-
-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathFirewallMiddleware.php
116 lines (93 loc) · 3.09 KB
/
FirewallMiddleware.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
/**
* This file is part of the tarantool/client package.
*
* (c) Eugene Leonovich <[email protected]>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Tarantool\Client\Middleware;
use Tarantool\Client\Exception\RequestDenied;
use Tarantool\Client\Handler\Handler;
use Tarantool\Client\Request\Request;
use Tarantool\Client\RequestTypes;
use Tarantool\Client\Response;
final class FirewallMiddleware implements Middleware
{
/** @var array<int, true> */
private $allowed;
/** @var array<int, true> */
private $denied;
/**
* @param array $allowed
* @param array $denied
*/
private function __construct($allowed, $denied)
{
$this->allowed = $allowed ? \array_fill_keys($allowed, true) : [];
$this->denied = $denied ? \array_fill_keys($denied, true) : [];
}
public static function allow(int $requestType, int ...$requestTypes) : self
{
return new self([-1 => $requestType] + $requestTypes, []);
}
public static function deny(int $requestType, int ...$requestTypes) : self
{
return new self([], [-1 => $requestType] + $requestTypes);
}
public static function allowReadOnly() : self
{
$self = new self([], []);
$self->allowed = [
RequestTypes::AUTHENTICATE => true,
RequestTypes::PING => true,
RequestTypes::SELECT => true,
];
return $self;
}
public function andAllow(int $requestType, int ...$requestTypes) : self
{
$new = clone $this;
$new->allowed += $requestTypes
? \array_fill_keys([-1 => $requestType] + $requestTypes, true)
: [$requestType => true];
return $new;
}
public function andAllowOnly(int $requestType, int ...$requestTypes) : self
{
$new = clone $this;
$new->allowed = $requestTypes
? \array_fill_keys([-1 => $requestType] + $requestTypes, true)
: [$requestType => true];
return $new;
}
public function andDeny(int $requestType, int ...$requestTypes) : self
{
$new = clone $this;
$new->denied += $requestTypes
? \array_fill_keys([-1 => $requestType] + $requestTypes, true)
: [$requestType => true];
return $new;
}
public function andDenyOnly(int $requestType, int ...$requestTypes) : self
{
$new = clone $this;
$new->denied = $requestTypes
? \array_fill_keys([-1 => $requestType] + $requestTypes, true)
: [$requestType => true];
return $new;
}
public function process(Request $request, Handler $handler) : Response
{
$requestType = $request->getType();
if (isset($this->denied[$requestType])) {
throw RequestDenied::fromObject($request);
}
if ([] !== $this->allowed && !isset($this->allowed[$requestType])) {
throw RequestDenied::fromObject($request);
}
return $handler->handle($request);
}
}