diff options
Diffstat (limited to 'lib/private/Http/Client')
| -rw-r--r-- | lib/private/Http/Client/Client.php | 622 | ||||
| -rw-r--r-- | lib/private/Http/Client/ClientService.php | 26 | ||||
| -rw-r--r-- | lib/private/Http/Client/DnsPinMiddleware.php | 52 | ||||
| -rw-r--r-- | lib/private/Http/Client/GuzzlePromiseAdapter.php | 23 | ||||
| -rw-r--r-- | lib/private/Http/Client/NegativeDnsCache.php | 26 | ||||
| -rw-r--r-- | lib/private/Http/Client/Response.php | 63 |
6 files changed, 380 insertions, 432 deletions
diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php index 3bf43e6c07e..553a8921a80 100644 --- a/lib/private/Http/Client/Client.php +++ b/lib/private/Http/Client/Client.php @@ -1,35 +1,10 @@ <?php declare(strict_types=1); - /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Carlos Ferreira <carlos@reendex.com> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Kesselberg <mail@danielkesselberg.de> - * @author Joas Schilling <coding@schilljs.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Mohammed Abdellatif <m.latief@gmail.com> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Scott Shambarger <devel@shambarger.net> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Http\Client; @@ -78,7 +53,7 @@ class Client implements IClient { $defaults = [ RequestOptions::VERIFY => $this->getCertBundle(), - RequestOptions::TIMEOUT => 30, + RequestOptions::TIMEOUT => IClient::DEFAULT_REQUEST_TIMEOUT, ]; $options['nextcloud']['allow_local_address'] = $this->isLocalAddressAllowed($options); @@ -86,7 +61,7 @@ class Client implements IClient { $onRedirectFunction = function ( \Psr\Http\Message\RequestInterface $request, \Psr\Http\Message\ResponseInterface $response, - \Psr\Http\Message\UriInterface $uri + \Psr\Http\Message\UriInterface $uri, ) use ($options) { $this->preventLocalAddress($uri->__toString(), $options); }; @@ -174,8 +149,8 @@ class Client implements IClient { } private function isLocalAddressAllowed(array $options) : bool { - if (($options['nextcloud']['allow_local_address'] ?? false) || - $this->config->getSystemValueBool('allow_local_remote_servers', false)) { + if (($options['nextcloud']['allow_local_address'] ?? false) + || $this->config->getSystemValueBool('allow_local_remote_servers', false)) { return true; } @@ -183,16 +158,17 @@ class Client implements IClient { } protected function preventLocalAddress(string $uri, array $options): void { - if ($this->isLocalAddressAllowed($options)) { - return; - } - $host = parse_url($uri, PHP_URL_HOST); if ($host === false || $host === null) { throw new LocalServerException('Could not detect any host'); } + + if ($this->isLocalAddressAllowed($options)) { + return; + } + if (!$this->remoteHostValidator->isValid($host)) { - throw new LocalServerException('Host violates local access rules'); + throw new LocalServerException('Host "' . $host . '" violates local access rules'); } } @@ -201,27 +177,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'query' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'query' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IResponse * @throws \Exception If the request could not get completed */ @@ -237,22 +213,22 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IResponse * @throws \Exception If the request could not get completed */ @@ -267,27 +243,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IResponse * @throws \Exception If the request could not get completed */ @@ -308,27 +284,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IResponse * @throws \Exception If the request could not get completed */ @@ -339,31 +315,66 @@ class Client implements IClient { } /** + * Sends a PATCH request + * + * @param string $uri + * @param array $options Array such as + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, + * @return IResponse + * @throws \Exception If the request could not get completed + */ + public function patch(string $uri, array $options = []): IResponse { + $this->preventLocalAddress($uri, $options); + $response = $this->client->request('patch', $uri, $this->buildRequestOptions($options)); + return new Response($response); + } + + /** * Sends a DELETE request * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IResponse * @throws \Exception If the request could not get completed */ @@ -378,27 +389,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IResponse * @throws \Exception If the request could not get completed */ @@ -408,6 +419,59 @@ class Client implements IClient { return new Response($response); } + /** + * Get the response of a Throwable thrown by the request methods when possible + * + * @param \Throwable $e + * @return IResponse + * @throws \Throwable When $e did not have a response + * @since 29.0.0 + */ + public function getResponseFromThrowable(\Throwable $e): IResponse { + if (method_exists($e, 'hasResponse') && method_exists($e, 'getResponse') && $e->hasResponse()) { + return new Response($e->getResponse()); + } + + throw $e; + } + + /** + * Sends a HTTP request + * + * @param string $method The HTTP method to use + * @param string $uri + * @param array $options Array such as + * 'query' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, + * @return IResponse + * @throws \Exception If the request could not get completed + */ + public function request(string $method, string $uri, array $options = []): IResponse { + $this->preventLocalAddress($uri, $options); + $response = $this->client->request($method, $uri, $this->buildRequestOptions($options)); + $isStream = isset($options['stream']) && $options['stream']; + return new Response($response, $isStream); + } + protected function wrapGuzzlePromise(PromiseInterface $promise): IPromise { return new GuzzlePromiseAdapter( $promise, @@ -420,27 +484,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'query' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'query' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IPromise */ public function getAsync(string $uri, array $options = []): IPromise { @@ -454,22 +518,22 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IPromise */ public function headAsync(string $uri, array $options = []): IPromise { @@ -483,27 +547,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IPromise */ public function postAsync(string $uri, array $options = []): IPromise { @@ -522,27 +586,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IPromise */ public function putAsync(string $uri, array $options = []): IPromise { @@ -556,27 +620,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IPromise */ public function deleteAsync(string $uri, array $options = []): IPromise { @@ -590,27 +654,27 @@ class Client implements IClient { * * @param string $uri * @param array $options Array such as - * 'body' => [ - * 'field' => 'abc', - * 'other_field' => '123', - * 'file_name' => fopen('/path/to/file', 'r'), - * ], - * 'headers' => [ - * 'foo' => 'bar', - * ], - * 'cookies' => [ - * 'foo' => 'bar', - * ], - * 'allow_redirects' => [ - * 'max' => 10, // allow at most 10 redirects. - * 'strict' => true, // use "strict" RFC compliant redirects. - * 'referer' => true, // add a Referer header - * 'protocols' => ['https'] // only allow https URLs - * ], - * 'sink' => '/path/to/file', // save to a file or a stream - * 'verify' => true, // bool or string to CA file - * 'debug' => true, - * 'timeout' => 5, + * 'body' => [ + * 'field' => 'abc', + * 'other_field' => '123', + * 'file_name' => fopen('/path/to/file', 'r'), + * ], + * 'headers' => [ + * 'foo' => 'bar', + * ], + * 'cookies' => [ + * 'foo' => 'bar', + * ], + * 'allow_redirects' => [ + * 'max' => 10, // allow at most 10 redirects. + * 'strict' => true, // use "strict" RFC compliant redirects. + * 'referer' => true, // add a Referer header + * 'protocols' => ['https'] // only allow https URLs + * ], + * 'sink' => '/path/to/file', // save to a file or a stream + * 'verify' => true, // bool or string to CA file + * 'debug' => true, + * 'timeout' => 5, * @return IPromise */ public function optionsAsync(string $uri, array $options = []): IPromise { diff --git a/lib/private/Http/Client/ClientService.php b/lib/private/Http/Client/ClientService.php index 66f84e14c57..b719f3d369d 100644 --- a/lib/private/Http/Client/ClientService.php +++ b/lib/private/Http/Client/ClientService.php @@ -1,28 +1,10 @@ <?php declare(strict_types=1); - /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Joas Schilling <coding@schilljs.