add support for read-only tokens

GetStream · Jun 11, 2015 · 0f26b97 · 0f26b97
1 parent cc6592a
commit 0f26b97
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 20 deletions.
diff --git a/lib/GetStream/Stream/BaseFeed.php b/lib/GetStream/Stream/BaseFeed.php
@@ -84,6 +84,14 @@ public function validUserId($user_id)
         return (preg_match('/^[-\w]+$/', $user_id) === 1);
     }
 
+    /**
+     * @return string
+     */
+    public function getReadonlyToken()
+    {
+        return $this->client->createFeedJWTToken($this, '*', 'read');
+    }
+
     /**
      * @return string
      */
@@ -141,7 +149,7 @@ public function addActivity($activity_data)
         if (array_key_exists('to', $activity_data)) {
             $activity_data['to'] = $this->signToField($activity_data['to']);
         }
-        return $this->makeHttpRequest("{$this->base_feed_url}/", 'POST', $activity_data);
+        return $this->makeHttpRequest("{$this->base_feed_url}/", 'POST', $activity_data, null, 'feed', 'write');
     }
 
     /**
@@ -156,7 +164,7 @@ public function addActivities($activities_data)
             }
         }
         $data = ['activities' => $activities_data];
-        return $this->makeHttpRequest("{$this->base_feed_url}/", 'POST', $data);
+        return $this->makeHttpRequest("{$this->base_feed_url}/", 'POST', $data, null, 'feed', 'write');
     }
 
     /**
@@ -170,7 +178,7 @@ public function removeActivity($activity_id, $foreign_id = false)
         if ($foreign_id === true) {
             $query_params['foreign_id'] = 1;
         }
-        return $this->makeHttpRequest("{$this->base_feed_url}/{$activity_id}/", 'DELETE', null, $query_params);
+        return $this->makeHttpRequest("{$this->base_feed_url}/{$activity_id}/", 'DELETE', null, $query_params, 'feed', 'delete');
     }
 
     /**
@@ -187,7 +195,7 @@ public function getActivities($offset = 0, $limit = 20, $options = [])
         }
         $query_params = array_merge($query_params, $options);
 
-        return $this->makeHttpRequest("{$this->base_feed_url}/", 'GET', null, $query_params);
+        return $this->makeHttpRequest("{$this->base_feed_url}/", 'GET', null, $query_params, 'feed', 'read');
     }
 
     /**
@@ -203,7 +211,7 @@ public function followFeed($target_feed_slug, $target_user_id)
             $data['target_token'] = $target_feed->getToken();
         }
 
-        return $this->makeHttpRequest("{$this->base_feed_url}/follows/", 'POST', $data);
+        return $this->makeHttpRequest("{$this->base_feed_url}/follows/", 'POST', $data, null, 'follower', 'write');
     }
 
     /**
@@ -218,7 +226,7 @@ public function followers($offset = 0, $limit = 25)
             'offset' => $offset,
         ];
 
-        return $this->makeHttpRequest("{$this->base_feed_url}/followers/", 'GET', null, $query_params);
+        return $this->makeHttpRequest("{$this->base_feed_url}/followers/", 'GET', null, $query_params, 'follower', 'read');
     }
 
     /**
@@ -235,7 +243,7 @@ public function following($offset = 0, $limit = 25, $filter = [])
             'filter' => implode(',', $filter),
         ];
 
-        return $this->makeHttpRequest("{$this->base_feed_url}/follows/", 'GET', null, $query_params);
+        return $this->makeHttpRequest("{$this->base_feed_url}/follows/", 'GET', null, $query_params, 'follower', 'read');
     }
 
     /**
@@ -245,14 +253,14 @@ public function following($offset = 0, $limit = 25, $filter = [])
     public function unfollowFeed($target_feed_slug, $target_user_id)
     {
         $target_feed_id = "$target_feed_slug:$target_user_id";
-        return $this->makeHttpRequest("{$this->base_feed_url}/follows/{$target_feed_id}/", 'DELETE');
+        return $this->makeHttpRequest("{$this->base_feed_url}/follows/{$target_feed_id}/", 'DELETE', null, null, 'follower', 'delete');
     }
 
