vendor/pimcore/data-hub/src/Controller/WebserviceController.php line 48

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Commercial License (PCL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PCL
  14.  */
  16. namespace Pimcore\Bundle\DataHubBundle\Controller;
  18. use GraphQL\Error\DebugFlag;
  19. use GraphQL\Error\Warning;
  20. use GraphQL\GraphQL;
  21. use GraphQL\Server\RequestError;
  22. use GraphQL\Validator\DocumentValidator;
  23. use GraphQL\Validator\Rules\DisableIntrospection;
  24. use Pimcore\Bundle\DataHubBundle\Configuration;
  25. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\ExecutorEvents;
  26. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorEvent;
  27. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorResultEvent;
  28. use Pimcore\Bundle\DataHubBundle\GraphQL\ClassTypeDefinitions;
  29. use Pimcore\Bundle\DataHubBundle\GraphQL\Mutation\MutationType;
  30. use Pimcore\Bundle\DataHubBundle\GraphQL\Query\QueryType;
  31. use Pimcore\Bundle\DataHubBundle\GraphQL\Service;
  32. use Pimcore\Bundle\DataHubBundle\PimcoreDataHubBundle;
  33. use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService;
  34. use Pimcore\Bundle\DataHubBundle\Service\FileUploadService;
  35. use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService;
  36. use Pimcore\Cache\RuntimeCache;
  37. use Pimcore\Controller\FrontendController;
  38. use Pimcore\Helper\LongRunningHelper;
  39. use Pimcore\Localization\LocaleServiceInterface;
  40. use Pimcore\Logger;
  41. use Pimcore\Model\Factory;
  42. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  43. use Symfony\Component\HttpFoundation\JsonResponse;
  44. use Symfony\Component\HttpFoundation\Request;
  45. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  46. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  48. class WebserviceController extends FrontendController
  49. {
  50.     /**
  51.      * @var EventDispatcherInterface
  52.      */
  53.     private $eventDispatcher;
  55.     /**
  56.      * @var CheckConsumerPermissionsService
  57.      */
  58.     private $permissionsService;
  60.     /**
  61.      * @var OutputCacheService
  62.      */
  63.     private $cacheService;
  65.     /**
  66.      * @var FileUploadService
  67.      */
  68.     private $uploadService;
  70.     public function __construct(
  71.         EventDispatcherInterface $eventDispatcher,
  72.         CheckConsumerPermissionsService $permissionsService,
  73.         OutputCacheService $cacheService,
  74.         FileUploadService $uploadService
  75.     ) {
  76.         $this->eventDispatcher $eventDispatcher;
  77.         $this->permissionsService $permissionsService;
  78.         $this->cacheService $cacheService;
  79.         $this->uploadService $uploadService;
  80.     }
  82.     /**
  83.      * @param Service $service
  84.      * @param LocaleServiceInterface $localeService
  85.      * @param Factory $modelFactory
  86.      * @param Request $request
  87.      * @param LongRunningHelper $longRunningHelper
  88.      *
  89.      * @return JsonResponse
  90.      *
  91.      * @throws RequestError|\Exception
  92.      */
  93.     public function webonyxAction(
  94.         Service $service,
  95.         LocaleServiceInterface $localeService,
  96.         Factory $modelFactory,
  97.         Request $request,
  98.         LongRunningHelper $longRunningHelper
  99.     ) {
  100.         $clientname $request->get('clientname');
  102.         $configuration Configuration::getByName($clientname);
  103.         if (!$configuration || !$configuration->isActive()) {
  104.             throw new NotFoundHttpException('No active configuration found for ' $clientname);
  105.         }
  107.         if (!$this->permissionsService->performSecurityCheck($request$configuration)) {
  108.             throw new AccessDeniedHttpException('Permission denied, apikey not valid');
  109.         }
  111.         if ($response $this->cacheService->load($request)) {
  112.             Logger::debug('Loading response from cache');
  114.             return $response;
  115.         }
  117.         Logger::debug('Cache entry not found');
  119.         // context info, will be passed on to all resolver function
  120.         $context = ['clientname' => $clientname'configuration' => $configuration];
  122.         $config $this->getParameter('pimcore_data_hub');
  124.         if (isset($config['graphql']) && isset($config['graphql']['not_allowed_policy'])) {
  125.             PimcoreDataHubBundle::setNotAllowedPolicy($config['graphql']['not_allowed_policy']);
  126.         }
  128.         $longRunningHelper->addPimcoreRuntimeCacheProtectedItems(['datahub_context']);
  129.         RuntimeCache::set('datahub_context'$context);
