vendor/pimcore/data-hub/src/Controller/WebserviceController.php line 109

Open in your IDE?
  1. <?php
  2. /**
  3.  * Pimcore
  4.  *
  5.  * This source file is available under two different licenses:
  6.  * - GNU General Public License version 3 (GPLv3)
  7.  * - Pimcore Commercial License (PCL)
  8.  * Full copyright and license information is available in
  9.  * LICENSE.md which is distributed with this source code.
  10.  *
  11.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  12.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  13.  */
  14. namespace Pimcore\Bundle\DataHubBundle\Controller;
  15. use GraphQL\Error\DebugFlag;
  16. use GraphQL\Error\Warning;
  17. use GraphQL\GraphQL;
  18. use GraphQL\Validator\DocumentValidator;
  19. use GraphQL\Validator\Rules\DisableIntrospection;
  20. use Pimcore\Bundle\DataHubBundle\Configuration;
  21. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\ExecutorEvents;
  22. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorEvent;
  23. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorResultEvent;
  24. use Pimcore\Bundle\DataHubBundle\GraphQL\ClassTypeDefinitions;
  25. use Pimcore\Bundle\DataHubBundle\GraphQL\Mutation\MutationType;
  26. use Pimcore\Bundle\DataHubBundle\GraphQL\Query\QueryType;
  27. use Pimcore\Bundle\DataHubBundle\GraphQL\Service;
  28. use Pimcore\Bundle\DataHubBundle\PimcoreDataHubBundle;
  29. use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService;
  30. use Pimcore\Bundle\DataHubBundle\Service\FileUploadService;
  31. use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService;
  32. use Pimcore\Cache\Runtime;
  33. use Pimcore\Controller\FrontendController;
  34. use Pimcore\Helper\LongRunningHelper;
  35. use Pimcore\Localization\LocaleServiceInterface;
  36. use Pimcore\Logger;
  37. use Pimcore\Model\Factory;
  38. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  39. use Symfony\Component\HttpFoundation\JsonResponse;
  40. use Symfony\Component\HttpFoundation\Request;
  41. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  42. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  43. class WebserviceController extends FrontendController
  44. {
  45.     /**
  46.      * @var EventDispatcherInterface
  47.      */
  48.     private $eventDispatcher;
  49.     /**
  50.      * @var CheckConsumerPermissionsService
  51.      */
  52.     private $permissionsService;
  53.     /**
  54.      * @var OutputCacheService
  55.      */
  56.     private $cacheService;
  57.     /**
  58.      * @var FileUploadService
  59.      */
  60.     private $uploadService;
  61.     /**
  62.      * @param EventDispatcherInterface $eventDispatcher
  63.      */
  64.     public function __construct(
  65.         EventDispatcherInterface $eventDispatcher,
  66.         CheckConsumerPermissionsService $permissionsService,
  67.         OutputCacheService $cacheService,
  68.         FileUploadService $uploadService
  69.     ) {
  70.         $this->eventDispatcher $eventDispatcher;
  71.         $this->permissionsService $permissionsService;
  72.         $this->cacheService $cacheService;
  73.         $this->uploadService $uploadService;
  74.     }
  75.     /**
  76.      * @param Service $service
  77.      * @param LocaleServiceInterface $localeService
  78.      * @param Factory $modelFactory
  79.      * @param Request $request
  80.      *
  81.      * @return JsonResponse
  82.      *
  83.      * @throws \Exception
  84.      */
  85.     public function webonyxAction(
  86.         Service $service,
  87.         LocaleServiceInterface $localeService,
  88.         Factory $modelFactory,
  89.         Request $request,
  90.         LongRunningHelper $longRunningHelper
  91.     ) {
  92.         $clientname $request->get('clientname');
  93.         $configuration Configuration::getByName($clientname);
  94.         if (!$configuration || !$configuration->isActive()) {
  95.             throw new NotFoundHttpException('No active configuration found for ' $clientname);
  96.         }
  97.         if (!$this->permissionsService->performSecurityCheck($request$configuration)) {
  98.             throw new AccessDeniedHttpException('Permission denied, apikey not valid');
  99.         }
  100.         if ($response $this->cacheService->load($request)) {
  101.             Logger::debug('Loading response from cache');
  102.             return $response;
  103.         }
  104.         Logger::debug('Cache entry not found');
  105.         // context info, will be passed on to all resolver function
  106.         $context = ['clientname' => $clientname'configuration' => $configuration];
  107.         $config $this->getParameter('pimcore_data_hub');
  108.         if (isset($config['graphql']) && isset($config['graphql']['not_allowed_policy'])) {
