 | 66 | |
| 68 | - throw $exception; |
|
| 69 | - } |
|
| 67 | + throw $exception; |
|
| 68 | + } |
|
| 70 | 69 | |
| 71 | - /** |
|
| 72 | - * @param \OCP\AppFramework\Controller $controller |
|
| 73 | - * @return string |
|
| 74 | - */ |
|
| 75 | - private function getFormat($controller) { |
|
| 76 | - // get format from the url format or request format parameter |
|
| 77 | - $format = $this->request->getParam('format'); |
|
| 70 | + /** |
|
| 71 | + * @param \OCP\AppFramework\Controller $controller |
|
| 72 | + * @return string |
|
| 73 | + */ |
|
| 74 | + private function getFormat($controller) { |
|
| 75 | + // get format from the url format or request format parameter |
|
| 76 | + $format = $this->request->getParam('format'); |
|
| 78 | 77 | |
| 79 | - // if none is given try the first Accept header |
|
| 80 | - if($format === null) { |
|
| 81 | - $headers = $this->request->getHeader('Accept'); |
|
| 82 | - $format = $controller->getResponderByHTTPHeader($headers, 'xml'); |
|
| 83 | - } |
|
| 78 | + // if none is given try the first Accept header |
|
| 79 | + if($format === null) { |
|
| 80 | + $headers = $this->request->getHeader('Accept'); |
|
| 81 | + $format = $controller->getResponderByHTTPHeader($headers, 'xml'); |
|
| 82 | + } |
|
| 84 | 83 | |
| 85 | - return $format; |
|
| 86 | - } |
|
| 84 | + return $format; |
|
| 85 | + } |
|
| 87 | 86 | } |
@@ -31,52 +31,52 @@ |
||
| 31 | 31 | |
| 32 | 32 | class SessionMiddleware extends Middleware { |
| 33 | 33 | |
| 34 | - /** |
|
| 35 | - * @var IRequest |
|
| 36 | - */ |
|
| 37 | - private $request; |
|
| 34 | + /** |
|
| 35 | + * @var IRequest |
|
| 36 | + */ |
|
| 37 | + private $request; |
|
| 38 | 38 | |
| 39 | - /** |
|
| 40 | - * @var ControllerMethodReflector |
|
| 41 | - */ |
|
| 42 | - private $reflector; |
|
| 39 | + /** |
|
| 40 | + * @var ControllerMethodReflector |
|
| 41 | + */ |
|
| 42 | + private $reflector; |
|
| 43 | 43 | |
| 44 | - /** |
|
| 45 | - * @param IRequest $request |
|
| 46 | - * @param ControllerMethodReflector $reflector |
|
| 47 | - */ |
|
| 48 | - public function __construct(IRequest $request, |
|
| 49 | - ControllerMethodReflector $reflector, |
|
| 50 | - ISession $session |
|
| 44 | + /** |
|
| 45 | + * @param IRequest $request |
|
| 46 | + * @param ControllerMethodReflector $reflector |
|
| 47 | + */ |
|
| 48 | + public function __construct(IRequest $request, |
|
| 49 | + ControllerMethodReflector $reflector, |
|
| 50 | + ISession $session |
|
| 51 | 51 | ) { |
| 52 | - $this->request = $request; |
|
| 53 | - $this->reflector = $reflector; |
|
| 54 | - $this->session = $session; |
|
| 55 | - } |
|
| 52 | + $this->request = $request; |
|
| 53 | + $this->reflector = $reflector; |
|
| 54 | + $this->session = $session; |
|
| 55 | + } |
|
| 56 | 56 | |
| 57 | - /** |
|
| 58 | - * @param \OCP\AppFramework\Controller $controller |
|
| 59 | - * @param string $methodName |
|
| 60 | - */ |
|
| 61 | - public function beforeController($controller, $methodName) { |
|
| 62 | - $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 63 | - if (!$useSession) { |
|
| 64 | - $this->session->close(); |
|
| 65 | - } |
|
| 66 | - } |
|
| 57 | + /** |
|
| 58 | + * @param \OCP\AppFramework\Controller $controller |
|
| 59 | + * @param string $methodName |
|
| 60 | + */ |
|
| 61 | + public function beforeController($controller, $methodName) { |
|
| 62 | + $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 63 | + if (!$useSession) { |
|
| 64 | + $this->session->close(); |
|
| 65 | + } |
|
| 66 | + } |
|
| 67 | 67 | |
| 68 | - /** |
|
| 69 | - * @param \OCP\AppFramework\Controller $controller |
|
| 70 | - * @param string $methodName |
|
| 71 | - * @param Response $response |
|
| 72 | - * @return Response |
|
| 73 | - */ |
|
| 74 | - public function afterController($controller, $methodName, Response $response){ |
|
| 75 | - $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 76 | - if ($useSession) { |
|
| 77 | - $this->session->close(); |
|
| 78 | - } |
|
| 79 | - return $response; |
