ApiPresenter - Code Metrics - Inspection of "Merge branch 'dev-1.x'" - tomaj/nette-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 7f0412...717772 )

by Michal

created 2020-08-27 12:37 UTC

ApiPresenter A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	220
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	10

Test Coverage

Coverage

45.76%

Importance

Changes

Metric	Value
wmc	36
lcom	1
cbo	10
dl	0
loc	220
ccs	54
cts	118
cp	0.4576
rs	9.52
c	0
b	0
f	0

8 Methods

Rating	Name	Size	Complexity
A	setCorsHeader()	4	1
A	getApi()	9	1
A	checkAuth()	8	2
A	checkRateLimit()	21	4
B	logRequest()	30	6
A	sendCorsHeaders()	22	5
A	getRequestDomain()	15	6
C	run()	71	11

<?php

declare(strict_types=1);

namespace Tomaj\NetteApi\Presenters;

use Nette\Application\IPresenter;
use Nette\Application\IResponse;
use Nette\Application\Request;
use Nette\Application\Responses\JsonResponse;
use Nette\DI\Container;
use Nette\Http\Response;
use Throwable;
use Tomaj\NetteApi\Api;
use Tomaj\NetteApi\ApiDecider;
use Tomaj\NetteApi\Authorization\ApiAuthorizationInterface;
use Tomaj\NetteApi\Logger\ApiLoggerInterface;
use Tomaj\NetteApi\Misc\IpDetectorInterface;
use Tomaj\NetteApi\Params\ParamsProcessor;
use Tomaj\NetteApi\RateLimit\RateLimitInterface;
use Tomaj\NetteApi\Response\JsonApiResponse;
use Tracy\Debugger;

final class ApiPresenter implements IPresenter
{
    /** @var ApiDecider @inject */
    public $apiDecider;

    /** @var Response @inject */
    public $response;

    /** @var Container @inject */
    public $context;

    /**
     * CORS header settings
     *
     * Available values:
     *   'auto'  - send back header Access-Control-Allow-Origin with domain that made request
     *   '*'     - send header with '*' - this will workf fine if you dont need to send cookies via ajax calls to api
     *             with jquery $.ajax with xhrFields: { withCredentials: true } settings
     *   'off'   - will not send any CORS header
     *   other   - any other value will be send in Access-Control-Allow-Origin header
     *
     * @var string
     */
    protected $corsHeader = '*';

    /**
     * Set cors header
     *
     * See description to property $corsHeader for valid inputs
     *
     * @param string $corsHeader
     */
    public function setCorsHeader(string $corsHeader): void
    {
        $this->corsHeader = $corsHeader;
    }

    public function run(Request $request): IResponse
    {
        $start = microtime(true);

        $this->sendCorsHeaders();

        $api = $this->getApi($request);
        $handler = $api->getHandler();
        $authorization = $api->getAuthorization();
        $rateLimit = $api->getRateLimit();

        $authResponse = $this->checkAuth($authorization);
        if ($authResponse !== null) {
            return $authResponse;
        }

        $rateLimitResponse = $this->checkRateLimit($rateLimit);
        if ($rateLimitResponse !== null) {
            return $rateLimitResponse;
        }

        $paramsProcessor = new ParamsProcessor($handler->params());
        if ($paramsProcessor->isError()) {
            $this->response->setCode(Response::S400_BAD_REQUEST);
            if (!Debugger::$productionMode) {
                $response = new JsonResponse(['status' => 'error', 'message' => 'wrong input', 'detail' => $paramsProcessor->getErrors()]);
            } else {
                $response = new JsonResponse(['status' => 'error', 'message' => 'wrong input']);
            }
            return $response;
        }
        $params = $paramsProcessor->getValues();

        try {
            $response = $handler->handle($params);
            $outputValid = count($handler->outputs()) === 0; // back compatibility for handlers with no outputs defined
            $outputValidatorErrors = [];
            foreach ($handler->outputs() as $output) {
                $validationResult = $output->validate($response);
                if ($validationResult->isOk()) {
                    $outputValid = true;
                    break;
                }
                $outputValidatorErrors[] = $validationResult->getErrors();
            }
            if (!$outputValid) {
                $response = new JsonApiResponse(Response::S500_INTERNAL_SERVER_ERROR, ['status' => 'error', 'message' => 'Internal server error', 'details' => $outputValidatorErrors]);
            }
            $code = $response->getCode();
        } catch (Throwable $exception) {
            if (!Debugger::$productionMode) {
                $response = new JsonApiResponse(Response::S500_INTERNAL_SERVER_ERROR, ['status' => 'error', 'message' => 'Internal server error', 'detail' => $exception->getMessage()]);
            } else {
                $response = new JsonApiResponse(Response::S500_INTERNAL_SERVER_ERROR, ['status' => 'error', 'message' => 'Internal server error']);
            }
            $code = $response->getCode();
            Debugger::log($exception, Debugger::EXCEPTION);
        }

