vendor/pimcore/data-hub/src/Controller/WebserviceController.php line 41

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Enterprise License (PEL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PEL
  14.  */
  16. namespace Pimcore\Bundle\DataHubBundle\Controller;
  18. use GraphQL\Error\Debug;
  19. use GraphQL\Error\Warning;
  20. use GraphQL\GraphQL;
  21. use Pimcore\Bundle\DataHubBundle\Configuration;
  22. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\ExecutorEvents;
  23. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorEvent;
  24. use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\ExecutorResultEvent;
  25. use Pimcore\Bundle\DataHubBundle\GraphQL\ClassTypeDefinitions;
  26. use Pimcore\Bundle\DataHubBundle\GraphQL\Mutation\MutationType;
  27. use Pimcore\Bundle\DataHubBundle\GraphQL\Query\QueryType;
  28. use Pimcore\Bundle\DataHubBundle\GraphQL\Service;
  29. use Pimcore\Bundle\DataHubBundle\PimcoreDataHubBundle;
  30. use Pimcore\Cache\Runtime;
  31. use Pimcore\Controller\FrontendController;
  32. use Pimcore\Localization\LocaleServiceInterface;
  33. use Pimcore\Logger;
  34. use Pimcore\Model\Factory;
  35. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  36. use Symfony\Component\HttpFoundation\JsonResponse;
  37. use Symfony\Component\HttpFoundation\Request;
  38. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  39. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  41. class WebserviceController extends FrontendController
  42. {
  43.     /**
  44.      * @var EventDispatcherInterface
  45.      */
  46.     private $eventDispatcher;
  48.     /**
  49.      * @param EventDispatcherInterface $eventDispatcher
  50.      */
  51.     public function __construct(EventDispatcherInterface $eventDispatcher)
  52.     {
  53.         $this->eventDispatcher $eventDispatcher;
  54.     }
  56.     /**
  57.      * @param Service $service
  58.      * @param LocaleServiceInterface $localeService
  59.      * @param Factory $modelFactory
  60.      * @param Request $request
  61.      *
  62.      * @return JsonResponse
  63.      *
  64.      * @throws \Exception
  65.      */
  66.     public function webonyxAction(Service $serviceLocaleServiceInterface $localeServiceFactory $modelFactoryRequest $request)
  67.     {
  68.         $clientname $request->get('clientname');
  70.         $configuration Configuration::getByName($clientname);
  71.         if (!$configuration || !$configuration->isActive()) {
  72.             throw new NotFoundHttpException('No active configuration found for ' $clientname);
  73.         }
  75.         $this->performSecurityCheck($request$configuration);
  77.         // context info, will be passed on to all resolver function
  78.         $context = ['clientname' => $clientname'configuration' => $configuration];
  80.         $config $this->container->getParameter('pimcore_data_hub');
  82.         if (isset($config['graphql']) && isset($config['graphql']['not_allowed_policy'])) {
  83.             PimcoreDataHubBundle::setNotAllowedPolicy($config['graphql']['not_allowed_policy']);
  84.         }
  85.         Runtime::set('datahub_context'$context);
  87.         ClassTypeDefinitions::build($service$context);
  89.         $queryType = new QueryType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  90.         $mutationType = new MutationType($service$localeService$modelFactory$this->eventDispatcher, [], $context);
  92.         try {
  93.             $schemaConfig = [
  94.                 'query' => $queryType
  95.             ];
  96.             if (!$mutationType->isEmpty()) {
  97.                 $schemaConfig['mutation'] = $mutationType;
  98.             }
  99.             $schema = new \GraphQL\Type\Schema(
  100.                 $schemaConfig
  101.             );
  102.         } catch (\Exception $e) {
  103.             Warning::enable(false);
  104.             $schema = new \GraphQL\Type\Schema(
  105.                 [
  106.                     'query' => $queryType,
  107.                     'mutation' => $mutationType
  108.                 ]
  109.             );
  110.             $schema->assertValid();
  111.             Logger::error($e);
  112.             throw $e;
  113.         }
  115.         $input json_decode($request->getContent(), true);
  117.         $query $input['query'];
  118.         $variableValues = isset($input['variables']) ? $input['variables'] : null;
  120.         try {
  121.             $rootValue = [];
  123.             $validators null;
  124.             if ($request->get('novalidate')) {
  125.                 // disable all validators except the listed ones
  126.                 $validators = [
  127. //                    new NoUndefinedVariables()
  128.                 ];
  129.             }
  131.             $event = new ExecutorEvent(
  132.                 $request,
  133.                 $query,
  134.                 $schema,
  135.                 $context);
  137.             $this->eventDispatcher->dispatch(ExecutorEvents::PRE_EXECUTE$event);
  139.             $result GraphQL::executeQuery(
  140.                 $event->getSchema(),
  141.                 $event->getQuery(),
  142.                 $rootValue,
  143.                 $event->getContext(),
  144.                 $variableValues,
  145.                 null,
  146.                 null,
  147.                 $validators
  149.             );
  151.             $exResult = new ExecutorResultEvent($request$result);
  152.             $this->eventDispatcher->dispatch(ExecutorEvents::POST_EXECUTE,
  153.                 $exResult);
  154.             $result $exResult->getResult();
  156.             if (PIMCORE_DEBUG) {
  157.                 $debug Debug::INCLUDE_DEBUG_MESSAGE Debug::INCLUDE_TRACE Debug::RETHROW_INTERNAL_EXCEPTIONS;
  158.                 $output $result->toArray($debug);
  159.             } else {
  160.                 $output $result->toArray(false);
  161.             }
  162.         } catch (\Exception $e) {
  163.             $output = [
  164.                 'errors' => [
  165.                     [
  166.                         'message' => $e->getMessage(),
  167.                     ],
  168.                 ],
  169.             ];
  170.         }
  172.         $origin '*';
  173.         if (!empty($_SERVER['HTTP_ORIGIN'])) {
  174.             $origin $_SERVER['HTTP_ORIGIN'];
  175.         }
  177.         $response = new JsonResponse($output);
  178.         $response->headers->set('Access-Control-Allow-Origin'$origin);
  179.         $response->headers->set('Access-Control-Allow-Credentials''true');
  180.         $response->headers->set('Access-Control-Allow-Methods''GET, POST, OPTIONS');
  181.         $response->headers->set('Access-Control-Allow-Headers''authorization, Origin, Content-Type, X-Auth-Token');
  182.         return $response;
  183.     }
  185.     /**
  186.      * @param Request $request
  187.      * @param Configuration $configuration
  188.      *
  189.      * @return void
  190.      *
  191.      * @throws AccessDeniedHttpException
  192.      */
  193.     protected function performSecurityCheck(Request $requestConfiguration $configuration): void
  194.     {
  195.         $securityConfig $configuration->getSecurityConfig();
  196.         if ($securityConfig['method'] === 'datahub_apikey') {
  197.             $apiKey $request->get('apikey');
  198.             if ($apiKey === $securityConfig['apikey']) {
  199.                 return;
  200.             }
  201.         }
  203.         throw new AccessDeniedHttpException('Permission denied, apikey not valid');
  204.     }
  205. }