diff options
Diffstat (limited to 'lib/public/IRequest.php')
| -rw-r--r-- | lib/public/IRequest.php | 318 |
1 files changed, 318 insertions, 0 deletions
diff --git a/lib/public/IRequest.php b/lib/public/IRequest.php new file mode 100644 index 00000000000..cbac143d775 --- /dev/null +++ b/lib/public/IRequest.php @@ -0,0 +1,318 @@ +<?php + +declare(strict_types=1); +/** + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only + */ +// use OCP namespace for all classes that are considered public. +// This means that they should be used by apps instead of the internal Nextcloud classes + +namespace OCP; + +/** + * This interface provides an immutable object with with accessors to + * request variables and headers. + * + * Access request variables by method and name. + * + * Examples: + * + * $request->post['myvar']; // Only look for POST variables + * $request->myvar; or $request->{'myvar'}; or $request->{$myvar} + * Looks in the combined GET, POST and urlParams array. + * + * If you access e.g. ->post but the current HTTP request method + * is GET a \LogicException will be thrown. + * + * NOTE: + * - When accessing ->put a stream resource is returned and the accessor + * will return false on subsequent access to ->put or ->patch. + * - When accessing ->patch and the Content-Type is either application/json + * or application/x-www-form-urlencoded (most cases) it will act like ->get + * and ->post and return an array. Otherwise the raw data will be returned. + * + * @property-read string[] $server + * @property-read string[] $urlParams + * @since 6.0.0 + */ +interface IRequest { + /** + * @since 9.1.0 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_CLIENT_ANDROID = '/^Mozilla\/5\.0 \(Android\) (?:ownCloud|Nextcloud)\-android\/([^ ]*).*$/'; + + /** + * @since 13.0.0 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_TALK_ANDROID = '/^Mozilla\/5\.0 \(Android\) Nextcloud\-Talk v([^ ]*).*$/'; + + /** + * @since 9.1.0 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_CLIENT_DESKTOP = '/^Mozilla\/5\.0 \([A-Za-z ]+\) (?:mirall|csyncoC)\/([^ ]*).*$/'; + + /** + * @since 26.0.0 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_TALK_DESKTOP = '/^Mozilla\/5\.0 \((?!Android|iOS)[A-Za-z ]+\) Nextcloud\-Talk v([^ ]*).*$/'; + + /** + * @since 9.1.0 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_CLIENT_IOS = '/^Mozilla\/5\.0 \(iOS\) (?:ownCloud|Nextcloud)\-iOS\/([^ ]*).*$/'; + + /** + * @since 13.0.0 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_TALK_IOS = '/^Mozilla\/5\.0 \(iOS\) Nextcloud\-Talk v([^ ]*).*$/'; + + /** + * @since 13.0.1 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_OUTLOOK_ADDON = '/^Mozilla\/5\.0 \([A-Za-z ]+\) Nextcloud\-Outlook v([^ ]*).*$/'; + + /** + * @since 13.0.1 + * @since 28.0.0 The regex has a group matching the version number + */ + public const USER_AGENT_THUNDERBIRD_ADDON = '/^Filelink for \*cloud\/([1-9]\d*\.\d+\.\d+)$/'; + + /** + * @since 26.0.0 + */ + public const JSON_CONTENT_TYPE_REGEX = '/^application\/(?:[a-z0-9.-]+\+)?json\b/'; + + /** + * @param string $name + * + * @psalm-taint-source input + * + * @return string + * @since 6.0.0 + */ + public function getHeader(string $name): string; + + /** + * Lets you access post and get parameters by the index + * In case of json requests the encoded json body is accessed + * + * @psalm-taint-source input + * + * @param string $key the key which you want to access in the URL Parameter + * placeholder, $_POST or $_GET array. + * The priority how they're returned is the following: + * 1. URL parameters + * 2. POST parameters + * 3. GET parameters + * @param mixed $default If the key is not found, this value will be returned + * @return mixed the content of the array + * @since 6.0.0 + */ + public function getParam(string $key, $default = null); + + + /** + * Returns all params that were received, be it from the request + * + * (as GET or POST) or through the URL by the route + * + * @psalm-taint-source input + * + * @return array the array with all parameters + * @since 6.0.0 + */ + public function getParams(): array; + + /** + * Returns the method of the request + * + * @return string the method of the request (POST, GET, etc) + * @since 6.0.0 + */ + public function getMethod(): string; + + /** + * Shortcut for