diff --git a/composer.json b/composer.json index 707983c..6eda656 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,7 @@ ], "require": { "php": ">=5.5", - "silex/silex": "1.x", + "silex/silex": "~2.0@dev", "etna/php-rsa": "~0.2.0" }, "require-dev": { diff --git a/src/Auth.php b/src/Auth.php new file mode 100644 index 0000000..1f876de --- /dev/null +++ b/src/Auth.php @@ -0,0 +1,93 @@ + "^/?", + "auth.force_guest" => true, + "auth.cookie_expiration" => false, + "auth.before_function" => [$this, 'authBeforeFunction'] + ]; + $this->auth_config = $auth_config; + + $auth_url = getenv("AUTH_URL"); + $auth_cookie_expiration = getenv("AUTH_COOKIE_EXPIRATION"); + + if (false === $auth_url) { + throw new \Exception("AUTH_URL doesn't exist"); + } + + $this->auth_config["auth.authenticator_url"] = $auth_url; + if (false !== $auth_cookie_expiration) { + // transforme la chaine 'false' reçu de l'env en booleen. + $auth_cookie_expiration = ($auth_cookie_expiration === 'false') ? false : $auth_cookie_expiration; + + $this->auth_config["auth.cookie_expiration"] = $auth_cookie_expiration; + } + } + + /** + * + * @{inherit doc} + */ + public function register(Container $app) + { + $this->app = $app; + + if (true !== isset($app["application_env"])) { + throw new \Exception('$app["application_env"] is not set'); + } + + if (true !== isset($app["application_name"])) { + throw new \Exception('$app["application_name"] is not set'); + } + + if (true !== isset($app["application_path"])) { + throw new \Exception('$app["application_path"] is not set'); + } + + $this->auth_config["auth.app_name"] = $app["application_name"]; + + foreach ($this->auth_config as $conf_name => $conf_value) { + $app[$conf_name] = $conf_value; + } + + $app["auth.public_key.tmp_path"] = "{$app['application_path']}/tmp/public-{$app['application_env']}.key"; + $app->register(new AuthServiceProvider()); + } + + public function authBeforeFunction(Request $req) + { + // On autorise les OPTIONS sans auth + if ('OPTIONS' === $req->getMethod()) { + return; + } + + if (!isset($req->user)) { + return $this->app->json("Authorization Required", 401); + } + } + + /** + * + * @{inherit doc} + */ + public function boot(Application $app) + { + $app->before($app['auth.before_function']); + } +} diff --git a/src/AuthServiceProvider.php b/src/AuthServiceProvider.php index 95594ef..fb694f0 100644 --- a/src/AuthServiceProvider.php +++ b/src/AuthServiceProvider.php @@ -4,13 +4,17 @@ use ETNA\RSA\RSA; use Silex\Application; +use Silex\Api\BootableProviderInterface; + use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ParameterBag; -use Silex\ServiceProviderInterface; +use Pimple\ServiceProviderInterface; +use Pimple\Container; + use Exception; -class AuthServiceProvider implements ServiceProviderInterface +class AuthServiceProvider implements ServiceProviderInterface, BootableProviderInterface { private $app = null; private $rsa = null; @@ -73,7 +77,7 @@ public function __destruct() * $app["user.authenticated"] => user must be authenticated to run the action * $app["user.in.group"]($groups) => user must have all defined groups to run the action */ - public function register(Application $app) + public function register(Container $app) { $app->before([$this, "addUserToRequest"], Application::EARLY_EVENT); $app["auth"] = $this;