openinfra
/
openstackid-resources
Code Issues Proposed changes

OpenstackId resource server 

* migration of resource server from openstackid to its
  own project
* migration of marketplace api
* added api tests
* added CORS middleware
* added SecurityHTTPHeadersWriterMiddleware

Change-Id: Ib3d02feeb1e756de73d380238a043a7ac1ec7ecc
This commit is contained in:
Sebastian Marcet 2015-04-29 18:58:16 -03:00
parent 254d010cb3
commit 4d7159e93f
156 changed files with 8623 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
.env.example Normal file
View File

@ -0,0 +1,46 @@
APP_ENV=local
APP_DEBUG=true
APP_KEY=SomeRandomString
APP_URL=http://localhost
APP_OAUTH_2_0_CLIENT_ID=clientid
APP_OAUTH_2_0_CLIENT_SECRET=clientsecret
APP_OAUTH_2_0_AUTH_SERVER_BASE_URL=http://localhost
DB_HOST=localhost
DB_DATABASE=homestead
DB_USERNAME=homestead
DB_PASSWORD=secret
SS_DB_HOST=localhost
SS_DB_DATABASE=homestead
SS_DB_USERNAME=homestead
SS_DB_PASSWORD=secret
REDIS_HOST=127.0.0.1
REDIS_PORT=port
REDIS_DB=0
REDIS_PASSWORD=
CACHE_DRIVER=file
SESSION_DRIVER=redis
SESSION_COOKIE_DOMAIN=
SESSION_COOKIE_SECURE=false
QUEUE_DRIVER=sync
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
CORS_ALLOWED_HEADERS=origin, content-type, accept, authorization, x-requested-with
CORS_ALLOWED_METHODS=GET, POST, OPTIONS, PUT, DELETE
CORS_USE_PRE_FLIGHT_CACHING=true
CORS_MAX_AGE=3200
CORS_EXPOSED_HEADERS=
CURL_TIMEOUT=60
CURL_ALLOWS_REDIRECT=false
CURL_VERIFY_SSL_CERT=true

50
.env.testing Normal file
View File

@ -0,0 +1,50 @@
APP_ENV=testing
APP_DEBUG=true
APP_KEY=KKzP6APRNHmADURQ8OanDTU5kDpGwo6l
APP_URL=https://local.resource-server.openstack.org
APP_OAUTH_2_0_CLIENT_ID=tM9iYEq2iCP6P5WQL.~Zo2XXLbugpNhu.openstack.client
APP_OAUTH_2_0_CLIENT_SECRET=f70Ydbhq9NernTem4Yow8SEB
APP_OAUTH_2_0_AUTH_SERVER_BASE_URL=https://local.openstackid.openstack.org
DB_HOST=localhost
DB_DATABASE=resource_server_test
DB_USERNAME=root
DB_PASSWORD=Koguryo@1981
SS_DB_HOST=localhost
SS_DATABASE=os_local
SS_DB_USERNAME=root
SS_DB_PASSWORD=Koguryo@1981
REDIS_HOST=127.0.0.1
REDIS_PORT=6379
REDIS_DB=0
REDIS_PASSWORD=
CACHE_DRIVER=redis
SESSION_DRIVER=redis
SESSION_COOKIE_DOMAIN=
SESSION_COOKIE_SECURE=false
QUEUE_DRIVER=sync
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
LOG_EMAIL_TO=
LOG_EMAIL_FROM=
CORS_ALLOWED_HEADERS=origin, content-type, accept, authorization, x-requested-with
CORS_ALLOWED_METHODS=GET, POST, OPTIONS, PUT, DELETE
CORS_USE_PRE_FLIGHT_CACHING=false
CORS_MAX_AGE=3200
CORS_EXPOSED_HEADERS=
CURL_TIMEOUT=3600
CURL_ALLOWS_REDIRECT=false
CURL_VERIFY_SSL_CERT=false

3
.gitattributes vendored Normal file
View File

@ -0,0 +1,3 @@
* text=auto
*.css linguist-vendored
*.less linguist-vendored

28
.gitignore vendored Normal file
View File

@ -0,0 +1,28 @@
/vendor
/node_modules
.env
composer.phar
composer.lock
.DS_Storeapp/storage
/app/storage/*
.idea/*
app/config/dev/*
app/config/testing/*
app/config/local/*
app/config/production/*
app/config/staging/*
app/config/packages/greggilbert/recaptcha/dev/*
app/config/packages/greggilbert/recaptcha/local/*
app/config/packages/greggilbert/recaptcha/production/*
app/config/packages/greggilbert/recaptcha/staging/*
/bootstrap/compiled.php
/bootstrap/environment.php
.tox
AUTHORS
ChangeLog
doc/build
*.egg
*.egg-info
.env.testing

7
app/Commands/Command.php Normal file
View File

@ -0,0 +1,7 @@
<?php namespace App\Commands;
abstract class Command {
//
}

32
app/Console/Commands/Inspire.php Normal file
View File

@ -0,0 +1,32 @@
<?php namespace App\Console\Commands;
use Illuminate\Console\Command;
use Illuminate\Foundation\Inspiring;
class Inspire extends Command {
/**
* The console command name.
*
* @var string
*/
protected $name = 'inspire';
/**
* The console command description.
*
* @var string
*/
protected $description = 'Display an inspiring quote';
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
$this->comment(PHP_EOL.Inspiring::quote().PHP_EOL);
}
}

29
app/Console/Kernel.php Normal file
View File

@ -0,0 +1,29 @@
<?php namespace App\Console;
use Illuminate\Console\Scheduling\Schedule;
use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
class Kernel extends ConsoleKernel {
/**
* The Artisan commands provided by your application.
*
* @var array
*/
protected $commands = [
'App\Console\Commands\Inspire',
];
/**
* Define the application's command schedule.
*
* @param \Illuminate\Console\Scheduling\Schedule $schedule
* @return void
*/
protected function schedule(Schedule $schedule)
{
$schedule->command('inspire')
->hourly();
}
}

7
app/Events/Event.php Normal file
View File

@ -0,0 +1,7 @@
<?php namespace App\Events;
abstract class Event {
//
}

42
app/Exceptions/Handler.php Normal file
View File

@ -0,0 +1,42 @@
<?php namespace App\Exceptions;
use Exception;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
class Handler extends ExceptionHandler {
/**
* A list of the exception types that should not be reported.
*
* @var array
*/
protected $dontReport = [
'Symfony\Component\HttpKernel\Exception\HttpException'
];
/**
* Report or log an exception.
*
* This is a great spot to send exceptions to Sentry, Bugsnag, etc.
*
* @param \Exception $e
* @return void
*/
public function report(Exception $e)
{
return parent::report($e);
}
/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
return parent::render($request, $e);
}
}

0
app/Handlers/Commands/.gitkeep Normal file
View File

0
app/Handlers/Events/.gitkeep Normal file
View File

11
app/Http/Controllers/Controller.php Normal file
View File

@ -0,0 +1,11 @@
<?php namespace App\Http\Controllers;
use Illuminate\Foundation\Bus\DispatchesCommands;
use Illuminate\Routing\Controller as BaseController;
use Illuminate\Foundation\Validation\ValidatesRequests;
abstract class Controller extends BaseController {
use DispatchesCommands, ValidatesRequests;
}

99
app/Http/Controllers/JsonController.php Normal file
View File

@ -0,0 +1,99 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Response;
use Illuminate\Support\Facades\Input;
/**
* Class JsonController
* @package App\Http\Controllers
*/
abstract class JsonController extends Controller
{
protected $log_service;
public function __construct()
{
}
protected function error500(Exception $ex)
{
Log::error($ex);
return Response::json(array('message' => 'server error'), 500);
}
protected function created($data = 'ok')
{
$res = Response::json($data, 201);
//jsonp
if (Input::has('callback'))
{
$res->setCallback(Input::get('callback'));
}
return $res;
}
protected function deleted($data = 'ok')
{
$res = Response::json($data, 204);
//jsonp
if (Input::has('callback'))
{
$res->setCallback(Input::get('callback'));
}
return $res;
}
protected function ok($data = 'ok')
{
$res = Response::json($data, 200);
//jsonp
if (Input::has('callback'))
{
$res->setCallback(Input::get('callback'));
}
return $res;
}
protected function error400($data)
{
return Response::json($data, 400);
}
protected function error404($data = array('message' => 'Entity Not Found'))
{
return Response::json($data, 404);
}
/**
* {
"message": "Validation Failed",
"errors": [
{
"resource": "Issue",
"field": "title",
"code": "missing_field"
}
]
}
* @param $messages
* @return mixed
*/
protected function error412($messages)
{
return Response::json(array('message' => 'Validation Failed', 'errors' => $messages), 412);
}
}

40
app/Http/Controllers/OAuth2ProtectedController.php Normal file
View File

@ -0,0 +1,40 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\oauth2\IResourceServerContext;
/**
* Class OAuth2ProtectedController
* OAuth2 Protected Base API
*/
abstract class OAuth2ProtectedController extends JsonController
{
/**
* @var IResourceServerContext
*/
protected $resource_server_context;
protected $repository;
/**
* @param IResourceServerContext $resource_server_context
*/
public function __construct(IResourceServerContext $resource_server_context)
{
parent::__construct();
$this->resource_server_context = $resource_server_context;
}
}

86
app/Http/Controllers/apis/protected/marketplace/OAuth2CloudApiController.php Normal file
View File

