ApiController.php 3.0 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Bernhard Posselt <dev@bernhard-posselt.com>
  6. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  7. * @author Morris Jobke <hey@morrisjobke.de>
  8. *
  9. * @license AGPL-3.0
  10. *
  11. * This code is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License, version 3,
  13. * as published by the Free Software Foundation.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License, version 3,
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>
  22. *
  23. */
  24. namespace OCP\AppFramework;
  25. use OCP\AppFramework\Http\Response;
  26. use OCP\IRequest;
  27. /**
  28. * Base class to inherit your controllers from that are used for RESTful APIs
  29. * @since 7.0.0
  30. */
  31. abstract class ApiController extends Controller {
  32. private $corsMethods;
  33. private $corsAllowedHeaders;
  34. private $corsMaxAge;
  35. /**
  36. * constructor of the controller
  37. * @param string $appName the name of the app
  38. * @param IRequest $request an instance of the request
  39. * @param string $corsMethods comma separated string of HTTP verbs which
  40. * should be allowed for websites or webapps when calling your API, defaults to
  41. * 'PUT, POST, GET, DELETE, PATCH'
  42. * @param string $corsAllowedHeaders comma separated string of HTTP headers
  43. * which should be allowed for websites or webapps when calling your API,
  44. * defaults to 'Authorization, Content-Type, Accept'
  45. * @param int $corsMaxAge number in seconds how long a preflighted OPTIONS
  46. * request should be cached, defaults to 1728000 seconds
  47. * @since 7.0.0
  48. */
  49. public function __construct($appName,
  50. IRequest $request,
  51. $corsMethods = 'PUT, POST, GET, DELETE, PATCH',
  52. $corsAllowedHeaders = 'Authorization, Content-Type, Accept',
  53. $corsMaxAge = 1728000) {
  54. parent::__construct($appName, $request);
  55. $this->corsMethods = $corsMethods;
  56. $this->corsAllowedHeaders = $corsAllowedHeaders;
  57. $this->corsMaxAge = $corsMaxAge;
  58. }
  59. /**
  60. * This method implements a preflighted cors response for you that you can
  61. * link to for the options request
  62. *
  63. * @NoAdminRequired
  64. * @NoCSRFRequired
  65. * @PublicPage
  66. * @since 7.0.0
  67. */
  68. public function preflightedCors() {
  69. if (isset($this->request->server['HTTP_ORIGIN'])) {
  70. $origin = $this->request->server['HTTP_ORIGIN'];
  71. } else {
  72. $origin = '*';
  73. }
  74. $response = new Response();
  75. $response->addHeader('Access-Control-Allow-Origin', $origin);
  76. $response->addHeader('Access-Control-Allow-Methods', $this->corsMethods);
  77. $response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge);
  78. $response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders);
  79. $response->addHeader('Access-Control-Allow-Credentials', 'false');
  80. return $response;
  81. }
  82. }