vendor/shopware/storefront/Framework/Routing/StorefrontSubscriber.php line 349

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Framework\Routing;
  5. use Shopware\Core\Checkout\Cart\Exception\CustomerNotLoggedInException;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLogoutEvent;
  8. use Shopware\Core\Content\Seo\HreflangLoaderInterface;
  9. use Shopware\Core\Content\Seo\HreflangLoaderParameter;
  10. use Shopware\Core\Framework\App\ActiveAppsLoader;
  11. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  12. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  13. use Shopware\Core\Framework\Event\BeforeSendResponseEvent;
  14. use Shopware\Core\Framework\Feature;
  15. use Shopware\Core\Framework\Log\Package;
  16. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  17. use Shopware\Core\Framework\Routing\Event\SalesChannelContextResolvedEvent;
  18. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  19. use Shopware\Core\Framework\Util\Random;
  20. use Shopware\Core\PlatformRequest;
  21. use Shopware\Core\SalesChannelRequest;
  22. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  23. use Shopware\Core\System\SystemConfig\SystemConfigService;
  24. use Shopware\Storefront\Event\StorefrontRenderEvent;
  25. use Shopware\Storefront\Framework\Csrf\CsrfPlaceholderHandler;
  26. use Shopware\Storefront\Framework\Routing\NotFound\NotFoundSubscriber;
  27. use Shopware\Storefront\Theme\StorefrontPluginRegistryInterface;
  28. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  29. use Symfony\Component\HttpFoundation\RedirectResponse;
  30. use Symfony\Component\HttpFoundation\RequestStack;
  31. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  32. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  33. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  34. use Symfony\Component\HttpKernel\Event\RequestEvent;
  35. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  36. use Symfony\Component\HttpKernel\KernelEvents;
  37. use Symfony\Component\Routing\RouterInterface;
  39. /**
  40. * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  41. */
  42. #[Package('storefront')]
  43. class StorefrontSubscriber implements EventSubscriberInterface
  44. {
  45. private RequestStack $requestStack;
  47. private RouterInterface $router;
  49. private CsrfPlaceholderHandler $csrfPlaceholderHandler;
  51. private MaintenanceModeResolver $maintenanceModeResolver;
  53. private HreflangLoaderInterface $hreflangLoader;
  55. private ShopIdProvider $shopIdProvider;
  57. private ActiveAppsLoader $activeAppsLoader;
  59. private SystemConfigService $systemConfigService;
  61. private StorefrontPluginRegistryInterface $themeRegistry;
  63. private NotFoundSubscriber $notFoundSubscriber;
  65. /**
  66. * @internal
  67. */
  68. public function __construct(
  69. RequestStack $requestStack,
  70. RouterInterface $router,
  71. CsrfPlaceholderHandler $csrfPlaceholderHandler,
  72. HreflangLoaderInterface $hreflangLoader,
  73. MaintenanceModeResolver $maintenanceModeResolver,
  74. ShopIdProvider $shopIdProvider,
  75. ActiveAppsLoader $activeAppsLoader,
  76. SystemConfigService $systemConfigService,
  77. StorefrontPluginRegistryInterface $themeRegistry,
  78. NotFoundSubscriber $notFoundSubscriber
  79. ) {
  80. $this->requestStack = $requestStack;
  81. $this->router = $router;
  82. $this->csrfPlaceholderHandler = $csrfPlaceholderHandler;
  83. $this->maintenanceModeResolver = $maintenanceModeResolver;
  84. $this->hreflangLoader = $hreflangLoader;
  85. $this->shopIdProvider = $shopIdProvider;
  86. $this->activeAppsLoader = $activeAppsLoader;
  87. $this->systemConfigService = $systemConfigService;
  88. $this->themeRegistry = $themeRegistry;
  89. $this->notFoundSubscriber = $notFoundSubscriber;
  90. }
  92. public static function getSubscribedEvents(): array
  93. {
  94. if (Feature::isActive('v6.5.0.0')) {
  95. return [
  96. KernelEvents::REQUEST => [
  97. ['startSession', 40],
  98. ['maintenanceResolver'],
  99. ],
  100. KernelEvents::EXCEPTION => [
  101. ['customerNotLoggedInHandler'],
  102. ['maintenanceResolver'],
  103. ],
  104. KernelEvents::CONTROLLER => [
  105. ['preventPageLoadingFromXmlHttpRequest', KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  106. ],
  107. CustomerLoginEvent::class => [
  108. 'updateSessionAfterLogin',
  109. ],
  110. CustomerLogoutEvent::class => [
  111. 'updateSessionAfterLogout',
  112. ],
  113. BeforeSendResponseEvent::class => [
  114. ['setCanonicalUrl'],
  115. ],
  116. StorefrontRenderEvent::class => [
  117. ['addHreflang'],
  118. ['addShopIdParameter'],
  119. ['addIconSetConfig'],
  120. ],