@ -0,0 +1,86 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\Log;
/**
* Class OAuth2CloudApiController
*/
abstract class OAuth2CloudApiController extends OAuth2CompanyServiceApiController
{
/**
* query string params:
* page: You can specify further pages
* per_page: custom page size up to 100 ( min 10)
* status: cloud status ( active , not active, all)
* order_by: order by field
* order_dir: order direction
* @return mixed
*/
public function getClouds()
{
return $this->getCompanyServices();
}
/**
* @param $id
* @return mixed
*/
public function getCloud($id)
{
return $this->getCompanyService($id);
}
/**
* @param $id
* @return mixed
*/
public function getCloudDataCenters($id)
{
try {
$cloud = $this->repository->getById($id);
if (!$cloud)
{
return $this->error404();
}
$data_center_regions = $cloud->datacenters_regions();
$res = array();
foreach ($data_center_regions as $region)
{
$data = $region->toArray();
$locations = $region->locations();
$data_locations = array();
foreach ($locations as $loc)
{
array_push($data_locations, $loc->toArray());
}
$data['locations'] = $data_locations;
array_push($res, $data);
}
return $this->ok(array('datacenters' => $res ));
}
catch (Exception $ex)
{
Log::error($ex);
return $this->error500($ex);
}
}
}

143
app/Http/Controllers/apis/protected/marketplace/OAuth2CompanyServiceApiController.php Normal file
View File

@ -0,0 +1,143 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\oauth2\IResourceServerContext;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Facades\Log;
use models\marketplace\ICompanyServiceRepository;
use Illuminate\Support\Facades\Input;
/**
* Class OAuth2CompanyServiceApiController
*/
abstract class OAuth2CompanyServiceApiController extends OAuth2ProtectedController
{
/**
* @var ICompanyServiceRepository
*/
protected $repository;
public function __construct(IResourceServerContext $resource_server_context)
{
parent::__construct($resource_server_context);
Validator::extend('status', function ($attribute, $value, $parameters) {
return $value == ICompanyServiceRepository::Status_All ||
$value == ICompanyServiceRepository::Status_non_active ||
$value == ICompanyServiceRepository::Status_active;
});
Validator::extend('order', function ($attribute, $value, $parameters) {
return $value == ICompanyServiceRepository::Order_date ||
$value == ICompanyServiceRepository::Order_name ;
});
Validator::extend('order_dir', function ($attribute, $value, $parameters) {
return $value == 'desc' ||
$value == 'asc';
});
}
/**
* query string params:
* page: You can specify further pages
* per_page: custom page size up to 100 ( min 10)
* status: cloud status ( active , not active, all)
* order_by: order by field
* order_dir: order direction
* @return mixed
*/
public function getCompanyServices()
{
try
{
//default params
$page = 1;
$per_page = 10;
$status = ICompanyServiceRepository::Status_All;
$order_by = ICompanyServiceRepository::Order_date;
$order_dir = 'asc';
//validation of optional parameters
$values = Input::all();
$messages = array(
'status' => 'The :attribute field is does not has a valid value (all, active, non_active).',
'order' => 'The :attribute field is does not has a valid value (date, name).',
'order_dir' => 'The :attribute field is does not has a valid value (desc, asc).',
);
$rules = array(
'page' => 'integer|min:1',
'per_page' => 'required_with:page|integer|min:10|max:100',
'status' => 'status',
'order_by' => 'order',
'order_dir' => 'required_with:order_by|order_dir',
);
// Creates a Validator instance and validates the data.
$validation = Validator::make($values, $rules, $messages);
if ($validation->fails())
{
$messages = $validation->messages()->toArray();
return $this->error412($messages);
}
if (Input::has('page'))
{
$page = intval(Input::get('page'));
$per_page = intval(Input::get('per_page'));
}
if (Input::has('status'))
{
$status = Input::get('status');
}
if (Input::has('order_by'))
{
$order_by = Input::get('order_by');
$order_dir = Input::get('order_dir');
}
$data = $this->repository->getAll($page, $per_page, $status, $order_by, $order_dir);
return $this->ok($data);
}
catch (Exception $ex)
{
Log::error($ex);
return $this->error500($ex);
}
}
/**
* @param $id
* @return mixed
*/
public function getCompanyService($id)
{
try
{
$data = $this->repository->getById($id);
return ($data)? $this->ok($data) : $this->error404();
}
catch (Exception $ex)
{
Log::error($ex);
return $this->error500($ex);
}
}
}

89
app/Http/Controllers/apis/protected/marketplace/OAuth2ConsultantsApiController.php Normal file
View File

@ -0,0 +1,89 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\IConsultantRepository;
use models\oauth2\IResourceServerContext;
use Illuminate\Support\Facades\Log;
/**
* Class OAuth2ConsultantsApiController
* @package App\Http\Controllers
*/
class OAuth2ConsultantsApiController extends OAuth2CompanyServiceApiController
{
/**
* @param IConsultantRepository $repository
* @param IResourceServerContext $resource_server_context
*/
public function __construct(IConsultantRepository $repository, IResourceServerContext $resource_server_context)
{
parent::__construct($resource_server_context);
$this->repository = $repository;
}
/**
* query string params:
* page: You can specify further pages
* per_page: custom page size up to 100 ( min 10)
* status: cloud status ( active , not active, all)
* order_by: order by field
* order_dir: order direction
* @return mixed
*/
public function getConsultants()
{
return $this->getCompanyServices();
}
/**
* @param $id
* @return mixed
*/
public function getConsultant($id)
{
return $this->getCompanyService($id);
}
/**
* @param $id
* @return mixed
*/
public function getOffices($id)
{
try
{
$consultant = $this->repository->getById($id);
if (!$consultant)
{
return $this->error404();
}
$offices = $consultant->offices();
$res = array();
foreach ($offices as $office)
{
array_push($res, $office->toArray());
}
return $this->ok(array('offices' => $res));
}
catch (Exception $ex)
{
Log::error($ex);
return $this->error500($ex);
}
}
}

36
app/Http/Controllers/apis/protected/marketplace/OAuth2PrivateCloudApiController.php Normal file
View File

@ -0,0 +1,36 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\IPrivateCloudServiceRepository;
use models\oauth2\IResourceServerContext;
/**
* Class OAuth2PrivateCloudApiController
* @package App\Http\Controllers
*/
final class OAuth2PrivateCloudApiController extends OAuth2CloudApiController
{
/**
* @param IPrivateCloudServiceRepository $repository
* @param IResourceServerContext $resource_server_context
*/
public function __construct(
IPrivateCloudServiceRepository $repository,
IResourceServerContext $resource_server_context
) {
parent::__construct($resource_server_context);
$this->repository = $repository;
}
}

30
app/Http/Controllers/apis/protected/marketplace/OAuth2PublicCloudApiController.php Normal file
View File

@ -0,0 +1,30 @@
<?php namespace App\Http\Controllers;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\IPublicCloudServiceRepository;
use models\oauth2\IResourceServerContext;
/**
* Class OAuth2PublicCloudApiController
*/
final class OAuth2PublicCloudApiController extends OAuth2CloudApiController
{
public function __construct(IPublicCloudServiceRepository $repository, IResourceServerContext $resource_server_context)
{
parent::__construct($resource_server_context);
$this->repository = $repository;
}
}

37
app/Http/Kernel.php Normal file
View File

@ -0,0 +1,37 @@
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel {
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
'App\Http\Middleware\VerifyCsrfToken',
'App\Http\Middleware\CORSMiddleware',
'App\Http\Middleware\SecurityHTTPHeadersWriterMiddleware',
];
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'oauth2.protected' => 'App\Http\Middleware\OAuth2BearerAccessTokenRequestValidator',
'rate.limit' => 'App\Http\Middleware\RateLimitMiddleware',
'etags' => 'App\Http\Middleware\ETagsMiddleware',
];
}

50
app/Http/Middleware/Authenticate.php Normal file
View File

@ -0,0 +1,50 @@
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class Authenticate {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->guest())
{
if ($request->ajax())
{
return response('Unauthorized.', 401);
}
else
{
return redirect()->guest('auth/login');
}
}
return $next($request);
}
}

