fix: Prevent some api endpoint routes to trigger session from LocaleS…

…ubscriber
roadiz · Feb 21, 2024 · ac15aeb · ac15aeb
1 parent 9b665a5
commit ac15aeb
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 10 deletions.
diff --git a/src/EventSubscriber/LocaleSubscriber.php b/src/EventSubscriber/LocaleSubscriber.php
@@ -83,7 +83,20 @@ public function onKernelRequest(RequestEvent $event): void
             return;
         }
 
-        if (!$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession()) {
+        $statelessRoutes = [
+            'api_genid',
+            'api_doc',
+            'api_entrypoint',
+            'api_graphql_entrypoint',
+            'api_jsonld_context',
+            'healthCheckAction',
+            'interventionRequestProcess',
+        ];
+        if (
+            !\in_array($request->attributes->getString('_route'), $statelessRoutes, true) &&
+            !$request->attributes->getBoolean('_stateless') &&
+            $request->hasPreviousSession()
+        ) {
             $sessionLocale = $request->getSession()->get('_locale', null);
             if ($this->supportsLocale($sessionLocale)) {
                 $this->setTranslation($request, $this->getTranslationByLocale($sessionLocale));

diff --git a/src/Exception/MaintenanceModeException.php b/src/Exception/MaintenanceModeException.php
@@ -5,15 +5,13 @@
 namespace RZ\Roadiz\CoreBundle\Exception;
 
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
 
-class MaintenanceModeException extends \Exception
+class MaintenanceModeException extends ServiceUnavailableHttpException
 {
-    protected AbstractController $controller;
+    protected ?AbstractController $controller;
 
-    /**
-     * @return AbstractController
-     */
-    public function getController(): AbstractController
+    public function getController(): ?AbstractController
     {
         return $this->controller;
     }
@@ -28,12 +26,12 @@ public function getController(): AbstractController
      * @param string $message
      * @param int $code
      */
-    public function __construct(AbstractController $controller = null, $message = null, $code = 0)
+    public function __construct(?AbstractController $controller = null, $message = null, $code = 0)
     {
         if (null !== $message) {
-            parent::__construct($message, $code);
+            parent::__construct(null, $message, null, $code);
         } else {
-            parent::__construct($this->message, $code);
+            parent::__construct(null, $this->message, null, $code);
         }
 
         $this->controller = $controller;

diff --git a/src/Repository/TranslationRepository.php b/src/Repository/TranslationRepository.php
@@ -31,6 +31,15 @@ public function __construct(
         parent::__construct($registry, Translation::class, $dispatcher);
     }
 
+    public function isLocaleValid(?string $locale): bool
+    {
+        if (null === $locale) {
+            return false;
+        }
+
+        return preg_match('/^[A-Za-z]{2,4}([_-][A-Za-z]{4})?([_-]([A-Za-z]{2}|[0-9]{3}))?$/', $locale) === 1;
+    }
+
     /**
      * Get single default translation.
      *
@@ -82,6 +91,10 @@ public function findAllAvailable(): array
      */
     public function exists(string $locale): bool
     {
+        if (!$this->isLocaleValid($locale)) {
+            return false;
+        }
+
         $qb = $this->createQueryBuilder('t');
         $qb->select($qb->expr()->countDistinct('t.locale'))
             ->andWhere($qb->expr()->eq('t.locale', ':locale'))
@@ -189,6 +202,9 @@ public function getAllOverrideLocales(): array
      */
     public function findByLocaleAndAvailable(string $locale): array
     {
+        if (!$this->isLocaleValid($locale)) {
+            return [];
+        }
         $qb = $this->createQueryBuilder(self::TRANSLATION_ALIAS);
         $qb->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.available', ':available'))
             ->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.locale', ':locale'))
@@ -213,6 +229,9 @@ public function findByLocaleAndAvailable(string $locale): array
      */
     public function findByOverrideLocaleAndAvailable(string $overrideLocale): array
     {
+        if (!$this->isLocaleValid($overrideLocale)) {
+            return [];
+        }
         $qb = $this->createQueryBuilder(self::TRANSLATION_ALIAS);
         $qb->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.available', ':available'))
             ->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.overrideLocale', ':overrideLocale'))
@@ -242,6 +261,9 @@ public function findOneByLocaleOrOverrideLocale(
         string $locale,
         string $alias = TranslationRepository::TRANSLATION_ALIAS
     ): ?TranslationInterface {
+        if (!$this->isLocaleValid($locale)) {
+            return null;
+        }
         $qb = $this->createQueryBuilder($alias);
         $qb->andWhere($qb->expr()->orX(
             $qb->expr()->eq($alias . '.locale', ':locale'),
@@ -267,6 +289,9 @@ public function findOneByLocaleOrOverrideLocale(
      */
     public function findOneAvailableByLocaleOrOverrideLocale(string $locale): ?TranslationInterface
     {
+        if (!$this->isLocaleValid($locale)) {
+            return null;
+        }
         $qb = $this->createQueryBuilder(self::TRANSLATION_ALIAS);
         $qb->andWhere($qb->expr()->orX(
             $qb->expr()->eq(self::TRANSLATION_ALIAS . '.locale', ':locale'),
@@ -294,6 +319,9 @@ public function findOneAvailableByLocaleOrOverrideLocale(string $locale): ?Trans
      */
     public function findOneByLocaleAndAvailable(string $locale): ?TranslationInterface
     {
+        if (!$this->isLocaleValid($locale)) {
+            return null;
+        }
         $qb = $this->createQueryBuilder(self::TRANSLATION_ALIAS);
         $qb->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.available', ':available'))
             ->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.locale', ':locale'))
@@ -318,6 +346,9 @@ public function findOneByLocaleAndAvailable(string $locale): ?TranslationInterfa
      */
     public function findOneByOverrideLocaleAndAvailable(string $overrideLocale): ?TranslationInterface
     {
+        if (!$this->isLocaleValid($overrideLocale)) {
+            return null;
+        }
         $qb = $this->createQueryBuilder(self::TRANSLATION_ALIAS);
         $qb->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.available', ':available'))
             ->andWhere($qb->expr()->eq(self::TRANSLATION_ALIAS . '.overrideLocale', ':overrideLocale'))

diff --git a/src/Routing/NodesSourcesPathResolver.php b/src/Routing/NodesSourcesPathResolver.php
@@ -229,9 +229,11 @@ private function parseFromIdentifier(
                             ]);
                         return $nodeSource;
                     } else {
+                        $this->stopwatch->stop('parseFromIdentifier');
                         throw new ResourceNotFoundException(sprintf('"%s" was not found.', $identifier));
                     }
                 } else {
+                    $this->stopwatch->stop('parseFromIdentifier');
                     throw new ResourceNotFoundException();
                 }
             }