search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Localisation updates from https://translatewiki.net.
[mediawiki.git] / includes / http / MWHttpRequest.php
bloba48eeffd62de055e5f1d455bd903befbb2c5da71
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 */
20
21 use MediaWiki\MainConfigNames;
22 use MediaWiki\MediaWikiServices;
23 use MediaWiki\Request\WebRequest;
24 use MediaWiki\Status\Status;
25 use MediaWiki\Utils\UrlUtils;
26 use Psr\Log\LoggerAwareInterface;
27 use Psr\Log\LoggerInterface;
28 use Psr\Log\NullLogger;
29 use Wikimedia\Http\TelemetryHeadersInterface;
30
31 /**
32 * This wrapper class will call out to curl (if available) or fallback
33 * to regular PHP if necessary for handling internal HTTP requests.
34 *
35 * Renamed from HttpRequest to MWHttpRequest to avoid conflict with
36 * PHP's HTTP extension.
37 */
38 abstract class MWHttpRequest implements LoggerAwareInterface {
39 public const SUPPORTS_FILE_POSTS = false;
40
41 /**
42 * @var int|string
43 */
44 protected $timeout = 'default';
45
46 /** @var string|null */
47 protected $content;
48 /** @var bool|null */
49 protected $headersOnly = null;
50 /** @var array|null */
51 protected $postData = null;
52 /** @var string|null */
53 protected $proxy = null;
54 /** @var bool */
55 protected $noProxy = false;
56 /** @var bool */
57 protected $sslVerifyHost = true;
58 /** @var bool */
59 protected $sslVerifyCert = true;
60 /** @var string|null */
61 protected $caInfo = null;
62 /** @var string */
63 protected $method = "GET";
64 /** @var array */
65 protected $reqHeaders = [];
66 /** @var string */
67 protected $url;
68 /** @var array|false */
69 protected $parsedUrl;
70 /** @var callable */
71 protected $callback;
72 /** @var int */
73 protected $maxRedirects = 5;
74 /** @var bool */
75 protected $followRedirects = false;
76 /** @var int */
77 protected $connectTimeout;
78
79 /**
80 * @var CookieJar
81 */
82 protected $cookieJar;
83
84 /** @var array */
85 protected $headerList = [];
86 /** @var string */
87 protected $respVersion = "0.9";
88 /** @var string */
89 protected $respStatus = "200 Ok";
90 /** @var string[][] */
91 protected $respHeaders = [];
92
93 /** @var StatusValue */
94 protected $status;
95
96 /**
97 * @var Profiler
98 */
99 protected $profiler;
100
101 /**
102 * @var string
103 */
104 protected $profileName;
105
106 /**
107 * @var LoggerInterface
108 */
109 protected $logger;
110
111 private UrlUtils $urlUtils;
112
113 /**
114 * @param string $url Url to use. If protocol-relative, will be expanded to an http:// URL
115 * @param array $options extra params to pass (see HttpRequestFactory::create())
116 * @phpcs:ignore Generic.Files.LineLength
117 * @phan-param array{timeout?:int|string,connectTimeout?:int|string,postData?:array,proxy?:string,noProxy?:bool,sslVerifyHost?:bool,sslVerifyCert?:bool,caInfo?:string,maxRedirects?:int,followRedirects?:bool,userAgent?:string,logger?:LoggerInterface,username?:string,password?:string,originalRequest?:WebRequest|array{ip:string,userAgent:string},method?:string} $options
118 * @param string $caller The method making this request, for profiling @phan-mandatory-param
119 * @param Profiler|null $profiler An instance of the profiler for profiling, or null
120 * @throws Exception
121 */
122 public function __construct(
123 $url, array $options, $caller = __METHOD__, ?Profiler $profiler = null
124 ) {
125 $this->urlUtils = MediaWikiServices::getInstance()->getUrlUtils();
126 if ( !array_key_exists( 'timeout', $options )
127 || !array_key_exists( 'connectTimeout', $options ) ) {
128 throw new InvalidArgumentException( "timeout and connectionTimeout options are required" );
129 }
130 $this->url = $this->urlUtils->expand( $url, PROTO_HTTP ) ?? false;
131 $this->parsedUrl = $this->urlUtils->parse( (string)$this->url ) ?? false;
