vendor/shopware/core/Framework/Api/EventListener/Authentication/SalesChannelAuthenticationListener.php line 48

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\EventListener\Authentication;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Core\Framework\Api\Util\AccessKeyHelper;
  7. use Shopware\Core\Framework\Routing\Exception\SalesChannelNotFoundException;
  8. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  9. use Shopware\Core\Framework\Routing\RouteScopeCheckTrait;
  10. use Shopware\Core\Framework\Routing\RouteScopeRegistry;
  11. use Shopware\Core\Framework\Routing\StoreApiRouteScope;
  12. use Shopware\Core\Framework\Uuid\Uuid;
  13. use Shopware\Core\PlatformRequest;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  16. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  17. use Symfony\Component\HttpKernel\KernelEvents;
  19. /**
  20.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  21.  */
  22. class SalesChannelAuthenticationListener implements EventSubscriberInterface
  23. {
  24.     use RouteScopeCheckTrait;
  26.     private Connection $connection;
  28.     private RouteScopeRegistry $routeScopeRegistry;
  30.     /**
  31.      * @internal
  32.      */
  33.     public function __construct(
  34.         Connection $connection,
  35.         RouteScopeRegistry $routeScopeRegistry
  36.     ) {
  37.         $this->connection $connection;
  38.         $this->routeScopeRegistry $routeScopeRegistry;
  39.     }
  41.     public static function getSubscribedEvents(): array
  42.     {
  43.         return [
  44.             KernelEvents::CONTROLLER => ['validateRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_PRIORITY_AUTH_VALIDATE],
  45.         ];
  46.     }
  48.     public function validateRequest(ControllerEvent $event): void
  49.     {
  50.         $request $event->getRequest();
  52.         if (!$request->attributes->get('auth_required'true)) {
  53.             return;
  54.         }
  56.         if (!$this->isRequestScoped($requestStoreApiRouteScope::class)) {
  57.             return;
  58.         }
  60.         $accessKey $request->headers->get(PlatformRequest::HEADER_ACCESS_KEY);
  61.         if (!$accessKey) {
  62.             throw new UnauthorizedHttpException('header'sprintf('Header "%s" is required.'PlatformRequest::HEADER_ACCESS_KEY));
  63.         }
  65.         $origin AccessKeyHelper::getOrigin($accessKey);
  66.         if ($origin !== 'sales-channel') {
  67.             throw new SalesChannelNotFoundException();
  68.         }
  70.         $salesChannelId $this->getSalesChannelId($accessKey);
  72.         $request->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  73.     }
  75.     protected function getScopeRegistry(): RouteScopeRegistry
  76.     {
  77.         return $this->routeScopeRegistry;
  78.     }
  80.     private function getSalesChannelId(string $accessKey): string
  81.     {
  82.         $builder $this->connection->createQueryBuilder();
  84.         $salesChannelId $builder->select(['sales_channel.id'])
  85.             ->from('sales_channel')
  86.             ->where('sales_channel.access_key = :accessKey')
  87.             ->setParameter('accessKey'$accessKey)
  88.             ->executeQuery()
  89.             ->fetchOne();
  91.         if (!$salesChannelId) {
  92.             throw new SalesChannelNotFoundException();
  93.         }
  95.         return Uuid::fromBytesToHex($salesChannelId);
  96.     }
  97. }