123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684 |
- <?php
- declare(strict_types=1);
- /**
- * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
- * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
- * SPDX-License-Identifier: AGPL-3.0-only
- */
- namespace OC\Http\Client;
- use GuzzleHttp\Client as GuzzleClient;
- use GuzzleHttp\Promise\PromiseInterface;
- use GuzzleHttp\RequestOptions;
- use OCP\Http\Client\IClient;
- use OCP\Http\Client\IPromise;
- use OCP\Http\Client\IResponse;
- use OCP\Http\Client\LocalServerException;
- use OCP\ICertificateManager;
- use OCP\IConfig;
- use OCP\Security\IRemoteHostValidator;
- use Psr\Log\LoggerInterface;
- use function parse_url;
- /**
- * Class Client
- *
- * @package OC\Http
- */
- class Client implements IClient {
- /** @var GuzzleClient */
- private $client;
- /** @var IConfig */
- private $config;
- /** @var ICertificateManager */
- private $certificateManager;
- private IRemoteHostValidator $remoteHostValidator;
- public function __construct(
- IConfig $config,
- ICertificateManager $certificateManager,
- GuzzleClient $client,
- IRemoteHostValidator $remoteHostValidator,
- protected LoggerInterface $logger,
- ) {
- $this->config = $config;
- $this->client = $client;
- $this->certificateManager = $certificateManager;
- $this->remoteHostValidator = $remoteHostValidator;
- }
- private function buildRequestOptions(array $options): array {
- $proxy = $this->getProxyUri();
- $defaults = [
- RequestOptions::VERIFY => $this->getCertBundle(),
- RequestOptions::TIMEOUT => 30,
- ];
- $options['nextcloud']['allow_local_address'] = $this->isLocalAddressAllowed($options);
- if ($options['nextcloud']['allow_local_address'] === false) {
- $onRedirectFunction = function (
- \Psr\Http\Message\RequestInterface $request,
- \Psr\Http\Message\ResponseInterface $response,
- \Psr\Http\Message\UriInterface $uri
- ) use ($options) {
- $this->preventLocalAddress($uri->__toString(), $options);
- };
- $defaults[RequestOptions::ALLOW_REDIRECTS] = [
- 'on_redirect' => $onRedirectFunction
- ];
- }
- // Only add RequestOptions::PROXY if Nextcloud is explicitly
- // configured to use a proxy. This is needed in order not to override
- // Guzzle default values.
- if ($proxy !== null) {
- $defaults[RequestOptions::PROXY] = $proxy;
- }
- $options = array_merge($defaults, $options);
- if (!isset($options[RequestOptions::HEADERS]['User-Agent'])) {
- $options[RequestOptions::HEADERS]['User-Agent'] = 'Nextcloud Server Crawler';
- }
- if (!isset($options[RequestOptions::HEADERS]['Accept-Encoding'])) {
- $options[RequestOptions::HEADERS]['Accept-Encoding'] = 'gzip';
- }
- // Fallback for save_to
- if (isset($options['save_to'])) {
- $options['sink'] = $options['save_to'];
- unset($options['save_to']);
- }
- return $options;
- }
- private function getCertBundle(): string {
- // If the instance is not yet setup we need to use the static path as
- // $this->certificateManager->getAbsoluteBundlePath() tries to instantiate
- // a view
- if (!$this->config->getSystemValueBool('installed', false)) {
- return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
- }
- return $this->certificateManager->getAbsoluteBundlePath();
- }
- /**
- * Returns a null or an associative array specifying the proxy URI for
- * 'http' and 'https' schemes, in addition to a 'no' key value pair
- * providing a list of host names that should not be proxied to.
