Automatically return allowed HTTP methods for OPTIONS per specific endpoint

This commit is contained in:
Philipp 2022-01-03 19:19:47 +01:00
parent 71272e07ee
commit dc46af5ea1
No known key found for this signature in database
GPG key ID: 24A7501396EB5432
5 changed files with 177 additions and 34 deletions

View file

@ -41,6 +41,7 @@ use Friendica\Module\Special\Options;
use Friendica\Network\HTTPException; use Friendica\Network\HTTPException;
use Friendica\Network\HTTPException\MethodNotAllowedException; use Friendica\Network\HTTPException\MethodNotAllowedException;
use Friendica\Network\HTTPException\NotFoundException; use Friendica\Network\HTTPException\NotFoundException;
use Friendica\Util\Router\FriendicaGroupCountBased;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
/** /**
@ -134,9 +135,7 @@ class Router
$this->logger = $logger; $this->logger = $logger;
$this->dice_profiler_threshold = $config->get('system', 'dice_profiler_threshold', 0); $this->dice_profiler_threshold = $config->get('system', 'dice_profiler_threshold', 0);
$this->routeCollector = isset($routeCollector) ? $this->routeCollector = $routeCollector ?? new RouteCollector(new Std(), new GroupCountBased());
$routeCollector :
new RouteCollector(new Std(), new GroupCountBased());
if ($this->baseRoutesFilepath && !file_exists($this->baseRoutesFilepath)) { if ($this->baseRoutesFilepath && !file_exists($this->baseRoutesFilepath)) {
throw new HTTPException\InternalServerErrorException('Routes file path does\'n exist.'); throw new HTTPException\InternalServerErrorException('Routes file path does\'n exist.');
@ -155,9 +154,7 @@ class Router
*/ */
public function loadRoutes(array $routes) public function loadRoutes(array $routes)
{ {
$routeCollector = (isset($this->routeCollector) ? $routeCollector = ($this->routeCollector ?? new RouteCollector(new Std(), new GroupCountBased()));
$this->routeCollector :
new RouteCollector(new Std(), new GroupCountBased()));
$this->addRoutes($routeCollector, $routes); $this->addRoutes($routeCollector, $routes);
@ -175,7 +172,10 @@ class Router
if ($this->isGroup($config)) { if ($this->isGroup($config)) {
$this->addGroup($route, $config, $routeCollector); $this->addGroup($route, $config, $routeCollector);
} elseif ($this->isRoute($config)) { } elseif ($this->isRoute($config)) {
$routeCollector->addRoute($config[1], $route, $config[0]); // Always add the OPTIONS endpoint to a route
$httpMethods = (array) $config[1];
$httpMethods[] = Router::OPTIONS;
$routeCollector->addRoute($httpMethods, $route, $config[0]);
} else { } else {
throw new HTTPException\InternalServerErrorException("Wrong route config for route '" . print_r($route, true) . "'"); throw new HTTPException\InternalServerErrorException("Wrong route config for route '" . print_r($route, true) . "'");
} }
@ -258,24 +258,27 @@ class Router
$cmd = $this->args->getCommand(); $cmd = $this->args->getCommand();
$cmd = '/' . ltrim($cmd, '/'); $cmd = '/' . ltrim($cmd, '/');
$dispatcher = new Dispatcher\GroupCountBased($this->getCachedDispatchData()); $dispatcher = new FriendicaGroupCountBased($this->getCachedDispatchData());
$this->parameters = []; $this->parameters = [];
// Check if the HTTP method ist OPTIONS and return the special Options Module with the possible HTTP methods
if ($this->args->getMethod() === static::OPTIONS) {
$routeOptions = $dispatcher->getOptions($cmd);
$moduleClass = Options::class;
$this->parameters = ['allowedMethods' => $routeOptions];
} else {
$routeInfo = $dispatcher->dispatch($this->args->getMethod(), $cmd); $routeInfo = $dispatcher->dispatch($this->args->getMethod(), $cmd);
if ($routeInfo[0] === Dispatcher::FOUND) { if ($routeInfo[0] === Dispatcher::FOUND) {
$moduleClass = $routeInfo[1]; $moduleClass = $routeInfo[1];
$this->parameters = $routeInfo[2]; $this->parameters = $routeInfo[2];
} elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) { } elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) {
if ($this->args->getMethod() === static::OPTIONS) {
// Default response for HTTP OPTIONS requests in case there is no special treatment
$moduleClass = Options::class;
} else {
throw new HTTPException\MethodNotAllowedException($this->l10n->t('Method not allowed for this module. Allowed method(s): %s', implode(', ', $routeInfo[1]))); throw new HTTPException\MethodNotAllowedException($this->l10n->t('Method not allowed for this module. Allowed method(s): %s', implode(', ', $routeInfo[1])));
}
} else { } else {
throw new HTTPException\NotFoundException($this->l10n->t('Page not found.')); throw new HTTPException\NotFoundException($this->l10n->t('Page not found.'));
} }
}
return $moduleClass; return $moduleClass;
} }