  121. SalesChannelContextResolvedEvent::class => [
  122. ['replaceContextToken'],
  123. ],
  124. ];
  125. }
  127. return [
  128. KernelEvents::REQUEST => [
  129. ['startSession', 40],
  130. ['maintenanceResolver'],
  131. ],
  132. KernelEvents::EXCEPTION => [
  133. ['showHtmlExceptionResponse', -100],
  134. ['customerNotLoggedInHandler'],
  135. ['maintenanceResolver'],
  136. ],
  137. KernelEvents::CONTROLLER => [
  138. ['preventPageLoadingFromXmlHttpRequest', KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  139. ],
  140. CustomerLoginEvent::class => [
  141. 'updateSessionAfterLogin',
  142. ],
  143. CustomerLogoutEvent::class => [
  144. 'updateSessionAfterLogout',
  145. ],
  146. BeforeSendResponseEvent::class => [
  147. ['replaceCsrfToken'],
  148. ['setCanonicalUrl'],
  149. ],
  150. StorefrontRenderEvent::class => [
  151. ['addHreflang'],
  152. ['addShopIdParameter'],
  153. ['addIconSetConfig'],
  154. ],
  155. SalesChannelContextResolvedEvent::class => [
  156. ['replaceContextToken'],
  157. ],
  158. ];
  159. }
  161. public function startSession(): void
  162. {
  163. $master = $this->requestStack->getMainRequest();
  165. if (!$master) {
  166. return;
  167. }
  168. if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  169. return;
  170. }
  172. if (!$master->hasSession()) {
  173. return;
  174. }
  176. $session = $master->getSession();
  178. if (!$session->isStarted()) {
  179. $session->setName('session-');
  180. $session->start();
  181. $session->set('sessionId', $session->getId());
  182. }
  184. $salesChannelId = $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  185. if ($salesChannelId === null) {
  186. /** @var SalesChannelContext|null $salesChannelContext */
  187. $salesChannelContext = $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  188. if ($salesChannelContext !== null) {
  189. $salesChannelId = $salesChannelContext->getSalesChannel()->getId();
  190. }
  191. }
  193. if ($this->shouldRenewToken($session, $salesChannelId)) {
  194. $token = Random::getAlphanumericString(32);
  195. $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN, $token);
  196. $session->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID, $salesChannelId);
  197. }
  199. $master->headers->set(
  200. PlatformRequest::HEADER_CONTEXT_TOKEN,
  201. $session->get(PlatformRequest::HEADER_CONTEXT_TOKEN)
  202. );
  203. }
  205. public function updateSessionAfterLogin(CustomerLoginEvent $event): void
  206. {
  207. $token = $event->getContextToken();
  209. $this->updateSession($token);
  210. }
  212. public function updateSessionAfterLogout(): void
  213. {
  214. $newToken = Random::getAlphanumericString(32);
  216. $this->updateSession($newToken, true);
  217. }
  219. public function updateSession(string $token, bool $destroyOldSession = false): void
  220. {
  221. $master = $this->requestStack->getMainRequest();
  222. if (!$master) {
  223. return;
  224. }
  225. if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  226. return;
  227. }
  229. if (!$master->hasSession()) {
  230. return;
  231. }
  233. $session = $master->getSession();
  234. $session->migrate($destroyOldSession);
  235. $session->set('sessionId', $session->getId());
  237. $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN, $token);
  238. $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN, $token);
  239. }
  241. /**
  242. * @deprecated tag:v6.5.0 - reason:remove-subscriber - Use `NotFoundSubscriber::onError` instead
  243. */
  244. public function showHtmlExceptionResponse(ExceptionEvent $event): void
  245. {
  246. $this->notFoundSubscriber->onError($event);
  247. }
  249. public function customerNotLoggedInHandler(ExceptionEvent $event): void
  250. {
  251. if (!$event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  252. return;
  253. }
  255. if (!$event->getThrowable() instanceof CustomerNotLoggedInException) {
  256. return;
  257. }
  259. $request = $event->getRequest();
  261. $parameters = [
  262. 'redirectTo' => $request->attributes->get('_route'),
  263. 'redirectParameters' => json_encode($request->attributes->get('_route_params')),
  264. ];
  266. $redirectResponse = new RedirectResponse($this->router->generate('frontend.account.login.page', $parameters));
  268. $event->setResponse($redirectResponse);
  269. }
  271. public function maintenanceResolver(RequestEvent $event): void
  272. {
  273. if ($this->maintenanceModeResolver->shouldRedirect($event->getRequest())) {
  274. $event->setResponse(
  275. new RedirectResponse(
  276. $this->router->generate('frontend.maintenance.page'),
