IRequest.php 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  10. * @author Lukas Reschke <lukas@statuscode.ch>
  11. * @author Morris Jobke <hey@morrisjobke.de>
  12. * @author Roeland Jago Douma <roeland@famdouma.nl>
  13. * @author Thomas Müller <thomas.mueller@tmit.eu>
  14. * @author Thomas Tanghus <thomas@tanghus.net>
  15. *
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. // use OCP namespace for all classes that are considered public.
  32. // This means that they should be used by apps instead of the internal ownCloud classes
  33. namespace OCP;
  34. /**
  35. * This interface provides an immutable object with with accessors to
  36. * request variables and headers.
  37. *
  38. * Access request variables by method and name.
  39. *
  40. * Examples:
  41. *
  42. * $request->post['myvar']; // Only look for POST variables
  43. * $request->myvar; or $request->{'myvar'}; or $request->{$myvar}
  44. * Looks in the combined GET, POST and urlParams array.
  45. *
  46. * If you access e.g. ->post but the current HTTP request method
  47. * is GET a \LogicException will be thrown.
  48. *
  49. * NOTE:
  50. * - When accessing ->put a stream resource is returned and the accessor
  51. * will return false on subsequent access to ->put or ->patch.
  52. * - When accessing ->patch and the Content-Type is either application/json
  53. * or application/x-www-form-urlencoded (most cases) it will act like ->get
  54. * and ->post and return an array. Otherwise the raw data will be returned.
  55. *
  56. * @property-read string[] $server
  57. * @property-read string[] $urlParams
  58. * @since 6.0.0
  59. */
  60. interface IRequest {
  61. /**
  62. * @since 9.1.0
  63. */
  64. public const USER_AGENT_CLIENT_ANDROID = '/^Mozilla\/5\.0 \(Android\) (ownCloud|Nextcloud)\-android.*$/';
  65. /**
  66. * @since 13.0.0
  67. */
  68. public const USER_AGENT_TALK_ANDROID = '/^Mozilla\/5\.0 \(Android\) Nextcloud\-Talk v.*$/';
  69. /**
  70. * @since 9.1.0
  71. */
  72. public const USER_AGENT_CLIENT_DESKTOP = '/^Mozilla\/5\.0 \([A-Za-z ]+\) (mirall|csyncoC)\/.*$/';
  73. /**
  74. * @since 9.1.0
  75. */
  76. public const USER_AGENT_CLIENT_IOS = '/^Mozilla\/5\.0 \(iOS\) (ownCloud|Nextcloud)\-iOS.*$/';
  77. /**
  78. * @since 13.0.0
  79. */
  80. public const USER_AGENT_TALK_IOS = '/^Mozilla\/5\.0 \(iOS\) Nextcloud\-Talk v.*$/';
  81. /**
  82. * @since 13.0.1
  83. */
  84. public const USER_AGENT_OUTLOOK_ADDON = '/^Mozilla\/5\.0 \([A-Za-z ]+\) Nextcloud\-Outlook v.*$/';
  85. /**
  86. * @since 13.0.1
  87. */
  88. public const USER_AGENT_THUNDERBIRD_ADDON = '/^Mozilla\/5\.0 \([A-Za-z ]+\) Nextcloud\-Thunderbird v.*$/';
  89. /**
  90. * @since 26.0.0
  91. */
  92. public const JSON_CONTENT_TYPE_REGEX = '/^application\/(?:[a-z0-9.-]+\+)?json\b/';
  93. /**
  94. * @param string $name
  95. *
  96. * @psalm-taint-source input
  97. *
  98. * @return string
  99. * @since 6.0.0
  100. */
  101. public function getHeader(string $name): string;
  102. /**
  103. * Lets you access post and get parameters by the index
  104. * In case of json requests the encoded json body is accessed
  105. *
  106. * @psalm-taint-source input
  107. *
  108. * @param string $key the key which you want to access in the URL Parameter
  109. * placeholder, $_POST or $_GET array.
