vendor/shopware/platform/src/Storefront/Framework/Routing/StorefrontSubscriber.php line 353

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Framework\Routing;
  5. use Shopware\Core\Checkout\Cart\Exception\CustomerNotLoggedInException;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLogoutEvent;
  8. use Shopware\Core\Content\Seo\HreflangLoaderInterface;
  9. use Shopware\Core\Content\Seo\HreflangLoaderParameter;
  10. use Shopware\Core\Framework\App\ActiveAppsLoader;
  11. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  12. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  13. use Shopware\Core\Framework\Event\BeforeSendResponseEvent;
  14. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  15. use Shopware\Core\Framework\Routing\Event\SalesChannelContextResolvedEvent;
  16. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  17. use Shopware\Core\Framework\Util\Random;
  18. use Shopware\Core\PlatformRequest;
  19. use Shopware\Core\SalesChannelRequest;
  20. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceInterface;
  21. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceParameters;
  22. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  23. use Shopware\Core\System\SystemConfig\SystemConfigService;
  24. use Shopware\Storefront\Controller\ErrorController;
  25. use Shopware\Storefront\Event\StorefrontRenderEvent;
  26. use Shopware\Storefront\Framework\Csrf\CsrfPlaceholderHandler;
  27. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  28. use Symfony\Component\HttpFoundation\RedirectResponse;
  29. use Symfony\Component\HttpFoundation\RequestStack;
  30. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  31. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  32. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  33. use Symfony\Component\HttpKernel\Event\RequestEvent;
  34. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  35. use Symfony\Component\HttpKernel\KernelEvents;
  36. use Symfony\Component\Routing\RouterInterface;
  38. class StorefrontSubscriber implements EventSubscriberInterface
  39. {
  40.     /**
  41.      * @var RequestStack
  42.      */
  43.     private $requestStack;
  45.     /**
  46.      * @var RouterInterface
  47.      */
  48.     private $router;
  50.     /**
  51.      * @var ErrorController
  52.      */
  53.     private $errorController;
  55.     /**
  56.      * @var SalesChannelContextServiceInterface
  57.      */
  58.     private $contextService;
  60.     /**
  61.      * @var bool
  62.      */
  63.     private $kernelDebug;
  65.     /**
  66.      * @var CsrfPlaceholderHandler
  67.      */
  68.     private $csrfPlaceholderHandler;
  70.     /**
  71.      * @var MaintenanceModeResolver
  72.      */
  73.     private $maintenanceModeResolver;
  75.     /**
  76.      * @var HreflangLoaderInterface
  77.      */
  78.     private $hreflangLoader;
  80.     /**
  81.      * @var ShopIdProvider
  82.      */
  83.     private $shopIdProvider;
  85.     /**
  86.      * @var ActiveAppsLoader
  87.      */
  88.     private $activeAppsLoader;
  90.     /**
  91.      * @var SystemConfigService
  92.      */
  93.     private $systemConfigService;
  95.     public function __construct(
  96.         RequestStack $requestStack,
  97.         RouterInterface $router,
  98.         ErrorController $errorController,
  99.         SalesChannelContextServiceInterface $contextService,
  100.         CsrfPlaceholderHandler $csrfPlaceholderHandler,
  101.         HreflangLoaderInterface $hreflangLoader,
  102.         bool $kernelDebug,
  103.         MaintenanceModeResolver $maintenanceModeResolver,
  104.         ShopIdProvider $shopIdProvider,
  105.         ActiveAppsLoader $activeAppsLoader,
  106.         SystemConfigService $systemConfigService
  107.     ) {
  108.         $this->requestStack $requestStack;
  109.         $this->router $router;
  110.         $this->errorController $errorController;
  111.         $this->contextService $contextService;
  112.         $this->kernelDebug $kernelDebug;
  113.         $this->csrfPlaceholderHandler $csrfPlaceholderHandler;
  114.         $this->maintenanceModeResolver $maintenanceModeResolver;
  115.         $this->hreflangLoader $hreflangLoader;
  116.         $this->shopIdProvider $shopIdProvider;
  117.         $this->activeAppsLoader $activeAppsLoader;
  118.         $this->systemConfigService $systemConfigService;
  119.     }
  121.     public static function getSubscribedEvents(): array
  122.     {
  123.         return [
