Day20

MilesChou · Oct 5, 2022 · 0b17037 · 0b17037
1 parent 7132be3
commit 0b17037
Show file tree

Hide file tree

Showing 7 changed files with 116 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -20,3 +20,9 @@ setup:
 
 open:
 	open "http://127.0.0.1:8000/"
+
+login:
+	open "http://127.0.0.1:8000/login"
+
+logout:
+	open "http://127.0.0.1:8000/logout"
diff --git a/app/Http/Controllers/Auth/HydraCallback.php b/app/Http/Controllers/Auth/HydraCallback.php
@@ -66,6 +66,8 @@ public function __invoke(
 
         $claimCheckerManager->check(json_decode($jws->getPayload(), true));
 
+        $request->session()->put('id_token', $idToken);
+
         return response('拿到身分驗證回應了');
     }
 }
diff --git a/app/Http/Controllers/Hydra/LogoutProvider.php b/app/Http/Controllers/Hydra/LogoutProvider.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Controllers\Hydra;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+use Ory\Hydra\Client\Api\AdminApi;
+use RuntimeException;
+use Throwable;
+
+class LogoutProvider
+{
+    public function __invoke(Request $request, AdminApi $adminApi)
+    {
+        $logoutChallenge = $request->get('logout_challenge');
+
+        if (empty($logoutChallenge)) {
+            throw new RuntimeException('No login_challenge');
+        }
+
+        try {
+            $logoutRequest = $adminApi->getLogoutRequest($logoutChallenge);
+        } catch (Throwable $e) {
+            throw new RuntimeException('Hydra Server error: ' . $e->getMessage());
+        }
+
+        Log::debug('Logout Request', json_decode((string)$logoutRequest, true));
+
+        try {
+            $completedRequest = $adminApi->acceptLogoutRequest($logoutChallenge);
+        } catch (Throwable $e) {
+            throw new RuntimeException('Hydra Server error: ' . $e->getMessage());
+        }
+
+        Log::debug('Logout Completed Request', json_decode((string)$completedRequest, true));
+
+        return Redirect::away($completedRequest->getRedirectTo());
+    }
+}
diff --git a/app/Http/Controllers/Logout.php b/app/Http/Controllers/Logout.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+
+class Logout
+{
+    public function __invoke(Request $request): RedirectResponse
+    {
+        $idToken = $request->session()->get('id_token');
+
+        if (null === $idToken) {
+            throw new \RuntimeException('No login session');
+        }
+
+        $query = Arr::query([
+            'client_id' => 'my-rp',
+            'id_token_hint' => $idToken,
+            'post_logout_redirect_uri' => 'http://127.0.0.1:8000/logout/callback',
+            'state' => '1a2b3c4d',
+        ]);
+
+        $endSessionEndpoint = 'http://127.0.0.1:4444/oauth2/sessions/logout';
+
+        $LogoutRequest = $endSessionEndpoint . '?' . $query;
+
+        Log::info('End session request: ' . $LogoutRequest);
+
+        return Redirect::away($LogoutRequest);
+    }
+}
diff --git a/app/Http/Controllers/LogoutCallback.php b/app/Http/Controllers/LogoutCallback.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+
+class LogoutCallback
+{
+    public function __invoke(Request $request)
+    {
+        $error = $request->input('error');
+
+        if (null !== $error) {
+            dd($request->all());
+        }
+
+        return response('登出成功');
+    }
+}
diff --git a/hydra.yml b/hydra.yml
@@ -1,3 +1,4 @@
+# https://www.ory.sh/docs/hydra/reference/configuration
 log:
   level: debug
 
@@ -13,3 +14,4 @@ urls:
 
   login: http://127.0.0.1:8000/oauth2/login
   consent: http://127.0.0.1:8000/oauth2/consent
+  logout: http://127.0.0.1:8000/oauth2/logout
diff --git a/routes/web.php b/routes/web.php
@@ -4,7 +4,10 @@
 use App\Http\Controllers\Hydra\ConsentProvider;
 use App\Http\Controllers\Hydra\Login;
 use App\Http\Controllers\Hydra\LoginProvider;
+use App\Http\Controllers\Hydra\LogoutProvider;
 use App\Http\Controllers\Hydra\RejectConsent;
+use App\Http\Controllers\Logout;
+use App\Http\Controllers\LogoutCallback;
 use Illuminate\Support\Facades\Route;
 
 /*
@@ -33,4 +36,12 @@
 Route::post('/oauth2/consent/accept', AcceptConsent::class)->name('oauth2.consent.accept');
 Route::post('/oauth2/consent/reject', RejectConsent::class)->name('oauth2.consent.reject');
 
+// Logout Provider
+Route::get('/oauth2/logout', LogoutProvider::class)->name('oauth2.logout');
+
+// 啟動 Logout 與 callback
+Route::get('/logout', Logout::class)->name('logout');
+Route::get('/logout/callback', LogoutCallback::class)->name('logout.callback');
+
+
 require __DIR__.'/auth.php';