vendor/shopware/storefront/Framework/Routing/StorefrontSubscriber.php line 359

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Framework\Routing;
  5. use Shopware\Core\Checkout\Cart\Exception\CustomerNotLoggedInException;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLogoutEvent;
  8. use Shopware\Core\Content\Seo\HreflangLoaderInterface;
  9. use Shopware\Core\Content\Seo\HreflangLoaderParameter;
  10. use Shopware\Core\Framework\App\ActiveAppsLoader;
  11. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  12. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  13. use Shopware\Core\Framework\Event\BeforeSendResponseEvent;
  14. use Shopware\Core\Framework\Feature;
  15. use Shopware\Core\Framework\Log\Package;
  16. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  17. use Shopware\Core\Framework\Routing\Event\SalesChannelContextResolvedEvent;
  18. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  19. use Shopware\Core\Framework\Util\Random;
  20. use Shopware\Core\PlatformRequest;
  21. use Shopware\Core\SalesChannelRequest;
  22. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  23. use Shopware\Core\System\SystemConfig\SystemConfigService;
  24. use Shopware\Storefront\Event\StorefrontRenderEvent;
  25. use Shopware\Storefront\Framework\Csrf\CsrfPlaceholderHandler;
  26. use Shopware\Storefront\Framework\Routing\NotFound\NotFoundSubscriber;
  27. use Shopware\Storefront\Theme\StorefrontPluginRegistryInterface;
  28. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  29. use Symfony\Component\HttpFoundation\RedirectResponse;
  30. use Symfony\Component\HttpFoundation\RequestStack;
  31. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  32. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  33. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  34. use Symfony\Component\HttpKernel\Event\RequestEvent;
  35. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  36. use Symfony\Component\HttpKernel\KernelEvents;
  37. use Symfony\Component\Routing\RouterInterface;
  39. /**
  40.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  41.  */
  42. #[Package('storefront')]
  43. class StorefrontSubscriber implements EventSubscriberInterface
  44. {
  45.     private RequestStack $requestStack;
  47.     private RouterInterface $router;
  49.     private CsrfPlaceholderHandler $csrfPlaceholderHandler;
  51.     private MaintenanceModeResolver $maintenanceModeResolver;
  53.     private HreflangLoaderInterface $hreflangLoader;
  55.     private ShopIdProvider $shopIdProvider;
  57.     private ActiveAppsLoader $activeAppsLoader;
  59.     private SystemConfigService $systemConfigService;
  61.     private StorefrontPluginRegistryInterface $themeRegistry;
  63.     private NotFoundSubscriber $notFoundSubscriber;
  65.     /**
  66.      * @internal
  67.      */
  68.     public function __construct(
  69.         RequestStack $requestStack,
  70.         RouterInterface $router,
  71.         CsrfPlaceholderHandler $csrfPlaceholderHandler,
  72.         HreflangLoaderInterface $hreflangLoader,
  73.         MaintenanceModeResolver $maintenanceModeResolver,
  74.         ShopIdProvider $shopIdProvider,
  75.         ActiveAppsLoader $activeAppsLoader,
  76.         SystemConfigService $systemConfigService,
  77.         StorefrontPluginRegistryInterface $themeRegistry,
  78.         NotFoundSubscriber $notFoundSubscriber
  79.     ) {
  80.         $this->requestStack $requestStack;
  81.         $this->router $router;
  82.         $this->csrfPlaceholderHandler $csrfPlaceholderHandler;
  83.         $this->maintenanceModeResolver $maintenanceModeResolver;
  84.         $this->hreflangLoader $hreflangLoader;
  85.         $this->shopIdProvider $shopIdProvider;
  86.         $this->activeAppsLoader $activeAppsLoader;
  87.         $this->systemConfigService $systemConfigService;
  88.         $this->themeRegistry $themeRegistry;
  89.         $this->notFoundSubscriber $notFoundSubscriber;
  90.     }
  92.     public static function getSubscribedEvents(): array
  93.     {
  94.         if (Feature::isActive('v6.5.0.0')) {
  95.             return [
  96.                 KernelEvents::REQUEST => [
  97.                     ['startSession'40],
  98.                     ['maintenanceResolver'],
  99.                 ],
  100.                 KernelEvents::EXCEPTION => [
  101.                     ['customerNotLoggedInHandler'],
  102.                     ['maintenanceResolver'],
  103.                 ],
  104.                 KernelEvents::CONTROLLER => [
  105.                     ['preventPageLoadingFromXmlHttpRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  106.                 ],
  107.                 CustomerLoginEvent::class => [
  108.                     'updateSessionAfterLogin',
  109.                 ],
  110.                 CustomerLogoutEvent::class => [
  111.                     'updateSessionAfterLogout',
  112.                 ],
  113.                 BeforeSendResponseEvent::class => [
  114.                     ['setCanonicalUrl'],
  115.                 ],
  116.                 StorefrontRenderEvent::class => [
  117.                     ['addHreflang'],
  118.                     ['addShopIdParameter'],
  119.                     ['addIconSetConfig'],
  120.                 ],
  121.                 SalesChannelContextResolvedEvent::class => [
  122.                     ['replaceContextToken'],
  123.                 ],
  124.             ];
  125.         }
  127.         return [
  128.             KernelEvents::REQUEST => [
