From 491ee376517cded3c9c8d2389e3f9f21daa1a407 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Fri, 28 Dec 2018 03:28:33 +0100
Subject: Don't save sessions permanently on api and metrics paths

closes #530 (Session on API calls)
---
 src/Middleware/SessionHandler.php | 59 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 src/Middleware/SessionHandler.php

(limited to 'src/Middleware/SessionHandler.php')

diff --git a/src/Middleware/SessionHandler.php b/src/Middleware/SessionHandler.php
new file mode 100644
index 00000000..8c53b0fd
--- /dev/null
+++ b/src/Middleware/SessionHandler.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace Engelsystem\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
+use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
+
+class SessionHandler implements MiddlewareInterface
+{
+    /** @var SessionStorageInterface */
+    protected $session;
+
+    /** @var string[] */
+    protected $paths = [];
+
+    /**
+     * @param SessionStorageInterface $session
+     * @param array                   $paths
+     */
+    public function __construct(SessionStorageInterface $session, array $paths = [])
+    {
+        $this->paths = $paths;
+        $this->session = $session;
+    }
+
+    /**
+     * @param ServerRequestInterface  $request
+     * @param RequestHandlerInterface $handler
+     * @return ResponseInterface
+     */
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $return = $handler->handle($request);
+
+        $cookies = $request->getCookieParams();
+        if (
+            $this->session instanceof NativeSessionStorage
+            && in_array($request->getAttribute('route-request-path'), $this->paths)
+            && !isset($cookies[$this->session->getName()])
+        ) {
+            $this->destroyNative();
+        }
+
+        return $return;
+    }
+
+    /**
+     * @return bool
+     * @codeCoverageIgnore
+     */
+    protected function destroyNative()
+    {
+        return session_destroy();
+    }
+}
-- 
cgit v1.2.3-54-g00ecf