degami
diff --git a/‎app/base/abstracts/OAuth2/AbstractOAuth2ApiClient.php‎
Lines changed: 131 additions & 0 deletions b/‎app/base/abstracts/OAuth2/AbstractOAuth2ApiClient.php‎
Lines changed: 131 additions & 0 deletions
diff --git a/‎app/base/abstracts/OAuth2/AuthorizationCodeOAuth2Client.php‎
Lines changed: 99 additions & 0 deletions b/‎app/base/abstracts/OAuth2/AuthorizationCodeOAuth2Client.php‎
Lines changed: 99 additions & 0 deletions
diff --git a/‎app/base/abstracts/OAuth2/ClientCredentialsOAuth2Client.php‎
Lines changed: 49 additions & 0 deletions b/‎app/base/abstracts/OAuth2/ClientCredentialsOAuth2Client.php‎
Lines changed: 49 additions & 0 deletions
@@ -0,0 +1,131 @@
+<?php
+
+/**
+ * SiteBase
+ * PHP Version 8.3
+ *
+ * @category CMS / Framework
+ * @package  Degami\Sitebase
+ * @author   Mirko De Grandis <degami@github.com>
+ * @license  MIT https://opensource.org/licenses/mit-license.php
+ * @link     https://github.com/degami/sitebase
+ */
+
+namespace App\Base\Abstracts\OAuth2;
+
+use Psr\Container\ContainerInterface;
+use App\Base\Abstracts\ContainerAwareObject;
+use App\Base\Models\OAuth2AccessToken;
+use Degami\Basics\Exceptions\BasicException;
+use GuzzleHttp\Exception\GuzzleException;
+
+/**
+ * Base Class for OAuth2 Clients
+ */
+abstract class AbstractOAuth2ApiClient extends ContainerAwareObject
+{
+    protected ?OAuth2AccessToken $token = null;
+
+    public function __construct(       
+         protected ContainerInterface $container, 
+         protected string $clientId, 
+         protected string $clientSecret, 
+         protected string $scope,
+         protected string $authUrl, 
+         protected string $apiBaseUrl
+    ) { }
+
+    /**
+     * Get the API base URL
+     *
+     * @return string
+     */
+    protected function getApiBaseUrl(): string
+    {
+        return rtrim($this->apiBaseUrl, '/');
+    }
+
+    /**
+     * Get the Auth URL
+     *
+     * @return string
+     */
+    protected function getAuthUrl(): string
+    {
+        return rtrim($this->authUrl, '/');
+    }
+
+    /**
+     * Get the OAuth2 token
+     *
+     * @return OAuth2AccessToken
+     * @throws BasicException
+     * @throws GuzzleException
+     */
+    protected function getToken(): OAuth2AccessToken
+    {
+        if ($this->token && $this->token->getExpitesAt() > new \DateTime()) {
+            return $this->token;
+        }
+
+        $response = $this->getUtils()->httpRequest($this->getAuthUrl(), 'POST', [
+            'form_params' => [
+                'grant_type' => 'client_credentials',
+                'client_id' => $this->clientId,
+                'client_secret' => $this->clientSecret,
+                'scope' => $this->scope,
+            ],
+        ]);
+
+        if (!isset($response->access_token)) {
+            throw new BasicException("Can't gain OAuth2 Token from {$this->getAuthUrl()}");
+        }
+
+        return $this->token = OAuth2AccessToken::createFromResponse($this->getApiBaseUrl(), (array)$response);
+    }
+
+    /**
+     * Refresh the OAuth2 token
+     *
+     * @return OAuth2AccessToken
+     * @throws BasicException
+     * @throws GuzzleException
+     */
+    protected function refreshToken() : OAuth2AccessToken
+    {
+        if (!$this->token || !$this->token->getRefreshToken()) {
+            throw new BasicException('No refresh token available');
+        }
+
+        $response = $this->getUtils()->httpRequest($this->getAuthUrl(), 'POST', [
+            'form_params' => [
+                'grant_type' => 'refresh_token',
+                'refresh_token' => $this->token->getRefreshToken(),
+                'client_id' => $this->clientId,
+                'client_secret' => $this->clientSecret,
+                'scope' => $this->scope,
+            ],
+        ]);
+
+        return $this->token = OAuth2AccessToken::createFromResponse($this->getApiBaseUrl(), (array)$response);
+    }
+
+    /**
+     * Make an API request
+     *
+     * @param string $endpoint
+     * @param string $method
+     * @param array $options
+     * @return mixed
+     * @throws BasicException
+     * @throws GuzzleException
+     */
+    protected function apiRequest(string $endpoint, string $method = 'GET', array $options = []): mixed
+    {
+        $token = $this->getToken();
+        $options['headers']['Authorization'] = "{$token->getType()} {$token->getAccessToken()}";
+        $options['headers']['Accept'] = 'application/json';
+
+        return $this->getUtils()->httpRequest($this->getApiBaseUrl() . '/' . ltrim($endpoint, '/'), $method, $options);
+    }
+}
@@ -0,0 +1,99 @@
+<?php
+
+namespace App\Base\Abstracts\OAuth2;
+
+use Psr\Container\ContainerInterface;
+use App\Base\Models\OAuth2AccessToken;
