You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

186 lines
5.8 KiB

<?php
namespace App\Http\Controllers;
use Laravel\Lumen\Routing\Controller as BaseController;
use Illuminate\Http\Request;
use GuzzleHttp;
use DB;
class IndieAuth extends BaseController
{
private function _redirectURI() {
return env('BASE_URL') . 'auth/callback';
}
public function start(Request $request) {
$me = \IndieAuth\Client::normalizeMeURL($request->input('me'));
if(!$me) {
return view('auth/error', ['error' => 'Invalid URL']);
}
if(!env('ALLOW_NEW_USERS')) {
$user = DB::table('users')->where('url', $me)->first();
if(!$user) {
return view('auth/error', ['error' => 'User Not Registered']);
}
}
$state = \IndieAuth\Client::generateStateParameter();
if(preg_match('/https?:\/\/github\.com\/[^ \/]+/', $me)) {
$authorizationURL = 'https://github.com/login/oauth/authorize'
. '?client_id=' . env('GITHUB_ID')
. '&state=' . $state;
session([
'auth_state' => $state,
'attempted_me' => $me,
]);
} else {
$authorizationEndpoint = \IndieAuth\Client::discoverAuthorizationEndpoint($me);
session([
'auth_state' => $state,
'attempted_me' => $me,
'authorization_endpoint' => $authorizationEndpoint,
]);
// If the user specified only an authorization endpoint, use that
if(!$authorizationEndpoint) {
// Otherwise, fall back to indieauth.com
$authorizationEndpoint = env('DEFAULT_AUTH_ENDPOINT');
}
$authorizationURL = \IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, $this->_redirectURI(), env('BASE_URL'), $state);
}
return redirect($authorizationURL);
}
public function callback(Request $request) {
if(!session('auth_state') || !session('attempted_me')) {
return view('auth/error', ['error' => 'Missing state information. Start over.']);
}
if($request->input('error')) {
return view('auth/error', ['error' => $request->input('error')]);
}
if(session('auth_state') != $request->input('state')) {
return view('auth/error', ['error' => 'State did not match. Start over.']);
}
if(session('authorization_endpoint')) {
$authorizationEndpoint = session('authorization_endpoint');
} else {
$authorizationEndpoint = env('DEFAULT_AUTH_ENDPOINT');
}
$token = \IndieAuth\Client::verifyIndieAuthCode($authorizationEndpoint, $request->input('code'), session('attempted_me'), $this->_redirectURI(), env('BASE_URL'));
if($token && array_key_exists('me', $token)) {
session()->flush();
session(['me' => $token['me']]);
$this->_userLoggedIn($token['me']);
}
return redirect('/');
}
public function github(Request $request) {
if(!session('auth_state') || !session('attempted_me')) {
return view('auth/error', ['error' => 'Missing state information. Start over.']);
}
if($request->input('error')) {
return view('auth/error', ['error' => $request->input('error')]);
}
if(session('auth_state') != $request->input('state')) {
return view('auth/error', ['error' => 'State did not match. Start over.']);
}
if(!$request->input('code')) {
return view('auth/error', ['error' => 'An unknown error occurred']);
}
$client = new GuzzleHttp\Client([
'http_errors' => false
]);
$res = $client->post('https://github.com/login/oauth/access_token', [
'form_params' => [
'client_id' => env('GITHUB_ID'),
'client_secret' => env('GITHUB_SECRET'),
// 'redirect_uri' => env('BASE_URL') . 'auth/github',
'code' => $request->input('code'),
'state' => session('auth_state')
],
'headers' => [
'Accept' => 'application/json'
]
]);
if($res->getStatusCode() == 200) {
$body = $res->getBody();
$data = json_decode($body);
if($data) {
if(property_exists($data, 'access_token')) {
// Now check the username of the user that just logged in
$res = $client->get('https://api.github.com/user', [
'headers' => [
'Authorization' => 'token ' . $data->access_token
]
]);
if($res->getStatusCode() == 200) {
$data = json_decode($res->getBody());
if(property_exists($data, 'login')) {
session()->flush();
$me = 'https://github.com/' . $data->login;
session(['me' => $me]);
$this->_userLoggedIn($me);
return redirect('/');
} else {
return view('auth/error', ['error' => 'Login failed']);
}
} else {
return view('auth/error', ['error' => 'Login failed']);
}
} else {
$err = '';
if(property_exists($data, 'error_description')) {
$err = ': ' . $data->error_description;
}
return view('auth/error', ['error' => 'Login failed' . $err]);
}
} else {
return view('auth/error', ['error' => 'Error parsing response body from GitHub']);
}
} else {
return view('auth/error', ['error' => 'Could not verify login from GitHub: ' . $res->getBody()]);
}
}
private function _userLoggedIn($url) {
// Create the user record if it doesn't exist yet
$user = DB::table('users')->where('url','=',$url)->first();
if($user) {
DB::table('users')->where('id', $user->id)->update([
'last_login' => date('Y-m-d H:i:s')
]);
session(['user_id' => $user->id]);
} else {
$user_id = DB::table('users')->insertGetId([
'url' => $url,
'created_at' => date('Y-m-d H:i:s'),
'last_login' => date('Y-m-d H:i:s'),
]);
session(['user_id' => $user_id]);
}
}
public function logout(Request $request) {
session()->flush();
return redirect('/');
}
}