vendor/shopware/core/Framework/Api/EventListener/Authentication/SalesChannelAuthenticationListener.php line 50

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\EventListener\Authentication;
  5. use Doctrine\DBAL\Connection;
  6. use Shopware\Core\Framework\Api\Util\AccessKeyHelper;
  7. use Shopware\Core\Framework\Log\Package;
  8. use Shopware\Core\Framework\Routing\Exception\SalesChannelNotFoundException;
  9. use Shopware\Core\Framework\Routing\KernelListenerPriorities;
  10. use Shopware\Core\Framework\Routing\RouteScopeCheckTrait;
  11. use Shopware\Core\Framework\Routing\RouteScopeRegistry;
  12. use Shopware\Core\Framework\Routing\StoreApiRouteScope;
  13. use Shopware\Core\Framework\Uuid\Uuid;
  14. use Shopware\Core\PlatformRequest;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  17. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  18. use Symfony\Component\HttpKernel\KernelEvents;
  20. /**
  21.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  22.  */
  23. #[Package('core')]
  24. class SalesChannelAuthenticationListener implements EventSubscriberInterface
  25. {
  26.     use RouteScopeCheckTrait;
  28.     private Connection $connection;
  30.     private RouteScopeRegistry $routeScopeRegistry;
  32.     /**
  33.      * @internal
  34.      */
  35.     public function __construct(
  36.         Connection $connection,
  37.         RouteScopeRegistry $routeScopeRegistry
  38.     ) {
  39.         $this->connection $connection;
  40.         $this->routeScopeRegistry $routeScopeRegistry;
  41.     }
  43.     public static function getSubscribedEvents(): array
  44.     {
  45.         return [
  46.             KernelEvents::CONTROLLER => ['validateRequest'KernelListenerPriorities::KERNEL_CONTROLLER_EVENT_PRIORITY_AUTH_VALIDATE],
  47.         ];
  48.     }
  50.     public function validateRequest(ControllerEvent $event): void
  51.     {
  52.         $request $event->getRequest();
  54.         if (!$request->attributes->get('auth_required'true)) {
  55.             return;
  56.         }
  58.         if (!$this->isRequestScoped($requestStoreApiRouteScope::class)) {
  59.             return;
  60.         }
  62.         $accessKey $request->headers->get(PlatformRequest::HEADER_ACCESS_KEY);
  63.         if (!$accessKey) {
  64.             throw new UnauthorizedHttpException('header'sprintf('Header "%s" is required.'PlatformRequest::HEADER_ACCESS_KEY));
  65.         }
  67.         $origin AccessKeyHelper::getOrigin($accessKey);
  68.         if ($origin !== 'sales-channel') {
  69.             throw new SalesChannelNotFoundException();
  70.         }
  72.         $salesChannelId $this->getSalesChannelId($accessKey);
  74.         $request->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID$salesChannelId);
  75.     }
  77.     protected function getScopeRegistry(): RouteScopeRegistry
  78.     {
  79.         return $this->routeScopeRegistry;
  80.     }
  82.     private function getSalesChannelId(string $accessKey): string
  83.     {
  84.         $builder $this->connection->createQueryBuilder();
  86.         $salesChannelId $builder->select(['sales_channel.id'])
  87.             ->from('sales_channel')
  88.             ->where('sales_channel.access_key = :accessKey')
  89.             ->setParameter('accessKey'$accessKey)
  90.             ->executeQuery()
  91.             ->fetchOne();
  93.         if (!$salesChannelId) {
  94.             throw new SalesChannelNotFoundException();
  95.         }
  97.         return Uuid::fromBytesToHex($salesChannelId);
  98.     }
  99. }