Merge pull request #167 from buggregator/feature/139

Adds Kinde auth support

app/src/Application/Auth/JWTTokenStorage.php

@@ -51,7 +51,7 @@ public function load(string $id): ?TokenInterface
  );
  }
 
- public function create(array $payload, \DateTimeInterface $expiresAt = null): TokenInterface
+ public function create(array|\JsonSerializable $payload, \DateTimeInterface $expiresAt = null): TokenInterface
  {
  $issuedAt = ($this->time)('now');
  $expiresAt = $expiresAt ?? ($this->time)($this->expiresAt);

app/src/Application/Bootloader/AuthBootloader.php

@@ -8,42 +8,31 @@
 use App\Application\Auth\JWTTokenStorage;
 use App\Application\Auth\SuccessRedirect;
 use App\Application\OAuth\ActorProvider;
-use App\Application\OAuth\SessionStore;
+use App\Application\OAuth\AuthProviderInterface;
+use App\Application\OAuth\AuthProviderRegistryInterface;
+use App\Application\OAuth\AuthProviderService;
 use Psr\Http\Message\UriFactoryInterface;
 use Spiral\Boot\Bootloader\Bootloader;
-
-use Auth0\SDK\Auth0;
-use Auth0\SDK\Configuration\SdkConfiguration;
 use Spiral\Boot\EnvironmentInterface;
 use Spiral\Bootloader\Auth\HttpAuthBootloader;
 use Spiral\Core\Container\Autowire;
 use Spiral\Http\ResponseWrapper;
-use Spiral\Session\SessionScope;
 
 final class AuthBootloader extends Bootloader
 {
- public function defineBindings(): array
+ public function defineSingletons(): array
  {
  return [
- Auth0::class => static fn(SdkConfiguration $config, SessionScope $session) => new Auth0(
- $config->setTransientStorage(new SessionStore($session)),
+ AuthProviderInterface::class => static fn(
+ EnvironmentInterface $env,
+ AuthProviderService $service,
+ ) => $service->get(
+ name: $env->get('AUTH_PROVIDER', 'auth0'),
  ),
 
- SdkConfiguration::class => static fn(EnvironmentInterface $env) => new SdkConfiguration(
- strategy: $env->get('AUTH_STRATEGY', SdkConfiguration::STRATEGY_REGULAR),
- domain: $env->get('AUTH_PROVIDER_URL'),
- clientId: $env->get('AUTH_CLIENT_ID'),
- redirectUri: $env->get('AUTH_CALLBACK_URL'),
- clientSecret: $env->get('AUTH_CLIENT_SECRET'),
- scope: \explode(',', $env->get('AUTH_SCOPES', 'openid,profile,email')),
- cookieSecret: $env->get('AUTH_COOKIE_SECRET', $env->get('ENCRYPTER_KEY') ?? 'secret'),
- ),
- ];
- }
+ AuthProviderService::class => AuthProviderService::class,
+ AuthProviderRegistryInterface::class => AuthProviderService::class,
 
- public function defineSingletons(): array
- {
- return [
  AuthSettings::class => static fn(
  EnvironmentInterface $env,
  UriFactoryInterface $factory,

app/src/Application/Bootloader/RoutesBootloader.php

@@ -5,10 +5,10 @@
 namespace App\Application\Bootloader;
 
 use App\Application\Auth\AuthSettings;
+use App\Application\HTTP\Middleware\ApiAuthMiddleware;
 use App\Application\HTTP\Middleware\DetectEventTypeMiddleware;
 use App\Application\HTTP\Middleware\JsonPayloadMiddleware;
 use App\Interfaces\Http\EventHandlerAction;
-use Spiral\Auth\Middleware\AuthMiddleware;
 use Spiral\Auth\Middleware\Firewall\ExceptionFirewall;
 use Spiral\Bootloader\Http\RoutesBootloader as BaseRoutesBootloader;
 use Spiral\Core\Container;
@@ -56,7 +56,7 @@ protected function middlewareGroups(): array
  {
  return [
  'auth' => [
- AuthMiddleware::class,
+ ApiAuthMiddleware::class,
  ],
  'guest' => [
  'middleware:auth',

app/src/Application/Exception/AuthProviderException.php

@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\Exception;
+
+class AuthProviderException extends \Exception {}

app/src/Application/Exception/AuthProviderNotFound.php

@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\Exception;
+
+final class AuthProviderNotFound extends AuthProviderException {}