  129.                 ['startSession'40],
  130.                 ['maintenanceResolver'],
  131.             ],
  132.             KernelEvents::EXCEPTION => [
  133.                 ['showHtmlExceptionResponse', -100],
  134.                 ['customerNotLoggedInHandler'],
  135.                 ['maintenanceResolver'],
  136.             ],
  137.             KernelEvents::CONTROLLER => [
  138.                 ['preventPageLoadingFromXmlHttpRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  139.             ],
  140.             CustomerLoginEvent::class => [
  141.                 'updateSessionAfterLogin',
  142.             ],
  143.             CustomerLogoutEvent::class => [
  144.                 'updateSessionAfterLogout',
  145.             ],
  146.             BeforeSendResponseEvent::class => [
  147.                 ['replaceCsrfToken'],
  148.                 ['setCanonicalUrl'],
  149.             ],
  150.             StorefrontRenderEvent::class => [
  151.                 ['addHreflang'],
  152.                 ['addShopIdParameter'],
  153.                 ['addIconSetConfig'],
  154.             ],
  155.             SalesChannelContextResolvedEvent::class => [
  156.                 ['replaceContextToken'],
  157.             ],
  158.         ];
  159.     }
  161.     public function startSession(): void
  162.     {
  163.         $master $this->requestStack->getMainRequest();
  165.         if (!$master) {
  166.             return;
  167.         }
  168.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  169.             return;
  170.         }
  172.         if (!$master->hasSession()) {
  173.             return;
  174.         }
  176.         $session $master->getSession();
  178.         if (!$session->isStarted()) {
  179.             $session->setName('session-');
  180.             $session->start();
  181.             $session->set('sessionId'$session->getId());
  182.         }
  184.         $salesChannelId $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  185.         if ($salesChannelId === null) {
  186.             /** @var SalesChannelContext|null $salesChannelContext */
  187.             $salesChannelContext $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  188.             if ($salesChannelContext !== null) {
  189.                 $salesChannelId $salesChannelContext->getSalesChannel()->getId();
  190.             }
  191.         }
  193.         if ($this->shouldRenewToken($session$salesChannelId)) {
  194.             $token Random::getAlphanumericString(32);
  195.             $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  196.             $session->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  197.         }
  199.         $master->headers->set(
  200.             PlatformRequest::HEADER_CONTEXT_TOKEN,
  201.             $session->get(PlatformRequest::HEADER_CONTEXT_TOKEN)
  202.         );
  203.     }
  205.     public function updateSessionAfterLogin(CustomerLoginEvent $event): void
  206.     {
  207.         $token $event->getContextToken();
  209.         $this->updateSession($token);
  210.     }
  212.     public function updateSessionAfterLogout(): void
  213.     {
  214.         $newToken Random::getAlphanumericString(32);
  216.         $this->updateSession($newTokentrue);
  217.     }
  219.     public function updateSession(string $tokenbool $destroyOldSession false): void
  220.     {
  221.         $master $this->requestStack->getMainRequest();
  222.         if (!$master) {
  223.             return;
  224.         }
  225.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  226.             return;
  227.         }
  229.         if (!$master->hasSession()) {
  230.             return;
  231.         }
  233.         $session $master->getSession();
  234.         $session->migrate($destroyOldSession);
  235.         $session->set('sessionId'$session->getId());
  237.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  238.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  239.     }
  241.     /**
  242.      * @deprecated tag:v6.5.0 - reason:remove-subscriber - Use `NotFoundSubscriber::onError` instead
  243.      */
  244.     public function showHtmlExceptionResponse(ExceptionEvent $event): void
  245.     {
  246.         $this->notFoundSubscriber->onError($event);
  247.     }
  249.     public function customerNotLoggedInHandler(ExceptionEvent $event): void
  250.     {
  251.         if (!$event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  252.             return;
  253.         }
  255.         if (!$event->getThrowable() instanceof CustomerNotLoggedInException) {
  256.             return;
  257.         }
  259.         $request $event->getRequest();
  261.         $parameters = [
  262.             'redirectTo' => $request->attributes->get('_route'),
  263.             'redirectParameters' => json_encode($request->attributes->get('_route_params')),
  264.         ];
  266.         $redirectResponse = new RedirectResponse($this->router->generate('frontend.account.login.page'$parameters));
  268.         $event->setResponse($redirectResponse);
  269.     }
  271.     public function maintenanceResolver(RequestEvent $event): void
  272.     {
  273.         if ($this->maintenanceModeResolver->shouldRedirect($event->getRequest())) {
  274.             $event->setResponse(
  275.                 new RedirectResponse(
  276.                     $this->router->generate('frontend.maintenance.page'),
  277.                     RedirectResponse::HTTP_TEMPORARY_REDIRECT
