nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1778 Commits
1 Branch
Tree: 03d64bafed
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '03d64bafed'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php

CorsMiddleware.php 4.0KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Controller\Responder;

  9. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  10. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  11. use Tqdev\PhpCrudApi\Record\ErrorCode;

  12. use Tqdev\PhpCrudApi\ResponseFactory;

  13. use Tqdev\PhpCrudApi\ResponseUtils;

  14. 

  15. class CorsMiddleware extends Middleware

  16. {

  17.     private $debug;

  18. 

  19.     public function __construct(Router $router, Responder $responder, array $properties, bool $debug)

  20.     {

  21.         parent::__construct($router, $responder, $properties);

  22.         $this->debug = $debug;

  23.     }

  24. 

  25.     private function isOriginAllowed(string $origin, string $allowedOrigins): bool

  26.     {

  27.         $found = false;

  28.         foreach (explode(',', $allowedOrigins) as $allowedOrigin) {

  29.             $hostname = preg_quote(strtolower(trim($allowedOrigin)));

  30.             $regex = '/^' . str_replace('\*', '.*', $hostname) . '$/';

  31.             if (preg_match($regex, $origin)) {

  32.                 $found = true;

  33.                 break;

  34.             }

  35.         }

  36.         return $found;

  37.     }

  38. 

  39.     public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  40.     {

  41.         $method = $request->getMethod();

  42.         $origin = count($request->getHeader('Origin')) ? $request->getHeader('Origin')[0] : '';

  43.         $allowedOrigins = $this->getProperty('allowedOrigins', '*');

  44.         if ($origin && !$this->isOriginAllowed($origin, $allowedOrigins)) {

  45.             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);

  46.         } elseif ($method == 'OPTIONS') {

  47.             $response = ResponseFactory::fromStatus(ResponseFactory::OK);

  48.             $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');

  49.             if ($this->debug) {

  50.                 $allowHeaders = implode(', ', array_filter([$allowHeaders, 'X-Exception-Name, X-Exception-Message, X-Exception-File']));

  51.             }

  52.             if ($allowHeaders) {

  53.                 $response = $response->withHeader('Access-Control-Allow-Headers', $allowHeaders);

  54.             }

  55.             $allowMethods = $this->getProperty('allowMethods', 'OPTIONS, GET, PUT, POST, DELETE, PATCH');

  56.             if ($allowMethods) {

  57.                 $response = $response->withHeader('Access-Control-Allow-Methods', $allowMethods);

  58.             }

  59.             $allowCredentials = $this->getProperty('allowCredentials', 'true');

  60.             if ($allowCredentials) {

  61.                 $response = $response->withHeader('Access-Control-Allow-Credentials', $allowCredentials);

  62.             }

  63.             $maxAge = $this->getProperty('maxAge', '1728000');

  64.             if ($maxAge) {

  65.                 $response = $response->withHeader('Access-Control-Max-Age', $maxAge);

  66.             }

  67.             $exposeHeaders = $this->getProperty('exposeHeaders', '');

  68.             if ($this->debug) {

  69.                 $exposeHeaders = implode(', ', array_filter([$exposeHeaders, 'X-Exception-Name, X-Exception-Message, X-Exception-File']));

  70.             }

  71.             if ($exposeHeaders) {

  72.                 $response = $response->withHeader('Access-Control-Expose-Headers', $exposeHeaders);

  73.             }

  74.         } else {

  75.             $response = null;

  76.             try {

  77.                 $response = $next->handle($request);

  78.             } catch (\Throwable $e) {

  79.                 $response = $this->responder->error(ErrorCode::ERROR_NOT_FOUND, $e->getMessage());

  80.                 if ($this->debug) {

  81.                     $response = ResponseUtils::addExceptionHeaders($response, $e);

  82.                 }

  83.             }

  84.         }

  85.         if ($origin) {

  86.             $allowCredentials = $this->getProperty('allowCredentials', 'true');

  87.             if ($allowCredentials) {

  88.                 $response = $response->withHeader('Access-Control-Allow-Credentials', $allowCredentials);

  89.             }

  90.             $response = $response->withHeader('Access-Control-Allow-Origin', $origin);

  91.         }

  92.         return $response;

  93.     }

  94. }