1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 

<?php
/* 
 * Copyright 2017 Jack Sleight <http://jacksleight.com/>
 * This source file is subject to the MIT license that is bundled with this package in the file LICENCE. 
 */

namespace Coast;

use Coast\App\Access;
use Coast\App\Executable;
use Coast\Request;
use Coast\Response;
use Coast\Url;

class Csp implements Access, Executable
{
    use Access\Implementation;
    use Executable\Implementation;

    protected $_nonce;

    protected $_isReportOnly = false;

    protected $_reportUrl;

    protected $_groups = [];

    protected $_directives = [];

    public function __construct(array $options = array())
    {
        foreach ($options as $name => $value) {
            if ($name[0] == '_') {
                throw new \Coast\Exception("Access to '{$name}' is prohibited");  
            }
            $this->$name($value);
        }
    }

    public function reportUrl(Url $reportUrl = null)
    {
        if (func_num_args() > 0) {
            $this->_reportUrl = $reportUrl;
            return $this;
        }
        return $this->_reportUrl;
    }

    public function isReportOnly($isReportOnly = null)
    {
        if (func_num_args() > 0) {
            $this->_isReportOnly = (bool) $isReportOnly;
            return $this;
        }
        return $this->_isReportOnly;
    }

    public function group($name, $value = null)
    {
        if (func_num_args() > 1) {
            $this->_groups[$name] = $value;
            return $this;
        }
        return $this->_groups[$name];
    }

    public function groups(array $groups = null)
    {
        if (func_num_args() > 0) {
            foreach ($groups as $name => $value) {
                $this->group($name, $value);
            }
            return $this;
        }
        return $this->_groups;
    }

    public function directive($name, $value = null)
    {
        if (func_num_args() > 1) {
            $this->_directives[$name] = $value;
            return $this;
        }
        return $this->_directives[$name];
    }

    public function directives(array $directives = null)
    {
        if (func_num_args() > 0) {
            foreach ($directives as $name => $value) {
                $this->directive($name, $value);
            }
            return $this;
        }
        return $this->_directives;
    }

    public function groupSource($group, $value)
    {
        $this->_groups[$group][] = $value;
        return $this;
    }

    public function groupSources($group, array $values)
    {
        foreach ($values as $value) {
            $this->groupSource($group, $value);
        }
        return $this;
    }

    public function directiveSource($directive, $value)
    {
        $this->_directives[$directive][] = $value;
        return $this;
    }

    public function directiveSources($directive, array $values)
    {
        foreach ($values as $value) {
            $this->directiveSource($directive, $value);
        }
        return $this;
    }

    public function nonce()
    {
        if (!isset($this->_nonce)) {
            $this->_nonce = \Coast\pseudo_random();
        }
        return $this->_nonce;
    }

    public function toString()
    {
        $parts = [];
        foreach ($this->_directives as $name => $sources) {
            $parts[] = "{$name} {$this->_parseSources($sources)}";
        }
        if (isset($this->_reportUrl)) {
            $parts[] = "report-uri {$this->_reportUrl}";
        }
        return implode('; ', $parts);
    }

    protected function _parseSources(array $sources)
    {
        if (!is_array($sources)) {
            $sources = [$sources];
        } 

        $parts = [];
        foreach ($sources as $i => $value) {
            if (!is_array($value) && isset($this->_groups[$value])) {
                $value = $this->_groups[$value];
            }
            if (is_array($value)) {
                $value = $this->_parseSources($value);
            } else if (preg_match('/^(none|self|unsafe-inline|unsafe-eval|(nonce|sha256|sha384|sha512)-.+)$/i', $value)) {
                $value = "'{$value}'";
            } else if ($value == 'nonce') {
                $value = "'nonce-{$this->nonce()}'";
            }
            $parts[] = $value;
        }

        return implode(' ', $parts);
    }

    public function postExecute(Request $req, Response $res)
    {
        $header = $this->_isReportOnly
            ? 'Content-Security-Policy-Report-Only'
            : 'Content-Security-Policy';
        $res->header($header, $this->toString());
    }

    public function __toString()
    {
        return $this->toString();
    }

    public function __invoke()
    {
        return $this->toString();
    }
}