132
133 $this->logger = $options['logger'] ?? new NullLogger();
134 $this->timeout = $options['timeout'];
135 $this->connectTimeout = $options['connectTimeout'];
136
137 if ( !$this->parsedUrl || !self::isValidURI( $this->url ) ) {
138 $this->status = StatusValue::newFatal( 'http-invalid-url', $url );
139 } else {
140 $this->status = StatusValue::newGood( 100 ); // continue
141 }
142
143 if ( isset( $options['userAgent'] ) ) {
144 $this->setUserAgent( $options['userAgent'] );
145 }
146 if ( isset( $options['username'] ) && isset( $options['password'] ) ) {
147 $this->setHeader(
148 'Authorization',
149 'Basic ' . base64_encode( $options['username'] . ':' . $options['password'] )
150 );
151 }
152 if ( isset( $options['originalRequest'] ) ) {
153 $this->setOriginalRequest( $options['originalRequest'] );
154 }
155
156 $members = [ "postData", "proxy", "noProxy", "sslVerifyHost", "caInfo",
157 "method", "followRedirects", "maxRedirects", "sslVerifyCert", "callback" ];
158
159 foreach ( $members as $o ) {
160 if ( isset( $options[$o] ) ) {
161 // ensure that MWHttpRequest::method is always
162 // uppercased. T38137
163 if ( $o == 'method' ) {
164 // @phan-suppress-next-line PhanTypePossiblyInvalidDimOffset False positive
165 $options[$o] = strtoupper( $options[$o] );
166 }
167 $this->$o = $options[$o];
168 }
169 }
170
171 if ( $this->noProxy ) {
172 $this->proxy = ''; // noProxy takes precedence
173 }
174
175 // Profile based on what's calling us
176 $this->profiler = $profiler;
177 $this->profileName = $caller;
178 }
179
180 /**
181 * @param LoggerInterface $logger
182 */
183 public function setLogger( LoggerInterface $logger ) {
184 $this->logger = $logger;
185 }
186
187 /**
188 * Simple function to test if we can make any sort of requests at all, using
189 * cURL or fopen()
190 * @return bool
191 */
192 public static function canMakeRequests() {
193 return function_exists( 'curl_init' ) || wfIniGetBool( 'allow_url_fopen' );
194 }
195
196 /**
197 * Get the body, or content, of the response to the request
198 *
199 * @return string
200 */
201 public function getContent() {
202 return $this->content;
203 }
204
205 /**
206 * Set the parameters of the request
207 *
208 * @param array $args
209 * @todo overload the args param
210 */
211 public function setData( array $args ) {
212 $this->postData = $args;
213 }
214
215 /**
216 * Add Telemetry information to the request
217 *
218 * @param TelemetryHeadersInterface $telemetry
219 * @return void
220 */
221 public function addTelemetry( TelemetryHeadersInterface $telemetry ): void {
222 foreach ( $telemetry->getRequestHeaders() as $header => $value ) {
223 $this->setHeader( $header, $value );
224 }
225 }
226
227 /**
228 * Take care of setting up the proxy (do nothing if "noProxy" is set)
229 *
230 * @return void
231 */
232 protected function proxySetup() {
233 $httpProxy = MediaWikiServices::getInstance()->getMainConfig()->get(
234 MainConfigNames::HTTPProxy );
235 $localHTTPProxy = MediaWikiServices::getInstance()->getMainConfig()->get(
236 MainConfigNames::LocalHTTPProxy );
237 // If proxies are disabled, clear any other proxy
238 if ( $this->noProxy ) {
239 $this->proxy = '';
240 return;
241 }
242
243 // If there is an explicit proxy already set, use it
244 if ( $this->proxy ) {
245 return;
246 }
247
248 // Otherwise, fallback to $wgLocalHTTPProxy for local URLs
249 // or $wgHTTPProxy for everything else
250 if ( self::isLocalURL( $this->url ) ) {
251 if ( $localHTTPProxy !== false ) {
252 $this->setReverseProxy( $localHTTPProxy );
253 }
254 } else {
255 $this->proxy = (string)$httpProxy;
256 }
257 }
258
259 /**
260 * Enable use of a reverse proxy in which the hostname is
261 * passed as a "Host" header, and the request is sent to the
262 * proxy's host:port instead.