accessing an uploaded file through the $_FILES array + * + * @param string $key the key that will be taken from the $_FILES array + * @return array the file in the $_FILES element + * @since 6.0.0 + */ + public function getUploadedFile(string $key); + + + /** + * Shortcut for getting env variables + * + * @param string $key the key that will be taken from the $_ENV array + * @return array the value in the $_ENV element + * @since 6.0.0 + */ + public function getEnv(string $key); + + + /** + * Shortcut for getting cookie variables + * + * @psalm-taint-source input + * + * @param string $key the key that will be taken from the $_COOKIE array + * @return string|null the value in the $_COOKIE element + * @since 6.0.0 + */ + public function getCookie(string $key); + + + /** + * Checks if the CSRF check was correct + * + * @return bool true if CSRF check passed + * @since 6.0.0 + */ + public function passesCSRFCheck(): bool; + + /** + * Checks if the strict cookie has been sent with the request if the request + * is including any cookies. + * + * @return bool + * @since 9.0.0 + */ + public function passesStrictCookieCheck(): bool; + + /** + * Checks if the lax cookie has been sent with the request if the request + * is including any cookies. + * + * @return bool + * @since 9.0.0 + */ + public function passesLaxCookieCheck(): bool; + + /** + * Returns an ID for the request, value is not guaranteed to be unique and is mostly meant for logging + * If `mod_unique_id` is installed this value will be taken. + * + * @return string + * @since 8.1.0 + */ + public function getId(): string; + + /** + * Returns the remote address, if the connection came from a trusted proxy + * and `forwarded_for_headers` has been configured then the IP address + * specified in this header will be returned instead. + * Do always use this instead of $_SERVER['REMOTE_ADDR'] + * + * @return string IP address + * @since 8.1.0 + */ + public function getRemoteAddress(): string; + + /** + * Returns the server protocol. It respects reverse proxy servers and load + * balancers. + * + * @return string Server protocol (http or https) + * @since 8.1.0 + */ + public function getServerProtocol(): string; + + /** + * Returns the used HTTP protocol. + * + * @return string HTTP protocol. HTTP/2, HTTP/1.1 or HTTP/1.0. + * @since 8.2.0 + */ + public function getHttpProtocol(): string; + + /** + * Returns the request uri, even if the website uses one or more + * reverse proxies + * + * @psalm-taint-source input + * + * @return string + * @since 8.1.0 + */ + public function getRequestUri(): string; + + /** + * Get raw PathInfo from request (not urldecoded) + * + * @psalm-taint-source input + * + * @throws \Exception + * @return string Path info + * @since 8.1.0 + */ + public function getRawPathInfo(): string; + + /** + * Get PathInfo from request + * + * @psalm-taint-source input + * + * @throws \Exception + * @return string|false Path info or false when not found + * @since 8.1.0 + */ + public function getPathInfo(); + + /** + * Returns the script name, even if the website uses one or more + * reverse proxies + * + * @return string the script name + * @since 8.1.0 + */ + public function getScriptName(): string; + + /** + * Checks whether the user agent matches a given regex + * + * @param array $agent array of agent names + * @return bool true if at least one of the given agent matches, false otherwise + * @since 8.1.0 + */ + public function isUserAgent(array $agent): bool; + + /** + * Returns the unverified server host from the headers without checking + * whether it is a trusted domain + * + * @psalm-taint-source input + * + * @return string Server host + * @since 8.1.0 + */ + public function getInsecureServerHost(): string; + + /** + * Returns the server host from the headers, or the first configured + * trusted domain if the host isn't in the trusted list + * + * @return string Server host + * @since 8.1.0 + */ + public function getServerHost(): string; + + /** + * If decoding the request content failed, throw an exception. + * Currently only \JsonException for json decoding errors, + * but in the future may throw other exceptions for other decoding issues. + * + * @throws \Exception + * @since 32.0.0 + */ + public function throwDecodingExceptionIfAny(): void; +} |