1 | <?php |
||
2 | |||
3 | namespace SwooleTW\Http\Websocket\Middleware; |
||
4 | |||
5 | use Closure; |
||
6 | use Illuminate\Contracts\Encryption\DecryptException; |
||
7 | use Illuminate\Contracts\Encryption\Encrypter as EncrypterContract; |
||
8 | use Symfony\Component\HttpFoundation\Request; |
||
9 | |||
10 | /** |
||
11 | * Class DecryptCookies |
||
12 | */ |
||
13 | class DecryptCookies |
||
14 | { |
||
15 | /** |
||
16 | * The encrypter instance. |
||
17 | * |
||
18 | * @var \Illuminate\Contracts\Encryption\Encrypter |
||
19 | */ |
||
20 | protected $encrypter; |
||
21 | |||
22 | /** |
||
23 | * The names of the cookies that should not be encrypted. |
||
24 | * |
||
25 | * @var array |
||
26 | */ |
||
27 | protected $except = []; |
||
28 | |||
29 | /** |
||
30 | * Indicates if cookies should be serialized. |
||
31 | * Serialization is disabled after Laravel 5.6.3 |
||
32 | * |
||
33 | * @var bool |
||
34 | */ |
||
35 | protected static $serialize = false; |
||
36 | |||
37 | /** |
||
38 | * Create a new CookieGuard instance. |
||
39 | * |
||
40 | * @param \Illuminate\Contracts\Encryption\Encrypter $encrypter |
||
41 | * |
||
42 | * @return void |
||
43 | */ |
||
44 | public function __construct(EncrypterContract $encrypter) |
||
45 | { |
||
46 | $this->encrypter = $encrypter; |
||
47 | } |
||
48 | |||
49 | /** |
||
50 | * Disable encryption for the given cookie name(s). |
||
51 | * |
||
52 | * @param string|array $name |
||
53 | * |
||
54 | * @return void |
||
55 | */ |
||
56 | public function disableFor($name) |
||
57 | { |
||
58 | $this->except = array_merge($this->except, (array) $name); |
||
59 | } |
||
60 | |||
61 | /** |
||
62 | * Handle an incoming request. |
||
63 | * |
||
64 | * @param \Illuminate\Http\Request $request |
||
65 | * @param \Closure $next |
||
66 | * |
||
67 | * @return \Symfony\Component\HttpFoundation\Response |
||
68 | */ |
||
69 | public function handle($request, Closure $next) |
||
70 | { |
||
71 | return $next($this->decrypt($request)); |
||
72 | } |
||
73 | |||
74 | /** |
||
75 | * Decrypt the cookies on the request. |
||
76 | * |
||
77 | * @param \Symfony\Component\HttpFoundation\Request $request |
||
78 | * |
||
79 | * @return \Symfony\Component\HttpFoundation\Request |
||
80 | */ |
||
81 | protected function decrypt(Request $request) |
||
82 | { |
||
83 | foreach ($request->cookies as $key => $cookie) { |
||
84 | if ($this->isDisabled($key)) { |
||
85 | continue; |
||
86 | } |
||
87 | |||
88 | try { |
||
89 | $request->cookies->set($key, $this->decryptCookie($key, $cookie)); |
||
90 | } catch (DecryptException $e) { |
||
91 | $request->cookies->set($key, null); |
||
92 | } |
||
93 | } |
||
94 | |||
95 | return $request; |
||
96 | } |
||
97 | |||
98 | /** |
||
99 | * Decrypt the given cookie and return the value. |
||
100 | * |
||
101 | * @param string $name |
||
102 | * @param string|array $cookie |
||
103 | * |
||
104 | * @return string|array |
||
105 | */ |
||
106 | protected function decryptCookie($name, $cookie) |
||
107 | { |
||
108 | return is_array($cookie) |
||
109 | ? $this->decryptArray($cookie) |
||
110 | : $this->encrypter->decrypt($cookie, static::serialized($name)); |
||
111 | } |
||
112 | |||
113 | /** |
||
114 | * Decrypt an array based cookie. |
||
115 | * |
||
116 | * @param array $cookie |
||
117 | * |
||
118 | * @return array |
||
119 | */ |
||
120 | protected function decryptArray(array $cookie) |
||
121 | { |
||
122 | $decrypted = []; |
||
123 | |||
124 | foreach ($cookie as $key => $value) { |
||
125 | if (\is_string($value)) { |
||
126 | $decrypted[$key] = $this->encrypter->decrypt($value, static::serialized($key)); |
||
127 | } |
||
128 | } |
||
129 | |||
130 | return $decrypted; |
||
131 | } |
||
132 | |||
133 | /** |
||
134 | * Determine whether encryption has been disabled for the given cookie. |
||
135 | * |
||
136 | * @param string $name |
||
137 | * |
||
138 | * @return bool |
||
139 | */ |
||
140 | public function isDisabled(string $name) |
||
141 | { |
||
142 | return \in_array($name, $this->except); |
||
143 | } |
||
144 | |||
145 | /** |
||
146 | * Determine if the cookie contents should be serialized. |
||
147 | * |
||
148 | * @param string $name |
||
149 | * |
||
150 | * @return bool |
||
151 | */ |
||
152 | public static function serialized(string $name) |
||
0 ignored issues
–
show
|
|||
153 | { |
||
154 | return static::$serialize; |
||
155 | } |
||
156 | } |
||
157 |
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.