src/Component/Firewall/FirewallListener.php line 41

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Component\Firewall;
  7. use App\Entity\User;
  8. use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
  9. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  10. use Symfony\Component\HttpFoundation\RedirectResponse;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  13. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  14. use Symfony\Component\Security\Core\Security;
  15. use Symfony\Component\Security\Http\Event\LogoutEvent;
  17. #[AsEventListener(priority4096)]
  18. readonly class FirewallListener
  19. {
  20.     private const WHITELIST = [
  21.         // Concawe offices (Skynet)
  22.         '91.183.59.41',
  23.         // Concawe offices (Unix Solutions)
  24.         '195.189.202.50',
  25.         // Peter Discart home
  26.         '81.82.232.137',
  27.         // Kristof Torfs home
  28.         '81.82.197.76',
  29.         // Chris Davidson home
  30.         '81.133.240.129',
  31.     ];
  33.     public function __construct(
  34.         private Security $security,
  35.         private TokenStorageInterface $tokenStorage,
  36.         private EventDispatcherInterface $eventDispatcher,
  37.         private string $environment
  38.     ) {
  39.     }
  41.     public function __invoke(ControllerEvent $event): void
  42.     {
  43.         if ('dev' === $this->environment) {
  44.             // Firewall only applies to online environments
  45.             return;
  46.         }
  48.         $user $this->security->getUser();
  49.         if (!$user instanceof User) {
  50.             // Firewall only applies to authenticated users
  51.             return;
  52.         }
  54.         if (!$user->isStaff()) {
  55.             // Firewall only applies to staff members
  56.             return;
  57.         }
  59.         $ip $event->getRequest()->getClientIp();
  60.         if (in_array($ipself::WHITELISTtrue)) {
  61.             // Firewall only applies to IP addresses that are not in the whitelist
  62.             return;
  63.         }
  65.         // Clear authentication
  66.         $this->logout($event->getRequest());
  67.         // Redirect
  68.         $event->setController(fn (): RedirectResponse => new RedirectResponse('/not-secure'));
  69.         // Stop event propagation
  70.         $event->stopPropagation();
  71.     }
  73.     private function logout(Request $request): void
  74.     {
  75.         // FIXME: Use the new Security bundle when upgrading to Symfony 6
  76.         $event = new LogoutEvent($request$this->tokenStorage->getToken());
  77.         $this->eventDispatcher->dispatch($event);
  79.         $this->tokenStorage->setToken(null);
  80.     }
  81. }