xref: /webtrees/app/Validator.php (revision 423ac716f0fd6fb6479b8d93287e01e93d715067)
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2021 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees;
21
22use Aura\Router\Route;
23use Closure;
24use Fisharebest\Webtrees\Contracts\UserInterface;
25use Fisharebest\Webtrees\Http\Exceptions\HttpBadRequestException;
26use LogicException;
27use Psr\Http\Message\ServerRequestInterface;
28
29use function array_reduce;
30use function ctype_digit;
31use function is_array;
32use function is_int;
33use function is_string;
34use function parse_url;
35use function preg_match;
36use function str_starts_with;
37
38/**
39 * Validate a parameter from an HTTP request
40 */
41class Validator
42{
43    /** @var array<int|string|Tree|UserInterface|array<int|string>> */
44    private array $parameters;
45
46    /** @var array<Closure> */
47    private array $rules = [];
48
49    /**
50     * @param array<int|string|Tree|UserInterface|array<int|string>> $parameters
51     */
52    public function __construct(array $parameters)
53    {
54        $this->parameters = $parameters;
55    }
56
57    /**
58     * @param ServerRequestInterface $request
59     *
60     * @return self
61     */
62    public static function attributes(ServerRequestInterface $request): self
63    {
64        return new self($request->getAttributes());
65    }
66
67    /**
68     * @param ServerRequestInterface $request
69     *
70     * @return self
71     */
72    public static function parsedBody(ServerRequestInterface $request): self
73    {
74        return new self((array) $request->getParsedBody());
75    }
76
77    /**
78     * @param ServerRequestInterface $request
79     *
80     * @return self
81     */
82    public static function queryParams(ServerRequestInterface $request): self
83    {
84        return new self($request->getQueryParams());
85    }
86
87    /**
88     * @param ServerRequestInterface $request
89     *
90     * @return self
91     */
92    public static function serverParams(ServerRequestInterface $request): self
93    {
94        return new self($request->getServerParams());
95    }
96
97    /**
98     * @param int $minimum
99     * @param int $maximum
100     *
101     * @return self
102     */
103    public function isBetween(int $minimum, int $maximum): self
104    {
105        $this->rules[] = static function (?int $value) use ($minimum, $maximum): ?int {
106            if (is_int($value) && $value >= $minimum && $value <= $maximum) {
107                return $value;
108            }
109
110            return null;
111        };
112
113        return $this;
114    }
115
116    /**
117     * @param array<string> $values
118     *
119     * @return $this
120     */
121    public function isInArray(array $values): self
122    {
123        $this->rules[] = static fn (?string $value): ?string => is_string($value) && in_array($value, $values, true) ? $value : null;
124
125        return $this;
126    }
127    /**
128     * @param string $base_url
129     *
130     * @return $this
131     */
132    public function isLocalUrl(string $base_url): self
133    {
134        $this->rules[] = static function (?string $value) use ($base_url): ?string {
135            if (is_string($value)) {
136                $value_info    = parse_url($value);
137                $base_url_info = parse_url($base_url);
138
139                if (!is_array($base_url_info)) {
140                    throw new LogicException(__METHOD__ . ' needs a valid URL');
141                }
142
143                if (is_array($value_info)) {
144                    $scheme_ok = ($value_info['scheme'] ?? 'http') === ($base_url_info['scheme'] ?? 'http');
145                    $host_ok   = ($value_info['host'] ?? '') === ($base_url_info['host'] ?? '');
146                    $port_ok   = ($value_info['port'] ?? '') === ($base_url_info['port'] ?? '');
147                    $user_ok   = ($value_info['user'] ?? '') === ($base_url_info['user'] ?? '');
148                    $path_ok   = str_starts_with($value_info['path'] ?? '/', $base_url_info['path'] ?? '/');
149
150                    if ($scheme_ok && $host_ok && $port_ok && $user_ok && $path_ok) {
151                        return $value;
152                    }
153                }
154            }
155
156            return null;
157        };
158
159        return $this;
160    }
161
162    /**
163     * @return $this
164     */
165    public function isTag(): self
166    {
167        $this->rules[] = static function (?string $value): ?string {
168            if (is_string($value) && preg_match('/^' . Gedcom::REGEX_TAG . '$/', $value) === 1) {
169                return $value;
170            }
171
172            return null;
173        };
174
175        return $this;
176    }
177
178    /**
179     * @return $this
180     */
181    public function isXref(): self
182    {
183        $this->rules[] = static function (?string $value): ?string {
184            if (is_string($value) && preg_match('/^' . Gedcom::REGEX_XREF . '$/', $value) === 1) {
185                return $value;
186            }
187
188            return null;
189        };
190
191        return $this;
192    }
193
194    /**
195     * @param string $parameter
196     *
197     * @return array<string>|null
198     */
199    public function optionalArray(string $parameter): ?array
200    {
201        $value = $this->parameters[$parameter] ?? null;
202
203        if (!is_array($value)) {
204            $value = null;
205        }
206
207        $callback = static fn (?array $value, Closure $rule): ?array => $rule($value);
208
209        return array_reduce($this->rules, $callback, $value);
210    }
211
212    /**
213     * @param string $parameter
214     *
215     * @return int|null
