noccy
/
mercureact
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mercureact/src/Http/Middleware/MercureHandler.php

217 lines
7.5 KiB
PHP
Raw Blame History

<?php
namespace NoccyLabs\Mercureact\Http\Middleware;
use NoccyLabs\Mercureact\Broker\Message;
use NoccyLabs\Mercureact\Broker\Subscriber\SseSubscriber;
use NoccyLabs\Mercureact\Broker\TopicManager;
use NoccyLabs\Mercureact\Configuration;
use NoccyLabs\Mercureact\Exception\RequestException;
use NoccyLabs\Mercureact\Exception\SecurityException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use React\EventLoop\Loop;
use React\EventLoop\LoopInterface;
use React\Http\Message\Response;
use React\Promise\Promise;
use React\Promise\PromiseInterface;
use React\Stream\ThroughStream;
use Rize\UriTemplate\UriTemplate;
use Symfony\Component\Uid\Uuid;
class MercureHandler
{
private LoopInterface $loop;
private array $seenMessageIds = [];
private int $seenIdHistorySize = 100;
public function __construct(
private Configuration $config,
private TopicManager $topicManager,
?LoopInterface $loop=null
)
{
$this->loop = $loop ?? Loop::get();
$this->seenIdHistorySize = $this->config->getDuplicateIdHistorySize();
}
/**
* Mecure handler middleware
*
* @param ServerRequestInterface $request
* @param callable $next
* @return PromiseInterface
*/
public function __invoke(ServerRequestInterface $request, callable $next): PromiseInterface
{
return new Promise(
function (callable $resolve, callable $reject) use ($next, $request) {
if ($request->getUri()->getPath() == "/.well-known/mercure") {
if ($request->getMethod() == 'POST') {
$resolve($this->handleMercurePublish($request));
return;
}
$resolve($this->handleMercureClient($request));
} else {
$resolve($next($request));
}
}
);
}
/**
*
*
* @param ServerRequestInterface $request
* @return ResponseInterface
*/
private function handleMercureClient(ServerRequestInterface $request): ResponseInterface
{
$responseStream = new ThroughStream();
$response = new Response(
body: $responseStream
);
$subscriber = new SseSubscriber($responseStream, $request);
$query = $request->getUri()->getQuery();
$query = explode("&", $query);
$topics = [];
foreach ($query as $param) {
if (!str_contains($param, "="))
throw new RequestException(
message: "Invalid request data",
code: RequestException::ERR_INVALID_REQUEST_DATA
);
[ $name, $value ] = array_map('urldecode', explode("=", $param, 2));
if ($name === 'topic' || $name === 'topic[]') $topics[] = $value;
}
// Grab the JWT token from the requests authorization attribute
if ($request->getAttribute('authorized')) {
$claims = $request->getAttribute('mercure.subscribe');
if (!$this->checkTopicClaims($topics, $claims)) {
throw new SecurityException(
message: "Insufficient permissions for subscribe",
code: SecurityException::ERR_NO_PERMISSION
);
}
} else {
// Disallow if we don't allow anonymous subscribers. Note that anonymous
// subscribers will not receive updates marked as private.
if (!$this->config->getAllowAnonymousSubscribe()) {
throw new SecurityException(
message: "Anonymous access disallowed",
code: SecurityException::ERR_ACCESS_DENIED
);
}
}
$this->topicManager->subscribe($subscriber, $topics);
$responseStream->on('close', function () use ($subscriber, $topics) {
$this->topicManager->unsubscribe($subscriber, $topics);
});
return $response
->withHeader("Cache-Control", "no-store")
->withHeader("Content-Type", "text/event-stream");
}
/**
*
*
* @param ServerRequestInterface $request
* @return ResponseInterface
*/
private function handleMercurePublish(ServerRequestInterface $request): ResponseInterface
{
if ($request->getHeaderLine('content-type') !== 'application/x-www-form-urlencoded') {
throw new \Exception("Invalid request");
}
// Parse out the urlencoded body. Pretty sure there is a better way to do this?
$body = explode("&", (string)$request->getBody());
$data = [
'topic' => []
];
foreach ($body as $param) {
if (!str_contains($param, "="))
throw new RequestException(
message: "Invalid request data",
code: RequestException::ERR_INVALID_REQUEST_DATA
);
[ $name, $value ] = array_map('urldecode', explode("=", $param, 2));
if ($name === 'topic' || $name === 'topic[]') {
$data['topic'][] = $value;
} else {
$data[$name] = $value;
}
}
// Grab the JWT token from the requests authorization attribute
if ($request->getAttribute('authorized')) {
$claims = $request->getAttribute('mercure.publish');
// check topic against publishClaims
if (!$this->checkTopicClaims($data['topic']??[], $claims)) {
throw new SecurityException(
message: "Insufficient permissions for publish",
code: SecurityException::ERR_NO_PERMISSION
);
}
} else {
// reject if access denied
throw new SecurityException(
message: "Access denied",
code: SecurityException::ERR_ACCESS_DENIED
);
}
// Explicitly check for duplicate message IDs.
if ($this->config->getRejectDuplicateMessages() && !empty($data['id'])) {
if (in_array($data['id'], $this->seenMessageIds)) {
return Response::plaintext("Duplicate message id")->withStatus(Response::STATUS_BAD_REQUEST);
}
array_push($this->seenMessageIds, $data['id']);
while (count($this->seenMessageIds) > $this->seenIdHistorySize)
array_shift($this->seenMessageIds);
}
// Put an id in there if none already
if (empty($data['id']) || $this->config->getOverwriteMessageIds()) {
$data['id'] = "urn:uuid:".(string)Uuid::v7();
}
// Attempt to create the message
$message = Message::fromData($data);
$this->loop->futureTick(function () use ($message) {
$this->topicManager->publish($message);
});
return Response::plaintext($message->id."\n");
}
private function checkTopicClaims(string|array $topic, array $claims): bool
{
$matched = 0;
foreach ((array)$topic as $match) {
foreach ($claims as $claim) {
if (($claim === "*") || ($claim === $match)) {
$matched++;
break;
}
// TODO make sure that UriTemplate parsing works
if ((new UriTemplate())->extract($claim, $match, true)) {
$matched++;
break;
}
}
}
return ($matched == count($topic));
}
}
Reference in New Issue View Git Blame Copy Permalink