turnstile

taler_turnstile.module (10283B)

---

 <?php
 
 /**
  * @file
  * Main module file for Turnstile.
  *
  * The paywall flow is built around a static, cacheable paywall page
  * that references a "paivana"-style template in the merchant backend.
  * No PHP session is touched on the unprotected path: the gate is a
  * cookie minted by /taler-turnstile/paivana once the visitor's wallet
  * has paid.
  */
 
 use Drupal\Core\Cache\Cache;
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Entity\Display\EntityViewDisplayInterface;
 
 
 /**
  * Cookie name used to grant access to a previously-paid fulfillment URL.
  * Computed and verified by Drupal\taler_turnstile\PaivanaCookie.
  */
 const TALER_TURNSTILE_COOKIE = 'taler_turnstile_paivana';
 
 
 /**
  * Implements hook_form_FORM_ID_alter() for node forms.  Adds a
  * description for the Turnstile price category field.
  */
 function taler_turnstile_form_node_form_alter(&$form, \Drupal\Core\Form\FormStateInterface $form_state, $form_id) {
   $node = $form_state->getFormObject()->getEntity();
   $config = \Drupal::config('taler_turnstile.settings');
   $enabled_types = $config->get('enabled_content_types') ?: [];
 
   // Only show price field on enabled content types.
   if (! in_array($node->bundle(), $enabled_types)) {
     return;
   }
   if (! isset($form['field_taler_turnstile_prcat'])) {
     return;
   }
   $form['field_taler_turnstile_prcat']['#group'] = 'meta';
 
   // Load all price categories for the description.
   $price_categories = \Drupal::entityTypeManager()
     ->getStorage('taler_turnstile_price_category')
     ->loadMultiple();
 
   $category_list = [];
   foreach ($price_categories as $category) {
     $category_list[] = $category->label() . ': ' . $category->getDescription();
   }
 
   $description = t('Select a price category to enable paywall protection for this content.');
   if (!empty($category_list)) {
     $description .= '<br><br><strong>' . t('Available categories:') . '</strong><ul><li>'
       . implode('</li><li>', $category_list) . '</li></ul>';
   }
 
   $form['field_taler_turnstile_prcat']['widget']['#description'] = $description;
 }
 
 
 /**
  * Implements hook_entity_view_alter().
  *
  * For nodes that carry a price category, swap the full-mode build for
  * a teaser + paywall button unless the visitor has already proven
  * payment (Paivana cookie) or holds an applicable subscription.
  */
 function taler_turnstile_entity_view_alter(array &$build, EntityInterface $entity, EntityViewDisplayInterface $display) {
   if ($entity->getEntityTypeId() !== 'node') {
     return;
   }
   /** @var \Drupal\node\NodeInterface $node */
   $node = $entity;
 
   if (!$node->hasField('field_taler_turnstile_prcat')) {
     return;
   }
   /** @var \Drupal\Core\Field\EntityReferenceFieldItemList $field */
   $field = $node->get('field_taler_turnstile_prcat');
   if ($field->isEmpty()) {
     return;
   }
   /** @var \Drupal\taler_turnstile\Entity\TurnstilePriceCategory $price_category */
   $price_category = $field->entity;
   if (! $price_category) {
     return;
   }
   if ($display->getMode() !== 'full') {
     return;
   }
 
   $request = \Drupal::request();
   $fulfillment_url = $node->toUrl('canonical', ['absolute' => TRUE])->toString();
 
   // Subscriber check. Only consult the session if one already exists,
   // so unauthenticated bot traffic never causes a session start (which
   // would defeat page caching).
   if ($request->hasPreviousSession()) {
     $subscriptions = $price_category->getFullSubscriptions();
     foreach ($subscriptions as $subscription_id) {
       if (_taler_turnstile_is_subscriber($subscription_id)) {
         \Drupal::logger('taler_turnstile')->debug('Subscriber detected, granting access.');
         // Do not advertise this response as cacheable: it depends on
         // session state.
         $build['#cache']['max-age'] = 0;
         return;
       }
     }
   }
 
   // Paywall already cleared by a prior payment? Trust the cookie.
   /** @var \Drupal\taler_turnstile\PaivanaCookie $cookies */
   $cookies = \Drupal::service('taler_turnstile.cookie');
   if ($cookies->verify($request, $fulfillment_url)) {
     \Drupal::logger('taler_turnstile')->debug('Valid Paivana cookie, granting access to @url', ['@url' => $fulfillment_url]);
     // The cookies cache context lets Drupal's page caches key on
     // the access cookie and emit a properly scoped Vary header,
     // so visitors without the cookie still see the paywall version.
     // Marking the response 'private' keeps shared HTTP caches from
     // handing one paying visitor's full-content response to another
     // visitor whose request happens to lack the cookie.
     $build['#cache']['contexts'][] = 'cookies:' . TALER_TURNSTILE_COOKIE;
     $build['#attached']['http_header'][] = ['Cache-Control', 'private', TRUE];
     return;
   }
 
   // Not subscribed, no cookie -> render the paywall.
   $config = \Drupal::config('taler_turnstile.settings');
   $backend_url = $config->get('payment_backend_url');
   if (empty($backend_url)) {
     \Drupal::logger('taler_turnstile')->warning('No backend URL configured, cannot present paywall.');
     if ($config->get('grant_access_on_error') ?? TRUE) {
       return;
     }
     $build = [
       '#markup' => '<div class="taler-turnstile-error">' . t('Payment system temporarily unavailable. Please try again later.') . '</div>',
     ];
     return;
   }
 