263 *
264 * Note that any custom port in the request URL will be lost
265 * and cookies and redirects may not work properly.
266 *
267 * @param string $proxy URL of proxy
268 */
269 protected function setReverseProxy( string $proxy ) {
270 $parsedProxy = $this->urlUtils->parse( $proxy );
271 if ( $parsedProxy === null ) {
272 throw new InvalidArgumentException( "Invalid reverseProxy configured: $proxy" );
273 }
274 // Set the current host in the Host header
275 $this->setHeader( 'Host', $this->parsedUrl['host'] );
276 // Replace scheme, host and port in the request
277 $this->parsedUrl['scheme'] = $parsedProxy['scheme'];
278 $this->parsedUrl['host'] = $parsedProxy['host'];
279 if ( isset( $parsedProxy['port'] ) ) {
280 $this->parsedUrl['port'] = $parsedProxy['port'];
281 } else {
282 unset( $this->parsedUrl['port'] );
283 }
284 $this->url = UrlUtils::assemble( $this->parsedUrl );
285 // Mark that we're already using a proxy
286 $this->noProxy = true;
287 }
288
289 /**
290 * Check if the URL can be served by a local endpoint
291 *
292 * @param string $url Full url to check
293 * @return bool
294 */
295 private static function isLocalURL( $url ) {
296 $localVirtualHosts = MediaWikiServices::getInstance()->getMainConfig()->get(
297 MainConfigNames::LocalVirtualHosts );
298
299 // Extract host part
300 $matches = [];
301 if ( preg_match( '!^https?://([\w.-]+)[/:].*$!', $url, $matches ) ) {
302 $host = $matches[1];
303 // Split up dotwise
304 $domainParts = explode( '.', $host );
305 // Check if this domain or any superdomain is listed as a local virtual host
306 $domainParts = array_reverse( $domainParts );
307
308 $domain = '';
309 $countParts = count( $domainParts );
310 for ( $i = 0; $i < $countParts; $i++ ) {
311 $domainPart = $domainParts[$i];
312 if ( $i == 0 ) {
313 $domain = $domainPart;
314 } else {
315 $domain = $domainPart . '.' . $domain;
316 }
317
318 if ( in_array( $domain, $localVirtualHosts ) ) {
319 return true;
320 }
321 }
322 }
323
324 return false;
325 }
326
327 /**
328 * @param string $UA
329 */
330 public function setUserAgent( $UA ) {
331 $this->setHeader( 'User-Agent', $UA );
332 }
333
334 /**
335 * Set an arbitrary header
336 * @param string $name
337 * @param string $value
338 */
339 public function setHeader( $name, $value ) {
340 // I feel like I should normalize the case here...
341 $this->reqHeaders[$name] = $value;
342 }
343
344 /**
345 * Get an array of the headers
346 * @return array
347 */
348 protected function getHeaderList() {
349 $list = [];
350
351 if ( $this->cookieJar ) {
352 $this->reqHeaders['Cookie'] =
353 $this->cookieJar->serializeToHttpRequest(
354 $this->parsedUrl['path'],
355 $this->parsedUrl['host']
356 );
357 }
358
359 foreach ( $this->reqHeaders as $name => $value ) {
360 $list[] = "$name: $value";
361 }
362
363 return $list;
364 }
365
366 /**
367 * Set a read callback to accept data read from the HTTP request.
368 * By default, data is appended to an internal buffer which can be
369 * retrieved through $req->getContent().
370 *
371 * To handle data as it comes in -- especially for large files that
372 * would not fit in memory -- you can instead set your own callback,
373 * in the form function($resource, $buffer) where the first parameter
374 * is the low-level resource being read (implementation specific),
375 * and the second parameter is the data buffer.