505
app/Http/Middleware/CORSMiddleware.php Normal file
View File

@ -0,0 +1,505 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Closure;
use libs\utils\ICacheService;
use models\resource_server\IApiEndpoint;
use models\resource_server\IApiEndpointRepository;
use Illuminate\Contracts\Routing\Middleware;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Illuminate\Support\Facades\Cache;
use Carbon\Carbon;
use Illuminate\Support\Facades\Config;
use libs\utils\RequestUtils;
/**
*
* @package App\Http\Middleware\
* Implementation of http://www.w3.org/TR/cors/
*/
class CORSMiddleware implements Middleware
{
const CORS_IP_BLACKLIST_PREFIX = 'CORS_IP_BLACKLIST_PREFIX:';
private $headers = array();
/**
* A header is said to be a simple header if the header field name is an ASCII case-insensitive match for Accept,
* Accept-Language, or Content-Language or if it is an ASCII case-insensitive match for Content-Type and the header
* field value media type (excluding parameters) is an ASCII case-insensitive match for
* application/x-www-form-urlencoded, multipart/form-data, or text/plain.
*/
protected static $simple_headers = array(
'accept',
'accept-language',
'content-language',
'origin',
);
protected static $simple_content_header_values = array(
'application/x-www-form-urlencode',
'multipart/form-data',
'text/plain');
/**
* A method is said to be a simple method if it is a case-sensitive match for one of the following:
* - GET
* - HEAD
* - POST
*/
protected static $simple_http_methods = array('GET', 'HEAD', 'POST');
const DefaultAllowedHeaders = 'origin, content-type, accept, authorization, x-requested-with';
const DefaultAllowedMethods = 'GET, POST, OPTIONS, PUT, DELETE';
/**
* @var
*/
private $redis;
/**
* @var IApiEndpointRepository
*/
private $endpoint_repository;
/**
* @var IApiEndpoint;
*/
private $current_endpoint = null;
private $allowed_headers;
private $allowed_methods;
/**
* @var ICacheService
*/
private $cache_service;
public function __construct(IApiEndpointRepository $endpoint_repository, ICacheService $cache_service)
{
$this->endpoint_repository = $endpoint_repository;
$this->cache_service = $cache_service;
$this->allowed_headers = Config::get('cors.allowed_headers', self::DefaultAllowedHeaders);
$this->allowed_methods = Config::get('cors.allowed_methods', self::DefaultAllowedMethods);
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($response = $this->preProcess($request))
{
return $response;
}
//normal processing
$response = $next($request);
$this->postProcess($request, $response);
return $response;
}
private function generatePreflightCacheKey($request)
{
$cache_id = 'pre-flight-'. $request->getClientIp(). '-' . $request->getRequestUri(). '-' . $request->getMethod();
return $cache_id;
}
/**
* @param Request $request
* @return Response
*/
public function preProcess(Request $request)
{
$actual_request = false;
if ($this->isValidCORSRequest($request))
{
if (!$this->testOriginHeaderScrutiny($request))
{
$response = new Response();
$response->setStatusCode(403);
return $response;
}
/* Step 01 : Determine the type of the incoming request */
$type = $this->getRequestType($request);
/* Step 02 : Process request according to is type */
switch($type)
{
case CORSRequestPreflightType::REQUEST_FOR_PREFLIGHT:
{
// HTTP request send by client to preflight a further 'Complex' request
// sets the original method on request in order to be able to find the
// correct route
$real_method = $request->headers->get('Access-Control-Request-Method');
$request->setMethod($real_method);
$route_path = RequestUtils::getCurrentRoutePath($request);
if (!$route_path || !$this->checkEndPoint($route_path, $real_method))
{
$response = new Response();
$response->setStatusCode(403);
return $response;
}
// ----Step 2b: Store pre-flight request data in the Cache to keep (mark) the request as correctly followed the request pre-flight process
$data = new CORSRequestPreflightData($request, $this->current_endpoint->supportCredentials());
$cache_id = $this->generatePreflightCacheKey($request);
$this->cache_service->storeHash($cache_id, $data->toArray(), CORSRequestPreflightData::$cache_lifetime);
// ----Step 2c: Return corresponding response - This part should be customized with application specific constraints.....
return $this->makePreflightResponse($request);
}
break;
case CORSRequestPreflightType::COMPLEX_REQUEST:
{
$cache_id = $this->generatePreflightCacheKey($request);
; // ----Step 2a: Check if the current request has an entry into the preflighted requests Cache
$data = $this->cache_service->getHash($cache_id, CORSRequestPreflightData::$cache_attributes);
if (!count($data))
{
$response = new Response();
$response->setStatusCode(403);
return $response;
}
// ----Step 2b: Check that pre-flight information declared during the pre-flight request match the current request on key information
$match = false;
// ------Start with comparison of "Origin" HTTP header (according to utility method impl. used to retrieve header reference cannot be null)...
if ($request->headers->get('Origin') === $data['origin'])
{
// ------Continue with HTTP method...
if ($request->getMethod() === $data['expected_method'])
{
// ------Finish with custom HTTP headers (use an method to avoid manual iteration on collection to increase the speed)...
$x_headers = self::getCustomHeaders($request);
$x_headers_pre = explode(',', $data['expected_custom_headers']);
sort($x_headers);
sort($x_headers_pre);
if (count(array_diff($x_headers, $x_headers_pre)) === 0)
{
$match = true;
}
}
}
if (!$match)
{
$response = new Response();
$response->setStatusCode(403);
return $response;
}
$actual_request = true;
}
break;
case CORSRequestPreflightType::SIMPLE_REQUEST:
{
// origins, do not set any additional headers and terminate this set of steps.
if (!$this->isAllowedOrigin($request)) {
$response = new Response();
$response->setStatusCode(403);
return $response;
}
$actual_request = true;
// If the resource supports credentials add a single Access-Control-Allow-Origin header, with the value
// of the Origin header as value, and add a single Access-Control-Allow-Credentials header with the
// case-sensitive string "true" as value.
// Otherwise, add a single Access-Control-Allow-Origin header, with either the value of the Origin header
// or the string "*" as value.
}
break;
}
}
if ($actual_request)
{
// Save response headers
$cache_id = $this->generatePreflightCacheKey($request);
// ----Step 2a: Check if the current request has an entry into the preflighted requests Cache
$data = $this->cache_service->getHash($cache_id, CORSRequestPreflightData::$cache_attributes);
$this->headers['Access-Control-Allow-Origin'] = $request->headers->get('Origin');
if ((bool)$data['allows_credentials'])
{
$this->headers['Access-Control-Allow-Credentials'] = 'true';
}
/**
* During a CORS request, the getResponseHeader() method can only access simple response headers.
* Simple response headers are defined as follows:
** Cache-Control
** Content-Language
** Content-Type
** Expires
** Last-Modified
** Pragma
* If you want clients to be able to access other headers,
* you have to use the Access-Control-Expose-Headers header.
* The value of this header is a comma-delimited list of response headers you want to expose
* to the client.
*/
$exposed_headers = Config::get('cors.exposed_headers', 'Content-Type, Expires');
if (!empty($exposed_headers))
{
$this->headers['Access-Control-Expose-Headers'] = $exposed_headers ;
}
}
}
public function postProcess(Request $request, Response $response)
{
// add CORS response headers
if (count($this->headers) > 0)
{
$response->headers->add($this->headers);
}
return $response;
}
/**
* @param Request $request
* @return Response
*/
private function makePreflightResponse(Request $request)
{
$response = new Response();
if (!$this->isAllowedOrigin($request))
{
$response->headers->set('Access-Control-Allow-Origin', 'null');
$response->setStatusCode(403);
return $response;
}
$response->headers->set('Access-Control-Allow-Origin', $request->headers->get('Origin'));
// The Access-Control-Request-Method header indicates which method will be used in the actual
// request as part of the preflight request
// check request method
if ($request->headers->get('Access-Control-Request-Method') != $this->current_endpoint->getHttpMethod())
{
$response->setStatusCode(405);
return $response;
}
// The Access-Control-Allow-Credentials header indicates whether the response to request
// can be exposed when the omit credentials flag is unset. When part of the response to a preflight request
// it indicates that the actual request can include user credentials.
if ( $this->current_endpoint->supportCredentials())
{
$response->headers->set('Access-Control-Allow-Credentials', 'true');
}
if (Config::get('cors.use_pre_flight_caching', false))
{
// The Access-Control-Max-Age header indicates how long the response can be cached, so that for
// subsequent requests, within the specified time, no preflight request has to be made.
$response->headers->set('Access-Control-Max-Age', Config::get('cors.max_age', 32000));
}
// The Access-Control-Allow-Headers header indicates, as part of the response to a preflight request,
// which header field names can be used during the actual request
$response->headers->set('Access-Control-Allow-Headers', $this->allowed_headers);
//The Access-Control-Allow-Methods header indicates, as part of the response to a preflight request,
// which methods can be used during the actual request.
$response->headers->set('Access-Control-Allow-Methods', $this->allowed_methods);
// The Access-Control-Request-Headers header indicates which headers will be used in the actual request
// as part of the preflight request.
$headers = $request->headers->get('Access-Control-Request-Headers');
if ($headers)
{
$headers = trim(strtolower($headers));
$allow_headers = explode(', ', $this->allowed_headers);
foreach (preg_split('{, *}', $headers) as $header)
{
//if they are simple headers then skip them
if (in_array($header, self::$simple_headers, true))
{
continue;
}
//check is the requested header is on the list of allowed headers
if (!in_array($header, $allow_headers, true))
{
$response->setStatusCode(400);
$response->setContent('Unauthorized header '.$header);
break;
}
}
}
//OK - No Content
$response->setStatusCode(204);
return $response;
}
/**
* @param Request $request
* @returns bool
*/
private function isValidCORSRequest(Request $request)
{
/**
* The presence of the Origin header does not necessarily mean that the request is a cross-origin request.
* While all cross-origin requests will contain an Origin header,
* Origin header on same-origin requests. But Chrome and Safari include an Origin header on
* same-origin POST/PUT/DELETE requests (same-origin GET requests will not have an Origin header).
*/
return $request->headers->has('Origin');
}
/**
* https://www.owasp.org/index.php/CORS_OriginHeaderScrutiny
* Filter that will ensure the following points for each incoming HTTP CORS requests:
* - Have only one and non empty instance of the origin header,
* - Have only one and non empty instance of the host header,
* - The value of the origin header is present in a internal allowed domains list (white list). As we act before the
* step 2 of the CORS HTTP requests/responses exchange process, allowed domains list is yet provided to client,
* - Cache IP of the sender for 1 hour. If the sender send one time a origin domain that is not in the white list
* then all is requests will return an HTTP 403 response (protract allowed domain guessing).
* We use the method above because it's not possible to identify up to 100% that the request come from one expected
* client application, since:
* - All information of a HTTP request can be faked,
* - It's the browser (or others tools) that send the HTTP request then the IP address that we have access to is the
* client IP address.
* @param Request $request
* @return bool
*/
private function testOriginHeaderScrutiny(Request $request)
{
/* Step 0 : Check presence of client IP in black list */
$client_ip = $request->getClientIp();
if (Cache::has(self::CORS_IP_BLACKLIST_PREFIX . $client_ip))
{
return false;
}
/* Step 1 : Check that we have only one and non empty instance of the "Origin" header */
$origin = $request->headers->get('Origin', null, false);
if (is_array($origin) && count($origin) > 1)
{
// If we reach this point it means that we have multiple instance of the "Origin" header
// Add client IP address to black listed client
$expiresAt = Carbon::now()->addMinutes(60);
Cache::put(self::CORS_IP_BLACKLIST_PREFIX . $client_ip, self::CORS_IP_BLACKLIST_PREFIX . $client_ip, $expiresAt);
return false;
}
/* Step 2 : Check that we have only one and non empty instance of the "Host" header */
$host = $request->headers->get('Host', null, false);
//Have only one and non empty instance of the host header,
if (is_array($host) && count($host) > 1)
{
// If we reach this point it means that we have multiple instance of the "Host" header
$expiresAt = Carbon::now()->addMinutes(60);
Cache::put(self::CORS_IP_BLACKLIST_PREFIX . $client_ip, self::CORS_IP_BLACKLIST_PREFIX . $client_ip, $expiresAt);
return false;
}
/* Step 3 : Perform analysis - Origin header is required */
$origin = $request->headers->get('Origin');
$host = $request->headers->get('Host');
$server_name = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : null;
$origin_host = @parse_url($origin, PHP_URL_HOST);
// check origin not empty and allowed
if (!$this->isAllowedOrigin($origin))
{
$expiresAt = Carbon::now()->addMinutes(60);
Cache::put(self::CORS_IP_BLACKLIST_PREFIX . $client_ip, self::CORS_IP_BLACKLIST_PREFIX . $client_ip, $expiresAt);
return false;
}
if (is_null($host) || $server_name != $host || is_null($origin_host) || $origin_host == $server_name)
{
$expiresAt = Carbon::now()->addMinutes(60);
Cache::put(self::CORS_IP_BLACKLIST_PREFIX . $client_ip, self::CORS_IP_BLACKLIST_PREFIX . $client_ip, $expiresAt);
return false;
}
/* Step 4 : Finalize request next step */
return true;
}
private function checkEndPoint($endpoint_path, $http_method)
{
$this->current_endpoint = $this->endpoint_repository->getApiEndpointByUrlAndMethod($endpoint_path, $http_method);
if (is_null($this->current_endpoint))
{
return false;
}
if (!$this->current_endpoint->supportCORS() || !$this->current_endpoint->isActive())
{
return false;
}
return true;
}
/**
* @param string $origin
* @return bool
*/
private function isAllowedOrigin($origin)
{
return true;
}
private static function getRequestType(Request $request)
{
$type = CORSRequestPreflightType::UNKNOWN;
$http_method = $request->getMethod();
$content_type = strtolower($request->getContentType());
$http_method = strtoupper($http_method);
if ($http_method === 'OPTIONS' && $request->headers->has('Access-Control-Request-Method'))
{
$type = CORSRequestPreflightType::REQUEST_FOR_PREFLIGHT;
}
else
{
if (self::hasCustomHeaders($request))
{
$type = CORSRequestPreflightType::COMPLEX_REQUEST;
}
elseif ($http_method === 'POST' && !in_array($content_type, self::$simple_content_header_values, true))
{
$type = CORSRequestPreflightType::COMPLEX_REQUEST;
}
elseif (!in_array($http_method, self::$simple_http_methods, true))
{
$type = CORSRequestPreflightType::COMPLEX_REQUEST;
}
else
{
$type = CORSRequestPreflightType::SIMPLE_REQUEST;
}
}
return $type;
}
private static function getCustomHeaders(Request $request)
{
$custom_headers = array();
foreach ($request->headers->all() as $k => $h)
{
if (starts_with('X-', strtoupper(trim($k))))
{
array_push($custom_headers, strtoupper(trim($k)));
}
}
return $custom_headers;
}
private static function hasCustomHeaders(Request $request)
{
return count(self::getCustomHeaders($request)) > 0;
}
}

