1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
|
<?php
namespace MediaWiki\Rest\Module;
use LogicException;
use MediaWiki\Profiler\ProfilingContext;
use MediaWiki\Rest\BasicAccess\BasicAuthorizerInterface;
use MediaWiki\Rest\CorsUtils;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\HttpException;
use MediaWiki\Rest\LocalizedHttpException;
use MediaWiki\Rest\PathTemplateMatcher\ModuleConfigurationException;
use MediaWiki\Rest\Reporter\ErrorReporter;
use MediaWiki\Rest\RequestInterface;
use MediaWiki\Rest\ResponseException;
use MediaWiki\Rest\ResponseFactory;
use MediaWiki\Rest\ResponseInterface;
use MediaWiki\Rest\Router;
use MediaWiki\Rest\Validator\Validator;
use Throwable;
use Wikimedia\Message\MessageValue;
use Wikimedia\ObjectFactory\ObjectFactory;
/**
* A REST module represents a collection of endpoints.
* The module object is responsible for generating a response for a given
* request. This is typically done by routing requests to the appropriate
* request handler.
*
* @since 1.43
*/
abstract class Module {
/**
* @internal for use in cached module data
*/
public const CACHE_CONFIG_HASH_KEY = 'CONFIG-HASH';
protected string $pathPrefix;
protected ResponseFactory $responseFactory;
private BasicAuthorizerInterface $basicAuth;
private ObjectFactory $objectFactory;
private Validator $restValidator;
private ErrorReporter $errorReporter;
private Router $router;
private ?CorsUtils $cors = null;
/**
* @param Router $router
* @param string $pathPrefix
* @param ResponseFactory $responseFactory
* @param BasicAuthorizerInterface $basicAuth
* @param ObjectFactory $objectFactory
* @param Validator $restValidator
* @param ErrorReporter $errorReporter
*/
public function __construct(
Router $router,
string $pathPrefix,
ResponseFactory $responseFactory,
BasicAuthorizerInterface $basicAuth,
ObjectFactory $objectFactory,
Validator $restValidator,
ErrorReporter $errorReporter
) {
$this->router = $router;
$this->pathPrefix = $pathPrefix;
$this->responseFactory = $responseFactory;
$this->basicAuth = $basicAuth;
$this->objectFactory = $objectFactory;
$this->restValidator = $restValidator;
$this->errorReporter = $errorReporter;
}
public function getPathPrefix(): string {
return $this->pathPrefix;
}
/**
* Return data that can later be used to initialize a new instance of
* this module in a fast and efficient way.
*
* @see initFromCacheData()
*
* @return array An associative array suitable to be processed by
* initFromCacheData. Implementations are free to choose the format.
*/
abstract public function getCacheData(): array;
/**
* Initialize from the given cache data if possible.
* This allows fast initialization based on data that was cached during
* a previous invocation of the module.
*
* Implementations are responsible for verifying that the cache data
* matches the information provided to the constructor, to protect against
* a situation where configuration was updated in a way that affects the
* operation of the module.
*
* @param array $cacheData Data generated by getCacheData(), implementations
* are free to choose the format.
*
* @return bool true if the cache data could be used,
* false if it was discarded.
* @see getCacheData()
*/
abstract public function initFromCacheData( array $cacheData ): bool;
/**
* Create a Handler for the given path, taking into account the request
* method.
*
* If $prepExecution is true, the handler's prepareForExecute() method will
* be called, which will call postInitSetup(). The $request object will be
* updated with any path parameters and parsed body data.
*
* @unstable
*
* @param string $path
* @param RequestInterface $request The request to handle. If $forExecution
* is true, this will be updated with the path parameters and parsed
* body data as appropriate.
* @param bool $initForExecute Whether the handler and the request should be
* prepared for execution. Callers that only need the Handler object
* for access to meta-data should set this to false.
*
* @return Handler
* @throws HttpException If no handler was found
*/
public function getHandlerForPath(
string $path,
RequestInterface $request,
bool $initForExecute = false
): Handler {
$requestMethod = strtoupper( $request->getMethod() );
$match = $this->findHandlerMatch( $path, $requestMethod );
if ( !$match['found'] && $requestMethod === 'HEAD' ) {
// For a HEAD request, execute the GET handler instead if one exists.
$match = $this->findHandlerMatch( $path, 'GET' );
}
if ( !$match['found'] ) {
$this->throwNoMatch(
$path,
$request->getMethod(),
$match['methods'] ?? []
);
}
if ( isset( $match['handler'] ) ) {
$handler = $match['handler'];
} elseif ( isset( $match['spec'] ) ) {
$handler = $this->instantiateHandlerObject( $match['spec'] );
} else {
throw new LogicException(
'Match does not specify a handler instance or object spec.'
);
}
// Provide context about the module
$handler->initContext( $this, $match['config'] ?? [] );
// Inject services and state from the router
$this->getRouter()->prepareHandler( $handler );
if ( $initForExecute ) {
// Use rawurldecode so a "+" in path params is not interpreted as a space character.
$pathParams = array_map( 'rawurldecode', $match['params'] ?? [] );
$request->setPathParams( $pathParams );
$handler->initForExecute( $request );
}
return $handler;
}
public function getRouter(): Router {
return $this->router;
}
/**
* Determines which handler to use for the given path and returns an array
* describing the handler and initialization context.
*
* @param string $path
* @param string $requestMethod
*
* @return array<string,mixed>
* - bool found: Whether a match was found. If true, the `handler`
* or `spec` field must be set.
