diff options
| author | Marvin Borner | 2018-07-20 16:34:32 +0200 |
|---|---|---|
| committer | Marvin Borner | 2018-07-20 16:34:32 +0200 |
| commit | 74cb1477bb921a2378ea22a552b71a48c11e0931 (patch) | |
| tree | 621ab17315be667c16dad8f3d5f44d67a7a47e8f /infrastructure | |
| parent | 400591b34d4b0a6288834539808a9dede8a60e3a (diff) | |
Better API (integrated oauth completely)
Diffstat (limited to 'infrastructure')
24 files changed, 687 insertions, 0 deletions
diff --git a/infrastructure/Api/Controllers/DefaultApiController.php b/infrastructure/Api/Controllers/DefaultApiController.php new file mode 100644 index 0000000..cb850a5 --- /dev/null +++ b/infrastructure/Api/Controllers/DefaultApiController.php @@ -0,0 +1,17 @@ +<?php + +namespace Infrastructure\Api\Controllers; + +use Infrastructure\Http\Controller as BaseController; +use Infrastructure\Version; + +class DefaultApiController extends BaseController +{ + public function index() + { + return response()->json([ + 'title' => 'BEAM-Messenger', + 'version' => Version::getGitTag() + ]); + } +} diff --git a/infrastructure/Api/routes_public.php b/infrastructure/Api/routes_public.php new file mode 100644 index 0000000..3609ea8 --- /dev/null +++ b/infrastructure/Api/routes_public.php @@ -0,0 +1,3 @@ +<?php + +$router->get('/', 'DefaultApiController@index');
\ No newline at end of file diff --git a/infrastructure/Auth/AuthServiceProvider.php b/infrastructure/Auth/AuthServiceProvider.php new file mode 100644 index 0000000..944f812 --- /dev/null +++ b/infrastructure/Auth/AuthServiceProvider.php @@ -0,0 +1,41 @@ +<?php + +namespace Infrastructure\Auth; + +use Carbon\Carbon; +use Laravel\Passport\Passport; +use Illuminate\Support\Facades\Gate; +use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; + +class AuthServiceProvider extends ServiceProvider +{ + /** + * The policy mappings for the application. + * + * @var array + */ + protected $policies = [ + 'App\Model' => 'App\Policies\ModelPolicy', + ]; + + /** + * Register any authentication / authorization services. + * + * @return void + */ + public function boot() + { + $this->registerPolicies(); + + Passport::routes(function ($router) { + $router->forAccessTokens(); + // Uncomment for allowing personal access tokens + // $router->forPersonalAccessTokens(); + $router->forTransientTokens(); + }); + + Passport::tokensExpireIn(Carbon::now()->addMinutes(10)); + + Passport::refreshTokensExpireIn(Carbon::now()->addDays(10)); + } +}
\ No newline at end of file diff --git a/infrastructure/Auth/Controllers/LoginController.php b/infrastructure/Auth/Controllers/LoginController.php new file mode 100644 index 0000000..a72f8a0 --- /dev/null +++ b/infrastructure/Auth/Controllers/LoginController.php @@ -0,0 +1,38 @@ +<?php + +namespace Infrastructure\Auth\Controllers; + +use Illuminate\Http\Request; +use Infrastructure\Auth\LoginProxy; +use Infrastructure\Auth\Requests\LoginRequest; +use Infrastructure\Http\Controller; + +class LoginController extends Controller +{ + private $loginProxy; + + public function __construct(LoginProxy $loginProxy) + { + $this->loginProxy = $loginProxy; + } + + public function login(LoginRequest $request) + { + $email = $request->get('email'); + $password = $request->get('password'); + + return $this->response($this->loginProxy->attemptLogin($email, $password)); + } + + public function refresh(Request $request) + { + return $this->response($this->loginProxy->attemptRefresh()); + } + + public function logout() + { + $this->loginProxy->logout(); + + return $this->response(null, 204); + } +}
\ No newline at end of file diff --git a/infrastructure/Auth/Exceptions/InvalidCredentialsException.php b/infrastructure/Auth/Exceptions/InvalidCredentialsException.php new file mode 100644 index 0000000..45a8b6e --- /dev/null +++ b/infrastructure/Auth/Exceptions/InvalidCredentialsException.php @@ -0,0 +1,13 @@ +<?php + +namespace Infrastructure\Auth\Exceptions; + +use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; + +class InvalidCredentialsException extends UnauthorizedHttpException +{ + public function __construct($message = null, \Exception $previous = null, $code = 0) + { + parent::__construct('', $message, $previous, $code); + } +}
