1
0

IRequest.php 9.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  10. * @author Lukas Reschke <lukas@statuscode.ch>
  11. * @author Morris Jobke <hey@morrisjobke.de>
  12. * @author Roeland Jago Douma <roeland@famdouma.nl>
  13. * @author Thomas Müller <thomas.mueller@tmit.eu>
  14. * @author Thomas Tanghus <thomas@tanghus.net>
  15. *
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. // use OCP namespace for all classes that are considered public.
  32. // This means that they should be used by apps instead of the internal ownCloud classes
  33. namespace OCP;
  34. /**
  35. * This interface provides an immutable object with with accessors to
  36. * request variables and headers.
  37. *
  38. * Access request variables by method and name.
  39. *
  40. * Examples:
  41. *
  42. * $request->post['myvar']; // Only look for POST variables
  43. * $request->myvar; or $request->{'myvar'}; or $request->{$myvar}
  44. * Looks in the combined GET, POST and urlParams array.
  45. *
  46. * If you access e.g. ->post but the current HTTP request method
  47. * is GET a \LogicException will be thrown.
  48. *
  49. * NOTE:
  50. * - When accessing ->put a stream resource is returned and the accessor
  51. * will return false on subsequent access to ->put or ->patch.
  52. * - When accessing ->patch and the Content-Type is either application/json
  53. * or application/x-www-form-urlencoded (most cases) it will act like ->get
  54. * and ->post and return an array. Otherwise the raw data will be returned.
  55. *
  56. * @property-read string[] $server
  57. * @property-read string[] $urlParams
  58. * @since 6.0.0
  59. */
  60. interface IRequest {
  61. /**
  62. * @since 9.1.0
  63. * @since 28.0.0 The regex has a group matching the version number
  64. */
  65. public const USER_AGENT_CLIENT_ANDROID = '/^Mozilla\/5\.0 \(Android\) (?:ownCloud|Nextcloud)\-android\/([^ ]*).*$/';
  66. /**
  67. * @since 13.0.0
  68. * @since 28.0.0 The regex has a group matching the version number
  69. */
  70. public const USER_AGENT_TALK_ANDROID = '/^Mozilla\/5\.0 \(Android\) Nextcloud\-Talk v([^ ]*).*$/';
  71. /**
  72. * @since 9.1.0
  73. * @since 28.0.0 The regex has a group matching the version number
  74. */
  75. public const USER_AGENT_CLIENT_DESKTOP = '/^Mozilla\/5\.0 \([A-Za-z ]+\) (?:mirall|csyncoC)\/([^ ]*).*$/';
  76. /**
  77. * @since 26.0.0
  78. * @since 28.0.0 The regex has a group matching the version number
  79. */
  80. public const USER_AGENT_TALK_DESKTOP = '/^Mozilla\/5\.0 \((?!Android|iOS)[A-Za-z ]+\) Nextcloud\-Talk v([^ ]*).*$/';
  81. /**
  82. * @since 9.1.0
  83. * @since 28.0.0 The regex has a group matching the version number
  84. */
  85. public const USER_AGENT_CLIENT_IOS = '/^Mozilla\/5\.0 \(iOS\) (?:ownCloud|Nextcloud)\-iOS\/([^ ]*).*$/';
  86. /**
  87. * @since 13.0.0
  88. * @since 28.0.0 The regex has a group matching the version number
  89. */
  90. public const USER_AGENT_TALK_IOS = '/^Mozilla\/5\.0 \(iOS\) Nextcloud\-Talk v([^ ]*).*$/';
  91. /**
  92. * @since 13.0.1
  93. * @since 28.0.0 The regex has a group matching the version number
  94. */
  95. public const USER_AGENT_OUTLOOK_ADDON = '/^Mozilla\/5\.0 \([A-Za-z ]+\) Nextcloud\-Outlook v([^ ]*).*$/';
  96. /**
  97. * @since 13.0.1
  98. * @since 28.0.0 The regex has a group matching the version number
  99. */
  100. public const USER_AGENT_THUNDERBIRD_ADDON = '/^Mozilla\/5\.0 \([A-Za-z ]+\) Nextcloud\-Thunderbird v([^ ]*).*$/';
  101. /**
  102. * @since 26.0.0
  103. */
  104. public const JSON_CONTENT_TYPE_REGEX = '/^application\/(?:[a-z0-9.-]+\+)?json\b/';
  105. /**
  106. * @param string $name
  107. *
  108. * @psalm-taint-source input
  109. *
  110. * @return string
  111. * @since 6.0.0
  112. */
  113. public function getHeader(string $name): string;
  114. /**
  115. * Lets you access post and get parameters by the index
  116. * In case of json requests the encoded json body is accessed
  117. *
  118. * @psalm-taint-source input
  119. *
  120. * @param string $key the key which you want to access in the URL Parameter
  121. * placeholder, $_POST or $_GET array.