app/src/Application/Exception/InvalidCredentialsException.php

@@ -0,0 +1,7 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\Exception;
+
+final class InvalidCredentialsException extends AuthProviderException {}

app/src/Application/HTTP/Middleware/ApiAuthMiddleware.php

@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\HTTP\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Spiral\Auth\Middleware\AuthTransportWithStorageMiddleware;
+use Spiral\Core\FactoryInterface;
+
+final class ApiAuthMiddleware implements MiddlewareInterface
+{
+ private ?MiddlewareInterface $middleware = null;
+
+ public function __construct(
+ private readonly FactoryInterface $factory,
+ ) {}
+
+ public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+ {
+ if ($this->middleware === null) {
+ $this->initMiddleware();
+ }
+
+ return $this->middleware->process($request, $handler);
+ }
+
+ private function initMiddleware(): void
+ {
+ $this->middleware = $this->factory->make(AuthTransportWithStorageMiddleware::class, [
+ 'transportName' => 'header',
+ ]);
+ }
+}

app/src/Application/HTTP/Response/UserResource.php

@@ -5,21 +5,25 @@
 namespace App\Application\HTTP\Response;
 
 use App\Application\OAuth\User;
+use Psr\Http\Message\UriInterface;
 
 final class UserResource extends JsonResource
 {
  public function __construct(
  private readonly User $user,
+ private readonly ?UriInterface $logoutUrl = null,
  ) {
  parent::__construct();
  }
 
  protected function mapData(): array
  {
  return [
- 'username' => $this->user->getUsername(),
- 'avatar' => $this->user->getAvatar(),
- 'email' => $this->user->getEmail(),
+ 'provider' => $this->user->provider,
+ 'username' => $this->user->username,
+ 'avatar' => $this->user->avatar,
+ 'email' => $this->user->email,
+ 'logout' => $this->logoutUrl ? (string) $this->logoutUrl : null,
  ];
  }
 }

app/src/Application/Kernel.php

@@ -11,6 +11,8 @@
 use App\Application\Bootloader\HttpHandlerBootloader;
 use App\Application\Bootloader\MongoDBBootloader;
 use App\Application\Bootloader\PersistenceBootloader;
+use App\Integration\Auth0\Auth0Bootloader;
+use App\Integration\Kinde\KindeBootloader;
 use Modules\Events\Application\EventsBootloader;
 use Modules\Inspector\Application\InspectorBootloader;
 use Modules\Metrics\Application\MetricsBootloader;
@@ -83,6 +85,10 @@ protected function defineBootloaders(): array
  SerializerBootloader::class,
  BroadcastingBootloader::class,
 
+ // Auth
+ Auth0Bootloader::class,
+ KindeBootloader::class,
+
  // Modules
  HttpHandlerBootloader::class,
  AppBootloader::class,
@@ -95,7 +101,6 @@ protected function defineBootloaders(): array
  ProfilerBootloader::class,
  MongoDBBootloader::class,
  PersistenceBootloader::class,
- AuthBootloader::class,
  WebhooksBootloader::class,
  ProjectBootloader::class,
  EventsBootloader::class,

app/src/Application/OAuth/ActorProvider.php

@@ -7,24 +7,25 @@
 use Spiral\Auth\ActorProviderInterface;
 use Spiral\Auth\TokenInterface;
 
-final class ActorProvider implements ActorProviderInterface
+final readonly class ActorProvider implements ActorProviderInterface
 {
  public function getActor(TokenInterface $token): ?User
  {
  $payload = $token->getPayload();
  if ($payload === []) {
- $payload = self::getGuestPayload();
+ return self::getGuestPayload();
  }
 
