<?php
declare(strict_types=1);
namespace WapplerSystems\Meilisearch\Middleware;
/***************************************************************
* Copyright notice
*
* (c) 2020 dkd Internet Services GmbH <meilisearch-eb-support@dkd.de>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
* A copy is found in the text file GPL.txt and important notices to the license
* from the author is found in LICENSE.txt distributed with these scripts.
*
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
use WapplerSystems\Meilisearch\Access\Rootline;
use WapplerSystems\Meilisearch\IndexQueue\FrontendHelper\AuthorizationService;
use WapplerSystems\Meilisearch\IndexQueue\PageIndexerRequest;
use WapplerSystems\Meilisearch\IndexQueue\PageIndexerRequestHandler;
use WapplerSystems\Meilisearch\System\Logging\MeilisearchLogManager;
use WapplerSystems\Meilisearch\Util;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Context\UserAspect;
use TYPO3\CMS\Core\Http\JsonResponse;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
/**
* Class FrontendUserAuthenticator is responsible to fake a frontend user and fe_groups.
* It makes possible to Index access restricted pages and content elements.
*/
class FrontendUserAuthenticator implements MiddlewareInterface
{
/**
* @var Context
*/
protected $context;
/**
* FrontendUserAuthorizator constructor.
*
* @param Context|null $context
* @noinspection PhpUnused
*/
public function __construct(?Context $context = null)
{
$this->context = $context ?? GeneralUtility::makeInstance(Context::class);
}
/**
* @param ServerRequestInterface $request
* @param RequestHandlerInterface $handler
* @return ResponseInterface
* @noinspection PhpUnused
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
if (!$request->hasHeader(PageIndexerRequest::SOLR_INDEX_HEADER)) {
return $handler->handle($request);
}
// disable TSFE cache for TYPO3 v10
$request = $request->withAttribute('noCache', true);
$jsonEncodedParameters = $request->getHeader(PageIndexerRequest::SOLR_INDEX_HEADER)[0];
/* @var PageIndexerRequestHandler $pageIndexerRequestHandler */
$pageIndexerRequestHandler = GeneralUtility::makeInstance(PageIndexerRequestHandler::class, $jsonEncodedParameters);
if (!$pageIndexerRequestHandler->getRequest()->isAuthenticated()) {
/* @var MeilisearchLogManager $logger */
$logger = GeneralUtility::makeInstance(MeilisearchLogManager::class, self::class);
$logger->log(
MeilisearchLogManager::ERROR,
'Invalid Index Queue Frontend Request detected!',
[
'page indexer request' => (array)$pageIndexerRequestHandler->getRequest(),
'index queue header' => $jsonEncodedParameters
]
);
return new JsonResponse(['error' => ['code' => 403, 'message' => 'Invalid Index Queue Request.']], 403);
}
$request = $this->tryToAuthenticateFrontendUser($pageIndexerRequestHandler, $request);
return $handler->handle($request);
}
/**
* Fakes a logged in user to retrieve access restricted content.
*
* @param PageIndexerRequestHandler $handler
* @param ServerRequestInterface $request
* @return ServerRequestInterface
* @noinspection PhpUnused
*/
protected function tryToAuthenticateFrontendUser(PageIndexerRequestHandler $handler, ServerRequestInterface $request): ServerRequestInterface
{
$accessRootline = $this->getAccessRootline($handler);
$stringAccessRootline = (string)$accessRootline;
if (empty($stringAccessRootline)) {
return $request;
}
$groups = $accessRootline->getGroups();
/* @var FrontendUserAuthentication $feUser */
$feUser = GeneralUtility::makeInstance(FrontendUserAuthentication::class);
$feUser->user[$feUser->username_column] = AuthorizationService::SOLR_INDEXER_USERNAME;
/* @noinspection PhpParamsInspection */
$this->context->setAspect('frontend.user', GeneralUtility::makeInstance(UserAspect::class, $feUser, $groups));
$request = $request->withAttribute('frontend.user', $feUser);
return $request;
}
/**
* Gets the access rootline as defined by the request.
*
* @param PageIndexerRequestHandler $handler
* @return Rootline The access rootline to use for indexing.
*/
protected function getAccessRootline(PageIndexerRequestHandler $handler): Rootline
{
$stringAccessRootline = '';
if ($handler->getRequest()->getParameter('accessRootline')) {
$stringAccessRootline = $handler->getRequest()->getParameter('accessRootline');
}
/* @noinspection PhpIncompatibleReturnTypeInspection */
return GeneralUtility::makeInstance(Rootline::class, /** @scrutinizer ignore-type */ $stringAccessRootline);
}
}