* - Handler handler: the Handler object to use. Either handler or
* spec must be given.
* - array spec: an object spec for use with instantiateHandlerObject()
* - array config: the route config, to be passed to Handler::initContext()
* - string path: the path the handler is responsible for,
* including placeholders for path parameters.
* - string[] params: path parameters, to be passed the
* Request::setPathPrams()
* - string[] methods: supported methods, if the path is known but
* the method did not match. Only meaningful if `found` is false.
* To be returned in the Allow header of a 405 response and included
* in CORS pre-flight.
*/
abstract protected function findHandlerMatch(
string $path,
string $requestMethod
): array;
/**
* Implementations of getHandlerForPath() should call this method when they
* cannot handle the requested path.
*
* @param string $path The requested path
* @param string $method The HTTP method of the current request
* @param string[] $allowed The allowed HTTP methods allowed by the path
*
* @return never
* @throws HttpException
*/
protected function throwNoMatch( string $path, string $method, array $allowed ): void {
// Check for CORS Preflight. This response will *not* allow the request unless
// an Access-Control-Allow-Origin header is added to this response.
if ( $this->cors && $method === 'OPTIONS' && $allowed ) {
// IDEA: Create a CorsHandler, which getHandlerForPath can return in this case.
$response = $this->cors->createPreflightResponse( $allowed );
throw new ResponseException( $response );
}
if ( $allowed ) {
// There are allowed methods for this patch, so reply with Method Not Allowed.
$response = $this->responseFactory->createLocalizedHttpError( 405,
( new MessageValue( 'rest-wrong-method' ) )
->textParams( $method )
->commaListParams( $allowed )
->numParams( count( $allowed ) )
);
$response->setHeader( 'Allow', $allowed );
throw new ResponseException( $response );
} else {
// There are no allowed methods for this path, so the path was not found at all.
$msg = ( new MessageValue( 'rest-no-match' ) )
->plaintextParams( $path );
throw new LocalizedHttpException( $msg, 404 );
}
}
/**
* Find the handler for a request and execute it
*/
public function execute( string $path, RequestInterface $request ): ResponseInterface {
$handler = null;
try {
$handler = $this->getHandlerForPath( $path, $request, true );
$response = $this->executeHandler( $handler );
} catch ( HttpException $e ) {
$response = $this->responseFactory->createFromException( $e );
} catch ( Throwable $e ) {
// Note that $handler is allowed to be null here.
$this->errorReporter->reportError( $e, $handler, $request );
$response = $this->responseFactory->createFromException( $e );
}
return $response;
}
/**
* @internal for testing
*
* @return array[] An associative array, mapping path patterns to
* a list of request methods supported for the path.
*/
abstract public function getDefinedPaths(): array;
/**
* Get the allowed methods for a path.
* Useful to check for 405 wrong method and for generating OpenAPI specs.
*
* @param string $relPath A concrete request path.
* @return string[] A list of allowed HTTP request methods for the path.
* If the path is not supported, the list will be empty.
*/
abstract public function getAllowedMethods( string $relPath ): array;
/**
* Creates a handler from the given spec, but does not initialize it.
*/
protected function instantiateHandlerObject( array $spec ): Handler {
/** @var $handler Handler (annotation for PHPStorm) */
$handler = $this->objectFactory->createObject(
$spec,
[ 'assertClass' => Handler::class ]
);
return $handler;
}
/**
* Execute a fully-constructed handler
* @throws HttpException
*/
protected function executeHandler( Handler $handler ): ResponseInterface {
ProfilingContext::singleton()->init( MW_ENTRY_POINT, $handler->getPath() );
// Check for basic authorization, to avoid leaking data from private wikis
$authResult = $this->basicAuth->authorize( $handler->getRequest(), $handler );
if ( $authResult ) {
return $this->responseFactory->createHttpError( 403, [ 'error' => $authResult ] );
}
// Check session (and session provider)
$handler->checkSession();
// Validate the parameters
$handler->validate( $this->restValidator );
// Check conditional request headers
$earlyResponse = $handler->checkPreconditions();
if ( $earlyResponse ) {
return $earlyResponse;
}
// Run the main part of the handler
$response = $handler->execute();
if ( !( $response instanceof ResponseInterface ) ) {
$response = $this->responseFactory->createFromReturnValue( $response );
}
// Set Last-Modified and ETag headers in the response if available
$handler->applyConditionalResponseHeaders( $response );
$handler->applyCacheControl( $response );
return $response;
}
/**
* @param CorsUtils $cors
* @return self
*/
public function setCors( CorsUtils $cors ): self {
$this->cors = $cors;
return $this;
}
/**
* Loads a module specification from a file.
*
* This method does not know or care about the structure of the file
* other than that it must be JSON and contain a list or map
* (that is, a JSON array or object).
*
* @param string $fileName
*
* @internal
*
* @return array An associative or indexed array describing the module
* @throws ModuleConfigurationException
*/
public static function loadJsonFile( string $fileName ): array {
$json = file_get_contents( $fileName );
if ( $json === false ) {
throw new ModuleConfigurationException(
"Failed to route file `$fileName`"
);
}
$spec = json_decode(
$json,
true
);
if ( !is_array( $spec ) ) {
throw new ModuleConfigurationException(
"Failed to parse `$fileName` as a JSON object"
);
}
return $spec;
}
}
|
