vendor/shopware/storefront/Framework/Routing/StorefrontSubscriber.php line 102

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Framework\Routing;
  5. use Shopware\Core\Checkout\Cart\Exception\CustomerNotLoggedInException;
  6. use Shopware\Core\Checkout\Customer\Event\CustomerLoginEvent;
  7. use Shopware\Core\Checkout\Customer\Event\CustomerLogoutEvent;
  8. use Shopware\Core\Content\Seo\HreflangLoaderInterface;
  9. use Shopware\Core\Content\Seo\HreflangLoaderParameter;
  10. use Shopware\Core\Framework\App\ActiveAppsLoader;
  11. use Shopware\Core\Framework\App\Exception\AppUrlChangeDetectedException;
  12. use Shopware\Core\Framework\App\ShopId\ShopIdProvider;
  13. use Shopware\Core\Framework\Event\BeforeSendResponseEvent;
  14. use Shopware\Core\Framework\Log\Package;
  15. use Shopware\Core\Framework\Routing\Event\SalesChannelContextResolvedEvent;
  16. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  17. use Shopware\Core\Framework\Util\Random;
  18. use Shopware\Core\PlatformRequest;
  19. use Shopware\Core\SalesChannelRequest;
  20. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  21. use Shopware\Core\System\SystemConfig\SystemConfigService;
  22. use Shopware\Storefront\Event\StorefrontRenderEvent;
  23. use Shopware\Storefront\Theme\StorefrontPluginRegistryInterface;
  24. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  25. use Symfony\Component\HttpFoundation\RedirectResponse;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  27. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  28. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  29. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  30. use Symfony\Component\HttpKernel\Event\RequestEvent;
  31. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  32. use Symfony\Component\HttpKernel\KernelEvents;
  33. use Symfony\Component\Routing\RouterInterface;
  35. /**
  36.  * @internal
  37.  */
  38. #[Package('storefront')]
  39. class StorefrontSubscriber implements EventSubscriberInterface
  40. {
  41.     /**
  42.      * @internal
  43.      */
  44.     public function __construct(private readonly RequestStack $requestStack, private readonly RouterInterface $router, private readonly HreflangLoaderInterface $hreflangLoader, private readonly MaintenanceModeResolver $maintenanceModeResolver, private readonly ShopIdProvider $shopIdProvider, private readonly ActiveAppsLoader $activeAppsLoader, private readonly SystemConfigService $systemConfigService, private readonly StorefrontPluginRegistryInterface $themeRegistry)
  45.     {
  46.     }
  48.     public static function getSubscribedEvents(): array
  49.     {
  50.         return [
  51.             KernelEvents::REQUEST => [
  52.                 ['startSession'40],
  53.                 ['maintenanceResolver'],
  54.             ],
  55.             KernelEvents::EXCEPTION => [
  56.                 ['customerNotLoggedInHandler'],
  57.                 ['maintenanceResolver'],
  58.             ],
  59.             KernelEvents::CONTROLLER => [
  60.                 ['preventPageLoadingFromXmlHttpRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE],
  61.             ],
  62.             CustomerLoginEvent::class => [
  63.                 'updateSessionAfterLogin',
  64.             ],
  65.             CustomerLogoutEvent::class => [
  66.                 'updateSessionAfterLogout',
  67.             ],
  68.             BeforeSendResponseEvent::class => [
  69.                 ['setCanonicalUrl'],
  70.             ],
  71.             StorefrontRenderEvent::class => [
  72.                 ['addHreflang'],
  73.                 ['addShopIdParameter'],
  74.                 ['addIconSetConfig'],
  75.             ],
  76.             SalesChannelContextResolvedEvent::class => [
  77.                 ['replaceContextToken'],
  78.             ],
  79.         ];
  80.     }
  82.     public function startSession(): void
  83.     {
  84.         $master $this->requestStack->getMainRequest();
  86.         if (!$master) {
  87.             return;
  88.         }
  89.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  90.             return;
  91.         }
  93.         if (!$master->hasSession()) {
  94.             return;
  95.         }
  97.         $session $master->getSession();
  99.         if (!$session->isStarted()) {
  100.             $session->setName('session-');
  101.             $session->start();
  102.             $session->set('sessionId'$session->getId());
  103.         }
  105.         $salesChannelId $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  106.         if ($salesChannelId === null) {
  107.             /** @var SalesChannelContext|null $salesChannelContext */
  108.             $salesChannelContext $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  109.             if ($salesChannelContext !== null) {
  110.                 $salesChannelId $salesChannelContext->getSalesChannel()->getId();
  111.             }
  112.         }
  114.         if ($this->shouldRenewToken($session$salesChannelId)) {
  115.             $token Random::getAlphanumericString(32);
  116.             $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  117.             $session->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  118.         }
  120.         $master->headers->set(
  121.             PlatformRequest::HEADER_CONTEXT_TOKEN,
  122.             $session->get(PlatformRequest::HEADER_CONTEXT_TOKEN)
  123.         );
  124.     }
  126.     public function updateSessionAfterLogin(CustomerLoginEvent $event): void
  127.     {
  128.         $token $event->getContextToken();
  130.         $this->updateSession($token);
  131.     }
  133.     public function updateSessionAfterLogout(): void
  134.     {
  135.         $newToken Random::getAlphanumericString(32);
  137.         $this->updateSession($newTokentrue);
  138.     }
  140.     public function updateSession(string $tokenbool $destroyOldSession false): void
  141.     {
  142.         $master $this->requestStack->getMainRequest();
  143.         if (!$master) {
  144.             return;
  145.         }
  146.         if (!$master->attributes->get(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  147.             return;
  148.         }
  150.         if (!$master->hasSession()) {
  151.             return;