        $end = microtime(true);

        if ($this->context->findByType(ApiLoggerInterface::class)) {
            /** @var ApiLoggerInterface $apiLogger */
            $apiLogger = $this->context->getByType(ApiLoggerInterface::class);
            $this->logRequest($request, $apiLogger, $code, $end - $start);
        }

        // output to nette
        $this->response->setCode($code);
        return $response;
    }

    private function getApi(Request $request): Api
    {
        return $this->apiDecider->getApi(
            $request->getMethod(),
            (int) $request->getParameter('version'),
            $request->getParameter('package'),
            $request->getParameter('apiAction')
        );
    }

    private function checkAuth(ApiAuthorizationInterface $authorization): ?IResponse
    {
        if (!$authorization->authorized()) {
            $this->response->setCode(Response::S403_FORBIDDEN);
            return new JsonResponse(['status' => 'error', 'message' => $authorization->getErrorMessage()]);
        }
        return null;
    }

    private function checkRateLimit(RateLimitInterface $rateLimit): ?IResponse
    {
        $rateLimitResponse = $rateLimit->check();
        if (!$rateLimitResponse) {
            return null;
        }

        $limit = $rateLimitResponse->getLimit();
        $remaining = $rateLimitResponse->getRemaining();
        $retryAfter = $rateLimitResponse->getRetryAfter();

        $this->response->addHeader('X-RateLimit-Limit', (string)$limit);
        $this->response->addHeader('X-RateLimit-Remaining', (string)$remaining);

        if ($remaining === 0) {
            $this->response->setCode(Response::S429_TOO_MANY_REQUESTS);
            $this->response->addHeader('Retry-After', (string)$retryAfter);
            return $rateLimitResponse->getErrorResponse() ?: new JsonResponse(['status' => 'error', 'message' => 'Too many requests. Retry after ' . $retryAfter . ' seconds.']);
        }
        return null;
    }

    private function logRequest(Request $request, ApiLoggerInterface $logger, int $code, float $elapsed): void
    {
        $headers = [];
        if (function_exists('getallheaders')) {
            $headers = getallheaders();
        } else {
            foreach ($_SERVER as $name => $value) {
                if (substr($name, 0, 5) === 'HTTP_') {
                    $key = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
                    $headers[$key] = $value;
                }
            }
        }

        $requestHeaders = '';
        foreach ($headers as $key => $value) {
            $requestHeaders .= "$key: $value\n";
        }

        $ipDetector = $this->context->getByType(IpDetectorInterface::class);
        $logger->log(
            $code,
            $request->getMethod(),
            $requestHeaders,
            (string) filter_input(INPUT_SERVER, 'REQUEST_URI'),
            $ipDetector ? $ipDetector->getRequestIp() : '',
            (string) filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'),
            (int) ($elapsed) * 1000
        );
    }

    protected function sendCorsHeaders(): void
    {
        $this->response->addHeader('Access-Control-Allow-Methods', 'POST, DELETE, PUT, GET, OPTIONS');

        if ($this->corsHeader === 'auto') {
            $domain = $this->getRequestDomain();
            if ($domain !== null) {
                $this->response->addHeader('Access-Control-Allow-Origin', $domain);
                $this->response->addHeader('Access-Control-Allow-Credentials', 'true');
            }
            return;
        }

        if ($this->corsHeader === '*') {
            $this->response->addHeader('Access-Control-Allow-Origin', '*');
            return;
        }

        if ($this->corsHeader !== 'off') {
            $this->response->addHeader('Access-Control-Allow-Origin', $this->corsHeader);
        }
    }