     /**
      * @return mixed
      */
     public function delete()
     {
-        return $this->makeHttpRequest("{$this->base_feed_url}/", 'DELETE');
+        return $this->makeHttpRequest("{$this->base_feed_url}/", 'DELETE', null, null, 'feed', 'delete');
     }
 }
diff --git a/lib/GetStream/Stream/Client.php b/lib/GetStream/Stream/Client.php
@@ -86,6 +86,18 @@ public function setLocation($location)
         $this->location = $location;
     }
 
+    /**
+     * @param  BaseFeed $feed
+     * @param  string $resource
+     * @param  string $action
+     * @return string
+     */
+    public function createFeedJWTToken($feed, $resource, $action)
+    {
+        $feedId = "{$feed->getSlug()}{$feed->getUserId()}";
+        return $this->signer->jwtScopeToken($feedId, $resource, $action);
+    }
+
     /**
      * @param  string $feed_slug
      * @param  string $user_id

diff --git a/lib/GetStream/Stream/Feed.php b/lib/GetStream/Stream/Feed.php
@@ -37,29 +37,31 @@ public function setGuzzleDefaultOption($option, $value)
     }
 
     /**
+     * @param  string $resource
+     * @param  string $action
      * @return array
      */
-    protected function getHttpRequestHeaders()
+    protected function getHttpRequestHeaders($resource, $action)
     {
-        if (empty($this->httpRequestHeaders)) {
-            $this->httpRequestHeaders = [
-                'Authorization' => "{$this->slug}{$this->user_id} {$this->token}",
-                'Content-Type'  => 'application/json',
-            ];
-        }
-
-        return $this->httpRequestHeaders;
+        $token = $this->client->createFeedJWTToken($this, $resource, $action);
+        return [
+            'Authorization'     => $token,
+            'Content-Type'      => 'application/json',
+            'stream-auth-type'  => 'jwt'
+        ];
     }
 
     /**
      * @param  string $uri
      * @param  string $method
      * @param  array $data
      * @param  array $query_params
+     * @param  string $resource
+     * @param  string $action
      * @return mixed
      * @throws StreamFeedException
      */
-    public function makeHttpRequest($uri, $method, $data = [], $query_params = [])
+    public function makeHttpRequest($uri, $method, $data = [], $query_params = [], $resource = '', $action = '')
     {
         $query_params['api_key'] = $this->api_key;
 
@@ -69,7 +71,7 @@ public function makeHttpRequest($uri, $method, $data = [], $query_params = [])
             $client->setDefaultOption($key, $value);
         }
         $request = $client->createRequest($method, $this->client->buildRequestUrl($uri), ['timeout' => $this->client->timeout]);
-        $request->setHeaders($this->getHttpRequestHeaders());
+        $request->setHeaders($this->getHttpRequestHeaders($resource, $action));
 
         $query = $request->getQuery();
         foreach ($query_params as $key => $value) {

diff --git a/lib/GetStream/Stream/Signer.php b/lib/GetStream/Stream/Signer.php
@@ -35,4 +35,21 @@ public function signature($value)
         $digest = $this->hashFunction->digest($value, $this->key);
         return $this->urlSafeB64encode($digest);
     }
+
+    /**
+     * @param  string $feedId
+     * @param  string $resource
+     * @param  string $action
+     * @return string
+     */
+    public function jwtScopeToken($feedId, $resource, $action)
+    {
+        $payload = [
+            'action'   => $action,
+            'feed_id'  => $feedId,
+            'resource' => $resource
+        ];
+        return \JWT::encode($payload, $this->key, 'HS256');
+    }
+
 }
diff --git a/test/IntegrationFeedTest.php b/test/IntegrationFeedTest.php
@@ -25,6 +25,12 @@ protected function setUp()
         $this->flat3 = $this->client->feed('flat', '33');
     }
 
+    public function testReadonlyToken()
+    {
+        $token = $this->user1->getReadonlyToken();
+        $this->assertSame($token, "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY3Rpb24iOiJyZWFkIiwiZmVlZF9pZCI6InVzZXIxMSIsInJlc291cmNlIjoiKiJ9.3TVyF2nOiVd_KbOZzJYHabuMxnXy2HFSI--aFAXPMkk");
+    }
+
     public function testAddActivity()
     {
         $activity_data = ['actor' => 1, 'verb' => 'tweet', 'object' => 1];