I have an Angular application which comunicates with an external API. The API provides a JWT when logged in, so I dont want to store the token in localstorage or similar to prevent token hijacking. In order to make that I made a PHP proxy on the same server using curl. Here is the code:
public function proxy() {
$requestUri = preg_replace("/^\/proxy\//", "", $_SERVER["REQUEST_URI"]);
$apiUri = "------";
$fieldsStr = file_get_contents("php://input");
$fields = json_decode($fieldsStr, true);
$curl = (new Curl($apiUri . $requestUri))
->setHeader("Expect: 100-continue")
->setHeader("Accept: */*")
->setHeader("X-Forwarded-For: " . $_SERVER["REMOTE_ADDR"])
->setTimeout(10)
->setHeader("Content-Type: application/json")
->setPost($fields)
->setMethod($_SERVER["REQUEST_METHOD"]);
if (isset($_SESSION["token"])) {
$curl->setHeader("Authorization: " . $_SESSION["token"]);
} else {
}
$response = $curl->exec(true)->response;
if ($response->responseCode == 0) {
http_response_code(504);
} else {
http_response_code($response->responseCode);
}
header("Content-Type: " . $response->contentType);
if ($requestUri == "accounts/sessions") {
$data = json_decode($response->body);
if(isset($data->accessToken)) {
$_SESSION["token"] = $data->accessToken;
}
}
echo $response->body;
}
Here is the Curl Wrapper just in case:
class Curl {
private $url;
private $curl;
private $post;
private $headers;
private $isPost;
private $method;
public $response;
public function __construct($url) {
$this->url = $url;
$this->curl = curl_init();
$this->post = array();
$this->headers = array();
$this->isPost = true;
$this->response = null;
$this->method = "GET";
curl_setopt($this->curl, CURLOPT_URL, $this->url);
curl_setopt($this->curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
curl_setopt($this->curl, CURLOPT_ENCODING, '');
curl_setopt($this->curl, CURLOPT_CONNECTTIMEOUT,1);
curl_setopt($this->curl, CURLOPT_ENCODING, 'gzip');
}
public function setMethod($method) {
$this->method = $method;
return $this;
}
public function setPost($post) {
$this->isPost = true;
if (is_array($post)) {
$this->post = array_merge($this->post, $post);
} else {
$this->post[] = $post;
}
return $this;
}
public function setTimeout($seconds) {
curl_setopt($this->curl, CURLOPT_CONNECTTIMEOUT, 0);
curl_setopt($this->curl, CURLOPT_TIMEOUT, $seconds);
return $this;
}
public function setHeader($header) {
if (is_array($header)) {
$this->headers = array_merge($this->headers, $header);
} else {
$this->headers[] = $header;
}
return $this;
}
public function isPost($isPost) {
$this->isPost = $isPost;
return $this;
}
public function exec($postJsonEncode = false) {
if ($this->isPost) {
curl_setopt($this->curl, CURLOPT_POST, 1);
if ($postJsonEncode) {
curl_setopt($this->curl, CURLOPT_POSTFIELDS, json_encode($this->post));
} else {
curl_setopt($this->curl, CURLOPT_POSTFIELDS, $this->post);
}
}
if (count($this->headers) > 0) {
curl_setopt($this->curl, CURLOPT_HTTPHEADER, $this->headers);
}
curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($this->curl, CURLOPT_CUSTOMREQUEST, $this->method);
$response = curl_exec($this->curl);
$httpcode = curl_getinfo($this->curl, CURLINFO_HTTP_CODE);
$contentType = curl_getinfo($this->curl, CURLINFO_CONTENT_TYPE);
// var_dump(curl_getinfo($this->curl));
curl_close($this->curl);
$this->response = new CurlResponse($response, $httpcode, $contentType);
return $this;
}
}
class CurlResponse {
public $body;
public $responseCode;
public $contentType;
public function __construct($body, $responseCode, $contentType) {
$this->body = $body;
$this->responseCode = $responseCode;
$this->contentType = $contentType;
}
}
Everything works just fine but is VERY VERY slow pretransfer_time is 4 seconds. If I make ajax request directly to the API it take nothing 0.3 or something like that.
Can you tell me why is taking that much time or is there any better way to achieve that.
Thanks in advance.