216     */
217    public function optionalInteger(string $parameter): ?int
218    {
219        $value = $this->parameters[$parameter] ?? null;
220
221        if (is_string($value) && ctype_digit($value)) {
222            $value = (int) $value;
223        } else {
224            $value = null;
225        }
226
227        $callback = static fn (?int $value, Closure $rule): ?int => $rule($value);
228
229        return array_reduce($this->rules, $callback, $value);
230    }
231
232    /**
233     * @param string $parameter
234     *
235     * @return string|null
236     */
237    public function optionalString(string $parameter): ?string
238    {
239        $value = $this->parameters[$parameter] ?? null;
240
241        if (!is_string($value)) {
242            $value = null;
243        }
244
245        $callback = static fn (?string $value, Closure $rule): ?string => $rule($value);
246
247        return array_reduce($this->rules, $callback, $value);
248    }
249
250    /**
251     * @param string    $parameter
252     * @param bool|null $default
253     *
254     * @return bool
255     */
256    public function boolean(string $parameter, bool $default = null): bool
257    {
258        $value = $this->parameters[$parameter] ?? null;
259
260        if (in_array($value, ['1', true], true)) {
261            return true;
262        }
263
264        if (in_array($value, ['0', '', false], true)) {
265            return false;
266        }
267
268        if ($default === null) {
269            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
270        }
271
272        return $default;
273    }
274
275    /**
276     * @param string $parameter
277     *
278     * @return array<string>
279     */
280    public function array(string $parameter): array
281    {
282        $value = $this->parameters[$parameter] ?? null;
283
284        if (!is_array($value) && $value !== null) {
285            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
286        }
287
288        $callback = static fn (?array $value, Closure $rule): ?array => $rule($value);
289
290        $value = array_reduce($this->rules, $callback, $value);
291        $value ??= [];
292
293        $check_utf8 = static function ($v, $k) use ($parameter) {
294            if (is_string($k) && !preg_match('//u', $k) || is_string($v) && !preg_match('//u', $v)) {
295                throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
296            }
297        };
298
299        array_walk_recursive($value, $check_utf8);
300
301        return $value;
302    }
303
304    /**
305     * @param string   $parameter
306     * @param int|null $default
307     *
308     * @return int
309     */
310    public function integer(string $parameter, int $default = null): int
311    {
312        $value = $this->parameters[$parameter] ?? null;
313
314        if (is_string($value) && ctype_digit($value)) {
315            $value = (int) $value;
316        } elseif (!is_int($value)) {
317            $value = null;
318        }
319
320        $callback = static fn (?int $value, Closure $rule): ?int => $rule($value);
321
322        $value = array_reduce($this->rules, $callback, $value);
323
324        $value ??= $default;
325
326        if ($value === null) {
327            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
328        }
329
330        return $value;
331    }
332
333    /**
334     * @param string $parameter
335     *
336     * @return Route
337     */
338    public function route(string $parameter = 'route'): Route
339    {
340        $value = $this->parameters[$parameter] ?? null;
341
342        if ($value instanceof Route) {
343            return $value;
344        }
345
346        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
347    }
348
349    /**
350     * @param string      $parameter
351     * @param string|null $default
352     *
353     * @return string
354     */
355    public function string(string $parameter, string $default = null): string
356    {
357        $value = $this->parameters[$parameter] ?? null;
358
359        if (!is_string($value)) {
360            $value = null;
361        }
362
363        $callback = static fn (?string $value, Closure $rule): ?string => $rule($value);
364
365        $value =  array_reduce($this->rules, $callback, $value);
366        $value ??= $default;
367
368        if ($value === null || preg_match('//u', $value) !== 1) {
369            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
370        }
371
372        return $value;
373    }
374
375    /**
376     * @param string $parameter
377     *
378     * @return Tree
379     */
380    public function tree(string $parameter = 'tree'): Tree
381    {
382        $value = $this->parameters[$parameter] ?? null;
383
384        if ($value instanceof Tree) {
385            return $value;
386        }
387
388        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
389    }
390
391    /**
392     * @param string $parameter
393     *
394     * @return Tree|null
395     */
396    public function treeOptional(string $parameter = 'tree'): ?Tree
397    {
398        $value = $this->parameters[$parameter] ?? null;
399
400        if ($value === null || $value instanceof Tree) {
401            return $value;
402        }
403
404        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
405    }
406
407    /**
408     * @param string $parameter
409     *
410     * @return UserInterface
411     */
412    public function user(string $parameter = 'user'): UserInterface
413    {
414        $value = $this->parameters[$parameter] ?? null;
415
416        if ($value instanceof UserInterface) {
417            return $value;
418        }
419
420        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
421    }
422}
423