Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Improve header validation and error messages in RpcHandler

Browse source
This commit is contained in:
netkas 2024-09-27 14:21:08 -04:00
parent a8cbac9dcc
commit 51a1136380
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/Socialbox/Classes/RpcHandler.php
View file

@ -31,10 +31,9 @@ class RpcHandler
try try
{ {
$headers = Utilities::getRequestHeaders(); $headers = Utilities::getRequestHeaders();
foreach(StandardHeaders::getRequiredHeaders() as $header) foreach(StandardHeaders::getRequiredHeaders() as $header)
{ {
if(!isset($headers[$header])) if (!isset($headers[$header]))
{ {
throw new RpcException("Missing required header: $header", 400); throw new RpcException("Missing required header: $header", 400);
} }
@ -50,9 +49,9 @@ class RpcHandler
break; break;
case StandardHeaders::CONTENT_TYPE: case StandardHeaders::CONTENT_TYPE:
if($headers[$header] !== 'application/json') if(!str_contains($headers[$header], 'application/json'))
{ {
throw new RpcException("Invalid Content-Type header: Expected application/json", 400); throw new RpcException(sprintf("Invalid Content-Type header: Expected application/json, got %s", $headers[$header]), 400);
} }
break; break;
@ -81,7 +80,7 @@ class RpcHandler
// If no signature is provided, it must be required if the client is providing a Session UUID // If no signature is provided, it must be required if the client is providing a Session UUID
if($clientRequest->getSignature() === null) if($clientRequest->getSignature() === null)
{ {
throw new RpcException(sprintf('Unauthorized request, signature required for session based requests', StandardHeaders::SIGNATURE->value), 401); throw new RpcException(sprintf('Unauthorized request, signature required for session based requests'), 401);
} }
try try