src/Module/Cms/Subscriber/PreviewSubscriber.php line 55

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Module\Cms\Subscriber;
  7. use Exception;
  8. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  9. use Symfony\Component\HttpFoundation\Request;
  10. use Symfony\Component\HttpKernel\Event\RequestEvent;
  11. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  14. /**
  15. * Class PreviewSubscriber
  16. *
  17. * @package App\Module\Cms\Subscriber
  18. */
  19. class PreviewSubscriber implements EventSubscriberInterface
  20. {
  21. /**
  22. * VALIDATION_TOKEN_LIFETIME
  23. */
  24. private const VALIDATION_TOKEN_LIFETIME = 9000;
  26. private string $previewToken;
  28. /**
  29. * PreviewSubscriber constructor.
  30. *
  31. * @param string $previewToken
  32. */
  33. public function __construct(string $previewToken)
  34. {
  35. $this->previewToken = $previewToken;
  36. }
  38. /**
  39. * @return array[][]
  40. */
  41. public static function getSubscribedEvents(): array
  42. {
  43. return [
  44. KernelEvents::REQUEST => [
  45. ['onKernelRequest', 32],
  46. ],
  47. ];
  48. }
  50. /**
  51. * @param RequestEvent $event
  52. * @throws Exception
  53. * @return void
  54. */
  55. public function onKernelRequest(RequestEvent $event): void
  56. {
  57. if (!$event->isMasterRequest()) {
  58. return;
  59. }
  61. $request = $event->getRequest();
  63. if ($request->getPathInfo() !== '/preview') {
  64. return;
  65. }
  67. if (!$this->hasValidToken($request)) {
  68. throw new AccessDeniedHttpException('Token missing or invalid!');
  69. }
  72. }
  74. /**
  75. * @param Request $request
  76. * @return string
  77. */
  78. private function generateValidationToken(Request $request): string
  79. {
  80. $tokenData = $request->query->get('_storyblok_tk');
  81. $rawToken = sprintf('%s:%s:%s', $tokenData['space_id'], $this->previewToken, $tokenData['timestamp']);
  83. return sha1($rawToken);
  84. }
  86. /**
  87. * @param Request $request
  88. * @return bool
  89. */
  90. private function hasValidToken(Request $request): bool
  91. {
  92. $tokenData = $request->query->get('_storyblok_tk');
  93. $tokenTimestamp = (int) ($tokenData['timestamp'] ?? 0);
  95. if ($tokenTimestamp === 0 || $tokenTimestamp < (strtotime('now') - self::VALIDATION_TOKEN_LIFETIME)) {
  96. throw new AccessDeniedHttpException('Expired - tokenTimestamp: ' . $tokenTimestamp . ' expirationDate: ' . (strtotime('now') - self::VALIDATION_TOKEN_LIFETIME));
  97. }
  99. $token = $tokenData['token'] ?? null;
  101. if ($token === null || $token !== $this->generateValidationToken($request)) {
  102. throw new AccessDeniedHttpException('Invalid token - delivered: ' . $token . ' expected: ' . $this->generateValidationToken($request));
  103. }
  105. return true;
  106. }
  107. }