src/EventSubscriber/ApiRequestSubscriber.php line 68

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\EventSubscriber;
  7. use App\Checker\RateLimiterChecker;
  8. use App\Entity\Admin\SourceInterface;
  9. use App\Entity\Device\DeviceInterface;
  10. use App\Entity\Franchise\FranchiseInterface;
  11. use App\Entity\Security\Manager;
  12. use App\Entity\Security\ShopManager;
  13. use App\Exception\Global\SourceMandatoryException;
  14. use App\Helper\Response\DeviceResponseInterface;
  15. use App\Helper\Response\FranchiseResponseInterface;
  16. use App\Helper\Response\ResponseInterface as CustomResponseInterface;
  17. use App\Helper\Response\ShopResponseInterface;
  18. use App\Repository\Admin\SourceRepository;
  19. use App\Repository\Franchise\FranchiseRepository;
  20. use App\Repository\Shop\DeviceRepository;
  21. use App\Repository\Shop\ShopRepository;
  22. use App\Verifier\Shop\LicenceVerifier;
  23. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  24. use Symfony\Component\HttpFoundation\Response;
  25. use Symfony\Component\HttpKernel\Event\RequestEvent;
  26. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  27. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  28. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  29. use Symfony\Component\Security\Core\Security;
  31. class ApiRequestSubscriber implements EventSubscriberInterface
  32. {
  33.     public const API_VERSION_200 '2.0.0';
  34.     public const API_VERSIONS = [
  35.         self::API_VERSION_200,
  36.     ];
  38.     private array $authorizedRoutes = [
  39.         'api_login_check',
  40.         'api_users_request_request_password_collection',
  41.         'api_users_check_password_reset_token_collection',
  42.         'api_users_reset_password_collection',
  43.         'api_entrypoint',
  44.         'api_doc',
  45.         'foxorders_api_',
  46.         'foxorders_api_doc',
  47.     ];
  49.     public function __construct(
  50.         private $devicePinDev,
  51.         private Security $security,
  52.         private SourceRepository $sourceRepository,
  53.         private RateLimiterChecker $rateLimiterChecker,
  54.         private DeviceRepository $deviceRepository,
  55.         private FranchiseRepository $franchiseRepository,
  56.         private ShopRepository $shopRepository,
  57.         private LicenceVerifier $licenceVerifier,
  58.     ) {
  59.     }
  61.     public static function getSubscribedEvents(): array
  62.     {
  63.         return [
  64.             RequestEvent::class => ['onKernelRequest'6],
  65.         ];
  66.     }
  68.     public function onKernelRequest(RequestEvent $event)
  69.     {
  70.         $request $event->getRequest();
  71.         $route $request->attributes->get('_route');
  72.         $source $request->headers->get('source');
  73.         $version $request->headers->get('version');
  74.         $franchiseToken $request->headers->get('franchise-token');
  75.         $devicePinDev $request->headers->get('device-pin-dev');
  76.         $shopToken $request->headers->get('shop-token');
  77.         $identifier $request->headers->get('device-token');
  78.         $isApiRoute null !== $route && str_contains($route'api_') && false === str_starts_with($route'foxorders_documentation');
  79.         $user $this->security->getUser();
  81.         if (false === $isApiRoute || true === \in_array($route$this->authorizedRoutestrue)) {
  82.             return true;
  83.         }
  85.         $this->rateLimiterChecker->checkRate();
  87.         if (false === $this->security->getUser()) {
  88.             throw new AccessDeniedHttpException(Response::$statusTexts[Response::HTTP_FORBIDDEN]);
  89.         }
  91.         if (null === $source) {
  92.             throw new SourceMandatoryException();
  93.         }
  95.         if (null === $version) {
  96.             throw new BadRequestHttpException(CustomResponseInterface::API_VERSION_MANDATORY);
  97.         }
