diff options
| author | marvin-borner@live.com | 2018-04-10 21:50:16 +0200 |
|---|---|---|
| committer | marvin-borner@live.com | 2018-04-10 21:54:48 +0200 |
| commit | fc9401f04a3aca5abb22f87ebc210de8afe11d32 (patch) | |
| tree | b0b310f3581764ec3955f4e496a05137a32951c3 /assets/php/vendor/ratchet/rfc6455/src/Handshake/RequestVerifier.php | |
| parent | 286d643180672f20526f3dc3bd19d7b751e2fa97 (diff) | |
Initial Commit
Diffstat (limited to 'assets/php/vendor/ratchet/rfc6455/src/Handshake/RequestVerifier.php')
| -rw-r--r-- | assets/php/vendor/ratchet/rfc6455/src/Handshake/RequestVerifier.php | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/assets/php/vendor/ratchet/rfc6455/src/Handshake/RequestVerifier.php b/assets/php/vendor/ratchet/rfc6455/src/Handshake/RequestVerifier.php new file mode 100644 index 0000000..1ace489 --- /dev/null +++ b/assets/php/vendor/ratchet/rfc6455/src/Handshake/RequestVerifier.php @@ -0,0 +1,140 @@ +<?php +namespace Ratchet\RFC6455\Handshake; +use Psr\Http\Message\RequestInterface; + +/** + * These are checks to ensure the client requested handshake are valid + * Verification rules come from section 4.2.1 of the RFC6455 document + * @todo Currently just returning invalid - should consider returning appropriate HTTP status code error #s + */ +class RequestVerifier { + const VERSION = 13; + + /** + * Given an array of the headers this method will run through all verification methods + * @param RequestInterface $request + * @return bool TRUE if all headers are valid, FALSE if 1 or more were invalid + */ + public function verifyAll(RequestInterface $request) { + $passes = 0; + + $passes += (int)$this->verifyMethod($request->getMethod()); + $passes += (int)$this->verifyHTTPVersion($request->getProtocolVersion()); + $passes += (int)$this->verifyRequestURI($request->getUri()->getPath()); + $passes += (int)$this->verifyHost($request->getHeader('Host')); + $passes += (int)$this->verifyUpgradeRequest($request->getHeader('Upgrade')); + $passes += (int)$this->verifyConnection($request->getHeader('Connection')); + $passes += (int)$this->verifyKey($request->getHeader('Sec-WebSocket-Key')); + $passes += (int)$this->verifyVersion($request->getHeader('Sec-WebSocket-Version')); + + return (8 === $passes); + } + + /** + * Test the HTTP method. MUST be "GET" + * @param string + * @return bool + */ + public function verifyMethod($val) { + return ('get' === strtolower($val)); + } + + /** + * Test the HTTP version passed. MUST be 1.1 or greater + * @param string|int + * @return bool + */ + public function verifyHTTPVersion($val) { + return (1.1 <= (double)$val); + } + + /** + * @param string + * @return bool + */ + public function verifyRequestURI($val) { + if ($val[0] !== '/') { + return false; + } + + if (false !== strstr($val, '#')) { + return false; + } + + if (!extension_loaded('mbstring')) { + return true; + } + + return mb_check_encoding($val, 'US-ASCII'); + } + + /** + * @param array $hostHeader + * @return bool + * @todo Once I fix HTTP::getHeaders just verify this isn't NULL or empty...or maybe need to verify it's a valid domain??? Or should it equal $_SERVER['HOST'] ? + */ + public function verifyHost(array $hostHeader) { + return (1 === count($hostHeader)); + } + + /** + * Verify the Upgrade request to WebSockets. + * @param array $upgradeHeader MUST equal "websocket" + * @return bool + */ + public function verifyUpgradeRequest(array $upgradeHeader) { + return (1 === count($upgradeHeader) && 'websocket' === strtolower($upgradeHeader[0])); + } + + /** + * Verify the Connection header + * @param array $connectionHeader MUST include "Upgrade" + * @return bool + */ + public function verifyConnection(array $connectionHeader) { + foreach ($connectionHeader as $l) { + $upgrades = array_filter( + array_map('trim', array_map('strtolower', explode(',', $l))), + function ($x) { + return 'upgrade' === $x; + } + ); + if (count($upgrades) > 0) { + return true; + } + } + return false; + } + + /** + * This function verifies the nonce is valid (64 big encoded, 16 bytes random string) + * @param array $keyHeader + * @return bool + * @todo The spec says we don't need to base64_decode - can I just check if the length is 24 and not decode? + * @todo Check the spec to see what the encoding of the key could be + */ + public function verifyKey(array $keyHeader) { + return (1 === count($keyHeader) && 16 === strlen(base64_decode($keyHeader[0]))); + } + + /** + * Verify the version passed matches this RFC + * @param string|int $versionHeader MUST equal 13|"13" + * @return bool + */ + public function verifyVersion($versionHeader) { + return (1 === count($versionHeader) && static::VERSION === (int)$versionHeader[0]); + } + + /** + * @todo Write logic for this method. See section 4.2.1.8 + */ + public function verifyProtocol($val) { + } + + /** + * @todo Write logic for this method. See section 4.2.1.9 + */ + public function verifyExtensions($val) { + } +} |