response.php 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327
  1. <?php
  2. /**
  3. * @author Bernhard Posselt <dev@bernhard-posselt.com>
  4. * @author Jörn Friedrich Dreyer <jfd@butonic.de>
  5. * @author Lukas Reschke <lukas@owncloud.com>
  6. * @author Morris Jobke <hey@morrisjobke.de>
  7. * @author Thomas Müller <thomas.mueller@tmit.eu>
  8. * @author Thomas Tanghus <thomas@tanghus.net>
  9. *
  10. * @copyright Copyright (c) 2015, ownCloud, Inc.
  11. * @license AGPL-3.0
  12. *
  13. * This code is free software: you can redistribute it and/or modify
  14. * it under the terms of the GNU Affero General Public License, version 3,
  15. * as published by the Free Software Foundation.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License, version 3,
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>
  24. *
  25. */
  26. /**
  27. * Public interface of ownCloud for apps to use.
  28. * AppFramework\HTTP\Response class
  29. */
  30. namespace OCP\AppFramework\Http;
  31. use OCP\AppFramework\Http;
  32. /**
  33. * Base class for responses. Also used to just send headers.
  34. *
  35. * It handles headers, HTTP status code, last modified and ETag.
  36. * @since 6.0.0
  37. */
  38. class Response {
  39. /**
  40. * Headers - defaults to ['Cache-Control' => 'no-cache, must-revalidate']
  41. * @var array
  42. */
  43. private $headers = array(
  44. 'Cache-Control' => 'no-cache, must-revalidate'
  45. );
  46. /**
  47. * Cookies that will be need to be constructed as header
  48. * @var array
  49. */
  50. private $cookies = array();
  51. /**
  52. * HTTP status code - defaults to STATUS OK
  53. * @var int
  54. */
  55. private $status = Http::STATUS_OK;
  56. /**
  57. * Last modified date
  58. * @var \DateTime
  59. */
  60. private $lastModified;
  61. /**
  62. * ETag
  63. * @var string
  64. */
  65. private $ETag;
  66. /** @var ContentSecurityPolicy|null Used Content-Security-Policy */
  67. private $contentSecurityPolicy = null;
  68. /**
  69. * Caches the response
  70. * @param int $cacheSeconds the amount of seconds that should be cached
  71. * if 0 then caching will be disabled
  72. * @return $this
  73. * @since 6.0.0 - return value was added in 7.0.0
  74. */
  75. public function cacheFor($cacheSeconds) {
  76. if($cacheSeconds > 0) {
  77. $this->addHeader('Cache-Control', 'max-age=' . $cacheSeconds .
  78. ', must-revalidate');
  79. } else {
  80. $this->addHeader('Cache-Control', 'no-cache, no-store, must-revalidate');
  81. }
  82. return $this;
  83. }
  84. /**
  85. * Adds a new cookie to the response
  86. * @param string $name The name of the cookie
  87. * @param string $value The value of the cookie
  88. * @param \DateTime|null $expireDate Date on that the cookie should expire, if set
  89. * to null cookie will be considered as session
  90. * cookie.
