MediaWiki  master
Origin.php
Go to the documentation of this file.
1 <?php
2 
4 
5 use Wikimedia\Assert\Assert;
6 
12 class Origin extends HeaderParserBase {
13 
14  public const HEADER_NAME = 'Origin';
15 
17  private $isNullOrigin;
18 
20  private $origins = [];
21 
28  public static function parseHeaderList( array $headerList ): self {
29  $parser = new self( $headerList );
30  $parser->execute();
31  return $parser;
32  }
33 
39  public function isNullOrigin(): bool {
40  return $this->isNullOrigin;
41  }
42 
48  public function isMultiOrigin(): bool {
49  return count( $this->getOriginList() ) > 1;
50  }
51 
57  public function getOriginList(): array {
58  return $this->origins;
59  }
60 
64  public function getSingleOrigin(): string {
65  Assert::precondition( !$this->isMultiOrigin(),
66  'Cannot get single origin, header specifies multiple' );
67  return $this->getOriginList()[0];
68  }
69 
77  public function match( array $allowList, array $excludeList ): bool {
78  if ( $this->isNullOrigin() ) {
79  return false;
80  }
81 
82  foreach ( $this->getOriginList() as $origin ) {
83  if ( !self::matchSingleOrigin( $origin, $allowList, $excludeList ) ) {
84  return false;
85  }
86  }
87  return true;
88  }
89 
98  private static function matchSingleOrigin( string $origin, array $allowList, array $excludeList ): bool {
99  foreach ( $allowList as $rule ) {
100  if ( preg_match( self::wildcardToRegex( $rule ), $origin ) ) {
101  // Rule matches, check exceptions
102  foreach ( $excludeList as $exc ) {
103  if ( preg_match( self::wildcardToRegex( $exc ), $origin ) ) {
104  return false;
105  }
106  }
107 
108  return true;
109  }
110  }
111 
112  return false;
113  }
114 
120  private function __construct( array $input ) {
121  if ( count( $input ) !== 1 ) {
122  $this->error( 'Only a single Origin header field allowed in HTTP request' );
123  }
124  $this->setInput( trim( $input[0] ) );
125  }
126 
127  private function execute() {
128  if ( $this->input === 'null' ) {
129  $this->isNullOrigin = true;
130  } else {
131  $this->isNullOrigin = false;
132  $this->origins = preg_split( '/\s+/', $this->input );
133  if ( count( $this->origins ) === 0 ) {
134  $this->error( 'Origin header must contain at least one origin' );
135  }
136  }
137  }
138 
147  private static function wildcardToRegex( $wildcard ) {
148  $wildcard = preg_quote( $wildcard, '/' );
149  $wildcard = str_replace(
150  [ '\*', '\?' ],
151  [ '.*?', '.' ],
152  $wildcard
153  );
154 
155  return "/^https?:\/\/$wildcard$/";
156  }
157 }
MediaWiki\Rest\HeaderParser\HeaderParserBase\setInput
setInput( $input)
Set the input, and derived convenience properties.
Definition: HeaderParserBase.php:29
MediaWiki\Rest\HeaderParser\Origin\execute
execute()
Definition: Origin.php:127
MediaWiki\Rest\HeaderParser\Origin\isNullOrigin
isNullOrigin()
Whether the Origin header was explicitly set to null.
Definition: Origin.php:39
MediaWiki\Rest\HeaderParser\HeaderParserBase
Definition: HeaderParserBase.php:8
MediaWiki\Rest\HeaderParser\Origin\parseHeaderList
static parseHeaderList(array $headerList)
Parse an Origin header list as returned by RequestInterface::getHeader().
Definition: Origin.php:28
MediaWiki\Rest\HeaderParser\Origin\HEADER_NAME
const HEADER_NAME
Definition: Origin.php:14
MediaWiki\Rest\HeaderParser\Origin\getOriginList
getOriginList()
Get the list of origins.
Definition: Origin.php:57
MediaWiki\Rest\HeaderParser\Origin\wildcardToRegex
static wildcardToRegex( $wildcard)
Helper function to convert wildcard string into a regex '*' => '.
Definition: Origin.php:147
MediaWiki\Rest\HeaderParser\Origin\isMultiOrigin
isMultiOrigin()
Whether the Origin header contains multiple origins.
Definition: Origin.php:48
MediaWiki\Rest\HeaderParser\Origin\matchSingleOrigin
static matchSingleOrigin(string $origin, array $allowList, array $excludeList)
Checks whether the origin matches at list one of the provided rules in $allowList.
Definition: Origin.php:98
MediaWiki\Rest\HeaderParser\Origin\$origins
array $origins
List of specified origins.
Definition: Origin.php:20
MediaWiki\Rest\HeaderParser\HeaderParserBase\$input
string $input
The input string being processed.
Definition: HeaderParserBase.php:12
MediaWiki\Rest\HeaderParser\HeaderParserBase\error
error( $message)
Throw an exception to indicate a parse error.
Definition: HeaderParserBase.php:66
MediaWiki\Rest\HeaderParser\Origin\getSingleOrigin
getSingleOrigin()
Definition: Origin.php:64
MediaWiki\Rest\HeaderParser\Origin
A class to assist with the parsing of Origin header according to the RFC 6454 https://tools....
Definition: Origin.php:12
MediaWiki\Rest\HeaderParser
Definition: HeaderParserBase.php:3
MediaWiki\Rest\HeaderParser\Origin\$isNullOrigin
bool $isNullOrigin
whether the origin was set to null
Definition: Origin.php:17
MediaWiki\Rest\HeaderParser\Origin\match
match(array $allowList, array $excludeList)
Check whether all the origins match at least one of the rules in $allowList.
Definition: Origin.php:77
MediaWiki\Rest\HeaderParser\Origin\__construct
__construct(array $input)
Private constructor.
Definition: Origin.php:120