2017-03-24 15:40:36 +00:00
|
|
|
<?php
|
|
|
|
|
|
2018-01-15 14:02:13 +00:00
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
2017-03-24 15:40:36 +00:00
|
|
|
namespace App\Http\Middleware;
|
|
|
|
|
|
2025-04-12 11:47:30 +01:00
|
|
|
use App\Http\Responses\MicropubResponses;
|
2017-03-24 15:40:36 +00:00
|
|
|
use Closure;
|
2018-01-15 14:02:13 +00:00
|
|
|
use Illuminate\Http\Request;
|
2025-04-27 16:38:25 +01:00
|
|
|
use Lcobucci\JWT\Configuration;
|
2025-04-12 11:47:30 +01:00
|
|
|
use Lcobucci\JWT\Encoding\CannotDecodeContent;
|
|
|
|
|
use Lcobucci\JWT\Token;
|
|
|
|
|
use Lcobucci\JWT\Token\InvalidTokenStructure;
|
|
|
|
|
use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
|
2023-02-18 09:34:57 +00:00
|
|
|
use Symfony\Component\HttpFoundation\Response;
|
2017-03-24 15:40:36 +00:00
|
|
|
|
|
|
|
|
class VerifyMicropubToken
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* Handle an incoming request.
|
2025-04-12 11:47:30 +01:00
|
|
|
*
|
2025-04-27 16:38:25 +01:00
|
|
|
* @param Closure(Request): (Response) $next
|
2017-03-24 15:40:36 +00:00
|
|
|
*/
|
2023-02-18 09:34:57 +00:00
|
|
|
public function handle(Request $request, Closure $next): Response
|
2017-03-24 15:40:36 +00:00
|
|
|
{
|
2025-04-12 11:47:30 +01:00
|
|
|
$rawToken = null;
|
|
|
|
|
|
2018-01-10 22:00:03 +00:00
|
|
|
if ($request->input('access_token')) {
|
2025-04-12 11:47:30 +01:00
|
|
|
$rawToken = $request->input('access_token');
|
|
|
|
|
} elseif ($request->bearerToken()) {
|
|
|
|
|
$rawToken = $request->bearerToken();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (! $rawToken) {
|
|
|
|
|
return response()->json([
|
|
|
|
|
'response' => 'error',
|
|
|
|
|
'error' => 'unauthorized',
|
|
|
|
|
'error_description' => 'No access token was provided in the request',
|
|
|
|
|
], 401);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
$tokenData = $this->validateToken($rawToken);
|
|
|
|
|
} catch (RequiredConstraintsViolated|InvalidTokenStructure|CannotDecodeContent) {
|
|
|
|
|
$micropubResponses = new MicropubResponses;
|
|
|
|
|
|
|
|
|
|
return $micropubResponses->invalidTokenResponse();
|
2017-03-24 15:40:36 +00:00
|
|
|
}
|
|
|
|
|
|
2025-04-12 11:47:30 +01:00
|
|
|
if ($tokenData->claims()->has('scope') === false) {
|
|
|
|
|
$micropubResponses = new MicropubResponses;
|
|
|
|
|
|
|
|
|
|
return $micropubResponses->tokenHasNoScopeResponse();
|
2018-01-10 22:00:03 +00:00
|
|
|
}
|
|
|
|
|
|
2025-04-12 11:47:30 +01:00
|
|
|
return $next($request->merge([
|
|
|
|
|
'access_token' => $rawToken,
|
|
|
|
|
'token_data' => [
|
|
|
|
|
'me' => $tokenData->claims()->get('me'),
|
|
|
|
|
'scope' => $tokenData->claims()->get('scope'),
|
|
|
|
|
'client_id' => $tokenData->claims()->get('client_id'),
|
|
|
|
|
],
|
|
|
|
|
]));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check the token signature is valid.
|
|
|
|
|
*/
|
|
|
|
|
private function validateToken(string $bearerToken): Token
|
|
|
|
|
{
|
|
|
|
|
$config = resolve(Configuration::class);
|
|
|
|
|
|
|
|
|
|
$token = $config->parser()->parse($bearerToken);
|
|
|
|
|
|
|
|
|
|
$constraints = $config->validationConstraints();
|
|
|
|
|
|
|
|
|
|
$config->validator()->assert($token, ...$constraints);
|
|
|
|
|
|
|
|
|
|
return $token;
|
2017-03-24 15:40:36 +00:00
|
|
|
}
|
|
|
|
|
}
|
