<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use Laravel\Lumen\Routing\Controller as BaseController;
|
|
use Illuminate\Http\Request;
|
|
|
|
class IndieAuth extends BaseController
|
|
{
|
|
private function _redirectURI() {
|
|
return env('BASE_URL') . 'auth/callback';
|
|
}
|
|
|
|
public function start(Request $request) {
|
|
$me = \IndieAuth\Client::normalizeMeURL($request->input('me'));
|
|
if(!$me) {
|
|
return view('auth/error', ['error' => 'Invalid URL']);
|
|
}
|
|
|
|
$authorizationEndpoint = \IndieAuth\Client::discoverAuthorizationEndpoint($me);
|
|
$tokenEndpoint = \IndieAuth\Client::discoverTokenEndpoint($me);
|
|
|
|
$state = \IndieAuth\Client::generateStateParameter();
|
|
session([
|
|
'auth_state' => $state,
|
|
'attempted_me' => $me,
|
|
'authorization_endpoint' => $authorizationEndpoint,
|
|
'token_endpoint' => $tokenEndpoint
|
|
]);
|
|
|
|
// If the user specified only an authorization endpoint, use that
|
|
if(!$authorizationEndpoint) {
|
|
// Otherwise, fall back to indieauth.com
|
|
$authorizationEndpoint = env('DEFAULT_AUTH_ENDPOINT');
|
|
}
|
|
$authorizationURL = \IndieAuth\Client::buildAuthorizationURL($authorizationEndpoint, $me, $this->_redirectURI(), env('BASE_URL'), $state);
|
|
|
|
return redirect($authorizationURL);
|
|
}
|
|
|
|
public function callback(Request $request) {
|
|
if(!session('auth_state') || !session('attempted_me')) {
|
|
return view('auth/error', ['error' => 'Missing state information. Start over.']);
|
|
}
|
|
|
|
if($request->input('error')) {
|
|
return view('auth/error', ['error' => $request->input('error')]);
|
|
}
|
|
|
|
if(session('auth_state') != $request->input('state')) {
|
|
return view('auth/error', ['error' => 'State did not match. Start over.']);
|
|
}
|
|
|
|
$tokenEndpoint = false;
|
|
if(session('token_endpoint')) {
|
|
$tokenEndpoint = session('token_endpoint');
|
|
} else if(session('authorization_endpoint')) {
|
|
$authorizationEndpoint = session('authorization_endpoint');
|
|
} else {
|
|
$authorizationEndpoint = env('DEFAULT_AUTH_ENDPOINT');
|
|
}
|
|
if($tokenEndpoint) {
|
|
$token = \IndieAuth\Client::getAccessToken($tokenEndpoint, $request->input('code'), session('attempted_me'), $this->_redirectURI(), env('BASE_URL'), $request->input('state'));
|
|
} else {
|
|
$token = \IndieAuth\Client::verifyIndieAuthCode($authorizationEndpoint, $request->input('code'), session('attempted_me'), $this->_redirectURI(), env('BASE_URL'), $request->input('state'));
|
|
}
|
|
|
|
if($token && array_key_exists('me', $token)) {
|
|
session()->flush();
|
|
session(['me' => $token['me']]);
|
|
}
|
|
|
|
return redirect('/');
|
|
}
|
|
|
|
public function logout(Request $request) {
|
|
session()->flush();
|
|
return redirect('/');
|
|
}
|
|
|
|
}
|