1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace SwooleTW\Http\Websocket\Middleware; |
4
|
|
|
|
5
|
|
|
use Closure; |
6
|
|
|
use Illuminate\Contracts\Encryption\DecryptException; |
7
|
|
|
use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract; |
8
|
|
|
use Symfony\Component\HttpFoundation\Request; |
9
|
|
|
|
10
|
|
|
/** |
11
|
|
|
* Class DecryptCookies |
12
|
|
|
*/ |
13
|
|
|
class DecryptCookies |
14
|
|
|
{ |
15
|
|
|
/** |
16
|
|
|
* The encrypter instance. |
17
|
|
|
* |
18
|
|
|
* @var \Illuminate\Contracts\Encryption\Encrypter |
19
|
|
|
*/ |
20
|
|
|
protected $encrypter; |
21
|
|
|
|
22
|
|
|
/** |
23
|
|
|
* The names of the cookies that should not be encrypted. |
24
|
|
|
* |
25
|
|
|
* @var array |
26
|
|
|
*/ |
27
|
|
|
protected $except = []; |
28
|
|
|
|
29
|
|
|
/** |
30
|
|
|
* Indicates if cookies should be serialized. |
31
|
|
|
* Serialization is disabled after Laravel 5.6.3 |
32
|
|
|
* |
33
|
|
|
* @var bool |
34
|
|
|
*/ |
35
|
|
|
protected static $serialize = false; |
36
|
|
|
|
37
|
|
|
/** |
38
|
|
|
* Create a new CookieGuard instance. |
39
|
|
|
* |
40
|
|
|
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter |
41
|
|
|
* |
42
|
|
|
* @return void |
43
|
|
|
*/ |
44
|
|
|
public function __construct(EncrypterContract $encrypter) |
45
|
|
|
{ |
46
|
|
|
$this->encrypter = $encrypter; |
47
|
|
|
} |
48
|
|
|
|
49
|
|
|
/** |
50
|
|
|
* Disable encryption for the given cookie name(s). |
51
|
|
|
* |
52
|
|
|
* @param string|array $name |
53
|
|
|
* |
54
|
|
|
* @return void |
55
|
|
|
*/ |
56
|
|
|
public function disableFor($name) |
57
|
|
|
{ |
58
|
|
|
$this->except = array_merge($this->except, (array) $name); |
59
|
|
|
} |
60
|
|
|
|
61
|
|
|
/** |
62
|
|
|
* Handle an incoming request. |
63
|
|
|
* |
64
|
|
|
* @param \Illuminate\Http\Request $request |
65
|
|
|
* @param \Closure $next |
66
|
|
|
* |
67
|
|
|
* @return \Symfony\Component\HttpFoundation\Response |
68
|
|
|
*/ |
69
|
|
|
public function handle($request, Closure $next) |
70
|
|
|
{ |
71
|
|
|
return $next($this->decrypt($request)); |
72
|
|
|
} |
73
|
|
|
|
74
|
|
|
/** |
75
|
|
|
* Decrypt the cookies on the request. |
76
|
|
|
* |
77
|
|
|
* @param \Symfony\Component\HttpFoundation\Request $request |
78
|
|
|
* |
79
|
|
|
* @return \Symfony\Component\HttpFoundation\Request |
80
|
|
|
*/ |
81
|
|
|
protected function decrypt(Request $request) |
82
|
|
|
{ |
83
|
|
|
foreach ($request->cookies as $key => $cookie) { |
84
|
|
|
if ($this->isDisabled($key)) { |
85
|
|
|
continue; |
86
|
|
|
} |
87
|
|
|
|
88
|
|
|
try { |
89
|
|
|
$request->cookies->set($key, $this->decryptCookie($key, $cookie)); |
90
|
|
|
} catch (DecryptException $e) { |
91
|
|
|
$request->cookies->set($key, null); |
92
|
|
|
} |
93
|
|
|
} |
94
|
|
|
|
95
|
|
|
return $request; |
96
|
|
|
} |
97
|
|
|
|
98
|
|
|
/** |
99
|
|
|
* Decrypt the given cookie and return the value. |
100
|
|
|
* |
101
|
|
|
* @param string $name |
102
|
|
|
* @param string|array $cookie |
103
|
|
|
* |
104
|
|
|
* @return string|array |
105
|
|
|
*/ |
106
|
|
|
protected function decryptCookie($name, $cookie) |
107
|
|
|
{ |
108
|
|
|
return is_array($cookie) |
109
|
|
|
? $this->decryptArray($cookie) |
110
|
|
|
: $this->encrypter->decrypt($cookie, static::serialized($name)); |
111
|
|
|
} |
112
|
|
|
|
113
|
|
|
/** |
114
|
|
|
* Decrypt an array based cookie. |
115
|
|
|
* |
116
|
|
|
* @param array $cookie |
117
|
|
|
* |
118
|
|
|
* @return array |
119
|
|
|
*/ |
120
|
|
|
protected function decryptArray(array $cookie) |
121
|
|
|
{ |
122
|
|
|
$decrypted = []; |
123
|
|
|
|
124
|
|
|
foreach ($cookie as $key => $value) { |
125
|
|
|
if (\is_string($value)) { |
126
|
|
|
$decrypted[$key] = $this->encrypter->decrypt($value, static::serialized($key)); |
127
|
|
|
} |
128
|
|
|
} |
129
|
|
|
|
130
|
|
|
return $decrypted; |
131
|
|
|
} |
132
|
|
|
|
133
|
|
|
/** |
134
|
|
|
* Determine whether encryption has been disabled for the given cookie. |
135
|
|
|
* |
136
|
|
|
* @param string $name |
137
|
|
|
* |
138
|
|
|
* @return bool |
139
|
|
|
*/ |
140
|
|
|
public function isDisabled(string $name) |
141
|
|
|
{ |
142
|
|
|
return \in_array($name, $this->except); |
143
|
|
|
} |
144
|
|
|
|
145
|
|
|
/** |
146
|
|
|
* Determine if the cookie contents should be serialized. |
147
|
|
|
* |
148
|
|
|
* @param string $name |
149
|
|
|
* |
150
|
|
|
* @return bool |
151
|
|
|
*/ |
152
|
|
|
public static function serialized(string $name) |
|
|
|
|
153
|
|
|
{ |
154
|
|
|
return static::$serialize; |
155
|
|
|
} |
156
|
|
|
} |
157
|
|
|
|
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.