- return new User($payload);
+ return User::fromArray($payload);
  }
 
- public static function getGuestPayload(): array
+ public static function getGuestPayload(): User
  {
- return [
- 'nickname' => 'guest',
- 'email' => '',
- 'picture' => '<svg xmlns="http:https://www.w3.org/2000/svg" xmlns:xlink="http:https://www.w3.org/1999/xlink" viewBox="0 0 144.8 144.8" xml:space="preserve"><circle style="fill:#f5c002" cx="72.4" cy="72.4" r="72.4"/><defs><circle id="a" cx="72.4" cy="72.4" r="72.4"/></defs><clipPath id="b"><use xlink:href="#a" style="overflow:visible"/></clipPath><g style="clip-path:url(#b)"><path style="fill:#f1c9a5" d="M107 117c-5-9-35-14-35-14s-30 5-34 14l-7 28h82s-2-17-6-28z"/><path style="fill:#e4b692" d="M72 103s30 5 35 14c4 11 6 28 6 28H72v-42z"/><path style="fill:#f1c9a5" d="M64 85h17v27H64z"/><path style="fill:#e4b692" d="M72 85h9v27h-9z"/><path style="opacity:.1;fill:#ddac8c" d="M64 97c2 4 8 7 12 7l5-1V85H64v12z"/><path style="fill:#f1c9a5" d="M93 67c0-17-9-26-21-26-11 0-21 9-21 26 0 23 10 31 21 31 12 0 21-9 21-31z"/><path style="fill:#e4b692" d="M90 79c-4 0-6-4-6-9 1-5 5-8 9-8 3 1 6 5 5 9 0 5-4 9-8 8z"/><path style="fill:#f1c9a5" d="M47 71c-1-4 2-8 5-9 4 0 8 3 8 8 1 5-1 9-5 9-4 1-8-3-8-8z"/><path style="fill:#e4b692" d="M93 67c0-17-9-26-21-26v57c12 0 21-9 21-31z"/><path style="fill:#303030" d="M91 82c-1 3-3 7-6 7-5 0-8-4-13-4s-8 4-12 4c-3 0-5-4-7-7v-6 7s1 8 4 11c3 2 11 6 15 6 5 0 13-4 15-6 4-3 5-11 5-11v-7l-1 6zM62 44s4 16 26 24l-3-8 10 7c3-7 7-16-2-21-8-6-28-15-31-2z"/><path style="fill:#303030" d="M55 66s2-18 8-22c-5-2-14 5-13 10l5 12z"/><path style="fill:#fb621e" d="M107 117c-3-5-14-9-23-12a12 12 0 0 1-23 0c-9 3-21 7-23 12l-7 28h82s-2-17-6-28z"/><path style="opacity:.2;fill:#e53d0c" d="M60 108c0 6 6 11 12 11 7 0 12-5 13-11 8 2 18 6 22 10v-1c-3-5-14-9-23-12a12 12 0 0 1-23 0c-9 3-21 7-23 12l-1 1c5-4 15-8 23-10z"/><path style="fill:#e53d0c" d="M57 106a15 15 0 0 0 30 0l-3-1a12 12 0 0 1-23 0l-4 1z"/><path style="fill:#fff" d="M76 91s-1-3-4-3c-2 0-3 3-3 3h7z"/></g></svg>',
- ];
+ return new User(
+ provider: null,
+ username: 'guest',
+ avatar: '<svg xmlns="http:https://www.w3.org/2000/svg" xmlns:xlink="http:https://www.w3.org/1999/xlink" viewBox="0 0 144.8 144.8" xml:space="preserve"><circle style="fill:#f5c002" cx="72.4" cy="72.4" r="72.4"/><defs><circle id="a" cx="72.4" cy="72.4" r="72.4"/></defs><clipPath id="b"><use xlink:href="#a" style="overflow:visible"/></clipPath><g style="clip-path:url(#b)"><path style="fill:#f1c9a5" d="M107 117c-5-9-35-14-35-14s-30 5-34 14l-7 28h82s-2-17-6-28z"/><path style="fill:#e4b692" d="M72 103s30 5 35 14c4 11 6 28 6 28H72v-42z"/><path style="fill:#f1c9a5" d="M64 85h17v27H64z"/><path style="fill:#e4b692" d="M72 85h9v27h-9z"/><path style="opacity:.1;fill:#ddac8c" d="M64 97c2 4 8 7 12 7l5-1V85H64v12z"/><path style="fill:#f1c9a5" d="M93 67c0-17-9-26-21-26-11 0-21 9-21 26 0 23 10 31 21 31 12 0 21-9 21-31z"/><path style="fill:#e4b692" d="M90 79c-4 0-6-4-6-9 1-5 5-8 9-8 3 1 6 5 5 9 0 5-4 9-8 8z"/><path style="fill:#f1c9a5" d="M47 71c-1-4 2-8 5-9 4 0 8 3 8 8 1 5-1 9-5 9-4 1-8-3-8-8z"/><path style="fill:#e4b692" d="M93 67c0-17-9-26-21-26v57c12 0 21-9 21-31z"/><path style="fill:#303030" d="M91 82c-1 3-3 7-6 7-5 0-8-4-13-4s-8 4-12 4c-3 0-5-4-7-7v-6 7s1 8 4 11c3 2 11 6 15 6 5 0 13-4 15-6 4-3 5-11 5-11v-7l-1 6zM62 44s4 16 26 24l-3-8 10 7c3-7 7-16-2-21-8-6-28-15-31-2z"/><path style="fill:#303030" d="M55 66s2-18 8-22c-5-2-14 5-13 10l5 12z"/><path style="fill:#fb621e" d="M107 117c-3-5-14-9-23-12a12 12 0 0 1-23 0c-9 3-21 7-23 12l-7 28h82s-2-17-6-28z"/><path style="opacity:.2;fill:#e53d0c" d="M60 108c0 6 6 11 12 11 7 0 12-5 13-11 8 2 18 6 22 10v-1c-3-5-14-9-23-12a12 12 0 0 1-23 0c-9 3-21 7-23 12l-1 1c5-4 15-8 23-10z"/><path style="fill:#e53d0c" d="M57 106a15 15 0 0 0 30 0l-3-1a12 12 0 0 1-23 0l-4 1z"/><path style="fill:#fff" d="M76 91s-1-3-4-3c-2 0-3 3-3 3h7z"/></g></svg>',
+ email: '',
+ );
  }
 }

