vendor/pimcore/data-hub/src/Controller/WebserviceController.php line 48

Open in your IDE?
  1. <?php
  2. /**
  3.  * Pimcore
  4.  *
  5.  * This source file is available under two different licenses:
  6.  * - GNU General Public License version 3 (GPLv3)
  7.  * - Pimcore Commercial License (PCL)
  8.  * Full copyright and license information is available in
  9.  * LICENSE.md which is distributed with this source code.
  10.  *
  11.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  12.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  13.  */
  14. namespace Pimcore\Bundle\DataHubBundle\Controller;
  15. use GraphQL\Error\DebugFlag;
  16. use GraphQL\Error\Warning;
  17. use GraphQL\GraphQL;
  18. use GraphQL\Server\RequestError;
  19. use GraphQL\Validator\DocumentValidator;
  20. use GraphQL\Validator\Rules\DisableIntrospection;
  21. use Pimcore\Bundle\DataHubBundle\Configuration;
  22. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\ExecutorEvents;
  23. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorEvent;
  24. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorResultEvent;
  25. use Pimcore\Bundle\DataHubBundle\GraphQL\ClassTypeDefinitions;
  26. use Pimcore\Bundle\DataHubBundle\GraphQL\Mutation\MutationType;
  27. use Pimcore\Bundle\DataHubBundle\GraphQL\Query\QueryType;
  28. use Pimcore\Bundle\DataHubBundle\GraphQL\Service;
  29. use Pimcore\Bundle\DataHubBundle\PimcoreDataHubBundle;
  30. use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService;
  31. use Pimcore\Bundle\DataHubBundle\Service\FileUploadService;
  32. use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService;
  33. use Pimcore\Cache\RuntimeCache;
  34. use Pimcore\Controller\FrontendController;
  35. use Pimcore\Helper\LongRunningHelper;
  36. use Pimcore\Localization\LocaleServiceInterface;
  37. use Pimcore\Logger;
  38. use Pimcore\Model\Factory;
  39. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  40. use Symfony\Component\HttpFoundation\JsonResponse;
  41. use Symfony\Component\HttpFoundation\Request;
  42. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  43. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  44. class WebserviceController extends FrontendController
  45. {
  46.     /**
  47.      * @var EventDispatcherInterface
  48.      */
  49.     private $eventDispatcher;
  50.     /**
  51.      * @var CheckConsumerPermissionsService
  52.      */
  53.     private $permissionsService;
  54.     /**
  55.      * @var OutputCacheService
  56.      */
  57.     private $cacheService;
  58.     /**
  59.      * @var FileUploadService
  60.      */
  61.     private $uploadService;
  62.     public function __construct(
  63.         EventDispatcherInterface $eventDispatcher,
  64.         CheckConsumerPermissionsService $permissionsService,
  65.         OutputCacheService $cacheService,
  66.         FileUploadService $uploadService
  67.     ) {
  68.         $this->eventDispatcher $eventDispatcher;
  69.         $this->permissionsService $permissionsService;
  70.         $this->cacheService $cacheService;
  71.         $this->uploadService $uploadService;
  72.     }
  73.     /**
  74.      * @param Service $service
  75.      * @param LocaleServiceInterface $localeService
  76.      * @param Factory $modelFactory
  77.      * @param Request $request
  78.      * @param LongRunningHelper $longRunningHelper
  79.      *
  80.      * @return JsonResponse
  81.      *
  82.      * @throws RequestError|\Exception
  83.      */
  84.     public function webonyxAction(
  85.         Service $service,
  86.         LocaleServiceInterface $localeService,
  87.         Factory $modelFactory,
  88.         Request $request,
  89.         LongRunningHelper $longRunningHelper
  90.     ) {
  91.         $clientname $request->get('clientname');
  92.         $configuration Configuration::getByName($clientname);
  93.         if (!$configuration || !$configuration->isActive()) {
  94.             throw new NotFoundHttpException('No active configuration found for ' $clientname);
  95.         }
  96.         if (!$this->permissionsService->performSecurityCheck($request$configuration)) {
  97.             throw new AccessDeniedHttpException('Permission denied, apikey not valid');
  98.         }
  99.         if ($response $this->cacheService->load($request)) {
  100.             Logger::debug('Loading response from cache');
  101.             return $response;
  102.         }
  103.         Logger::debug('Cache entry not found');
  104.         // context info, will be passed on to all resolver function
  105.         $context = ['clientname' => $clientname'configuration' => $configuration];
  106.         $config $this->getParameter('pimcore_data_hub');
  107.         if (isset($config['graphql']) && isset($config['graphql']['not_allowed_policy'])) {
  108.             PimcoreDataHubBundle::setNotAllowedPolicy($config['graphql']['not_allowed_policy']);
