-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 3c11f63
Showing
10 changed files
with
300 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Integrity check | ||
|
||
on: [push] | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@master | ||
|
||
- name: Install PHP | ||
uses: shivammathur/setup-php@master | ||
with: | ||
php-version: 7.4 | ||
|
||
- name: Install composer deps | ||
run: | | ||
composer create-project nette/code-checker temp/code-checker ^3 --no-progress | ||
composer create-project nette/coding-standard temp/coding-standard ^2 --no-progress | ||
# Install app deps | ||
composer install --no-interaction --prefer-dist | ||
# Check code checker and coding standards | ||
- name: Check coding standards | ||
run: | | ||
php temp/code-checker/code-checker --short-arrays --strict-types --fix --no-progress | ||
php temp/coding-standard/ecs check src --config temp/coding-standard/coding-standard-php71.yml | ||
- name: Check PHPStan rules | ||
run: composer phpstan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2020 Baraja packages | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
Structured API token authorizator | ||
================================= | ||
|
||
![Integrity check](https://github.com/baraja-core/structured-api-token-authorizator/workflows/Integrity%20check/badge.svg) | ||
|
||
A simple token authorizer for authenticating HTTP requests. | ||
|
||
This package is the official extension for the [Baraja Structured API](https://github.com/baraja-core/structured-api). | ||
|
||
Simple usage | ||
------------ | ||
|
||
Install this package using Composer and register the DIC extension (if you use [Baraja Package manager](https://github.com/baraja-core/package-manager), it will be registered automatically). | ||
|
||
Extension definition for manual usage: | ||
|
||
```yaml | ||
extensions: | ||
tokenAuthorizator: Baraja\TokenAuthorizator\TokenAuthorizatorExtension | ||
``` | ||
|
||
The package automatically disables the default system method of authenticating requests through Nette User and will require token authentication. | ||
|
||
A token is any valid string in the query parameter `token`, or in BODY (in the case of a POST request). The token evaluates as an endpoint call parameter and can be passed to the target endpoint as a string. | ||
|
||
Request verification | ||
-------------------- | ||
|
||
If you are not using your own token authentication implementation, the default `SimpleStrategy` will be used, which you can configure the token via NEON configuration. | ||
|
||
If you do not set a token, all requests (even without a token) will be considered valid. | ||
|
||
Simple configuration example: | ||
|
||
```yaml | ||
tokenAuthorizator: | ||
token: abcd | ||
``` | ||
|
||
This configuration accepts requests as: `/api/v1/user?token=abcd`. | ||
|
||
Custom authentication | ||
--------------------- | ||
|
||
If you need more complex authentication logic, implement a service that implements the `VerificationStrategy` interface and register it with the DIC. This service will be called automatically when all requests are verified. | ||
|
||
📄 License | ||
----------- | ||
|
||
`baraja-core/structured-api-token-authorizator` is licensed under the MIT license. See the [LICENSE](https://github.com/baraja-core/structured-api-token-authorizator/blob/master/LICENSE) file for more details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
extensions: | ||
tokenAuthorizator: Baraja\TokenAuthorizator\TokenAuthorizatorExtension |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"name": "baraja-core/structured-api-token-authorizator", | ||
"description": "A simple token authorizer for authenticating HTTP requests.", | ||
"homepage": "https://github.com/baraja-core/structured-api-token-authorizator", | ||
"authors": [ | ||
{ | ||
"name": "Jan Barášek", | ||
"homepage": "https://baraja.cz" | ||
} | ||
], | ||
"require": { | ||
"php": ">=7.4.0", | ||
"baraja-core/structured-api": "^2.4" | ||
}, | ||
"require-dev": { | ||
"phpstan/phpstan": "^0.12.18", | ||
"tracy/tracy": "^2.7", | ||
"phpstan/phpstan-nette": "^0.12.6", | ||
"symplify/easy-coding-standard": "^7.2" | ||
}, | ||
"autoload": { | ||
"classmap": [ | ||
"src/" | ||
] | ||
}, | ||
"scripts": { | ||
"phpstan": [ | ||
"vendor/bin/phpstan analyse src -c phpstan.neon --level 8 --no-progress" | ||