+use Degami\Basics\Exceptions\BasicException;
+use GuzzleHttp\Exception\GuzzleException;
+
+abstract class AuthorizationCodeOAuth2Client extends AbstractOAuth2ApiClient
+{
+    public function __construct(
+         protected ContainerInterface $container, 
+         protected string $clientId, 
+         protected string $clientSecret, 
+         protected string $scope,
+         protected string $authUrl, 
+         protected string $apiBaseUrl,
+         protected string $redirectUri
+    ) {
+        parent::__construct($container, $clientId, $clientSecret, $scope, $authUrl, $apiBaseUrl);
+    }
+
+    /**
+     * Get the authorization URL
+     *
+     * @return string
+     */
+    public function getAuthorizationUrl(): string
+    {
+        $params = http_build_query([
+            'response_type' => 'code',
+            'client_id'     => $this->clientId,
+            'redirect_uri'  => $this->redirectUri,
+            'scope'         => $this->scope,
+        ]);
+
+        return "{$this->getAuthUrl()}/authorize?{$params}";
+    }
+
+    /**
+     * Exchange authorization code for access token
+     *
+     * @param string $code
+     * @return OAuth2AccessToken
+     * @throws BasicException
+     * @throws GuzzleException
+     */
+    public function exchangeCodeForToken(string $code): OAuth2AccessToken
+    {
+        $response = $this->getUtils()->httpRequest($this->getAuthUrl() . '/token', 'POST', [
+            'form_params' => [
+                'grant_type'    => 'authorization_code',
+                'code'          => $code,
+                'client_id'     => $this->clientId,
+                'client_secret' => $this->clientSecret,
+                'redirect_uri'  => $this->redirectUri,
+            ],
+        ]);
+
+        if (!isset($response->access_token)) {
+            throw new BasicException("Error exchanging code for token");
+        }
+
+        $token = OAuth2AccessToken::createFromResponse($this->getApiBaseUrl(), (array)$response);
+        $token->persist();
+        $this->token = $token;
+
+        return $token;
+    }
+
+    /**
+     * Refresh the OAuth2 token
+     *
+     * @return OAuth2AccessToken
+     * @throws BasicException
+     * @throws GuzzleException
+     */
+    protected function refreshToken(): OAuth2AccessToken
+    {
+        if (!$this->token || !$this->token->getRefreshToken()) {
+            throw new BasicException('Cannot refresh OAuth2 token without refresh token.');
+        }
+
+        $response = $this->getUtils()->httpRequest($this->getAuthUrl() . '/token', 'POST', [
+            'form_params' => [
+                'grant_type'    => 'refresh_token',
+                'refresh_token' => $this->token->getRefreshToken(),
+                'client_id'     => $this->clientId,
+                'client_secret' => $this->clientSecret,
+            ],
+        ]);
+
+        $newToken = OAuth2AccessToken::createFromResponse($this->getApiBaseUrl(), (array)$response);
+        $newToken->persist();
+
+        return $this->token = $newToken;
+    }
+}
@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Base\Abstracts\OAuth2;
+
+use App\Base\Models\OAuth2AccessToken;
+use Degami\Basics\Exceptions\BasicException;
+use GuzzleHttp\Exception\GuzzleException;
+
+abstract class ClientCredentialsOAuth2Client extends AbstractOAuth2ApiClient
+{
+    /**
+     * Get the OAuth2 token
+     *
+     * @return OAuth2AccessToken
+     * @throws BasicException
+     * @throws GuzzleException
+     */
+    protected function getToken(): OAuth2AccessToken
+    {
+        if ($this->token && new \DateTime("".$this->token->getExpitesAt()) > new \DateTime()) {
+            return $this->token;
+        }
+
+        /** @var OAuth2AccessToken $stored */
+        $stored = OAuth2AccessToken::getCollection()->where(['api_base_url' => $this->getApiBaseUrl()])->getFirst();
+
+        if ($stored && new \DateTime("".$stored->getExpitesAt()) > new \DateTime()) {
+            return $this->token = $stored;
+        }
+
+        $response = $this->getUtils()->httpRequest($this->authUrl, 'POST', [
+            'form_params' => [
+                'grant_type'    => 'client_credentials',
+                'client_id'     => $this->clientId,
+                'client_secret' => $this->clientSecret,
+                'scope'         => $this->scope,
+            ],
+        ]);
+
+        if (!isset($response->access_token)) {
+            throw new BasicException("Can't gain OAuth2 Token from {$this->authUrl}");
+        }
+
+        $token = OAuth2AccessToken::createFromResponse($this->getApiBaseUrl(), (array)$response);
+        $token->persist();
+
+        return $this->token = $token;
+    }
+}