Automatically return allowed HTTP methods for OPTIONS per specific endpoint

This commit is contained in:
Philipp 2022-01-03 19:19:47 +01:00
parent 71272e07ee
commit dc46af5ea1
No known key found for this signature in database
GPG Key ID: 24A7501396EB5432
5 changed files with 177 additions and 34 deletions

View File

@ -41,6 +41,7 @@ use Friendica\Module\Special\Options;
use Friendica\Network\HTTPException;
use Friendica\Network\HTTPException\MethodNotAllowedException;
use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Util\Router\FriendicaGroupCountBased;
use Psr\Log\LoggerInterface;
/**
@ -123,20 +124,18 @@ class Router
*/
public function __construct(array $server, string $baseRoutesFilepath, L10n $l10n, ICanCache $cache, ICanLock $lock, IManageConfigValues $config, Arguments $args, LoggerInterface $logger, Dice $dice, RouteCollector $routeCollector = null)
{
$this->baseRoutesFilepath = $baseRoutesFilepath;
$this->l10n = $l10n;
$this->cache = $cache;
$this->lock = $lock;
$this->args = $args;
$this->config = $config;
$this->dice = $dice;
$this->server = $server;
$this->logger = $logger;
$this->baseRoutesFilepath = $baseRoutesFilepath;
$this->l10n = $l10n;
$this->cache = $cache;
$this->lock = $lock;
$this->args = $args;
$this->config = $config;
$this->dice = $dice;
$this->server = $server;
$this->logger = $logger;
$this->dice_profiler_threshold = $config->get('system', 'dice_profiler_threshold', 0);
$this->routeCollector = isset($routeCollector) ?
$routeCollector :
new RouteCollector(new Std(), new GroupCountBased());
$this->routeCollector = $routeCollector ?? new RouteCollector(new Std(), new GroupCountBased());
if ($this->baseRoutesFilepath && !file_exists($this->baseRoutesFilepath)) {
throw new HTTPException\InternalServerErrorException('Routes file path does\'n exist.');
@ -155,9 +154,7 @@ class Router
*/
public function loadRoutes(array $routes)
{
$routeCollector = (isset($this->routeCollector) ?
$this->routeCollector :
new RouteCollector(new Std(), new GroupCountBased()));
$routeCollector = ($this->routeCollector ?? new RouteCollector(new Std(), new GroupCountBased()));
$this->addRoutes($routeCollector, $routes);
@ -175,7 +172,10 @@ class Router
if ($this->isGroup($config)) {
$this->addGroup($route, $config, $routeCollector);
} elseif ($this->isRoute($config)) {
$routeCollector->addRoute($config[1], $route, $config[0]);
// Always add the OPTIONS endpoint to a route
$httpMethods = (array) $config[1];
$httpMethods[] = Router::OPTIONS;
$routeCollector->addRoute($httpMethods, $route, $config[0]);
} else {
throw new HTTPException\InternalServerErrorException("Wrong route config for route '" . print_r($route, true) . "'");
}
@ -258,23 +258,26 @@ class Router
$cmd = $this->args->getCommand();
$cmd = '/' . ltrim($cmd, '/');
$dispatcher = new Dispatcher\GroupCountBased($this->getCachedDispatchData());
$dispatcher = new FriendicaGroupCountBased($this->getCachedDispatchData());
$this->parameters = [];
$routeInfo = $dispatcher->dispatch($this->args->getMethod(), $cmd);
if ($routeInfo[0] === Dispatcher::FOUND) {
$moduleClass = $routeInfo[1];
$this->parameters = $routeInfo[2];
} elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) {
if ($this->args->getMethod() === static::OPTIONS) {
// Default response for HTTP OPTIONS requests in case there is no special treatment
$moduleClass = Options::class;
} else {
throw new HTTPException\MethodNotAllowedException($this->l10n->t('Method not allowed for this module. Allowed method(s): %s', implode(', ', $routeInfo[1])));
}
// Check if the HTTP method ist OPTIONS and return the special Options Module with the possible HTTP methods
if ($this->args->getMethod() === static::OPTIONS) {
$routeOptions = $dispatcher->getOptions($cmd);
$moduleClass = Options::class;
$this->parameters = ['allowedMethods' => $routeOptions];
} else {
throw new HTTPException\NotFoundException($this->l10n->t('Page not found.'));
$routeInfo = $dispatcher->dispatch($this->args->getMethod(), $cmd);
if ($routeInfo[0] === Dispatcher::FOUND) {
$moduleClass = $routeInfo[1];
$this->parameters = $routeInfo[2];
} elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) {
throw new HTTPException\MethodNotAllowedException($this->l10n->t('Method not allowed for this module. Allowed method(s): %s', implode(', ', $routeInfo[1])));
} else {
throw new HTTPException\NotFoundException($this->l10n->t('Page not found.'));
}
}
return $moduleClass;
@ -374,13 +377,13 @@ class Router
*/
private function getCachedDispatchData()
{
$routerDispatchData = $this->cache->get('routerDispatchData');
$routerDispatchData = $this->cache->get('routerDispatchData');
$lastRoutesFileModifiedTime = $this->cache->get('lastRoutesFileModifiedTime');
$forceRecompute = false;
$forceRecompute = false;
if ($this->baseRoutesFilepath) {
$routesFileModifiedTime = filemtime($this->baseRoutesFilepath);
$forceRecompute = $lastRoutesFileModifiedTime != $routesFileModifiedTime;
$forceRecompute = $lastRoutesFileModifiedTime != $routesFileModifiedTime;
}
if (!$forceRecompute && $routerDispatchData) {