    private function getRequestDomain(): ?string
    {
        if (!filter_input(INPUT_SERVER, 'HTTP_REFERER')) {
            return null;
        }
        $refererParsedUrl = parse_url(filter_input(INPUT_SERVER, 'HTTP_REFERER'));
        if (!(isset($refererParsedUrl['scheme']) && isset($refererParsedUrl['host']))) {
            return null;
        }
        $url = $refererParsedUrl['scheme'] . '://' . $refererParsedUrl['host'];
        if (isset($refererParsedUrl['port']) && $refererParsedUrl['port'] !== 80) {
            $url .= ':' . $refererParsedUrl['port'];
        }
        return $url;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace Tomaj\NetteApi\Presenters;
6
7		use Nette\Application\IPresenter;
8		use Nette\Application\IResponse;
9		use Nette\Application\Request;
10		use Nette\Application\Responses\JsonResponse;
11		use Nette\DI\Container;
12		use Nette\Http\Response;
13		use Throwable;
14		use Tomaj\NetteApi\Api;
15		use Tomaj\NetteApi\ApiDecider;
16		use Tomaj\NetteApi\Authorization\ApiAuthorizationInterface;
17		use Tomaj\NetteApi\Logger\ApiLoggerInterface;
18		use Tomaj\NetteApi\Misc\IpDetectorInterface;
19		use Tomaj\NetteApi\Params\ParamsProcessor;
20		use Tomaj\NetteApi\RateLimit\RateLimitInterface;
21		use Tomaj\NetteApi\Response\JsonApiResponse;
22		use Tracy\Debugger;
23
24		final class ApiPresenter implements IPresenter
25		{
26		/** @var ApiDecider @inject */
27		public $apiDecider;
28
29		/** @var Response @inject */
30		public $response;
31
32		/** @var Container @inject */
33		public $context;
34
35		/**
36		* CORS header settings
37		*
38		* Available values:
39		* 'auto' - send back header Access-Control-Allow-Origin with domain that made request
40		* '' - send header with '' - this will workf fine if you dont need to send cookies via ajax calls to api
41		* with jquery $.ajax with xhrFields: { withCredentials: true } settings
42		* 'off' - will not send any CORS header
43		* other - any other value will be send in Access-Control-Allow-Origin header
44		*
45		* @var string
46		*/
47		protected $corsHeader = '*';
48
49		/**
50		* Set cors header
51		*
52		* See description to property $corsHeader for valid inputs
53		*
54		* @param string $corsHeader
55		*/
56		public function setCorsHeader(string $corsHeader): void
57		{
58		$this->corsHeader = $corsHeader;
59		}
60
61	12	public function run(Request $request): IResponse
62		{
63	12	$start = microtime(true);
64
65	12	$this->sendCorsHeaders();
66
67	12	$api = $this->getApi($request);
68	12	$handler = $api->getHandler();
69	12	$authorization = $api->getAuthorization();
70	12	$rateLimit = $api->getRateLimit();
71
72	12	$authResponse = $this->checkAuth($authorization);
73	12	if ($authResponse !== null) {
74	3	return $authResponse;
75		}
76
77	9	$rateLimitResponse = $this->checkRateLimit($rateLimit);
78	9	if ($rateLimitResponse !== null) {
79		return $rateLimitResponse;
80		}
81
82	9	$paramsProcessor = new ParamsProcessor($handler->params());
83	9	if ($paramsProcessor->isError()) {
84	3	$this->response->setCode(Response::S400_BAD_REQUEST);
85	3	if (!Debugger::$productionMode) {
86	3	$response = new JsonResponse(['status' => 'error', 'message' => 'wrong input', 'detail' => $paramsProcessor->getErrors()]);
87		} else {
88		$response = new JsonResponse(['status' => 'error', 'message' => 'wrong input']);
89		}
90	3	return $response;
91		}
92	6	$params = $paramsProcessor->getValues();
93
94		try {
95	6	$response = $handler->handle($params);
96	6	$outputValid = count($handler->outputs()) === 0; // back compatibility for handlers with no outputs defined
97	6	$outputValidatorErrors = [];
98	6	foreach ($handler->outputs() as $output) {
99	3	$validationResult = $output->validate($response);
100	3	if ($validationResult->isOk()) {
101	3	$outputValid = true;
102	3	break;
103		}
104		$outputValidatorErrors[] = $validationResult->getErrors();
105		}
106	6	if (!$outputValid) {
107		$response = new JsonApiResponse(Response::S500_INTERNAL_SERVER_ERROR, ['status' => 'error', 'message' => 'Internal server error', 'details' => $outputValidatorErrors]);
108		}
109	6	$code = $response->getCode();
110		} catch (Throwable $exception) {
111		if (!Debugger::$productionMode) {
112		$response = new JsonApiResponse(Response::S500_INTERNAL_SERVER_ERROR, ['status' => 'error', 'message' => 'Internal server error', 'detail' => $exception->getMessage()]);
113		} else {
114		$response = new JsonApiResponse(Response::S500_INTERNAL_SERVER_ERROR, ['status' => 'error', 'message' => 'Internal server error']);