  91. * @return $this
  92. * @since 8.0.0
  93. */
  94. public function addCookie($name, $value, \DateTime $expireDate = null) {
  95. $this->cookies[$name] = array('value' => $value, 'expireDate' => $expireDate);
  96. return $this;
  97. }
  98. /**
  99. * Set the specified cookies
  100. * @param array $cookies array('foo' => array('value' => 'bar', 'expire' => null))
  101. * @return $this
  102. * @since 8.0.0
  103. */
  104. public function setCookies(array $cookies) {
  105. $this->cookies = $cookies;
  106. return $this;
  107. }
  108. /**
  109. * Invalidates the specified cookie
  110. * @param string $name
  111. * @return $this
  112. * @since 8.0.0
  113. */
  114. public function invalidateCookie($name) {
  115. $this->addCookie($name, 'expired', new \DateTime('1971-01-01 00:00'));
  116. return $this;
  117. }
  118. /**
  119. * Invalidates the specified cookies
  120. * @param array $cookieNames array('foo', 'bar')
  121. * @return $this
  122. * @since 8.0.0
  123. */
  124. public function invalidateCookies(array $cookieNames) {
  125. foreach($cookieNames as $cookieName) {
  126. $this->invalidateCookie($cookieName);
  127. }
  128. return $this;
  129. }
  130. /**
  131. * Returns the cookies
  132. * @return array
  133. * @since 8.0.0
  134. */
  135. public function getCookies() {
  136. return $this->cookies;
  137. }
  138. /**
  139. * Adds a new header to the response that will be called before the render
  140. * function
  141. * @param string $name The name of the HTTP header
  142. * @param string $value The value, null will delete it
  143. * @return $this
  144. * @since 6.0.0 - return value was added in 7.0.0
  145. */
  146. public function addHeader($name, $value) {
  147. $name = trim($name); // always remove leading and trailing whitespace
  148. // to be able to reliably check for security
  149. // headers
  150. if(is_null($value)) {
  151. unset($this->headers[$name]);
  152. } else {
  153. $this->headers[$name] = $value;
  154. }
  155. return $this;
  156. }
  157. /**
  158. * Set the headers
  159. * @param array $headers value header pairs
  160. * @return $this
  161. * @since 8.0.0
  162. */
  163. public function setHeaders(array $headers) {
  164. $this->headers = $headers;
  165. return $this;
  166. }
  167. /**
  168. * Returns the set headers
  169. * @return array the headers
  170. * @since 6.0.0
  171. */
  172. public function getHeaders() {
  173. $mergeWith = [];
  174. if($this->lastModified) {
  175. $mergeWith['Last-Modified'] =
  176. $this->lastModified->format(\DateTime::RFC2822);
  177. }
  178. // Build Content-Security-Policy and use default if none has been specified
  179. if(is_null($this->contentSecurityPolicy)) {
  180. $this->setContentSecurityPolicy(new ContentSecurityPolicy());
  181. }
  182. $this->headers['Content-Security-Policy'] = $this->contentSecurityPolicy->buildPolicy();
  183. if($this->ETag) {
  184. $mergeWith['ETag'] = '"' . $this->ETag . '"';
  185. }
  186. return array_merge($mergeWith, $this->headers);
  187. }
  188. /**
  189. * By default renders no output
  190. * @return null
  191. * @since 6.0.0
  192. */
  193. public function render() {
  194. return null;
  195. }
  196. /**
  197. * Set response status
  198. * @param int $status a HTTP status code, see also the STATUS constants
  199. * @return Response Reference to this object
  200. * @since 6.0.0 - return value was added in 7.0.0
  201. */
  202. public function setStatus($status) {
  203. $this->status = $status;
  204. return $this;
  205. }
  206. /**
  207. * Set a Content-Security-Policy
  208. * @param ContentSecurityPolicy $csp Policy to set for the response object
  209. * @return $this
  210. * @since 8.1.0
  211. */
  212. public function setContentSecurityPolicy(ContentSecurityPolicy $csp) {
  213. $this->contentSecurityPolicy = $csp;
  214. return $this;
  215. }
  216. /**
  217. * Get the currently used Content-Security-Policy
  218. * @return ContentSecurityPolicy|null Used Content-Security-Policy or null if
  219. * none specified.
  220. * @since 8.1.0
  221. */
  222. public function getContentSecurityPolicy() {
  223. return $this->contentSecurityPolicy;
  224. }
  225. /**
  226. * Get response status
  227. * @since 6.0.0
  228. */
  229. public function getStatus() {
  230. return $this->status;
  231. }
  232. /**
  233. * Get the ETag
  234. * @return string the etag
  235. * @since 6.0.0
  236. */
  237. public function getETag() {
  238. return $this->ETag;
  239. }
  240. /**
  241. * Get "last modified" date
  242. * @return \DateTime RFC2822 formatted last modified date
  243. * @since 6.0.0
  244. */
  245. public function getLastModified() {
  246. return $this->lastModified;
  247. }
  248. /**
  249. * Set the ETag
  250. * @param string $ETag
  251. * @return Response Reference to this object
  252. * @since 6.0.0 - return value was added in 7.0.0
  253. */
  254. public function setETag($ETag) {
  255. $this->ETag = $ETag;
  256. return $this;
  257. }
  258. /**
  259. * Set "last modified" date
  260. * @param \DateTime $lastModified
  261. * @return Response Reference to this object
  262. * @since 6.0.0 - return value was added in 7.0.0
  263. */
  264. public function setLastModified($lastModified) {
  265. $this->lastModified = $lastModified;
  266. return $this;
  267. }
  268. }