] | ||
}, | ||
"minimum-stability": "stable" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
includes: | ||
- vendor/phpstan/phpstan-nette/extension.neon | ||
- vendor/phpstan/phpstan-nette/rules.neon |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Baraja\TokenAuthorizator; | ||
|
||
|
||
final class SimpleStrategy implements VerificationStrategy | ||
{ | ||
private ?string $token; | ||
|
||
|
||
public function __construct(?string $token) | ||
{ | ||
$this->token = $token; | ||
} | ||
|
||
|
||
public function verify(string $token): bool | ||
{ | ||
return $token === $this->token; | ||
} | ||
|
||
|
||
public function isActive(): bool | ||
{ | ||
return $this->token !== null; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Baraja\TokenAuthorizator; | ||
|
||
|
||
use Baraja\StructuredApi\Endpoint; | ||
use Baraja\StructuredApi\Middleware\MatchExtension; | ||
use Baraja\StructuredApi\Response; | ||
|
||
final class TokenAuthorizator implements MatchExtension | ||
{ | ||
private VerificationStrategy $strategy; | ||
|
||
|
||
public function __construct(?string $secret, ?VerificationStrategy $strategy = null) | ||
{ | ||
$this->strategy = $strategy ?? new SimpleStrategy($secret); | ||
} | ||
|
||
|
||
public function setStrategy(VerificationStrategy $strategy): void | ||
{ | ||
$this->strategy = $strategy; | ||
} | ||
|
||
|
||
/** | ||
* @param mixed[] $params | ||
*/ | ||
public function beforeProcess(Endpoint $endpoint, array $params, string $action, string $method): ?Response | ||
{ | ||
if ($this->strategy->isActive() === false) { | ||
return null; | ||
} | ||
try { | ||
$docComment = trim((string) (new \ReflectionClass($endpoint))->getDocComment()); | ||
if (preg_match('/@public(?:$|\s|\n)/', $docComment)) { | ||
return null; | ||
} | ||
} catch (\ReflectionException $e) { | ||
throw new \InvalidArgumentException('Endpoint "' . \get_class($endpoint) . '" can not be reflected: ' . $e->getMessage(), $e->getCode(), $e); | ||
} | ||
if (isset($params['token']) === false) { | ||
throw new \InvalidArgumentException('Parameter "token" is required.'); | ||
} | ||
if ($this->strategy->verify($params['token'])) { | ||
return null; | ||
} | ||
throw new \InvalidArgumentException('Token is invalid or expired, please contact your administrator.'); | ||
} | ||
|
||
|
||
/** | ||
* @param mixed[] $params | ||
*/ | ||
public function afterProcess(Endpoint $endpoint, array $params, ?Response $response): ?Response | ||
{ | ||
return null; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Baraja\TokenAuthorizator; | ||
|
||
|
||
use Baraja\StructuredApi\ApiExtension; | ||
use Baraja\StructuredApi\ApiManager; | ||
use Baraja\StructuredApi\Entity\Convention; | ||
use Nette\DI\CompilerExtension; | ||
use Nette\DI\Definitions\ServiceDefinition; | ||
use Nette\Schema\Expect; | ||
use Nette\Schema\Schema; | ||
|
||
final class TokenAuthorizatorExtension extends CompilerExtension | ||
{ | ||
/** | ||
* @return string[] | ||
*/ | ||
public static function mustBeDefinedBefore(): array | ||
{ | ||
return [ApiExtension::class]; | ||
} | ||
|
||
|
||
public function getConfigSchema(): Schema | ||
{ | ||
return Expect::structure([ | ||
'token' => Expect::string(), | ||
])->castTo('array'); | ||
} | ||
|
||
|
||
public function beforeCompile(): void | ||
{ | ||
/** @var mixed[] $config */ | ||
$config = $this->getConfig(); | ||
$builder = $this->getContainerBuilder(); | ||
|
||
/** @var ServiceDefinition $apiManager */ | ||
$apiManager = $builder->getDefinitionByType(ApiManager::class); | ||
|
||
/** @var ServiceDefinition $convention */ | ||
$convention = $builder->getDefinitionByType(Convention::class); | ||
|
||
$convention->addSetup('?->setIgnoreDefaultPermission(true)', ['@self']); | ||
|
||
$builder->addDefinition($this->prefix('tokenAuthorizator')) | ||
->setFactory(TokenAuthorizator::class) | ||
->setAutowired(TokenAuthorizator::class) | ||
->setArgument('secret', $config['token'] ?? null); | ||
|
||
$apiManager->addSetup('?->addMatchExtension(?)', ['@self', '@' . TokenAuthorizator::class]); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace Baraja\TokenAuthorizator; | ||
|
||
|
||
interface VerificationStrategy | ||
{ | ||
public function verify(string $token): bool; | ||
|
||
public function isActive(): bool; | ||
} |