  109.         }
  110.         $longRunningHelper->addPimcoreRuntimeCacheProtectedItems(['datahub_context']);
  111.         RuntimeCache::set('datahub_context'$context);
  112.         ClassTypeDefinitions::build($service$context);
  113.         $queryType = new QueryType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  114.         $mutationType = new MutationType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  115.         try {
  116.             $schemaConfig = [
  117.                 'query' => $queryType
  118.             ];
  119.             if (!$mutationType->isEmpty()) {
  120.                 $schemaConfig['mutation'] = $mutationType;
  121.             }
  122.             $schema = new \GraphQL\Type\Schema(
  123.                 $schemaConfig
  124.             );
  125.         } catch (\Exception $e) {
  126.             Warning::enable(false);
  127.             $schema = new \GraphQL\Type\Schema(
  128.                 [
  129.                     'query' => $queryType,
  130.                     'mutation' => $mutationType
  131.                 ]
  132.             );
  133.             $schema->assertValid();
  134.             Logger::error($e);
  135.             throw $e;
  136.         }
  137.         $contentType $request->headers->get('content-type') ?? '';
  138.         if (mb_stripos($contentType'multipart/form-data') !== false) {
  139.             $input $this->uploadService->parseUploadedFiles($request);
  140.         } else {
  141.             $input json_decode($request->getContent(), true);
  142.         }
  143.         $query $input['query'] ?? '';
  144.         $variableValues $input['variables'] ?? null;
  145.         try {
  146.             $rootValue = [];
  147.             $validators null;
  148.             if ($request->get('novalidate')) {
  149.                 // disable all validators except the listed ones
  150.                 $validators = [
  151. //                    new NoUndefinedVariables()
  152.                 ];
  153.             }
  154.             $event = new ExecutorEvent(
  155.                 $request,
  156.                 $query,
  157.                 $schema,
  158.                 $context
  159.             );
  160.             $this->eventDispatcher->dispatch($eventExecutorEvents::PRE_EXECUTE);
  161.             if ($event->getRequest() instanceof Request) {
  162.                 $variableValues $event->getRequest()->get('variables'$variableValues);
  163.             }
  164.             $configAllowIntrospection true;
  165.             if (isset($config['graphql']) && isset($config['graphql']['allow_introspection'])) {
  166.                 $configAllowIntrospection $config['graphql']['allow_introspection'];
  167.             }
  168.             $disableIntrospection = !$configAllowIntrospection || (isset($configuration->getSecurityConfig()['disableIntrospection']) && $configuration->getSecurityConfig()['disableIntrospection']);
  169.             DocumentValidator::addRule(new DisableIntrospection((int)$disableIntrospection));
  170.             $result GraphQL::executeQuery(
  171.                 $event->getSchema(),
  172.                 $event->getQuery(),
  173.                 $rootValue,
  174.                 $event->getContext(),
  175.                 $variableValues,
  176.                 null,
  177.                 null,
  178.                 $validators
  179.             );
  180.             $exResult = new ExecutorResultEvent($request$result);
  181.             $this->eventDispatcher->dispatch($exResultExecutorEvents::POST_EXECUTE);
  182.             $result $exResult->getResult();
  183.             if (\Pimcore::inDebugMode()) {
  184.                 $debug DebugFlag::INCLUDE_DEBUG_MESSAGE DebugFlag::INCLUDE_TRACE;
  185.                 $output $result->toArray($debug);
  186.             } else {
  187.                 $output $result->toArray();
  188.             }
  189.         } catch (\Exception $e) {
  190.             $output = [
  191.                 'errors' => [
  192.                     [
  193.                         'message' => $e->getMessage(),
  194.                     ],
  195.                 ],
  196.             ];
  197.         }
  198.         $origin '*';
  199.         if (!empty($_SERVER['HTTP_ORIGIN'])) {
  200.             $origin $_SERVER['HTTP_ORIGIN'];
  201.         }
  202.         $response = new JsonResponse($output);
  203.         $response->headers->set('Access-Control-Allow-Origin'$origin);
  204.         $response->headers->set('Access-Control-Allow-Credentials''true');
  205.         $response->headers->set('Access-Control-Allow-Methods''GET, POST, OPTIONS');
  206.         $response->headers->set('Access-Control-Allow-Headers''Origin, Content-Type, X-Auth-Token');
  207.         $this->cacheService->save($request$response);
  208.         return $response;
  209.     }
  210. }