\ No newline at end of file diff --git a/infrastructure/Auth/LoginProxy.php b/infrastructure/Auth/LoginProxy.php new file mode 100644 index 0000000..11783f0 --- /dev/null +++ b/infrastructure/Auth/LoginProxy.php @@ -0,0 +1,126 @@ +<?php + +namespace Infrastructure\Auth; + +use Illuminate\Foundation\Application; +use Infrastructure\Auth\Exceptions\InvalidCredentialsException; +use Api\Users\Repositories\UserRepository; + +class LoginProxy +{ + const REFRESH_TOKEN = 'refreshToken'; + + private $apiConsumer; + + private $auth; + + private $cookie; + + private $db; + + private $request; + + private $userRepository; + + public function __construct(Application $app, UserRepository $userRepository) { + $this->userRepository = $userRepository; + + $this->apiConsumer = $app->make('apiconsumer'); + $this->auth = $app->make('auth'); + $this->cookie = $app->make('cookie'); + $this->db = $app->make('db'); + $this->request = $app->make('request'); + } + + /** + * Attempt to create an access token using user credentials + * + * @param string $email + * @param string $password + */ + public function attemptLogin($email, $password) + { + $user = $this->userRepository->getWhere('email', $email)->first(); + + if (!is_null($user)) { + return $this->proxy('password', [ + 'username' => $email, + 'password' => $password + ]); + } + + throw new InvalidCredentialsException(); + } + + /** + * Attempt to refresh the access token used a refresh token that + * has been saved in a cookie + */ + public function attemptRefresh() + { + $refreshToken = $this->request->cookie(self::REFRESH_TOKEN); + + return $this->proxy('refresh_token', [ + 'refresh_token' => $refreshToken + ]); + } + + /** + * Proxy a request to the OAuth server. + * + * @param string $grantType what type of grant type should be proxied + * @param array $data the data to send to the server + */ + public function proxy($grantType, array $data = []) + { + $data = array_merge($data, [ + 'client_id' => env('PASSWORD_CLIENT_ID'), + 'client_secret' => env('PASSWORD_CLIENT_SECRET'), + 'grant_type' => $grantType + ]); + + $response = $this->apiConsumer->post('/oauth/token', $data); + + if (!$response->isSuccessful()) { + throw new InvalidCredentialsException(); + } + + $data = json_decode($response->getContent()); + + // Create a refresh token cookie + $this->cookie->queue( + self::REFRESH_TOKEN, + $data->refresh_token, + 864000, // 10 days + null, + null, + false, + true // HttpOnly + ); + + return [ + 'access_token' => $data->access_token, + 'expires_in' => $data->expires_in + ]; + } + + /** + * Logs out the user. We revoke access token and refresh token. + * Also instruct the client to forget the refresh cookie. + */ + public function logout() + { + $accessToken = $this->auth->user()->token(); + + $refreshToken = $this->db + ->table('oauth_refresh_tokens') + ->where('access_token_id', $accessToken->id) + ->update([ + 'revoked' => true + ]); + + $accessToken->revoke(); + + $this->cookie->queue($this->cookie->forget(self::REFRESH_TOKEN)); + } +} diff --git a/infrastructure/Auth/Middleware/AccessTokenChecker.php b/infrastructure/Auth/Middleware/AccessTokenChecker.php new file mode 100644 index 0000000..f79f5cb --- /dev/null +++ b/infrastructure/Auth/Middleware/AccessTokenChecker.php @@ -0,0 +1,37 @@ +<?php + +namespace Infrastructure\Auth\Middleware; + +use Closure; +use Illuminate\Foundation\Application; +use Illuminate\Auth\Middleware\Authenticate; +use Illuminate\Auth\AuthenticationException; +use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException; + +class AccessTokenChecker +{ + private $app; + + private $oAuthMiddleware; + + public function __construct( + Application $app, + Authenticate $authenticate + ) { + $this->app = $app; + $this->authenticate = $authenticate; + } + + public function handle($request, Closure $next, $scopesString = null) + { + if ($this->app->environment() !