  277. RedirectResponse::HTTP_TEMPORARY_REDIRECT
  278. )
  279. );
  280. }
  281. }
  283. public function preventPageLoadingFromXmlHttpRequest(ControllerEvent $event): void
  284. {
  285. if (!$event->getRequest()->isXmlHttpRequest()) {
  286. return;
  287. }
  289. /** @var RouteScope|list<string> $scope */
  290. $scope = $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  291. if ($scope instanceof RouteScope) {
  292. $scope = $scope->getScopes();
  293. }
  295. if (!\in_array(StorefrontRouteScope::ID, $scope, true)) {
  296. return;
  297. }
  299. $controller = $event->getController();
  301. // happens if Controller is a closure
  302. if (!\is_array($controller)) {
  303. return;
  304. }
  306. $isAllowed = $event->getRequest()->attributes->getBoolean('XmlHttpRequest', false);
  308. if ($isAllowed) {
  309. return;
  310. }
  312. throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
  313. }
  315. // used to switch session token - when the context token expired
  316. public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
  317. {
  318. $context = $event->getSalesChannelContext();
  320. // only update session if token expired and switched
  321. if ($event->getUsedToken() === $context->getToken()) {
  322. return;
  323. }
  325. $this->updateSession($context->getToken());
  326. }
  328. public function setCanonicalUrl(BeforeSendResponseEvent $event): void
  329. {
  330. if (!$event->getResponse()->isSuccessful()) {
  331. return;
  332. }
  334. if ($canonical = $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_CANONICAL_LINK)) {
  335. $canonical = sprintf('<%s>; rel="canonical"', $canonical);
  336. $event->getResponse()->headers->set('Link', $canonical);
  337. }
  338. }
  340. /**
  341. * @deprecated tag:v6.5.0 - replaceCsrfToken method will be removed as the csrf system will be removed in favor for the samesite approach
  342. */
  343. public function replaceCsrfToken(BeforeSendResponseEvent $event): void
  344. {
  345. if (Feature::isActive('v6.5.0.0')) {
  346. return;
  347. }
  349. Feature::triggerDeprecationOrThrow(
  350. 'v6.5.0.0',
  351. Feature::deprecatedMethodMessage(__CLASS__, __METHOD__, 'v6.5.0.0')
  352. );
  354. $event->setResponse(
  355. $this->csrfPlaceholderHandler->replaceCsrfToken($event->getResponse(), $event->getRequest())
  356. );
  357. }
  359. public function addHreflang(StorefrontRenderEvent $event): void
  360. {
  361. $request = $event->getRequest();
  362. $route = $request->attributes->get('_route');
  364. if ($route === null) {
  365. return;
  366. }
  368. $routeParams = $request->attributes->get('_route_params', []);
  369. $salesChannelContext = $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  370. $parameter = new HreflangLoaderParameter($route, $routeParams, $salesChannelContext);
  371. $event->setParameter('hrefLang', $this->hreflangLoader->load($parameter));
  372. }
  374. public function addShopIdParameter(StorefrontRenderEvent $event): void
  375. {
  376. if (!$this->activeAppsLoader->getActiveApps()) {
  377. return;
  378. }
  380. try {
  381. $shopId = $this->shopIdProvider->getShopId();
  382. } catch (AppUrlChangeDetectedException $e) {
  383. return;
  384. }
  386. $event->setParameter('appShopId', $shopId);
  387. }
  389. public function addIconSetConfig(StorefrontRenderEvent $event): void
  390. {
  391. $request = $event->getRequest();
  393. // get name if theme is not inherited
  394. $theme = $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_NAME);
  396. if (!$theme) {
  397. // get theme name from base theme because for inherited themes the name is always null
  398. $theme = $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_BASE_NAME);
  399. }
  401. if (!$theme) {
  402. return;
  403. }
  405. $themeConfig = $this->themeRegistry->getConfigurations()->getByTechnicalName($theme);
  407. if (!$themeConfig) {
  408. return;
  409. }
  411. $iconConfig = [];
  412. foreach ($themeConfig->getIconSets() as $pack => $path) {
  413. $iconConfig[$pack] = [
  414. 'path' => $path,
  415. 'namespace' => $theme,
  416. ];
  417. }
  419. $event->setParameter('themeIconConfig', $iconConfig);
  420. }
  422. private function shouldRenewToken(SessionInterface $session, ?string $salesChannelId = null): bool
  423. {
  424. if (!$session->has(PlatformRequest::HEADER_CONTEXT_TOKEN) || $salesChannelId === null) {
  425. return true;
  426. }
  428. if ($this->systemConfigService->get('core.systemWideLoginRegistration.isCustomerBoundToSalesChannel')) {
  429. return $session->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID) !== $salesChannelId;
  430. }
  432. return false;
  433. }
  434. }