|
| 80 | - } |
|
| 68 | + /** |
|
| 69 | + * @param \OCP\AppFramework\Controller $controller |
|
| 70 | + * @param string $methodName |
|
| 71 | + * @param Response $response |
|
| 72 | + * @return Response |
|
| 73 | + */ |
|
| 74 | + public function afterController($controller, $methodName, Response $response){ |
|
| 75 | + $useSession = $this->reflector->hasAnnotation('UseSession'); |
|
| 76 | + if ($useSession) { |
|
| 77 | + $this->session->close(); |
|
| 78 | + } |
|
| 79 | + return $response; |
|
| 80 | + } |
|
| 81 | 81 | |
| 82 | 82 | } |
@@ -71,7 +71,7 @@ |
||
| 71 | 71 | * @param Response $response |
| 72 | 72 | * @return Response |
| 73 | 73 | */ |
| 74 | - public function afterController($controller, $methodName, Response $response){ |
|
| 74 | + public function afterController($controller, $methodName, Response $response) { |
|
| 75 | 75 | $useSession = $this->reflector->hasAnnotation('UseSession'); |
| 76 | 76 | if ($useSession) { |
| 77 | 77 | $this->session->close(); |
@@ -37,128 +37,128 @@ |
||
| 37 | 37 | */ |
| 38 | 38 | class MiddlewareDispatcher { |
| 39 | 39 | |
| 40 | - /** |
|
| 41 | - * @var array array containing all the middlewares |
|
| 42 | - */ |
|
| 43 | - private $middlewares; |
|
| 44 | - |
|
| 45 | - /** |
|
| 46 | - * @var int counter which tells us what middlware was executed once an |
|
| 47 | - * exception occurs |
|
| 48 | - */ |
|
| 49 | - private $middlewareCounter; |
|
| 50 | - |
|
| 51 | - |
|
| 52 | - /** |
|
| 53 | - * Constructor |
|
| 54 | - */ |
|
| 55 | - public function __construct(){ |
|
| 56 | - $this->middlewares = array(); |
|
| 57 | - $this->middlewareCounter = 0; |
|
| 58 | - } |
|
| 59 | - |
|
| 60 | - |
|
| 61 | - /** |
|
| 62 | - * Adds a new middleware |
|
| 63 | - * @param Middleware $middleWare the middleware which will be added |
|
| 64 | - */ |
|
| 65 | - public function registerMiddleware(Middleware $middleWare){ |
|
| 66 | - array_push($this->middlewares, $middleWare); |
|
| 67 | - } |
|
| 68 | - |
|
| 69 | - |
|
| 70 | - /** |
|
| 71 | - * returns an array with all middleware elements |
|
| 72 | - * @return array the middlewares |
|
| 73 | - */ |
|
| 74 | - public function getMiddlewares(){ |
|
| 75 | - return $this->middlewares; |
|
| 76 | - } |
|
| 77 | - |
|
| 78 | - |
|
| 79 | - /** |
|
| 80 | - * This is being run in normal order before the controller is being |
|
| 81 | - * called which allows several modifications and checks |
|
| 82 | - * |
|
| 83 | - * @param Controller $controller the controller that is being called |
|
| 84 | - * @param string $methodName the name of the method that will be called on |
|
| 85 | - * the controller |
|
| 86 | - */ |
|
| 87 | - public function beforeController(Controller $controller, $methodName){ |
|
| 88 | - // we need to count so that we know which middlewares we have to ask in |
|
| 89 | - // case there is an exception |
|
| 90 | - $middlewareCount = count($this->middlewares); |
|
| 91 | - for($i = 0; $i < $middlewareCount; $i++){ |
|
| 92 | - $this->middlewareCounter++; |
|
| 93 | - $middleware = $this->middlewares[$i]; |
|
| 94 | - $middleware->beforeController($controller, $methodName); |
|
| 95 | - } |
|
| 96 | - } |
|
| 97 | - |
|
| 98 | - |
|
| 99 | - /** |
|
| 100 | - * This is being run when either the beforeController method or the |
|
| 101 | - * controller method itself is throwing an exception. The middleware is asked |
|
| 102 | - * in reverse order to handle the exception and to return a response. |
|
| 103 | - * If the response is null, it is assumed that the exception could not be |
|
| 104 | - * handled and the error will be thrown again |
|
| 105 | - * |
|
| 106 | - * @param Controller $controller the controller that is being called |
|
| 107 | - * @param string $methodName the name of the method that will be called on |
|
| 108 | - * the controller |
|
| 109 | - * @param \Exception $exception the thrown exception |
|
| 110 | - * @return Response a Response object if the middleware can handle the |
|