== 'testing') { + try { + return $this->authenticate->handle($request, $next, 'api'); + } catch (AuthenticationException $e) { + throw new UnauthorizedHttpException('Challenge'); + } + } + + return $next($request); + } +} diff --git a/infrastructure/Auth/Requests/LoginRequest.php b/infrastructure/Auth/Requests/LoginRequest.php new file mode 100644 index 0000000..5c5a3bb --- /dev/null +++ b/infrastructure/Auth/Requests/LoginRequest.php @@ -0,0 +1,21 @@ +<?php + +namespace Infrastructure\Auth\Requests; + +use Infrastructure\Http\ApiRequest; + +class LoginRequest extends ApiRequest +{ + public function authorize() + { + return true; + } + + public function rules() + { + return [ + 'email' => 'required|email', + 'password' => 'required' + ]; + } +} diff --git a/infrastructure/Auth/routes_protected.php b/infrastructure/Auth/routes_protected.php new file mode 100644 index 0000000..0fe814f --- /dev/null +++ b/infrastructure/Auth/routes_protected.php @@ -0,0 +1,3 @@ +<?php + +$router->post('/logout', 'LoginController@logout');
\ No newline at end of file diff --git a/infrastructure/Auth/routes_public.php b/infrastructure/Auth/routes_public.php new file mode 100644 index 0000000..79f5b51 --- /dev/null +++ b/infrastructure/Auth/routes_public.php @@ -0,0 +1,4 @@ +<?php + +$router->post('/login', 'LoginController@login'); +$router->post('/login/refresh', 'LoginController@refresh');
\ No newline at end of file diff --git a/infrastructure/Console/Kernel.php b/infrastructure/Console/Kernel.php new file mode 100644 index 0000000..dffc73a --- /dev/null +++ b/infrastructure/Console/Kernel.php @@ -0,0 +1,31 @@ +<?php + +namespace Infrastructure\Console; + +use Api\Users\Console\AddUserCommand; +use Illuminate\Console\Scheduling\Schedule; +use Illuminate\Foundation\Console\Kernel as ConsoleKernel; + +class Kernel extends ConsoleKernel +{ + /** + * The Artisan commands provided by your application. + * + * @var array + */ + protected $commands = [ + AddUserCommand::class + ]; + + /** + * Define the application's command schedule. + * + * @param \Illuminate\Console\Scheduling\Schedule $schedule + * @return void + */ + protected function schedule(Schedule $schedule) + { + // $schedule->command('inspire') + // ->hourly(); + } +} diff --git a/infrastructure/Database/Eloquent/Model.php b/infrastructure/Database/Eloquent/Model.php new file mode 100644 index 0000000..a7781f7 --- /dev/null +++ b/infrastructure/Database/Eloquent/Model.php @@ -0,0 +1,9 @@ +<?php + +namespace Infrastructure\Database\Eloquent; + +use Illuminate\Database\Eloquent\Model as BaseModel; + +abstract class Model extends BaseModel +{ +} diff --git a/infrastructure/Database/Eloquent/Repository.php b/infrastructure/Database/Eloquent/Repository.php new file mode 100644 index 0000000..a8b2c0b --- /dev/null +++ b/infrastructure/Database/Eloquent/Repository.php @@ -0,0 +1,9 @@ +<?php + +namespace Infrastructure\Database\Eloquent; + +use Optimus\Genie\Repository as BaseRepository; + +abstract class Repository extends BaseRepository +{ +} diff --git a/infrastructure/Events/Event.php b/infrastructure/Events/Event.php new file mode 100644 index 0000000..2f19ea9 --- /dev/null +++ b/infrastructure/Events/Event.php @@ -0,0 +1,8 @@ +<?php + +namespace Infrastructure\Events; + +abstract class Event +{ + // +} diff --git a/infrastructure/Exceptions/Handler.php b/infrastructure/Exceptions/Handler.php new file mode 100644 index 0000000..af48a29 --- /dev/null +++ b/infrastructure/Exceptions/Handler.php @@ -0,0 +1,50 @@ +<?php + +namespace Infrastructure\Exceptions; + +use