131 lines
3.6 KiB
PHP
131 lines
3.6 KiB
PHP
<?php
|
||
|
||
declare(strict_types=1);
|
||
|
||
namespace App\Http\Controllers;
|
||
|
||
use App\Services\TokenService;
|
||
use GuzzleHttp\Client as GuzzleClient;
|
||
use GuzzleHttp\Exception\BadResponseException;
|
||
use Illuminate\Http\JsonResponse;
|
||
use Illuminate\Http\Request;
|
||
use IndieAuth\Client;
|
||
|
||
class TokenEndpointController extends Controller
|
||
{
|
||
/**
|
||
* @var Client The IndieAuth Client.
|
||
*/
|
||
protected Client $client;
|
||
|
||
/**
|
||
* @var GuzzleClient The GuzzleHttp client.
|
||
*/
|
||
protected GuzzleClient $guzzle;
|
||
|
||
/**
|
||
* @var TokenService The Token handling service.
|
||
*/
|
||
protected TokenService $tokenService;
|
||
|
||
/**
|
||
* Inject the dependencies.
|
||
*
|
||
* @param Client $client
|
||
* @param GuzzleClient $guzzle
|
||
* @param TokenService $tokenService
|
||
*/
|
||
public function __construct(
|
||
Client $client,
|
||
GuzzleClient $guzzle,
|
||
TokenService $tokenService
|
||
) {
|
||
$this->client = $client;
|
||
$this->guzzle = $guzzle;
|
||
$this->tokenService = $tokenService;
|
||
}
|
||
|
||
/**
|
||
* If the user has auth’d via the IndieAuth protocol, issue a valid token.
|
||
*
|
||
* @param Request $request
|
||
* @return JsonResponse
|
||
*/
|
||
public function create(Request $request): JsonResponse
|
||
{
|
||
if (empty($request->input('me'))) {
|
||
return response()->json([
|
||
'error' => 'Missing {me} param from input',
|
||
], 400);
|
||
}
|
||
|
||
$authorizationEndpoint = $this->client::discoverAuthorizationEndpoint(normalize_url($request->input('me')));
|
||
|
||
if (empty($authorizationEndpoint)) {
|
||
return response()->json([
|
||
'error' => sprintf('Could not discover the authorization endpoint for %s', $request->input('me')),
|
||
], 400);
|
||
}
|
||
|
||
$auth = $this->verifyIndieAuthCode(
|
||
$authorizationEndpoint,
|
||
$request->input('code'),
|
||
$request->input('me'),
|
||
$request->input('redirect_uri'),
|
||
$request->input('client_id'),
|
||
);
|
||
|
||
if ($auth === null || ! array_key_exists('me', $auth)) {
|
||
return response()->json([
|
||
'error' => 'There was an error verifying the IndieAuth code',
|
||
], 401);
|
||
}
|
||
|
||
$scope = $auth['scope'] ?? '';
|
||
$tokenData = [
|
||
'me' => $request->input('me'),
|
||
'client_id' => $request->input('client_id'),
|
||
'scope' => $scope,
|
||
];
|
||
$token = $this->tokenService->getNewToken($tokenData);
|
||
$content = [
|
||
'me' => $request->input('me'),
|
||
'scope' => $scope,
|
||
'access_token' => $token,
|
||
];
|
||
|
||
return response()->json($content);
|
||
}
|
||
|
||
protected function verifyIndieAuthCode(
|
||
string $authorizationEndpoint,
|
||
string $code,
|
||
string $me,
|
||
string $redirectUri,
|
||
string $clientId
|
||
): ?array {
|
||
try {
|
||
$response = $this->guzzle->request('POST', $authorizationEndpoint, [
|
||
'headers' => [
|
||
'Accept' => 'application/json',
|
||
],
|
||
'form_params' => [
|
||
'code' => $code,
|
||
'me' => $me,
|
||
'redirect_uri' => $redirectUri,
|
||
'client_id' => $clientId,
|
||
],
|
||
]);
|
||
} catch (BadResponseException) {
|
||
return null;
|
||
}
|
||
|
||
try {
|
||
$authData = json_decode((string) $response->getBody(), true, 512, JSON_THROW_ON_ERROR);
|
||
} catch (\JsonException) {
|
||
return null;
|
||
}
|
||
|
||
return $authData;
|
||
}
|
||
}
|