custom/plugins/ValkarchFormBotBlocker/src/Subscriber/RequestSubscriber.php line 136

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Valkarch\FormBotBlocker\Subscriber;
  5. use Exception;
  6. use Shopware\Core\PlatformRequest;
  7. use Shopware\Core\Framework\Context;
  8. use Symfony\Component\HttpKernel\KernelEvents;
  9. use Symfony\Component\HttpKernel\Event\KernelEvent;
  10. use Symfony\Component\HttpKernel\Event\RequestEvent;
  11. use Shopware\Storefront\Framework\Routing\RequestTransformer;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Valkarch\FormBotBlocker\Service\FormService;
  14. use Valkarch\FormBotBlocker\Service\BlockService;
  15. use Valkarch\FormBotBlocker\Service\PluginService;
  16. use Valkarch\FormBotBlocker\Service\BotLogService;
  17. use Valkarch\FormBotBlocker\Service\CaptchaService;
  18. use Valkarch\FormBotBlocker\Service\HoneypotService;
  19. use Valkarch\FormBotBlocker\Service\ReactionTimeService;
  20. use Valkarch\FormBotBlocker\Service\ExternalPluginsService;
  21. use Valkarch\FormBotBlocker\Content\FormSubmit\FormSubmitDefinition;
  22. use Valkarch\FormBotBlocker\Content\BotLogProtector\BotLogProtectorEntity;
  24. class RequestSubscriber implements EventSubscriberInterface
  25. {
  26.     /**
  27.      * @var FormService
  28.      */
  29.     private FormService $formService;
  31.     /**
  32.      * @var BlockService
  33.      */
  34.     private BlockService $blockService;
  36.     /**
  37.      * @var PluginService
  38.      */
  39.     private PluginService $pluginService;
  41.     /**
  42.      * @var BotLogService
  43.      */
  44.     private BotLogService $botLogService;
  46.     /**
  47.      * @var CaptchaService
  48.      */
  49.     private CaptchaService $captchaService;
  51.     /**
  52.      * @var HoneypotService
  53.      */
  54.     private HoneypotService $honeypotService;
  56.     /**
  57.      * @var ReactionTimeService
  58.      */
  59.     private ReactionTimeService $reactionTimeService;
  61.     /**
  62.      * @var ExternalPluginsService
  63.      */
  64.     private ExternalPluginsService $externalPluginsService;
  66.     /**
  67.      * RequestSubscriber constructor.
  68.      *
  69.      * @param FormService $formService
  70.      * @param BlockService $blockService
  71.      * @param PluginService $pluginService
  72.      * @param BotLogService $botLogService
  73.      * @param CaptchaService $captchaService
  74.      * @param HoneypotService $honeypotService
  75.      * @param ReactionTimeService $reactionTimeService
  76.      * @param ExternalPluginsService $externalPluginsService
  77.      */
  78.     public function __construct(
  79.         FormService $formService,
  80.         BlockService $blockService,
  81.         PluginService $pluginService,
  82.         BotLogService $botLogService,
  83.         CaptchaService $captchaService,
  84.         HoneypotService $honeypotService,
  85.         ReactionTimeService $reactionTimeService,
  86.         ExternalPluginsService $externalPluginsService
  87.     )
  88.     {
  89.         $this->formService $formService;
  90.         $this->blockService $blockService;
  91.         $this->pluginService $pluginService;
  92.         $this->botLogService $botLogService;
  93.         $this->captchaService $captchaService;
  94.         $this->honeypotService $honeypotService;
  95.         $this->reactionTimeService $reactionTimeService;
  96.         $this->externalPluginsService $externalPluginsService;
  97.     }
  99.     /**
  100.      * The event names to listen to
  101.      *
  102.      * @return array<string, string>
  103.      */
  104.     public static function getSubscribedEvents(): array
  105.     {
  106.         return [
  107.             RequestEvent::class => 'onRequest',
  108.             KernelEvents::CONTROLLER => ['onKernelController', -19]
  109.         ];
  110.     }
  112.     /**
  113.      * Deactivate captcha validation if needed
  114.      * Use before KERNEL_CONTROLLER_EVENT_SCOPE_VALIDATE = -20;
  115.      *
  116.      * @param KernelEvent $event
  117.      */
  118.     public function onKernelController(KernelEvent $event): void
  119.     {
  120.         if ($event->getRequest()->hasSession() &&
  121.             ($session $event->getRequest()->getSession())->isStarted() &&
  122.             $session->has(PluginService::SESSION_FORM_BOT_BLOCKER_CAPTCHA_STATUS)
  123.         ) {
  124.             $session->remove(PluginService::SESSION_FORM_BOT_BLOCKER_CAPTCHA_STATUS);
  125.             // Deactivate captcha validation
  126.             $event->getRequest()->attributes->set(PlatformRequest::ATTRIBUTE_CAPTCHAfalse);
  127.         }
  128.     }
  130.     /**
  131.      * Evaluation of the protective measures
  132.      *
  133.      * @param RequestEvent $event
  134.      * @throws Exception
  135.      */
  136.     public function onRequest(RequestEvent $event): void
  137.     {
  138.         $request $event->getRequest();
  139.         $route $request->attributes->get('_route');
  141.         // Unsupported requests
  142.         if (!$route ||
  143.             $request->getMethod() != 'POST' ||
  144.             $request->request->count() === 0
  145.         ) {
  146.             return;
  147.         }
  149.         $routeFormLogName $this->formService->getRouteFormLogName($route);
  151.         // Unsupported forms
  152.         if (!$routeFormLogName) {
  153.             return;
  154.         }
  156.         $session $request->getSession();
  157.         $ip $this->formService->getRealIpAddr();
  158.         $context Context::createDefaultContext();
  160.         // Is ip blocked
  161.         if ($this->blockService->isIpBlocked($ip$context)) {
  162.             $response $this->formService->getResponse($session$request200'invalid_ip''formBotBlocker.errors.ipBlocked');
