ApiController.php 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bernhard Posselt <dev@bernhard-posselt.com>
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Morris Jobke <hey@morrisjobke.de>
  8. * @author Stefan Weil <sw@weilnetz.de>
  9. *
  10. * @license AGPL-3.0
  11. *
  12. * This code is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License, version 3,
  14. * as published by the Free Software Foundation.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License, version 3,
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>
  23. *
  24. */
  25. /**
  26. * Public interface of ownCloud for apps to use.
  27. * AppFramework\Controller class
  28. */
  29. namespace OCP\AppFramework;
  30. use OCP\AppFramework\Http\Response;
  31. use OCP\IRequest;
  32. /**
  33. * Base class to inherit your controllers from that are used for RESTful APIs
  34. * @since 7.0.0
  35. */
  36. abstract class ApiController extends Controller {
  37. private $corsMethods;
  38. private $corsAllowedHeaders;
  39. private $corsMaxAge;
  40. /**
  41. * constructor of the controller
  42. * @param string $appName the name of the app
  43. * @param IRequest $request an instance of the request
  44. * @param string $corsMethods comma separated string of HTTP verbs which
  45. * should be allowed for websites or webapps when calling your API, defaults to
  46. * 'PUT, POST, GET, DELETE, PATCH'
  47. * @param string $corsAllowedHeaders comma separated string of HTTP headers
  48. * which should be allowed for websites or webapps when calling your API,
  49. * defaults to 'Authorization, Content-Type, Accept'
  50. * @param int $corsMaxAge number in seconds how long a preflighted OPTIONS
  51. * request should be cached, defaults to 1728000 seconds
  52. * @since 7.0.0
  53. */
  54. public function __construct($appName,
  55. IRequest $request,
  56. $corsMethods='PUT, POST, GET, DELETE, PATCH',
  57. $corsAllowedHeaders='Authorization, Content-Type, Accept',
  58. $corsMaxAge=1728000){
  59. parent::__construct($appName, $request);
  60. $this->corsMethods = $corsMethods;
  61. $this->corsAllowedHeaders = $corsAllowedHeaders;
  62. $this->corsMaxAge = $corsMaxAge;
  63. }
  64. /**
  65. * This method implements a preflighted cors response for you that you can
  66. * link to for the options request
  67. *
  68. * @NoAdminRequired
  69. * @NoCSRFRequired
  70. * @PublicPage
  71. * @since 7.0.0
  72. */
  73. public function preflightedCors() {
  74. if(isset($this->request->server['HTTP_ORIGIN'])) {
  75. $origin = $this->request->server['HTTP_ORIGIN'];
  76. } else {
  77. $origin = '*';
  78. }
  79. $response = new Response();
  80. $response->addHeader('Access-Control-Allow-Origin', $origin);
  81. $response->addHeader('Access-Control-Allow-Methods', $this->corsMethods);
  82. $response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge);
  83. $response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders);
  84. $response->addHeader('Access-Control-Allow-Credentials', 'false');
  85. return $response;
  86. }
  87. }