Hi there, I really like this library and have used it many times in

OAuth2 advice about pathhandler HOT 1 CLOSED

articus commented on August 26, 2024

OAuth2 advice

from pathhandler.

Comments (1)

Articus commented on August 26, 2024

Hi,
Personally I just add specific attribute with high priority to handlers or handler methods that require authentication. This attribute reads token from request headers, validates and decrypts it, calls some service to retrieve user information and "attributes" request with this info.
If any stage fails, attribute can just throw Articus\PathHandler\Exception\Unauthorized for 401 response or Articus\PathHandler\Exception\Forbidden for 403 response.
Here is short sample of such attribute:

namespace IdentityServer;

use Articus\PathHandler\Attribute\AttributeInterface;
use Articus\PathHandler\Exception as PAException;
use Psr\Http\Message\ServerRequestInterface as Request;

class Attribute implements AttributeInterface
{
	const AUTHORIZATION_HEADER_RE = '/^Bearer (?<token>[a-zA-Z0-9\._\-]+)$/';
	const USER_INFO_ATTR = 'userInfo';
	/**
	 * TODO any service that can validate authentication token and provide information about authenticated user
	 * @var Client\UserInfo
	 */
	protected $userInfoClient;
	/**
	 * Attribute constructor.
	 * @param Client\UserInfo $userInfoClient
	 */
	public function __construct(Client\UserInfo $userInfoClient)
	{
		$this->userInfoClient = $userInfoClient;
	}

	public function __invoke(Request $request)
	{
		$authorizationHeaders = $request->getHeader('Authorization');
		if (empty($authorizationHeaders) || empty($authorizationHeaders[0]))
		{
			throw new PAException\Unauthorized('Empty authorization header');
		}
		$matches = [];
		if (preg_match(self::AUTHORIZATION_HEADER_RE, $authorizationHeaders[0], $matches) < 1)
		{
			throw new PAException\Unauthorized('Malformed authorization header');
		}
		$userInfo = null;
		try
		{
			$userInfo = $this->userInfoClient->get($matches['token']);//TODO or any other logic to validate and decrypt token
		}
		catch (\Exception $e)
		{
			throw new PAException\Unauthorized('Invalid authorization header', $e);
		}
		$request = $request->withAttribute(self::USER_INFO_ATTR, $userInfo);
		return $request;
	}
}

And even shorter sample of handler that uses this attribute:

namespace App\Handler;

use Articus\PathHandler\Operation;
use Articus\PathHandler\Annotation as PHA;
use Articus\PathHandler\Producer as PHProducer;
use Psr\Http\Message\ServerRequestInterface;
use IdentityServer as IS;

class Test implements Operation\GetInterface
{
	/**
	 * @PHA\Attribute(priority=10, name=IS\Attribute::class)
	 * @PHA\Producer(name=PHProducer\Transfer::class, mediaType="application/json")
	 * @return mixed
	 */
	public function handleGet(ServerRequestInterface $request)
	{
		$userInfo = $request->getAttribute(IS\Attribute::USER_INFO_ATTR);
		//TODO use this user info somehow in handler or in anotehr attribute with lower priority
	}
}

Authorization can be handled in the same manner. For example you can pass user roles required to access method via attribute options (check Articus\PathHandler\Attribute\Factory for sample how to get them):

/**
 * @PHA\Attribute(priority=10, name="AuthorizationAttribute", options={
 *     "requiredRoles": {"admin"},
 * })
 * @PHA\Attribute(name=PHAttribute\Transfer::class, options={"type":"SomeClass","objectAttr":"test"})
 * @PHA\Producer(name=PHProducer\Transfer::class, mediaType="application/json")
 */
public function handlePatch(ServerRequestInterface $request)
{
}

Hope that will help)

from pathhandler.

OAuth2 advice about pathhandler HOT 1 CLOSED

Comments (1)

Related Issues (3)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent