Initial commit

.coveralls.yml

@@ -0,0 +1,2 @@
+coverage_clover: clover.xml
+json_path: coveralls-upload.json

.gitignore

@@ -0,0 +1,3 @@
+/composer.lock
+/phpunit.xml
+/vendor/

.travis.yml

@@ -0,0 +1,41 @@
+sudo: false
+
+language: php
+
+cache:
+  directories:
+    - $HOME/.composer/cache
+    - $HOME/.local
+    - vendor
+
+matrix:
+  fast_finish: true
+  include:
+    - php: 7.1
+      env:
+        - EXECUTE_CS_CHECK=true
+        - EXECUTE_TEST_COVERALLS=true
+        - PATH="$HOME/.local/bin:$PATH"
+    - php: nightly
+  allow_failures:
+    - php: nightly
+
+before_install:
+  - if [[ $EXECUTE_TEST_COVERALLS != 'true' ]]; then phpenv config-rm xdebug.ini || return 0 ; fi
+  - composer self-update
+  - if [[ $EXECUTE_TEST_COVERALLS == 'true' ]]; then composer require --dev --no-update php-coveralls/php-coveralls:2.0.0 ; fi
+
+install:
+  - travis_retry composer install --no-interaction
+  - composer info -i
+
+script:
+  - if [[ $EXECUTE_TEST_COVERALLS == 'true' ]]; then composer test-coverage ; fi
+  - if [[ $EXECUTE_TEST_COVERALLS != 'true' ]]; then composer test ; fi
+  - if [[ $EXECUTE_CS_CHECK == 'true' ]]; then composer cs ; fi
+
+after_script:
+  - if [[ $EXECUTE_TEST_COVERALLS == 'true' ]]; then composer coveralls ; fi
+
+notifications:
+  email: true

LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2018, Ben Scholzen (DASPRiD)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,102 @@
+# Pikkuleipa
+
+[![Build Status](https://travis-ci.org/DASPRiD/Pikkuleipa.svg?branch=master)](https://travis-ci.org/DASPRiD/Pikkuleipa)
+[![Coverage Status](https://coveralls.io/repos/github/DASPRiD/Pikkuleipa/badge.svg?branch=master)](https://coveralls.io/github/DASPRiD/Pikkuleipa?branch=master)
+[![Latest Stable Version](https://poser.pugx.org/dasprid/pikkuleipa/v/stable)](https://packagist.org/packages/dasprid/pikkuleipa)
+[![Total Downloads](https://poser.pugx.org/dasprid/pikkuleipa/downloads)](https://packagist.org/packages/dasprid/pikkuleipa)
+[![License](https://poser.pugx.org/dasprid/pikkuleipa/license)](https://packagist.org/packages/dasprid/pikkuleipa)
+
+Pikkuleipa is a cookie manager for PSR-7 compliant applications, utilizing [JSON Web Tokens](https://jwt.io/) for
+security and allowing the handling of multiple independent cookies.authentication middleware embracing PSR-7.
+
+## Installation
+
+Install via composer:
+
+```bash
+$ composer require dasprid/pikkuleipa
+```
+
+## Getting started (for [Expressive](https://github.com/zendframework/zend-expressive))
+
+### Import the factory config
+
+Create a file named `pikkuleipa.global.php` or similar in your autoloading config directory:
+
+```php
+<?php
+return (new DASPRiD\Pikkuleipa\ConfigProvider())->__invoke();
+```
+
+This will introduce a few factories, namely you can retrieve the following objects through that:
+
+- `DASPRiD\Pikkuleipa\CookieManager` through `DASPRiD\Pikkuleipa\CookieManagerInterface`
+- `DASPRiD\Pikkuleipa\TokenManager` through `DASPRiD\Pikkuleipa\TokenManagerInterface`
+
+### Configure Pikkuleipa
+
+For Pikkuleipa to function, it needs a few configuration variables. Copy the file `doc/example-config.php` and adjust the
+values as needed.
+
+### Using the cookie manager
+
+The token manager should usually not be of interest to you. The important part is the cookie manager, which you can
+either use through the container, if you are using PSR/Container, or by other means. It concretely gives you three
+actions you can do, which are setting cookies, getting cookies and expiring cookies.
+
+#### Setting cookies
+
+Setting a cookie is really easy. First you either get an existing cookie from the cookie manager or you create a new
+one. Then you set that cookie on a PSR-7 response and return the modified response to the user.
+
+The `setCookie` method takes two additional parameters beside the response and the cookie. The first one is whether the
+cookie should expire at the end of the browser session, which defaults to false. The second one defines whether the
+`setCookie` call should override a previous `expireCookie` call, which defaults to true.
+
+```php
+<?php
+use DASPRiD\Pikkuleipa\Cookie;
+use DASPRiD\Pikkuleipa\CookieManagerInterface;
+
+$cookieManager = $container->get(CookieManagerInterface::class);
+$cookie = new Cookie('foo');
+$cookie->set('bar', 'baz');
+
+$newResponse = $cookieManager->setCookie($response, $cookie);
+```
+
+#### Getting cookies
+
+Getting cookies is also quite simple. When retrieving a cookie, the cookie- and the token manager will verify that the
+cookie exists and its contents are legit. If something fails, a new empty cookie instance is returned.
+
+```php
+<?php
+use DASPRiD\Pikkuleipa\CookieManagerInterface;
+
+$cookieManager = $container->get(CookieManagerInterface::class);
+$cookie = $cookieManager->getCookie($serverRequest, 'foo');
+
+echo $cookie->get('bar'); // Outputs: bar
+```
+
+#### Expiring cookies
+
+Expiring cookies is just as simple as setting a cookie. You can either expire a cookie by its instance or by name:
+
+```php
+<?php
+use DASPRiD\Pikkuleipa\CookieManagerInterface;
+
+$cookieManager = $container->get(CookieManagerInterface::class);
+$cookie = $cookieManager->getCookie($serverRequest, 'foo');
+
+$newResponse = $cookieManager->expireCookie($cookie);
+
+// Or:
+$newResponse = $cookieManager->expireCookieByName('foo');
+```
+
+## About the name
+
+Pikkuleipa is the Finnish word for "cookie" or "biscuit", nothing fancy here!

composer.json

@@ -0,0 +1,60 @@
+{
+    "name": "dasprid/pikkuleipa",
+    "description": "PSR-7 JWT cookie handler",
+    "type": "library",
+    "require": {
+        "php": "^7.1",
+        "lcobucci/jwt": "^3.2",
+        "psr/http-message": "^1.0",
+        "dflydev/fig-cookies": "^1.0",
+        "cultuurnet/clock": "^1.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^5.5",
+        "psr/container": "^1.0",
+        "dasprid/treereader": "^1.3",
+        "zendframework/zend-diactoros": "^1.3",
+        "squizlabs/php_codesniffer": "^2.7"
+    },
+    "suggest": {
+        "psr/container": "For using the supplied factories",
+        "dasprid/treereader": "For using the supplied factories"
+    },
+    "license": "BSD-2-Clause",
+    "authors": [
+        {
+            "name": "Ben Scholzen 'DASPRiD'",
+            "homepage": "https://dasprids.de/",
+            "email": "mail@dasprids.de"
+        }
+    ],
+    "keywords": [
+        "jwt",
+        "cookie",
+        "session",
+        "http",
+        "psr",
+        "psr-7"
+    ],
+    "autoload": {
+        "psr-4": {
+            "DASPRiD\\Pikkuleipa\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "DASPRiD\\PikkuleipaTest\\": "test/"
+        }
+    },
+    "scripts": {
+        "check": [
+            "@cs",
+            "@test"
+        ],
+        "coveralls": "php-coveralls",
+        "cs": "phpcs",
+        "cs-fix": "phpcbf",
+        "test": "phpunit",
+        "test-coverage": "phpunit --coverage-clover clover.xml"
+    }
+}

doc/example-config.php

@@ -0,0 +1,33 @@
+<?php
+return [
+    'pikkuleipa' => [
+        'default_cookie_settings' => [
+            // Path which the cookie applies to
+            'path' => '/',
+
+            // Whether the cookie is limited to HTTPS
+            'secure' => true,
+
+            // Lifetime of the cookie, here 30 days
+            'lifetime' => 2592000,
+        ],
+
+        'cookie_settings' => [
+            // Here you can configure all the different cookies you are using
+            'some_cookie_name' => [
+                'path' => '/',
+                'secure' => true,
+                'lifetime' => 60
+            ],
+        ],
+
+        'token' => [
+            // Signer used for signing and verification
+            'signer_class' => Lcobucci\JWT\Signer\Rsa\Sha256::class,
+
+            // Signature and verification keys. See: https://github.com/lcobucci/jwt#token-signature
+            'signature_key' => '',
+            'verification_key' => '',
+        ],
+    ],
+];

phpcs.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+<ruleset name="Pikkuleipa coding standard">
+    <description>Pikkuleipa coding standard</description>
+
+    <!-- display progress -->
+    <arg value="p"/>
+    <arg name="colors"/>
+
+    <!-- inherit rules from: -->
+    <rule ref="PSR2"/>
+    <rule ref="Generic.Arrays.DisallowLongArraySyntax"/>
+    <rule ref="Squiz.WhiteSpace.SuperfluousWhitespace">
+        <properties>
+            <property name="ignoreBlankLines" value="false"/>
+        </properties>
+    </rule>
+
+    <!-- Paths to check -->
+    <file>src</file>
+    <file>test</file>
+</ruleset>

phpunit.xml.dist

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
+         bootstrap="vendor/autoload.php"
+         colors="true">
+    <testsuites>
+        <testsuite name="DASPRiD\\Pikkuleipa Tests">
+            <directory>./test</directory>
+        </testsuite>
+    </testsuites>
+
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">src</directory>
+        </whitelist>
+    </filter>
+</phpunit>

src/ConfigProvider.php

@@ -0,0 +1,27 @@
+<?php
+declare(strict_types = 1);
+
+namespace DASPRiD\Pikkuleipa;
+
+use DASPRiD\Pikkuleipa\Factory\CookieManagerFactory;
+use DASPRiD\Pikkuleipa\Factory\TokenManagerFactory;
+
+final class ConfigProvider
+{
+    public function __invoke() : array
+    {
+        return [
+            'dependencies' => $this->getDependencyConfig(),
+        ];
+    }
+
+    public function getDependencyConfig() : array
+    {
+        return [
+            'factories' => [
+                CookieManagerInterface::class => CookieManagerFactory::class,
+                TokenManagerInterface::class => TokenManagerFactory::class,
+            ],
+        ];
+    }
+}