1: <?php
  2: /**
  3:  * This file is part of the Autarky package.
  4:  *
  5:  * (c) Andreas Lutro <anlutro@gmail.com>
  6:  *
  7:  * For the full copyright and license information, please view the LICENSE
  8:  * file that was distributed with this source code.
  9:  */
 10: 
 11: namespace Autarky\Http;
 12: 
 13: use Symfony\Component\HttpKernel\HttpKernelInterface;
 14: use Symfony\Component\HttpFoundation\Request;
 15: use Symfony\Component\HttpFoundation\Response;
 16: use Symfony\Component\HttpFoundation\Cookie;
 17: use Symfony\Component\HttpFoundation\Session\SessionInterface;
 18: use Autarky\Application;
 19: 
 20: /**
 21:  * Session middleware.
 22:  */
 23: class SessionMiddleware implements HttpKernelInterface
 24: {
 25:     /**
 26:      * @var HttpKernelInterface
 27:      */
 28:     protected $kernel;
 29: 
 30:     /**
 31:      * @var SessionInterface
 32:      */
 33:     protected $session;
 34: 
 35:     /**
 36:      * Whether the sessions should always be started. Normal behaviour is to
 37:      * start the sesion whenever an operation is requested from it.
 38:      *
 39:      * @var bool
 40:      */
 41:     protected $forceStart;
 42: 
 43:     /**
 44:      * Additional cookie parameters to add to the session ID cookie.
 45:      *
 46:      * @var array
 47:      */
 48:     protected $cookies;
 49: 
 50:     /**
 51:      * @param HttpKernelInterface $kernel
 52:      * @param Application         $app
 53:      */
 54:     public function __construct(HttpKernelInterface $kernel, Application $app)
 55:     {
 56:         $this->kernel = $kernel;
 57:         $this->session = $app->getContainer()
 58:             ->resolve('Symfony\Component\HttpFoundation\Session\SessionInterface');
 59:         $this->forceStart = $app->getConfig()
 60:             ->get('session.force', false);
 61:         $this->cookies = $app->getConfig()
 62:             ->get('session.cookies', []);
 63:     }
 64: 
 65:     /**
 66:      * {@inheritdoc}
 67:      */
 68:     public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
 69:     {
 70:         // always set the session onto the request object.
 71:         $request->setSession($this->session);
 72: 
 73:         // we only need to manage the session for the master request.
 74:         // subrequests will have the session available anyways, but we will
 75:         // be closing and setting the cookie for the master request only.
 76:         if ($type !== HttpKernelInterface::MASTER_REQUEST) {
 77:             return $this->kernel->handle($request, $type, $catch);
 78:         }
 79: 
 80:         // the session may have been manually started before the middleware is
 81:         // invoked - in this case, we cross our fingers and hope the session has
 82:         // properly initialised itself
 83:         if (!$this->session->isStarted()) {
 84:             $this->initSession($request);
 85:         }
 86: 
 87:         $response = $this->kernel->handle($request, $type, $catch);
 88: 
 89:         // if the session has started, save it and attach the session cookie. if
 90:         // the session has not started, there is nothing to save and there is no
 91:         // point in attaching a cookie to persist it.
 92:         if ($this->session->isStarted()) {
 93:             $this->closeSession($request, $response);
 94:         }
 95: 
 96:         return $response;
 97:     }
 98: 
 99:     protected function initSession(Request $request)
100:     {
101:         // the name of the session cookie name.
102:         $sessionName = $this->session->getName();
103: 
104:         // if a session cookie exists, load the appropriate session ID.
105:         if ($request->cookies->has($sessionName)) {
106:             $this->session->setId($request->cookies->get($sessionName));
107:         }
108: 
109:         // in some rare cases you may want to force the session to start on
110:         // every request.
111:         if ($this->forceStart) {
112:             $this->session->start();
113:         }
114:     }
115: 
116:     protected function closeSession(Request $request, Response $response)
117:     {
118:         // save all session data
119:         $this->session->save();
120: 
121:         // attach the session cookie
122:         $response->headers->setCookie($this->makeCookie($request));
123:     }
124: 
125:     protected function makeCookie(Request $request)
126:     {
127:         // merge native PHP session cookie params with custom ones.
128:         $params = array_replace(session_get_cookie_params(), $this->cookies);
129: 
130:         // if the cookie lifetime is not 0 (closes when browser window closes),
131:         // add the request time and the lifetime to get the expiration time of
132:         // the cookie.
133:         if ($params['lifetime'] !== 0) {
134:             $params['lifetime'] = $request->server->get('REQUEST_TIME') + $params['lifetime'];
135:         }
136: 
137:         return new Cookie(
138:             $this->session->getName(),
139:             $this->session->getId(),
140:             $params['lifetime'],
141:             $params['path'],
142:             $params['domain'],
143:             $params['secure'],
144:             $params['httponly']
145:         );
146:     }
147: }
148: