2 declare(strict_types
= 1);
3 namespace TYPO3\CMS\Backend\Http
;
6 * This file is part of the TYPO3 CMS project.
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
15 * The TYPO3 project - inspiring people to share!
18 use Psr\Http\Message\ResponseInterface
;
19 use Psr\Http\Message\ServerRequestInterface
;
20 use Psr\Http\Server\RequestHandlerInterface
as PsrRequestHandlerInterface
;
21 use TYPO3\CMS\Backend\Routing\Exception\InvalidRequestTokenException
;
22 use TYPO3\CMS\Backend\Routing\Exception\ResourceNotFoundException
;
23 use TYPO3\CMS\Core\Core\Bootstrap
;
24 use TYPO3\CMS\Core\Http\RequestHandlerInterface
;
25 use TYPO3\CMS\Core\Http\Response
;
26 use TYPO3\CMS\Core\Utility\GeneralUtility
;
31 * Main entry point for AJAX calls in the TYPO3 Backend. Based on ?route=/ajax/* of the outside application.
32 * Before doing the basic BE-related set up of this request (see the additional calls on $this->bootstrap inside
33 * handleRequest()), some AJAX-calls can be made without a valid user, which is determined here.
35 * AJAX Requests are typically registered within EXT:myext/Configuration/Backend/AjaxRoutes.php
37 class AjaxRequestHandler
implements RequestHandlerInterface
, PsrRequestHandlerInterface
40 * Instance of the current TYPO3 bootstrap
46 * List of requests that don't need a valid BE user
49 protected $publicAjaxRoutes = [
52 '/ajax/login/refresh',
53 '/ajax/login/timedout',
58 * Constructor handing over the bootstrap and the original request
60 * @param Bootstrap $bootstrap
62 public function __construct(Bootstrap
$bootstrap)
64 $this->bootstrap
= $bootstrap;
68 * Handles any AJAX request in the TYPO3 Backend
70 * @param ServerRequestInterface $request
71 * @return ResponseInterface
73 public function handleRequest(ServerRequestInterface
$request): ResponseInterface
75 return $this->handle($request);
79 * Handles any AJAX request in the TYPO3 Backend, after finishing running middlewares
81 * @param ServerRequestInterface $request
82 * @return ResponseInterface
84 public function handle(ServerRequestInterface
$request): ResponseInterface
86 // First get the name of the route
87 $routePath = $request->getParsedBody()['route'] ??
$request->getQueryParams()['route'] ??
'';
88 $request = $request->withAttribute('routePath', $routePath);
90 $proceedIfNoUserIsLoggedIn = $this->isLoggedInBackendUserRequired($routePath);
91 $this->boot($proceedIfNoUserIsLoggedIn);
93 // Backend Routing - check if a valid route is there, and dispatch
94 return $this->dispatch($request);
98 * This request handler can handle any backend request having
101 * @param ServerRequestInterface $request
102 * @return bool If the request is an AJAX backend request, TRUE otherwise FALSE
104 public function canHandleRequest(ServerRequestInterface
$request): bool
106 $routePath = $request->getParsedBody()['route'] ??
$request->getQueryParams()['route'] ??
'';
107 return strpos($routePath, '/ajax/') === 0;
111 * Returns the priority - how eager the handler is to actually handle the request.
113 * @return int The priority of the request handler.
115 public function getPriority(): int
121 * Check if the user is required for the request
122 * If we're trying to do an ajax login, don't require a user
124 * @param string $routePath the Route path to check against, something like '
125 * @return bool whether the request can proceed without a login required
127 protected function isLoggedInBackendUserRequired(string $routePath): bool
129 return in_array($routePath, $this->publicAjaxRoutes
, true);
133 * Start the Backend bootstrap part
135 * @param bool $proceedIfNoUserIsLoggedIn a flag if a backend user is required
137 protected function boot(bool $proceedIfNoUserIsLoggedIn)
140 ->checkLockedBackendAndRedirectOrDie($proceedIfNoUserIsLoggedIn)
141 ->checkBackendIpOrDie()
142 ->checkSslBackendAndRedirectIfNeeded()
143 ->initializeBackendRouter()
145 ->initializeBackendUser()
146 ->initializeBackendAuthentication($proceedIfNoUserIsLoggedIn)
147 ->initializeLanguageObject()
148 ->initializeBackendTemplate()
149 ->endOutputBufferingAndCleanPreviousOutput()
150 ->initializeOutputCompression()
155 * Creates a response object with JSON headers automatically, and then dispatches to the correct route
157 * @param ServerRequestInterface $request
158 * @return ResponseInterface $response
159 * @throws ResourceNotFoundException if no valid route was found
160 * @throws InvalidRequestTokenException if the request could not be verified
162 protected function dispatch(ServerRequestInterface
$request): ResponseInterface
164 /** @var Response $response */
165 $response = GeneralUtility
::makeInstance(Response
::class, 'php://temp', 200, [
166 'Content-Type' => 'application/json; charset=utf-8',
170 /** @var RouteDispatcher $dispatcher */
171 $dispatcher = GeneralUtility
::makeInstance(RouteDispatcher
::class);
172 return $dispatcher->dispatch($request, $response);