115		}
116		$code = $response->getCode();
117		Debugger::log($exception, Debugger::EXCEPTION);
118		}
119
120	6	$end = microtime(true);
121
122	6	if ($this->context->findByType(ApiLoggerInterface::class)) {
123		/** @var ApiLoggerInterface $apiLogger */
124		$apiLogger = $this->context->getByType(ApiLoggerInterface::class);
125		$this->logRequest($request, $apiLogger, $code, $end - $start);
126		}
127
128		// output to nette
129	6	$this->response->setCode($code);
130	6	return $response;
131		}
132
133	12	private function getApi(Request $request): Api
134		{
135	12	return $this->apiDecider->getApi(
136	12	$request->getMethod(),
137	12	(int) $request->getParameter('version'),
138	12	$request->getParameter('package'),
139	12	$request->getParameter('apiAction')
140		);
141		}
142
143	12	private function checkAuth(ApiAuthorizationInterface $authorization): ?IResponse
144		{
145	12	if (!$authorization->authorized()) {
146	3	$this->response->setCode(Response::S403_FORBIDDEN);
147	3	return new JsonResponse(['status' => 'error', 'message' => $authorization->getErrorMessage()]);
148		}
149	9	return null;
150		}
151
152	9	private function checkRateLimit(RateLimitInterface $rateLimit): ?IResponse
153		{
154	9	$rateLimitResponse = $rateLimit->check();
155	9	if (!$rateLimitResponse) {
156	9	return null;
157		}
158
159		$limit = $rateLimitResponse->getLimit();
160		$remaining = $rateLimitResponse->getRemaining();
161		$retryAfter = $rateLimitResponse->getRetryAfter();
162
163		$this->response->addHeader('X-RateLimit-Limit', (string)$limit);
164		$this->response->addHeader('X-RateLimit-Remaining', (string)$remaining);
165
166		if ($remaining === 0) {
167		$this->response->setCode(Response::S429_TOO_MANY_REQUESTS);
168		$this->response->addHeader('Retry-After', (string)$retryAfter);
169		return $rateLimitResponse->getErrorResponse() ?: new JsonResponse(['status' => 'error', 'message' => 'Too many requests. Retry after ' . $retryAfter . ' seconds.']);
170		}
171		return null;
172		}
173
174		private function logRequest(Request $request, ApiLoggerInterface $logger, int $code, float $elapsed): void
175		{
176		$headers = [];
177		if (function_exists('getallheaders')) {
178		$headers = getallheaders();
179		} else {
180		foreach ($_SERVER as $name => $value) {
181		if (substr($name, 0, 5) === 'HTTP_') {
182		$key = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
183		$headers[$key] = $value;
184		}
185		}
186		}
187
188		$requestHeaders = '';
189		foreach ($headers as $key => $value) {
190		$requestHeaders .= "$key: $value\n";
191		}
192
193		$ipDetector = $this->context->getByType(IpDetectorInterface::class);
194		$logger->log(
195		$code,
196		$request->getMethod(),
197		$requestHeaders,
198		(string) filter_input(INPUT_SERVER, 'REQUEST_URI'),
199		$ipDetector ? $ipDetector->getRequestIp() : '',
200		(string) filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'),
201		(int) ($elapsed) * 1000
202		);
203		}
204
205	12	protected function sendCorsHeaders(): void
206		{
207	12	$this->response->addHeader('Access-Control-Allow-Methods', 'POST, DELETE, PUT, GET, OPTIONS');
208
209	12	if ($this->corsHeader === 'auto') {
210		$domain = $this->getRequestDomain();
211		if ($domain !== null) {
212		$this->response->addHeader('Access-Control-Allow-Origin', $domain);
213		$this->response->addHeader('Access-Control-Allow-Credentials', 'true');
214		}
215		return;
216		}
217
218	12	if ($this->corsHeader === '*') {
219	12	$this->response->addHeader('Access-Control-Allow-Origin', '*');
220	12	return;
221		}
222
223		if ($this->corsHeader !== 'off') {
224		$this->response->addHeader('Access-Control-Allow-Origin', $this->corsHeader);
225		}
226		}
227
228		private function getRequestDomain(): ?string
229		{
230		if (!filter_input(INPUT_SERVER, 'HTTP_REFERER')) {
231		return null;
232		}
233		$refererParsedUrl = parse_url(filter_input(INPUT_SERVER, 'HTTP_REFERER'));
234		if (!(isset($refererParsedUrl['scheme']) && isset($refererParsedUrl['host']))) {
235		return null;
236		}
237		$url = $refererParsedUrl['scheme'] . '://' . $refererParsedUrl['host'];
238		if (isset($refererParsedUrl['port']) && $refererParsedUrl['port'] !== 80) {
239		$url .= ':' . $refererParsedUrl['port'];
240		}
241		return $url;
242		}
243		}
244

tomaj / nette-api

Push — master ( 7f0412...717772 )

ApiPresenter A

Complexity

Size/Duplication

Coupling/Cohesion

Test Coverage

Importance

8 Methods

Duplication Side-by-Side

Filter issues like