src/EventListener/RequestListener.php line 164

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Controller\AccessDeniedController;
  6. use App\Entity\User;
  7. use App\Entity\WebService;
  8. use App\Entity\WebServiceLog;
  9. use App\Repository\DomainRepository;
  10. use App\Repository\UserRepository;
  11. use App\Service\Misc;
  12. use App\Service\OrganisationService;
  13. use Doctrine\ORM\EntityManagerInterface;
  14. use Doctrine\ORM\NonUniqueResultException;
  15. use GraphQL\Utils\AST;
  16. use Overblog\GraphQLBundle\Request\Parser;
  17. use Symfony\Component\DependencyInjection\ContainerInterface;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\HttpFoundation\RequestStack;
  21. use Symfony\Component\HttpFoundation\Response;
  22. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  23. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  24. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  25. use Symfony\Component\Security\Core\Security;
  27. readonly class RequestListener
  28. {
  29.     public function __construct(
  30.         private Security               $security,
  31.         private UrlGeneratorInterface  $router,
  32.         private Misc                   $misc,
  33.         private RequestStack           $requestStack,
  34.         private UserRepository         $userRepository,
  35.         private DomainRepository       $domainRepository,
  36.         private EntityManagerInterface $entityManager,
  37.         private ContainerInterface     $container,
  38.         private OrganisationService    $organisationService
  39.     )
  40.     {
  41.     }
  43.     /**
  44.      * @throws NonUniqueResultException
  45.      */
  46.     public function onKernelController(ControllerEvent $event): void
  47.     {
  48.         /**
  49.          * @var User $user
  50.          */
  51.         $user $this->security->getUser();
  52.         if ($user && $event->isMainRequest() && $user->isCustomer()) {
  53.             $controller $event->getController();
  54.             if (in_array($controller[1], ['chooseOrganisation''choose'])) {
  55.                 return;
  56.             }
  58.             $session $this->requestStack->getSession();
  60.             // Verifier si l'utilisateur a plusieurs organisation
  61.             if (
  62.                 $this->userRepository->getCountOrga($user) > &&
  63.                 $session->get('organisation'null) === null &&
  64.                 !in_array($controller[1], ['chooseOrganisation''choose''endpointAction'])
  65.             ) {
  66.                 $event->stopPropagation();
  67.                 $router $this->router;
  68.                 $event->setController(static function () use ($router) {
  69.                     return new RedirectResponse($router->generate('choose_organisation'));
  70.                 });
  71.             }
  73.             if ($controller[1] === 'endpointAction') {
  74.                 $domainId $this->requestStack->getCurrentRequest()?->get('id'0);
  75.                 $routeName $this->requestStack->getCurrentRequest()?->attributes->get('name');
  76.                 if (
  77.                     $domainId === &&
  78.                     !$this->isAllowedCall()
  79.                 ) {
  80.                     $event->stopPropagation();
  81.                     $event->setController(static function () {
  82.                         return new Response(
  83.                             'Domain ID is required.',
  84.                             Response::HTTP_FORBIDDEN
  85.                         );
  86.                     });
  87.                     return;
  88.                 }
  90.                 $domain $this->domainRepository->getDomainByUserAndId(
  91.                     $user->getId(),
  92.                     $domainId
  93.                 );
  95.                 $organisation $domain?->getOrganisation();
  97.                 $sub $this->misc->getActifSubsription($organisation);
  99.                 if (
  100.                     ($organisation === null || !$organisation->getIsAdded()) &&
  101.                     !$this->isAllowedCall()
  102.                 ) {
  103.                     $event->stopPropagation();
  104.                     $event->setController(static function () {
  105.                         return new Response(
  106.                             'Requested resources didn\'t exist.',
  107.                             Response::HTTP_UNAUTHORIZED
  108.                         );
  109.                     });
  110.                 }else if (
  111.                     ($sub === null) &&
  112.                     !$this->isAllowedCall()
  113.                 ) {
  114.                     $event->stopPropagation();
  115.                     $event->setController(static function () {
  116.                         return new Response(
  117.                             'Your subscription has expired.',
  118.                             Response::HTTP_FORBIDDEN
  119.                         );
  120.                     });
  121.                 }
  123.                 if ($organisation && $routeName === 'publicEndpoint') {
  124.                     $this->organisationService->setupConsumedQuota($organisation);
  125.                     if ($organisation->getQuota() <= $organisation->getConsumedQuota()) {
  126.                         $event->stopPropagation();
  127.                         $event->setController(static function () {
  128.                             return new Response(
  129.                                 'you have exceeded your quota.',
  130.                                 Response::HTTP_TOO_MANY_REQUESTS