   $template_id = $price_category->getTemplateId();
   // Maximum lifetime of the eventually-issued cookie, in seconds.
   // Mirrors what we publish on the merchant template.
   $max_pickup_delay = \Drupal\taler_turnstile\TalerMerchantApiService::ORDER_VALIDITY_SECONDS;
 
   // Pre-compute the taler:// pay-template URI so we can both
   // advertise it as the Paivana header (for non-JS Taler clients)
   // and let the JS render its QR code from the same string.
   $proto_suffix = (parse_url($backend_url, PHP_URL_SCHEME) === 'http') ? '+http' : '';
   $host = parse_url($backend_url, PHP_URL_HOST);
   $port = parse_url($backend_url, PHP_URL_PORT);
   $path = rtrim(parse_url($backend_url, PHP_URL_PATH) ?? '/', '/');
   $authority = $host . ($port ? ':' . $port : '');
   $taler_uri = 'taler' . $proto_suffix . '://pay-template/' . $authority . $path . '/' . rawurlencode($template_id);
 
   $pay_button = [
     '#theme' => 'taler_turnstile_payment_button',
     '#merchant_backend' => $backend_url,
     '#template_id' => $template_id,
     '#max_pickup_delay' => $max_pickup_delay,
     '#node_title' => $node->getTitle(),
     '#price_hint' => $price_category->getPriceHint(),
     '#subscription_hint' => $price_category->getSubscriptionHint(),
     '#fulfillment_url' => $fulfillment_url,
     // Built from the raw path (not Url::fromRoute) so the URL never
     // carries a language prefix — the endpoint is language-agnostic
     // and a /en/ in front just confuses operators reading logs.
     '#confirm_url' => \Drupal\Core\Url::fromUserInput('/taler-turnstile/paivana')->toString(),
     '#paivana_uri' => $taler_uri,
     '#attached' => [
       'library' => ['taler_turnstile/payment_button'],
       // Surface the Paivana URI as an HTTP header for non-JS clients.
       // The cookies cache context attached below already makes Drupal
       // emit a properly scoped Vary header for downstream caches.
       'http_header' => [
         ['Paivana', $taler_uri, FALSE],
       ],
     ],
   ];
 
   $view_builder = \Drupal::entityTypeManager()->getViewBuilder('node');
   $teaser_build = $view_builder->view($entity, 'teaser');
 
   // Strip the rendered field children but keep all the entity render
   // metadata ('#entity_type', '#node', '#view_mode', '#theme',
   // '#pre_render', ...). Downstream rendering — in particular the
   // _title_callback in EntityViewController::buildTitle() — relies on
   // '#entity_type', so blowing $build away with a fresh array crashes
   // the page with "Undefined array key '#entity_type'".
   foreach (array_keys($build) as $key) {
     if ($key === '' || $key[0] !== '#') {
       unset($build[$key]);
     }
   }
 
   // Page is identical for everyone *without* the cookie, so it
   // remains cacheable. The cookie context only kicks in once the
   // visitor has paid.
   $build['#cache']['contexts'] = array_unique(array_merge(
     $build['#cache']['contexts'] ?? [],
     ['cookies:' . TALER_TURNSTILE_COOKIE]
   ));
   $build['#cache']['tags'] = Cache::mergeTags(
     $build['#cache']['tags'] ?? [],
     $price_category->getCacheTags()
   );
 
   $build['teaser'] = [
     '#type' => 'container',
     '#attributes' => ['class' => ['taler-turnstile-teaser-wrapper']],
     'content' => $teaser_build,
     '#weight' => 0,
   ];
   $build['payment_button'] = [
     '#type' => 'container',
     '#attributes' => ['class' => ['taler-turnstile-payment-wrapper']],
     'button' => $pay_button,
     '#weight' => 10,
   ];
 
 }
 
 
 /**
  * Returns TRUE if the visitor's session has a non-expired entry for
  * the given subscription slug. Does NOT start a session if none yet
  * exists.
  */
 function _taler_turnstile_is_subscriber($subscription_slug) {
   $request = \Drupal::request();
   if (! $request->hasPreviousSession()) {
     return FALSE;
   }
   $session = $request->getSession();
   $access_data = $session->get('taler_turnstile_subscriptions', []);
   return ($access_data[$subscription_slug] ?? 0) >= time();
 }
 
 
 /**
  * Helper used by the Paivana confirmation controller to record that
  * a paid contract bought a subscription valid until $expiration.
  */
 function _taler_turnstile_grant_subscriber_access($subscription_slug, $expiration) {
   $session = \Drupal::request()->getSession();
   $access_data = $session->get('taler_turnstile_subscriptions', []);
   $access_data[$subscription_slug] = $expiration;
   $session->set('taler_turnstile_subscriptions', $access_data);
 }
 
 
 /**
  * Implements hook_theme().
  */
 function taler_turnstile_theme() {
   return [
     'taler_turnstile_payment_button' => [
       'variables' => [
         'merchant_backend' => NULL,
         'template_id' => NULL,
         'max_pickup_delay' => 86400,
         'node_title' => NULL,
         'price_hint' => NULL,
         'subscription_hint' => NULL,
         'fulfillment_url' => NULL,
         'confirm_url' => NULL,
         'paivana_uri' => NULL,
       ],
       'template' => 'taler-turnstile-payment-button',
     ],
     'taler_turnstile_settings' => [
       'variables' => [
         'config' => NULL,
       ],
     ],
   ];
 }