  278.                 )
  279.             );
  280.         }
  281.     }
  283.     public function preventPageLoadingFromXmlHttpRequest(ControllerEvent $event): void
  284.     {
  285.         if (!$event->getRequest()->isXmlHttpRequest()) {
  286.             return;
  287.         }
  289.         /** @var RouteScope|list<string> $scope */
  290.         $scope $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  291.         if ($scope instanceof RouteScope) {
  292.             $scope $scope->getScopes();
  293.         }
  295.         if (!\in_array(StorefrontRouteScope::ID$scopetrue)) {
  296.             return;
  297.         }
  299.         $controller $event->getController();
  301.         // happens if Controller is a closure
  302.         if (!\is_array($controller)) {
  303.             return;
  304.         }
  306.         $isAllowed $event->getRequest()->attributes->getBoolean('XmlHttpRequest'false);
  308.         if ($isAllowed) {
  309.             return;
  310.         }
  312.         throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
  313.     }
  315.     // used to switch session token - when the context token expired
  316.     public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
  317.     {
  318.         $context $event->getSalesChannelContext();
  320.         // only update session if token expired and switched
  321.         if ($event->getUsedToken() === $context->getToken()) {
  322.             return;
  323.         }
  325.         $this->updateSession($context->getToken());
  326.     }
  328.     public function setCanonicalUrl(BeforeSendResponseEvent $event): void
  329.     {
  330.         if (!$event->getResponse()->isSuccessful()) {
  331.             return;
  332.         }
  334.         if ($canonical $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_CANONICAL_LINK)) {
  335.             $canonical sprintf('<%s>; rel="canonical"'$canonical);
  336.             $event->getResponse()->headers->set('Link'$canonical);
  337.         }
  338.     }
  340.     /**
  341.      * @deprecated tag:v6.5.0 - replaceCsrfToken method will be removed as the csrf system will be removed in favor for the samesite approach
  342.      */
  343.     public function replaceCsrfToken(BeforeSendResponseEvent $event): void
  344.     {
  345.         if (Feature::isActive('v6.5.0.0')) {
  346.             return;
  347.         }
  349.         Feature::triggerDeprecationOrThrow(
  350.             'v6.5.0.0',
  351.             Feature::deprecatedMethodMessage(__CLASS____METHOD__'v6.5.0.0')
  352.         );
  354.         $event->setResponse(
  355.             $this->csrfPlaceholderHandler->replaceCsrfToken($event->getResponse(), $event->getRequest())
  356.         );
  357.     }
  359.     public function addHreflang(StorefrontRenderEvent $event): void
  360.     {
  361.         $request $event->getRequest();
  362.         $route $request->attributes->get('_route');
  364.         if ($route === null) {
  365.             return;
  366.         }
  368.         $routeParams $request->attributes->get('_route_params', []);
  369.         $salesChannelContext $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  370.         $parameter = new HreflangLoaderParameter($route$routeParams$salesChannelContext);
  371.         $event->setParameter('hrefLang'$this->hreflangLoader->load($parameter));
  372.     }
  374.     public function addShopIdParameter(StorefrontRenderEvent $event): void
  375.     {
  376.         if (!$this->activeAppsLoader->getActiveApps()) {
  377.             return;
  378.         }
  380.         try {
  381.             $shopId $this->shopIdProvider->getShopId();
  382.         } catch (AppUrlChangeDetectedException $e) {
  383.             return;
  384.         }
  386.         $event->setParameter('appShopId'$shopId);
  387.     }
  389.     public function addIconSetConfig(StorefrontRenderEvent $event): void
  390.     {
  391.         $request $event->getRequest();
  393.         // get name if theme is not inherited
  394.         $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_NAME);
  396.         if (!$theme) {
  397.             // get theme name from base theme because for inherited themes the name is always null
  398.             $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_BASE_NAME);
  399.         }
  401.         if (!$theme) {
  402.             return;
  403.         }
  405.         $themeConfig $this->themeRegistry->getConfigurations()->getByTechnicalName($theme);
  407.         if (!$themeConfig) {
  408.             return;
  409.         }
  411.         $iconConfig = [];
  412.         foreach ($themeConfig->getIconSets() as $pack => $path) {
  413.             $iconConfig[$pack] = [
  414.                 'path' => $path,
  415.                 'namespace' => $theme,
  416.             ];
  417.         }
  419.         $event->setParameter('themeIconConfig'$iconConfig);
  420.     }
  422.     private function shouldRenewToken(SessionInterface $session, ?string $salesChannelId null): bool
  423.     {
  424.         if (!$session->has(PlatformRequest::HEADER_CONTEXT_TOKEN) || $salesChannelId === null) {
  425.             return true;
  426.         }
  428.         if ($this->systemConfigService->get('core.systemWideLoginRegistration.isCustomerBoundToSalesChannel')) {
  429.             return $session->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID) !== $salesChannelId;
  430.         }
  432.         return false;
  433.     }
  434. }