alpcentaur
/
sncf-docker-compose
mirror of https://git.42l.fr/alpcentaur/sncf-docker-compose.git
1
0
Fork 0
Code Issues 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
20 MiB
Tree: df7e20de4b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'df7e20de4b'
${ noResults }
sncf-docker-compose/docker/overlays/nextcloud/html/lib/private/Http/Client/Client.php

412 lines
14 KiB
Raw Normal View History

first commit
3 years ago
 
  1. <?php
  2. 

  3. declare(strict_types=1);
  4. 

  5. /**
  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.
  7.  *
  8.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9.  * @author Daniel Kesselberg <mail@danielkesselberg.de>
  10.  * @author Joas Schilling <coding@schilljs.com>
  11.  * @author Lukas Reschke <lukas@statuscode.ch>
  12.  * @author Mohammed Abdellatif <m.latief@gmail.com>
  13.  * @author Morris Jobke <hey@morrisjobke.de>
  14.  * @author Robin Appelman <robin@icewind.nl>
  15.  * @author Roeland Jago Douma <roeland@famdouma.nl>
  16.  * @author Scott Shambarger <devel@shambarger.net>
  17.  *
  18.  * @license AGPL-3.0
  19.  *
  20.  * This code is free software: you can redistribute it and/or modify
  21.  * it under the terms of the GNU Affero General Public License, version 3,
  22.  * as published by the Free Software Foundation.
  23.  *
  24.  * This program is distributed in the hope that it will be useful,
  25.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  26.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  27.  * GNU Affero General Public License for more details.
  28.  *
  29.  * You should have received a copy of the GNU Affero General Public License, version 3,
  30.  * along with this program. If not, see <http://www.gnu.org/licenses/>
  31.  *
  32.  */
  33. 

  34. namespace OC\Http\Client;
  35. 

  36. use GuzzleHttp\Client as GuzzleClient;
  37. use GuzzleHttp\RequestOptions;
  38. use OCP\Http\Client\IClient;
  39. use OCP\Http\Client\IResponse;
  40. use OCP\Http\Client\LocalServerException;
  41. use OCP\ICertificateManager;
  42. use OCP\IConfig;
  43. use OCP\ILogger;
  44. 

  45. /**
  46.  * Class Client
  47.  *
  48.  * @package OC\Http
  49.  */
  50. class Client implements IClient {
  51. 	/** @var GuzzleClient */
  52. 	private $client;
  53. 	/** @var IConfig */
  54. 	private $config;
  55. 	/** @var ILogger */
  56. 	private $logger;
  57. 	/** @var ICertificateManager */
  58. 	private $certificateManager;
  59. 

  60. 	public function __construct(
  61. 		IConfig $config,
  62. 		ILogger $logger,
  63. 		ICertificateManager $certificateManager,
  64. 		GuzzleClient $client
  65. 	) {
  66. 		$this->config = $config;
  67. 		$this->logger = $logger;
  68. 		$this->client = $client;
  69. 		$this->certificateManager = $certificateManager;
  70. 	}
  71. 

  72. 	private function buildRequestOptions(array $options): array {
  73. 		$proxy = $this->getProxyUri();
  74. 

  75. 		$defaults = [
  76. 			RequestOptions::VERIFY => $this->getCertBundle(),
  77. 			RequestOptions::TIMEOUT => 30,
  78. 		];
  79. 

  80. 		// Only add RequestOptions::PROXY if Nextcloud is explicitly

  81. 		// configured to use a proxy. This is needed in order not to override

  82. 		// Guzzle default values.

  83. 		if ($proxy !== null) {
  84. 			$defaults[RequestOptions::PROXY] = $proxy;
  85. 		}
  86. 

  87. 		$options = array_merge($defaults, $options);
  88. 

  89. 		if (!isset($options[RequestOptions::HEADERS]['User-Agent'])) {
  90. 			$options[RequestOptions::HEADERS]['User-Agent'] = 'Nextcloud Server Crawler';
  91. 		}
  92. 

  93. 		if (!isset($options[RequestOptions::HEADERS]['Accept-Encoding'])) {
  94. 			$options[RequestOptions::HEADERS]['Accept-Encoding'] = 'gzip';
  95. 		}
  96. 

  97. 		return $options;
  98. 	}
  99. 

  100. 	private function getCertBundle(): string {
  101. 		// If the instance is not yet setup we need to use the static path as

  102. 		// $this->certificateManager->getAbsoluteBundlePath() tries to instantiiate

  103. 		// a view

  104. 		if ($this->config->getSystemValue('installed', false) === false) {
  105. 			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
  106. 		}
  107. 

  108. 		if ($this->certificateManager->listCertificates() === []) {
  109. 			return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
  110. 		}
  111. 

  112. 		return $this->certificateManager->getAbsoluteBundlePath();
  113. 	}
  114. 

  115. 	/**
  116. 	 * Returns a null or an associative array specifiying the proxy URI for
  117. 	 * 'http' and 'https' schemes, in addition to a 'no' key value pair
  118. 	 * providing a list of host names that should not be proxied to.
  119. 	 *
  120. 	 * @return array|null
  121. 	 *
  122. 	 * The return array looks like:
  123. 	 * [
  124. 	 *   'http' => 'username:password@proxy.example.com',
  125. 	 *   'https' => 'username:password@proxy.example.com',
  126. 	 *   'no' => ['foo.com', 'bar.com']
  127. 	 * ]
  128. 	 *
  129. 	 */
  130. 	private function getProxyUri(): ?array {
  131. 		$proxyHost = $this->config->getSystemValue('proxy', '');
  132. 

  133. 		if ($proxyHost === '' || $proxyHost === null) {
  134. 			return null;
  135. 		}
  136. 

  137. 		$proxyUserPwd = $this->config->getSystemValue('proxyuserpwd', '');
  138. 		if ($proxyUserPwd !== '' && $proxyUserPwd !== null) {
  139. 			$proxyHost = $proxyUserPwd . '@' . $proxyHost;
  140. 		}
  141. 

  142. 		$proxy = [
  143. 			'http' => $proxyHost,
  144. 			'https' => $proxyHost,
  145. 		];
  146. 

  147. 		$proxyExclude = $this->config->getSystemValue('proxyexclude', []);
  148. 		if ($proxyExclude !== [] && $proxyExclude !== null) {
  149. 			$proxy['no'] = $proxyExclude;
  150. 		}
  151. 

  152. 		return $proxy;
  153. 	}
  154. 

  155. 	protected function preventLocalAddress(string $uri, array $options): void {
  156. 		if (($options['nextcloud']['allow_local_address'] ?? false) ||
  157. 			$this->config->getSystemValueBool('allow_local_remote_servers', false)) {
  158. 			return;
  159. 		}
  160. 

  161. 		$host = parse_url($uri, PHP_URL_HOST);
  162. 		if ($host === false || $host === null) {
  163. 			$this->logger->warning("Could not detect any host in $uri");
  164. 			throw new LocalServerException('Could not detect any host');
  165. 		}
  166. 

  167. 		$host = strtolower($host);
  168. 		// remove brackets from IPv6 addresses

  169. 		if (strpos($host, '[') === 0 && substr($host, -1) === ']') {
  170. 			$host = substr($host, 1, -1);
  171. 		}
  172. 

  173. 		// Disallow localhost and local network

  174. 		if ($host === 'localhost' || substr($host, -6) === '.local' || substr($host, -10) === '.localhost') {
  175. 			$this->logger->warning("Host $host was not connected to because it violates local access rules");
  176. 			throw new LocalServerException('Host violates local access rules');
  177. 		}
  178. 

  179. 		// Disallow hostname only

  180. 		if (substr_count($host, '.') === 0) {
  181. 			$this->logger->warning("Host $host was not connected to because it violates local access rules");
  182. 			throw new LocalServerException('Host violates local access rules');
  183. 		}
  184. 

  185. 		if ((bool)filter_var($host, FILTER_VALIDATE_IP) && !filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
  186. 			$this->logger->warning("Host $host was not connected to because it violates local access rules");
  187. 			throw new LocalServerException('Host violates local access rules');
  188. 		}
  189. 

  190. 		// Also check for IPv6 IPv4 nesting, because that's not covered by filter_var

  191. 		if ((bool)filter_var($host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && substr_count($host, '.') > 0) {
  192. 			$delimiter = strrpos($host, ':'); // Get last colon

  193. 			$ipv4Address = substr($host, $delimiter + 1);
  194. 

  195. 			if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
  196. 				$this->logger->warning("Host $host was not connected to because it violates local access rules");
  197. 				throw new LocalServerException('Host violates local access rules');
  198. 			}
  199. 		}
  200. 	}
  201. 

  202. 	/**
  203. 	 * Sends a GET request
  204. 	 *
  205. 	 * @param string $uri
  206. 	 * @param array $options Array such as
  207. 	 *              'query' => [
  208. 	 *                  'field' => 'abc',
  209. 	 *                  'other_field' => '123',
  210. 	 *                  'file_name' => fopen('/path/to/file', 'r'),
  211. 	 *              ],
  212. 	 *              'headers' => [
  213. 	 *                  'foo' => 'bar',
  214. 	 *              ],
  215. 	 *              'cookies' => ['
  216. 	 *                  'foo' => 'bar',
  217. 	 *              ],
  218. 	 *              'allow_redirects' => [
  219. 	 *                   'max'       => 10,  // allow at most 10 redirects.