app/src/Application/OAuth/AuthProviderInterface.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\OAuth;
+
+use Psr\Http\Message\UriInterface;
+use Spiral\Http\Request\InputManager;
+
+interface AuthProviderInterface
+{
+ public function getLoginUrl(): UriInterface;
+
+ public function isAuthenticated(): bool;
+
+ public function getUser(): ?User;
+
+ public function authenticate(InputManager $input): void;
+
+ public function getLogoutUrl(): ?UriInterface;
+
+ public function logout(): void;
+}

app/src/Application/OAuth/AuthProviderRegistryInterface.php

@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\OAuth;
+
+use App\Application\Exception\AuthProviderNotFound;
+
+interface AuthProviderRegistryInterface
+{
+ /**
+ * @param class-string<AuthProviderInterface> $provider
+ */
+ public function register(string $name, string $provider): void;
+
+ /**
+ * @throws AuthProviderNotFound
+ */
+ public function get(string $name): AuthProviderInterface;
+}

app/src/Application/OAuth/AuthProviderService.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Application\OAuth;
+
+use App\Application\Exception\AuthProviderException;
+use App\Application\Exception\AuthProviderNotFound;
+use Psr\Container\ContainerInterface;
+use Spiral\Core\Attribute\Singleton;
+
+#[Singleton]
+final class AuthProviderService implements AuthProviderRegistryInterface
+{
+ /** @var array<non-empty-string, class-string<AuthProviderInterface>> */
+ private array $providers = [];
+
+ public function __construct(
+ private readonly ContainerInterface $container,
+ ) {}
+
+ public function register(string $name, string $provider): void
+ {
+ if (!\is_subclass_of($provider, AuthProviderInterface::class)) {
+ throw new AuthProviderException(
+ \sprintf('Provider "%s" must implement AuthProviderInterface', $provider),
+ );
+ }
+
+ $this->providers[$name] = $provider;
+ }
+
+ public function get(string $name): AuthProviderInterface
+ {
+ if (!isset($this->providers[$name])) {
+ throw new AuthProviderNotFound(\sprintf('Auth provider "%s" not found', $name));
+ }
+
+ return $this->container->get($this->providers[$name]);
+ }
+}

app/src/Application/OAuth/User.php

@@ -4,24 +4,32 @@
 
 namespace App\Application\OAuth;
 
-final readonly class User
+readonly class User implements \JsonSerializable
 {
- public function __construct(
- private array $data,
- ) {}
-
- public function getUsername(): string
+ public static function fromArray(array $data): self
  {
- return $this->data['nickname'] ?? 'guest';
+ return new self(
+ provider: $data['provider'],
+ username: $data['username'],
+ avatar: $data['avatar'],
+ email: $data['email'],
+ );
  }
 
- public function getAvatar(): string
- {
- return $this->data['picture'];
- }
+ public function __construct(
+ public ?string $provider,
+ public string $username,
+ public string $avatar,
+ public string $email,
+ ) {}
 
- public function getEmail(): string
+ public function jsonSerialize(): array
  {
- return $this->data['email'];
+ return [
+ 'provider' => $this->provider,
+ 'username' => $this->username,
+ 'avatar' => $this->avatar,
+ 'email' => $this->email,
+ ];
  }
 }