  163.             $event->setResponse($response);
  164.             return;
  165.         }
  167.         $salesChannelId $request->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_ID);
  169.         // Not activating forms
  170.         if (!$this->formService->isFormToProtectActive($route$salesChannelId)) {
  171.             return;
  172.         }
  174.         // Not supported external plugin versioned form
  175.         if ($this->externalPluginsService->isVersionedForm($request->request)) {
  176.             if (!$this->externalPluginsService->isSupportedVersionedForm($request->request$context)) {
  177.                 return;
  178.             }
  179.         }
  181.         $requestParams $request->request->all();
  182.         $requestUrl $request->attributes->get(RequestTransformer::ORIGINAL_REQUEST_URI);
  183.         $shopUrl $request->attributes->get(RequestTransformer::SALES_CHANNEL_ABSOLUTE_BASE_URL);
  185.         // Is simple honeypot active
  186.         if ($this->pluginService->isSimpleHoneypotProtectorActive($salesChannelId)) {
  187.             // Simple honeypot protector
  188.             if (!$this->honeypotService->isValidSimpleHoneypot($request->request)) {
  189.                 $this->botLogService->saveLog($ip,
  190.                     $shopUrl,
  191.                     $routeFormLogName,
  192.                     BotLogProtectorEntity::SIMPLE_HONEYPOT_PROTECTOR,
  193.                     $requestUrl,
  194.                     $requestParams,
  195.                     $salesChannelId,
  196.                     $context
  197.                 );
  199.                 $response $this->formService->getResponse($session$request200'invalid_input''formBotBlocker.errors.honeypot');
  200.                 $event->setResponse($response);
  201.                 return;
  202.             }
  203.         }
  205.         // Is dynamic honeypot active
  206.         if ($this->pluginService->isDynamicHoneypotProtectorActive($salesChannelId)) {
  207.             // Dynamic honeypot protector
  208.             if (!$this->honeypotService->isValidDynamicHoneypot($request->request$context)) {
  209.                 $this->botLogService->saveLog($ip,
  210.                     $shopUrl,
  211.                     $routeFormLogName,
  212.                     BotLogProtectorEntity::DYNAMIC_HONEYPOT_PROTECTOR,
  213.                     $requestUrl,
  214.                     $requestParams,
  215.                     $salesChannelId,
  216.                     $context
  217.                 );
  219.                 $response $this->formService->getResponse($session$request200'invalid_input''formBotBlocker.errors.honeypot');
  220.                 $event->setResponse($response);
  221.                 return;
  222.             }
  223.         }
  225.         // Is reaction time active
  226.         if ($this->pluginService->isReactionTimeProtectorActive($salesChannelId)) {
  227.             // Reaction time protector
  228.             if (!$this->reactionTimeService->isValidReactionTime($session$salesChannelId)) {
  229.                 $this->botLogService->saveLog($ip,
  230.                     $shopUrl,
  231.                     $routeFormLogName,
  232.                     BotLogProtectorEntity::REACTION_TIME_PROTECTOR,
  233.                     $requestUrl,
  234.                     $requestParams,
  235.                     $salesChannelId,
  236.                     $context
  237.                 );
  239.                 $response $this->formService->getResponse($session$request200'invalid_reaction_time''formBotBlocker.errors.reactionTime');
  240.                 $event->setResponse($response);
  241.                 return;
  242.             }
  243.         }
  245.         $actionProtectorRouteFormLogName $this->formService->getActionProtectorRouteFormLogName($route);
  246.         if ($actionProtectorRouteFormLogName) {
  247.             // Is form action protector active
  248.             if ($this->pluginService->isFormActionProtectorActive($salesChannelId)) {
  249.                 $this->botLogService->saveLog($ip,
  250.                     $shopUrl,
  251.                     $actionProtectorRouteFormLogName,
  252.                     BotLogProtectorEntity::FORM_ACTION_PROTECTOR,
  253.                     $requestUrl,
  254.                     $requestParams,
  255.                     $salesChannelId,
  256.                     $context
  257.                 );
  259.                 $response $this->formService->getResponse($session$request200'invalid_form''formBotBlocker.errors.formAction');
  260.                 $event->setResponse($response);
  261.                 return;
  262.             }
  263.         }
  265.         // Is captcha defer active
  266.         if ($this->pluginService->isCaptchaDeferActive($salesChannelId)) {
  267.             // Set deactivate captcha validation flag in session
  268.             if (!$this->captchaService->isCaptchaActive($ip$salesChannelId$context)) {
  269.                 $session->set(PluginService::SESSION_FORM_BOT_BLOCKER_CAPTCHA_STATUSfalse);
  270.             }
  271.             // Save form submits
  272.             $writtenEvent $this->captchaService->saveFormSubmit($ip$salesChannelId$context);
  274.             // Automatically delete old form submits of all ip's
  275.             if ($formSubmitEvent $writtenEvent->getEventByEntityName(FormSubmitDefinition::ENTITY_NAME)) {
  276.                 $submits $formSubmitEvent->getWriteResults()[0]->getPayload()['submits'];
  277.                 // Delete when someone has made 3 summits
  278.                 if ($submits === 3) {
  279.                     $this->captchaService->deleteOldFormSubmitsOfAllUsers($salesChannelId$context);
  280.                 }
  281.             }
  282.         }
  283.     }
  284. }