quickbooks_api-8.x-1.0-beta4/src/Access/AuthAccess.php

<?php

namespace Drupal\quickbooks_api\Access;

use Drupal\Core\Routing\Access\AccessInterface;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\State\StateInterface;
use Drupal\quickbooks_api\QuickbooksService;
use Symfony\Component\HttpFoundation\RequestStack;

/**
 * Handles extra security on the oauth route.
 */
class AuthAccess implements AccessInterface {

  /**
   * Builds the access class from DI.
   *
   * @param \Drupal\Core\State\StateInterface $state
   *   Drupal State API.
   * @param \Symfony\Component\HttpFoundation\RequestStack $requestStack
   *   Symfony Request Stack.
   */
  public function __construct(protected StateInterface $state, protected RequestStack $requestStack) {}

  /**
   * Checks the oauth state query parameter.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result.
   */
  public function access() {
    $auth_state = $this->state->get(QuickbooksService::STATE_OAUTH_SECURITY);
    $query_state = $this->requestStack->getMainRequest()->query->get('state');

    if ($auth_state !== $query_state) {
      return AccessResult::forbidden("Invalid authorization state query parameter.");
    }

    return AccessResult::allowed();
  }

}