View File

@ -1,16 +1,48 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Module\Special;
use Friendica\App\Router;
use Friendica\BaseModule;
/**
* Returns the allowed HTTP methods based on the route information
*
* It's a special class which shouldn't be called directly
*
* @see Router::getModuleClass()
*/
class Options extends BaseModule
{
protected function options(array $request = [])
{
$allowedMethods = $this->parameters['AllowedMethods'] ?? [];
if (empty($allowedMethods)) {
$allowedMethods = Router::ALLOWED_METHODS;
}
// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
$this->response->setHeader(implode(',', Router::ALLOWED_METHODS), 'Allow');
$this->response->setHeader(implode(',', $allowedMethods), 'Allow');
$this->response->setStatus(204);
}
}

View File

@ -0,0 +1,62 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Util\Router;
use FastRoute\Dispatcher\GroupCountBased;
/**
* Extends the Fast-Router collector for getting the possible HTTP method options for a given URI
*/
class FriendicaGroupCountBased extends GroupCountBased
{
/**
* Returns all possible HTTP methods for a given URI
*
* @param $uri
*
* @return array
*
* @todo Distinguish between an invalid route and the asterisk (*) default route
*/
public function getOptions($uri): array
{
$varRouteData = $this->variableRouteData;
// Find allowed methods for this URI by matching against all other HTTP methods as well
$allowedMethods = [];
foreach ($this->staticRouteMap as $method => $uriMap) {
if (isset($uriMap[$uri])) {
$allowedMethods[] = $method;
}
}
foreach ($varRouteData as $method => $routeData) {
$result = $this->dispatchVariableRoute($routeData, $uri);
if ($result[0] === self::FOUND) {
$allowedMethods[] = $method;
}
}
return $allowedMethods;
}
}

View File

@ -10,7 +10,7 @@ use Friendica\Test\FixtureTest;
class OptionsTest extends FixtureTest
{
public function testOptions()
public function testOptionsAll()
{
$this->useHttpMethod(Router::OPTIONS);
@ -25,4 +25,22 @@ class OptionsTest extends FixtureTest
], $response->getHeaders());
self::assertEquals(implode(',', Router::ALLOWED_METHODS), $response->getHeaderLine('Allow'));
}
public function testOptionsSpecific()
{
$this->useHttpMethod(Router::OPTIONS);
$response = (new Options(DI::l10n(), DI::baseUrl(), DI::args(), DI::logger(), DI::profiler(), DI::apiResponse(), [], [
'AllowedMethods' => [Router::GET, Router::POST],
]))->run();
self::assertEmpty((string)$response->getBody());
self::assertEquals(204, $response->getStatusCode());
self::assertEquals('No Content', $response->getReasonPhrase());
self::assertEquals([
'Allow' => [implode(',', [Router::GET, Router::POST])],
ICanCreateResponses::X_HEADER => ['html'],
], $response->getHeaders());
self::assertEquals(implode(',', [Router::GET, Router::POST]), $response->getHeaderLine('Allow'));
}
}

View File

@ -0,0 +1,28 @@
<?php
namespace Friendica\Test\src\Util\Router;
use FastRoute\DataGenerator\GroupCountBased;
use FastRoute\RouteCollector;
use FastRoute\RouteParser\Std;
use Friendica\Module\Special\Options;
use Friendica\Test\MockedTest;
use Friendica\Util\Router\FriendicaGroupCountBased;
class FriendicaGroupCountBasedTest extends MockedTest
{
public function testOptions()
{
$collector = new RouteCollector(new Std(), new GroupCountBased());
$collector->addRoute('GET', '/get', Options::class);
$collector->addRoute('POST', '/post', Options::class);
$collector->addRoute('GET', '/multi', Options::class);
$collector->addRoute('POST', '/multi', Options::class);
$dispatcher = new FriendicaGroupCountBased($collector->getData());
self::assertEquals(['GET'], $dispatcher->getOptions('/get'));
self::assertEquals(['POST'], $dispatcher->getOptions('/post'));
self::assertEquals(['GET', 'POST'], $dispatcher->getOptions('/multi'));
}
}