From 39d14bdf889ea7f078cf6c92c98ffb57b59a1240 Mon Sep 17 00:00:00 2001
From: orlowski11 <pawel.orlowski@studenci.collegiumwitelona.pl>
Date: Wed, 12 Jun 2024 11:06:39 +0200
Subject: [PATCH 1/2] added permission service and middleware

---
 .env.example                                  |  2 ++
 .../Middleware/EnsurePermissionsAreGiven.php  | 22 +++++++++++++
 app/Services/PermissionService.php            | 31 +++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 app/Http/Middleware/EnsurePermissionsAreGiven.php
 create mode 100644 app/Services/PermissionService.php

diff --git a/.env.example b/.env.example
index 56a87b9d..a1a4358d 100755
--- a/.env.example
+++ b/.env.example
@@ -73,3 +73,5 @@ DOCKER_HOST_USER_ID=1000
 GITHUB_CLIENT_ID=
 GITHUB_CLIENT_SECRET=
 GITHUB_REDIRECT_URL=
+GITHUB_APP_ID=918356
+GITHUB_APP_URL=https://github.com/apps/gha-analyzer
\ No newline at end of file
diff --git a/app/Http/Middleware/EnsurePermissionsAreGiven.php b/app/Http/Middleware/EnsurePermissionsAreGiven.php
new file mode 100644
index 00000000..b08481af
--- /dev/null
+++ b/app/Http/Middleware/EnsurePermissionsAreGiven.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Middleware;
+
+use App\Services\PermissionService;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class EnsurePermissionsAreGiven
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        if ((new PermissionService())->checkPermissions() === false) {
+            return redirect(env("GITHUB_APP_URL"));
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Services/PermissionService.php b/app/Services/PermissionService.php
new file mode 100644
index 00000000..34c832dc
--- /dev/null
+++ b/app/Services/PermissionService.php
@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Services;
+
+use Illuminate\Support\Facades\Http;
+
+class PermissionService
+{
+    public function checkPermissions(): bool
+    {
+        $permissions_given = false;
+
+        $response = Http::withHeaders([
+            "Authorization" => "Bearer " . auth()->user()->github_token,
+        ])->get("https://api.github.com/user/installations");
+
+        if ($response->json("installations") !== null) {
+            foreach ($response->json("installations") as $installation) {
+                if ($installation["app_id"] === intval(env("GITHUB_APP_ID"))) {
+                    $permissions_given = true;
+
+                    break;
+                }
+            }
+        }
+
+        return $permissions_given;
+    }
+}

From 4bf37a67b4bee19b926d0ad9766353dbad79885f Mon Sep 17 00:00:00 2001
From: orlowski11 <pawel.orlowski@studenci.collegiumwitelona.pl>
Date: Thu, 13 Jun 2024 10:24:36 +0200
Subject: [PATCH 2/2] changed permission service to check for organization
 permissions

---
 .env.example                                     |  2 --
 .../Middleware/EnsurePermissionsAreGiven.php     |  6 ++++--
 app/Services/PermissionService.php               | 16 ++++++++--------
 bootstrap/app.php                                |  4 ++++
 config/services.php                              |  1 +
 5 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/.env.example b/.env.example
index a1a4358d..56a87b9d 100755
--- a/.env.example
+++ b/.env.example
@@ -73,5 +73,3 @@ DOCKER_HOST_USER_ID=1000
 GITHUB_CLIENT_ID=
 GITHUB_CLIENT_SECRET=
 GITHUB_REDIRECT_URL=
-GITHUB_APP_ID=918356
-GITHUB_APP_URL=https://github.com/apps/gha-analyzer
\ No newline at end of file
diff --git a/app/Http/Middleware/EnsurePermissionsAreGiven.php b/app/Http/Middleware/EnsurePermissionsAreGiven.php
index b08481af..df264a76 100644
--- a/app/Http/Middleware/EnsurePermissionsAreGiven.php
+++ b/app/Http/Middleware/EnsurePermissionsAreGiven.php
@@ -13,8 +13,10 @@ class EnsurePermissionsAreGiven
 {
     public function handle(Request $request, Closure $next): Response
     {
-        if ((new PermissionService())->checkPermissions() === false) {
-            return redirect(env("GITHUB_APP_URL"));
+        $organizationId = intval($request->organizationId);
+
+        if ((new PermissionService())->checkGitHubAppInstallation($organizationId) === false) {
+            return redirect("/");
         }
 
         return $next($request);
diff --git a/app/Services/PermissionService.php b/app/Services/PermissionService.php
index 34c832dc..51c7394b 100644
--- a/app/Services/PermissionService.php
+++ b/app/Services/PermissionService.php
@@ -8,24 +8,24 @@
 
 class PermissionService
 {
-    public function checkPermissions(): bool
+    public function checkGitHubAppInstallation(int $organizationId): bool
     {
-        $permissions_given = false;
+        $permissionsGiven = false;
 
         $response = Http::withHeaders([
             "Authorization" => "Bearer " . auth()->user()->github_token,
-        ])->get("https://api.github.com/user/installations");
+        ])->get("https://api.github.com/user/orgs");
 
-        if ($response->json("installations") !== null) {
-            foreach ($response->json("installations") as $installation) {
-                if ($installation["app_id"] === intval(env("GITHUB_APP_ID"))) {
-                    $permissions_given = true;
+        if ($response->json() !== null) {
+            foreach ($response->json() as $organization) {
+                if ($organization["id"] === $organizationId) {
+                    $permissionsGiven = true;
 
                     break;
                 }
             }
         }
 
-        return $permissions_given;
+        return $permissionsGiven;
     }
 }
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 91570f99..3ab6f2fd 100755
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -2,6 +2,7 @@
 
 declare(strict_types=1);
 
+use App\Http\Middleware\EnsurePermissionsAreGiven;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
@@ -13,6 +14,9 @@
         health: "/up",
     )
     ->withMiddleware(function (Middleware $middleware): void {
+        $middleware->alias([
+            "permissions" => EnsurePermissionsAreGiven::class,
+        ]);
     })
     ->withExceptions(function (Exceptions $exceptions): void {
     })->create();
diff --git a/config/services.php b/config/services.php
index 4c9f2d64..830d09e1 100755
--- a/config/services.php
+++ b/config/services.php
@@ -21,5 +21,6 @@
         "client_id" => env("GITHUB_CLIENT_ID"),
         "client_secret" => env("GITHUB_CLIENT_SECRET"),
         "redirect" => env("GITHUB_REDIRECT_URL"),
+        "app_id" => 918356,
     ],
 ];