vendor/shopware/storefront/Framework/Routing/StorefrontSubscriber.php line 205

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Framework\Routing;
  5. use Shopware\Core\Checkout\Cart\Exception\CustomerNotLoggedInException;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLogoutEvent;
  8. use Shopware\Core\Content\Seo\HreflangLoaderInterface;
  9. use Shopware\Core\Content\Seo\HreflangLoaderParameter;
  10. use Shopware\Core\Framework\App\ActiveAppsLoader;
  11. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  12. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  13. use Shopware\Core\Framework\Event\BeforeSendResponseEvent;
  14. use Shopware\Core\Framework\Log\Package;
  15. use Shopware\Core\Framework\Routing\Event\SalesChannelContextResolvedEvent;
  16. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  17. use Shopware\Core\Framework\Util\Random;
  18. use Shopware\Core\PlatformRequest;
  19. use Shopware\Core\SalesChannelRequest;
  20. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  21. use Shopware\Core\System\SystemConfig\SystemConfigService;
  22. use Shopware\Storefront\Event\StorefrontRenderEvent;
  23. use Shopware\Storefront\Theme\StorefrontPluginRegistryInterface;
  24. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  25. use Symfony\Component\HttpFoundation\RedirectResponse;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  29. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  30. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  31. use Symfony\Component\HttpKernel\Event\RequestEvent;
  32. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  33. use Symfony\Component\HttpKernel\KernelEvents;
  34. use Symfony\Component\Routing\RouterInterface;
  36. /**
  37.  * @internal
  38.  */
  39. #[Package('storefront')]
  40. class StorefrontSubscriber implements EventSubscriberInterface
  41. {
  42.     /**
  43.      * @internal
  44.      */
  45.     public function __construct(
  46.         private readonly RequestStack $requestStack,
  47.         private readonly RouterInterface $router,
  48.         private readonly HreflangLoaderInterface $hreflangLoader,
  49.         private readonly MaintenanceModeResolver $maintenanceModeResolver,
  50.         private readonly ShopIdProvider $shopIdProvider,
  51.         private readonly ActiveAppsLoader $activeAppsLoader,
  52.         private readonly SystemConfigService $systemConfigService,
  53.         private readonly StorefrontPluginRegistryInterface $themeRegistry
  54.     ) {
  55.     }
  57.     public static function getSubscribedEvents(): array
  58.     {
  59.         return [
  60.             KernelEvents::REQUEST => [
  61.                 ['startSession'40],
  62.                 ['maintenanceResolver'],
  63.             ],
  64.             KernelEvents::EXCEPTION => [
  65.                 ['customerNotLoggedInHandler'],
  66.                 ['maintenanceResolver'],
  67.             ],
  68.             KernelEvents::CONTROLLER => [
  69.                 ['preventPageLoadingFromXmlHttpRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  70.             ],
  71.             CustomerLoginEvent::class => [
  72.                 'updateSessionAfterLogin',
  73.             ],
  74.             CustomerLogoutEvent::class => [
  75.                 'updateSessionAfterLogout',
  76.             ],
  77.             BeforeSendResponseEvent::class => [
  78.                 ['setCanonicalUrl'],
  79.             ],
  80.             StorefrontRenderEvent::class => [
  81.                 ['addHreflang'],
  82.                 ['addShopIdParameter'],
  83.                 ['addIconSetConfig'],
  84.             ],
  85.             SalesChannelContextResolvedEvent::class => [
  86.                 ['replaceContextToken'],
  87.             ],
  88.         ];
  89.     }
  91.     public function startSession(): void
  92.     {
  93.         $master $this->requestStack->getMainRequest();
  95.         if (!$master) {
  96.             return;
  97.         }
  98.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  99.             return;
  100.         }
  102.         if (!$master->hasSession()) {
  103.             return;
  104.         }
  106.         $session $master->getSession();
  108.         if (!$session->isStarted()) {
  109.             $session->setName('session-');
  110.             $session->start();
  111.             $session->set('sessionId'$session->getId());
  112.         }
  114.         $salesChannelId $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  115.         if ($salesChannelId === null) {
  116.             /** @var SalesChannelContext|null $salesChannelContext */
  117.             $salesChannelContext $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  118.             if ($salesChannelContext !== null) {
  119.                 $salesChannelId $salesChannelContext->getSalesChannel()->getId();
  120.             }
  121.         }
  123.         if ($this->shouldRenewToken($session$salesChannelId)) {
  124.             $token Random::getAlphanumericString(32);
  125.             $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  126.             $session->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  127.         }
  129.         $master->headers->set(
  130.             PlatformRequest::HEADER_CONTEXT_TOKEN,
  131.             $session->get(PlatformRequest::HEADER_CONTEXT_TOKEN)
  132.         );
  133.     }
  135.     public function updateSessionAfterLogin(CustomerLoginEvent $event): void
  136.     {
  137.         $token $event->getContextToken();
  139.         $this->updateSession($token);
  140.     }
  142.     public function updateSessionAfterLogout(): void
  143.     {
  144.         $newToken Random::getAlphanumericString(32);
  146.         $this->updateSession($newTokentrue);
  147.     }
  149.     public function updateSession(string $tokenbool $destroyOldSession false): void
  150.     {
  151.         $master $this->requestStack->getMainRequest();
  152.         if (!$master) {
  153.             return;
  154.         }
  155.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  156.             return;
  157.         }
  159.         if (!$master->hasSession()) {
  160.             return;
  161.         }