  220. 	 *                   'strict'    => true,     // use "strict" RFC compliant redirects.

  221. 	 *                   'referer'   => true,     // add a Referer header

  222. 	 *                   'protocols' => ['https'] // only allow https URLs

  223. 	 *              ],
  224. 	 *              'save_to' => '/path/to/file', // save to a file or a stream

  225. 	 *              'verify' => true, // bool or string to CA file

  226. 	 *              'debug' => true,
  227. 	 *              'timeout' => 5,
  228. 	 * @return IResponse
  229. 	 * @throws \Exception If the request could not get completed
  230. 	 */
  231. 	public function get(string $uri, array $options = []): IResponse {
  232. 		$this->preventLocalAddress($uri, $options);
  233. 		$response = $this->client->request('get', $uri, $this->buildRequestOptions($options));
  234. 		$isStream = isset($options['stream']) && $options['stream'];
  235. 		return new Response($response, $isStream);
  236. 	}
  237. 

  238. 	/**
  239. 	 * Sends a HEAD request
  240. 	 *
  241. 	 * @param string $uri
  242. 	 * @param array $options Array such as
  243. 	 *              'headers' => [
  244. 	 *                  'foo' => 'bar',
  245. 	 *              ],
  246. 	 *              'cookies' => ['
  247. 	 *                  'foo' => 'bar',
  248. 	 *              ],
  249. 	 *              'allow_redirects' => [
  250. 	 *                   'max'       => 10,  // allow at most 10 redirects.

  251. 	 *                   'strict'    => true,     // use "strict" RFC compliant redirects.

  252. 	 *                   'referer'   => true,     // add a Referer header

  253. 	 *                   'protocols' => ['https'] // only allow https URLs

  254. 	 *              ],
  255. 	 *              'save_to' => '/path/to/file', // save to a file or a stream

  256. 	 *              'verify' => true, // bool or string to CA file

  257. 	 *              'debug' => true,
  258. 	 *              'timeout' => 5,
  259. 	 * @return IResponse
  260. 	 * @throws \Exception If the request could not get completed
  261. 	 */
  262. 	public function head(string $uri, array $options = []): IResponse {
  263. 		$this->preventLocalAddress($uri, $options);
  264. 		$response = $this->client->request('head', $uri, $this->buildRequestOptions($options));
  265. 		return new Response($response);
  266. 	}
  267. 

  268. 	/**
  269. 	 * Sends a POST request
  270. 	 *
  271. 	 * @param string $uri
  272. 	 * @param array $options Array such as
  273. 	 *              'body' => [
  274. 	 *                  'field' => 'abc',
  275. 	 *                  'other_field' => '123',
  276. 	 *                  'file_name' => fopen('/path/to/file', 'r'),
  277. 	 *              ],
  278. 	 *              'headers' => [
  279. 	 *                  'foo' => 'bar',
  280. 	 *              ],
  281. 	 *              'cookies' => ['
  282. 	 *                  'foo' => 'bar',
  283. 	 *              ],
  284. 	 *              'allow_redirects' => [
  285. 	 *                   'max'       => 10,  // allow at most 10 redirects.

  286. 	 *                   'strict'    => true,     // use "strict" RFC compliant redirects.

  287. 	 *                   'referer'   => true,     // add a Referer header

  288. 	 *                   'protocols' => ['https'] // only allow https URLs

  289. 	 *              ],
  290. 	 *              'save_to' => '/path/to/file', // save to a file or a stream

  291. 	 *              'verify' => true, // bool or string to CA file

  292. 	 *              'debug' => true,
  293. 	 *              'timeout' => 5,
  294. 	 * @return IResponse
  295. 	 * @throws \Exception If the request could not get completed
  296. 	 */
  297. 	public function post(string $uri, array $options = []): IResponse {
  298. 		$this->preventLocalAddress($uri, $options);
  299. 

  300. 		if (isset($options['body']) && is_array($options['body'])) {
  301. 			$options['form_params'] = $options['body'];
  302. 			unset($options['body']);
  303. 		}
  304. 		$response = $this->client->request('post', $uri, $this->buildRequestOptions($options));
  305. 		return new Response($response);
  306. 	}
  307. 

