laravel-websockets/src/HttpApi/Controllers/Controller.php

<?php

namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;

use Exception;
use Pusher\Pusher;
use Illuminate\Support\Arr;
use Illuminate\Http\Request;
use GuzzleHttp\Psr7\Response;
use Ratchet\ConnectionInterface;
use Illuminate\Http\JsonResponse;
use GuzzleHttp\Psr7\ServerRequest;
use Illuminate\Support\Collection;
use React\Promise\PromiseInterface;
use Ratchet\Http\HttpServerInterface;
use Psr\Http\Message\RequestInterface;
use BeyondCode\LaravelWebSockets\Apps\App;
use BeyondCode\LaravelWebSockets\QueryParameters;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;
use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;

abstract class Controller implements HttpServerInterface
{
    /** @var string */
    protected $requestBuffer = '';

    /** @var RequestInterface */
    protected $request;

    /** @var int */
    protected $contentLength;

    /** @var ChannelManager */
    protected $channelManager;

    public function __construct(ChannelManager $channelManager)
    {
        $this->channelManager = $channelManager;
    }

    public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)
    {
        $this->request = $request;

        $this->contentLength = $this->findContentLength($request->getHeaders());

        $this->requestBuffer = (string) $request->getBody();

        if (! $this->verifyContentLength()) {
            return;
        }

        $this->handleRequest($connection);
    }

    protected function findContentLength(array $headers): int
    {
        return Collection::make($headers)->first(function ($values, $header) {
            return strtolower($header) === 'content-length';
        })[0] ?? 0;
    }

    public function onMessage(ConnectionInterface $from, $msg)
    {
        $this->requestBuffer .= $msg;

        if (! $this->verifyContentLength()) {
            return;
        }

        $this->handleRequest($from);
    }

    protected function verifyContentLength()
    {
        return strlen($this->requestBuffer) === $this->contentLength;
    }

    protected function handleRequest(ConnectionInterface $connection)
    {
        $serverRequest = (new ServerRequest(
            $this->request->getMethod(),
            $this->request->getUri(),
            $this->request->getHeaders(),
            $this->requestBuffer,
            $this->request->getProtocolVersion()
        ))->withQueryParams(QueryParameters::create($this->request)->all());

        $laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));

        $this
            ->ensureValidAppId($laravelRequest->appId)
            ->ensureValidSignature($laravelRequest);

        // Invoke the controller action
        $response = $this($laravelRequest);

        // Allow for async IO in the controller action
        if ($response instanceof PromiseInterface) {
            $response->then(function ($response) use ($connection) {
                $this->sendAndClose($connection, $response);
            });

            return;
        }

        $this->sendAndClose($connection, $response);
    }

    protected function sendAndClose(ConnectionInterface $connection, $response)
    {
        $connection->send(JsonResponse::create($response));
        $connection->close();
    }

    public function onClose(ConnectionInterface $connection)
    {
    }

    public function onError(ConnectionInterface $connection, Exception $exception)
    {
        if (! $exception instanceof HttpException) {
            return;
        }

        $response = new Response($exception->getStatusCode(), [
            'Content-Type' => 'application/json',
        ], json_encode([
            'error' => $exception->getMessage(),
        ]));

        $connection->send(\GuzzleHttp\Psr7\str($response));

        $connection->close();
    }

    public function ensureValidAppId(string $appId)
    {
        if (! App::findById($appId)) {
            throw new HttpException(401, "Unknown app id `{$appId}` provided.");
        }

        return $this;
    }

    protected function ensureValidSignature(Request $request)
    {
        /*
         * The `auth_signature` & `body_md5` parameters are not included when calculating the `auth_signature` value.
         *
         * The `appId`, `appKey` & `channelName` parameters are actually route parameters and are never supplied by the client.
         */
        $params = Arr::except($request->query(), ['auth_signature', 'body_md5', 'appId', 'appKey', 'channelName']);

        if ($request->getContent() !== '') {
            $params['body_md5'] = md5($request->getContent());
        }

        ksort($params);

        $signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);