  122. * The priority how they're returned is the following:
  123. * 1. URL parameters
  124. * 2. POST parameters
  125. * 3. GET parameters
  126. * @param mixed $default If the key is not found, this value will be returned
  127. * @return mixed the content of the array
  128. * @since 6.0.0
  129. */
  130. public function getParam(string $key, $default = null);
  131. /**
  132. * Returns all params that were received, be it from the request
  133. *
  134. * (as GET or POST) or through the URL by the route
  135. *
  136. * @psalm-taint-source input
  137. *
  138. * @return array the array with all parameters
  139. * @since 6.0.0
  140. */
  141. public function getParams(): array;
  142. /**
  143. * Returns the method of the request
  144. *
  145. * @return string the method of the request (POST, GET, etc)
  146. * @since 6.0.0
  147. */
  148. public function getMethod(): string;
  149. /**
  150. * Shortcut for accessing an uploaded file through the $_FILES array
  151. *
  152. * @param string $key the key that will be taken from the $_FILES array
  153. * @return array the file in the $_FILES element
  154. * @since 6.0.0
  155. */
  156. public function getUploadedFile(string $key);
  157. /**
  158. * Shortcut for getting env variables
  159. *
  160. * @param string $key the key that will be taken from the $_ENV array
  161. * @return array the value in the $_ENV element
  162. * @since 6.0.0
  163. */
  164. public function getEnv(string $key);
  165. /**
  166. * Shortcut for getting cookie variables
  167. *
  168. * @psalm-taint-source input
  169. *
  170. * @param string $key the key that will be taken from the $_COOKIE array
  171. * @return string|null the value in the $_COOKIE element
  172. * @since 6.0.0
  173. */
  174. public function getCookie(string $key);
  175. /**
  176. * Checks if the CSRF check was correct
  177. *
  178. * @return bool true if CSRF check passed
  179. * @since 6.0.0
  180. */
  181. public function passesCSRFCheck(): bool;
  182. /**
  183. * Checks if the strict cookie has been sent with the request if the request
  184. * is including any cookies.
  185. *
  186. * @return bool
  187. * @since 9.0.0
  188. */
  189. public function passesStrictCookieCheck(): bool;
  190. /**
  191. * Checks if the lax cookie has been sent with the request if the request
  192. * is including any cookies.
  193. *
  194. * @return bool
  195. * @since 9.0.0
  196. */
  197. public function passesLaxCookieCheck(): bool;
  198. /**
  199. * Returns an ID for the request, value is not guaranteed to be unique and is mostly meant for logging
  200. * If `mod_unique_id` is installed this value will be taken.
  201. *
  202. * @return string
  203. * @since 8.1.0
  204. */
  205. public function getId(): string;
  206. /**
  207. * Returns the remote address, if the connection came from a trusted proxy
  208. * and `forwarded_for_headers` has been configured then the IP address
  209. * specified in this header will be returned instead.
  210. * Do always use this instead of $_SERVER['REMOTE_ADDR']
  211. *
  212. * @return string IP address
  213. * @since 8.1.0
  214. */
  215. public function getRemoteAddress(): string;
  216. /**
  217. * Returns the server protocol. It respects reverse proxy servers and load
  218. * balancers.
  219. *
  220. * @return string Server protocol (http or https)
  221. * @since 8.1.0
  222. */
  223. public function getServerProtocol(): string;
  224. /**
  225. * Returns the used HTTP protocol.
  226. *
  227. * @return string HTTP protocol. HTTP/2, HTTP/1.1 or HTTP/1.0.
  228. * @since 8.2.0
  229. */
  230. public function getHttpProtocol(): string;
  231. /**
  232. * Returns the request uri, even if the website uses one or more
  233. * reverse proxies
  234. *
  235. * @psalm-taint-source input
  236. *
  237. * @return string
  238. * @since 8.1.0
  239. */
  240. public function getRequestUri(): string;
  241. /**
  242. * Get raw PathInfo from request (not urldecoded)
  243. *
  244. * @psalm-taint-source input
  245. *
  246. * @throws \Exception
  247. * @return string Path info
  248. * @since 8.1.0
  249. */
  250. public function getRawPathInfo(): string;
  251. /**
  252. * Get PathInfo from request
  253. *
  254. * @psalm-taint-source input
  255. *
  256. * @throws \Exception
  257. * @return string|false Path info or false when not found
  258. * @since 8.1.0
  259. */
  260. public function getPathInfo();
  261. /**
  262. * Returns the script name, even if the website uses one or more
  263. * reverse proxies
  264. *
  265. * @return string the script name
  266. * @since 8.1.0
  267. */
  268. public function getScriptName(): string;
  269. /**
  270. * Checks whether the user agent matches a given regex
  271. *
  272. * @param array $agent array of agent names
  273. * @return bool true if at least one of the given agent matches, false otherwise
  274. * @since 8.1.0
  275. */
  276. public function isUserAgent(array $agent): bool;
  277. /**
  278. * Returns the unverified server host from the headers without checking
  279. * whether it is a trusted domain
  280. *
  281. * @psalm-taint-source input
  282. *
  283. * @return string Server host
  284. * @since 8.1.0
  285. */
  286. public function getInsecureServerHost(): string;
  287. /**
  288. * Returns the server host from the headers, or the first configured
  289. * trusted domain if the host isn't in the trusted list
  290. *
  291. * @return string Server host
  292. * @since 8.1.0
  293. */
  294. public function getServerHost(): string;
  295. }