implements Api.Middleware configuration parameter

skie · skie · commit 98dd4c70829e · 2019-10-08T19:33:58.000+03:00
diff --git a/config/api.php b/config/api.php
@@ -1,13 +1,20 @@
 <?php
 /**
- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  *
  * Licensed under The MIT License
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
+use Authentication\AuthenticationService;
+use Authentication\Middleware\AuthenticationMiddleware;
+use Authorization\Middleware\AuthorizationMiddleware;
+use Authorization\Middleware\RequestAuthorizationMiddleware;
+use CakeDC\Api\Middleware\ParseApiRequestMiddleware;
+use CakeDC\Api\Middleware\ProcessApiRequestMiddleware;
+use CakeDC\Api\ApiInitializer;
 
 return [
     'Api' => [
@@ -31,6 +38,30 @@
                 'default' => 'auth'
             ],
         ],
+        
+        'Middleware' => [
+            'authentication' => [
+                'class' => AuthenticationMiddleware::class,
+                'request' => ApiInitializer::class,
+                'method' => 'getAuthenticationService',
+            ],
+            'apiParser' => [
+                'class' => ParseApiRequestMiddleware::class,
+            ],
+            'apiAuthorize' => [
+                'class' => AuthorizationMiddleware::class,
+                'request' => ApiInitializer::class,
+                'params' => [
+                    'unauthorizedHandler' => 'CakeDC/Api.ApiException',
+                ],
+            ],
+            'apiAuthorizeRequest' => [
+                'class' => RequestAuthorizationMiddleware::class,
+            ],
+            'apiProcessor' => [
+                'class' => ProcessApiRequestMiddleware::class,
+            ],
+        ],
 
         'Service' => [
             'default' => [
diff --git a/config/api_permissions.php.default b/config/api_permissions.php.default
@@ -0,0 +1,13 @@
+<?php
+
+return [
+    'CakeDC/Auth.api_permissions' => [
+            [
+                'role' => '*',
+                'service' => '*',
+                'action' => '*',
+                'method' => '*',
+                'bypassAuth' => true,
+            ],
+    ]
+];
diff --git a/config/bootstrap.php b/config/bootstrap.php
@@ -1,11 +1,11 @@
 <?php
 /**
- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  *
  * Licensed under The MIT License
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
 
diff --git a/config/routes.php b/config/routes.php
@@ -1,20 +1,26 @@
 <?php
 /**
- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  *
  * Licensed under The MIT License
  * Redistributions of files must retain the above copyright notice.
  *
- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
  * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
  */
 
 use Cake\Core\Configure;
 use Cake\Routing\Router;
+use Cake\Routing\RouteBuilder;
 
 Router::plugin('CakeDC/Api', ['path' => '/api'], function ($routes) {
     $useVersioning = Configure::read('Api.useVersioning');
     $versionPrefix = Configure::read('Api.versionPrefix');
+    $middlewares = Configure::read('Api.Middleware');
+    $middlewareNames = array_keys($middlewares);
+
+    $routes->applyMiddleware(...$middlewareNames);
+
     if (empty($versionPrefix)) {
         $versionPrefix = 'v';
     }
@@ -29,11 +35,6 @@
                 'controller' => 'Api',
                 'action' => 'listing'
             ], ['version' => $versionPrefix . '\d+', 'pass' => []]);
-        $routes->connect('/:version/:service/*', [
-                'plugin' => 'CakeDC/Api',
-                'controller' => 'Api',
-                'action' => 'process'
-            ], ['version' => $versionPrefix . '\d+', 'pass' => []]);
     }
     $routes->connect('/describe/*', [
             'plugin' => 'CakeDC/Api',
@@ -45,9 +46,5 @@
             'controller' => 'Api',
             'action' => 'listing'
         ]);
-    $routes->connect('/:service/*', [
-            'plugin' => 'CakeDC/Api',
-            'controller' => 'Api',
-            'action' => 'process'
-        ]);
+    $routes->connect('/**', ['plugin' => 'CakeDC/Api', 'controller' => 'Api', 'action' => 'notFound']);
 });
diff --git a/src/ApiInitializer.php b/src/ApiInitializer.php
@@ -0,0 +1,81 @@
+<?php 
+declare(strict_types=1);
+
+/**
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
+ * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+
+namespace CakeDC\Api;
+
+use Authentication\AuthenticationService;
+use Authorization\AuthorizationService;
+use Authorization\AuthorizationServiceInterface;
+use Authorization\AuthorizationServiceProviderInterface;
+use Authorization\Policy\MapResolver;
+use Authorization\Policy\OrmResolver;
+use Authorization\Policy\ResolverCollection;
+use Cake\Core\Configure;
+use Cake\Http\ServerRequest;
+use CakeDC\Api\Rbac\ApiRbac;
+use CakeDC\Auth\Rbac\Rbac;
+use CakeDC\Auth\Policy\CollectionPolicy;
+use CakeDC\Auth\Policy\RbacPolicy;
+use CakeDC\Auth\Policy\SuperuserPolicy;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class ApiInitializer implements AuthorizationServiceProviderInterface
+{
+
+    public function getAuthenticationService(): AuthenticationService
+    {
+        $service = new AuthenticationService();
+        $service->loadIdentifier('Authentication.JwtSubject', []);
+
+        $service->loadIdentifier('Authentication.Password', []);
+        $service->loadAuthenticator('Authentication.Session', [
+            'sessionKey' => 'Auth',
+        ]);
+
+        $service->loadIdentifier('Authentication.Token', [
+            'dataField' => 'token',
+            'tokenField' => 'api_token',
+        ]);
+        $service->loadAuthenticator('Authentication.Token', [
+            'queryParam' => 'token',
+        ]);
+        
+        return $service;
+    }
+
+    public function getAuthorizationService(ServerRequestInterface $request): AuthorizationServiceInterface
+    {
+        $map = new MapResolver();
+        $rbac = new ApiRbac();
+        $map->map(
+            ServerRequest::class,
+            new CollectionPolicy([
+                //SuperuserPolicy::class,
+                new RbacPolicy([
+                    'adapter' => $rbac
+                ])
+            ])
+        );
+
+        $orm = new OrmResolver();
+
+        $resolver = new ResolverCollection([
+            $map,
+            $orm
+        ]);
+
+        return new AuthorizationService($resolver);
+    }
+
+}
diff --git a/src/Controller/ApiController.php b/src/Controller/ApiController.php
@@ -123,4 +123,9 @@ protected function _process(array $options = []): ?Response
 
         return $this->getResponse();
     }
+    
+    public function notFound()
+    {
+        return $this->getResponse()->withStatus(404);
+    }
 }
diff --git a/src/Plugin.php b/src/Plugin.php
@@ -1,13 +1,56 @@
 <?php
 declare(strict_types=1);
 
+/**
+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
+ *
+ * Licensed under The MIT License
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)
+ * @license MIT License (http://www.opensource.org/licenses/mit-license.php)
+ */
+
 namespace CakeDC\Api;
 
+use Authentication\AuthenticationService;
+use Authentication\Middleware\AuthenticationMiddleware;
+use Authorization\Middleware\AuthorizationMiddleware;
+use Authorization\Middleware\RequestAuthorizationMiddleware;
+use CakeDC\Api\Middleware\ParseApiRequestMiddleware;
+use CakeDC\Api\Middleware\ProcessApiRequestMiddleware;
 use Cake\Core\BasePlugin;
+use Cake\Core\Configure;
 
 /**
  * Api plugin
  */
 class Plugin extends BasePlugin
 {
+    
+    public function routes($routes): void
+    {
+        $middlewares = Configure::read('Api.Middleware');
+        foreach ($middlewares as $alias => $middleware) {
+            $class = $middleware['class'];
+            if (array_key_exists('request', $middleware)) {
+                $requestClass = $middleware['request'];
+                $request = new $requestClass();
+                if (array_key_exists('method', $middleware)) {
+                    $request = $request->{$middleware['method']}();
+                }
+                if (array_key_exists('params', $middleware)) {
+                    $options = $middleware['params'];
+                    $routes->registerMiddleware($alias, new $class($request, $options));
+                } else {
+                    $routes->registerMiddleware($alias, new $class($request));
+                }
+            } else {
+                $routes->registerMiddleware($alias, new $class());
+            }
+        }
+
+        parent::routes($routes);
+    }    
+    
 }
diff --git a/src/Rbac/ApiRbac.php b/src/Rbac/ApiRbac.php
@@ -20,6 +20,7 @@
 use Cake\Utility\Inflector;
 use CakeDC\Api\Rbac\Permissions\AbstractProvider;
 use CakeDC\Auth\Rbac\PermissionMatchResult;
+use CakeDC\Auth\Rbac\RbacInterface;
 use CakeDC\Auth\Rbac\Rules\Rule;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Log\LogLevel;
@@ -29,7 +30,7 @@
  *
  * @package Rbac
  */
-class ApiRbac
+class ApiRbac implements RbacInterface
 {
     use InstanceConfigTrait;
     use LogTrait;
diff --git a/src/Service/Service.php b/src/Service/Service.php
@@ -966,7 +966,7 @@ protected function _initializeParser(array $config): void
         }
 
         $class = App::className($this->_parserClass, 'Service/RequestParser', 'Parser');
-        if (!class_exists($class)) {
+        if ($class === null || !class_exists($class)) {
             throw new MissingParserException(['class' => $this->_parserClass]);
         }
         $this->_parser = new $class($this);

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`<?php`
`2`	`2`	`/**`
`3`		`- * Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)`
	`3`	`+ * Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)`
`4`	`4`	`*`
`5`	`5`	`* Licensed under The MIT License`
`6`	`6`	`* Redistributions of files must retain the above copyright notice.`
`7`	`7`	`*`
`8`		`- * @copyright Copyright 2016 - 2017, Cake Development Corporation (http://cakedc.com)`
	`8`	`+ * @copyright Copyright 2016 - 2019, Cake Development Corporation (http://cakedc.com)`
`9`	`9`	`* @license MIT License (http://www.opensource.org/licenses/mit-license.php)`
`10`	`10`	`*/`
`11`	`11`
Original file line number	Diff line number	Diff line change
`@@ -123,4 +123,9 @@ protected function _process(array $options = []): ?Response`
`123`	`123`
`124`	`124`	`return $this->getResponse();`
`125`	`125`	`}`
	`126`	`+`
	`127`	`+ public function notFound()`
	`128`	`+ {`
	`129`	`+ return $this->getResponse()->withStatus(404);`
	`130`	`+ }`
`126`	`131`	`}`
Original file line number	Diff line number	Diff line change
`@@ -966,7 +966,7 @@ protected function _initializeParser(array $config): void`
`966`	`966`	`}`
`967`	`967`
`968`	`968`	`$class = App::className($this->_parserClass, 'Service/RequestParser', 'Parser');`
`969`		`- if (!class_exists($class)) {`
	`969`	`+ if ($class === null \|\| !class_exists($class)) {`
`970`	`970`	`throw new MissingParserException(['class' => $this->_parserClass]);`
`971`	`971`	`}`
`972`	`972`	`$this->_parser = new $class($this);`