vendor/shopware/core/Framework/Api/EventListener/Authentication/SalesChannelAuthenticationListener.php line 51

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\EventListener\Authentication;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Core\Framework\Api\Util\AccessKeyHelper;
  7. use Shopware\Core\Framework\Routing\Exception\SalesChannelNotFoundException;
  8. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  9. use Shopware\Core\Framework\Routing\RouteScopeCheckTrait;
  10. use Shopware\Core\Framework\Routing\RouteScopeRegistry;
  11. use Shopware\Core\Framework\Routing\StoreApiRouteScope;
  12. use Shopware\Core\Framework\Uuid\Uuid;
  13. use Shopware\Core\PlatformRequest;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  16. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  17. use Symfony\Component\HttpKernel\KernelEvents;
  19. class SalesChannelAuthenticationListener implements EventSubscriberInterface
  20. {
  21.     use RouteScopeCheckTrait;
  23.     /**
  24.      * @var Connection
  25.      */
  26.     private $connection;
  28.     /**
  29.      * @var RouteScopeRegistry
  30.      */
  31.     private $routeScopeRegistry;
  33.     /**
  34.      * @internal
  35.      */
  36.     public function __construct(
  37.         Connection $connection,
  38.         RouteScopeRegistry $routeScopeRegistry
  39.     ) {
  40.         $this->connection $connection;
  41.         $this->routeScopeRegistry $routeScopeRegistry;
  42.     }
  44.     public static function getSubscribedEvents(): array
  45.     {
  46.         return [
  47.             KernelEvents::CONTROLLER => ['validateRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_PRIORITY_AUTH_VALIDATE],
  48.         ];
  49.     }
  51.     public function validateRequest(ControllerEvent $event): void
  52.     {
  53.         $request $event->getRequest();
  55.         if (!$request->attributes->get('auth_required'true)) {
  56.             return;
  57.         }
  59.         if (!$this->isRequestScoped($requestStoreApiRouteScope::class)) {
  60.             return;
  61.         }
  63.         if (!$request->headers->has(PlatformRequest::HEADER_ACCESS_KEY)) {
  64.             throw new UnauthorizedHttpException('header'sprintf('Header "%s" is required.'PlatformRequest::HEADER_ACCESS_KEY));
  65.         }
  67.         $accessKey $request->headers->get(PlatformRequest::HEADER_ACCESS_KEY);
  69.         $origin AccessKeyHelper::getOrigin($accessKey);
  70.         if ($origin !== 'sales-channel') {
  71.             throw new SalesChannelNotFoundException();
  72.         }
  74.         $salesChannelId $this->getSalesChannelId($accessKey);
  76.         $request->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  77.     }
  79.     protected function getScopeRegistry(): RouteScopeRegistry
  80.     {
  81.         return $this->routeScopeRegistry;
  82.     }
  84.     private function getSalesChannelId(string $accessKey): string
  85.     {
  86.         $builder $this->connection->createQueryBuilder();
  88.         $salesChannelId $builder->select(['sales_channel.id'])
  89.             ->from('sales_channel')
  90.             ->where('sales_channel.access_key = :accessKey')
  91.             ->setParameter('accessKey'$accessKey)
  92.             ->execute()
  93.             ->fetchColumn();
  95.         if (!$salesChannelId) {
  96.             throw new SalesChannelNotFoundException();
  97.         }
  99.         return Uuid::fromBytesToHex($salesChannelId);
  100.     }
  101. }