Subversion Repositories munaweb

Rev

Rev 87 | Rev 178 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1 
<?php
2 
/**
3 
 * AJAX Cross Domain (PHP) Proxy 0.8
4 
 * Copyright (C) 2016 Iacovos Constantinou (https://github.com/softius)
5 
 *
6 
 * This program is free software: you can redistribute it and/or modify
7 
 * it under the terms of the GNU General Public License as published by
8 
 * the Free Software Foundation, either version 3 of the License, or
9 
 * (at your option) any later version.
10 
 * This program is distributed in the hope that it will be useful,
11 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 
 * GNU General Public License for more details.
14 
 * You should have received a copy of the GNU General Public License
15 
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 
 */
17 
/**
18 
 * Enables or disables filtering for cross domain requests.
19 
 * Recommended value: true
20 
 */
21 
define('CSAJAX_FILTERS', true);
22 
/**
23 
 * If set to true, $valid_requests should hold only domains i.e. a.example.com, b.example.com, usethisdomain.com
24 
 * If set to false, $valid_requests should hold the whole URL ( without the parameters ) i.e. http://example.com/this/is/long/url/
25 
 * Recommended value: false (for security reasons - do not forget that anyone can access your proxy)
26 
 */
27 
define('CSAJAX_FILTER_DOMAIN', true);
28 
/**
29 
 * Enables or disables Expect: 100-continue header. Some webservers don't
30 
 * handle this header correctly.
31 
 * Recommended value: false
32 
 */
33 
define('CSAJAX_SUPPRESS_EXPECT', false);
34 
/**
35 
 * Set debugging to true to receive additional messages - really helpful on development
36 
 */
37 
define('CSAJAX_DEBUG', false);
38 
/**
39 
 * A set of valid cross domain requests
40 
 */
41 
$valid_requests = array(
42 
		'api.ebay.com',
43 
		'open.api.ebay.com',
44 
		'secure.shippingapis.com',
45 
		'muna-trading.myshopify.com',
46 
		'svcs.ebay.com',
47 
		'api.discogs.com',
48 
		'onlinetools.ups.com'
49 
);
50 
/**
51 
 * Set extra multiple options for cURL
52 
 * Could be used to define CURLOPT_SSL_VERIFYPEER & CURLOPT_SSL_VERIFYHOST for HTTPS
53 
 * Also to overwrite any other options without changing the code
54 
 * See http://php.net/manual/en/function.curl-setopt-array.php
55 
 */
56 
$curl_options = array(
57 
    // CURLOPT_SSL_VERIFYPEER => false,
58 
    // CURLOPT_SSL_VERIFYHOST => 2,
59 
);
4 - 60 
/**
61 
 * Decode POST parameters after building the http array. Send Header X-DECODE-PARAMS
62 
 */
19 - 63 
$decodeFlag = false;
32 - 64 
/**
65 
 * Do not decode X-Proxy-Url. Send Header X-LEAVE-ENCODED
66 
 */
67 
$leaveEncodedFlag = false;
68 
 
2 - 69 
/* * * STOP EDITING HERE UNLESS YOU KNOW WHAT YOU ARE DOING * * */
70 
// identify request headers
71 
$request_headers = array( );
72 
foreach ($_SERVER as $key => $value) {
73 
    if (strpos($key, 'HTTP_') === 0  ||  strpos($key, 'CONTENT_') === 0) {
74 
        $headername = str_replace('_', ' ', str_replace('HTTP_', '', $key));
75 
        $headername = str_replace(' ', '-', ucwords(strtolower($headername)));
76 
        if (!in_array($headername, array( 'Host', 'X-Proxy-Url' ))) {
77 
        	if ($headername == "X-Authorization") {
78 
        		$headername = "Authorization";
4 - 79 
        	} else if ($headername == "X-Decode-Params") {
80 
                $decodeFlag = true;
81 
                continue;
32 - 82 
        	} else if ($headername == "X-Leave-Encoded") {
83 
                $leaveEncodedFlag = true;
84 
                continue;
2 - 85 
        	}
83 - 86 
 
