src/Twig/Functions/DownloadExtension.php line 70

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Twig\Functions;
  7. use App\Subscriber\DownloadTokenSubscriber;
  8. use Lcobucci\Clock\SystemClock;
  9. use Lcobucci\JWT\Encoding\CannotDecodeContent;
  10. use Lcobucci\JWT\Encoding\JoseEncoder;
  11. use Lcobucci\JWT\Signer\Hmac\Sha256;
  12. use Lcobucci\JWT\Signer\Key\InMemory;
  13. use Lcobucci\JWT\Token\InvalidTokenStructure;
  14. use Lcobucci\JWT\Token\Parser;
  15. use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
  16. use Lcobucci\JWT\Validation\Constraint\SignedWith;
  17. use Lcobucci\JWT\Validation\Validator;
  18. use Psr\Log\LoggerInterface;
  19. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  20. use Twig\Extension\AbstractExtension;
  21. use Twig\TwigFunction;
  22. use TypeError;
  24. /**
  25. * Class DownloadExtension
  26. *
  27. * @package App\Twig\Functions
  28. */
  29. class DownloadExtension extends AbstractExtension
  30. {
  31. private string $downloadBaseUrl;
  33. private string $jwtPrivateKey;
  35. private LoggerInterface $logger;
  37. private SessionInterface $session;
  39. /**
  40. * DownloadExtension constructor.
  41. *
  42. * @param SessionInterface $session
  43. * @param string $downloadBaseUrl
  44. * @param string $jwtPrivateKey
  45. */
  46. public function __construct(SessionInterface $session, string $downloadBaseUrl, string $jwtPrivateKey, LoggerInterface $logger)
  47. {
  48. $this->session = $session;
  49. $this->downloadBaseUrl = $downloadBaseUrl;
  50. $this->jwtPrivateKey = $jwtPrivateKey;
  51. $this->logger = $logger;
  52. }
  54. /**
  55. * @return TwigFunction[]
  56. */
  57. public function getFunctions(): array
  58. {
  59. return [
  60. new TwigFunction('isAssetDownloadAllowed', [$this, 'isAssetDownloadAllowed']),
  61. new TwigFunction('getAssetDownloadUrl', [$this, 'getAssetDownloadUrl']),
  62. ];
  63. }
  65. /**
  66. * @return bool
  67. */
  68. public function isAssetDownloadAllowed(): bool
  69. {
  70. if (!$this->session->has(DownloadTokenSubscriber::SESSION_KEY_DOWNLOAD_TOKEN)) {
  71. return false;
  72. }
  74. $downloadToken = $this->session->get(DownloadTokenSubscriber::SESSION_KEY_DOWNLOAD_TOKEN);
  76. try {
  77. $parsedToken = (new Parser(new JoseEncoder()))->parse($downloadToken);
  78. } catch (TypeError $e) {
  79. $this->logger->warning('The token is invalid. Error: TypeError', ['downloadToken' => $downloadToken]);
  81. return false;
  82. } catch (CannotDecodeContent $e) {
  83. $this->logger->warning('The token is invalid. Error: CannotDecodeContent', ['downloadToken' => $downloadToken]);
  85. return false;
  86. } catch (InvalidTokenStructure $e) {
  87. $this->logger->warning('The token is invalid. Error: InvalidTokenStructure', ['downloadToken' => $downloadToken]);
  89. return false;
  90. }
  92. $constraints = [
  93. new SignedWith(new Sha256(), InMemory::plainText($this->jwtPrivateKey)),
  94. new LooseValidAt(SystemClock::fromSystemTimezone()),
  95. ];
  97. $valid = (new Validator())->validate($parsedToken, ...$constraints);
  99. if (!$valid) {
  100. $this->logger->warning('The token is invalid. Maybe it\'s expired or the jwtPrivateKey ist wrong configured.');
  101. }
  103. return $valid;
  104. }
  106. /**
  107. * @param array $asset
  108. * @return string
  109. */
  110. public function getAssetDownloadUrl(array $asset): string
  111. {
  112. $downloadToken = $this->session->get(DownloadTokenSubscriber::SESSION_KEY_DOWNLOAD_TOKEN);
  114. return $this->downloadBaseUrl . $asset['id'] . '?downloadToken=' . $downloadToken;
  115. }
  116. }