-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSolidUserProfile.php
More file actions
76 lines (62 loc) · 2.55 KB
/
SolidUserProfile.php
File metadata and controls
76 lines (62 loc) · 2.55 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
namespace Pdsinterop\PhpSolid\Routes;
use Pdsinterop\PhpSolid\ProfileServer;
use Pdsinterop\PhpSolid\ClientRegistration;
use Pdsinterop\PhpSolid\SolidNotifications;
use Pdsinterop\PhpSolid\Util;
use Pdsinterop\Solid\Auth\WAC;
use Pdsinterop\Solid\Resources\Server as ResourceServer;
use Laminas\Diactoros\ServerRequestFactory;
use Laminas\Diactoros\Response;
class SolidUserProfile {
public static function respondToProfile() {
$requestFactory = new ServerRequestFactory();
$serverData = $_SERVER;
$rawRequest = $requestFactory->fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES);
ProfileServer::initializeProfile();
$filesystem = ProfileServer::getFileSystem();
$resourceServer = new ResourceServer($filesystem, new Response(), null);
$solidNotifications = new SolidNotifications();
$resourceServer->setNotifications($solidNotifications);
$wac = new WAC($filesystem);
$baseUrl = Util::getServerBaseUrl();
$resourceServer->setBaseUrl($baseUrl);
$resourceServer->lockToPath("/profile.ttl");
$wac->setBaseUrl($baseUrl);
// use the original $_SERVER without modified path, otherwise the htu check for DPOP will fail
$webId = ProfileServer::getWebId($requestFactory->fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES));
if (!isset($webId)) {
$response = $resourceServer->getResponse()
->withStatus(409, "Invalid token");
ProfileServer::respond($response);
exit();
}
$origin = $rawRequest->getHeaderLine("Origin");
// FIXME: Read allowed clients from the profile instead;
$owner = ProfileServer::getOwner();
$allowedClients = $owner['allowedClients'] ?? [];
$allowedOrigins = [];
foreach ($allowedClients as $clientId) {
$clientRegistration = ClientRegistration::getRegistration($clientId);
if (isset($clientRegistration['client_name'])) {
$allowedOrigins[] = $clientRegistration['client_name'];
}
if (isset($clientRegistration['origin'])) {
$allowedOrigins[] = $clientRegistration['origin'];
}
}
if (!isset($origin) || ($origin === "")) {
$allowedOrigins[] = "app://unset"; // FIXME: this should not be here.
$origin = "app://unset";
}
if (!$wac->isAllowed($rawRequest, $webId, $origin, $allowedOrigins)) {
$response = new Response();
$response = $response->withStatus(403, "Access denied!");
ProfileServer::respond($response);
exit();
}
$response = $resourceServer->respondToRequest($rawRequest);
$response = $wac->addWACHeaders($rawRequest, $response, $webId);
ProfileServer::respond($response);
}
}