vendor/shopware/storefront/Framework/Routing/StorefrontSubscriber.php line 164

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Framework\Routing;
  5. use Shopware\Core\Checkout\Cart\Exception\CustomerNotLoggedInException;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLogoutEvent;
  8. use Shopware\Core\Content\Seo\HreflangLoaderInterface;
  9. use Shopware\Core\Content\Seo\HreflangLoaderParameter;
  10. use Shopware\Core\Framework\App\ActiveAppsLoader;
  11. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  12. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  13. use Shopware\Core\Framework\Event\BeforeSendResponseEvent;
  14. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  15. use Shopware\Core\Framework\Routing\Event\SalesChannelContextResolvedEvent;
  16. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  17. use Shopware\Core\Framework\Util\Random;
  18. use Shopware\Core\PlatformRequest;
  19. use Shopware\Core\SalesChannelRequest;
  20. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceInterface;
  21. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceParameters;
  22. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  23. use Shopware\Core\System\SystemConfig\SystemConfigService;
  24. use Shopware\Storefront\Controller\ErrorController;
  25. use Shopware\Storefront\Event\StorefrontRenderEvent;
  26. use Shopware\Storefront\Framework\Csrf\CsrfPlaceholderHandler;
  27. use Shopware\Storefront\Theme\StorefrontPluginRegistryInterface;
  28. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  29. use Symfony\Component\HttpFoundation\RedirectResponse;
  30. use Symfony\Component\HttpFoundation\RequestStack;
  31. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  32. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  33. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  34. use Symfony\Component\HttpKernel\Event\RequestEvent;
  35. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  36. use Symfony\Component\HttpKernel\KernelEvents;
  37. use Symfony\Component\Routing\RouterInterface;
  39. class StorefrontSubscriber implements EventSubscriberInterface
  40. {
  41.     private RequestStack $requestStack;
  43.     private RouterInterface $router;
  45.     private ErrorController $errorController;
  47.     private SalesChannelContextServiceInterface $contextService;
  49.     private bool $kernelDebug;
  51.     private CsrfPlaceholderHandler $csrfPlaceholderHandler;
  53.     private MaintenanceModeResolver $maintenanceModeResolver;
  55.     private HreflangLoaderInterface $hreflangLoader;
  57.     private ShopIdProvider $shopIdProvider;
  59.     private ActiveAppsLoader $activeAppsLoader;
  61.     private SystemConfigService $systemConfigService;
  63.     private StorefrontPluginRegistryInterface $themeRegistry;
  65.     public function __construct(
  66.         RequestStack $requestStack,
  67.         RouterInterface $router,
  68.         ErrorController $errorController,
  69.         SalesChannelContextServiceInterface $contextService,
  70.         CsrfPlaceholderHandler $csrfPlaceholderHandler,
  71.         HreflangLoaderInterface $hreflangLoader,
  72.         bool $kernelDebug,
  73.         MaintenanceModeResolver $maintenanceModeResolver,
  74.         ShopIdProvider $shopIdProvider,
  75.         ActiveAppsLoader $activeAppsLoader,
  76.         SystemConfigService $systemConfigService,
  77.         StorefrontPluginRegistryInterface $themeRegistry
  78.     ) {
  79.         $this->requestStack $requestStack;
  80.         $this->router $router;
  81.         $this->errorController $errorController;
  82.         $this->contextService $contextService;
  83.         $this->kernelDebug $kernelDebug;
  84.         $this->csrfPlaceholderHandler $csrfPlaceholderHandler;
  85.         $this->maintenanceModeResolver $maintenanceModeResolver;
  86.         $this->hreflangLoader $hreflangLoader;
  87.         $this->shopIdProvider $shopIdProvider;
  88.         $this->activeAppsLoader $activeAppsLoader;
  89.         $this->systemConfigService $systemConfigService;
  90.         $this->themeRegistry $themeRegistry;
  91.     }
  93.     public static function getSubscribedEvents(): array
  94.     {
  95.         return [
  96.             KernelEvents::REQUEST => [
  97.                 ['startSession'40],
  98.                 ['maintenanceResolver'],
  99.             ],
  100.             KernelEvents::EXCEPTION => [
  101.                 ['showHtmlExceptionResponse', -100],
  102.                 ['customerNotLoggedInHandler'],
  103.                 ['maintenanceResolver'],
  104.             ],
  105.             KernelEvents::CONTROLLER => [
  106.                 ['preventPageLoadingFromXmlHttpRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  107.             ],
  108.             CustomerLoginEvent::class => [
  109.                 'updateSessionAfterLogin',
  110.             ],
  111.             CustomerLogoutEvent::class => [
  112.                 'updateSessionAfterLogout',
  113.             ],
  114.             BeforeSendResponseEvent::class => [
  115.                 ['replaceCsrfToken'],
  116.                 ['setCanonicalUrl'],
  117.             ],
  118.             StorefrontRenderEvent::class => [
  119.                 ['addHreflang'],
  120.                 ['addShopIdParameter'],
  121.                 ['addIconSetConfig'],
  122.             ],
  123.             SalesChannelContextResolvedEvent::class => [
  124.                 ['replaceContextToken'],