        $authSignature = hash_hmac('sha256', $signature, App::findById($request->get('appId'))->secret);

        if ($authSignature !== $request->get('auth_signature')) {
            throw new HttpException(401, 'Invalid auth signature provided.');
        }

        return $this;
    }

    abstract public function __invoke(Request $request);
}
wip 2018-11-20 13:50:37 +00:00			`<?php`

wip 2018-11-27 15:42:19 +00:00			`namespace BeyondCode\LaravelWebSockets\HttpApi\Controllers;`
wip 2018-11-20 13:50:37 +00:00
wip 2018-11-22 20:36:25 +00:00			`use Exception;`
Fix signature validation (#38) * Add failing test * Fix signature validation * Fix tests to generate correct signatures * StyleCI fix * Ignore route params when validating the signature * Fix tests to add route params next to signature * StyleCI fixes 2019-01-02 21:30:57 +00:00			`use Pusher\Pusher;`
Add support for Laravel 5.8 (#122) * Fix Laravel 5.8 compatibility * Use Arr:: and Str:: instead of global helpers * Remove testbench-core dependency, release was tagged 2019-02-27 14:27:21 +00:00			`use Illuminate\Support\Arr;`
wip 2018-11-21 11:13:40 +00:00			`use Illuminate\Http\Request;`
wip 2018-11-22 20:36:25 +00:00			`use GuzzleHttp\Psr7\Response;`
wip 2018-11-20 13:50:37 +00:00			`use Ratchet\ConnectionInterface;`
			`use Illuminate\Http\JsonResponse;`
wip 2018-11-21 11:13:40 +00:00			`use GuzzleHttp\Psr7\ServerRequest;`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`use Illuminate\Support\Collection;`
Implement presence channel storage in Redis 2019-03-29 19:33:46 +00:00			`use React\Promise\PromiseInterface;`
wip 2018-11-20 13:50:37 +00:00			`use Ratchet\Http\HttpServerInterface;`
			`use Psr\Http\Message\RequestInterface;`
Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`use BeyondCode\LaravelWebSockets\Apps\App;`
			`use BeyondCode\LaravelWebSockets\QueryParameters;`
wip 2018-11-22 20:36:25 +00:00			`use Symfony\Component\HttpKernel\Exception\HttpException;`
wip 2018-11-21 11:13:40 +00:00			`use Symfony\Bridge\PsrHttpMessage\Factory\HttpFoundationFactory;`
fix namespaces 2018-11-27 15:35:28 +00:00			`use BeyondCode\LaravelWebSockets\WebSockets\Channels\ChannelManager;`
wip 2018-11-20 13:50:37 +00:00
wip 2018-11-27 14:59:02 +00:00			`abstract class Controller implements HttpServerInterface`
wip 2018-11-20 13:50:37 +00:00			`{`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`/** @var string */`
			`protected $requestBuffer = '';`

			`/** @var RequestInterface */`
			`protected $request;`

			`/** @var int */`
			`protected $contentLength;`

Implement presence channel storage in Redis 2019-03-29 19:33:46 +00:00			`/** @var ChannelManager */`
wip 2018-11-22 23:24:40 +00:00			`protected $channelManager;`

			`public function __construct(ChannelManager $channelManager)`
			`{`
			`$this->channelManager = $channelManager;`
			`}`

wip 2018-11-22 20:36:25 +00:00			`public function onOpen(ConnectionInterface $connection, RequestInterface $request = null)`
wip 2018-11-20 13:50:37 +00:00			`{`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`$this->request = $request;`
wip 2018-11-21 11:13:40 +00:00
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`$this->contentLength = $this->findContentLength($request->getHeaders());`
wip 2018-11-22 20:36:25 +00:00
Apply fixes from StyleCI (#123) 2019-02-27 14:23:47 +00:00			`$this->requestBuffer = (string) $request->getBody();`
wip 2018-11-22 20:36:25 +00:00
Initial implementation of Redis as a pub/sub backend, WIP TODO: - Presence channels need the user lists stored in Redis (tricky, requires a lot of changes and async code in HTTP controllers) - Channels in Redis should be scoped by the app ID 2019-03-25 22:00:54 +00:00			`if (! $this->verifyContentLength()) {`
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`return;`
			`}`

