vendor/pimcore/data-hub/src/Controller/WebserviceController.php line 94

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\DataHubBundle\Controller;
  18. use GraphQL\Error\DebugFlag;
  19. use GraphQL\Error\Warning;
  20. use GraphQL\GraphQL;
  21. use GraphQL\Validator\DocumentValidator;
  22. use GraphQL\Validator\Rules\DisableIntrospection;
  23. use Pimcore\Bundle\DataHubBundle\Configuration;
  24. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\ExecutorEvents;
  25. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorEvent;
  26. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorResultEvent;
  27. use Pimcore\Bundle\DataHubBundle\GraphQL\ClassTypeDefinitions;
  28. use Pimcore\Bundle\DataHubBundle\GraphQL\Mutation\MutationType;
  29. use Pimcore\Bundle\DataHubBundle\GraphQL\Query\QueryType;
  30. use Pimcore\Bundle\DataHubBundle\GraphQL\Service;
  31. use Pimcore\Bundle\DataHubBundle\PimcoreDataHubBundle;
  32. use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService;
  33. use Pimcore\Bundle\DataHubBundle\Service\FileUploadService;
  34. use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService;
  35. use Pimcore\Cache\RuntimeCache;
  36. use Pimcore\Controller\FrontendController;
  37. use Pimcore\Helper\LongRunningHelper;
  38. use Pimcore\Localization\LocaleServiceInterface;
  39. use Pimcore\Logger;
  40. use Pimcore\Model\Factory;
  41. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  42. use Symfony\Component\HttpFoundation\JsonResponse;
  43. use Symfony\Component\HttpFoundation\Request;
  44. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  45. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  47. class WebserviceController extends FrontendController
  48. {
  49.     /**
  50.      * @var EventDispatcherInterface
  51.      */
  52.     private $eventDispatcher;
  54.     /**
  55.      * @var CheckConsumerPermissionsService
  56.      */
  57.     private $permissionsService;
  59.     /**
  60.      * @var OutputCacheService
  61.      */
  62.     private $cacheService;
  64.     /**
  65.      * @var FileUploadService
  66.      */
  67.     private $uploadService;
  69.     /**
  70.      * @param EventDispatcherInterface $eventDispatcher
  71.      */
  72.     public function __construct(
  73.         EventDispatcherInterface $eventDispatcher,
  74.         CheckConsumerPermissionsService $permissionsService,
  75.         OutputCacheService $cacheService,
  76.         FileUploadService $uploadService
  77.     ) {
  78.         $this->eventDispatcher $eventDispatcher;
  79.         $this->permissionsService $permissionsService;
  80.         $this->cacheService $cacheService;
  81.         $this->uploadService $uploadService;
  82.     }
  84.     /**
  85.      * @param Service $service
  86.      * @param LocaleServiceInterface $localeService
  87.      * @param Factory $modelFactory
  88.      * @param Request $request
  89.      *
  90.      * @return JsonResponse
  91.      *
  92.      * @throws \Exception
  93.      */
  94.     public function webonyxAction(
  95.         Service $service,
  96.         LocaleServiceInterface $localeService,
  97.         Factory $modelFactory,
  98.         Request $request,
  99.         LongRunningHelper $longRunningHelper
  100.     ) {
  101.         $clientname $request->get('clientname');
  103.         $configuration Configuration::getByName($clientname);
  104.         if (!$configuration || !$configuration->isActive()) {
  105.             throw new NotFoundHttpException('No active configuration found for ' $clientname);
  106.         }
  108.         if (!$this->permissionsService->performSecurityCheck($request$configuration)) {
  109.             throw new AccessDeniedHttpException('Permission denied, apikey not valid');
  110.         }
  112.         if ($response $this->cacheService->load($request)) {
  113.             Logger::debug('Loading response from cache');
  115.             return $response;
  116.         }
  118.         Logger::debug('Cache entry not found');
  120.         // context info, will be passed on to all resolver function
  121.         $context = ['clientname' => $clientname'configuration' => $configuration];
  123.         $config $this->getParameter('pimcore_data_hub');
  125.         if (isset($config['graphql']) && isset($config['graphql']['not_allowed_policy'])) {
  126.             PimcoreDataHubBundle::setNotAllowedPolicy($config['graphql']['not_allowed_policy']);
  127.         }
  129.         $longRunningHelper->addPimcoreRuntimeCacheProtectedItems(['datahub_context']);