  125.             ],
  126.         ];
  127.     }
  129.     public function startSession(): void
  130.     {
  131.         $master $this->requestStack->getMainRequest();
  133.         if (!$master) {
  134.             return;
  135.         }
  136.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  137.             return;
  138.         }
  140.         if (!$master->hasSession()) {
  141.             return;
  142.         }
  144.         $session $master->getSession();
  146.         if (!$session->isStarted()) {
  147.             $session->setName('session-');
  148.             $session->start();
  149.             $session->set('sessionId'$session->getId());
  150.         }
  152.         $salesChannelId $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  153.         if ($salesChannelId === null) {
  154.             /** @var SalesChannelContext|null $salesChannelContext */
  155.             $salesChannelContext $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  156.             if ($salesChannelContext !== null) {
  157.                 $salesChannelId $salesChannelContext->getSalesChannel()->getId();
  158.             }
  159.         }
  161.         if ($this->shouldRenewToken($session$salesChannelId)) {
  162.             $token Random::getAlphanumericString(32);
  163.             $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  164.             $session->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  165.         }
  167.         $master->headers->set(
  168.             PlatformRequest::HEADER_CONTEXT_TOKEN,
  169.             $session->get(PlatformRequest::HEADER_CONTEXT_TOKEN)
  170.         );
  171.     }
  173.     public function updateSessionAfterLogin(CustomerLoginEvent $event): void
  174.     {
  175.         $token $event->getContextToken();
  177.         $this->updateSession($token);
  178.     }
  180.     public function updateSessionAfterLogout(): void
  181.     {
  182.         $newToken Random::getAlphanumericString(32);
  184.         $this->updateSession($newTokentrue);
  185.     }
  187.     public function updateSession(string $tokenbool $destroyOldSession false): void
  188.     {
  189.         $master $this->requestStack->getMainRequest();
  190.         if (!$master) {
  191.             return;
  192.         }
  193.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  194.             return;
  195.         }
  197.         if (!$master->hasSession()) {
  198.             return;
  199.         }
  201.         $session $master->getSession();
  202.         $session->migrate($destroyOldSession);
  203.         $session->set('sessionId'$session->getId());
  205.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  206.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  207.     }
  209.     public function showHtmlExceptionResponse(ExceptionEvent $event): void
  210.     {
  211.         if ($this->kernelDebug || $event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_STORE_API_PROXY)) {
  212.             return;
  213.         }
  215.         if (!$event->getRequest()->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  216.             //When no saleschannel context is resolved, we need to resolve it now.
  217.             $this->setSalesChannelContext($event);
  218.         }
  220.         if ($event->getRequest()->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  221.             $event->stopPropagation();
  222.             $response $this->errorController->error(
  223.                 $event->getThrowable(),
  224.                 $this->requestStack->getMainRequest(),
  225.                 $event->getRequest()->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)
  226.             );
  227.             $event->setResponse($response);
  228.         }
  229.     }
  231.     public function customerNotLoggedInHandler(ExceptionEvent $event): void
  232.     {
  233.         if (!$event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  234.             return;
  235.         }
  237.         if (!$event->getThrowable() instanceof CustomerNotLoggedInException) {
  238.             return;
  239.         }
  241.         $request $event->getRequest();
  243.         $parameters = [
  244.             'redirectTo' => $request->attributes->get('_route'),
  245.             'redirectParameters' => json_encode($request->attributes->get('_route_params')),
  246.         ];
  248.         $redirectResponse = new RedirectResponse($this->router->generate('frontend.account.login.page'$parameters));
  250.         $event->setResponse($redirectResponse);
  251.     }
  253.     public function maintenanceResolver(RequestEvent $event): void
  254.     {
  255.         if ($this->maintenanceModeResolver->shouldRedirect($event->getRequest())) {
  256.             $event->setResponse(
  257.                 new RedirectResponse(
  258.                     $this->router->generate('frontend.maintenance.page'),
  259.                     RedirectResponse::HTTP_TEMPORARY_REDIRECT
  260.                 )
  261.             );
  262.         }
  263.     }
  265.     public function preventPageLoadingFromXmlHttpRequest(ControllerEvent $event): void
  266.     {
  267.         if (!$event->getRequest()->isXmlHttpRequest()) {
  268.             return;
  269.         }
  271.         /** @var RouteScope|array $scope */
  272.         $scope $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  273.         if ($scope instanceof RouteScope) {
