src/Infrastructure/EventSubscriber/AuthByApiTokenSubscriber.php line 46

Open in your IDE?
  1. <?php
  3. namespace App\Infrastructure\EventSubscriber;
  5. use App\Database\Domain\Entity\User\UserAccessToken;
  6. use App\Database\Domain\Repository\AccessTokenRepository;
  7. use App\Infrastructure\Security\AuthManager;
  8. use Symfony\Component\DependencyInjection\ContainerInterface;
  9. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\HttpKernel\Event\RequestEvent;
  12. use Symfony\Component\HttpKernel\KernelEvents;
  13. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  15. class AuthByApiTokenSubscriber implements EventSubscriberInterface
  16. {
  17.     private ContainerInterface $container;
  18.     private AuthManager $authManager;
  19.     private AccessTokenRepository $accessTokenRepository;
  21.     public function __construct(
  22.         ContainerInterface $container,
  23.         AuthManager $authManager,
  24.         AccessTokenRepository $accessTokenRepository
  25.     ) {
  26.         $this->container             $container;
  27.         $this->authManager           $authManager;
  28.         $this->accessTokenRepository $accessTokenRepository;
  29.     }
  31.     public function onKernelRequest(RequestEvent $event): void
  32.     {
  33.         $request $event->getRequest();
  35.         // Handle referral code
  36.         if ($request->query->has('referral_code')) {
  37.             $code $request->query->get('referral_code');
  38.             $request->getSession()->set('referral_code'$code);
  39.         }
  41.         // Skip API routes
  42.         if (strpos($request->getPathInfo(), 'api') !== false) {
  43.             return;
  44.         }
  46.         $tokenStorage $this->container->get('security.token_storage');
  47.         $token $tokenStorage->getToken();
  48.         $router $this->container->get('router');
  49.         $logoutResponse = new RedirectResponse($router->generate('user_logout'));
  51.         // Check if we have authentication cookies
  52.         $hasAuthCookies $request->cookies->has('token') &&
  53.                          $request->cookies->has('token-expires-at');
  55.         // Case 1: User is authenticated but cookies are missing - logout
  56.         if ($token && $token->getUser() && !is_string($token->getUser()) && !$hasAuthCookies) {
  57.             $event->setResponse($logoutResponse);
  58.             return;
  59.         }
  61.         // Case 2: We have auth cookies - attempt to authenticate/validate
  62.         if ($hasAuthCookies) {
  63.             $cookieToken $request->cookies->get('token');
  65.             /** @var UserAccessToken|null $accessToken */
  66.             $accessToken $this->accessTokenRepository->findOneBy(['token' => $cookieToken]);
  68.             // Invalid token - logout only if user was previously authenticated
  69.             if ((!$accessToken || !$accessToken->isValid())) {
  70.                 if ($token && $token->getUser()) {
  71.                     $event->setResponse($logoutResponse);
  72.                 }
  73.                 return;
  74.             }
  76.             // Valid token - authenticate the user
  77.             if ($accessToken->isValid()) {
  78.                 // Only create new token if not already properly authenticated
  79.                 $currentUser $token $token->getUser() : null;
  80.                 $needsAuthentication = !$currentUser ||
  81.                                      is_string($currentUser) ||
  82.                                      $currentUser->getId() !== $accessToken->getUser()->getId();
  84.                 if ($needsAuthentication) {
  85.                     $user $accessToken->getUser();
  86.                     $newToken = new UsernamePasswordToken(
  87.                         $user,
  88.                         null,
  89.                         'main',
  90.                         $user->getRoles()
  91.                     );
  93.                     $tokenStorage->setToken($newToken);
  95.                     // Ensure the session is started and store the token
  96.                     $session $request->getSession();
  97.                     $session->set('_security_main'serialize($newToken));
  99.                     // Handle redirect after login
  100.                     $loginUrl $session->get('login_url');
  101.                     if ($loginUrl) {
  102.                         $session->remove('login_url');
  103.                         $event->setResponse(new RedirectResponse($loginUrl));
  104.                     }
  105.                 }
  106.             }
  107.         }
  108.     }
  110.     public static function getSubscribedEvents(): array
  111.     {
  112.         return [
  113.             KernelEvents::REQUEST => ['onKernelRequest'7]
  114.         ];
  115.     }
  116. }