  99.         if (false === \in_array($versionself::API_VERSIONStrue)) {
  100.             throw new BadRequestHttpException(CustomResponseInterface::API_VERSION_INVALID);
  101.         }
  103.         if (false === $this->sourceRepository->isApiSource($source)) {
  104.             throw new BadRequestHttpException(CustomResponseInterface::SOURCE_INVALID);
  105.         }
  107.         $franchise $shop $device null;
  108.         if ($user instanceof Manager) {
  109.             $franchise $user->getFranchise();
  110.         } elseif ($user instanceof ShopManager) {
  111.             $shop $user->getShop();
  112.             $device $user->getDevice();
  113.             $franchise $shop->getFranchise();
  114.             $shopToken $shop->getToken();
  115.         }
  117.         $franchiseToken $franchise?->getToken() ?? $franchiseToken;
  118.         if (null === $franchiseToken && !\in_array($routeFranchiseInterface::ENDPOINTS_WITHOUT_TOKENtrue)) {
  119.             throw new BadRequestHttpException(FranchiseResponseInterface::FRANCHISE_TOKEN_REQUIRED);
  120.         }
  122.         if (null === $franchise && null !== $franchiseToken) {
  123.             $franchise $this->franchiseRepository->findOneBy(['token' => $franchiseToken]);
  124.             if (null === $franchise) {
  125.                 throw new BadRequestHttpException(FranchiseResponseInterface::FRANCHISE_TOKEN_INVALID);
  126.             }
  127.         }
  129.         if (null === $shop && null !== $shopToken && null !== $franchiseToken) {
  130.             if (false === $this->shopRepository->isMatchedShopTokenFranchiseToken($franchiseToken$shopToken)) {
  131.                 throw new BadRequestHttpException(ShopResponseInterface::SHOP_TOKEN_INVALID);
  132.             }
  133.         }
  135.         if (null !== $franchise && FranchiseInterface::STATUS_DISABLED === $franchise->getStatus()) {
  136.             throw new AccessDeniedHttpException(CustomResponseInterface::ACCOUNT_BLOCKED);
  137.         }
  139.         if (false === $this->licenceVerifier->verify()) {
  140.             throw new UnauthorizedHttpException('Unauthorized access'CustomResponseInterface::ACCESS_DENIED);
  141.         }
  143.         if (SourceInterface::SOURCE_FOXORDERS_FRONT === $source && null !== $shopToken) {
  144.             $device $this->deviceRepository->defaultDevice($shopToken);
  145.             if (null === $device) {
  146.                 throw new BadRequestHttpException(DeviceResponseInterface::DEVICE_TOKEN_INVALID);
  147.             }
  149.             $request->headers->set('device-token'$device->getToken());
  151.             return true;
  152.         }
  154.         if ($this->devicePinDev === $devicePinDev) {
  155.             return;
  156.         }
  158.         if (false === \in_array($sourceSourceInterface::DEVICE_SOURCEStrue) || true === \in_array($routeDeviceInterface::WHITELISTED_DEVICE_ENDPOINTStrue)) {
  159.             return true;
  160.         }
  162.         // if (null === $identifier || '' === trim($identifier)) {
  163.         //     throw new UnauthorizedHttpException('Unauthorized access', DeviceResponseInterface::UNRECOGNIZED_DEVICE);
  164.         // }
  166.         // $device = $this->deviceRepository->findOneByFranchiseTokenAndIdentifier($franchiseToken, $identifier);
  167.         // if (null === $device) {
  168.         //     throw new UnauthorizedHttpException('Unauthorized access', DeviceResponseInterface::UNRECOGNIZED_DEVICE);
  169.         // }
  171.         // $request->headers->set('device-token', $device->getToken());
  173.         if (null !== $identifier && '' !== trim($identifier)) {
  174.             $device $this->deviceRepository->findOneByFranchiseTokenAndIdentifier($franchiseToken$identifier);
  175.             if (null !== $device) {
  176.                 $request->headers->set('device-token'$device->getToken());
  177.             }
  178.         }
  179.     }
  180. }