  274.             $scope $scope->getScopes();
  275.         }
  277.         if (!\in_array(StorefrontRouteScope::ID$scopetrue)) {
  278.             return;
  279.         }
  281.         $controller $event->getController();
  283.         // happens if Controller is a closure
  284.         if (!\is_array($controller)) {
  285.             return;
  286.         }
  288.         $isAllowed $event->getRequest()->attributes->getBoolean('XmlHttpRequest'false);
  290.         if ($isAllowed) {
  291.             return;
  292.         }
  294.         throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
  295.     }
  297.     // used to switch session token - when the context token expired
  298.     public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
  299.     {
  300.         $context $event->getSalesChannelContext();
  302.         // only update session if token expired and switched
  303.         if ($event->getUsedToken() === $context->getToken()) {
  304.             return;
  305.         }
  307.         $this->updateSession($context->getToken());
  308.     }
  310.     public function setCanonicalUrl(BeforeSendResponseEvent $event): void
  311.     {
  312.         if (!$event->getResponse()->isSuccessful()) {
  313.             return;
  314.         }
  316.         if ($canonical $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_CANONICAL_LINK)) {
  317.             $canonical sprintf('<%s>; rel="canonical"'$canonical);
  318.             $event->getResponse()->headers->set('Link'$canonical);
  319.         }
  320.     }
  322.     public function replaceCsrfToken(BeforeSendResponseEvent $event): void
  323.     {
  324.         $event->setResponse(
  325.             $this->csrfPlaceholderHandler->replaceCsrfToken($event->getResponse(), $event->getRequest())
  326.         );
  327.     }
  329.     public function addHreflang(StorefrontRenderEvent $event): void
  330.     {
  331.         $request $event->getRequest();
  332.         $route $request->attributes->get('_route');
  334.         if ($route === null) {
  335.             return;
  336.         }
  338.         $routeParams $request->attributes->get('_route_params', []);
  339.         $salesChannelContext $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  340.         $parameter = new HreflangLoaderParameter($route$routeParams$salesChannelContext);
  341.         $event->setParameter('hrefLang'$this->hreflangLoader->load($parameter));
  342.     }
  344.     public function addShopIdParameter(StorefrontRenderEvent $event): void
  345.     {
  346.         if (!$this->activeAppsLoader->getActiveApps()) {
  347.             return;
  348.         }
  350.         try {
  351.             $shopId $this->shopIdProvider->getShopId();
  352.         } catch (AppUrlChangeDetectedException $e) {
  353.             return;
  354.         }
  356.         $event->setParameter('appShopId'$shopId);
  357.     }
  359.     public function addIconSetConfig(StorefrontRenderEvent $event): void
  360.     {
  361.         $request $event->getRequest();
  363.         // get name if theme is not inherited
  364.         $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_NAME);
  366.         if (!$theme) {
  367.             // get theme name from base theme because for inherited themes the name is always null
  368.             $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_BASE_NAME);
  369.         }
  371.         if (!$theme) {
  372.             return;
  373.         }
  375.         $themeConfig $this->themeRegistry->getConfigurations()->getByTechnicalName($theme);
  377.         if (!$themeConfig) {
  378.             return;
  379.         }
  381.         $iconConfig = [];
  382.         foreach ($themeConfig->getIconSets() as $pack => $path) {
  383.             $iconConfig[$pack] = [
  384.                 'path' => $path,
  385.                 'namespace' => $theme,
  386.             ];
  387.         }
  389.         $event->setParameter('themeIconConfig'$iconConfig);
  390.     }
  392.     private function setSalesChannelContext(ExceptionEvent $event): void
  393.     {
  394.         $contextToken = (string) $event->getRequest()->headers->get(PlatformRequest::HEADER_CONTEXT_TOKEN);
  395.         $salesChannelId = (string) $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  397.         $context $this->contextService->get(
  398.             new SalesChannelContextServiceParameters(
  399.                 $salesChannelId,
  400.                 $contextToken,
  401.                 $event->getRequest()->headers->get(PlatformRequest::HEADER_LANGUAGE_ID),
  402.                 $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_DOMAIN_CURRENCY_ID),
  403.                 $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_DOMAIN_ID)
  404.             )
  405.         );
  407.         $event->getRequest()->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT$context);
  408.     }
  410.     private function shouldRenewToken(SessionInterface $session, ?string $salesChannelId null): bool
  411.     {
  412.         if (!$session->has(PlatformRequest::HEADER_CONTEXT_TOKEN) || $salesChannelId === null) {
  413.             return true;
  414.         }
  416.         if ($this->systemConfigService->get('core.systemWideLoginRegistration.isCustomerBoundToSalesChannel')) {
  417.             return $session->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID) !== $salesChannelId;
  418.         }
  420.         return false;
  421.     }
  422. }