feat: allow unauthenticated users to perform domain name lookups

2025-12-29 16:15:04 +00:00 · 2025-12-08 18:18:33 +01:00
parent eddb267275
commit 5476ee7acc
16 changed files with 214 additions and 110 deletions
--- a/src/Security/Voter/RdapLookupVoter.php
+++ b/src/Security/Voter/RdapLookupVoter.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Security\Voter;
+
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+
+class RdapLookupVoter extends Voter
+{
+    public const string ATTRIBUTE = 'CAN_RDAP_LOOKUP';
+
+    public function __construct(
+        private readonly ParameterBagInterface $parameterBag,
+        private readonly Security $security,
+    ) {
+    }
+
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        return self::ATTRIBUTE === $attribute;
+    }
+
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        if ($this->security->isGranted('IS_AUTHENTICATED_FULLY')) {
+            return true;
+        }
+
+        return $this->parameterBag->get('public_rdap_lookup_enabled');
+    }
+}