src/EventSubscriber/ApiRequestSubscriber.php line 67

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\EventSubscriber;
  7. use App\Checker\RateLimiterChecker;
  8. use App\Entity\Admin\SourceInterface;
  9. use App\Entity\Device\DeviceInterface;
  10. use App\Entity\Franchise\FranchiseInterface;
  11. use App\Entity\Security\Manager;
  12. use App\Entity\Security\ShopManager;
  13. use App\Helper\Response\DeviceResponseInterface;
  14. use App\Helper\Response\FranchiseResponseInterface;
  15. use App\Helper\Response\ResponseInterface as CustomResponseInterface;
  16. use App\Helper\Response\ShopResponseInterface;
  17. use App\Repository\Admin\SourceRepository;
  18. use App\Repository\Franchise\FranchiseRepository;
  19. use App\Repository\Shop\DeviceRepository;
  20. use App\Repository\Shop\ShopRepository;
  21. use App\Verifier\Shop\LicenceVerifier;
  22. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\HttpKernel\Event\RequestEvent;
  25. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  26. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  27. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  28. use Symfony\Component\Security\Core\Security;
  30. class ApiRequestSubscriber implements EventSubscriberInterface
  31. {
  32.     public const API_VERSION_200 '2.0.0';
  33.     public const API_VERSIONS = [
  34.         self::API_VERSION_200,
  35.     ];
  37.     private array $authorizedRoutes = [
  38.         'api_login_check',
  39.         'api_users_request_request_password_collection',
  40.         'api_users_check_password_reset_token_collection',
  41.         'api_users_reset_password_collection',
  42.         'api_entrypoint',
  43.         'api_doc',
  44.         'foxorders_api_',
  45.         'foxorders_api_doc',
  46.     ];
  48.     public function __construct(
  49.         private $devicePinDev,
  50.         private Security $security,
  51.         private SourceRepository $sourceRepository,
  52.         private RateLimiterChecker $rateLimiterChecker,
  53.         private DeviceRepository $deviceRepository,
  54.         private FranchiseRepository $franchiseRepository,
  55.         private ShopRepository $shopRepository,
  56.         private LicenceVerifier $licenceVerifier,
  57.     ) {
  58.     }
  60.     public static function getSubscribedEvents(): array
  61.     {
  62.         return [
  63.             RequestEvent::class => ['onKernelRequest'6],
  64.         ];
  65.     }
  67.     public function onKernelRequest(RequestEvent $event)
  68.     {
  69.         $request $event->getRequest();
  70.         $route $request->attributes->get('_route');
  71.         $source $request->headers->get('source');
  72.         $version $request->headers->get('version');
  73.         $franchiseToken $request->headers->get('franchise-token');
  74.         $devicePinDev $request->headers->get('device-pin-dev');
  75.         $shopToken $request->headers->get('shop-token');
  76.         $identifier $request->headers->get('device-token');
  77.         $isApiRoute null !== $route && str_contains($route'api_') && false === str_starts_with($route'foxorders_documentation');
  78.         $user $this->security->getUser();
  80.         if (false === $isApiRoute || true === \in_array($route$this->authorizedRoutestrue)) {
  81.             return true;
  82.         }
  84.         $this->rateLimiterChecker->checkRate();
  86.         if (false === $this->security->getUser()) {
  87.             throw new AccessDeniedHttpException(Response::$statusTexts[Response::HTTP_FORBIDDEN]);
  88.         }
  90.         if (null === $source) {
  91.             throw new BadRequestHttpException(CustomResponseInterface::SOURCE_MANDATORY);
  92.         }
  94.         if (null === $version) {
  95.             throw new BadRequestHttpException(CustomResponseInterface::API_VERSION_MANDATORY);
  96.         }
  98.         if (false === \in_array($versionself::API_VERSIONStrue)) {
