vendor/nijens/openapi-bundle/src/EventListener/JsonRequestBodyValidationSubscriber.php line 78

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /*
  6.  * This file is part of the OpenapiBundle package.
  7.  *
  8.  * (c) Niels Nijens <nijens.niels@gmail.com>
  9.  *
  10.  * For the full copyright and license information, please view the LICENSE
  11.  * file that was distributed with this source code.
  12.  */
  14. namespace Nijens\OpenapiBundle\EventListener;
  16. use JsonSchema\Validator;
  17. use Nijens\OpenapiBundle\Exception\BadJsonRequestHttpException;
  18. use Nijens\OpenapiBundle\Exception\InvalidRequestHttpException;
  19. use Nijens\OpenapiBundle\Json\JsonPointer;
  20. use Nijens\OpenapiBundle\Json\SchemaLoaderInterface;
  21. use Nijens\OpenapiBundle\Routing\RouteContext;
  22. use Nijens\OpenapiBundle\Validation\ValidationContext;
  23. use Seld\JsonLint\JsonParser;
  24. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  25. use Symfony\Component\HttpFoundation\HeaderUtils;
  26. use Symfony\Component\HttpKernel\Event\RequestEvent;
  27. use Symfony\Component\HttpKernel\KernelEvents;
  29. /**
  30.  * Validates a JSON request body for routes loaded through the OpenAPI specification.
  31.  *
  32.  * @deprecated since 1.5, to be removed in 2.0. Use the new request validation instead.
  33.  *
  34.  * @author Niels Nijens <nijens.niels@gmail.com>
  35.  */
  36. class JsonRequestBodyValidationSubscriber implements EventSubscriberInterface
  37. {
  38.     /**
  39.      * @var JsonParser
  40.      */
  41.     private $jsonParser;
  43.     /**
  44.      * @var SchemaLoaderInterface
  45.      */
  46.     private $schemaLoader;
  48.     /**
  49.      * @var Validator
  50.      */
  51.     private $jsonValidator;
  53.     /**
  54.      * {@inheritdoc}
  55.      */
  56.     public static function getSubscribedEvents(): array
  57.     {
  58.         return [
  59.             KernelEvents::REQUEST => [
  60.                 ['validateRequestBody'28],
  61.             ],
  62.         ];
  63.     }
  65.     /**
  66.      * Constructs a new JsonRequestBodyValidationSubscriber instance.
  67.      */
  68.     public function __construct(JsonParser $jsonParserSchemaLoaderInterface $schemaLoaderValidator $jsonValidator)
  69.     {
  70.         $this->jsonParser $jsonParser;
  71.         $this->schemaLoader $schemaLoader;
  72.         $this->jsonValidator $jsonValidator;
  73.     }
  75.     /**
  76.      * Validates the body of a request to an OpenAPI specification route. Throws an exception when validation fails.
  77.      */
  78.     public function validateRequestBody(RequestEvent $event): void
  79.     {
  80.         $request $event->getRequest();
  81.         $requestContentType current(HeaderUtils::split($request->headers->get('Content-Type'''), ';'));
  83.         $routeOptions $event->getRequest()->attributes->get(RouteContext::REQUEST_ATTRIBUTE);
  85.         // Not an openAPI route.
  86.         if (isset($routeOptions[RouteContext::RESOURCE]) === false) {
  87.             return;
  88.         }
  90.         // No need for validation.
  91.         if (isset($routeOptions[RouteContext::JSON_REQUEST_VALIDATION_POINTER]) === false) {
  92.             return;
  93.         }
  95.         if ($requestContentType !== 'application/json') {
  96.             throw new BadJsonRequestHttpException("The request content-type must be 'application/json'.");
  97.         }
  99.         $requestBody $request->getContent();
  100.         $decodedJsonRequestBody $this->validateJsonRequestBody($requestBody);
  102.         $this->validateJsonAgainstSchema(
  103.             $routeOptions[RouteContext::RESOURCE],
  104.             $routeOptions[RouteContext::JSON_REQUEST_VALIDATION_POINTER],
  105.             $decodedJsonRequestBody
  106.         );
  108.         $event->getRequest()->attributes->set(
  109.             ValidationContext::REQUEST_ATTRIBUTE,
  110.             [
  111.                 ValidationContext::VALIDATED => true,
  112.                 ValidationContext::REQUEST_BODY => json_encode($decodedJsonRequestBody),
  113.             ]
  114.         );
  115.     }
  117.     /**
  118.      * Validates if the request body is valid JSON.
  119.      *
  120.      * @return mixed
  121.      */
  122.     private function validateJsonRequestBody(string $requestBody)
  123.     {
  124.         $decodedJsonRequestBody json_decode($requestBody);
  125.         if ($decodedJsonRequestBody !== null || $requestBody === 'null') {
  126.             return $decodedJsonRequestBody;
  127.         }
  129.         $exception $this->jsonParser->lint($requestBody);
  131.         throw new BadJsonRequestHttpException('The request body should be valid JSON.'$exception);
  132.     }
  134.     /**
  135.      * Validates the JSON request body against the JSON Schema within the OpenAPI specification.
  136.      *
  137.      * @param mixed $decodedJsonRequestBody
  138.      */
  139.     private function validateJsonAgainstSchema(string $openApiResourcestring $openApiValidationPointer, &$decodedJsonRequestBody): void
  140.     {
  141.         $schema $this->schemaLoader->load($openApiResource);
  143.         $jsonPointer = new JsonPointer($schema);
  144.         $jsonSchema $jsonPointer->get($openApiValidationPointer);
  146.         $this->jsonValidator->validate($decodedJsonRequestBody$jsonSchema);
  148.         if ($this->jsonValidator->isValid() === false) {
  149.             $validationErrors $this->jsonValidator->getErrors();
  150.             $this->jsonValidator->reset();
  152.             $this->throwInvalidRequestException($validationErrors);
  153.         }
  154.     }
  156.     private function throwInvalidRequestException(array $errors): void
  157.     {
  158.         $exception = new InvalidRequestHttpException('Validation of JSON request body failed.');
  159.         $exception->setErrors($errors);
  161.         throw $exception;
  162.     }
  163. }