nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1557 Commits
1 Branch
Tree: de08ff5a2a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'de08ff5a2a'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php

CorsMiddleware.php 3.0KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Controller\Responder;

  9. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  10. use Tqdev\PhpCrudApi\Record\ErrorCode;

  11. use Tqdev\PhpCrudApi\ResponseFactory;

  12. 

  13. class CorsMiddleware extends Middleware

  14. {

  15.     private function isOriginAllowed(string $origin, string $allowedOrigins): bool

  16.     {

  17.         $found = false;

  18.         foreach (explode(',', $allowedOrigins) as $allowedOrigin) {

  19.             $hostname = preg_quote(strtolower(trim($allowedOrigin)));

  20.             $regex = '/^' . str_replace('\*', '.*', $hostname) . '$/';

  21.             if (preg_match($regex, $origin)) {

  22.                 $found = true;

  23.                 break;

  24.             }

  25.         }

  26.         return $found;

  27.     }

  28. 

  29.     public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  30.     {

  31.         $method = $request->getMethod();

  32.         $origin = count($request->getHeader('Origin')) ? $request->getHeader('Origin')[0] : '';

  33.         $allowedOrigins = $this->getProperty('allowedOrigins', '*');

  34.         if ($origin && !$this->isOriginAllowed($origin, $allowedOrigins)) {

  35.             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);

  36.         } elseif ($method == 'OPTIONS') {

  37.             $response = ResponseFactory::fromStatus(ResponseFactory::OK);

  38.             $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');

  39.             if ($allowHeaders) {

  40.                 $response = $response->withHeader('Access-Control-Allow-Headers', $allowHeaders);

  41.             }

  42.             $allowMethods = $this->getProperty('allowMethods', 'OPTIONS, GET, PUT, POST, DELETE, PATCH');

  43.             if ($allowMethods) {

  44.                 $response = $response->withHeader('Access-Control-Allow-Methods', $allowMethods);

  45.             }

  46.             $allowCredentials = $this->getProperty('allowCredentials', 'true');

  47.             if ($allowCredentials) {

  48.                 $response = $response->withHeader('Access-Control-Allow-Credentials', $allowCredentials);

  49.             }

  50.             $maxAge = $this->getProperty('maxAge', '1728000');

  51.             if ($maxAge) {

  52.                 $response = $response->withHeader('Access-Control-Max-Age', $maxAge);

  53.             }

  54.             $exposeHeaders = $this->getProperty('exposeHeaders', '');

  55.             if ($exposeHeaders) {

  56.                 $response = $response->withHeader('Access-Control-Expose-Headers', $exposeHeaders);

  57.             }

  58.         } else {

  59.             $response = $next->handle($request);

  60.         }

  61.         if ($origin) {

  62.             $allowCredentials = $this->getProperty('allowCredentials', 'true');

  63.             if ($allowCredentials) {

  64.                 $response = $response->withHeader('Access-Control-Allow-Credentials', $allowCredentials);

  65.             }

  66.             $response = $response->withHeader('Access-Control-Allow-Origin', $origin);

  67.         }

  68.         return $response;

  69.     }

  70. }