  131.                             );
  132.                         });
  133.                     }
  134.                 }
  135.             } else {
  136.                 $organisation $this->misc->getUserOrganisation($user);
  137.                 $sub $this->misc->getActifSubsription($organisation);
  139.                 if (
  140.                     !($controller[0] instanceof AccessDeniedController) &&
  141.                     ($organisation === null || $sub === null || !$organisation->getIsAdded())
  142.                 ) {
  143.                     $event->stopPropagation();
  144.                     // Set your custom controller that produces a 403 response
  145.                     $router $this->router;
  146.                     $event->setController(static function () use ($router) {
  147.                         return new RedirectResponse($router->generate('access_denied'));
  148.                     });
  149.                 } elseif (
  150.                     $controller[0] instanceof AccessDeniedController &&
  151.                     $sub &&
  152.                     $organisation->getIsAdded() &&
  153.                     !in_array($controller[1], ['chooseOrganisation''choose'])
  154.                 ) {
  155.                     $router $this->router;
  156.                     $event->setController(static function () use ($router) {
  157.                         return new RedirectResponse($router->generate('home'));
  158.                     });
  159.                 }
  160.             }
  161.         }
  162.     }
  164.     public function onKernelResponse(ResponseEvent $event): void
  165.     {
  166.         try {
  167.             $response $event->getResponse()->getContent();
  168.             $decodedResponse json_decode($responsetrue512JSON_THROW_ON_ERROR);
  170.             $routeName $this->requestStack->getCurrentRequest()?->attributes->get('name');
  171.             if ($routeName === 'publicEndpoint') {
  172.                 if (
  173.                     !isset($decodedResponse['errors']) &&
  174.                     $event->getResponse()->isSuccessful()
  175.                 ) {
  176.                     $this->manageWebServiceStats();
  177.                 }
  178.             }
  179.         } catch (\Exception $e) {
  180.         }
  181.     }
  183.     /**
  184.      * @return bool
  185.      */
  186.     private function isAllowedCall(): bool
  187.     {
  188.         $functionNames $this->getGraphQLFunctionName($this->requestStack->getCurrentRequest());
  190.         return count(
  191.                 array_intersect(
  192.                     [
  193.                         'updateProfile''getProfile''enable2fAuth''getDomain''__schema',
  194.                         'recoverPassword''forgotPassword''upsertOrganisation''getIndustry'
  195.                     ],
  196.                     $functionNames
  197.                 )
  198.             ) > 0;
  199.     }
  201.     /**
  202.      * @param Request $request
  203.      * @return array|string[]
  204.      */
  205.     private function getGraphQLFunctionName(Request $request): array
  206.     {
  207.         try {
  208.             $requestParser = new Parser();
  209.             $parse $requestParser->parse($request);
  210.             $parse2 \GraphQL\Language\Parser::parse($parse['query']);
  212.             $array AST::toArray($parse2);
  213.             $functions = [];
  214.             foreach ($array['definitions'] as $definition) {
  215.                 foreach ($definition['selectionSet']['selections'] as $selection) {
  216.                     if (!in_array($selection['name']['value'], $functionstrue)) {
  217.                         $functions[] = $selection['name']['value'];
  218.                     }
  219.                 }
  220.             }
  221.             return $functions;
  222.         } catch (\Exception $e) {
  223.             return ['Invalid request'];
  224.         }
  225.     }
  227.     /**
  228.      * @return void
  229.      */
  230.     private function manageWebServiceStats(): void
  231.     {
  232.         $user $this->security->getUser();
  233.         $functionNames $this->getGraphQLFunctionName($this->requestStack->getCurrentRequest());
  234.         foreach ($functionNames as $functionName) {
  235.             if (!in_array($functionName$this->getResolverAndMutation(), true)) {
  236.                 continue;
  237.             }
  238.             $ws $this->entityManager->getRepository(WebService::class)->findOneBy(['name' => $functionName]);
  239.             if (!$ws) {
  240.                 $ws = new WebService();
  241.                 $ws->setName($functionName);
  242.                 $this->entityManager->persist($ws);
  243.             }
  244.             $ws->addWebServiceLog(
  245.                 (new WebServiceLog())
  246.                     ->setCalledBy($user)
  247.             );
  248.         }
  249.         $this->entityManager->flush();
  250.     }
  252.     /**
  253.      * @return array
  254.      */
  255.     private function getResolverAndMutation(): array
  256.     {
  257.         $services = ['overblog_graphql.query_resolver''overblog_graphql.mutation_resolver'];
  258.         $resolversAndMutations = [];
  260.         foreach ($services as $serviceId) {
  261.             $service $this->container->get($serviceId);
  262.             array_push(
  263.                 $resolversAndMutations,
  264.                 ...array_keys($service->getAliases())
  265.             );
  266.         }
  268.         return $resolversAndMutations;
  269.     }
  271. }