From b9331ac1efbb2cf700674bce1840be21f5619cde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Wed, 23 Aug 2023 22:01:39 +0200
Subject: [PATCH] Prevent indexing through search engines, if we are not in
 demo mode

---
 config/packages/framework.yaml                |  3 +
 ...lowSearchEngineIndexingRequestListener.php | 55 +++++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 src/EventListener/DisallowSearchEngineIndexingRequestListener.php

diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 05dc5d0e..a61fddc6 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -4,6 +4,9 @@ framework:
     csrf_protection: true
     handle_all_throwables: true
 
+    # We set this header by ourself, so we can disable it here
+    disallow_search_engine_index: false
+
     # Must be set to true, to enable the change of HTTP method via _method parameter, otherwise our delete routines does not work anymore
     # TODO: Rework delete routines to work without _method parameter as it is not recommended anymore (see https://github.com/symfony/symfony/issues/45278)
     http_method_override: true
diff --git a/src/EventListener/DisallowSearchEngineIndexingRequestListener.php b/src/EventListener/DisallowSearchEngineIndexingRequestListener.php
new file mode 100644
index 00000000..b75b3116
--- /dev/null
+++ b/src/EventListener/DisallowSearchEngineIndexingRequestListener.php
@@ -0,0 +1,55 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\EventListener;
+
+use Symfony\Component\DependencyInjection\Attribute\Autowire;
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
+
+#[AsEventListener]
+class DisallowSearchEngineIndexingRequestListener
+{
+    private const HEADER_NAME = 'X-Robots-Tag';
+
+    private readonly bool $enabled;
+
+    public function __construct(#[Autowire(param: 'partdb.demo_mode')] bool $demo_mode)
+    {
+        // Disable this listener in demo mode
+        $this->enabled = !$demo_mode;
+    }
+
+    public function __invoke(ResponseEvent $event): void
+    {
+        //Skip if disabled
+        if (!$this->enabled) {
+            return;
+        }
+
+        if (!$event->getResponse()->headers->has(static::HEADER_NAME)) {
+            $event->getResponse()->headers->set(static::HEADER_NAME, 'noindex');
+        }
+    }
+}
\ No newline at end of file