ForceSecureConnection - Code Metrics - Inspection of "Middleware for redirection to HTTPS" - yiisoft/yii-web - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#236)

unknown

created 2020-04-01 12:56 UTC

ForceSecureConnection A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	51
Duplicated Lines	0 %

Importance

Changes	2
Bugs	1	Features	0

Metric	Value
eloc	24
c	2
b	1
f	0
dl	0
loc	51
rs	10
wmc	8

4 Methods

Rating	Name	Size	Complexity
A	process()	11	2
A	__construct()	3	1
A	addSTS()	6	3
A	addCSP()	5	2

<?php

declare(strict_types=1);

namespace Yiisoft\Yii\Web\Middleware;

use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Yiisoft\Http\Status;

/**
 * Redirects from HTTP to HTTPS and adds CSP and HSTS headers
 */
class ForceSecureConnection implements MiddlewareInterface
{
    protected int $statusCode = Status::MOVED_PERMANENTLY;
    protected ?int $port = null;

    protected bool $addCSP = true;
    protected string $cspDirective = 'upgrade-insecure-requests';

    protected bool $addSTS = true;
    protected int $stsMaxAge = 31_536_000; // 12 months

    protected bool $stsSubDomains = false;

    private ResponseFactoryInterface $responseFactory;

    public function __construct(ResponseFactoryInterface $responseFactory)
    {
        $this->responseFactory = $responseFactory;
    }

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        if ($request->getUri()->getScheme() === 'http') {
            $url = (string)$request->getUri()->withScheme('https')->withPort($this->port);
            return $this->addCSP(
                $this->responseFactory
                    ->createResponse($this->statusCode)
                    ->withHeader('Location', $url)
            );
        }
        return $this->addSTS($this->addCSP($handler->handle($request)));
    }

    /**
     * Add Content-Security-Policy header
     */
    private function addCSP(ResponseInterface $response): ResponseInterface
    {
        return $this->addCSP
            ? $response->withHeader('Content-Security-Policy', $this->cspDirective)
            : $response;
    }

    /**
     * Add Strict-Transport-Security header
     */
    private function addSTS(ResponseInterface $response): ResponseInterface
    {
        $subDomains = $this->stsSubDomains ? 'includeSubDomains' : '';
        return $this->addSTS
            ? $response->withHeader('Strict-Transport-Security', "max-age={$this->stsMaxAge}; {$subDomains}")
            : $response;
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace Yiisoft\Yii\Web\Middleware;
6
7			use Psr\Http\Message\ResponseFactoryInterface;
8			use Psr\Http\Message\ResponseInterface;
9			use Psr\Http\Message\ServerRequestInterface;
10			use Psr\Http\Server\MiddlewareInterface;
11			use Psr\Http\Server\RequestHandlerInterface;
12			use Yiisoft\Http\Status;
13
14			/**
15			* Redirects from HTTP to HTTPS and adds CSP and HSTS headers
16			*/
17			class ForceSecureConnection implements MiddlewareInterface
18			{
19			protected int $statusCode = Status::MOVED_PERMANENTLY;
20			protected ?int $port = null;
21
22			protected bool $addCSP = true;
23			protected string $cspDirective = 'upgrade-insecure-requests';
24
25			protected bool $addSTS = true;
26			protected int $stsMaxAge = 31_536_000; // 12 months
			0 ignored issues – show Bug introduced 2020-04-01 13:06 UTC by Report Bug Copy Issue Report The constant `Yiisoft\Yii\Web\Middleware\31_536_000` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
27			protected bool $stsSubDomains = false;
28
29			private ResponseFactoryInterface $responseFactory;
30
31			public function __construct(ResponseFactoryInterface $responseFactory)
32			{
33			$this->responseFactory = $responseFactory;
34			}
35
36			public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
37			{
38			if ($request->getUri()->getScheme() === 'http') {
39			$url = (string)$request->getUri()->withScheme('https')->withPort($this->port);
40			return $this->addCSP(
41			$this->responseFactory
42			->createResponse($this->statusCode)
43			->withHeader('Location', $url)
44			);
45			}
46			return $this->addSTS($this->addCSP($handler->handle($request)));
47			}
48
49			/**
50			* Add Content-Security-Policy header
51			*/
52			private function addCSP(ResponseInterface $response): ResponseInterface
53			{
54			return $this->addCSP
55			? $response->withHeader('Content-Security-Policy', $this->cspDirective)
56			: $response;
57			}
58
59			/**
60			* Add Strict-Transport-Security header
61			*/
62			private function addSTS(ResponseInterface $response): ResponseInterface
63			{
64			$subDomains = $this->stsSubDomains ? 'includeSubDomains' : '';
65			return $this->addSTS
66			? $response->withHeader('Strict-Transport-Security', "max-age={$this->stsMaxAge}; {$subDomains}")
67			: $response;
68			}
69			}
70

yiisoft / yii-web

Pull Request — master (#236)

ForceSecureConnection A

Complexity

Size/Duplication

Importance

4 Methods

Duplication Side-by-Side

Filter issues like