Extracted middleware and handlers

2024-03-10 20:22:28 +01:00
parent 83c34f4a47
commit 39869d605c
8 changed files with 592 additions and 416 deletions
--- a/src/Http/Middleware/SecurityMiddleware.php
+++ b/src/Http/Middleware/SecurityMiddleware.php
@ -0,0 +1,68 @@
+<?php
+
+namespace NoccyLabs\Mercureact\Http\Middleware;
+
+use NoccyLabs\Mercureact\Configuration;
+use NoccyLabs\Mercureact\Http\Exeption\SecurityException;
+use NoccyLabs\SimpleJWT\JWTToken;
+use NoccyLabs\SimpleJWT\Key\JWTPlaintextKey;
+use Psr\Http\Message\ServerRequestInterface;
+use React\Promise\Promise;
+use React\Promise\PromiseInterface;
+
+class SecurityMiddleware
+{
+
+    public function __construct(
+        private Configuration $config
+    )
+    {
+        
+    }
+
+    /**
+     * 
+     * 
+     * @param ServerRequestInterface $request
+     * @param callable $next
+     * @return PromiseInterface
+     */
+    public function __invoke(ServerRequestInterface $request, callable $next): PromiseInterface
+    {
+        return new Promise(
+            function (callable $resolve, callable $reject) use ($request, $next) {
+                // Check JWT in authorization header or authorization query param
+                $request = $this->checkAuthorization($request);
+
+                $resolve($next($request));
+            }
+        );
+    }
+
+    /**
+     * 
+     * 
+     * @param ServerRequestInterface $request
+     * @return ServerRequestInterface
+     */
+    private function checkAuthorization(ServerRequestInterface $request): ServerRequestInterface
+    {
+        $authorization = $request->getHeaderLine('authorization');
+        if (str_starts_with(strtolower($authorization), "bearer ")) {
+            $jwt = substr($authorization, strpos($authorization, " ")+1);
+            $key = new JWTPlaintextKey($this->config->getJwtSecret());
+            $tok = new JWTToken($key, $jwt);
+            if (!$tok->isValid()) {
+                throw new SecurityException(message:"Invalid token", code:SecurityException::ERR_ACCESS_DENIED);
+            }
+            $mercureClaims = $tok->claims->get('mercure');
+            return $request
+                ->withAttribute('authorization', $tok);
+        } else {
+            return $request
+                ->withAttribute('authorization', null);
+
+        }
+    }
+
+}