1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
<?php
namespace Studip\OAuth2;
use DateInterval;
use DI\ContainerBuilder;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use League\OAuth2\Server\Grant\RefreshTokenGrant;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\ResourceServer;
use Psr\Container\ContainerInterface;
use Studip\OAuth2\Exceptions\SetupError;
class Container
{
/** @var ContainerInterface */
private $container;
/**
* @return mixed
*/
public function get(string $key)
{
return $this->container->get($key);
}
public function __construct()
{
$containerBuilder = new ContainerBuilder();
$this->addConfiguration($containerBuilder);
$this->addDependencies($containerBuilder);
$this->container = $containerBuilder->build();
}
private function addConfiguration(ContainerBuilder $containerBuilder): void
{
$basePath = $GLOBALS['STUDIP_BASE_PATH'];
$containerBuilder->addDefinitions([
'encryption_key' => $basePath . '/config/oauth2/encryption_key.php',
'private_key' => $basePath . '/config/oauth2/private.key',
'public_key' => $basePath . '/config/oauth2/public.key',
// TODO: use these and more of them
'tokens_expire_in' => 'P1Y',
'refresh_tokens_expire_in' => 'P1Y',
]);
}
private function addDependencies(ContainerBuilder $containerBuilder): void
{
$containerBuilder->addDefinitions([
AccessTokenRepositoryInterface::class => \DI\get(Bridge\AccessTokenRepository::class),
AuthCodeRepositoryInterface::class => \DI\get(Bridge\AuthCodeRepository::class),
ClientRepositoryInterface::class => \DI\get(Bridge\ClientRepository::class),
RefreshTokenRepositoryInterface::class => \DI\get(Bridge\RefreshTokenRepository::class),
ScopeRepositoryInterface::class => \DI\get(Bridge\ScopeRepository::class),
AuthorizationServer::class => function (
ContainerInterface $container,
AccessTokenRepositoryInterface $accessTokenRepository,
ClientRepositoryInterface $clientRepository,
ScopeRepositoryInterface $scopeRepository,
AuthCodeGrant $authCodeGrant,
RefreshTokenGrant $refreshGrant
) {
$encryptionKeyFile = $container->get('encryption_key');
$privateKey = $container->get('private_key');
if (!is_readable($encryptionKeyFile) || !is_readable($privateKey)) {
throw new SetupError();
}
$encryptionKey = include $encryptionKeyFile;
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
$privateKey,
$encryptionKey
);
$server->enableGrantType($authCodeGrant, new DateInterval('PT1H'));
$server->enableGrantType($refreshGrant, new DateInterval('PT1H'));
return $server;
},
AuthCodeGrant::class => function (
AuthCodeRepositoryInterface $authCodeRepository,
RefreshTokenRepositoryInterface $refreshTokenRepository
) {
$grant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, new DateInterval('PT10M'));
$grant->setRefreshTokenTTL(new DateInterval('P1M'));
return $grant;
},
RefreshTokenGrant::class => function (RefreshTokenRepositoryInterface $refreshTokenRepository) {
$refreshGrant = new RefreshTokenGrant($refreshTokenRepository);
$refreshGrant->setRefreshTokenTTL(new DateInterval('P1M'));
return $refreshGrant;
},
ResourceServer::class => function (
ContainerInterface $container,
AccessTokenRepositoryInterface $accessTokenRepository
) {
$publicKey = $container->get('public_key');
$resourceServer = new ResourceServer($accessTokenRepository, $publicKey);
return $resourceServer;
},
]);
}
}
|