  163.         $session $master->getSession();
  164.         $session->migrate($destroyOldSession);
  165.         $session->set('sessionId'$session->getId());
  167.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  168.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  169.     }
  171.     public function customerNotLoggedInHandler(ExceptionEvent $event): void
  172.     {
  173.         if (!$event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  174.             return;
  175.         }
  177.         if (!$event->getThrowable() instanceof CustomerNotLoggedInException) {
  178.             return;
  179.         }
  181.         $request $event->getRequest();
  183.         $parameters = [
  184.             'redirectTo' => $request->attributes->get('_route'),
  185.             'redirectParameters' => json_encode($request->attributes->get('_route_params'), \JSON_THROW_ON_ERROR),
  186.         ];
  188.         $redirectResponse = new RedirectResponse($this->router->generate('frontend.account.login.page'$parameters));
  190.         $event->setResponse($redirectResponse);
  191.     }
  193.     public function maintenanceResolver(RequestEvent $event): void
  194.     {
  195.         if ($this->maintenanceModeResolver->shouldRedirect($event->getRequest())) {
  196.             $event->setResponse(
  197.                 new RedirectResponse(
  198.                     $this->router->generate('frontend.maintenance.page'),
  199.                     RedirectResponse::HTTP_TEMPORARY_REDIRECT
  200.                 )
  201.             );
  202.         }
  203.     }
  205.     public function preventPageLoadingFromXmlHttpRequest(ControllerEvent $event): void
  206.     {
  207.         if (!$event->getRequest()->isXmlHttpRequest()) {
  208.             return;
  209.         }
  211.         /** @var list<string> $scope */
  212.         $scope $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  214.         if (!\in_array(StorefrontRouteScope::ID$scopetrue)) {
  215.             return;
  216.         }
  218.         /** @var callable(): Response $controller */
  219.         $controller $event->getController();
  221.         // happens if Controller is a closure
  222.         if (!\is_array($controller)) {
  223.             return;
  224.         }
  226.         $isAllowed $event->getRequest()->attributes->getBoolean('XmlHttpRequest');
  228.         if ($isAllowed) {
  229.             return;
  230.         }
  232.         throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
  233.     }
  235.     // used to switch session token - when the context token expired
  236.     public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
  237.     {
  238.         $context $event->getSalesChannelContext();
  240.         // only update session if token expired and switched
  241.         if ($event->getUsedToken() === $context->getToken()) {
  242.             return;
  243.         }
  245.         $this->updateSession($context->getToken());
  246.     }
  248.     public function setCanonicalUrl(BeforeSendResponseEvent $event): void
  249.     {
  250.         if (!$event->getResponse()->isSuccessful()) {
  251.             return;
  252.         }
  254.         if ($canonical $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_CANONICAL_LINK)) {
  255.             \assert(\is_string($canonical));
  256.             $canonical sprintf('<%s>; rel="canonical"'$canonical);
  257.             $event->getResponse()->headers->set('Link'$canonical);
  258.         }
  259.     }
  261.     public function addHreflang(StorefrontRenderEvent $event): void
  262.     {
  263.         $request $event->getRequest();
  264.         $route $request->attributes->get('_route');
  266.         if ($route === null) {
  267.             return;
  268.         }
  270.         $routeParams $request->attributes->get('_route_params', []);
  271.         $salesChannelContext $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  272.         $parameter = new HreflangLoaderParameter($route$routeParams$salesChannelContext);
  273.         $event->setParameter('hrefLang'$this->hreflangLoader->load($parameter));
  274.     }
  276.     public function addShopIdParameter(StorefrontRenderEvent $event): void
  277.     {
  278.         if (!$this->activeAppsLoader->getActiveApps()) {
  279.             return;
  280.         }
  282.         try {
  283.             $shopId $this->shopIdProvider->getShopId();
  284.         } catch (AppUrlChangeDetectedException) {
  285.             return;
  286.         }
  288.         $event->setParameter('appShopId'$shopId);
  289.     }
  291.     public function addIconSetConfig(StorefrontRenderEvent $event): void
  292.     {
  293.         $request $event->getRequest();
  295.         // get name if theme is not inherited
  296.         $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_NAME);
  298.         if (!$theme) {
  299.             // get theme name from base theme because for inherited themes the name is always null
  300.             $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_BASE_NAME);
  301.         }
  303.         if (!$theme) {
  304.             return;
  305.         }
  307.         $themeConfig $this->themeRegistry->getConfigurations()->getByTechnicalName($theme);
  309.         if (!$themeConfig) {
  310.             return;
  311.         }
  313.         $iconConfig = [];
  314.         foreach ($themeConfig->getIconSets() as $pack => $path) {
  315.             $iconConfig[$pack] = [
  316.                 'path' => $path,
  317.                 'namespace' => $theme,
  318.             ];
  319.         }
  321.         $event->setParameter('themeIconConfig'$iconConfig);
  322.     }
  324.     private function shouldRenewToken(SessionInterface $session, ?string $salesChannelId null): bool
  325.     {
  326.         if (!$session->has(PlatformRequest::HEADER_CONTEXT_TOKEN) || $salesChannelId === null) {
  327.             return true;
  328.         }
  330.         if ($this->systemConfigService->get('core.systemWideLoginRegistration.isCustomerBoundToSalesChannel')) {
  331.             return $session->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID) !== $salesChannelId;
  332.         }
  334.         return false;
  335.     }
  336. }