82
app/Http/Middleware/CORSRequestPreflightData.php Normal file
View File

@ -0,0 +1,82 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Symfony\Component\HttpFoundation\Request;
/**
* Class CORSRequestPreflightData
* @package App\Http\Middleware
*/
class CORSRequestPreflightData
{
// ttl on seconds
public static $cache_lifetime = 10;
public static $cache_attributes = array('sender', 'uri', 'origin', 'expected_method', 'expected_custom_headers', 'allows_credentials');
/** Final HTTP request expected method */
private $expected_method = null;
/** Final HTTP request expected custom headers */
private $expected_custom_headers = array();
/** Current HTTP request uri */
private $uri = null;
/** Current HTTP request origin header */
private $origin = null;
/** Current Sender IP address */
private $sender = null;
/**
* @var bool
*/
private $allows_credentials;
/**
* @param Request $request
* @param bool $allows_credentials
*/
public function __construct(Request $request, $allows_credentials)
{
$this->sender = $request->getClientIp();
$this->uri = $request->getRequestUri();
$this->origin = $request->headers->get('Origin');
$this->expected_method = $request->headers->get('Access-Control-Request-Method');
$this->allows_credentials = $allows_credentials;
$tmp = $request->headers->get("Access-Control-Request-Headers");
if (!empty($tmp))
{
$hs = explode(',', $tmp);
foreach ($hs as $h)
{
array_push($this->expected_custom_headers, strtoupper(trim($h)));
}
}
}
/**
* @return array
*/
public function toArray()
{
$res = array();
$res['sender'] = $this->sender;
$res['uri'] = $this->uri;
$res['origin'] = $this->origin;
$res['allows_credentials'] = $this->allows_credentials;
$res['expected_method'] = $this->expected_method;
$res['expected_custom_headers'] = implode(',', $this->expected_custom_headers);
return $res;
}
}

36
app/Http/Middleware/CORSRequestPreflightType.php Normal file
View File

@ -0,0 +1,36 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class CORSRequestPreflightType
* @package App\Http\Middleware
*/
final class CORSRequestPreflightType
{
/** HTTP request send by client to preflight a further 'Complex' request */
const REQUEST_FOR_PREFLIGHT = 0;
/** Normal HTTP request send by client that require preflight ie 'Complex' resquest in Preflight process */
const COMPLEX_REQUEST = 1;
/** Normal HTTP request send by client that do not require preflight ie 'Simple' resquest in Preflight process */
const SIMPLE_REQUEST = 2;
/** Cannot determine request type */
const UNKNOWN = -1;
}

44
app/Http/Middleware/ETagsMiddleware.php Normal file
View File

@ -0,0 +1,44 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Closure;
use Illuminate\Contracts\Routing\Middleware;
class ETagsMiddleware implements Middleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
if ($response->getStatusCode() === 200)
{
$etag = md5($response->getContent());
$requestETag = str_replace('"', '', $request->getETags());
if ($requestETag && $requestETag[0] == $etag)
{
$response->setNotModified();
}
$response->setEtag($etag);
}
return $response;
}
}

286
app/Http/Middleware/OAuth2BearerAccessTokenRequestValidator.php Normal file
View File

