1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- <?php
- namespace Tqdev\PhpCrudApi\Middleware;
-
- use Tqdev\PhpCrudApi\Controller\Responder;
- use Tqdev\PhpCrudApi\Record\ErrorCode;
- use Tqdev\PhpCrudApi\Request;
- use Tqdev\PhpCrudApi\Response;
- use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
-
- class CorsMiddleware extends Middleware
- {
- private function isOriginAllowed(String $origin, String $allowedOrigins): bool
- {
- $found = false;
- foreach (explode(',', $allowedOrigins) as $allowedOrigin) {
- $hostname = preg_quote(strtolower(trim($allowedOrigin)));
- $regex = '/^' . str_replace('\*', '.*', $hostname) . '$/';
- if (preg_match($regex, $origin)) {
- $found = true;
- break;
- }
- }
- return $found;
- }
-
- public function handle(Request $request): Response
- {
- $method = $request->getMethod();
- $origin = $request->getHeader('Origin');
- $allowedOrigins = $this->getProperty('allowedOrigins', '*');
- if ($origin && !$this->isOriginAllowed($origin, $allowedOrigins)) {
- $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);
- } elseif ($method == 'OPTIONS') {
- $response = new Response(Response::OK, '');
- $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');
- $response->addHeader('Access-Control-Allow-Headers', $allowHeaders);
- $allowMethods = $this->getProperty('allowMethods', 'OPTIONS, GET, PUT, POST, DELETE, PATCH');
- $response->addHeader('Access-Control-Allow-Methods', $allowMethods);
- $allowCredentials = $this->getProperty('allowCredentials', 'true');
- $response->addHeader('Access-Control-Allow-Credentials', $allowCredentials);
- $maxAge = $this->getProperty('maxAge', '1728000');
- $response->addHeader('Access-Control-Max-Age', $maxAge);
- } else {
- $response = $this->next->handle($request);
- }
- if ($origin) {
- $allowCredentials = $this->getProperty('allowCredentials', 'true');
- $response->addHeader('Access-Control-Allow-Credentials', $allowCredentials);
- $response->addHeader('Access-Control-Allow-Origin', $origin);
- }
- return $response;
- }
- }
|