87 
            $value = authReplace($value);
88 
 
2 - 89 
            $request_headers[] = "$headername: $value";
90 
        }
91 
    }
92 
}
93 
// identify request method, url and params
94 
$request_method = $_SERVER['REQUEST_METHOD'];
95 
if ('GET' == $request_method) {
96 
    $request_params = $_GET;
97 
} elseif ('POST' == $request_method) {
98 
    $request_params = $_POST;
99 
    if (empty($request_params)) {
100 
        $data = file_get_contents('php://input');
101 
        if (!empty($data)) {
102 
            $request_params = $data;
103 
        }
104 
    }
105 
} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {
106 
    $request_params = file_get_contents('php://input');
107 
} else {
108 
    $request_params = null;
109 
}
110 
// Get URL from `csurl` in GET or POST data, before falling back to X-Proxy-URL header.
111 
if (isset($_REQUEST['csurl'])) {
112 
    $request_url = urldecode($_REQUEST['csurl']);
113 
} elseif (isset($_SERVER['HTTP_X_PROXY_URL'])) {
32 - 114 
    if ($leaveEncodedFlag) {
115 
        $request_url = $_SERVER['HTTP_X_PROXY_URL'];
116 
    } else {
117 
        $request_url = urldecode($_SERVER['HTTP_X_PROXY_URL']);
118 
    }
2 - 119 
} else {
120 
    header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
121 
    header('Status: 404 Not Found');
122 
    $_SERVER['REDIRECT_STATUS'] = 404;
123 
    exit;
124 
}
75 - 125 
 
83 - 126 
$request_url = authReplace($request_url);
75 - 127 
 
2 - 128 
$p_request_url = parse_url($request_url);
129 
// csurl may exist in GET request methods
130 
if (is_array($request_params) && array_key_exists('csurl', $request_params)) {
131 
    unset($request_params['csurl']);
132 
}
133 
// ignore requests for proxy :)
134 
if (preg_match('!' . $_SERVER['SCRIPT_NAME'] . '!', $request_url) || empty($request_url) || count($p_request_url) == 1) {
135 
    csajax_debug_message('Invalid request - make sure that csurl variable is not empty');
136 
    exit;
137 
}
138 
// check against valid requests
139 
if (CSAJAX_FILTERS) {
140 
    $parsed = $p_request_url;
141 
    if (CSAJAX_FILTER_DOMAIN) {
142 
        if (!in_array($parsed['host'], $valid_requests)) {
143 
            csajax_debug_message('Invalid domain - ' . $parsed['host'] . ' is not included in valid requests');
144 
            exit;
145 
        }
146 
    } else {
147 
        $check_url = isset($parsed['scheme']) ? $parsed['scheme'] . '://' : '';
148 
        $check_url .= isset($parsed['user']) ? $parsed['user'] . ($parsed['pass'] ? ':' . $parsed['pass'] : '') . '@' : '';
149 
        $check_url .= isset($parsed['host']) ? $parsed['host'] : '';
150 
        $check_url .= isset($parsed['port']) ? ':' . $parsed['port'] : '';
151 
        $check_url .= isset($parsed['path']) ? $parsed['path'] : '';
152 
        if (!in_array($check_url, $valid_requests)) {
153 
            csajax_debug_message('Invalid url - ' . $request_url . ' does not included in valid requests');
154 
            exit;
155 
        }
156 
    }
157 
}
158 
// append query string for GET requests
159 
if ($request_method == 'GET' && count($request_params) > 0 && (!array_key_exists('query', $p_request_url) || empty($p_request_url['query']))) {
160 
    $request_url .= '?' . http_build_query($request_params);
161 
}
162 
// let the request begin
163 
$ch = curl_init($request_url);
164 
// Suppress Expect header
165 
if (CSAJAX_SUPPRESS_EXPECT) {
166 
    array_push($request_headers, 'Expect:');
167 
}
168 
curl_setopt($ch, CURLOPT_HTTPHEADER, $request_headers);   // (re-)send headers
169 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);     // return response
170 
curl_setopt($ch, CURLOPT_HEADER, true);       // enabled response headers
171 
// add data for POST, PUT or DELETE requests
172 
if ('POST' == $request_method) {
4 - 173 
    $post_data = is_array($request_params) ? http_build_query($request_params) : $request_params;
87 - 174 
    $post_data = authReplace($post_data);
2 - 175 
    curl_setopt($ch, CURLOPT_POST, true);
4 - 176 
    if ($decodeFlag) {
177 
      curl_setopt($ch, CURLOPT_POSTFIELDS, urldecode($post_data));
178 
    } else {
179 
      curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
180 
    }
2 - 181 
} elseif ('PUT' == $request_method || 'DELETE' == $request_method) {
182 
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $request_method);
183 
    curl_setopt($ch, CURLOPT_POSTFIELDS, $request_params);
184 
}
185 
// Set multiple options for curl according to configuration
186 
if (is_array($curl_options) && 0 <= count($curl_options)) {
187 
    curl_setopt_array($ch, $curl_options);
188 
}
189 
// retrieve response (headers and content)
190 
$response = curl_exec($ch);
191 
curl_close($ch);
192 
 