@ -0,0 +1,286 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Closure;
use Illuminate\Contracts\Routing\Middleware;
use Illuminate\Support\Facades\Request;
use Illuminate\Support\Facades\Response;
use models\oauth2\IResourceServerContext;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Log;
use libs\oauth2\OAuth2Protocol;
use libs\oauth2\BearerAccessTokenAuthorizationHeaderParser;
use libs\oauth2\OAuth2ResourceServerException;
use libs\oauth2\InvalidGrantTypeException;
use libs\oauth2\OAuth2WWWAuthenticateErrorResponse;
use models\resource_server\IApiEndpointRepository;
use models\resource_server\IAccessTokenService;
use libs\utils\RequestUtils;
use URL\Normalizer;
/**
* Class OAuth2BearerAccessTokenRequestValidator
* http://tools.ietf.org/html/rfc6749#section-7
* @package App\Http\Middleware
*/
class OAuth2BearerAccessTokenRequestValidator implements Middleware {
/**
* @var IResourceServerContext
*/
private $context;
/**
* @var array
*/
private $headers;
/**
* @var IApiEndpointRepository
*/
private $endpoint_repository;
/**
* @var IAccessTokenService
*/
private $token_service;
/**
* @param IResourceServerContext $context
* @param IApiEndpointRepository $endpoint_repository
* @param IAccessTokenService $token_service
*/
public function __construct(
IResourceServerContext $context,
IApiEndpointRepository $endpoint_repository,
IAccessTokenService $token_service
) {
$this->context = $context;
$this->headers = $this->getHeaders();
$this->endpoint_repository = $endpoint_repository;
$this->token_service = $token_service;
}
/**
* @param \Illuminate\Http\Request $request
* @param callable $next
* @return OAuth2WWWAuthenticateErrorResponse
*/
public function handle($request, Closure $next)
{
$url = $request->getRequestUri();
$method = $request->getMethod();
$realm = $request->getHost();
try
{
$route = RequestUtils::getCurrentRoutePath($request);
if (!$route)
{
throw new OAuth2ResourceServerException(
400,
OAuth2Protocol::OAuth2Protocol_Error_InvalidRequest,
sprintf('API endpoint does not exits! (%s:%s)', $url, $method)
);
}
// http://tools.ietf.org/id/draft-abarth-origin-03.html
$origin = $request->headers->has('Origin') ? $request->headers->get('Origin') : null;
if(!empty($origin))
{
$nm = new Normalizer($origin);
$origin = $nm->normalize();
}
//check first http basic auth header
$auth_header = isset($this->headers['authorization']) ? $this->headers['authorization'] : null;
if (!is_null($auth_header) && !empty($auth_header))
{
$access_token_value = BearerAccessTokenAuthorizationHeaderParser::getInstance()->parse($auth_header);
}
else
{
// http://tools.ietf.org/html/rfc6750#section-2- 2
// if access token is not on authorization header check on POST/GET params
$access_token_value = Input::get(OAuth2Protocol::OAuth2Protocol_AccessToken, '');
}
if (is_null($access_token_value) || empty($access_token_value))
{
//if access token value is not set, then error
throw new OAuth2ResourceServerException(
400,
OAuth2Protocol::OAuth2Protocol_Error_InvalidRequest,
'missing access token'
);
}
$endpoint = $this->endpoint_repository->getApiEndpointByUrlAndMethod($route, $method);
//api endpoint must be registered on db and active
if (is_null($endpoint) || !$endpoint->isActive())
{
throw new OAuth2ResourceServerException(
400,
OAuth2Protocol::OAuth2Protocol_Error_InvalidRequest,
sprintf('API endpoint does not exits! (%s:%s)', $route, $method)
);
}
$token_info = $this->token_service->get($access_token_value);
//check lifetime
if (is_null($token_info) || $token_info->getLifetime() <= 0)
{
throw new OAuth2ResourceServerException(
401,
OAuth2Protocol::OAuth2Protocol_Error_UnauthorizedClient,
'invalid origin'
);
}
//check token audience
$audience = explode(' ', $token_info->getAudience());
if ((!in_array($realm, $audience)))
{
throw new OAuth2ResourceServerException(
401,
OAuth2Protocol::OAuth2Protocol_Error_InvalidToken,
'the access token provided is expired, revoked, malformed, or invalid for other reasons.'
);
}
if ($token_info->getApplicationType() === 'JS_CLIENT' && str_contains($token_info->getAllowedOrigins(), $origin) === false)
{
//check origins
throw new OAuth2ResourceServerException(
403,
OAuth2Protocol::OAuth2Protocol_Error_UnauthorizedClient,
'invalid origin'
);
}
//check scopes
$endpoint_scopes = explode(' ', $endpoint->getScope());
$token_scopes = explode(' ', $token_info->getScope());
//check token available scopes vs. endpoint scopes
if (count(array_intersect($endpoint_scopes, $token_scopes)) == 0)
{
Log::error(
sprintf(
'access token scopes (%s) does not allow to access to api url %s , needed scopes %s',
$token_info->getScope(),
$url,
implode(' OR ', $endpoint_scopes)
)
);
throw new OAuth2ResourceServerException(
403,
OAuth2Protocol::OAuth2Protocol_Error_InsufficientScope,
'the request requires higher privileges than provided by the access token',
implode(' ', $endpoint_scopes)
);
}
//set context for api and continue processing
$context = array(
'access_token' => $access_token_value,
'expires_in' => $token_info->getLifetime(),
'client_id' => $token_info->getClientId(),
'scope' => $token_info->getScope()
);
if (!is_null($token_info->getUserId()))
{
$context['user_id'] = $token_info->getUserId();
}
$this->context->setAuthorizationContext($context);
}
catch (OAuth2ResourceServerException $ex1)
{
Log::error($ex1);
$response = new OAuth2WWWAuthenticateErrorResponse(
$realm,
$ex1->getError(),
$ex1->getErrorDescription(),
$ex1->getScope(),
$ex1->getHttpCode()
);
$http_response = Response::json($response->getContent(), $response->getHttpCode());
$http_response->header('WWW-Authenticate', $response->getWWWAuthenticateHeaderValue());
return $http_response;
}
catch (InvalidGrantTypeException $ex2)
{
Log::error($ex2);
$response = new OAuth2WWWAuthenticateErrorResponse(
$realm,
OAuth2Protocol::OAuth2Protocol_Error_InvalidToken,
'the access token provided is expired, revoked, malformed, or invalid for other reasons.',
null,
401
);
$http_response = Response::json($response->getContent(), $response->getHttpCode());
$http_response->header('WWW-Authenticate', $response->getWWWAuthenticateHeaderValue());
return $http_response;
}
catch (\Exception $ex)
{
Log::error($ex);
$response = new OAuth2WWWAuthenticateErrorResponse(
$realm,
OAuth2Protocol::OAuth2Protocol_Error_InvalidRequest,
'invalid request',
null,
400
);
$http_response = Response::json($response->getContent(), $response->getHttpCode());
$http_response->header('WWW-Authenticate', $response->getWWWAuthenticateHeaderValue());
return $http_response;
}
$response = $next($request);
return $response;
}
/**
* @return array
*/
protected function getHeaders()
{
$headers = array();
if (function_exists('getallheaders'))
{
foreach (getallheaders() as $name => $value)
{
$headers[strtolower($name)] = $value;
}
}
else
{
// @codeCoverageIgnoreEnd
foreach ($_SERVER as $name => $value)
{
if (substr($name, 0, 5) == 'HTTP_')
{
$name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
$headers[strtolower($name)] = $value;
}
}
foreach (Request::header() as $name => $value)
{
if (!array_key_exists($name, $headers))
{
$headers[strtolower($name)] = $value[0];
}
}
}
return $headers;
}
}

106
app/Http/Middleware/RateLimitMiddleware.php Normal file
View File

@ -0,0 +1,106 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Closure;
use libs\utils\ICacheService;
use models\resource_server\IApiEndpointRepository;
use Illuminate\Contracts\Routing\Middleware;
use Illuminate\Support\Facades\Response;
use libs\utils\RequestUtils;
/**
* Class RateLimitMiddleware
* @package App\Http\Middleware
*/
final class RateLimitMiddleware implements Middleware
{
/**
* @var IApiEndpointRepository
*/
private $endpoint_repository;
/**
* @var ICacheService
*/
private $cache_service;
/**
* @param IApiEndpointRepository $endpoint_repository
* @param ICacheService $cache_service
*/
public function __construct(IApiEndpointRepository $endpoint_repository, ICacheService $cache_service)
{
$this->endpoint_repository = $endpoint_repository;
$this->cache_service = $cache_service;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
// if response was not changed then short circuit ...
if ($response->getStatusCode() === 304)
{
return $response;
}
$url = $request->getRequestUri();
try
{
$route = RequestUtils::getCurrentRoutePath($request);
$method = $request->getMethod();
$endpoint = $this->endpoint_repository->getApiEndpointByUrlAndMethod($route, $method);
if (!is_null($endpoint->rate_limit) && ($requestsPerHour = (int)$endpoint->rate_limit) > 0)
{
//do rate limit checking
$key = sprintf('rate.limit.%s_%s_%s', $url, $method, $request->getClientIp());
// Add if doesn't exist
// Remember for 1 hour
$this->cache_service->addSingleValue($key, 0, 3600);
// Add to count
$count = $this->cache_service->incCounter($key);
if ( $count > $requestsPerHour )
{
// Short-circuit response - we're ignoring
$response = Response::json(array(
'message' => "You have triggered an abuse detection mechanism and have been temporarily blocked.
Please retry your request again later."), 403);
$ttl = (int) $this->cache_service->ttl($key);
$response->headers->set('X-RateLimit-Reset', $ttl, false);
}
$response->headers->set('X-Ratelimit-Limit', $requestsPerHour, false);
$remaining = $requestsPerHour-(int)$count;
if ($remaining < 0)
{
$remaining = 0;
}
$response->headers->set('X-Ratelimit-Remaining', $remaining, false);
}
}
catch (Exception $ex)
{
Log::error($ex);
}
return $response;
}
}

44
app/Http/Middleware/RedirectIfAuthenticated.php Normal file
View File

@ -0,0 +1,44 @@
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\RedirectResponse;
class RedirectIfAuthenticated {
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param Guard $auth
* @return void
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->check())
{
return new RedirectResponse(url('/home'));
}
return $next($request);
}
}

50
app/Http/Middleware/SecurityHTTPHeadersWriterMiddleware.php Normal file
View File

@ -0,0 +1,50 @@
<?php namespace App\Http\Middleware;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Closure;
use Illuminate\Contracts\Routing\Middleware;
/**
* Class SecurityHTTPHeadersWriterMiddleware
* https://www.owasp.org/index.php/List_of_useful_HTTP_headers
*
* @package App\Http\Middleware
*/
class SecurityHTTPHeadersWriterMiddleware implements Middleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return \Illuminate\Http\Response
*/
public function handle($request, Closure $next)
{
$response = $next($request);
// https://www.owasp.org/index.php/List_of_useful_HTTP_headers
$response->headers->set('X-content-type-options', 'nosniff');
$response->headers->set('X-xss-protection', '1; mode=block');
// http://tools.ietf.org/html/rfc6797
/**
* The HSTS header field below stipulates that the HSTS Policy is to
* remain in effect for one year (there are approximately 31536000
* seconds in a year)
* applies to the domain of the issuing HSTS Host and all of its
* subdomains:
*/
$response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
return $response;
}
}

20
app/Http/Middleware/VerifyCsrfToken.php Normal file
View File

@ -0,0 +1,20 @@
<?php namespace App\Http\Middleware;
use Closure;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return parent::handle($request, $next);
}
}

BIN
app/Http/Middleware/cors_server_flowchart.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 98 KiB

9
app/Http/Requests/Request.php Normal file
View File

@ -0,0 +1,9 @@
<?php namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
abstract class Request extends FormRequest {
//
}

