aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public/AppFramework/Http/Attribute
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public/AppFramework/Http/Attribute')
-rw-r--r--lib/public/AppFramework/Http/Attribute/ARateLimit.php2
-rw-r--r--lib/public/AppFramework/Http/Attribute/AppApiAdminAccessWithoutUser.php21
-rw-r--r--lib/public/AppFramework/Http/Attribute/AuthorizedAdminSetting.php2
-rw-r--r--lib/public/AppFramework/Http/Attribute/BruteForceProtection.php2
-rw-r--r--lib/public/AppFramework/Http/Attribute/CORS.php4
-rw-r--r--lib/public/AppFramework/Http/Attribute/OpenAPI.php10
-rw-r--r--lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php17
-rw-r--r--lib/public/AppFramework/Http/Attribute/RequestHeader.php34
8 files changed, 84 insertions, 8 deletions
diff --git a/lib/public/AppFramework/Http/Attribute/ARateLimit.php b/lib/public/AppFramework/Http/Attribute/ARateLimit.php
index d92fcae1ae1..c06b1180ae3 100644
--- a/lib/public/AppFramework/Http/Attribute/ARateLimit.php
+++ b/lib/public/AppFramework/Http/Attribute/ARateLimit.php
@@ -17,6 +17,8 @@ namespace OCP\AppFramework\Http\Attribute;
*/
abstract class ARateLimit {
/**
+ * @param int $limit The maximum number of requests that can be made in the given period in seconds.
+ * @param int $period The time period in seconds.
* @since 27.0.0
*/
public function __construct(
diff --git a/lib/public/AppFramework/Http/Attribute/AppApiAdminAccessWithoutUser.php b/lib/public/AppFramework/Http/Attribute/AppApiAdminAccessWithoutUser.php
new file mode 100644
index 00000000000..6b78fee41af
--- /dev/null
+++ b/lib/public/AppFramework/Http/Attribute/AppApiAdminAccessWithoutUser.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCP\AppFramework\Http\Attribute;
+
+use Attribute;
+
+/**
+ * Attribute for (sub)administrator controller methods that allow access for ExApps when the User is not set.
+ *
+ * @since 30.0.0
+ */
+#[Attribute]
+class AppApiAdminAccessWithoutUser {
+}
diff --git a/lib/public/AppFramework/Http/Attribute/AuthorizedAdminSetting.php b/lib/public/AppFramework/Http/Attribute/AuthorizedAdminSetting.php
index e81f195b298..83101143fc9 100644
--- a/lib/public/AppFramework/Http/Attribute/AuthorizedAdminSetting.php
+++ b/lib/public/AppFramework/Http/Attribute/AuthorizedAdminSetting.php
@@ -25,7 +25,7 @@ class AuthorizedAdminSetting {
* @since 27.0.0
*/
public function __construct(
- protected string $settings
+ protected string $settings,
) {
}
diff --git a/lib/public/AppFramework/Http/Attribute/BruteForceProtection.php b/lib/public/AppFramework/Http/Attribute/BruteForceProtection.php
index 9fd97cdc3ed..0fc1a3b9b6d 100644
--- a/lib/public/AppFramework/Http/Attribute/BruteForceProtection.php
+++ b/lib/public/AppFramework/Http/Attribute/BruteForceProtection.php
@@ -23,7 +23,7 @@ class BruteForceProtection {
* @since 27.0.0
*/
public function __construct(
- protected string $action
+ protected string $action,
) {
}
diff --git a/lib/public/AppFramework/Http/Attribute/CORS.php b/lib/public/AppFramework/Http/Attribute/CORS.php
index 2c3eac362cf..ff639635635 100644
--- a/lib/public/AppFramework/Http/Attribute/CORS.php
+++ b/lib/public/AppFramework/Http/Attribute/CORS.php
@@ -12,7 +12,9 @@ namespace OCP\AppFramework\Http\Attribute;
use Attribute;
/**
- * Attribute for controller methods that can also be accessed by not logged-in user
+ * Attribute for controller methods that can also be accessed by other websites.
+ * See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS for an explanation of the functionality and the security implications.
+ * See https://docs.nextcloud.com/server/latest/developer_manual/digging_deeper/rest_apis.html on how to implement it in your controller.
*
* @since 27.0.0
*/
diff --git a/lib/public/AppFramework/Http/Attribute/OpenAPI.php b/lib/public/AppFramework/Http/Attribute/OpenAPI.php
index 26d01937cfb..1b44b2a57fe 100644
--- a/lib/public/AppFramework/Http/Attribute/OpenAPI.php
+++ b/lib/public/AppFramework/Http/Attribute/OpenAPI.php
@@ -60,12 +60,12 @@ class OpenAPI {
/**
* @param self::SCOPE_*|string $scope Scopes are used to define different clients.
- * It is recommended to go with the scopes available as self::SCOPE_* constants,
- * but in exotic cases other APIs might need documentation as well,
- * then a free string can be provided (but it should be `a-z` only).
+ * It is recommended to go with the scopes available as self::SCOPE_* constants,
+ * but in exotic cases other APIs might need documentation as well,
+ * then a free string can be provided (but it should be `a-z` only).
* @param ?list<string> $tags Tags can be used to group routes inside a scope
- * for easier implementation and reviewing of the API specification.
- * It defaults to the controller name in snake_case (should be `a-z` and underscore only).
+ * for easier implementation and reviewing of the API specification.
+ * It defaults to the controller name in snake_case (should be `a-z` and underscore only).
* @since 28.0.0
*/
public function __construct(
diff --git a/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php b/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php
index 0f0f4b38040..c41e5aa2445 100644
--- a/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php
+++ b/lib/public/AppFramework/Http/Attribute/PasswordConfirmationRequired.php
@@ -18,4 +18,21 @@ use Attribute;
*/
#[Attribute]
class PasswordConfirmationRequired {
+ /**
+ * @param bool $strict - Whether password confirmation needs to happen in the request.
+ *
+ * @since 31.0.0
+ */
+ public function __construct(
+ protected bool $strict = false,
+ ) {
+ }
+
+ /**
+ * @since 31.0.0
+ */
+ public function getStrict(): bool {
+ return $this->strict;
+ }
+
}
diff --git a/lib/public/AppFramework/Http/Attribute/RequestHeader.php b/lib/public/AppFramework/Http/Attribute/RequestHeader.php
new file mode 100644
index 00000000000..1d0fbbfa0c3
--- /dev/null
+++ b/lib/public/AppFramework/Http/Attribute/RequestHeader.php
@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCP\AppFramework\Http\Attribute;
+
+use Attribute;
+
+/**
+ * This attribute allows documenting request headers and is primarily intended for OpenAPI documentation.
+ * It should be added whenever you use a request header in a controller method, in order to properly describe the header and its functionality.
+ * There are no checks that ensure the header is set, so you will still need to do this yourself in the controller method.
+ *
+ * @since 32.0.0
+ */
+#[Attribute(Attribute::TARGET_METHOD | Attribute::IS_REPEATABLE)]
+class RequestHeader {
+ /**
+ * @param lowercase-string $name The name of the request header
+ * @param non-empty-string $description The description of the request header
+ * @param bool $indirect Allow indirect usage of the header for example in a middleware. Enabling this turns off the check which ensures that the header must be referenced in the controller method.
+ */
+ public function __construct(
+ protected string $name,
+ protected string $description,
+ protected bool $indirect = false,
+ ) {
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 21:30:38 +0000