  152.         }
  154.         $session $master->getSession();
  155.         $session->migrate($destroyOldSession);
  156.         $session->set('sessionId'$session->getId());
  158.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  159.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$token);
  160.     }
  162.     public function customerNotLoggedInHandler(ExceptionEvent $event): void
  163.     {
  164.         if (!$event->getRequest()->attributes->has(SalesChannelRequest::ATTRIBUTE_IS_SALES_CHANNEL_REQUEST)) {
  165.             return;
  166.         }
  168.         if (!$event->getThrowable() instanceof CustomerNotLoggedInException) {
  169.             return;
  170.         }
  172.         $request $event->getRequest();
  174.         $parameters = [
  175.             'redirectTo' => $request->attributes->get('_route'),
  176.             'redirectParameters' => json_encode($request->attributes->get('_route_params'), \JSON_THROW_ON_ERROR),
  177.         ];
  179.         $redirectResponse = new RedirectResponse($this->router->generate('frontend.account.login.page'$parameters));
  181.         $event->setResponse($redirectResponse);
  182.     }
  184.     public function maintenanceResolver(RequestEvent $event): void
  185.     {
  186.         if ($this->maintenanceModeResolver->shouldRedirect($event->getRequest())) {
  187.             $event->setResponse(
  188.                 new RedirectResponse(
  189.                     $this->router->generate('frontend.maintenance.page'),
  190.                     RedirectResponse::HTTP_TEMPORARY_REDIRECT
  191.                 )
  192.             );
  193.         }
  194.     }
  196.     public function preventPageLoadingFromXmlHttpRequest(ControllerEvent $event): void
  197.     {
  198.         if (!$event->getRequest()->isXmlHttpRequest()) {
  199.             return;
  200.         }
  202.         /** @var list<string> $scope */
  203.         $scope $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);
  205.         if (!\in_array(StorefrontRouteScope::ID$scopetrue)) {
  206.             return;
  207.         }
  209.         $controller $event->getController();
  211.         // happens if Controller is a closure
  212.         if (!\is_array($controller)) {
  213.             return;
  214.         }
  216.         $isAllowed $event->getRequest()->attributes->getBoolean('XmlHttpRequest');
  218.         if ($isAllowed) {
  219.             return;
  220.         }
  222.         throw new AccessDeniedHttpException('PageController can\'t be requested via XmlHttpRequest.');
  223.     }
  225.     // used to switch session token - when the context token expired
  226.     public function replaceContextToken(SalesChannelContextResolvedEvent $event): void
  227.     {
  228.         $context $event->getSalesChannelContext();
  230.         // only update session if token expired and switched
  231.         if ($event->getUsedToken() === $context->getToken()) {
  232.             return;
  233.         }
  235.         $this->updateSession($context->getToken());
  236.     }
  238.     public function setCanonicalUrl(BeforeSendResponseEvent $event): void
  239.     {
  240.         if (!$event->getResponse()->isSuccessful()) {
  241.             return;
  242.         }
  244.         if ($canonical $event->getRequest()->attributes->get(SalesChannelRequest::ATTRIBUTE_CANONICAL_LINK)) {
  245.             $canonical sprintf('<%s>; rel="canonical"'$canonical);
  246.             $event->getResponse()->headers->set('Link'$canonical);
  247.         }
  248.     }
  250.     public function addHreflang(StorefrontRenderEvent $event): void
  251.     {
  252.         $request $event->getRequest();
  253.         $route $request->attributes->get('_route');
  255.         if ($route === null) {
  256.             return;
  257.         }
  259.         $routeParams $request->attributes->get('_route_params', []);
  260.         $salesChannelContext $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  261.         $parameter = new HreflangLoaderParameter($route$routeParams$salesChannelContext);
  262.         $event->setParameter('hrefLang'$this->hreflangLoader->load($parameter));
  263.     }
  265.     public function addShopIdParameter(StorefrontRenderEvent $event): void
  266.     {
  267.         if (!$this->activeAppsLoader->getActiveApps()) {
  268.             return;
  269.         }
  271.         try {
  272.             $shopId $this->shopIdProvider->getShopId();
  273.         } catch (AppUrlChangeDetectedException) {
  274.             return;
  275.         }
  277.         $event->setParameter('appShopId'$shopId);
  278.     }
  280.     public function addIconSetConfig(StorefrontRenderEvent $event): void
  281.     {
  282.         $request $event->getRequest();
  284.         // get name if theme is not inherited
  285.         $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_NAME);
  287.         if (!$theme) {
  288.             // get theme name from base theme because for inherited themes the name is always null
  289.             $theme $request->attributes->get(SalesChannelRequest::ATTRIBUTE_THEME_BASE_NAME);
  290.         }
  292.         if (!$theme) {
  293.             return;
  294.         }
  296.         $themeConfig $this->themeRegistry->getConfigurations()->getByTechnicalName($theme);
  298.         if (!$themeConfig) {
  299.             return;
  300.         }
  302.         $iconConfig = [];
  303.         foreach ($themeConfig->getIconSets() as $pack => $path) {
  304.             $iconConfig[$pack] = [
  305.                 'path' => $path,
  306.                 'namespace' => $theme,
  307.             ];
  308.         }
  310.         $event->setParameter('themeIconConfig'$iconConfig);
  311.     }
  313.     private function shouldRenewToken(SessionInterface $session, ?string $salesChannelId null): bool
  314.     {
  315.         if (!$session->has(PlatformRequest::HEADER_CONTEXT_TOKEN) || $salesChannelId === null) {
  316.             return true;
  317.         }
  319.         if ($this->systemConfigService->get('core.systemWideLoginRegistration.isCustomerBoundToSalesChannel')) {
  320.             return $session->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID) !== $salesChannelId;
  321.         }
  323.         return false;
  324.     }
  325. }