  131.         ClassTypeDefinitions::build($service$context);
  133.         $queryType = new QueryType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  134.         $mutationType = new MutationType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  136.         try {
  137.             $schemaConfig = [
  138.                 'query' => $queryType
  139.             ];
  140.             if (!$mutationType->isEmpty()) {
  141.                 $schemaConfig['mutation'] = $mutationType;
  142.             }
  143.             $schema = new \GraphQL\Type\Schema(
  144.                 $schemaConfig
  145.             );
  146.         } catch (\Exception $e) {
  147.             Warning::enable(false);
  148.             $schema = new \GraphQL\Type\Schema(
  149.                 [
  150.                     'query' => $queryType,
  151.                     'mutation' => $mutationType
  152.                 ]
  153.             );
  154.             $schema->assertValid();
  155.             Logger::error($e);
  156.             throw $e;
  157.         }
  159.         $contentType $request->headers->get('content-type') ?? '';
  161.         if (mb_stripos($contentType'multipart/form-data') !== false) {
  162.             $input $this->uploadService->parseUploadedFiles($request);
  163.         } else {
  164.             $input json_decode($request->getContent(), true);
  165.         }
  167.         $query $input['query'] ?? '';
  168.         $variableValues $input['variables'] ?? null;
  170.         try {
  171.             $rootValue = [];
  173.             $validators null;
  174.             if ($request->get('novalidate')) {
  175.                 // disable all validators except the listed ones
  176.                 $validators = [
  177. //                    new NoUndefinedVariables()
  178.                 ];
  179.             }
  181.             $event = new ExecutorEvent(
  182.                 $request,
  183.                 $query,
  184.                 $schema,
  185.                 $context
  186.             );
  188.             $this->eventDispatcher->dispatch($eventExecutorEvents::PRE_EXECUTE);
  190.             if ($event->getRequest() instanceof Request) {
  191.                 $variableValues $event->getRequest()->get('variables'$variableValues);
  192.             }
  194.             $configAllowIntrospection true;
  195.             if (isset($config['graphql']) && isset($config['graphql']['allow_introspection'])) {
  196.                 $configAllowIntrospection $config['graphql']['allow_introspection'];
  197.             }
  199.             $disableIntrospection = !$configAllowIntrospection || (isset($configuration->getSecurityConfig()['disableIntrospection']) && $configuration->getSecurityConfig()['disableIntrospection']);
  201.             DocumentValidator::addRule(new DisableIntrospection((int)$disableIntrospection));
  203.             $result GraphQL::executeQuery(
  204.                 $event->getSchema(),
  205.                 $event->getQuery(),
  206.                 $rootValue,
  207.                 $event->getContext(),
  208.                 $variableValues,
  209.                 null,
  210.                 null,
  211.                 $validators
  212.             );
  214.             $exResult = new ExecutorResultEvent($request$result);
  215.             $this->eventDispatcher->dispatch($exResultExecutorEvents::POST_EXECUTE);
  216.             $result $exResult->getResult();
  218.             if (\Pimcore::inDebugMode()) {
  219.                 $debug DebugFlag::INCLUDE_DEBUG_MESSAGE DebugFlag::INCLUDE_TRACE;
  220.                 $output $result->toArray($debug);
  221.             } else {
  222.                 $output $result->toArray();
  223.             }
  224.         } catch (\Exception $e) {
  225.             $output = [
  226.                 'errors' => [
  227.                     [
  228.                         'message' => $e->getMessage(),
  229.                     ],
  230.                 ],
  231.             ];
  232.         }
  234.         $origin '*';
  235.         if (!empty($_SERVER['HTTP_ORIGIN'])) {
  236.             $origin $_SERVER['HTTP_ORIGIN'];
  237.         }
  239.         $response = new JsonResponse($output);
  240.         $response->headers->set('Access-Control-Allow-Origin'$origin);
  241.         $response->headers->set('Access-Control-Allow-Credentials''true');
  242.         $response->headers->set('Access-Control-Allow-Methods''GET, POST, OPTIONS');
  243.         $response->headers->set('Access-Control-Allow-Headers''Origin, Content-Type, X-Auth-Token');
  245.         $this->cacheService->save($request$response);
  247.         return $response;
  248.     }
  249. }