1
<?php
2
/**
3
 * This file is part of the Shieldon package.
4
 *
5
 * (c) Terry L. <contact@terryl.in>
6
 *
7
 * For the full copyright and license information, please view the LICENSE
8
 * file that was distributed with this source code.
9
 * 
10
 * php version 7.1.0
11
 * 
12
 * @category  Web-security
13
 * @package   Shieldon
14
 * @author    Terry Lin <contact@terryl.in>
15
 * @copyright 2019 terrylinooo
16
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17
 * @link      https://github.com/terrylinooo/shieldon
18
 * @see       https://shieldon.io
19
 */
20

21
declare(strict_types=1);
22

23
namespace Shieldon\Firewall\Middleware;
24

25
use Psr\Http\Message\ResponseInterface;
26
use Psr\Http\Message\ServerRequestInterface;
27
use Psr\Http\Server\MiddlewareInterface;
28
use Psr\Http\Server\RequestHandlerInterface;
29
use Shieldon\Psr7\Response;
30

31
/**
32
 * A PSR-15 middleware that denys requests without specific header inforamtion.
33
 */
34
class Header implements MiddlewareInterface
35
{
36
    /**
37
     * 406 - Not Acceptable.
38
     *
39
     * @var int
40
     */
41
    const HTTP_STATUS_CODE = 406;
42

43
    /**
44
     *  Very common requests from normal users.
45
     * 
46
     * @var array
47
     */
48
    protected $fieldList = [
49
        'Accept',
50
        'Accept-Language',
51
        'Accept-Encoding',
52
    ];
53

54
    /**
55
     * Constructor.
56
     * 
57
     * @param array $fieldList The list that want to be denied.
58
     *
59
     * @return void
60
     */
61 3
    public function __construct(array $fieldList = [])
62
    {
63 3
        if (!empty($fieldList)) {
64 3
            $this->fieldList = $fieldList;
65
        }
66
    }
67

68
    /**
69
     * Invoker.
70
     *
71
     * @param ServerRequestInterface  $request The PSR-7 server request.
72
     * @param RequestHandlerInterface $handler The PSR-15 request handler.
73
     *
74
     * @return ResponseInterface
75
     */
76 3
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
77
    {
78 3
        foreach ($this->fieldList as $fieldName) {
79 3
            if (!$request->hasHeader($fieldName)) {
80 3
                return (new Response)->withStatus(self::HTTP_STATUS_CODE);
81
            }
82
        }
83

84 3
        return $handler->handle($request);
85
    }
86
}

Read our documentation on viewing source code .

Loading