From cf6a8ea47c72f323dddcb24614fc94ba57c4e52f Mon Sep 17 00:00:00 2001 From: Rostislav Vitek Date: Mon, 15 Aug 2022 10:21:14 +0200 Subject: [PATCH] added new SessionChecker that guards the session is not started in the FE API --- .../SessionChecker/SessionChecker.php | 23 +++++++++++++++++++ .../src/Resources/config/services.yaml | 4 ++++ 2 files changed, 27 insertions(+) create mode 100644 packages/frontend-api/src/Component/SessionChecker/SessionChecker.php diff --git a/packages/frontend-api/src/Component/SessionChecker/SessionChecker.php b/packages/frontend-api/src/Component/SessionChecker/SessionChecker.php new file mode 100644 index 00000000000..1349fef30db --- /dev/null +++ b/packages/frontend-api/src/Component/SessionChecker/SessionChecker.php @@ -0,0 +1,23 @@ +getRequest(); + if (!$request->hasSession() || !$request->getSession()->isStarted() || !str_contains($request->getRequestUri(), 'graphql')) { + return; + } + $response = $event->getResponse(); + $response->setContent('Session must not be started in the FE API. Check your code, please'); + } +} diff --git a/packages/frontend-api/src/Resources/config/services.yaml b/packages/frontend-api/src/Resources/config/services.yaml index 32df7fb5d71..b125e0d7614 100644 --- a/packages/frontend-api/src/Resources/config/services.yaml +++ b/packages/frontend-api/src/Resources/config/services.yaml @@ -39,3 +39,7 @@ services: Lcobucci\JWT\Configuration: factory: ['@Shopsys\FrontendApiBundle\Model\Token\JwtConfigurationFactory', create] + + Shopsys\FrontendApiBundle\Component\SessionChecker\SessionChecker: + tags: + - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse, priority: -999 } # must be run before the session is closed (in Symfony\Component\HttpKernel\EventListener\SessionListener::onKernelResponse)