40
app/Http/routes.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| Here is where you can register all of the routes for an application.
| It's a breeze. Simply tell Laravel the URIs it should respond to
| and give it the controller to call when that URI is requested.
|
*/
//OAuth2 Protected API
Route::group(array('prefix' => 'api/v1',
'before' => ['ssl', 'oauth2.enabled'],
'after' => '',
'middleware' => ['oauth2.protected', 'rate.limit','etags']), function () {
Route::group(array('prefix' => 'marketplace'), function () {
Route::group(array('prefix' => 'public-clouds'), function () {
Route::get('', 'OAuth2PublicCloudApiController@getClouds');
Route::get('/{id}', 'OAuth2PublicCloudApiController@getCloud');
Route::get('/{id}/data-centers', 'OAuth2PublicCloudApiController@getCloudDataCenters');
});
Route::group(array('prefix' => 'private-clouds'), function () {
Route::get('', 'OAuth2PrivateCloudApiController@getClouds');
Route::get('/{id}', 'OAuth2PrivateCloudApiController@getCloud');
Route::get('/{id}/data-centers', 'OAuth2PrivateCloudApiController@getCloudDataCenters');
});
Route::group(array('prefix' => 'consultants'), function () {
Route::get('', 'OAuth2ConsultantsApiController@getConsultants');
Route::get('/{id}', 'OAuth2ConsultantsApiController@getConsultant');
Route::get('/{id}/offices', 'OAuth2ConsultantsApiController@getOffices');
});
});
});

77
app/Libs/oauth2/BearerAccessTokenAuthorizationHeaderParser.php Normal file
View File

@ -0,0 +1,77 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class BearerAccessTokenAuthorizationHeaderParser
* Parse
* http://tools.ietf.org/html/rfc6750#section-2-1
* @package oauth2
*/
class BearerAccessTokenAuthorizationHeaderParser
{
private static $instance = null;
private function __construct()
{
}
public static function getInstance()
{
if (self::$instance == null)
{
self::$instance = new BearerAccessTokenAuthorizationHeaderParser();
}
return self::$instance;
}
/**
* @param string $http_auth_header_value
* @return string
* @throws OAuth2MissingBearerAccessTokenException
*/
public function parse($http_auth_header_value)
{
$accessTokenValue = '';
if (!is_null($http_auth_header_value) && !empty($http_auth_header_value))
{
// Check for special case, because cURL sometimes does an
// internal second request and doubles the authorization header,
// which always resulted in an error.
//
// 1st request: Authorization: Bearer XXX
// 2nd request: Authorization: Bearer XXX, Bearer XXX
if (strpos($http_auth_header_value, ',') !== false)
{
$headerPart = explode(',', $http_auth_header_value);
$accessTokenValue = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0]));
}
else
{
$accessTokenValue = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $http_auth_header_value));
}
$accessTokenValue = ($accessTokenValue == 'Bearer') ? '' : $accessTokenValue;
}
if (empty($accessTokenValue))
{
throw new OAuth2MissingBearerAccessTokenException;
}
return $accessTokenValue;
}
private function __clone()
{
}
}

54
app/Libs/oauth2/HttpMessage.php Normal file
View File

@ -0,0 +1,54 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
class HttpMessage implements \ArrayAccess
{
protected $container = array();
public function __construct(array $values)
{
$this->container = $values;
}
/**
* arrayaccess methods
* */
public function offsetSet($offset, $value)
{
if (is_null($offset))
{
$this->container[] = $value;
}
else
{
$this->container[$offset] = $value;
}
}
public function offsetExists($offset)
{
return isset($this->container[$offset]);
}
public function offsetUnset($offset)
{
unset($this->container[$offset]);
}
public function offsetGet($offset)
{
return isset($this->container[$offset]) ? $this->container[$offset] : null;
}
}

52
app/Libs/oauth2/HttpResponse.php Normal file
View File

@ -0,0 +1,52 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
abstract class HttpResponse extends HttpMessage
{
const HttpOkResponse = 200;
const HttpErrorResponse = 400;
protected $http_code;
protected $content_type;
public function __construct($http_code, $content_type)
{
$this->http_code = $http_code;
$this->content_type = $content_type;
}
abstract public function getContent();
public function getHttpCode()
{
return $this->http_code;
}
protected function setHttpCode($http_code)
{
$this->http_code = $http_code;
}
public function getContentType()
{
return $this->content_type;
}
abstract public function getType();
public function addParam($name, $value)
{
$this[$name] = $value;
}
}

28
app/Libs/oauth2/InvalidGrantTypeException.php Normal file
View File

@ -0,0 +1,28 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Exception;
/**
* Class InvalidGrantTypeException
* @package libs\oauth2
*/
class InvalidGrantTypeException extends Exception
{
public function __construct($message = "")
{
$message = "Invalid Grant Type : " . $message;
parent::__construct($message, 0, null);
}
}

39
app/Libs/oauth2/OAuth2DirectResponse.php Normal file
View File

@ -0,0 +1,39 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
class OAuth2DirectResponse extends OAuth2Response
{
const DirectResponseContentType = "application/json;charset=UTF-8";
const OAuth2DirectResponse = 'OAuth2DirectResponse';
public function __construct($http_code = self::HttpOkResponse, $content_type = self::DirectResponseContentType)
{
// Successful Responses: A server receiving a valid request MUST send a
// response with an HTTP status code of 200.
parent::__construct($http_code, $content_type);
}
public function getContent()
{
$json_encoded_format = json_encode($this->container);
return $json_encoded_format;
}
public function getType()
{
return self::OAuth2DirectResponse;
}
}

24
app/Libs/oauth2/OAuth2InvalidIntrospectionResponse.php Normal file
View File

@ -0,0 +1,24 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use \Exception;
class OAuth2InvalidIntrospectionResponse extends Exception
{
public function __construct($message = "")
{
$message = "Invalid Introspection Response : " . $message;
parent::__construct($message, 0, null);
}
}

28
app/Libs/oauth2/OAuth2MissingBearerAccessTokenException.php Normal file
View File

@ -0,0 +1,28 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Exception;
/**
* Class OAuth2MissingBearerAccessTokenException
* @package libs\oauth2
*/
class OAuth2MissingBearerAccessTokenException extends Exception
{
public function __construct($message = "")
{
$message = "Missing Bearer Access Token : " . $message;
parent::__construct($message, 0, null);
}
}

92
app/Libs/oauth2/OAuth2Protocol.php Normal file
View File

@ -0,0 +1,92 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
class OAuth2Protocol
{
const OAuth2Protocol_GrantType_AuthCode = 'authorization_code';
const OAuth2Protocol_GrantType_Implicit = 'implicit';
const OAuth2Protocol_GrantType_ResourceOwner_Password = 'password';
const OAuth2Protocol_GrantType_ClientCredentials = 'client_credentials';
const OAuth2Protocol_GrantType_RefreshToken = 'refresh_token';
const OAuth2Protocol_ResponseType_Code = 'code';
const OAuth2Protocol_ResponseType_Token = 'token';
const OAuth2Protocol_ResponseType = 'response_type';
const OAuth2Protocol_ClientId = 'client_id';
const OAuth2Protocol_UserId = 'user_id';
const OAuth2Protocol_ClientSecret = 'client_secret';
const OAuth2Protocol_Token = 'token';
const OAuth2Protocol_TokenType = 'token_type';
//http://tools.ietf.org/html/rfc7009#section-2.1
const OAuth2Protocol_TokenType_Hint = 'token_type_hint';
const OAuth2Protocol_AccessToken_ExpiresIn = 'expires_in';
const OAuth2Protocol_RefreshToken = 'refresh_token';
const OAuth2Protocol_AccessToken = 'access_token';
const OAuth2Protocol_RedirectUri = 'redirect_uri';
const OAuth2Protocol_Scope = 'scope';
const OAuth2Protocol_Audience = 'audience';
const OAuth2Protocol_State = 'state';
/**
* Indicates whether the user should be re-prompted for consent. The default is auto,
* so a given user should only see the consent page for a given set of scopes the first time
* through the sequence. If the value is force, then the user sees a consent page even if they
* previously gave consent to your application for a given set of scopes.
*/
const OAuth2Protocol_Approval_Prompt = 'approval_prompt';
const OAuth2Protocol_Approval_Prompt_Force = 'force';
const OAuth2Protocol_Approval_Prompt_Auto = 'auto';
/**
* Indicates whether your application needs to access an API when the user is not present at
* the browser. This parameter defaults to online. If your application needs to refresh access tokens
* when the user is not present at the browser, then use offline. This will result in your application
* obtaining a refresh token the first time your application exchanges an authorization code for a user.
*/
const OAuth2Protocol_AccessType = 'access_type';
const OAuth2Protocol_AccessType_Online = 'online';
const OAuth2Protocol_AccessType_Offline = 'offline';
const OAuth2Protocol_GrantType = 'grant_type';
const OAuth2Protocol_Error = 'error';
const OAuth2Protocol_ErrorDescription = 'error_description';
const OAuth2Protocol_ErrorUri = 'error_uri';
const OAuth2Protocol_Error_InvalidRequest = 'invalid_request';
const OAuth2Protocol_Error_UnauthorizedClient = 'unauthorized_client';
const OAuth2Protocol_Error_AccessDenied = 'access_denied';
const OAuth2Protocol_Error_UnsupportedResponseType = 'unsupported_response_type';
const OAuth2Protocol_Error_InvalidScope = 'invalid_scope';
const OAuth2Protocol_Error_UnsupportedGrantType = 'unsupported_grant_type';
const OAuth2Protocol_Error_InvalidGrant = 'invalid_grant';
//error codes definitions http://tools.ietf.org/html/rfc6749#section-4.1.2.1
const OAuth2Protocol_Error_ServerError = 'server_error';
const OAuth2Protocol_Error_TemporallyUnavailable = 'temporally_unavailable';
//http://tools.ietf.org/html/rfc7009#section-2.2.1
const OAuth2Protocol_Error_Unsupported_TokenType = ' unsupported_token_type';
//http://tools.ietf.org/html/rfc6750#section-3-1
const OAuth2Protocol_Error_InvalidToken = 'invalid_token';
const OAuth2Protocol_Error_InsufficientScope = 'insufficient_scope';
public static $valid_responses_types = array(
self::OAuth2Protocol_ResponseType_Code => self::OAuth2Protocol_ResponseType_Code,
self::OAuth2Protocol_ResponseType_Token => self::OAuth2Protocol_ResponseType_Token
);
public static $protocol_definition = array(
self::OAuth2Protocol_ResponseType => self::OAuth2Protocol_ResponseType,
self::OAuth2Protocol_ClientId => self::OAuth2Protocol_ClientId,
self::OAuth2Protocol_RedirectUri => self::OAuth2Protocol_RedirectUri,
self::OAuth2Protocol_Scope => self::OAuth2Protocol_Scope,
self::OAuth2Protocol_State => self::OAuth2Protocol_State
);
}