View file

@ -1,16 +1,48 @@
<?php <?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Module\Special; namespace Friendica\Module\Special;
use Friendica\App\Router; use Friendica\App\Router;
use Friendica\BaseModule; use Friendica\BaseModule;
/**
* Returns the allowed HTTP methods based on the route information
*
* It's a special class which shouldn't be called directly
*
* @see Router::getModuleClass()
*/
class Options extends BaseModule class Options extends BaseModule
{ {
protected function options(array $request = []) protected function options(array $request = [])
{ {
$allowedMethods = $this->parameters['AllowedMethods'] ?? [];
if (empty($allowedMethods)) {
$allowedMethods = Router::ALLOWED_METHODS;
}
// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
$this->response->setHeader(implode(',', Router::ALLOWED_METHODS), 'Allow'); $this->response->setHeader(implode(',', $allowedMethods), 'Allow');
$this->response->setStatus(204); $this->response->setStatus(204);
} }
} }

View file

@ -0,0 +1,62 @@
<?php
/**
* @copyright Copyright (C) 2010-2022, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
namespace Friendica\Util\Router;
use FastRoute\Dispatcher\GroupCountBased;
/**
* Extends the Fast-Router collector for getting the possible HTTP method options for a given URI
*/
class FriendicaGroupCountBased extends GroupCountBased
{
/**
* Returns all possible HTTP methods for a given URI
*
* @param $uri
*
* @return array
*
* @todo Distinguish between an invalid route and the asterisk (*) default route
*/
public function getOptions($uri): array
{
$varRouteData = $this->variableRouteData;
// Find allowed methods for this URI by matching against all other HTTP methods as well
$allowedMethods = [];
foreach ($this->staticRouteMap as $method => $uriMap) {
if (isset($uriMap[$uri])) {
$allowedMethods[] = $method;
}
}
foreach ($varRouteData as $method => $routeData) {
$result = $this->dispatchVariableRoute($routeData, $uri);
if ($result[0] === self::FOUND) {
$allowedMethods[] = $method;
}
}
return $allowedMethods;
}
}

View file

@ -10,7 +10,7 @@ use Friendica\Test\FixtureTest;
class OptionsTest extends FixtureTest class OptionsTest extends FixtureTest
{ {
public function testOptions() public function testOptionsAll()
{ {
$this->useHttpMethod(Router::OPTIONS); $this->useHttpMethod(Router::OPTIONS);
@ -25,4 +25,22 @@ class OptionsTest extends FixtureTest
], $response->getHeaders()); ], $response->getHeaders());
self::assertEquals(implode(',', Router::ALLOWED_METHODS), $response->getHeaderLine('Allow')); self::assertEquals(implode(',', Router::ALLOWED_METHODS), $response->getHeaderLine('Allow'));
} }
public function testOptionsSpecific()
{
$this->useHttpMethod(Router::OPTIONS);
$response = (new Options(DI::l10n(), DI::baseUrl(), DI::args(), DI::logger(), DI::profiler(), DI::apiResponse(), [], [
'AllowedMethods' => [Router::GET, Router::POST],
]))->run();
self::assertEmpty((string)$response->getBody());
self::assertEquals(204, $response->getStatusCode());
self::assertEquals('No Content', $response->getReasonPhrase());
self::assertEquals([
'Allow' => [implode(',', [Router::GET, Router::POST])],
ICanCreateResponses::X_HEADER => ['html'],
], $response->getHeaders());
self::assertEquals(implode(',', [Router::GET, Router::POST]), $response->getHeaderLine('Allow'));
}
} }

View file

@ -0,0 +1,28 @@
<?php
namespace Friendica\Test\src\Util\Router;
use FastRoute\DataGenerator\GroupCountBased;
use FastRoute\RouteCollector;
use FastRoute\RouteParser\Std;
use Friendica\Module\Special\Options;
use Friendica\Test\MockedTest;
use Friendica\Util\Router\FriendicaGroupCountBased;
class FriendicaGroupCountBasedTest extends MockedTest
{
public function testOptions()
{
$collector = new RouteCollector(new Std(), new GroupCountBased());
$collector->addRoute('GET', '/get', Options::class);
$collector->addRoute('POST', '/post', Options::class);
$collector->addRoute('GET', '/multi', Options::class);
$collector->addRoute('POST', '/multi', Options::class);
$dispatcher = new FriendicaGroupCountBased($collector->getData());
self::assertEquals(['GET'], $dispatcher->getOptions('/get'));
self::assertEquals(['POST'], $dispatcher->getOptions('/post'));
self::assertEquals(['GET', 'POST'], $dispatcher->getOptions('/multi'));
}
}