From 0b170370db4c21190725dd223ab2b5dde118ef3d Mon Sep 17 00:00:00 2001
From: MilesChou <jangconan@gmail.com>
Date: Wed, 5 Oct 2022 15:07:27 +0800
Subject: [PATCH] Day20

---
 Makefile                                      |  6 +++
 app/Http/Controllers/Auth/HydraCallback.php   |  2 +
 app/Http/Controllers/Hydra/LogoutProvider.php | 40 +++++++++++++++++++
 app/Http/Controllers/Logout.php               | 36 +++++++++++++++++
 app/Http/Controllers/LogoutCallback.php       | 19 +++++++++
 hydra.yml                                     |  2 +
 routes/web.php                                | 11 +++++
 7 files changed, 116 insertions(+)
 create mode 100644 app/Http/Controllers/Hydra/LogoutProvider.php
 create mode 100644 app/Http/Controllers/Logout.php
 create mode 100644 app/Http/Controllers/LogoutCallback.php

diff --git a/Makefile b/Makefile
index e379f36..48f5012 100644
--- a/Makefile
+++ b/Makefile
@@ -20,3 +20,9 @@ setup:
 
 open:
 	open "http://127.0.0.1:8000/"
+
+login:
+	open "http://127.0.0.1:8000/login"
+
+logout:
+	open "http://127.0.0.1:8000/logout"
diff --git a/app/Http/Controllers/Auth/HydraCallback.php b/app/Http/Controllers/Auth/HydraCallback.php
index ad39521..f8ae62b 100644
--- a/app/Http/Controllers/Auth/HydraCallback.php
+++ b/app/Http/Controllers/Auth/HydraCallback.php
@@ -66,6 +66,8 @@ public function __invoke(
 
         $claimCheckerManager->check(json_decode($jws->getPayload(), true));
 
+        $request->session()->put('id_token', $idToken);
+
         return response('拿到身分驗證回應了');
     }
 }
diff --git a/app/Http/Controllers/Hydra/LogoutProvider.php b/app/Http/Controllers/Hydra/LogoutProvider.php
new file mode 100644
index 0000000..0e50faa
--- /dev/null
+++ b/app/Http/Controllers/Hydra/LogoutProvider.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Controllers\Hydra;
+
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+use Ory\Hydra\Client\Api\AdminApi;
+use RuntimeException;
+use Throwable;
+
+class LogoutProvider
+{
+    public function __invoke(Request $request, AdminApi $adminApi)
+    {
+        $logoutChallenge = $request->get('logout_challenge');
+
+        if (empty($logoutChallenge)) {
+            throw new RuntimeException('No login_challenge');
+        }
+
+        try {
+            $logoutRequest = $adminApi->getLogoutRequest($logoutChallenge);
+        } catch (Throwable $e) {
+            throw new RuntimeException('Hydra Server error: ' . $e->getMessage());
+        }
+
+        Log::debug('Logout Request', json_decode((string)$logoutRequest, true));
+
+        try {
+            $completedRequest = $adminApi->acceptLogoutRequest($logoutChallenge);
+        } catch (Throwable $e) {
+            throw new RuntimeException('Hydra Server error: ' . $e->getMessage());
+        }
+
+        Log::debug('Logout Completed Request', json_decode((string)$completedRequest, true));
+
+        return Redirect::away($completedRequest->getRedirectTo());
+    }
+}
diff --git a/app/Http/Controllers/Logout.php b/app/Http/Controllers/Logout.php
new file mode 100644
index 0000000..a919595
--- /dev/null
+++ b/app/Http/Controllers/Logout.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Http\Request;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
+
+class Logout
+{
+    public function __invoke(Request $request): RedirectResponse
+    {
+        $idToken = $request->session()->get('id_token');
+
+        if (null === $idToken) {
+            throw new \RuntimeException('No login session');
+        }
+
+        $query = Arr::query([
+            'client_id' => 'my-rp',
+            'id_token_hint' => $idToken,
+            'post_logout_redirect_uri' => 'http://127.0.0.1:8000/logout/callback',
+            'state' => '1a2b3c4d',
+        ]);
+
+        $endSessionEndpoint = 'http://127.0.0.1:4444/oauth2/sessions/logout';
+
+        $LogoutRequest = $endSessionEndpoint . '?' . $query;
+
+        Log::info('End session request: ' . $LogoutRequest);
+
+        return Redirect::away($LogoutRequest);
+    }
+}
diff --git a/app/Http/Controllers/LogoutCallback.php b/app/Http/Controllers/LogoutCallback.php
new file mode 100644
index 0000000..958d97d
--- /dev/null
+++ b/app/Http/Controllers/LogoutCallback.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+
+class LogoutCallback
+{
+    public function __invoke(Request $request)
+    {
+        $error = $request->input('error');
+
+        if (null !== $error) {
+            dd($request->all());
+        }
+
+        return response('登出成功');
+    }
+}
diff --git a/hydra.yml b/hydra.yml
index 439920d..6d7e5e6 100644
--- a/hydra.yml
+++ b/hydra.yml
@@ -1,3 +1,4 @@
+# https://www.ory.sh/docs/hydra/reference/configuration
 log:
   level: debug
 
@@ -13,3 +14,4 @@ urls:
 
   login: http://127.0.0.1:8000/oauth2/login
   consent: http://127.0.0.1:8000/oauth2/consent
+  logout: http://127.0.0.1:8000/oauth2/logout
diff --git a/routes/web.php b/routes/web.php
index 65c0917..8616023 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -4,7 +4,10 @@
 use App\Http\Controllers\Hydra\ConsentProvider;
 use App\Http\Controllers\Hydra\Login;
 use App\Http\Controllers\Hydra\LoginProvider;
+use App\Http\Controllers\Hydra\LogoutProvider;
 use App\Http\Controllers\Hydra\RejectConsent;
+use App\Http\Controllers\Logout;
+use App\Http\Controllers\LogoutCallback;
 use Illuminate\Support\Facades\Route;
 
 /*
@@ -33,4 +36,12 @@
 Route::post('/oauth2/consent/accept', AcceptConsent::class)->name('oauth2.consent.accept');
 Route::post('/oauth2/consent/reject', RejectConsent::class)->name('oauth2.consent.reject');
 
+// Logout Provider
+Route::get('/oauth2/logout', LogoutProvider::class)->name('oauth2.logout');
+
+// 啟動 Logout 與 callback
+Route::get('/logout', Logout::class)->name('logout');
+Route::get('/logout/callback', LogoutCallback::class)->name('logout.callback');
+
+
 require __DIR__.'/auth.php';