376 *
377 * You MUST return the number of bytes handled in the buffer; if fewer
378 * bytes are reported handled than were passed to you, the HTTP fetch
379 * will be aborted.
380 *
381 * @param callable|null $callback
382 * @throws InvalidArgumentException
383 */
384 public function setCallback( $callback ) {
385 $this->doSetCallback( $callback );
386 }
387
388 /**
389 * Worker function for setting callbacks. Calls can originate both internally and externally
390 * via setCallback). Defaults to the internal read callback if $callback is null.
391 *
392 * @param callable|null $callback
393 * @throws InvalidArgumentException
394 */
395 protected function doSetCallback( $callback ) {
396 if ( $callback === null ) {
397 $callback = [ $this, 'read' ];
398 } elseif ( !is_callable( $callback ) ) {
399 $this->status->fatal( 'http-internal-error' );
400 throw new InvalidArgumentException( __METHOD__ . ': invalid callback' );
401 }
402 $this->callback = $callback;
403 }
404
405 /**
406 * A generic callback to read the body of the response from a remote
407 * server.
408 *
409 * @param resource $fh
410 * @param string $content
411 * @return int
412 * @internal
413 */
414 public function read( $fh, $content ) {
415 $this->content .= $content;
416 return strlen( $content );
417 }
418
419 /**
420 * Take care of whatever is necessary to perform the URI request.
421 *
422 * @return Status
423 * @note currently returns Status for B/C
424 */
425 public function execute() {
426 throw new LogicException( 'children must override this' );
427 }
428
429 protected function prepare() {
430 $this->content = "";
431
432 if ( strtoupper( $this->method ) == "HEAD" ) {
433 $this->headersOnly = true;
434 }
435
436 $this->proxySetup(); // set up any proxy as needed
437
438 if ( !$this->callback ) {
439 $this->doSetCallback( null );
440 }
441
442 if ( !isset( $this->reqHeaders['User-Agent'] ) ) {
443 $http = MediaWikiServices::getInstance()->getHttpRequestFactory();
444 $this->setUserAgent( $http->getUserAgent() );
445 }
446 }
447
448 /**
449 * Parses the headers, including the HTTP status code and any
450 * Set-Cookie headers. This function expects the headers to be
451 * found in an array in the member variable headerList.
452 */
453 protected function parseHeader() {
454 $lastname = "";
455
456 // Failure without (valid) headers gets a response status of zero
457 if ( !$this->status->isOK() ) {
458 $this->respStatus = '0 Error';
459 }
460
461 foreach ( $this->headerList as $header ) {
462 if ( preg_match( "#^HTTP/([0-9.]+) (.*)#", $header, $match ) ) {
463 $this->respVersion = $match[1];
464 $this->respStatus = $match[2];
465 } elseif ( preg_match( "#^[ \t]#", $header ) ) {
466 $last = count( $this->respHeaders[$lastname] ) - 1;
467 $this->respHeaders[$lastname][$last] .= "\r\n$header";
468 } elseif ( preg_match( "#^([^:]*):[\t ]*(.*)#", $header, $match ) ) {
469 $this->respHeaders[strtolower( $match[1] )][] = $match[2];
470 $lastname = strtolower( $match[1] );
471 }
472 }
473
474 $this->parseCookies();
475 }
476
477 /**
478 * Sets HTTPRequest status member to a fatal value with the error
479 * message if the returned integer value of the status code was
480 * not successful (1-299) or a redirect (300-399).
481 * See RFC2616, section 10, http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
482 * for a list of status codes.
483 */
484 protected function setStatus() {
485 if ( !$this->respHeaders ) {
486 $this->parseHeader();
487 }
488
489 if ( (int)$this->respStatus > 0 && (int)$this->respStatus < 400 ) {
490 $this->status->setResult( true, (int)$this->respStatus );
491 } else {
492 [ $code, $message ] = explode( " ", $this->respStatus, 2 );
493 $this->status->setResult( false, (int)$this->respStatus );
494 $this->status->fatal( "http-bad-status", $code, $message );
495 }
496 }
497
498 /**
499 * Get the integer value of the HTTP status code (e.g. 200 for "200 Ok")
500 * (see RFC2616, section 10, http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
501 * for a list of status codes.)
