Subversion Repositories php-qbpwcf

<?php

namespace Ratchet\Http;

use Ratchet\ConnectionInterface;

use Ratchet\MessageComponentInterface;

use Psr\Http\Message\RequestInterface;

/**

 * A middleware to ensure JavaScript clients connecting are from the expected domain.

 * This protects other websites from open WebSocket connections to your application.

 * Note: This can be spoofed from non-web browser clients

 */

class OriginCheck implements HttpServerInterface {

    use CloseResponseTrait;

    /**

     * @var \Ratchet\MessageComponentInterface

     */

    protected $_component;

    public $allowedOrigins = [];

    /**

     * @param MessageComponentInterface $component Component/Application to decorate

     * @param array                     $allowed   An array of allowed domains that are allowed to connect from

     */

    public function __construct(MessageComponentInterface $component, array $allowed = []) {

        $this->_component = $component;

        $this->allowedOrigins += $allowed;

    }

    /**

     * {@inheritdoc}

     */

    public function onOpen(ConnectionInterface $conn, RequestInterface $request = null) {

        $header = (string)$request->getHeader('Origin')[0];

        $origin = parse_url($header, PHP_URL_HOST) ?: $header;

        if (!in_array($origin, $this->allowedOrigins)) {

            return $this->close($conn, 403);

        }

        return $this->_component->onOpen($conn, $request);

    }

    /**

     * {@inheritdoc}

     */

    function onMessage(ConnectionInterface $from, $msg) {

        return $this->_component->onMessage($from, $msg);

    }

    /**

     * {@inheritdoc}

     */

    function onClose(ConnectionInterface $conn) {

        return $this->_component->onClose($conn);

    }

    /**

     * {@inheritdoc}

     */

    function onError(ConnectionInterface $conn, \Exception $e) {

        return $this->_component->onError($conn, $e);

    }

}