src/EventListener/ApiTokenListener.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\EventListener;
  5. use App\Repository\ClienteRepository;
  6. use Symfony\Component\HttpKernel\Event\RequestEvent;
  7. use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
  9. readonly class ApiTokenListener
  10. {
  12. public function __construct(private ClienteRepository $clienteRepository)
  13. {
  14. }
  16. public function onKernelRequest(RequestEvent $event): void
  17. {
  18. $request = $event->getRequest();
  20. if (!str_starts_with($request->getPathInfo(), '/api/') || str_starts_with($request->getPathInfo(), '/api/doc')) {
  21. return;
  22. }
  24. $authHeader = $request->headers->get('Authorization');
  25. if (!$authHeader || !str_starts_with($authHeader, 'Bearer ')) {
  26. throw new AccessDeniedHttpException('Missing or invalid Authorization header.');
  27. }
  29. $token = substr($authHeader, 7);
  30. $cliente = $this->clienteRepository->findOneBy(['token' => $token]);
  32. if (!$cliente) {
  33. throw new AccessDeniedHttpException('Invalid API token.');
  34. }
  36. $request->attributes->set('cliente', $cliente);
  37. }
  38. }