Home Explore Help
Register Sign In
TooEasy
/
backend-php
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a045b47262
Branches Tags
backend-php
/
middlewares
/
CorsMiddleware.php

CorsMiddleware.php 2.5 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. <?php
    2. 

  2. 

  3. namespace Middlewares;
    4. 

  4. 

  5. use Psr\Http\Message\ResponseInterface;
    6. 

  6. use Psr\Http\Message\ServerRequestInterface;
    7. 

  7. use React\Http\Message\Response;
    8. 

  8. use React\Promise\PromiseInterface;
    9. 

  9. 

  10. class CorsMiddleware
    11. 

  11. {
    12. 

  12.     private ?string $forcedOrigin;
    13. 

  13. 

  14.     public function __construct()
    15. 

  15.     {
    16. 

  16.         $origin = $_ENV['CORS_ALLOWED_ORIGIN'] ?? '';
    17. 

  17.         $this->forcedOrigin = $origin !== '' ? $origin : null;
    18. 

  18.     }
    19. 

  19. 

  20.     public function __invoke(ServerRequestInterface $request, callable $next)
    21. 

  21.     {
    22. 

  22.         $origin = $this->resolveOrigin($request);
    23. 

  23. 

  24.         if (strtoupper($request->getMethod()) === 'OPTIONS') {
    25. 

  25.             return $this->preflightResponse($origin);
    26. 

  26.         }
    27. 

  27. 

  28.         $response = $next($request);
    29. 

  29. 

  30.         return $this->decorateResponse($response, $origin);
    31. 

  31.     }
    32. 

  32. 

  33.     /**
    34. 

  34.      * @param ResponseInterface|PromiseInterface $response
    35. 

  35.      * @return ResponseInterface|PromiseInterface
    36. 

  36.      */
    37. 

  37.     private function decorateResponse($response, string $origin)
    38. 

  38.     {
    39. 

  39.         if ($response instanceof PromiseInterface) {
    40. 

  40.             return $response->then(function ($actual) use ($origin) {
    41. 

  41.                 return $this->decorateResponse($actual, $origin);
    42. 

  42.             });
    43. 

  43.         }
    44. 

  44. 

  45.         if ($response instanceof ResponseInterface) {
    46. 

  46.             return $this->applyHeaders($response, $origin);
    47. 

  47.         }
    48. 

  48. 

  49.         return $response;
    50. 

  50.     }
    51. 

  51. 

  52.     private function preflightResponse(string $origin): ResponseInterface
    53. 

  53.     {
    54. 

  54.         return $this->applyHeaders(
    55. 

  55.             Response::plaintext('')->withStatus(204),
    56. 

  56.             $origin
    57. 

  57.         );
    58. 

  58.     }
    59. 

  59. 

  60.     private function applyHeaders(ResponseInterface $response, string $origin): ResponseInterface
    61. 

  61.     {
    62. 

  62.         $response = $response
    63. 

  63.             ->withHeader('Access-Control-Allow-Origin', $origin)
    64. 

  64.             ->withHeader('Access-Control-Allow-Methods', 'GET,POST,OPTIONS')
    65. 

  65.             ->withHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization')
    66. 

  66.             ->withHeader('Access-Control-Max-Age', '86400')
    67. 

  67.             ->withHeader('Vary', 'Origin');
    68. 

  68. 

  69.         if ($origin !== '*') {
    70. 

  70.             $response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
    71. 

  71.         }
    72. 

  72. 

  73.         return $response;
    74. 

  74.     }
    75. 

  75. 

  76.     private function resolveOrigin(ServerRequestInterface $request): string
    77. 

  77.     {
    78. 

  78.         if ($this->forcedOrigin !== null) {
    79. 

  79.             return $this->forcedOrigin;
    80. 

  80.         }
    81. 

  81. 

  82.         $origin = $request->getHeaderLine('Origin');
    83. 

  83.         return $origin !== '' ? $origin : '*';
    84. 

  84.     }
    85. 

  85. }
    86.