From cb78d32a9afc52aa571de9d09f82179bd6475d61 Mon Sep 17 00:00:00 2001
From: Anne Jan Brouwer <brouwer@annejan.com>
Date: Mon, 4 Jul 2022 19:52:40 +0200
Subject: [PATCH] Size header (#142)

* Content-Length

* Header set always

* No compression
---
 app/Http/Kernel.php                      | 70 ++++++++++++++++--------
 app/Http/Middleware/AddContentLength.php | 55 +++++++++++++++++++
 composer.json                            |  2 +
 3 files changed, 104 insertions(+), 23 deletions(-)
 create mode 100644 app/Http/Middleware/AddContentLength.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index f71295c..706a943 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -4,7 +4,29 @@
 
 namespace App\Http;
 
+use App\Http\Middleware\AddContentLength;
+use App\Http\Middleware\AuthenticatorMiddleware;
+use App\Http\Middleware\EncryptCookies;
+use App\Http\Middleware\RedirectIfAuthenticated;
+use App\Http\Middleware\ShareMessagesFromSession;
+use App\Http\Middleware\TrimStrings;
+use App\Http\Middleware\VerifyCsrfToken;
+use Bepsvpt\SecureHeaders\SecureHeadersMiddleware;
+use Fruitcake\Cors\HandleCors;
+use Illuminate\Auth\Middleware\Authenticate;
+use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
+use Illuminate\Auth\Middleware\Authorize;
+use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
+use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
+use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
+use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
+use Illuminate\Routing\Middleware\SubstituteBindings;
+use Illuminate\Routing\Middleware\ThrottleRequests;
+use Illuminate\Session\Middleware\AuthenticateSession;
+use Illuminate\Session\Middleware\StartSession;
+use Illuminate\View\Middleware\ShareErrorsFromSession;
+use LaravelWebauthn\Http\Middleware\WebauthnMiddleware;
 use OpenApi\Annotations as OA;
 
 /**
@@ -80,12 +102,13 @@ class Kernel extends HttpKernel
      * @var array<string>
      */
     protected $middleware = [
-        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
-        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
-        \App\Http\Middleware\TrimStrings::class,
-        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
-        \Bepsvpt\SecureHeaders\SecureHeadersMiddleware::class,
-        \Fruitcake\Cors\HandleCors::class,
+        CheckForMaintenanceMode::class,
+        ValidatePostSize::class,
+        TrimStrings::class,
+        ConvertEmptyStringsToNull::class,
+        SecureHeadersMiddleware::class,
+        HandleCors::class,
+        AddContentLength::class
     ];
 
     /**
@@ -95,14 +118,14 @@ class Kernel extends HttpKernel
      */
     protected $middlewareGroups = [
         'web' => [
-            \App\Http\Middleware\EncryptCookies::class,
-            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
-            // \Illuminate\Session\Middleware\AuthenticateSession::class,
-            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\ShareMessagesFromSession::class,
+            EncryptCookies::class,
+            AddQueuedCookiesToResponse::class,
+            StartSession::class,
+            AuthenticateSession::class,
+            ShareErrorsFromSession::class,
+            VerifyCsrfToken::class,
+            SubstituteBindings::class,
+            ShareMessagesFromSession::class,
         ],
 
         'api' => [
@@ -119,20 +142,21 @@ class Kernel extends HttpKernel
      * @var array<string, string>
      */
     protected $routeMiddleware = [
-        'auth'       => \Illuminate\Auth\Middleware\Authenticate::class,
-        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
-        'bindings'   => \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        'can'        => \Illuminate\Auth\Middleware\Authorize::class,
-        'guest'      => \App\Http\Middleware\RedirectIfAuthenticated::class,
-        'throttle'   => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        '2fa'        => \App\Http\Middleware\AuthenticatorMiddleware::class,
-        'webauthn'   => \LaravelWebauthn\Http\Middleware\WebauthnMiddleware::class,
+        'auth'       => Authenticate::class,
+        'auth.basic' => AuthenticateWithBasicAuth::class,
+        'bindings'   => SubstituteBindings::class,
+        'can'        => Authorize::class,
+        'guest'      => RedirectIfAuthenticated::class,
+        'throttle'   => ThrottleRequests::class,
+        '2fa'        => AuthenticatorMiddleware::class,
+        'webauthn'   => WebauthnMiddleware::class,
     ];
 
     /**
      * Returns the version of the application by fetching and displaying the version.json file
      *
      * @return string URL
+     * @throws \JsonException
      */
     public static function applicationVersion(): string
     {
@@ -142,7 +166,7 @@ public static function applicationVersion(): string
             return 'Undefined';
         }
 
-        $versionData = json_decode($versionJson, true);
+        $versionData = json_decode($versionJson, true, 512, JSON_THROW_ON_ERROR);
         if (is_array($versionData) && array_key_exists('version', $versionData)) {
             return $versionData['version'];
         }
diff --git a/app/Http/Middleware/AddContentLength.php b/app/Http/Middleware/AddContentLength.php
new file mode 100644
index 0000000..65c07de
--- /dev/null
+++ b/app/Http/Middleware/AddContentLength.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class AddContentLength
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $response = $next($request);
+
+        // to be sure nothing was already output (by an echo statement or something)
+        if (headers_sent() || ob_get_contents() !== '') {
+            return $response;
+        }
+
+        // For now, we don't compress anything
+        ini_set('zlib.output_compression', '0');
+
+        $content = $response->content();
+        $contentLength = mb_strlen($content);
+//        $useCompressedOutput = ($contentLength && isset($_SERVER['HTTP_ACCEPT_ENCODING']) &&
+//            str_contains($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip'));
+//
+//        if ($useCompressedOutput) {
+//            // In order to accurately set Content-Length, we have to compress the data ourselves
+//            // rather than letting PHP do it automatically.
+//            $compressedContent = gzencode($content, 9, FORCE_GZIP);
+//            $compressedContentLength = mb_strlen($compressedContent);
+//            if ($compressedContentLength / $contentLength < 0.9) {
+//                if (ini_get('zlib.output_compression')) {
+//                    ini_set('zlib.output_compression', 'false');
+//                }
+//                $response->header('Content-Encoding', 'gzip');
+//                $response->setContent($compressedContent);
+//                $contentLength = $compressedContentLength;
+//            }
+//        }
+
+        // compressed or not, sets the Content-Length
+        $response->header('Content-Length', $contentLength);
+
+        return $response;
+    }
+}
diff --git a/composer.json b/composer.json
index 096521a..2c98b82 100644
--- a/composer.json
+++ b/composer.json
@@ -21,6 +21,8 @@
         "ext-gd": "*",
         "ext-gmp": "*",
         "ext-json": "*",
+        "ext-zlib": "*",
+        "ext-mbstring": "*",
         "asbiin/laravel-webauthn": "^2.0",
         "bacon/bacon-qr-code": "^2.0",
         "bepsvpt/secure-headers": "^7.2",