Exception; +use Illuminate\Validation\ValidationException; +use Illuminate\Auth\Access\AuthorizationException; +use Illuminate\Database\Eloquent\ModelNotFoundException; +use Symfony\Component\HttpKernel\Exception\HttpException; +use Optimus\Heimdal\ExceptionHandler; + +class Handler extends ExceptionHandler +{ + /** + * A list of the exception types that should not be reported. + * + * @var array + */ + protected $dontReport = [ + AuthorizationException::class, + HttpException::class, + ModelNotFoundException::class, + ValidationException::class, + ]; + + /** + * Report or log an exception. + * + * This is a great spot to send exceptions to Sentry, Bugsnag, etc. + * + * @param \Exception $e + * @return void + */ + public function report(Exception $e) + { + parent::report($e); + } + + /** + * Render an exception into an HTTP response. + * + * @param \Illuminate\Http\Request $request + * @param \Exception $e + * @return \Illuminate\Http\Response + */ + public function render($request, Exception $e) + { + return parent::render($request, $e); + } +} diff --git a/infrastructure/Http/ApiRequest.php b/infrastructure/Http/ApiRequest.php new file mode 100644 index 0000000..0183bb4 --- /dev/null +++ b/infrastructure/Http/ApiRequest.php @@ -0,0 +1,21 @@ +<?php + +namespace Infrastructure\Http; + +use Illuminate\Contracts\Validation\Validator; +use Illuminate\Foundation\Http\FormRequest; +use Symfony\Component\HttpKernel\Exception\HttpException; +use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException; + +abstract class ApiRequest extends FormRequest +{ + protected function failedValidation(Validator $validator) + { + throw new UnprocessableEntityHttpException($validator->errors()->toJson()); + } + + protected function failedAuthorization() + { + throw new HttpException(403); + } +} diff --git a/infrastructure/Http/Controller.php b/infrastructure/Http/Controller.php new file mode 100644 index 0000000..aa567b9 --- /dev/null +++ b/infrastructure/Http/Controller.php @@ -0,0 +1,10 @@ +<?php + +namespace Infrastructure\Http; + +use Illuminate\Foundation\Validation\ValidatesRequests; +use Optimus\Bruno\LaravelController; + +abstract class Controller extends LaravelController +{ +} diff --git a/infrastructure/Http/Kernel.php b/infrastructure/Http/Kernel.php new file mode 100644 index 0000000..d74c8b3 --- /dev/null +++ b/infrastructure/Http/Kernel.php @@ -0,0 +1,47 @@ +<?php + +namespace Infrastructure\Http; + +use Illuminate\Foundation\Http\Kernel as HttpKernel; + +class Kernel extends HttpKernel +{ + /** + * The application's global HTTP middleware stack. + * + * These middleware are run during every request to your application. + * + * @var array + */ + protected $middleware = [ + \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, + \Infrastructure\Http\Middleware\EncryptCookies::class, + \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, + \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, + ]; + + /** + * The application's route middleware groups. + * + * @var array + */ + protected $middlewareGroups = [ + + ]; + + /** + * The application's route middleware. + * + * These middleware may be assigned to groups or used individually. + * + * @var array + */ + protected $routeMiddleware = [ + 'auth' => \Infrastructure\Auth\Middleware\AccessTokenChecker::class, + 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, + 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, + 'can' => \Illuminate\Auth\Middleware\Authorize::class, + 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, + 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, + ]; +} diff --git a/infrastructure/Http/Middleware/EncryptCookies.php b/infrastructure/Http/Middleware/EncryptCookies.php new file mode 100644 index 0000000..80b8da3 --- /dev/null +++ b/infrastructure/Http/Middleware/EncryptCookies.php @@ -0,0 +1,17 @@ +<?php + +namespace Infrastructure\Http\Middleware; + +use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter; + +class EncryptCookies extends BaseEncrypter +{ + /** + * The names of the cookies that should not be encrypted. + * + * @var array + */ + protected $except = [ + // + ]; +} diff --git a/infrastructure/Http/RouteServiceProvider.php b/infrastructure/Http/RouteServiceProvider.php new file mode 100644 index 0000000..a17d253 --- /dev/null +++ b/infrastructure/Http/RouteServiceProvider.php @@ -0,0 +1,23 @@ +<?php + +namespace Infrastructure\Http; + +use Illuminate\Routing\Router; +use Optimus\Api\System\RouteServiceProvider as ServiceProvider; + +class RouteServiceProvider extends ServiceProvider +{ + /** + * Define your route model bindings, pattern filters, etc. + * + * @return void + */ + public function boot() + { + $router = $this->app->make(Router::class); + + $router->pattern('id', '[0-9]+'); + + parent::boot($router); + } +} diff --git a/infrastructure/Testing/TestCase.php b/infrastructure/Testing/TestCase.php new file mode 100644 index 0000000..1770e1b --- /dev/null +++ b/infrastructure/Testing/TestCase.php @@ -0,0 +1,29 @@ +<?php + +namespace Infrastructure\Testing; + +use Illuminate\Foundation\Testing\TestCase as LaravelTestCase; + +class TestCase extends LaravelTestCase +{ + /** + * The base URL to use while testing the application. + * + * @var string + */ + protected $baseUrl = 'http://localhost'; + + /** + * Creates the application. + * + * @return \Illuminate\Foundation\Application + */ + public function createApplication() + { + $app = require __DIR__.'/../../bootstrap/app.php'; + + $app->make(\Illuminate\Contracts\Console\Kernel::class)->bootstrap(); + + return $app; + } +} diff --git a/infrastructure/Testing/bootstrap.php b/infrastructure/Testing/bootstrap.php new file mode 100644 index 0000000..f0aea64 --- /dev/null +++ b/infrastructure/Testing/bootstrap.php @@ -0,0 +1,5 @@ +<?php + +require_once __DIR__ . '/../../bootstrap/autoload.php'; + +// bootstrap testing, e.g. seeding database etc. diff --git a/infrastructure/Validation/resources/lang/en/validation.php b/infrastructure/Validation/resources/lang/en/validation.php new file mode 100644 index 0000000..208281b --- /dev/null +++ b/infrastructure/Validation/resources/lang/en/validation.php @@ -0,0 +1,113 @@ +<?php + +return [ + + /* + |-------------------------------------------------------------------------- + | Validation Language Lines + |-------------------------------------------------------------------------- + | + | The following language lines contain the default error messages used by + | the validator class. Some of these rules have multiple versions such + | as the size rules. Feel free to tweak each of these messages here. + | + */ + + 'accepted' => 'The :attribute must be accepted.', + 'active_url' => 'The :attribute is not a valid URL.', + 'after' => 'The :attribute must be a date after :date.', + 'alpha' => 'The :attribute may only contain letters.', + 'alpha_dash' => 'The :attribute may only contain letters, numbers, and dashes.', + 'alpha_num' => 'The :attribute may only contain letters and numbers.', + 'array' => 'The :attribute must be an array.', + 'before' => 'The :attribute must be a date before :date.', + 'between' => [ + 'numeric' => 'The :attribute must be between :min and :max.', + 'file' => 'The :attribute must be between :min and :max kilobytes.', + 'string' => 'The :attribute must be between :min and :max characters.', + 'array' => 'The :attribute must have between :min and :max items.', + ], + 'boolean' => 'The :attribute must be true or false.', + 'confirmed' => 'The :attribute confirmation does not match.', + 'date' => 'The :attribute is not a valid date.', + 'date_format' => 'The :attribute does not match the format :format.', + 'different' => 'The :attribute and :other must be different.', + 'digits' => 'The :attribute must be :digits digits.', + 'digits_between' => 'The :attribute must be between :min and :max digits.', + 'distinct' => 'The :attribute has a duplicate value.', + 'email' => 'The :attribute must be a valid email address.', + 'exists' => 'The selected :attribute is invalid.', + 'filled' => 'The :attribute is required.', + 'image' => 'The :attribute must be an image.', + 'in' => 'The selected :attribute is invalid.', + 'in_array' => 'The :attribute does not exist in :other.', + 'integer' => 'The :attribute must be an integer.', + 'ip' => 'The :attribute must be a valid IP address.', + 'json' => 'The :attribute must be a valid JSON string.', + 'max' => [ + 'numeric' => 'The :attribute may not be greater than :max.', + 'file' => 'The :attribute may not be greater than :max kilobytes.', + 'string' => 'The :attribute may not be greater than :max characters.', + 'array' => 'The :attribute may not have more than :max items.', + ], + 'mimes' => 'The :attribute must be a file of type: :values.', + 'min' => [ + 'numeric' => 'The :attribute must be at least :min.', + 'file' => 'The :attribute must be at least :min kilobytes.', + 'string' => 'The :attribute must be at least :min characters.', + 'array' => 'The :attribute must have at least :min items.', + ], + 'not_in' => 'The selected :attribute is invalid.', + 'numeric' => 'The :attribute must be a number.', + 'present' => 'The :attribute must be present.', + 'regex' => 'The :attribute format is invalid.', + 'required' => 'The :attribute is required.', + 'required_if' => 'The :attribute is required when :other is :value.', + 'required_unless' => 'The :attribute is required unless :other is in :values.', + 'required_with' => 'The :attribute is required when :values is present.', + 'required_with_all' => 'The :attribute is required when :values is present.', + 'required_without' => 'The :attribute is required when :values is not present.', + 'required_without_all' => 'The :attribute is required when none of :values are present.', + 'same' => 'The :attribute and :other must match.', + 'size' => [ + 'numeric' => 'The :attribute must be :size.', + 'file' => 'The :attribute must be :size kilobytes.', + 'string' => 'The :attribute must be :size characters.', + 'array' => 'The :attribute must contain :size items.', + ], + 'string' => 'The :attribute must be a string.', + 'timezone' => 'The :attribute must be a valid zone.', + 'unique' => 'The :attribute has already been taken.', + 'url' => 'The :attribute format is invalid.', + + /* + |-------------------------------------------------------------------------- + | Custom Validation Language Lines + |-------------------------------------------------------------------------- + | + | Here you may specify custom validation messages for attributes using the + | convention "attribute.rule" to name the lines. This makes it quick to + | specify a specific custom language line for a given attribute rule. + | + */ + + 'custom' => [ + 'attribute-name' => [ + 'rule-name' => 'custom-message', + ], + ], + + /* + |-------------------------------------------------------------------------- + | Custom Validation Attributes + |-------------------------------------------------------------------------- + | + | The following language lines are used to swap attribute place-holders + | with something more reader friendly such as E-Mail Address instead + | of "email". This simply helps us make messages a little cleaner. + | + */ + + 'attributes' => [], + +]; diff --git a/infrastructure/Version.php b/infrastructure/Version.php new file mode 100644 index 0000000..9ca7941 --- /dev/null +++ b/infrastructure/Version.php @@ -0,0 +1,12 @@ +<?php + +namespace Infrastructure; + +class Version +{ + public static function getGitTag() + { + $versionFile = base_path('version.txt'); + return file_exists($versionFile) ? file_get_contents($versionFile) : exec('git describe --tags'); + } +} |