| 111 | - * exception |
|
| 112 | - * @throws \Exception the passed in exception if it can't handle it |
|
| 113 | - */ |
|
| 114 | - public function afterException(Controller $controller, $methodName, \Exception $exception){ |
|
| 115 | - for($i=$this->middlewareCounter-1; $i>=0; $i--){ |
|
| 116 | - $middleware = $this->middlewares[$i]; |
|
| 117 | - try { |
|
| 118 | - return $middleware->afterException($controller, $methodName, $exception); |
|
| 119 | - } catch(\Exception $exception){ |
|
| 120 | - continue; |
|
| 121 | - } |
|
| 122 | - } |
|
| 123 | - throw $exception; |
|
| 124 | - } |
|
| 125 | - |
|
| 126 | - |
|
| 127 | - /** |
|
| 128 | - * This is being run after a successful controllermethod call and allows |
|
| 129 | - * the manipulation of a Response object. The middleware is run in reverse order |
|
| 130 | - * |
|
| 131 | - * @param Controller $controller the controller that is being called |
|
| 132 | - * @param string $methodName the name of the method that will be called on |
|
| 133 | - * the controller |
|
| 134 | - * @param Response $response the generated response from the controller |
|
| 135 | - * @return Response a Response object |
|
| 136 | - */ |
|
| 137 | - public function afterController(Controller $controller, $methodName, Response $response){ |
|
| 138 | - for($i=count($this->middlewares)-1; $i>=0; $i--){ |
|
| 139 | - $middleware = $this->middlewares[$i]; |
|
| 140 | - $response = $middleware->afterController($controller, $methodName, $response); |
|
| 141 | - } |
|
| 142 | - return $response; |
|
| 143 | - } |
|
| 144 | - |
|
| 145 | - |
|
| 146 | - /** |
|
| 147 | - * This is being run after the response object has been rendered and |
|
| 148 | - * allows the manipulation of the output. The middleware is run in reverse order |
|
| 149 | - * |
|
| 150 | - * @param Controller $controller the controller that is being called |
|
| 151 | - * @param string $methodName the name of the method that will be called on |
|
| 152 | - * the controller |
|
| 153 | - * @param string $output the generated output from a response |
|
| 154 | - * @return string the output that should be printed |
|
| 155 | - */ |
|
| 156 | - public function beforeOutput(Controller $controller, $methodName, $output){ |
|
| 157 | - for($i=count($this->middlewares)-1; $i>=0; $i--){ |
|
| 158 | - $middleware = $this->middlewares[$i]; |
|
| 159 | - $output = $middleware->beforeOutput($controller, $methodName, $output); |
|
| 160 | - } |
|
| 161 | - return $output; |
|
| 162 | - } |
|
| 40 | + /** |
|
| 41 | + * @var array array containing all the middlewares |
|
| 42 | + */ |
|
| 43 | + private $middlewares; |
|
| 44 | + |
|
| 45 | + /** |
|
| 46 | + * @var int counter which tells us what middlware was executed once an |
|
| 47 | + * exception occurs |
|
| 48 | + */ |
|
| 49 | + private $middlewareCounter; |
|
| 50 | + |
|
| 51 | + |
|
| 52 | + /** |
|
| 53 | + * Constructor |
|
| 54 | + */ |
|
| 55 | + public function __construct(){ |
|
| 56 | + $this->middlewares = array(); |
|
| 57 | + $this->middlewareCounter = 0; |
|
| 58 | + } |
|
| 59 | + |
|
| 60 | + |
|
| 61 | + /** |
|
| 62 | + * Adds a new middleware |
|
| 63 | + * @param Middleware $middleWare the middleware which will be added |
|
| 64 | + */ |
|
| 65 | + public function registerMiddleware(Middleware $middleWare){ |
|
| 66 | + array_push($this->middlewares, $middleWare); |
|
| 67 | + } |
|
| 68 | + |
|
| 69 | + |
|
| 70 | + /** |
|
| 71 | + * returns an array with all middleware elements |
|
| 72 | + * @return array the middlewares |
|
| 73 | + */ |
|
| 74 | + public function getMiddlewares(){ |
|
| 75 | + return $this->middlewares; |
|
| 76 | + } |
|
| 77 | + |
|
| 78 | + |
|
| 79 | + /** |
|
| 80 | + * This is being run in normal order before the controller is being |
|
| 81 | + * called which allows several modifications and checks |
|
| 82 | + * |
|
| 83 | + * @param Controller $controller the controller that is being called |
|
| 84 | + * @param string $methodName the name of the method that will be called on |
|
| 85 | + * the controller |
|
| 86 | + */ |
|
| 87 | + public function beforeController(Controller $controller, $methodName){ |
|
| 88 | + // we need to count so that we know which middlewares we have to ask in |
|
| 89 | + // case there is an exception |
|
| 90 | + $middlewareCount = count($this->middlewares); |
|
| 91 | + for($i = 0; $i < $middlewareCount; $i++){ |
|
| 92 | + $this->middlewareCounter++; |
|
| 93 | + $middleware = $this->middlewares[$i]; |
|
| 94 | + $middleware->beforeController($controller, $methodName); |
|
| 95 | + } |
|
| 96 | + } |
|
| 97 | + |
|
| 98 | + |
|
| 99 | + /** |
|
| 100 | + * This is being run when either the beforeController method or the |
|
| 101 | + * controller method itself is throwing an exception. The middleware is asked |
|
| 102 | + * in reverse order to handle the exception and to return a response. |
|
| 103 | + * If the response is null, it is assumed that the exception could not be |
|
| 104 | + * handled and the error will be thrown again |
|
| 105 | + * |
|
| 106 | + * @param Controller $controller the controller that is being called |
|
| 107 | + * @param string $methodName the name of the method that will be called on |
|
| 108 | + * the controller |
|
| 109 | + * @param \Exception $exception the thrown exception |
|
| 110 | + * @return Response a Response object if the middleware can handle the |
|
| 111 | + * exception |
|
| 112 | + * @throws \Exception the passed in exception if it can't handle it |
|
| 113 | + */ |
|
| 114 | + public function afterException(Controller $controller, $methodName, \Exception $exception){ |
|
| 115 | + for($i=$this->middlewareCounter-1; $i>=0; $i--){ |
|
| 116 | + $middleware = $this->middlewares[$i]; |
|
| 117 | + try { |
|
| 118 | + return $middleware->afterException($controller, $methodName, $exception); |
|
| 119 | + } catch(\Exception $exception){ |
|
| 120 | + continue; |
|
| 121 | + } |
|
| 122 | + } |
|
| 123 | + throw $exception; |
|
| 124 | + } |
|
| 125 | + |
|
| 126 | + |
|
| 127 | + /** |
|
| 128 | + * This is being run after a successful controllermethod call and allows |
|
| 129 | + * the manipulation of a Response object. The middleware is run in reverse order |
|
| 130 | + * |
|
| 131 | + * @param Controller $controller the controller that is being called |
|
| 132 | + * @param string $methodName the name of the method that will be called on |
|
| 133 | + * the controller |
|
| 134 | + * @param Response $response the generated response from the controller |
|
| 135 | + * @return Response a Response object |
|
| 136 | + */ |
|
| 137 | + public function afterController(Controller $controller, $methodName, Response $response){ |
|
| 138 | + for($i=count($this->middlewares)-1; $i>=0; $i--){ |
|
| 139 | + $middleware = $this->middlewares[$i]; |
|
| 140 | + $response = $middleware->afterController($controller, $methodName, $response); |
|
| 141 | + } |
|
| 142 | + return $response; |
|
| 143 | + } |
|
| 144 | + |
|
| 145 | + |
|
| 146 | + /** |
|
| 147 | + * This is being run after the response object has been rendered and |
|
| 148 | + * allows the manipulation of the output. The middleware is run in reverse order |
|
| 149 | + * |
|
| 150 | + * @param Controller $controller the controller that is being called |
|
| 151 | + * @param string $methodName the name of the method that will be called on |
|
| 152 | + * the controller |
|
| 153 | + * @param string $output the generated output from a response |
|
| 154 | + * @return string the output that should be printed |
|
| 155 | + */ |
|
| 156 | + public function beforeOutput(Controller $controller, $methodName, $output){ |
|
| 157 | + for($i=count($this->middlewares)-1; $i>=0; $i--){ |
|
| 158 | + $middleware = $this->middlewares[$i]; |
|
| 159 | + $output = $middleware->beforeOutput($controller, $methodName, $output); |
|
| 160 | + } |
|
| 161 | + return $output; |
|
| 162 | + } |
|
| 163 | 163 | |
| 164 | 164 | } |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | /** |