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Http\Client; @@ -79,7 +61,7 @@ class ClientService implements IClientService { $stack->push($this->dnsPinMiddleware->addDnsPinning()); } $stack->push(Middleware::tap(function (RequestInterface $request) { - $this->eventLogger->start('http:request', $request->getMethod() . " request to " . $request->getRequestTarget()); + $this->eventLogger->start('http:request', $request->getMethod() . ' request to ' . $request->getRequestTarget()); }, function () { $this->eventLogger->end('http:request'); }), 'event logger'); diff --git a/lib/private/Http/Client/DnsPinMiddleware.php b/lib/private/Http/Client/DnsPinMiddleware.php index aecccc6ce97..96e0f71adbe 100644 --- a/lib/private/Http/Client/DnsPinMiddleware.php +++ b/lib/private/Http/Client/DnsPinMiddleware.php @@ -3,25 +3,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2021, Lukas Reschke <lukas@statuscode.ch> - * - * @author Lukas Reschke <lukas@statuscode.ch> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Http\Client; @@ -30,23 +13,15 @@ use OCP\Http\Client\LocalServerException; use Psr\Http\Message\RequestInterface; class DnsPinMiddleware { - /** @var NegativeDnsCache */ - private $negativeDnsCache; - private IpAddressClassifier $ipAddressClassifier; public function __construct( - NegativeDnsCache $negativeDnsCache, - IpAddressClassifier $ipAddressClassifier + private NegativeDnsCache $negativeDnsCache, + private IpAddressClassifier $ipAddressClassifier, ) { - $this->negativeDnsCache = $negativeDnsCache; - $this->ipAddressClassifier = $ipAddressClassifier; } /** * Fetch soa record for a target - * - * @param string $target - * @return array|null */ private function soaRecord(string $target): ?array { $labels = explode('.', $target); @@ -74,15 +49,21 @@ class DnsPinMiddleware { $soaDnsEntry = $this->soaRecord($target); $dnsNegativeTtl = $soaDnsEntry['minimum-ttl'] ?? null; + $canHaveCnameRecord = true; - $dnsTypes = [DNS_A, DNS_AAAA, DNS_CNAME]; + $dnsTypes = \defined('AF_INET6') || @inet_pton('::1') + ? [DNS_A, DNS_AAAA, DNS_CNAME] + : [DNS_A, DNS_CNAME]; foreach ($dnsTypes as $dnsType) { + if ($canHaveCnameRecord === false && $dnsType === DNS_CNAME) { + continue; + } + if ($this->negativeDnsCache->isNegativeCached($target, $dnsType)) { continue; } $dnsResponses = $this->dnsGetRecord($target, $dnsType); - $canHaveCnameRecord = true; if ($dnsResponses !== false && count($dnsResponses) > 0) { foreach ($dnsResponses as $dnsResponse) { if (isset($dnsResponse['ip'])) { @@ -93,7 +74,6 @@ class DnsPinMiddleware { $canHaveCnameRecord = false; } elseif (isset($dnsResponse['target']) && $canHaveCnameRecord) { $targetIps = array_merge($targetIps, $this->dnsResolve($dnsResponse['target'], $recursionCount)); - $canHaveCnameRecord = true; } } } elseif ($dnsNegativeTtl !== null) { @@ -111,17 +91,17 @@ class DnsPinMiddleware { return \dns_get_record($hostname, $type); } - public function addDnsPinning() { + public function addDnsPinning(): callable { return function (callable $handler) { return function ( RequestInterface $request, - array $options + array $options, ) use ($handler) { if ($options['nextcloud']['allow_local_address'] === true) { return $handler($request, $options); } - $hostName = (string)$request->getUri()->getHost(); + $hostName = $request->getUri()->getHost(); $port = $request->getUri()->getPort(); $ports = [ @@ -147,7 +127,7 @@ class DnsPinMiddleware { foreach ($targetIps as $ip) { if ($this->ipAddressClassifier->isLocalAddress($ip)) { // TODO: continue with all non-local IPs? - throw new LocalServerException('Host violates local access rules'); + throw new LocalServerException('Host "' . $ip . '" (' . $hostName . ':' . $port . ') violates local access