123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406 |
- <?php
- declare(strict_types=1);
- /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Carlos Ferreira <carlos@reendex.com>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Mohammed Abdellatif <m.latief@gmail.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Robin Appelman <robin@icewind.nl>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Scott Shambarger <devel@shambarger.net>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OC\Http\Client;
- use GuzzleHttp\Client as GuzzleClient;
- use GuzzleHttp\RequestOptions;
- use OCP\Http\Client\IClient;
- use OCP\Http\Client\IResponse;
- use OCP\Http\Client\LocalServerException;
- use OCP\ICertificateManager;
- use OCP\IConfig;
- use OCP\Security\IRemoteHostValidator;
- use function parse_url;
- /**
- * Class Client
- *
- * @package OC\Http
- */
- class Client implements IClient {
- /** @var GuzzleClient */
- private $client;
- /** @var IConfig */
- private $config;
- /** @var ICertificateManager */
- private $certificateManager;
- private IRemoteHostValidator $remoteHostValidator;
- public function __construct(
- IConfig $config,
- ICertificateManager $certificateManager,
- GuzzleClient $client,
- IRemoteHostValidator $remoteHostValidator
- ) {
- $this->config = $config;
- $this->client = $client;
- $this->certificateManager = $certificateManager;
- $this->remoteHostValidator = $remoteHostValidator;
- }
- private function buildRequestOptions(array $options): array {
- $proxy = $this->getProxyUri();
- $defaults = [
- RequestOptions::VERIFY => $this->getCertBundle(),
- RequestOptions::TIMEOUT => 30,
- ];
- $options['nextcloud']['allow_local_address'] = $this->isLocalAddressAllowed($options);
- if ($options['nextcloud']['allow_local_address'] === false) {
- $onRedirectFunction = function (
- \Psr\Http\Message\RequestInterface $request,
- \Psr\Http\Message\ResponseInterface $response,
- \Psr\Http\Message\UriInterface $uri
- ) use ($options) {
- $this->preventLocalAddress($uri->__toString(), $options);
- };
- $defaults[RequestOptions::ALLOW_REDIRECTS] = [
- 'on_redirect' => $onRedirectFunction
- ];
- }
- // Only add RequestOptions::PROXY if Nextcloud is explicitly
- // configured to use a proxy. This is needed in order not to override
- // Guzzle default values.
- if ($proxy !== null) {
- $defaults[RequestOptions::PROXY] = $proxy;
- }
- $options = array_merge($defaults, $options);
- if (!isset($options[RequestOptions::HEADERS]['User-Agent'])) {
- $options[RequestOptions::HEADERS]['User-Agent'] = 'Nextcloud Server Crawler';
- }
- if (!isset($options[RequestOptions::HEADERS]['Accept-Encoding'])) {
- $options[RequestOptions::HEADERS]['Accept-Encoding'] = 'gzip';
- }
- // Fallback for save_to
- if (isset($options['save_to'])) {
- $options['sink'] = $options['save_to'];
- unset($options['save_to']);
- }
- return $options;
- }
- private function getCertBundle(): string {
- // If the instance is not yet setup we need to use the static path as
- // $this->certificateManager->getAbsoluteBundlePath() tries to instantiate
- // a view
- if ($this->config->getSystemValue('installed', false) === false) {
- return \OC::$SERVERROOT . '/resources/config/ca-bundle.crt';
- }
- return $this->certificateManager->getAbsoluteBundlePath();
- }
- /**
- * Returns a null or an associative array specifying the proxy URI for
- * 'http' and 'https' schemes, in addition to a 'no' key value pair
- * providing a list of host names that should not be proxied to.
- *
- * @return array|null
- *
- * The return array looks like:
- * [
- * 'http' => 'username:password@proxy.example.com',
- * 'https' => 'username:password@proxy.example.com',
- * 'no' => ['foo.com', 'bar.com']
- * ]
- *
- */
- private function getProxyUri(): ?array {
- $proxyHost = $this->config->getSystemValue('proxy', '');
- if ($proxyHost === '' || $proxyHost === null) {
- return null;
- }
- $proxyUserPwd = $this->config->getSystemValue('proxyuserpwd', '');
- if ($proxyUserPwd !== '' && $proxyUserPwd !== null) {
- $proxyHost = $proxyUserPwd . '@' . $proxyHost;
- }
- $proxy = [
- 'http' => $proxyHost,
- 'https' => $proxyHost,
- ];
- $proxyExclude = $this->config->getSystemValue('proxyexclude', []);
- if ($proxyExclude !== [] && $proxyExclude !== null) {
- $proxy['no'] = $proxyExclude;
- }
- return $proxy;
- }
- private function isLocalAddressAllowed(array $options) : bool {
- if (($options['nextcloud']['allow_local_address'] ?? false) ||
- $this->config->getSystemValueBool('allow_local_remote_servers', false)) {
- return true;
- }
- return false;
- }
- protected function preventLocalAddress(string $uri, array $options): void {
- if ($this->isLocalAddressAllowed($options)) {
- return;
- }
- $host = parse_url($uri, PHP_URL_HOST);
- if ($host === false || $host === null) {
- throw new LocalServerException('Could not detect any host');
- }
- if (!$this->remoteHostValidator->isValid($host)) {
- throw new LocalServerException('Host violates local access rules');
- }
- }
- /**
- * Sends a GET request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'query' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => ['
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function get(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('get', $uri, $this->buildRequestOptions($options));
- $isStream = isset($options['stream']) && $options['stream'];
- return new Response($response, $isStream);
- }
- /**
- * Sends a HEAD request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => ['
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function head(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('head', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends a POST request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => ['
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function post(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- if (isset($options['body']) && is_array($options['body'])) {
- $options['form_params'] = $options['body'];
- unset($options['body']);
- }
- $response = $this->client->request('post', $uri, $this->buildRequestOptions($options));
- $isStream = isset($options['stream']) && $options['stream'];
- return new Response($response, $isStream);
- }
- /**
- * Sends a PUT request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => ['
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function put(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('put', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends a DELETE request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => ['
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function delete(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('delete', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- /**
- * Sends a options request
- *
- * @param string $uri
- * @param array $options Array such as
- * 'body' => [
- * 'field' => 'abc',
- * 'other_field' => '123',
- * 'file_name' => fopen('/path/to/file', 'r'),
- * ],
- * 'headers' => [
- * 'foo' => 'bar',
- * ],
- * 'cookies' => ['
- * 'foo' => 'bar',
- * ],
- * 'allow_redirects' => [
- * 'max' => 10, // allow at most 10 redirects.
- * 'strict' => true, // use "strict" RFC compliant redirects.
- * 'referer' => true, // add a Referer header
- * 'protocols' => ['https'] // only allow https URLs
- * ],
- * 'sink' => '/path/to/file', // save to a file or a stream
- * 'verify' => true, // bool or string to CA file
- * 'debug' => true,
- * 'timeout' => 5,
- * @return IResponse
- * @throws \Exception If the request could not get completed
- */
- public function options(string $uri, array $options = []): IResponse {
- $this->preventLocalAddress($uri, $options);
- $response = $this->client->request('options', $uri, $this->buildRequestOptions($options));
- return new Response($response);
- }
- }
|