vendor/symfony/ux-live-component/src/EventListener/LiveComponentSubscriber.php line 242

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\UX\LiveComponent\EventListener;
  14. use Psr\Container\ContainerInterface;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\Exception\JsonException;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  20. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  21. use Symfony\Component\HttpKernel\Event\RequestEvent;
  22. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  23. use Symfony\Component\HttpKernel\Event\ViewEvent;
  24. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  25. use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
  26. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  27. use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException;
  28. use Symfony\Component\Security\Csrf\CsrfToken;
  29. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  30. use Symfony\Contracts\Service\ServiceSubscriberInterface;
  31. use Symfony\UX\LiveComponent\Attribute\AsLiveComponent;
  32. use Symfony\UX\LiveComponent\Attribute\LiveArg;
  33. use Symfony\UX\LiveComponent\LiveComponentHydrator;
  34. use Symfony\UX\LiveComponent\Metadata\LiveComponentMetadataFactory;
  35. use Symfony\UX\LiveComponent\Util\LiveControllerAttributesCreator;
  36. use Symfony\UX\TwigComponent\ComponentFactory;
  37. use Symfony\UX\TwigComponent\ComponentMetadata;
  38. use Symfony\UX\TwigComponent\ComponentRenderer;
  39. use Symfony\UX\TwigComponent\MountedComponent;
  41. /**
  42.  * @author Kevin Bond <kevinbond@gmail.com>
  43.  * @author Ryan Weaver <ryan@symfonycasts.com>
  44.  *
  45.  * @experimental
  46.  *
  47.  * @internal
  48.  */
  49. class LiveComponentSubscriber implements EventSubscriberInterfaceServiceSubscriberInterface
  50. {
  51.     private const HTML_CONTENT_TYPE 'application/vnd.live-component+html';
  52.     private const REDIRECT_HEADER 'X-Live-Redirect';
  54.     public function __construct(private ContainerInterface $container)
  55.     {
  56.     }
  58.     public static function getSubscribedServices(): array
  59.     {
  60.         return [
  61.             ComponentRenderer::class,
  62.             ComponentFactory::class,
  63.             LiveComponentHydrator::class,
  64.             LiveComponentMetadataFactory::class,
  65.             '?'.CsrfTokenManagerInterface::class,
  66.         ];
  67.     }
  69.     public function onKernelRequest(RequestEvent $event): void
  70.     {
  71.         $request $event->getRequest();
  73.         if (!$this->isLiveComponentRequest($request)) {
  74.             return;
  75.         }
  77.         if ($request->attributes->has('_controller')) {
  78.             return;
  79.         }
  81.         // the default "action" is get, which does nothing
  82.         $action $request->attributes->get('_live_action''get');
  83.         $componentName = (string) $request->attributes->get('_live_component');
  85.         $request->attributes->set('_component_name'$componentName);
  87.         try {
  88.             /** @var ComponentMetadata $metadata */
  89.             $metadata $this->container->get(ComponentFactory::class)->metadataFor($componentName);
  90.         } catch (\InvalidArgumentException $e) {
  91.             throw new NotFoundHttpException(sprintf('Component "%s" not found.'$componentName), $e);
  92.         }
  94.         if (!$metadata->get('live'false)) {
  95.             throw new NotFoundHttpException(sprintf('"%s" (%s) is not a Live Component.'$metadata->getClass(), $componentName));
  96.         }
  98.         if ('get' === $action) {
  99.             $defaultAction trim($metadata->get('default_action''__invoke'), '()');
  101.             // set default controller for "default" action
  102.             $request->attributes->set('_controller'sprintf('%s::%s'$metadata->getServiceId(), $defaultAction));
  103.             $request->attributes->set('_component_default_action'true);
  105.             return;
  106.         }
  108.         if (!$request->isMethod('post')) {
  109.             throw new MethodNotAllowedHttpException(['POST']);
  110.         }
  112.         if (
  113.             $this->container->has(CsrfTokenManagerInterface::class) &&
  114.             $metadata->get('csrf') &&
  115.             !$this->container->get(CsrfTokenManagerInterface::class)->isTokenValid(new CsrfToken(LiveControllerAttributesCreator::getCsrfTokeName($componentName), $request->headers->get('X-CSRF-TOKEN')))) {
  116.             throw new BadRequestHttpException('Invalid CSRF token.');
  117.         }
  119.         if ('_batch' === $action) {
  120.             // use batch controller
  121.             $data $this->parseDataFor($request);
  123.             $request->attributes->set('_controller''ux.live_component.batch_action_controller');
  124.             $request->attributes->set('serviceId'$metadata->getServiceId());
  125.             $request->attributes->set('actions'$data['actions']);
