dcovington
/
KCI-PHP-KANBAN
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
267KB
Tree: 7fb48edcf1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7fb48edcf1'
${ noResults }
KCI-PHP-KANBAN/app/Services/AuthService.php

122 lines
3.0KB
Raw Blame History 

  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. namespace App\Services;

  6. 

  7. use Core\Response;

  8. use Stevenmaguire\OAuth2\Client\Provider\Keycloak;

  9. 

  10. class AuthService

  11. {

  12.     private static function config(): array

  13.     {

  14.         static $config = null;

  15. 

  16.         if ($config === null) {

  17.             $config = require __DIR__ . '/../../config/auth.php';

  18.         }

  19. 

  20.         return $config['keycloak'];

  21.     }

  22. 

  23.     public static function provider(): Keycloak

  24.     {

  25.         $cfg = self::config();

  26. 

  27.         return new Keycloak([

  28.             'authServerUrl' => rtrim($cfg['base_url'], '/'),

  29.             'realm'         => $cfg['realm'],

  30.             'clientId'      => $cfg['client_id'],

  31.             'clientSecret'  => $cfg['client_secret'],

  32.             'redirectUri'   => $cfg['redirect_uri'],

  33.         ]);

  34.     }

  35. 

  36.     /**

  37.      * Decode user claims from the access token JWT payload.

  38.      * Avoids calling the userinfo endpoint, which Keycloak may return as a

  39.      * signed JWT (application/jwt) rather than JSON — causing decryption errors.

  40.      *

  41.      * @return array<string, mixed>

  42.      */

  43.     public static function claimsFromToken(string $jwt): array

  44.     {

  45.         $parts = explode('.', $jwt);

  46.         if (count($parts) < 2) {

  47.             return [];

  48.         }

  49. 

  50.         $payload = base64_decode(strtr($parts[1], '-_', '+/'), true);

  51.         if ($payload === false) {

  52.             return [];

  53.         }

  54. 

  55.         $data = json_decode($payload, true);

  56. 

  57.         return is_array($data) ? $data : [];

  58.     }

  59. 

  60.     public static function requireLogin(): ?Response

  61.     {

  62.         if (!self::isLoggedIn()) {

  63.             $_SESSION['auth_return_to'] = $_SERVER['REQUEST_URI'] ?? '/';

  64.             return Response::redirect('/auth/login');

  65.         }

  66. 

  67.         return null;

  68.     }

  69. 

  70.     public static function isLoggedIn(): bool

  71.     {

  72.         return !empty($_SESSION['auth_user']);

  73.     }

  74. 

  75.     public static function getCurrentUser(): array

  76.     {

  77.         return $_SESSION['auth_user'] ?? [];

  78.     }

  79. 

  80.     public static function getCurrentUsername(): string

  81.     {

  82.         $user = self::getCurrentUser();

  83. 

  84.         return $user['preferred_username'] ?? $user['email'] ?? '';

  85.     }

  86. 

  87.     public static function storeUser(array $userInfo): void

  88.     {

  89.         $_SESSION['auth_user'] = $userInfo;

  90.     }

  91. 

  92.     public static function clearSession(): void

  93.     {

  94.         $_SESSION = [];

  95. 

  96.         if (ini_get('session.use_cookies')) {

  97.             $params = session_get_cookie_params();

  98.             setcookie(

  99.                 session_name(),

  100.                 '',

  101.                 time() - 42000,

  102.                 $params['path'],

  103.                 $params['domain'],

  104.                 $params['secure'],

  105.                 $params['httponly']

  106.             );

  107.         }

  108. 

  109.         session_destroy();

  110.     }

  111. 

  112.     public static function logoutUrl(): string

  113.     {

  114.         $cfg        = self::config();

  115.         $base       = rtrim($cfg['base_url'], '/');

  116.         $realm      = $cfg['realm'];

  117.         $postLogout = urlencode($cfg['post_logout_redirect_uri']);

  118. 

  119.         return "{$base}/realms/{$realm}/protocol/openid-connect/logout?redirect_uri={$postLogout}";

  120.     }

  121. }

Powered by TurnKey Linux.