| 53 | 53 | * Constructor |
| 54 | 54 | */ |
| 55 | - public function __construct(){ |
|
| 55 | + public function __construct() { |
|
| 56 | 56 | $this->middlewares = array(); |
| 57 | 57 | $this->middlewareCounter = 0; |
| 58 | 58 | } |
@@ -62,7 +62,7 @@ discard block |
||
| 62 | 62 | * Adds a new middleware |
| 63 | 63 | * @param Middleware $middleWare the middleware which will be added |
| 64 | 64 | */ |
| 65 | - public function registerMiddleware(Middleware $middleWare){ |
|
| 65 | + public function registerMiddleware(Middleware $middleWare) { |
|
| 66 | 66 | array_push($this->middlewares, $middleWare); |
| 67 | 67 | } |
| 68 | 68 | |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | * returns an array with all middleware elements |
| 72 | 72 | * @return array the middlewares |
| 73 | 73 | */ |
| 74 | - public function getMiddlewares(){ |
|
| 74 | + public function getMiddlewares() { |
|
| 75 | 75 | return $this->middlewares; |
| 76 | 76 | } |
| 77 | 77 | |
@@ -84,11 +84,11 @@ discard block |
||
| 84 | 84 | * @param string $methodName the name of the method that will be called on |
| 85 | 85 | * the controller |
| 86 | 86 | */ |
| 87 | - public function beforeController(Controller $controller, $methodName){ |
|
| 87 | + public function beforeController(Controller $controller, $methodName) { |
|
| 88 | 88 | // we need to count so that we know which middlewares we have to ask in |
| 89 | 89 | // case there is an exception |
| 90 | 90 | $middlewareCount = count($this->middlewares); |
| 91 | - for($i = 0; $i < $middlewareCount; $i++){ |
|
| 91 | + for ($i = 0; $i < $middlewareCount; $i++) { |
|
| 92 | 92 | $this->middlewareCounter++; |
| 93 | 93 | $middleware = $this->middlewares[$i]; |
| 94 | 94 | $middleware->beforeController($controller, $methodName); |
@@ -111,12 +111,12 @@ discard block |
||
| 111 | 111 | * exception |
| 112 | 112 | * @throws \Exception the passed in exception if it can't handle it |
| 113 | 113 | */ |
| 114 | - public function afterException(Controller $controller, $methodName, \Exception $exception){ |
|
| 115 | - for($i=$this->middlewareCounter-1; $i>=0; $i--){ |
|
| 114 | + public function afterException(Controller $controller, $methodName, \Exception $exception) { |
|
| 115 | + for ($i = $this->middlewareCounter - 1; $i >= 0; $i--) { |
|
| 116 | 116 | $middleware = $this->middlewares[$i]; |
| 117 | 117 | try { |
| 118 | 118 | return $middleware->afterException($controller, $methodName, $exception); |
| 119 | - } catch(\Exception $exception){ |
|
| 119 | + } catch (\Exception $exception) { |
|
| 120 | 120 | continue; |
| 121 | 121 | } |
| 122 | 122 | } |
@@ -134,8 +134,8 @@ discard block |
||
| 134 | 134 | * @param Response $response the generated response from the controller |
| 135 | 135 | * @return Response a Response object |
| 136 | 136 | */ |
| 137 | - public function afterController(Controller $controller, $methodName, Response $response){ |
|
| 138 | - for($i=count($this->middlewares)-1; $i>=0; $i--){ |
|
| 137 | + public function afterController(Controller $controller, $methodName, Response $response) { |
|
| 138 | + for ($i = count($this->middlewares) - 1; $i >= 0; $i--) { |
|
| 139 | 139 | $middleware = $this->middlewares[$i]; |
| 140 | 140 | $response = $middleware->afterController($controller, $methodName, $response); |
| 141 | 141 | } |
@@ -153,8 +153,8 @@ discard block |
||
| 153 | 153 | * @param string $output the generated output from a response |
| 154 | 154 | * @return string the output that should be printed |
| 155 | 155 | */ |
| 156 | - public function beforeOutput(Controller $controller, $methodName, $output){ |
|
| 157 | - for($i=count($this->middlewares)-1; $i>=0; $i--){ |
|
| 156 | + public function beforeOutput(Controller $controller, $methodName, $output) { |
|
| 157 | + for ($i = count($this->middlewares) - 1; $i >= 0; $i--) { |
|
| 158 | 158 | $middleware = $this->middlewares[$i]; |
| 159 | 159 | $output = $middleware->beforeOutput($controller, $methodName, $output); |
| 160 | 160 | } |