  110. * The priority how they're returned is the following:
  111. * 1. URL parameters
  112. * 2. POST parameters
  113. * 3. GET parameters
  114. * @param mixed $default If the key is not found, this value will be returned
  115. * @return mixed the content of the array
  116. * @since 6.0.0
  117. */
  118. public function getParam(string $key, $default = null);
  119. /**
  120. * Returns all params that were received, be it from the request
  121. *
  122. * (as GET or POST) or through the URL by the route
  123. *
  124. * @psalm-taint-source input
  125. *
  126. * @return array the array with all parameters
  127. * @since 6.0.0
  128. */
  129. public function getParams(): array;
  130. /**
  131. * Returns the method of the request
  132. *
  133. * @return string the method of the request (POST, GET, etc)
  134. * @since 6.0.0
  135. */
  136. public function getMethod(): string;
  137. /**
  138. * Shortcut for accessing an uploaded file through the $_FILES array
  139. *
  140. * @param string $key the key that will be taken from the $_FILES array
  141. * @return array the file in the $_FILES element
  142. * @since 6.0.0
  143. */
  144. public function getUploadedFile(string $key);
  145. /**
  146. * Shortcut for getting env variables
  147. *
  148. * @param string $key the key that will be taken from the $_ENV array
  149. * @return array the value in the $_ENV element
  150. * @since 6.0.0
  151. */
  152. public function getEnv(string $key);
  153. /**
  154. * Shortcut for getting cookie variables
  155. *
  156. * @psalm-taint-source input
  157. *
  158. * @param string $key the key that will be taken from the $_COOKIE array
  159. * @return string|null the value in the $_COOKIE element
  160. * @since 6.0.0
  161. */
  162. public function getCookie(string $key);
  163. /**
  164. * Checks if the CSRF check was correct
  165. *
  166. * @return bool true if CSRF check passed
  167. * @since 6.0.0
  168. */
  169. public function passesCSRFCheck(): bool;
  170. /**
  171. * Checks if the strict cookie has been sent with the request if the request
  172. * is including any cookies.
  173. *
  174. * @return bool
  175. * @since 9.0.0
  176. */
  177. public function passesStrictCookieCheck(): bool;
  178. /**
  179. * Checks if the lax cookie has been sent with the request if the request
  180. * is including any cookies.
  181. *
  182. * @return bool
  183. * @since 9.0.0
  184. */
  185. public function passesLaxCookieCheck(): bool;
  186. /**
  187. * Returns an ID for the request, value is not guaranteed to be unique and is mostly meant for logging
  188. * If `mod_unique_id` is installed this value will be taken.
  189. *
  190. * @return string
  191. * @since 8.1.0
  192. */
  193. public function getId(): string;
  194. /**
  195. * Returns the remote address, if the connection came from a trusted proxy
  196. * and `forwarded_for_headers` has been configured then the IP address
  197. * specified in this header will be returned instead.
  198. * Do always use this instead of $_SERVER['REMOTE_ADDR']
  199. *
  200. * @return string IP address
  201. * @since 8.1.0
  202. */
  203. public function getRemoteAddress(): string;
  204. /**
  205. * Returns the server protocol. It respects reverse proxy servers and load
  206. * balancers.
  207. *
  208. * @return string Server protocol (http or https)
  209. * @since 8.1.0
  210. */
  211. public function getServerProtocol(): string;
  212. /**
  213. * Returns the used HTTP protocol.
  214. *
  215. * @return string HTTP protocol. HTTP/2, HTTP/1.1 or HTTP/1.0.
  216. * @since 8.2.0
  217. */
  218. public function getHttpProtocol(): string;
  219. /**
  220. * Returns the request uri, even if the website uses one or more
  221. * reverse proxies
  222. *
  223. * @psalm-taint-source input
  224. *
  225. * @return string
  226. * @since 8.1.0
  227. */
  228. public function getRequestUri(): string;
  229. /**
  230. * Get raw PathInfo from request (not urldecoded)
  231. *
  232. * @psalm-taint-source input
  233. *
  234. * @throws \Exception
  235. * @return string Path info
  236. * @since 8.1.0
  237. */
  238. public function getRawPathInfo(): string;
  239. /**
  240. * Get PathInfo from request
  241. *
  242. * @psalm-taint-source input
  243. *
  244. * @throws \Exception
  245. * @return string|false Path info or false when not found
  246. * @since 8.1.0
  247. */
  248. public function getPathInfo();
  249. /**
  250. * Returns the script name, even if the website uses one or more
  251. * reverse proxies
  252. *
  253. * @return string the script name
  254. * @since 8.1.0
  255. */
  256. public function getScriptName(): string;
  257. /**
  258. * Checks whether the user agent matches a given regex
  259. *
  260. * @param array $agent array of agent names
  261. * @return bool true if at least one of the given agent matches, false otherwise
  262. * @since 8.1.0
  263. */
  264. public function isUserAgent(array $agent): bool;
  265. /**
  266. * Returns the unverified server host from the headers without checking
  267. * whether it is a trusted domain
  268. *
  269. * @psalm-taint-source input
  270. *
  271. * @return string Server host
  272. * @since 8.1.0
  273. */
  274. public function getInsecureServerHost(): string;
  275. /**
  276. * Returns the server host from the headers, or the first configured
  277. * trusted domain if the host isn't in the trusted list
  278. *
  279. * @return string Server host
  280. * @since 8.1.0
  281. */
  282. public function getServerHost(): string;
  283. }