  126.             $request->attributes->set('_mounted_component'$this->hydrateComponent(
  127.                 $this->container->get(ComponentFactory::class)->get($componentName),
  128.                 $componentName,
  129.                 $request
  130.             ));
  131.             $request->attributes->set('_is_live_batch_action'true);
  133.             return;
  134.         }
  136.         $request->attributes->set('_controller'sprintf('%s::%s'$metadata->getServiceId(), $action));
  137.     }
  139.     public function onKernelController(ControllerEvent $event): void
  140.     {
  141.         $request $event->getRequest();
  143.         if (!$this->isLiveComponentRequest($request)) {
  144.             return;
  145.         }
  147.         if ($request->attributes->get('_is_live_batch_action')) {
  148.             return;
  149.         }
  151.         $controller $event->getController();
  153.         if (!\is_array($controller) || !== \count($controller)) {
  154.             throw new \RuntimeException('Not a valid live component.');
  155.         }
  157.         [$component$action] = $controller;
  159.         if (!\is_object($component)) {
  160.             throw new \RuntimeException('Not a valid live component.');
  161.         }
  163.         if (!$request->attributes->get('_component_default_action'false) && !AsLiveComponent::isActionAllowed($component$action)) {
  164.             throw new NotFoundHttpException(sprintf('The action "%s" either doesn\'t exist or is not allowed in "%s". Make sure it exist and has the LiveAction attribute above it.'$action\get_class($component)));
  165.         }
  167.         /*
  168.          * Either we:
  169.          *      A) We do NOT have a _mounted_component, so hydrate $component
  170.          *          (normal situation, rendering a single component)
  171.          *      B) We DO have a _mounted_component, so no need to hydrate,
  172.          *          but we DO need to make sure it's set as the controller.
  173.          *          (sub-request during batch controller)
  174.          */
  175.         if (!$request->attributes->has('_mounted_component')) {
  176.             $request->attributes->set('_mounted_component'$this->hydrateComponent(
  177.                 $component,
  178.                 $request->attributes->get('_component_name'),
  179.                 $request
  180.             ));
  181.         } else {
  182.             // override the component with our already-mounted version
  183.             $component $request->attributes->get('_mounted_component')->getComponent();
  184.             $event->setController([
  185.                 $component,
  186.                 $action,
  187.             ]);
  188.         }
  190.         // read the action arguments from the request, unless they're already set (batch sub-requests)
  191.         $actionArguments $request->attributes->get('_component_action_args'$this->parseDataFor($request)['args']);
  192.         // extra variables to be made available to the controller
  193.         // (for "actions" only)
  194.         foreach (LiveArg::liveArgs($component$action) as $parameter => $arg) {
  195.             if (isset($actionArguments[$arg])) {
  196.                 $request->attributes->set($parameter$actionArguments[$arg]);
  197.             }
  198.         }
  199.     }
  201.     /**
  202.      * @return array{
  203.      *     data: array,
  204.      *     args: array,
  205.      *     actions: array
  206.      *     // has "fingerprint" and "tag" string key, keyed by component id
  207.      *     children: array
  208.      *     propsFromParent: array
  209.      * }
  210.      */
  211.     private static function parseDataFor(Request $request): array
  212.     {
  213.         if (!$request->attributes->has('_live_request_data')) {
  214.             if ($request->query->has('props')) {
  215.                 $liveRequestData = [
  216.                     'props' => self::parseJsonFromQuery($request'props'),
  217.                     'updated' => self::parseJsonFromQuery($request'updated'),
  218.                     'args' => [],
  219.                     'actions' => [],
  220.                     'children' => self::parseJsonFromQuery($request'children'),
  221.                     'propsFromParent' => self::parseJsonFromQuery($request'propsFromParent'),
  222.                 ];
  223.             } else {
  224.                 $requestData $request->toArray();
  226.                 $liveRequestData = [
  227.                     'props' => $requestData['props'] ?? [],
  228.                     'updated' => $requestData['updated'] ?? [],
  229.                     'args' => $requestData['args'] ?? [],
  230.                     'actions' => $requestData['actions'] ?? [],
  231.                     'children' => $requestData['children'] ?? [],
  232.                     'propsFromParent' => $requestData['propsFromParent'] ?? [],
  233.                 ];
  234.             }
  236.             $request->attributes->set('_live_request_data'$liveRequestData);