  109.             PimcoreDataHubBundle::setNotAllowedPolicy($config['graphql']['not_allowed_policy']);
  110.         }
  111.         $longRunningHelper->addPimcoreRuntimeCacheProtectedItems(['datahub_context']);
  112.         Runtime::set('datahub_context'$context);
  113.         ClassTypeDefinitions::build($service$context);
  114.         $queryType = new QueryType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  115.         $mutationType = new MutationType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  116.         try {
  117.             $schemaConfig = [
  118.                 'query' => $queryType
  119.             ];
  120.             if (!$mutationType->isEmpty()) {
  121.                 $schemaConfig['mutation'] = $mutationType;
  122.             }
  123.             $schema = new \GraphQL\Type\Schema(
  124.                 $schemaConfig
  125.             );
  126.         } catch (\Exception $e) {
  127.             Warning::enable(false);
  128.             $schema = new \GraphQL\Type\Schema(
  129.                 [
  130.                     'query' => $queryType,
  131.                     'mutation' => $mutationType
  132.                 ]
  133.             );
  134.             $schema->assertValid();
  135.             Logger::error($e);
  136.             throw $e;
  137.         }
  138.         $contentType $request->headers->get('content-type') ?? '';
  139.         if (mb_stripos($contentType'multipart/form-data') !== false) {
  140.             $input $this->uploadService->parseUploadedFiles($request);
  141.         } else {
  142.             $input json_decode($request->getContent(), true);
  143.         }
  144.         $query $input['query'] ?? null;
  145.         $variableValues $input['variables'] ?? null;
  146.         try {
  147.             $rootValue = [];
  148.             $validators null;
  149.             if ($request->get('novalidate')) {
  150.                 // disable all validators except the listed ones
  151.                 $validators = [
  152. //                    new NoUndefinedVariables()
  153.                 ];
  154.             }
  155.             $event = new ExecutorEvent(
  156.                 $request,
  157.                 $query,
  158.                 $schema,
  159.                 $context
  160.             );
  161.             $this->eventDispatcher->dispatch($eventExecutorEvents::PRE_EXECUTE);
  162.             if ($event->getRequest() instanceof Request) {
  163.                 $variableValues $event->getRequest()->get('variables'$variableValues);
  164.             }
  165.             $disableIntrospection $configuration->getSecurityConfig()['disableIntrospection'] ?? false;
  166.             if ($disableIntrospection === true) {
  167.                 DocumentValidator::addRule(new DisableIntrospection());
  168.             }
  169.             $result GraphQL::executeQuery(
  170.                 $event->getSchema(),
  171.                 $event->getQuery(),
  172.                 $rootValue,
  173.                 $event->getContext(),
  174.                 $variableValues,
  175.                 null,
  176.                 null,
  177.                 $validators
  178.             );
  179.             $exResult = new ExecutorResultEvent($request$result);
  180.             $this->eventDispatcher->dispatch($exResultExecutorEvents::POST_EXECUTE);
  181.             $result $exResult->getResult();
  182.             if (\Pimcore::inDebugMode()) {
  183.                 $debug DebugFlag::INCLUDE_DEBUG_MESSAGE DebugFlag::INCLUDE_TRACE;
  184.                 $output $result->toArray($debug);
  185.             } else {
  186.                 $output $result->toArray(false);
  187.             }
  188.         } catch (\Exception $e) {
  189.             $output = [
  190.                 'errors' => [
  191.                     [
  192.                         'message' => $e->getMessage(),
  193.                     ],
  194.                 ],
  195.             ];
  196.         }
  197.         $origin '*';
  198.         if (!empty($_SERVER['HTTP_ORIGIN'])) {
  199.             $origin $_SERVER['HTTP_ORIGIN'];
  200.         }
  201.         $response = new JsonResponse($output);
  202.         $response->headers->set('Access-Control-Allow-Origin'$origin);
  203.         $response->headers->set('Access-Control-Allow-Credentials''true');
  204.         $response->headers->set('Access-Control-Allow-Methods''GET, POST, OPTIONS');
  205.         $response->headers->set('Access-Control-Allow-Headers''Origin, Content-Type, X-Auth-Token');
  206.         $this->cacheService->save($request$response);
  207.         return $response;
  208.     }
  209. }