58
app/Libs/oauth2/OAuth2ResourceServerException.php Normal file
View File

@ -0,0 +1,58 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Exception;
/**
* Class OAuth2ResourceServerException
* @package libs\oauth2
*/
class OAuth2ResourceServerException extends Exception
{
private $http_code;
private $error;
private $error_description;
private $scope;
public function __construct($http_code, $error, $error_description, $scope = null)
{
$this->http_code = $http_code;
$this->error = $error;
$this->error_description = $error_description;
$this->scope = $scope;
$message = "Resource Server Exception : " . sprintf('http code : %s - error : %s - error description: %s', $http_code, $error, $error_description);
parent::__construct($message, 0, null);
}
public function getError()
{
return $this->error;
}
public function getErrorDescription()
{
return $this->error_description;
}
public function getScope()
{
return $this->scope;
}
public function getHttpCode()
{
return $this->http_code;
}
}

18
app/Libs/oauth2/OAuth2Response.php Normal file
View File

@ -0,0 +1,18 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
abstract class OAuth2Response extends HttpResponse
{
}

71
app/Libs/oauth2/OAuth2WWWAuthenticateErrorResponse.php Normal file
View File

@ -0,0 +1,71 @@
<?php namespace libs\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class OAuth2WWWAuthenticateErrorResponse
* http://tools.ietf.org/html/rfc6750#section-3
* @package oauth2\responses
*/
class OAuth2WWWAuthenticateErrorResponse extends OAuth2DirectResponse
{
private $realm;
private $error;
private $error_description;
private $scope;
private $http_error;
public function __construct($realm, $error, $error_description, $scope, $http_error)
{
parent::__construct($http_error, self::DirectResponseContentType);
$this->realm = $realm;
$this->error = $error;
$this->error_description = $error_description;
$this->scope = $scope;
$this->http_error = $http_error;
}
public function getWWWAuthenticateHeaderValue()
{
$value=sprintf('Bearer realm="%s"', $this->realm);
$value=$value.sprintf(', error="%s"', $this->error);
$value=$value.sprintf(', error_description="%s"', $this->error_description);
if (!is_null($this->scope))
{
$value=$value.sprintf(', scope="%s"', $this->scope);
}
return $value;
}
public function getContent()
{
$content = array(
'error' => $this->error,
'error_description' => $this->error_description
);
if (!is_null($this->scope))
{
$content['scope'] = $this->scope;
}
return $content;
}
public function getType()
{
return null;
}
}

29
app/Libs/utils/ConfigurationException.php Normal file
View File

@ -0,0 +1,29 @@
<?php namespace libs\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Exception;
/**
* Class ConfigurationException
* @package libs\utils
*/
class ConfigurationException extends Exception
{
public function __construct($message = "")
{
$message = "Configuration Exception : " . $message;
parent::__construct($message, 0, null);
}
}

114
app/Libs/utils/ICacheService.php Normal file
View File

@ -0,0 +1,114 @@
<?php namespace libs\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface ICacheService
* @package utils\services
*/
interface ICacheService
{
/**
* Determine if a key exists
* @param $key
* @return bool
*/
public function exists($key);
/**
* Delete a key
* @param $key
* @return mixed
*/
public function delete($key);
/**
* Delete a key
* @param array $keys
* @return mixed
*/
public function deleteArray(array $keys);
/**
* retrieves a hash
* @param $name
* @param array $values
* @return array
*/
public function getHash($name, array $values);
/**
* save a hash, with an optional time to live
* @param $name
* @param array $values
* @param int $ttl
* @return mixed
*/
public function storeHash($name, array $values, $ttl = 0);
/**
* @param $counter_name
* @param int $ttl
* @return mixed
*/
public function incCounter($counter_name, $ttl = 0);
/**
* @param $counter_name
* @return mixed
*/
public function incCounterIfExists($counter_name);
public function addMemberSet($set_name, $member);
public function deleteMemberSet($set_name, $member);
public function getSet($set_name);
public function getSingleValue($key);
/**
* @param $key
* @param $value
* @param int $ttl
* @return mixed
*/
public function setSingleValue($key, $value, $ttl = 0);
/**
* adds a single value if given keys does not exists, with an optional
* time to live
* @param $key
* @param $value
* @param int $ttl
* @return mixed
*/
public function addSingleValue($key, $value, $ttl = 0);
/**
* Set time to live to a given key
* @param $key
* @param $ttl
* @return mixed
*/
public function setKeyExpiration($key, $ttl);
public function boot();
/**Returns the remaining time to live of a key that has a timeout.
* @param string $key
* @return int
*/
public function ttl($key);
}

44
app/Libs/utils/RequestUtils.php Normal file
View File

@ -0,0 +1,44 @@
<?php namespace libs\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\App;
class RequestUtils {
public static function getCurrentRoutePath($request)
{
try
{
//gets routes from container and try to find the route
$router = App::make('router');
$routes = $router->getRoutes();
$route = $routes->match($request);
if (!is_null($route))
{
$route = $route->getPath();
if (strpos($route, '/') != 0)
{
$route = '/' . $route;
}
return $route;
}
}
catch (\Exception $ex)
{
Log::error($ex);
}
return false;
}
}

38
app/Models/Marketplace/CompanyService.php Normal file
View File

@ -0,0 +1,38 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\BaseModelEloquent;
use models\utils\IEntity;
class CompanyService extends BaseModelEloquent implements IEntity
{
protected $hidden = array('ClassName', 'MarketPlaceTypeID', 'EditedByID');
protected $table = 'CompanyService';
protected $connection = 'ss';
protected $stiClassField = 'ClassName';
protected $stiBaseClass = 'models\marketplace\CompanyService';
/**
* @return int
*/
public function getIdentifier()
{
return (int)$this->ID;
}
}

28
app/Models/Marketplace/Consultant.php Normal file
View File

@ -0,0 +1,28 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
class Consultant extends CompanyService implements IConsultant
{
protected $connection = 'ss';
/**
* @return Office[]
*/
public function offices()
{
return $this->hasMany('models\marketplace\Office', 'ConsultantID', 'ID')->get();
}
}

37
app/Models/Marketplace/DataCenterLocation.php Normal file
View File

@ -0,0 +1,37 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\BaseModelEloquent;
/**
* Class DataCenterLocation
* @package models\marketplace
*/
class DataCenterLocation extends BaseModelEloquent
{
protected $table = 'DataCenterLocation';
protected $connection = 'ss';
protected $hidden = array('ClassName','CloudServiceID','DataCenterRegionID');
/**
* @return DataCenterRegion
*/
public function region()
{
return $this->belongsTo('models\marketplace\DataCenterRegion', 'DataCenterRegionID');
}
}

38
app/Models/Marketplace/DataCenterRegion.php Normal file
View File

@ -0,0 +1,38 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\BaseModelEloquent;
/**
* Class DataCenterRegion
* @package models\marketplace
*/
class DataCenterRegion extends BaseModelEloquent
{
protected $table = 'DataCenterRegion';
protected $connection = 'ss';
protected $hidden = array('ClassName','CloudServiceID','PublicCloudID');
/**
* @return DataCenterLocation[]
*/
public function locations()
{
return $this->hasMany('models\marketplace\DataCenterLocation', 'DataCenterRegionID', 'ID')->get();
}
}

26
app/Models/Marketplace/ICloudService.php Normal file
View File

@ -0,0 +1,26 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface ICloudService
* @package models\marketplace
*/
interface ICloudService
{
/**
* @return DataCenterRegion[]
*/
public function datacenters_regions();
}

22
app/Models/Marketplace/ICloudServiceRepository.php Normal file
View File

@ -0,0 +1,22 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface ICloudServiceRepository
* @package models\marketplace\repositories
*/
interface ICloudServiceRepository extends ICompanyServiceRepository
{
}

45
app/Models/Marketplace/ICompanyServiceRepository.php Normal file
View File

@ -0,0 +1,45 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\IBaseRepository;
/**
* Interface ICompanyServiceRepository
* @package models\marketplace
*/
interface ICompanyServiceRepository extends IBaseRepository
{
const Status_All = 'all';
const Status_active = 'active';
const Status_non_active = 'non_active';
const Order_date = 'date';
const Order_name = 'name';
/**
* @param int $page
* @param int $per_page
* @param string $status
* @param string $order_by
* @param string $order_dir
* @return \IEntity[]
*/
public function getAll(
$page = 1,
$per_page = 1000,
$status = ICompanyServiceRepository::Status_All,
$order_by = ICompanyServiceRepository::Order_date,
$order_dir = 'asc'
);
}

25
app/Models/Marketplace/IConsultant.php Normal file
View File

@ -0,0 +1,25 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IConsultant
* @package models\marketplace
*/
interface IConsultant
{
/**
* @return Office[]
*/
public function offices();
}

