diff options
author | Igor Scheller <igor.scheller@igorshp.de> | 2018-12-28 03:28:33 +0100 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2018-12-28 20:35:44 +0100 |
commit | 491ee376517cded3c9c8d2389e3f9f21daa1a407 (patch) | |
tree | 7def296bc1e53691bb7d5b79c542e002c009ed24 /src/Middleware | |
parent | 7b3901211a0165558eebca8fe7490ca79b09f97b (diff) |
Don't save sessions permanently on api and metrics paths
closes #530 (Session on API calls)
Diffstat (limited to 'src/Middleware')
-rw-r--r-- | src/Middleware/RouteDispatcher.php | 4 | ||||
-rw-r--r-- | src/Middleware/SessionHandler.php | 59 | ||||
-rw-r--r-- | src/Middleware/SessionHandlerServiceProvider.php | 24 |
3 files changed, 86 insertions, 1 deletions
diff --git a/src/Middleware/RouteDispatcher.php b/src/Middleware/RouteDispatcher.php index 24a7906d..c20eba4b 100644 --- a/src/Middleware/RouteDispatcher.php +++ b/src/Middleware/RouteDispatcher.php @@ -50,7 +50,8 @@ class RouteDispatcher implements MiddlewareInterface $path = $request->getPathInfo(); } - $route = $this->dispatcher->dispatch($request->getMethod(), urldecode($path)); + $path = urldecode($path); + $route = $this->dispatcher->dispatch($request->getMethod(), $path); $status = $route[0]; if ($status == FastRouteDispatcher::NOT_FOUND) { @@ -70,6 +71,7 @@ class RouteDispatcher implements MiddlewareInterface $routeHandler = $route[1]; $request = $request->withAttribute('route-request-handler', $routeHandler); + $request = $request->withAttribute('route-request-path', $path); $vars = $route[2]; foreach ($vars as $name => $value) { diff --git a/src/Middleware/SessionHandler.php b/src/Middleware/SessionHandler.php new file mode 100644 index 00000000..8c53b0fd --- /dev/null +++ b/src/Middleware/SessionHandler.php @@ -0,0 +1,59 @@ +<?php + +namespace Engelsystem\Middleware; + +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; +use Psr\Http\Server\MiddlewareInterface; +use Psr\Http\Server\RequestHandlerInterface; +use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; +use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface; + +class SessionHandler implements MiddlewareInterface +{ + /** @var SessionStorageInterface */ + protected $session; + + /** @var string[] */ + protected $paths = []; + + /** + * @param SessionStorageInterface $session + * @param array $paths + */ + public function __construct(SessionStorageInterface $session, array $paths = []) + { + $this->paths = $paths; + $this->session = $session; + } + + /** + * @param ServerRequestInterface $request + * @param RequestHandlerInterface $handler + * @return ResponseInterface + */ + public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface + { + $return = $handler->handle($request); + + $cookies = $request->getCookieParams(); + if ( + $this->session instanceof NativeSessionStorage + && in_array($request->getAttribute('route-request-path'), $this->paths) + && !isset($cookies[$this->session->getName()]) + ) { + $this->destroyNative(); + } + + return $return; + } + + /** + * @return bool + * @codeCoverageIgnore + */ + protected function destroyNative() + { + return session_destroy(); + } +} diff --git a/src/Middleware/SessionHandlerServiceProvider.php b/src/Middleware/SessionHandlerServiceProvider.php new file mode 100644 index 00000000..aefcb674 --- /dev/null +++ b/src/Middleware/SessionHandlerServiceProvider.php @@ -0,0 +1,24 @@ +<?php + +namespace Engelsystem\Middleware; + +use Engelsystem\Container\ServiceProvider; + +class SessionHandlerServiceProvider extends ServiceProvider +{ + public function register() + { + $this->app + ->when(SessionHandler::class) + ->needs('$paths') + ->give(function () { + return [ + '/api', + '/ical', + '/metrics', + '/shifts-json-export', + '/stats', + ]; + }); + } +} |