rules'); } $curlResolves["$hostName:$port"][] = $ip; } diff --git a/lib/private/Http/Client/GuzzlePromiseAdapter.php b/lib/private/Http/Client/GuzzlePromiseAdapter.php index 9d0b89bfd17..03a9ed9a599 100644 --- a/lib/private/Http/Client/GuzzlePromiseAdapter.php +++ b/lib/private/Http/Client/GuzzlePromiseAdapter.php @@ -3,23 +3,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2023, Joas Schilling <coding@schilljs.com> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Http\Client; @@ -51,7 +36,7 @@ class GuzzlePromiseAdapter implements IPromise { * a new promise resolving to the return value of the called handler. * * @param ?callable(IResponse): void $onFulfilled Invoked when the promise fulfills. Gets an \OCP\Http\Client\IResponse passed in as argument - * @param ?callable(Exception): void $onRejected Invoked when the promise is rejected. Gets an \Exception passed in as argument + * @param ?callable(Exception): void $onRejected Invoked when the promise is rejected. Gets an \Exception passed in as argument * * @return IPromise * @since 28.0.0 @@ -130,7 +115,7 @@ class GuzzlePromiseAdapter implements IPromise { * @return mixed * * @throws LogicException if the promise has no wait function or if the - * promise does not settle after waiting. + * promise does not settle after waiting. * @since 28.0.0 */ public function wait(bool $unwrap = true): mixed { diff --git a/lib/private/Http/Client/NegativeDnsCache.php b/lib/private/Http/Client/NegativeDnsCache.php index 6c7585b11e3..ca8a477d6be 100644 --- a/lib/private/Http/Client/NegativeDnsCache.php +++ b/lib/private/Http/Client/NegativeDnsCache.php @@ -3,26 +3,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2021, Lukas Reschke <lukas@statuscode.ch> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Lukas Reschke <lukas@statuscode.ch> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Http\Client; @@ -38,11 +20,11 @@ class NegativeDnsCache { } private function createCacheKey(string $domain, int $type) : string { - return $domain . "-" . (string)$type; + return $domain . '-' . (string)$type; } public function setNegativeCacheForDnsType(string $domain, int $type, int $ttl) : void { - $this->cache->set($this->createCacheKey($domain, $type), "true", $ttl); + $this->cache->set($this->createCacheKey($domain, $type), 'true', $ttl); } public function isNegativeCached(string $domain, int $type) : bool { diff --git a/lib/private/Http/Client/Response.php b/lib/private/Http/Client/Response.php index 054c902fcc5..1e4cb3b8fa2 100644 --- a/lib/private/Http/Client/Response.php +++ b/lib/private/Http/Client/Response.php @@ -1,77 +1,35 @@ <?php declare(strict_types=1); - /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Http\Client; use OCP\Http\Client\IResponse; use Psr\Http\Message\ResponseInterface; -/** - * Class Response - * - * @package OC\Http - */ class Response implements IResponse { - /** @var ResponseInterface */ - private $response; - - /** - * @var bool - */ - private $stream; + private ResponseInterface $response; + private bool $stream; - /** - * @param ResponseInterface $response - * @param bool $stream - */ - public function __construct(ResponseInterface $response, $stream = false) { + public function __construct(ResponseInterface $response, bool $stream = false) { $this->response = $response; $this->stream = $stream; } - /** - * @return string|resource - */ public function getBody() { - return $this->stream ? - $this->response->getBody()->detach(): - $this->response->getBody()->getContents(); + return $this->stream + ? $this->response->getBody()->detach() + :$this->response->getBody()->getContents(); } - /** - * @return int - */ public function getStatusCode(): int { return $this->response->getStatusCode(); } - /** - * @param string $key - * @return string - */ public function getHeader(string $key): string { $headers = $this->response->getHeader($key); @@ -82,9 +40,6 @@ class Response implements IResponse { return $headers[0]; } - /** - * @return array - */ public function getHeaders(): array { return $this->response->getHeaders(); } |