19 - 193 
// delete 100 Continue headers
194 
$delimiter = "\r\n\r\n"; // HTTP header delimiter
195 
// check if the 100 Continue header exists
196 
while ( preg_match('#^HTTP/[0-9\\.]+\s+100\s+Continue#i',$response) ) {
197 
    $tmp = explode($delimiter,$response,2); // grab the 100 Continue header
198 
    $response = $tmp[1]; // update the response, purging the most recent 100 Continue header
2 - 199 
}
200 
 
201 
// split response to header and content
149 - 202 
list($response_headers, $response_content) = array_pad(preg_split('/(\r\n){2}/', $response, 2), 2, "");
2 - 203 
// (re-)send the headers
204 
$response_headers = preg_split('/(\r\n){1}/', $response_headers);
205 
foreach ($response_headers as $key => $response_header) {
206 
    // Rewrite the `Location` header, so clients will also use the proxy for redirects.
207 
    if (preg_match('/^Location:/', $response_header)) {
208 
        list($header, $value) = preg_split('/: /', $response_header, 2);
209 
        $response_header = 'Location: ' . $_SERVER['REQUEST_URI'] . '?csurl=' . $value;
210 
    }
211 
    if (!preg_match('/^(Transfer-Encoding):/', $response_header)) {
212 
        header($response_header, false);
213 
    }
214 
}
215 
 
19 - 216 
// Debug File proxy.log
217 
if (true == CSAJAX_DEBUG) {
218 
  $h = fopen("proxy.log", "a");
219 
  fwrite($h, "Request URL: " . $request_url . "\n");
220 
  fwrite($h, "Request Headers: " . print_r($request_headers, TRUE));
221 
  fwrite($h, "Request Method: " . $request_method . "\n");
222 
  if ('POST' == $request_method) {
223 
    fwrite($h, "Post Params: " . $post_data . "\n");
224 
  } elseif ('PUT' == $request_method || 'DELETE' == $request_method) {
225 
    fwrite($h, "Request Params: " . print_r($request_params, true) . "\n");
226 
  }
227 
  fwrite($h, "Return: " . $response . "\n");
228 
  fwrite($h, "Response Headers: " . print_r($response_headers, TRUE));
229 
  fwrite($h, "Response Content: " . $response_content . "\n");
230 
  fwrite($h, "\n");
231 
  fclose($h);
232 
}
2 - 233 
 
19 - 234 
// finally, output the content
2 - 235 
print($response_content);
236 
 
83 - 237 
// insert authorization
238 
function authReplace($str) {
87 - 239 
    $str = str_replace('XxXRuNamexxxxxxxxxxxxxxxxxxxxxxx', 'Uwe_Jacobs-UweJacob-MUNATr-jwkrg', $str);
83 - 240 
    $str = str_replace('XxXAppid', 'UweJacob-MUNATrad-PRD-d132041a0-85284729', $str);
241 
    $str = str_replace('XxXDevid', '00fd6fda-3751-4095-b733-3899b20431ad', $str);
242 
    $str = str_replace('XxXCertid', 'PRD-132041a078aa-1ee6-4300-9454-6c5b', $str);
85 - 243 
    $str = str_replace('XxXDiscogsToken', 'zFvVdCdHTtQnDHCxEFTJiBhalyHFUsjdyFPCjbqP', $str);
83 - 244 
    $str = str_replace('XxXUSPSUserId', '275MUNAT7574', $str);
245 
    $str = str_replace('XxXShopifyApiKey', '41f0d3bf0e8e114496b198938996d9d8', $str);
246 
    $str = str_replace('XxXShopifyPassword', 'f169694c488f45ccf187c92676765889', $str);
247 
    $str = str_replace('XxXUPSAccessKey', 'DD53C5F37DF74D28', $str);
248 
    $str = str_replace('XxXUPSUsername', 'muna_trading', $str);
249 
    $str = str_replace('XxXUPSPassword', 'ZX83tbf!w7', $str);
250 
    $str = str_replace('XxXAuthorization', base64_encode('UweJacob-MUNATrad-PRD-d132041a0-85284729' . ':' . 'PRD-132041a078aa-1ee6-4300-9454-6c5b'), $str);
251 
 
252 
    return($str);
253 
}
2 - 254 
function csajax_debug_message($message)
255 
{
256 
    if (true == CSAJAX_DEBUG) {
257 
        print $message . PHP_EOL;
258 
    }
3 - 259 
}