502 *
503 * @return int
504 */
505 public function getStatus() {
506 if ( !$this->respHeaders ) {
507 $this->parseHeader();
508 }
509
510 return (int)$this->respStatus;
511 }
512
513 /**
514 * Returns true if the last status code was a redirect.
515 *
516 * @return bool
517 */
518 public function isRedirect() {
519 if ( !$this->respHeaders ) {
520 $this->parseHeader();
521 }
522
523 $status = (int)$this->respStatus;
524
525 if ( $status >= 300 && $status <= 303 ) {
526 return true;
527 }
528
529 return false;
530 }
531
532 /**
533 * Returns an associative array of response headers after the
534 * request has been executed. Because some headers
535 * (e.g. Set-Cookie) can appear more than once the, each value of
536 * the associative array is an array of the values given.
537 * Header names are always in lowercase.
538 *
539 * @return array
540 */
541 public function getResponseHeaders() {
542 if ( !$this->respHeaders ) {
543 $this->parseHeader();
544 }
545
546 return $this->respHeaders;
547 }
548
549 /**
550 * Returns the value of the given response header.
551 *
552 * @param string $header case-insensitive
553 * @return string|null
554 */
555 public function getResponseHeader( $header ) {
556 if ( !$this->respHeaders ) {
557 $this->parseHeader();
558 }
559
560 if ( isset( $this->respHeaders[strtolower( $header )] ) ) {
561 $v = $this->respHeaders[strtolower( $header )];
562 return $v[count( $v ) - 1];
563 }
564
565 return null;
566 }
567
568 /**
569 * Tells the MWHttpRequest object to use this pre-loaded CookieJar.
570 *
571 * To read response cookies from the jar, getCookieJar must be called first.
572 *
573 * @param CookieJar $jar
574 */
575 public function setCookieJar( CookieJar $jar ) {
576 $this->cookieJar = $jar;
577 }
578
579 /**
580 * Returns the cookie jar in use.
581 *
582 * @return CookieJar
583 */
584 public function getCookieJar() {
585 if ( !$this->respHeaders ) {
586 $this->parseHeader();
587 }
588
589 return $this->cookieJar;
590 }
591
592 /**
593 * Sets a cookie. Used before a request to set up any individual
594 * cookies. Used internally after a request to parse the
595 * Set-Cookie headers.
596 * @see Cookie::set
597 * @param string $name
598 * @param string $value
599 * @param array $attr
600 */
601 public function setCookie( $name, $value, array $attr = [] ) {
602 if ( !$this->cookieJar ) {
603 $this->cookieJar = new CookieJar;
604 }
605
606 if ( $this->parsedUrl && !isset( $attr['domain'] ) ) {
607 $attr['domain'] = $this->parsedUrl['host'];
608 }
609
610 $this->cookieJar->setCookie( $name, $value, $attr );
611 }
612
613 /**
614 * Parse the cookies in the response headers and store them in the cookie jar.
615 */
616 protected function parseCookies() {
617 if ( !$this->cookieJar ) {
618 $this->cookieJar = new CookieJar;
619 }
620
621 if ( isset( $this->respHeaders['set-cookie'] ) ) {
622 $url = parse_url( $this->getFinalUrl() );
623 if ( !isset( $url['host'] ) ) {
624 $this->status->fatal( 'http-invalid-url', $this->getFinalUrl() );
625 } else {
626 foreach ( $this->respHeaders['set-cookie'] as $cookie ) {
627 $this->cookieJar->parseCookieResponseHeader( $cookie, $url['host'] );
628 }
629 }
630 }
631 }
632
633 /**
634 * Returns the final URL after all redirections.
