Development

- Moved request-types constants from abstract Route class to global Request-class and changed references.
- Changed code to use new global request-type constants.
- Optimized InputHandler class so it only parses inputs once when calling all-method.
- Forced csrf-token post-value are now availible in all requestTypePost methods.
This commit is contained in:
Simon Sessingø
2021-03-21 14:52:34 +01:00
parent 2ff278baef
commit e8a1eac167
7 changed files with 93 additions and 64 deletions
+39 -26
View File
@@ -27,6 +27,24 @@ class InputHandler
*/
protected $request;
/**
* Original post variables
* @var array
*/
protected $originalPost = [];
/**
* Original get variables
* @var array
*/
protected $originalGet = [];
/**
* Get original file variables
* @var array
*/
protected $originalFile = [];
/**
* Input constructor.
* @param Request $request
@@ -46,22 +64,34 @@ class InputHandler
{
/* Parse get requests */
if (\count($_GET) !== 0) {
$this->get = $this->parseInputItem($_GET);
$this->originalGet = $_GET;
$this->get = $this->parseInputItem($this->originalGet);
}
/* Parse post requests */
$postVars = $_POST;
$this->originalPost = $_POST;
if (\in_array($this->request->getMethod(), ['put', 'patch', 'delete'], false) === true) {
parse_str(file_get_contents('php://input'), $postVars);
if (\in_array($this->request->getMethod(), Request::$requestTypesPost, false) === true) {
$contents = file_get_contents('php://input');
// Append any PHP-input json
if (strpos(trim($contents), '{') === 0) {
$post = json_decode($contents, true);
if ($post !== false) {
$this->originalPost += $post;
}
}
}
if (\count($postVars) !== 0) {
$this->post = $this->parseInputItem($postVars);
if (\count($this->originalPost) !== 0) {
$this->post = $this->parseInputItem($this->originalPost);
}
/* Parse get requests */
if (\count($_FILES) !== 0) {
$this->originalFile = $_FILES;
$this->file = $this->parseFiles();
}
}
@@ -192,11 +222,11 @@ class InputHandler
{
$element = null;
if (\count($methods) === 0 || \in_array('get', $methods, true) === true) {
if (\count($methods) === 0 || \in_array(Request::REQUEST_TYPE_GET, $methods, true) === true) {
$element = $this->get($index);
}
if (($element === null && \count($methods) === 0) || (\count($methods) !== 0 && \in_array('post', $methods, true) === true)) {
if (($element === null && \count($methods) === 0) || (\count($methods) !== 0 && \in_array(Request::REQUEST_TYPE_POST, $methods, true) === true)) {
$element = $this->post($index);
}
@@ -288,24 +318,7 @@ class InputHandler
*/
public function all(array $filter = []): array
{
$output = $_GET;
if ($this->request->getMethod() === 'post') {
// Append POST data
$output += $_POST;
$contents = file_get_contents('php://input');
// Append any PHP-input json
if (strpos(trim($contents), '{') === 0) {
$post = json_decode($contents, true);
if ($post !== false) {
$output += $post;
}
}
}
$output = $this->originalGet + $this->originalPost;
$output = (\count($filter) > 0) ? array_intersect_key($output, array_flip($filter)) : $output;
foreach ($filter as $filterKey) {
@@ -63,13 +63,12 @@ class BaseCsrfVerifier implements IMiddleware
*/
public function handle(Request $request): void
{
if ($this->skip($request) === false && \in_array($request->getMethod(), ['post', 'put', 'patch', 'delete'], true) === true) {
if ($this->skip($request) === false && \in_array($request->getMethod(), Request::$requestTypesPost, true) === true) {
$token = $request->getInputHandler()->value(
static::POST_KEY,
$request->getHeader(static::HEADER_KEY) ?? $request->getHeader('HTTP-' . static::HEADER_KEY),
'post'
Request::$requestTypesPost
);
if ($this->tokenProvider->validate((string)$token) === false) {
@@ -80,7 +79,6 @@ class BaseCsrfVerifier implements IMiddleware
// Refresh existing token
$this->tokenProvider->refresh();
}
public function getTokenProvider(): ITokenProvider
+33
View File
@@ -10,6 +10,39 @@ use Pecee\SimpleRouter\SimpleRouter;
class Request
{
public const REQUEST_TYPE_GET = 'get';
public const REQUEST_TYPE_POST = 'post';
public const REQUEST_TYPE_PUT = 'put';
public const REQUEST_TYPE_PATCH = 'patch';
public const REQUEST_TYPE_OPTIONS = 'options';
public const REQUEST_TYPE_DELETE = 'delete';
public const REQUEST_TYPE_HEAD = 'head';
/**
* All request-types
* @var string[]
*/
public static $requestTypes = [
self::REQUEST_TYPE_GET,
self::REQUEST_TYPE_POST,
self::REQUEST_TYPE_PUT,
self::REQUEST_TYPE_PATCH,
self::REQUEST_TYPE_OPTIONS,
self::REQUEST_TYPE_DELETE,
self::REQUEST_TYPE_HEAD,
];
/**
* Post request-types.
* @var string[]
*/
public static $requestTypesPost = [
self::REQUEST_TYPE_POST,
self::REQUEST_TYPE_PUT,
self::REQUEST_TYPE_PATCH,
self::REQUEST_TYPE_DELETE,
];
/**
* Additional data
*