CORSHeaders::allowedOrigins() - Code Metrics - Inspection of "New responses and CORS things" - ricco24/api-nette - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#3)

by Samuel

created 2017-05-17 21:19 UTC

CORSHeaders::allowedOrigins() A

↳ Parent: CORSHeaders

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	3
CRAP Score	1

Importance

Changes

Metric	Value
dl	0
loc	5
ccs	3
cts	3
cp	1
rs	9.4285
c	0
b	0
f	0
cc	1
eloc	3
nc	1
nop	1
crap	1

<?php

namespace Kelemen\ApiNette\Middleware;

use Kelemen\ApiNette\Exception\MiddlewareException;
use Kelemen\ApiNette\Response\JsonApiResponse;
use Nette\Http\Request;
use Nette\Http\Response;

class CORSHeaders implements MiddlewareInterface
{
    const MIRROR = 'mirror';
    const ALL = 'all';
    const CUSTOM = 'custom';

    /** @var string */
    private $behaviour;

    /** @var array */
    private $allowedOrigins = [];

    /** @var bool */
    private $allowedCredentials = false;

    /**
     * @param string $behaviour
     * @throws MiddlewareException
     */
    public function __construct($behaviour = self::ALL)
    {
        if (!in_array($behaviour, [self::MIRROR, self::ALL, self::CUSTOM])) {
            throw new MiddlewareException('Behaviour ' . $behaviour . ' is not allowed value');
        }

        $this->behaviour = $behaviour;
    }

    /**
     * @param array $allowedOrigins
     * @return CORSHeaders
     */
    public function allowedOrigins(array $allowedOrigins)
    {
        $this->allowedOrigins = $allowedOrigins;
        return $this;
    }

    /**
     * @param bool $allowCredentials
     * @return CORSHeaders
     */
    public function allowCredentials($allowCredentials = true)
    {
        $this->allowedCredentials = $allowCredentials;
        return $this;
    }

    /**
     * @param Request $request
     * @param Response $response
     * @param callable $next
     * @return JsonApiResponse
     */
    public function __invoke(Request $request, Response $response, callable $next)
    {
        $origin = $request->getHeader('Origin');

        // Add CORS headers only if mandatory "Origin" header is set
        if (!$origin) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return $next($request, $response);
        }

        switch ($this->behaviour) {
            case self::ALL:
                $this->applyAll($response);
                break;
            case self::MIRROR:
                $this->applyMirror($response, $origin);
                break;
            case self::CUSTOM:
                $this->applyCustom($response);
        }

        return $next($request, $response);
    }

    /**
     * @param Response $response
     * @throws MiddlewareException
     */
    private function applyAll(Response $response)
    {
        $response->setHeader('Access-Control-Allow-Origin', '*');
    }

    /**
     * @param Response $response
     * @param string $origin
     */
    private function applyMirror(Response $response, $origin)
    {
        $response->setHeader('Access-Control-Allow-Origin', $origin);
        if ($this->allowedCredentials) {
            $response->setHeader('Access-Control-Allow-Credentials', true);
        }
    }

    /**
     * @param Response $response
     * @throws MiddlewareException
     */
    private function applyCustom(Response $response)
    {
        if (!count($this->allowedOrigins)) {
            throw new MiddlewareException('Variable $allowedOrigins cannot be empty for CUSTOM behaviour');
        }

        $response->setHeader('Access-Control-Allow-Origin', implode(',' , $this->allowedOrigins));
        if ($this->allowedCredentials) {
            $response->setHeader('Access-Control-Allow-Credentials', true);
        }
    }
}


1		<?php
2
3		namespace Kelemen\ApiNette\Middleware;
4
5		use Kelemen\ApiNette\Exception\MiddlewareException;
6		use Kelemen\ApiNette\Response\JsonApiResponse;
7		use Nette\Http\Request;
8		use Nette\Http\Response;
9
10		class CORSHeaders implements MiddlewareInterface
11		{
12		const MIRROR = 'mirror';
13		const ALL = 'all';
14		const CUSTOM = 'custom';
15
16		/** @var string */
17		private $behaviour;
18
19		/** @var array */
20		private $allowedOrigins = [];
21
22		/** @var bool */
23		private $allowedCredentials = false;
24
25		/**
26		* @param string $behaviour
27		* @throws MiddlewareException
28		*/
29	6	public function __construct($behaviour = self::ALL)
30		{
31	6	if (!in_array($behaviour, [self::MIRROR, self::ALL, self::CUSTOM])) {
32		throw new MiddlewareException('Behaviour ' . $behaviour . ' is not allowed value');
33		}
34
35	6	$this->behaviour = $behaviour;
36	6	}
37
38		/**
39		* @param array $allowedOrigins
40		* @return CORSHeaders
41		*/
42	6	public function allowedOrigins(array $allowedOrigins)
43		{
44	6	$this->allowedOrigins = $allowedOrigins;
45	6	return $this;
46		}
47
48		/**
49		* @param bool $allowCredentials
50		* @return CORSHeaders
51		*/
52	6	public function allowCredentials($allowCredentials = true)
53		{
54	6	$this->allowedCredentials = $allowCredentials;
55	6	return $this;
56		}
57
58		/**
59		* @param Request $request
60		* @param Response $response
61		* @param callable $next
62		* @return JsonApiResponse
63		*/
64	6	public function __invoke(Request $request, Response $response, callable $next)
65		{
66	6	$origin = $request->getHeader('Origin');
67
68		// Add CORS headers only if mandatory "Origin" header is set
69	6	if (!$origin) {
		0 ignored issues – show Bug Best Practice introduced 2017-05-17 21:25 UTC by Report Bug Copy Issue Report The expression `$origin` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
70		return $next($request, $response);
71		}
72
73	6	switch ($this->behaviour) {
74	6	case self::ALL:
75	2	$this->applyAll($response);
76	2	break;
77	4	case self::MIRROR:
78	2	$this->applyMirror($response, $origin);
79	2	break;
80	2	case self::CUSTOM:
81	2	$this->applyCustom($response);
82	3	}
83
84	6	return $next($request, $response);
85		}
86
87		/**
88		* @param Response $response
89		* @throws MiddlewareException
90		*/
91	2	private function applyAll(Response $response)
92		{
93	2	$response->setHeader('Access-Control-Allow-Origin', '*');
94	2	}
95
96		/**
97		* @param Response $response
98		* @param string $origin
99		*/
100	2	private function applyMirror(Response $response, $origin)
101		{
102	2	$response->setHeader('Access-Control-Allow-Origin', $origin);
103	2	if ($this->allowedCredentials) {
104	2	$response->setHeader('Access-Control-Allow-Credentials', true);
105	1	}
106	2	}
107
108		/**
109		* @param Response $response
110		* @throws MiddlewareException
111		*/
112	2	private function applyCustom(Response $response)
113		{
114	2	if (!count($this->allowedOrigins)) {
115	2	throw new MiddlewareException('Variable $allowedOrigins cannot be empty for CUSTOM behaviour');
116		}
117
118	2	$response->setHeader('Access-Control-Allow-Origin', implode(',' , $this->allowedOrigins));
119	2	if ($this->allowedCredentials) {
120	2	$response->setHeader('Access-Control-Allow-Credentials', true);
121	1	}
122	2	}
123		}
124

ricco24 / api-nette

Pull Request — master (#3)

CORSHeaders::allowedOrigins() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like