  237.         }
  239.         return $request->attributes->get('_live_request_data');
  240.     }
  242.     public function onKernelView(ViewEvent $event): void
  243.     {
  244.         if (!$this->isLiveComponentRequest($request $event->getRequest())) {
  245.             return;
  246.         }
  248.         if (!$event->isMainRequest()) {
  249.             // sub-request, so skip rendering
  250.             $event->setResponse(new Response());
  252.             return;
  253.         }
  255.         $event->setResponse($this->createResponse($request->attributes->get('_mounted_component')));
  256.     }
  258.     public function onKernelException(ExceptionEvent $event): void
  259.     {
  260.         if (!$this->isLiveComponentRequest($request $event->getRequest())) {
  261.             return;
  262.         }
  264.         if (!$event->getThrowable() instanceof UnprocessableEntityHttpException) {
  265.             return;
  266.         }
  268.         // in case the exception was too early somehow
  269.         if (!$mounted $request->attributes->get('_mounted_component')) {
  270.             return;
  271.         }
  273.         $event->setResponse($this->createResponse($mounted));
  274.     }
  276.     public function onKernelResponse(ResponseEvent $event): void
  277.     {
  278.         $request $event->getRequest();
  279.         $response $event->getResponse();
  281.         if (!$this->isLiveComponentRequest($request)) {
  282.             return;
  283.         }
  285.         if (!\in_array(self::HTML_CONTENT_TYPE$request->getAcceptableContentTypes(), true)) {
  286.             return;
  287.         }
  289.         if (!$response->isRedirection()) {
  290.             return;
  291.         }
  293.         $responseNoContent = new Response(nullResponse::HTTP_NO_CONTENT, [
  294.             self::REDIRECT_HEADER => '1',
  295.         ]);
  297.         $responseNoContent->headers->add($response->headers->all());
  299.         $event->setResponse($responseNoContent);
  300.     }
  302.     public static function getSubscribedEvents(): array
  303.     {
  304.         return [
  305.             RequestEvent::class => 'onKernelRequest',
  306.             // positive priority in case other ControllerEvent listeners need the attributes we set
  307.             ControllerEvent::class => ['onKernelController'10],
  308.             ViewEvent::class => 'onKernelView',
  309.             ResponseEvent::class => 'onKernelResponse',
  310.             // priority so that the exception is processed before it can be logged as an error
  311.             ExceptionEvent::class => ['onKernelException'20],
  312.         ];
  313.     }
  315.     private function createResponse(MountedComponent $mounted): Response
  316.     {
  317.         $component $mounted->getComponent();
  319.         foreach (AsLiveComponent::preReRenderMethods($component) as $method) {
  320.             $component->{$method->name}();
  321.         }
  323.         return new Response($this->container->get(ComponentRenderer::class)->render($mounted), 200, [
  324.             'Content-Type' => self::HTML_CONTENT_TYPE,
  325.         ]);
  326.     }
  328.     private function isLiveComponentRequest(Request $request): bool
  329.     {
  330.         return $request->attributes->has('_live_component');
  331.     }
  333.     private function hydrateComponent(object $componentstring $componentNameRequest $request): MountedComponent
  334.     {
  335.         $hydrator $this->container->get(LiveComponentHydrator::class);
  336.         \assert($hydrator instanceof LiveComponentHydrator);
  337.         $metadataFactory $this->container->get(LiveComponentMetadataFactory::class);
  338.         \assert($metadataFactory instanceof LiveComponentMetadataFactory);
  340.         $componentAttributes $hydrator->hydrate(
  341.             $component,
  342.             $this->parseDataFor($request)['props'],
  343.             $this->parseDataFor($request)['updated'],
  344.             $metadataFactory->getMetadata($componentName),
  345.             $this->parseDataFor($request)['propsFromParent']
  346.         );
  348.         $mountedComponent = new MountedComponent($componentName$component$componentAttributes);
  350.         $mountedComponent->addExtraMetadata(
  351.             InterceptChildComponentRenderSubscriber::CHILDREN_FINGERPRINTS_METADATA_KEY,
  352.             $this->parseDataFor($request)['children']
  353.         );
  355.         return $mountedComponent;
  356.     }
  358.     private static function parseJsonFromQuery(Request $requeststring $key): array
  359.     {
  360.         if (!$request->query->has($key)) {
  361.             return [];
  362.         }
  364.         try {
  365.             return json_decode($request->query->get($key), true512\JSON_THROW_ON_ERROR);
  366.         } catch (\JsonException $exception) {
  367.             throw new JsonException(sprintf('Invalid JSON on query string %s.'$key), 0$exception);
  368.         }
  369.     }
  370. }