  308. 	/**
  309. 	 * Sends a PUT request
  310. 	 *
  311. 	 * @param string $uri
  312. 	 * @param array $options Array such as
  313. 	 *              'body' => [
  314. 	 *                  'field' => 'abc',
  315. 	 *                  'other_field' => '123',
  316. 	 *                  'file_name' => fopen('/path/to/file', 'r'),
  317. 	 *              ],
  318. 	 *              'headers' => [
  319. 	 *                  'foo' => 'bar',
  320. 	 *              ],
  321. 	 *              'cookies' => ['
  322. 	 *                  'foo' => 'bar',
  323. 	 *              ],
  324. 	 *              'allow_redirects' => [
  325. 	 *                   'max'       => 10,  // allow at most 10 redirects.

  326. 	 *                   'strict'    => true,     // use "strict" RFC compliant redirects.

  327. 	 *                   'referer'   => true,     // add a Referer header

  328. 	 *                   'protocols' => ['https'] // only allow https URLs

  329. 	 *              ],
  330. 	 *              'save_to' => '/path/to/file', // save to a file or a stream

  331. 	 *              'verify' => true, // bool or string to CA file

  332. 	 *              'debug' => true,
  333. 	 *              'timeout' => 5,
  334. 	 * @return IResponse
  335. 	 * @throws \Exception If the request could not get completed
  336. 	 */
  337. 	public function put(string $uri, array $options = []): IResponse {
  338. 		$this->preventLocalAddress($uri, $options);
  339. 		$response = $this->client->request('put', $uri, $this->buildRequestOptions($options));
  340. 		return new Response($response);
  341. 	}
  342. 

  343. 	/**
  344. 	 * Sends a DELETE request
  345. 	 *
  346. 	 * @param string $uri
  347. 	 * @param array $options Array such as
  348. 	 *              'body' => [
  349. 	 *                  'field' => 'abc',
  350. 	 *                  'other_field' => '123',
  351. 	 *                  'file_name' => fopen('/path/to/file', 'r'),
  352. 	 *              ],
  353. 	 *              'headers' => [
  354. 	 *                  'foo' => 'bar',
  355. 	 *              ],
  356. 	 *              'cookies' => ['
  357. 	 *                  'foo' => 'bar',
  358. 	 *              ],
  359. 	 *              'allow_redirects' => [
  360. 	 *                   'max'       => 10,  // allow at most 10 redirects.

  361. 	 *                   'strict'    => true,     // use "strict" RFC compliant redirects.

  362. 	 *                   'referer'   => true,     // add a Referer header

  363. 	 *                   'protocols' => ['https'] // only allow https URLs

  364. 	 *              ],
  365. 	 *              'save_to' => '/path/to/file', // save to a file or a stream

  366. 	 *              'verify' => true, // bool or string to CA file

  367. 	 *              'debug' => true,
  368. 	 *              'timeout' => 5,
  369. 	 * @return IResponse
  370. 	 * @throws \Exception If the request could not get completed
  371. 	 */
  372. 	public function delete(string $uri, array $options = []): IResponse {
  373. 		$this->preventLocalAddress($uri, $options);
  374. 		$response = $this->client->request('delete', $uri, $this->buildRequestOptions($options));
  375. 		return new Response($response);
  376. 	}
  377. 

  378. 	/**
  379. 	 * Sends a options request
  380. 	 *
  381. 	 * @param string $uri
  382. 	 * @param array $options Array such as
  383. 	 *              'body' => [
  384. 	 *                  'field' => 'abc',
  385. 	 *                  'other_field' => '123',
  386. 	 *                  'file_name' => fopen('/path/to/file', 'r'),
  387. 	 *              ],
  388. 	 *              'headers' => [
  389. 	 *                  'foo' => 'bar',
  390. 	 *              ],
  391. 	 *              'cookies' => ['
  392. 	 *                  'foo' => 'bar',
  393. 	 *              ],
  394. 	 *              'allow_redirects' => [
  395. 	 *                   'max'       => 10,  // allow at most 10 redirects.

  396. 	 *                   'strict'    => true,     // use "strict" RFC compliant redirects.

  397. 	 *                   'referer'   => true,     // add a Referer header

  398. 	 *                   'protocols' => ['https'] // only allow https URLs

  399. 	 *              ],
  400. 	 *              'save_to' => '/path/to/file', // save to a file or a stream

  401. 	 *              'verify' => true, // bool or string to CA file

  402. 	 *              'debug' => true,
  403. 	 *              'timeout' => 5,
  404. 	 * @return IResponse
  405. 	 * @throws \Exception If the request could not get completed
  406. 	 */
  407. 	public function options(string $uri, array $options = []): IResponse {
  408. 		$this->preventLocalAddress($uri, $options);
  409. 		$response = $this->client->request('options', $uri, $this->buildRequestOptions($options));
  410. 		return new Response($response);
  411. 	}
  412. }