Refactored out claim check logic to its own class

2024-03-14 14:03:27 +01:00
parent e61d0abb5d
commit d8ae8ade70
6 changed files with 71 additions and 26 deletions
--- a/src/Broker/Security/ClaimChecker.php
+++ b/src/Broker/Security/ClaimChecker.php
@ -0,0 +1,46 @@
+<?php
+
+namespace NoccyLabs\Mercureact\Broker\Security;
+
+use NoccyLabs\SimpleJWT\JWTToken;
+use Rize\UriTemplate\UriTemplate;
+
+class ClaimChecker
+{
+    private UriTemplate $uriTemplate;
+
+    public function __construct()
+    {
+        $this->uriTemplate = new UriTemplate();
+    }
+
+    public function matchAll(array $topics, array $claims): bool
+    {
+        $matched = 0;
+        foreach ((array)$topics as $match) {
+            foreach ($claims as $claim) {
+                if (($claim === "*")
+                    || ($claim === $match)
+                    || ($this->uriTemplate->extract($claim, $match, true))) {
+                    $matched++;
+                    break;
+                }
+            }
+        }
+        return ($matched == count($topics));
+    }
+
+    public function matchOne(array $topics, array $claims): bool
+    {
+        foreach ((array)$topics as $match) {
+            foreach ($claims as $claim) {
+                if (($claim === "*")
+                    || ($claim === $match)
+                    || ($this->uriTemplate->extract($claim, $match, true))) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+}
--- a/src/Broker/Subscriber/SseSubscriber.php
+++ b/src/Broker/Subscriber/SseSubscriber.php
@ -30,6 +30,11 @@ class SseSubscriber implements SubscriberInterface
        return $this->request->getAttribute('authorized');
    }

+    public function getMercureClaims(): ?array
+    {
+        return $this->request->getAttribute('mercure.claims');
+    }
+
    public function getPayload(): array
    {
        return $this->request->getAttribute('mercure.payload')??[];
--- a/src/Broker/Subscriber/SubscriberInterface.php
+++ b/src/Broker/Subscriber/SubscriberInterface.php
@ -21,6 +21,13 @@ interface SubscriberInterface
     */
    public function isAuthenticated(): bool;

+    /**
+     * Returns the content of the JWT mercure claim if present.
+     * 
+     * @return array|null
+     */
+    public function getMercureClaims(): ?array;
+
    /**
     * Returns the content of the JWT mercure.payload claim if present.
     * 
--- a/src/Broker/Subscriber/WsSubscriber.php
+++ b/src/Broker/Subscriber/WsSubscriber.php
@ -21,13 +21,8 @@ class WsSubscriber implements SubscriberInterface, EventEmitterInterface
    const EVENT_UNSUBSCRIBE = 'unsubscribe';
    const EVENT_ERROR = 'error';

-    const STATE_UNAUTHORIZED = 0;
-    const STATE_AUTHORIZED = 1;
-
    private string $id;

-    private int $state = self::STATE_UNAUTHORIZED;
-
    public function __construct(
        private WebSocketConnection $stream,
        private ServerRequestInterface $request,
@ -73,6 +68,11 @@ class WsSubscriber implements SubscriberInterface, EventEmitterInterface
        return $this->token && $this->token->isValid();
    }

+    public function getMercureClaims(): ?array
+    {
+        return $this->request->getAttribute('mercure.claims');
+    }
+
    public function getPayload(): array
    {
        return $this->request->getAttribute('mercure.payload')??[];