  124.             KernelEvents::REQUEST => [
  125.                 ['startSession'40],
  126.                 ['maintenanceResolver'],
  127.             ],
  128.             KernelEvents::EXCEPTION => [
  129.                 ['showHtmlExceptionResponse', -100],
  130.                 ['customerNotLoggedInHandler'],
  131.                 ['maintenanceResolver'],
  132.             ],
  133.             KernelEvents::CONTROLLER => [
  134.                 ['preventPageLoadingFromXmlHttpRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  135.             ],
  136.             CustomerLoginEvent::class => [
  137.                 'updateSessionAfterLogin',
  138.             ],
  139.             CustomerLogoutEvent::class => [
  140.                 'updateSessionAfterLogout',
  141.             ],
  142.             BeforeSendResponseEvent::class => [
  143.                 ['replaceCsrfToken'],
  144.                 ['setCanonicalUrl'],
  145.             ],
  146.             StorefrontRenderEvent::class => [
  147.                 ['addHreflang'],
  148.                 ['addShopIdParameter'],
  149.             ],
  150.             SalesChannelContextResolvedEvent::class => [
  151.                 ['replaceContextToken'],
  152.             ],
  153.         ];
  154.     }
  156.     public function startSession(): void
  157.     {
  158.         $master $this->requestStack->getMasterRequest();
  160.         if (!$master) {
  161.             return;
  162.         }
  163.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  164.             return;
  165.         }
  167.         if (!$master->hasSession()) {
  168.             return;
  169.         }
  171.         $session $master->getSession();
  172.         $applicationId $master->attributes->get(PlatformRequest::ATTRIBUTE_OAUTH_CLIENT_ID);
  174.         if (!$session->isStarted()) {
  175.             $session->setName('session-' $applicationId);
  176.             $session->start();
  177.             $session->set('sessionId'$session->getId());
  178.         }
  180.         $salesChannelId $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  181.         if ($salesChannelId === null) {
  182.             /** @var SalesChannelContext|null $salesChannelContext */
  183.             $salesChannelContext $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  184.             if ($salesChannelContext !== null) {
  185.                 $salesChannelId $salesChannelContext->getSalesChannel()->getId();
  186.             }
  187.         }
  189.         if ($this->shouldRenewToken($session$salesChannelId)) {
  190.             $token Random::getAlphanumericString(32);
  191.             $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  192.             $session->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  193.         }
  195.         $master->headers->set(
  196.             PlatformRequest::HEADER_CONTEXT_TOKEN,
  197.             $session->get(PlatformRequest::HEADER_CONTEXT_TOKEN)
  198.         );
  199.     }
  201.     public function updateSessionAfterLogin(CustomerLoginEvent $event): void
  202.     {
  203.         $token $event->getContextToken();
  205.         $this->updateSession($token);
  206.     }
  208.     public function updateSessionAfterLogout(): void
  209.     {
  210.         $newToken Random::getAlphanumericString(32);
  212.         $this->updateSession($newTokentrue);
  213.     }
  215.     public function updateSession(string $tokenbool $destroyOldSession false): void
  216.     {
  217.         $master $this->requestStack->getMasterRequest();
  218.         if (!$master) {
  219.             return;
  220.         }
  221.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  222.             return;
  223.         }
  225.         if (!$master->hasSession()) {
  226.             return;
  227.         }
  229.         $session $master->getSession();
  230.         $session->migrate($destroyOldSession);
  231.         $session->set('sessionId'$session->getId());
  233.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  234.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  235.     }
  237.     public function showHtmlExceptionResponse(ExceptionEvent $event): void
  238.     {
  239.         if ($this->kernelDebug) {
  240.             return;
  241.         }
  243.         if (!$event->getRequest()->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  244.             //When no saleschannel context is resolved, we need to resolve it now.
  245.             $this->setSalesChannelContext($event);
  246.         }
  248.         if ($event->getRequest()->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  249.             $event->stopPropagation();
  250.             $response $this->errorController->error(
  251.                 $event->getThrowable(),
  252.                 $this->requestStack->getMasterRequest(),
  253.                 $event->getRequest()->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)
  254.             );
  255.             $event->setResponse($response);
  256.         }
  257.     }
  259.     public function customerNotLoggedInHandler(ExceptionEvent $event): void
  260.     {
  261.         if (!$event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  262.             return;
  263.         }
  265.         if (!$event->getThrowable() instanceof CustomerNotLoggedInException) {
  266.             return;
  267.         }
  269.         $request $event->getRequest();
  271.         $parameters = [
  272.             'redirectTo' => $request->attributes->get('_route'),
  273.             'redirectParameters' => json_encode($request->attributes->get('_route_params')),
  274.         ];
  276.         $redirectResponse = new RedirectResponse($this->router->generate('frontend.account.login.page'$parameters));
  278.         $event->setResponse($redirectResponse);
  279.     }
  281.     public function maintenanceResolver(RequestEvent $event): void
  282.     {
  283.         if ($this->maintenanceModeResolver->shouldRedirect($event->getRequest())) {
  284.             $event->setResponse(
  285.                 new RedirectResponse(
  286.                     $this->router->generate('frontend.maintenance.page'),
  287.                     RedirectResponse::HTTP_TEMPORARY_REDIRECT
  288.                 )
  289.             );
  290.         }
  291.     }
  293.     public function preventPageLoadingFromXmlHttpRequest(ControllerEvent $event): void
  294.     {
  295.         if (!$event->getRequest()->isXmlHttpRequest()) {
  296.             return;
  297.         }
  299.         /** @var RouteScope $scope */
  300.         $scope $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, new RouteScope(['scopes' => []]));
  301.         if (!$scope->hasScope(StorefrontRouteScope::ID)) {
  302.             return;
  303.         }
  305.         $controller $event->getController();
  307.         // happens if Controller is a closure
  308.         if (!\is_array($controller)) {
  309.             return;
  310.         }
  312.         $isAllowed $event->getRequest()->attributes->getBoolean('XmlHttpRequest'false);
  314.         if ($isAllowed) {
  315.             return;
  316.         }
  318.         throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
  319.     }
  321.     // used to switch session token - when the context token expired
  322.     public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
  323.     {
  324.         $context $event->getSalesChannelContext();
  326.         // only update session if token expired and switched
  327.         if ($event->getUsedToken() === $context->getToken()) {
  328.             return;
  329.         }
  331.         $this->updateSession($context->getToken());
  332.     }
  334.     public function setCanonicalUrl(BeforeSendResponseEvent $event): void
  335.     {
  336.         if (!$event->getResponse()->isSuccessful()) {
  337.             return;
  338.         }
  340.         if ($canonical $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_CANONICAL_LINK)) {
  341.             $canonical sprintf('<%s>; rel="canonical"'$canonical);
  342.             $event->getResponse()->headers->set('Link'$canonical);
  343.         }
  344.     }
  346.     public function replaceCsrfToken(BeforeSendResponseEvent $event): void
  347.     {
  348.         $event->setResponse(
  349.             $this->csrfPlaceholderHandler->replaceCsrfToken($event->getResponse(), $event->getRequest())
  350.         );
  351.     }
  353.     public function addHreflang(StorefrontRenderEvent $event): void
  354.     {
  355.         $request $event->getRequest();
  356.         $route $request->attributes->get('_route');
  358.         if ($route === null) {
  359.             return;
  360.         }
  362.         $routeParams $request->attributes->get('_route_params', []);
  363.         $salesChannelContext $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  364.         $parameter = new HreflangLoaderParameter($route$routeParams$salesChannelContext);
  365.         $event->setParameter('hrefLang'$this->hreflangLoader->load($parameter));
  366.     }
  368.     public function addShopIdParameter(StorefrontRenderEvent $event): void
  369.     {
  370.         if (!$this->activeAppsLoader->getActiveApps()) {
  371.             return;
  372.         }
  374.         try {
  375.             $shopId $this->shopIdProvider->getShopId();
  376.         } catch (AppUrlChangeDetectedException $e) {
  377.             return;
  378.         }
  380.         $event->setParameter('appShopId'$shopId);
  381.     }
  383.     private function setSalesChannelContext(ExceptionEvent $event): void
  384.     {
  385.         $contextToken = (string) $event->getRequest()->headers->get(PlatformRequest::HEADER_CONTEXT_TOKEN);
  386.         $salesChannelId = (string) $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  388.         $context $this->contextService->get(
  389.             new SalesChannelContextServiceParameters(
  390.                 $salesChannelId,
  391.                 $contextToken,
  392.                 $event->getRequest()->headers->get(PlatformRequest::HEADER_LANGUAGE_ID),
  393.                 $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_DOMAIN_CURRENCY_ID),
  394.                 $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_DOMAIN_ID)
  395.             )
  396.         );
  398.         $event->getRequest()->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT$context);
  399.     }
  401.     private function shouldRenewToken(SessionInterface $session, ?string $salesChannelId null): bool
  402.     {
  403.         if (!$session->has(PlatformRequest::HEADER_CONTEXT_TOKEN) || $salesChannelId === null) {
  404.             return true;
  405.         }
  407.         if ($this->systemConfigService->get('core.systemWideLoginRegistration.isCustomerBoundToSalesChannel')) {
  408.             return $session->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID) !== $salesChannelId;
  409.         }
  411.         return false;
  412.     }
  413. }