635 *
636 * Relative values of the "Location" header are incorrect as
637 * stated in RFC, however they do happen and modern browsers
638 * support them. This function loops backwards through all
639 * locations in order to build the proper absolute URI - Marooned
640 * at wikia-inc.com
641 *
642 * Note that the multiple Location: headers are an artifact of
643 * CURL -- they shouldn't actually get returned this way. Rewrite
644 * this when T31232 is taken care of (high-level redirect
645 * handling rewrite).
646 *
647 * @return string
648 */
649 public function getFinalUrl() {
650 $headers = $this->getResponseHeaders();
651
652 // return full url (fix for incorrect but handled relative location)
653 if ( isset( $headers['location'] ) ) {
654 $locations = $headers['location'];
655 $domain = '';
656 $foundRelativeURI = false;
657 $countLocations = count( $locations );
658
659 for ( $i = $countLocations - 1; $i >= 0; $i-- ) {
660 $url = parse_url( $locations[$i] );
661
662 if ( isset( $url['scheme'] ) && isset( $url['host'] ) ) {
663 $domain = $url['scheme'] . '://' . $url['host'];
664 break; // found correct URI (with host)
665 } else {
666 $foundRelativeURI = true;
667 }
668 }
669
670 if ( !$foundRelativeURI ) {
671 return $locations[$countLocations - 1];
672 }
673 if ( $domain ) {
674 return $domain . $locations[$countLocations - 1];
675 }
676 $url = parse_url( $this->url );
677 if ( isset( $url['scheme'] ) && isset( $url['host'] ) ) {
678 return $url['scheme'] . '://' . $url['host'] .
679 $locations[$countLocations - 1];
680 }
681 }
682
683 return $this->url;
684 }
685
686 /**
687 * Returns true if the backend can follow redirects. Overridden by the
688 * child classes.
689 * @return bool
690 */
691 public function canFollowRedirects() {
692 return true;
693 }
694
695 /**
696 * Set information about the original request. This can be useful for
697 * endpoints/API modules which act as a proxy for some service, and
698 * throttling etc. needs to happen in that service.
699 * Calling this will result in the X-Forwarded-For and X-Original-User-Agent
700 * headers being set.
701 * @param WebRequest|array $originalRequest When in array form, it's
702 * expected to have the keys 'ip' and 'userAgent'.
703 * @note IP/user agent is personally identifiable information, and should
704 * only be set when the privacy policy of the request target is
705 * compatible with that of the MediaWiki installation.
706 */
707 public function setOriginalRequest( $originalRequest ) {
708 if ( $originalRequest instanceof WebRequest ) {
709 $originalRequest = [
710 'ip' => $originalRequest->getIP(),
711 'userAgent' => $originalRequest->getHeader( 'User-Agent' ),
712 ];
713 } elseif (
714 !is_array( $originalRequest )
715 || array_diff( [ 'ip', 'userAgent' ], array_keys( $originalRequest ) )
716 ) {
717 throw new InvalidArgumentException( __METHOD__ . ': $originalRequest must be a '
718 . "WebRequest or an array with 'ip' and 'userAgent' keys" );
719 }
720
721 $this->reqHeaders['X-Forwarded-For'] = $originalRequest['ip'];
722 $this->reqHeaders['X-Original-User-Agent'] = $originalRequest['userAgent'];
723 }
724
725 /**
726 * Check that the given URI is a valid one.
727 *
728 * This hardcodes a small set of protocols only, because we want to
729 * deterministically reject protocols not supported by all HTTP-transport
730 * methods.
731 *
732 * "file://" specifically must not be allowed, for security reasons
733 * (see <https://www.mediawiki.org/wiki/Special:Code/MediaWiki/r67684>).
734 *
735 * @todo FIXME this is wildly inaccurate and fails to actually check most stuff
736 *
737 * @since 1.34
738 * @param string $uri URI to check for validity
739 * @return bool
740 */
741 public static function isValidURI( $uri ) {
742 return (bool)preg_match(
743 '/^https?:\/\/[^\/\s]\S*$/D',
744 $uri
745 );
746 }
747 }
MediaWiki Core