  130.         RuntimeCache::set('datahub_context'$context);
  132.         ClassTypeDefinitions::build($service$context);
  134.         $queryType = new QueryType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  135.         $mutationType = new MutationType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  137.         try {
  138.             $schemaConfig = [
  139.                 'query' => $queryType
  140.             ];
  141.             if (!$mutationType->isEmpty()) {
  142.                 $schemaConfig['mutation'] = $mutationType;
  143.             }
  144.             $schema = new \GraphQL\Type\Schema(
  145.                 $schemaConfig
  146.             );
  147.         } catch (\Exception $e) {
  148.             Warning::enable(false);
  149.             $schema = new \GraphQL\Type\Schema(
  150.                 [
  151.                     'query' => $queryType,
  152.                     'mutation' => $mutationType
  153.                 ]
  154.             );
  155.             $schema->assertValid();
  156.             Logger::error($e);
  157.             throw $e;
  158.         }
  160.         $contentType $request->headers->get('content-type') ?? '';
  162.         if (mb_stripos($contentType'multipart/form-data') !== false) {
  163.             $input $this->uploadService->parseUploadedFiles($request);
  164.         } else {
  165.             $input json_decode($request->getContent(), true);
  166.         }
  168.         $query $input['query'] ?? null;
  169.         $variableValues $input['variables'] ?? null;
  171.         try {
  172.             $rootValue = [];
  174.             $validators null;
  175.             if ($request->get('novalidate')) {
  176.                 // disable all validators except the listed ones
  177.                 $validators = [
  178. //                    new NoUndefinedVariables()
  179.                 ];
  180.             }
  182.             $event = new ExecutorEvent(
  183.                 $request,
  184.                 $query,
  185.                 $schema,
  186.                 $context
  187.             );
  189.             $this->eventDispatcher->dispatch($eventExecutorEvents::PRE_EXECUTE);
  191.             if ($event->getRequest() instanceof Request) {
  192.                 $variableValues $event->getRequest()->get('variables'$variableValues);
  193.             }
  195.             $disableIntrospection $configuration->getSecurityConfig()['disableIntrospection'] ?? false;
  196.             if ($disableIntrospection === true) {
  197.                 DocumentValidator::addRule(new DisableIntrospection());
  198.             }
  200.             $result GraphQL::executeQuery(
  201.                 $event->getSchema(),
  202.                 $event->getQuery(),
  203.                 $rootValue,
  204.                 $event->getContext(),
  205.                 $variableValues,
  206.                 null,
  207.                 null,
  208.                 $validators
  209.             );
  211.             $exResult = new ExecutorResultEvent($request$result);
  212.             $this->eventDispatcher->dispatch($exResultExecutorEvents::POST_EXECUTE);
  213.             $result $exResult->getResult();
  215.             if (\Pimcore::inDebugMode()) {
  216.                 $debug DebugFlag::INCLUDE_DEBUG_MESSAGE DebugFlag::INCLUDE_TRACE;
  217.                 $output $result->toArray($debug);
  218.             } else {
  219.                 $output $result->toArray();
  220.             }
  221.         } catch (\Exception $e) {
  222.             $output = [
  223.                 'errors' => [
  224.                     [
  225.                         'message' => $e->getMessage(),
  226.                     ],
  227.                 ],
  228.             ];
  229.         }
  231.         $origin '*';
  232.         if (!empty($_SERVER['HTTP_ORIGIN'])) {
  233.             $origin $_SERVER['HTTP_ORIGIN'];
  234.         }
  236.         $response = new JsonResponse($output);
  237.         $response->headers->set('Access-Control-Allow-Origin'$origin);
  238.         $response->headers->set('Access-Control-Allow-Credentials''true');
  239.         $response->headers->set('Access-Control-Allow-Methods''GET, POST, OPTIONS');
  240.         $response->headers->set('Access-Control-Allow-Headers''Origin, Content-Type, X-Auth-Token');
  242.         $this->cacheService->save($request$response);
  244.         return $response;
  245.     }
  246. }