  99.             throw new BadRequestHttpException(CustomResponseInterface::API_VERSION_INVALID);
  100.         }
  102.         if (false === $this->sourceRepository->isApiSource($source)) {
  103.             throw new BadRequestHttpException(CustomResponseInterface::SOURCE_INVALID);
  104.         }
  106.         $franchise $shop $device null;
  107.         if ($user instanceof Manager) {
  108.             $franchise $user->getFranchise();
  109.         } elseif ($user instanceof ShopManager) {
  110.             $shop $user->getShop();
  111.             $device $user->getDevice();
  112.             $franchise $shop->getFranchise();
  113.             $shopToken $shop->getToken();
  114.         }
  116.         $franchiseToken $franchise?->getToken() ?? $franchiseToken;
  117.         if (null === $franchiseToken && !\in_array($routeFranchiseInterface::ENDPOINTS_WITHOUT_TOKENtrue)) {
  118.             throw new BadRequestHttpException(FranchiseResponseInterface::FRANCHISE_TOKEN_REQUIRED);
  119.         }
  121.         if (null === $franchise && null !== $franchiseToken) {
  122.             $franchise $this->franchiseRepository->findOneBy(['token' => $franchiseToken]);
  123.             if (null === $franchise) {
  124.                 throw new BadRequestHttpException(FranchiseResponseInterface::FRANCHISE_TOKEN_INVALID);
  125.             }
  126.         }
  128.         if (null === $shop && null !== $shopToken && null !== $franchiseToken) {
  129.             if (false === $this->shopRepository->isMatchedShopTokenFranchiseToken($franchiseToken$shopToken)) {
  130.                 throw new BadRequestHttpException(ShopResponseInterface::SHOP_TOKEN_INVALID);
  131.             }
  132.         }
  134.         if (null !== $franchise && FranchiseInterface::STATUS_DISABLED === $franchise->getStatus()) {
  135.             throw new AccessDeniedHttpException(CustomResponseInterface::ACCOUNT_BLOCKED);
  136.         }
  138.         if (false === $this->licenceVerifier->verify()) {
  139.             throw new UnauthorizedHttpException('Unauthorized access'CustomResponseInterface::ACCESS_DENIED);
  140.         }
  142.         if (SourceInterface::SOURCE_FOXORDERS_FRONT === $source && null !== $shopToken) {
  143.             $device $this->deviceRepository->defaultDevice($shopToken);
  144.             if (null === $device) {
  145.                 throw new BadRequestHttpException(DeviceResponseInterface::DEVICE_TOKEN_INVALID);
  146.             }
  148.             $request->headers->set('device-token'$device->getToken());
  150.             return true;
  151.         }
  153.         if ($this->devicePinDev === $devicePinDev) {
  154.             return;
  155.         }
  157.         if (false === \in_array($sourceSourceInterface::DEVICE_SOURCEStrue) || true === \in_array($routeDeviceInterface::WHITELISTED_DEVICE_ENDPOINTStrue)) {
  158.             return true;
  159.         }
  161.         // if (null === $identifier || '' === trim($identifier)) {
  162.         //     throw new UnauthorizedHttpException('Unauthorized access', DeviceResponseInterface::UNRECOGNIZED_DEVICE);
  163.         // }
  165.         // $device = $this->deviceRepository->findOneByFranchiseTokenAndIdentifier($franchiseToken, $identifier);
  166.         // if (null === $device) {
  167.         //     throw new UnauthorizedHttpException('Unauthorized access', DeviceResponseInterface::UNRECOGNIZED_DEVICE);
  168.         // }
  170.         // $request->headers->set('device-token', $device->getToken());
  172.         if (null !== $identifier && '' !== trim($identifier)) {
  173.             $device $this->deviceRepository->findOneByFranchiseTokenAndIdentifier($franchiseToken$identifier);
  174.             if (null !== $device) {
  175.                 $request->headers->set('device-token'$device->getToken());
  176.             }
  177.         }
  178.     }
  179. }