fixup! implement audit logger
Some checks failed
soko-web/pipeline/pr-master There was a failure building this commit
Some checks failed
soko-web/pipeline/pr-master There was a failure building this commit
This commit is contained in:
parent
3b19ff6460
commit
b3d2bd2ee1
GPG Key ID:
DC5BD6E95A333E6D
@ -1,102 +0,0 @@
|
|||||||
<?php namespace RVR\Util;
|
|
||||||
|
|
||||||
use SokoWeb\Http\Request;
|
|
||||||
use SokoWeb\Interfaces\Http\IRequest;
|
|
||||||
use phpseclib3\Math\BigInteger;
|
|
||||||
use phpseclib3\Crypt\RSA;
|
|
||||||
use Firebase\JWT\JWT;
|
|
||||||
use Firebase\JWT\Key;
|
|
||||||
|
|
||||||
class GoogleOAuth
|
|
||||||
{
|
|
||||||
private static string $dialogUrlBase = 'https://accounts.google.com/o/oauth2/v2/auth';
|
|
||||||
|
|
||||||
private static string $tokenUrlBase = 'https://oauth2.googleapis.com/token';
|
|
||||||
|
|
||||||
private static string $certsUrl = 'https://www.googleapis.com/oauth2/v3/certs';
|
|
||||||
|
|
||||||
private IRequest $request;
|
|
||||||
|
|
||||||
public function __construct(IRequest $request)
|
|
||||||
{
|
|
||||||
$this->request = $request;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getDialogUrl(string $state, string $redirectUrl, ?string $nonce = null, ?string $loginHint = null): string
|
|
||||||
{
|
|
||||||
$oauthParams = [
|
|
||||||
'response_type' => 'code',
|
|
||||||
'client_id' => $_ENV['GOOGLE_OAUTH_CLIENT_ID'],
|
|
||||||
'scope' => 'openid email',
|
|
||||||
'redirect_uri' => $redirectUrl,
|
|
||||||
'state' => $state,
|
|
||||||
];
|
|
||||||
|
|
||||||
if ($nonce !== null) {
|
|
||||||
$oauthParams['nonce'] = $nonce;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($loginHint !== null) {
|
|
||||||
$oauthParams['login_hint'] = $loginHint;
|
|
||||||
}
|
|
||||||
|
|
||||||
return self::$dialogUrlBase . '?' . http_build_query($oauthParams);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getToken(string $code, string $redirectUrl): array
|
|
||||||
{
|
|
||||||
$tokenParams = [
|
|
||||||
'code' => $code,
|
|
||||||
'client_id' => $_ENV['GOOGLE_OAUTH_CLIENT_ID'],
|
|
||||||
'client_secret' => $_ENV['GOOGLE_OAUTH_CLIENT_SECRET'],
|
|
||||||
'redirect_uri' => $redirectUrl,
|
|
||||||
'grant_type' => 'authorization_code',
|
|
||||||
];
|
|
||||||
|
|
||||||
$this->request->setUrl(self::$tokenUrlBase);
|
|
||||||
$this->request->setMethod(IRequest::HTTP_POST);
|
|
||||||
$this->request->setQuery($tokenParams);
|
|
||||||
$response = $this->request->send();
|
|
||||||
|
|
||||||
return json_decode($response->getBody(), true);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function validateJwt($jwt): ?array
|
|
||||||
{
|
|
||||||
$request = new Request(self::$certsUrl, IRequest::HTTP_GET);
|
|
||||||
$response = $request->send();
|
|
||||||
$certs = json_decode($response->getBody(), true)['keys'];
|
|
||||||
|
|
||||||
foreach ($certs as $cert) {
|
|
||||||
$publicKey = $this->getPublicKey($cert);
|
|
||||||
|
|
||||||
try {
|
|
||||||
return (array) JWT::decode($jwt, new Key($publicKey, 'RS256'));
|
|
||||||
} catch (ExpiredException $e) {
|
|
||||||
return null;
|
|
||||||
} catch (SignatureInvalidException $e) {
|
|
||||||
//continue
|
|
||||||
} catch (DomainException $e) {
|
|
||||||
//continue
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function getPublicKey($cert): string
|
|
||||||
{
|
|
||||||
$modulus = new BigInteger($this->base64Decode($cert['n']), 256);
|
|
||||||
$exponent = new BigInteger($this->base64Decode($cert['e']), 256);
|
|
||||||
$component = ['n' => $modulus, 'e' => $exponent];
|
|
||||||
$rsa = new RSA();
|
|
||||||
$rsa->loadKey($component);
|
|
||||||
return $rsa->getPublicKey();
|
|
||||||
}
|
|
||||||
|
|
||||||
private function base64Decode($input): string
|
|
||||||
{
|
|
||||||
$input = str_replace(['_', '-'], ['/', '+'], $input);
|
|
||||||
return base64_decode($input);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue
Block a user