			`$this->handleRequest($connection);`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`}`
wip 2018-11-22 20:36:25 +00:00
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`protected function findContentLength(array $headers): int`
			`{`
			`return Collection::make($headers)->first(function ($values, $header) {`
			`return strtolower($header) === 'content-length';`
Fix content length method 2019-02-27 14:27:51 +00:00			`})[0] ?? 0;`
wip 2018-11-20 13:50:37 +00:00			`}`

Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`public function onMessage(ConnectionInterface $from, $msg)`
wip 2018-11-20 13:50:37 +00:00			`{`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`$this->requestBuffer .= $msg;`

Initial implementation of Redis as a pub/sub backend, WIP TODO: - Presence channels need the user lists stored in Redis (tricky, requires a lot of changes and async code in HTTP controllers) - Channels in Redis should be scoped by the app ID 2019-03-25 22:00:54 +00:00			`if (! $this->verifyContentLength()) {`
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`return;`
			`}`

			`$this->handleRequest($from);`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`}`

Initial implementation of Redis as a pub/sub backend, WIP TODO: - Presence channels need the user lists stored in Redis (tricky, requires a lot of changes and async code in HTTP controllers) - Channels in Redis should be scoped by the app ID 2019-03-25 22:00:54 +00:00			`protected function verifyContentLength()`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00			`{`
Initial implementation of Redis as a pub/sub backend, WIP TODO: - Presence channels need the user lists stored in Redis (tricky, requires a lot of changes and async code in HTTP controllers) - Channels in Redis should be scoped by the app ID 2019-03-25 22:00:54 +00:00			`return strlen($this->requestBuffer) === $this->contentLength;`
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`}`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`protected function handleRequest(ConnectionInterface $connection)`
			`{`
			`$serverRequest = (new ServerRequest(`
			`$this->request->getMethod(),`
			`$this->request->getUri(),`
			`$this->request->getHeaders(),`
			`$this->requestBuffer,`
			`$this->request->getProtocolVersion()`
			`))->withQueryParams(QueryParameters::create($this->request)->all());`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`$laravelRequest = Request::createFromBase((new HttpFoundationFactory)->createRequest($serverRequest));`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`$this`
			`->ensureValidAppId($laravelRequest->appId)`
			`->ensureValidSignature($laravelRequest);`
Use content length check for requests split into multiple messages 2019-02-27 14:24:00 +00:00
Implement presence channel storage in Redis 2019-03-29 19:33:46 +00:00			`// Invoke the controller action`
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`$response = $this($laravelRequest);`

Implement presence channel storage in Redis 2019-03-29 19:33:46 +00:00			`// Allow for async IO in the controller action`
			`if ($response instanceof PromiseInterface) {`
			`$response->then(function ($response) use ($connection) {`
			`$this->sendAndClose($connection, $response);`
			`});`

			`return;`
			`}`

			`$this->sendAndClose($connection, $response);`
			`}`

			`protected function sendAndClose(ConnectionInterface $connection, $response)`
			`{`
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			`$connection->send(JsonResponse::create($response));`
			`$connection->close();`
nitpicks 2018-11-21 23:10:47 +00:00			`}`

Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`public function onClose(ConnectionInterface $connection)`
nitpicks 2018-11-21 23:10:47 +00:00			`{`
			`}`

Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`public function onError(ConnectionInterface $connection, Exception $exception)`
wip 2018-11-22 20:36:25 +00:00			`{`
nitpick 2018-11-26 22:04:20 +00:00			`if (! $exception instanceof HttpException) {`
			`return;`
wip 2018-11-22 20:36:25 +00:00			`}`
nitpick 2018-11-26 22:04:20 +00:00
			`$response = new Response($exception->getStatusCode(), [`
Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`'Content-Type' => 'application/json',`
nitpick 2018-11-26 22:04:20 +00:00			`], json_encode([`
Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`'error' => $exception->getMessage(),`
nitpick 2018-11-26 22:04:20 +00:00			`]));`

wip 2018-11-28 21:37:10 +00:00			`$connection->send(\GuzzleHttp\Psr7\str($response));`
fire event on exception 2018-11-26 22:15:03 +00:00
nitpick 2018-11-26 22:04:20 +00:00			`$connection->close();`
wip 2018-11-22 20:36:25 +00:00			`}`

nitpicks 2018-11-26 08:03:04 +00:00			`public function ensureValidAppId(string $appId)`
nitpicks 2018-11-21 23:10:47 +00:00			`{`
rename client to app 2018-12-01 13:17:32 +00:00			`if (! App::findById($appId)) {`
nitpicks 2018-11-26 08:03:04 +00:00			throw new HttpException(401, "Unknown app id `{$appId}` provided.");
wip 2018-11-22 20:36:25 +00:00			`}`
commit 2018-11-24 00:53:20 +00:00
wip 2018-11-26 19:50:02 +00:00			`return $this;`
wip 2018-11-20 13:50:37 +00:00			`}`

nitpicks 2018-11-26 08:03:04 +00:00			`protected function ensureValidSignature(Request $request)`
wip 2018-11-24 14:36:13 +00:00			`{`
Fix signature validation (#38) * Add failing test * Fix signature validation * Fix tests to generate correct signatures * StyleCI fix * Ignore route params when validating the signature * Fix tests to add route params next to signature * StyleCI fixes 2019-01-02 21:30:57 +00:00			`/*`
			* The `auth_signature` & `body_md5` parameters are not included when calculating the `auth_signature` value.
			`*`
Clean up some typos, add some type hints, StyleCI fixes 2019-03-24 04:56:47 +00:00			* The `appId`, `appKey` & `channelName` parameters are actually route parameters and are never supplied by the client.
Fix signature validation (#38) * Add failing test * Fix signature validation * Fix tests to generate correct signatures * StyleCI fix * Ignore route params when validating the signature * Fix tests to add route params next to signature * StyleCI fixes 2019-01-02 21:30:57 +00:00			`*/`
Add support for Laravel 5.8 (#122) * Fix Laravel 5.8 compatibility * Use Arr:: and Str:: instead of global helpers * Remove testbench-core dependency, release was tagged 2019-02-27 14:27:21 +00:00			`$params = Arr::except($request->query(), ['auth_signature', 'body_md5', 'appId', 'appKey', 'channelName']);`
wip 2018-11-24 14:36:13 +00:00
Fix app secret. Only add the md5 of the body, if it's present 2018-12-03 09:08:25 +00:00			`if ($request->getContent() !== '') {`
Fix signature validation (#38) * Add failing test * Fix signature validation * Fix tests to generate correct signatures * StyleCI fix * Ignore route params when validating the signature * Fix tests to add route params next to signature * StyleCI fixes 2019-01-02 21:30:57 +00:00			`$params['body_md5'] = md5($request->getContent());`
Fix app secret. Only add the md5 of the body, if it's present 2018-12-03 09:08:25 +00:00			`}`

Fix signature validation (#38) * Add failing test * Fix signature validation * Fix tests to generate correct signatures * StyleCI fix * Ignore route params when validating the signature * Fix tests to add route params next to signature * StyleCI fixes 2019-01-02 21:30:57 +00:00			`ksort($params);`

			`$signature = "{$request->getMethod()}\n/{$request->path()}\n".Pusher::array_implode('=', '&', $params);`

Fix app secret. Only add the md5 of the body, if it's present 2018-12-03 09:08:25 +00:00			`$authSignature = hash_hmac('sha256', $signature, App::findById($request->get('appId'))->secret);`
wip 2018-11-24 14:36:13 +00:00
			`if ($authSignature !== $request->get('auth_signature')) {`
			`throw new HttpException(401, 'Invalid auth signature provided.');`
			`}`
nitpicks 2018-11-26 08:03:04 +00:00
			`return $this;`
wip 2018-11-24 14:36:13 +00:00			`}`

wip 2018-11-21 11:13:40 +00:00			`abstract public function __invoke(Request $request);`
Apply fixes from StyleCI (#3) 2018-12-04 21:22:33 +00:00			`}`