- *
- * @return array|null
- *
- * The return array looks like:
- * [
- * 'http' => 'username:password@proxy.example.com',
- * 'https' => 'username:password@proxy.example.com',
- * 'no' => ['foo.com', 'bar.com']
- * ]
- *
- */
- private function getProxyUri(): ?array {
- $proxyHost = $this->config->getSystemValueString('proxy', '');
- if ($proxyHost === '') {
- return null;
- }
- $proxyUserPwd = $this->config->getSystemValueString('proxyuserpwd', '');
- if ($proxyUserPwd !== '') {
- $proxyHost = $proxyUserPwd . '@' . $proxyHost;
- }
- $proxy = [
- 'http' => $proxyHost,
- 'https' => $proxyHost,
- ];
- $proxyExclude = $this->config->getSystemValue('proxyexclude', []);
- if ($proxyExclude !== [] && $proxyExclude !== null) {
- $proxy['no'] = $proxyExclude;
- }
- return $proxy;
- }
- private function isLocalAddressAllowed(array $options) : bool {
- if (($options['nextcloud']['allow_local_address'] ?? false) ||
- $this->config->getSystemValueBool('allow_local_remote_servers', false)) {
- return true;
- }
- return false;
- }
- protected function preventLocalAddress(string $uri, array $options): void {
- if ($this->isLocalAddressAllowed($options)) {
- return;
- }
- $host = parse_url($uri, PHP_URL_HOST);
- if ($host === false || $host === null) {
- throw new LocalServerException('Could not detect any host');
- }
- if (!$this->remoteHostValidator->isValid($host)) {
- throw new LocalServerException('Host "'.$host.'" violates local access rules');
- }
- }
- /**
- * Sends a GET request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'query' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function get(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('get', $uri, $this->buildRequestOptions($options));
- $isStream = isset($options['stream']) && $options['stream'];
- return new Response($response, $isStream);
- }
- /**
- * Sends a HEAD request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function head(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('head', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends a POST request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function post(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- if (isset($options['body']) && is_array($options['body'])) {
- $options['form_params'] = $options['body'];
- unset($options['body']);
- }
- $response = $this->client->request('post', $uri, $this->buildRequestOptions($options));
- $isStream = isset($options['stream']) && $options['stream'];
- return new Response($response, $isStream);
- }
- /**
- * Sends a PUT request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function put(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('put', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends a PATCH request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function patch(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('patch', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends a DELETE request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function delete(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('delete', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends an OPTIONS request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function options(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('options', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Get the response of a Throwable thrown by the request methods when possible
- *
- * @param \Throwable $e
- * @return IResponse
- * @throws \Throwable When $e did not have a response
- * @since 29.0.0
- */
- public function getResponseFromThrowable(\Throwable $e): IResponse {
- if (method_exists($e, 'hasResponse') && method_exists($e, 'getResponse') && $e->hasResponse()) {
- return new Response($e->getResponse());
- }
- throw $e;
- }
- /**
- * Sends a HTTP request
- *
- * @param string $method The HTTP method to use
- * @param string $uri
- * @param array $options Array such as
- * 'query' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function request(string $method, string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request($method, $uri, $this->buildRequestOptions($options));
- $isStream = isset($options['stream']) && $options['stream'];
- return new Response($response, $isStream);
- }
- protected function wrapGuzzlePromise(PromiseInterface $promise): IPromise {
- return new GuzzlePromiseAdapter(
- $promise,
- $this->logger
- );
- }
- /**
- * Sends an asynchronous GET request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'query' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IPromise
- */
- public function getAsync(string $uri, array $options = []): IPromise {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->requestAsync('get', $uri, $this->buildRequestOptions($options));
- return $this->wrapGuzzlePromise($response);
- }
- /**
- * Sends an asynchronous HEAD request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IPromise
- */
- public function headAsync(string $uri, array $options = []): IPromise {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->requestAsync('head', $uri, $this->buildRequestOptions($options));
- return $this->wrapGuzzlePromise($response);
- }
- /**
- * Sends an asynchronous POST request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IPromise
- */
- public function postAsync(string $uri, array $options = []): IPromise {
- $this->preventLocalAddress($uri, $options);
- if (isset($options['body']) && is_array($options['body'])) {
- $options['form_params'] = $options['body'];
- unset($options['body']);
- }
- return $this->wrapGuzzlePromise($this->client->requestAsync('post', $uri, $this->buildRequestOptions($options)));
- }
- /**
- * Sends an asynchronous PUT request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IPromise
- */
- public function putAsync(string $uri, array $options = []): IPromise {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->requestAsync('put', $uri, $this->buildRequestOptions($options));
- return $this->wrapGuzzlePromise($response);
- }
- /**
- * Sends an asynchronous DELETE request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IPromise
- */
- public function deleteAsync(string $uri, array $options = []): IPromise {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->requestAsync('delete', $uri, $this->buildRequestOptions($options));
- return $this->wrapGuzzlePromise($response);
- }
- /**
- * Sends an asynchronous OPTIONS request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => [
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IPromise
- */
- public function optionsAsync(string $uri, array $options = []): IPromise {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->requestAsync('options', $uri, $this->buildRequestOptions($options));
- return $this->wrapGuzzlePromise($response);
- }
- }
|