Update subscribers and docs

config/event_subscribers.yaml

@@ -7,7 +7,8 @@ services:
   #Subscriber
   Pimcore\Bundle\StudioBackendBundle\EventSubscriber\CorsSubscriber:
     tags: [ 'kernel.event_subscriber' ]
+    arguments: ['%pimcore_studio_backend.url_prefix%']
 
   Pimcore\Bundle\StudioBackendBundle\EventSubscriber\ApiExceptionSubscriber:
     tags: [ 'kernel.event_subscriber' ]
-    arguments: ["%kernel.environment%"]
+    arguments: ["%kernel.environment%", '%pimcore_studio_backend.url_prefix%']

doc/00_Installation.md

@@ -20,14 +20,15 @@ composer require pimcore/studio-backend-bundle
 2) Enable Firewall settings
 
 To enable the firewall settings in your project, add the following configuration to your `config/packages/security.yaml` file:
-
+Keep in mind that the prefix part pimcore-studio/api can be changed to any other value in the config.
+You need to adapt your access_control settings accordingly.
 ```yaml
 security:
     firewalls: 
         pimcore_studio: '%pimcore_studio_backend.firewall_settings%'
     access_control:
-      - { path: ^/studio/api/(docs|docs.json|translations)$, roles: PUBLIC_ACCESS }
-      - { path: ^/studio, roles: ROLE_PIMCORE_USER }
+      - { path: ^/pimcore-studio/api/(docs|docs.json|translations)$, roles: PUBLIC_ACCESS }
+      - { path: ^/pimcore-studio, roles: ROLE_PIMCORE_USER }
 ```
 
 3) Make sure the bundle is enabled in the `config/bundles.php` file. The following lines should be added:
@@ -110,3 +111,21 @@ pimcore_studio_backend:
         # Optional configuration
         cookie_lifetime: 3600
 ```
+
+## Changing the prefix of the Studio Backend
+It is possible to change the route where you can reach the API. By default, the route is `/pimcore-studio/api/`.  
+If you want to change the prefix, you can do so by changing the configuration like the following:
+Keep in mind that you need to update your access_control settings accordingly.
+```yaml
+pimcore_studio_backend:
+  url_prefix: '/your-prefix/api/'
+```
+
+```yaml
+security:
+    firewalls: 
+        pimcore_studio: '%pimcore_studio_backend.firewall_settings%'
+    access_control:
+      - { path: ^/your-prefix/api/(docs|docs.json|translations)$, roles: PUBLIC_ACCESS }
+      - { path: ^/your-prefix, roles: ROLE_PIMCORE_USER }
+```

src/DependencyInjection/PimcoreStudioBackendExtension.php

@@ -70,9 +70,12 @@ public function load(array $configs, ContainerBuilder $container): void
 
         $this->checkValidOpenApiScanPaths($config['open_api_scan_paths']);
         $this->checkValidUrlPrefix($config['url_prefix']);
+
         $definition = $container->getDefinition(OpenApiServiceInterface::class);
-        $definition->setArgument('$routePrefix', rtrim($config['url_prefix'], '/'));
-        $definition->setArgument('$openApiScanPaths', $config['open_api_scan_paths']);
+        $definition->setArguments([
+            '$routePrefix' => $config['url_prefix'],
+            '$openApiScanPaths' => $config['open_api_scan_paths'],
+        ]);
 
         $definition = $container->getDefinition(CorsSubscriber::class);
         $definition->setArgument('$allowedHosts', $config['allowed_hosts_for_cors']);

src/EventSubscriber/ApiExceptionSubscriber.php

@@ -26,11 +26,11 @@
 /**
  * @internal
  */
-final class ApiExceptionSubscriber implements EventSubscriberInterface
+final readonly class ApiExceptionSubscriber implements EventSubscriberInterface
 {
     use StudioBackendPathTrait;
 
-    public function __construct(private readonly string $environment)
+    public function __construct(private string $environment, private string $urlPrefix)
     {
     }
 
@@ -46,7 +46,7 @@ public function onKernelException(ExceptionEvent $event): void
         $exception = $event->getThrowable();
         $request = $event->getRequest();
 
-        if (!$this->isStudioBackendPath($request->getPathInfo())) {
+        if (!$this->isStudioBackendPath($request->getPathInfo(), $this->urlPrefix)) {
             return;
         }
 

src/EventSubscriber/CorsSubscriber.php

@@ -27,14 +27,15 @@
 use Symfony\Component\Routing\RouterInterface;
 use function in_array;
 
-final class CorsSubscriber implements EventSubscriberInterface
+final readonly class CorsSubscriber implements EventSubscriberInterface
 {
     use StudioBackendPathTrait;
 
     public function __construct(
-        private readonly RouterInterface $router,
-        private readonly UrlMatcherInterface $urlMatcher,
-        private readonly array $allowedHosts = []
+        private string $urlPrefix,
+        private RouterInterface $router,
+        private UrlMatcherInterface $urlMatcher,
+        private array $allowedHosts = []
     ) {
     }
 
@@ -55,7 +56,7 @@ public function onKernelRequest(RequestEvent $event): void
 
         $request = $event->getRequest();
 
-        if (!$this->isStudioBackendPath($request->getPathInfo())) {
+        if (!$this->isStudioBackendPath($request->getPathInfo(), $this->urlPrefix)) {
             return;
         }
 
@@ -90,7 +91,7 @@ public function onKernelResponse(ResponseEvent $event): void
     {
         $request = $event->getRequest();
 
-        if (!$this->isStudioBackendPath($request->getPathInfo())) {
+        if (!$this->isStudioBackendPath($request->getPathInfo(), $this->urlPrefix)) {
             return;
         }
         // Run CORS check in here to ensure domain is in the system

src/Util/Trait/StudioBackendPathTrait.php

@@ -23,8 +23,8 @@
  */
 trait StudioBackendPathTrait
 {
-    private function isStudioBackendPath(string $path): bool
+    private function isStudioBackendPath(string $path, string $urlPrefix): bool
     {
-        return str_starts_with($path, AbstractApiController::PREFIX);
+        return str_starts_with($path, $urlPrefix);
     }
 }