21
app/Models/Marketplace/IConsultantRepository.php Normal file
View File

@ -0,0 +1,21 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IConsultantRepository
* @package models\marketplace
*/
interface IConsultantRepository extends ICompanyServiceRepository
{
}

21
app/Models/Marketplace/IPrivateCloudServiceRepository.php Normal file
View File

@ -0,0 +1,21 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IPrivateCloudServiceRepository
* @package models\marketplace
*/
interface IPrivateCloudServiceRepository extends ICloudServiceRepository
{
}

22
app/Models/Marketplace/IPublicCloudServiceRepository.php Normal file
View File

@ -0,0 +1,22 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IPublicCloudServiceRepository
* @package models\marketplace
*/
interface IPublicCloudServiceRepository extends ICloudServiceRepository
{
}

38
app/Models/Marketplace/Office.php Normal file
View File

@ -0,0 +1,38 @@
<?php use models\utils\BaseModelEloquent;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
namespace models\marketplace;
use models\utils\BaseModelEloquent;
/**
* Class Office
* @package models\marketplace
*/
class Office extends BaseModelEloquent
{
protected $table = 'Office';
protected $connection = 'ss';
protected $hidden = array('ClassName','Order','ConsultantID');
/**
* @return Consultant
*/
public function consultant()
{
return $this->belongsTo('models\marketplace\Consultant', 'ConsultantID');
}
}

31
app/Models/Marketplace/PrivateCloudService.php Normal file
View File

@ -0,0 +1,31 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class PrivateCloudService
* @package models\marketplace
*/
class PrivateCloudService extends CompanyService implements ICloudService
{
/**
* @return DataCenterRegion[]
*/
public function datacenters_regions()
{
return $this->hasMany('models\marketplace\DataCenterRegion', 'CloudServiceID', 'ID')->get();
}
}

30
app/Models/Marketplace/PublicCloudService.php Normal file
View File

@ -0,0 +1,30 @@
<?php namespace models\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class PublicCloudService
* @package models\marketplace
*/
class PublicCloudService extends CompanyService implements ICloudService
{
protected $connection = 'ss';
/**
* @return DataCenterRegion[]
*/
public function datacenters_regions()
{
return $this->hasMany('models\marketplace\DataCenterRegion', 'CloudServiceID', 'ID')->get();
}
}

154
app/Models/ResourceServer/AccessTokenService.php Normal file
View File

@ -0,0 +1,154 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use GuzzleHttp\Client;
use GuzzleHttp\Exception\RequestException;
use Illuminate\Support\Facades\Config;
use libs\oauth2\OAuth2InvalidIntrospectionResponse;
use libs\utils\ICacheService;
use models\oauth2\AccessToken;
use libs\utils\ConfigurationException;
use libs\oauth2\InvalidGrantTypeException;
/**
* Class AccessTokenService
* @package models\resource_server
*/
final class AccessTokenService implements IAccessTokenService
{
/**
* @var ICacheService
*/
private $cache_service;
/**
* @param ICacheService $cache_service
*/
public function __construct(ICacheService $cache_service)
{
$this->cache_service = $cache_service;
}
/**
* @param string $token_value
* @return AccessToken
* @throws \Exception
*/
public function get($token_value)
{
$token = null;
$token_info = $this->cache_service->getHash(md5($token_value), array(
'access_token',
'scope',
'client_id',
'audience',
'user_id',
'expires_in',
'application_type',
'allowed_return_uris',
'allowed_origins'));
if (count($token_info) === 0)
{
$token_info = $this->makeRemoteCall($token_value);
$this->cache_service->storeHash(md5($token_value), $token_info, (int)$token_info['expires_in']);
}
else
{
$token_info['expires_in'] = $this->cache_service->ttl(md5($token_value));
}
$token = AccessToken::createFromParams(
$token_info['access_token'],
$token_info['scope'],
$token_info['client_id'],
$token_info['audience'],
$token_info['user_id'],
(int)$token_info['expires_in'],
$token_info['application_type'],
isset($token_info['allowed_return_uris']) ? $token_info['allowed_return_uris'] : null,
isset($token_info['allowed_origins']) ? $token_info['allowed_origins'] : null
);
return $token;
}
/**
* @param $token_value
* @return mixed
* @throws ConfigurationException
* @throws InvalidGrantTypeException
* @throws OAuth2InvalidIntrospectionResponse
*/
private function makeRemoteCall($token_value)
{
try
{
$client = new Client([
'defaults' => [
'timeout' => Config::get('curl.timeout', 60),
'allow_redirects' => Config::get('curl.allow_redirects', false),
'verify' => Config::get('curl.verify_ssl_cert', true)
]
]);
$client_id = Config::get('app.openstackid_client_id', '');
$client_secret = Config::get('app.openstackid_client_secret', '');
$auth_server_url = Config::get('app.openstackid_base_url', '');
if (empty($client_id))
{
throw new ConfigurationException('app.openstackid_client_id param is missing!');
}
if (empty($client_secret))
{
throw new ConfigurationException('app.openstackid_client_secret param is missing!');
}
if (empty($auth_server_url))
{
throw new ConfigurationException('app.openstackid_base_url param is missing!');
}
$response = $client->post(
$auth_server_url . '/oauth2/token/introspection',
[
'query' => ['token' => $token_value],
'headers' => ['Authorization' => " Basic " . base64_encode($client_id . ':' . $client_secret)]
]
);
$token_info = $response->json();
return $token_info;
}
catch (RequestException $ex)
{
$response = $ex->getResponse();
$body = $response->json();
$code = $response->getStatusCode();
if ($code === 400)
{
throw new InvalidGrantTypeException($body['error']);
}
throw new OAuth2InvalidIntrospectionResponse(sprintf('http code %s', $ex->getCode()));
}
}
}

100
app/Models/ResourceServer/Api.php Normal file
View File

@ -0,0 +1,100 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\BaseModelEloquent;
/**
* Class Api
* @package models\resource_server
*/
class Api extends BaseModelEloquent implements IApi
{
protected $table = 'apis';
protected $fillable = array('name','description','active');
/**
* @return IApiScope[]
*/
public function scopes()
{
return $this->hasMany('models\resource_server\ApiScope', 'api_id');
}
/**
* @return IApiEndpoint[]
*/
public function endpoints()
{
return $this->hasMany('models\resource_server\ApiEndpoint', 'api_id');
}
/**
* @return string
*/
public function getName()
{
return $this->name;
}
/**
* @return string
*/
public function getDescription()
{
return $this->description;
}
/**
* @return string
*/
public function getScope()
{
$scope = '';
foreach ($this->scopes()->get() as $s)
{
if (!$s->active)
{
continue;
}
$scope = $scope .$s->name.' ';
}
$scope = trim($scope);
return $scope;
}
/**
* @return bool
*/
public function isActive()
{
return $this->active;
}
public function setName($name)
{
$this->name = $name;
}
public function setDescription($description)
{
$this->description = $description;
}
public function setStatus($active)
{
$this->active = $active;
}
}

134
app/Models/ResourceServer/ApiEndpoint.php Normal file
View File

@ -0,0 +1,134 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\BaseModelEloquent;
/**
* Class ApiEndpoint
* @package models\resource_server
*/
class ApiEndpoint extends BaseModelEloquent implements IApiEndpoint
{
protected $table = 'api_endpoints';
protected $fillable = array(
'description',
'active',
'allow_cors',
'allow_credentials',
'name','route',
'http_method',
'api_id',
'rate_limit'
);
/**
* @return IApi
*/
public function api()
{
return $this->belongsTo('models\resource_server\Api', 'api_id');
}
/**
* @return IApiScope[]
*/
public function scopes()
{
return $this->belongsToMany('models\resource_server\ApiScope', 'endpoint_api_scopes', 'api_endpoint_id', 'scope_id');
}
public function getRoute()
{
return $this->route;
}
public function getHttpMethod()
{
return $this->http_method;
}
public function setRoute($route)
{
$this->route = $route;
}
public function setHttpMethod($http_method)
{
$this->http_method = $http_method;
}
/**
* @return string
*/
public function getScope()
{
$scope = '';
foreach ($this->scopes()->get() as $s)
{
if (!$s->active)
{
continue;
}
$scope = $scope .$s->name.' ';
}
$scope = trim($scope);
return $scope;
}
public function isActive()
{
return $this->active;
}
/**
* @param bool $active
*/
public function setStatus($active)
{
$this->active = $active;
}
/**
* @return string
*/
public function getName()
{
return $this->name;
}
/**
* @param string $name
*/
public function setName($name)
{
$this->name= $name;
}
/**
* @return bool
*/
public function supportCORS()
{
return $this->allow_cors;
}
/**
* @return bool
*/
public function supportCredentials()
{
return (bool)$this->allow_credentials;
}
}

57
app/Models/ResourceServer/ApiScope.php Normal file
View File

@ -0,0 +1,57 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\BaseModelEloquent;
/**
* Class ApiScope
* @package models\resource_server
*/
class ApiScope extends BaseModelEloquent implements IApiScope
{
protected $table = 'api_scopes';
protected $hidden = array('');
protected $fillable = array('name' ,'short_description', 'description','active','default','system', 'api_id');
/**
* @return IApi
*/
public function api()
{
return $this->belongsTo('models\resource_server\Api', 'api_id');
}
public function getShortDescription()
{
return $this->short_description;
}
public function getName()
{
return $this->name;
}
public function getDescription()
{
return $this->description;
}
public function isActive()
{
return $this->active;
}
}

30
app/Models/ResourceServer/IAccessTokenService.php Normal file
View File

@ -0,0 +1,30 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\oauth2\AccessToken;
use libs\oauth2\OAuth2InvalidIntrospectionResponse;
/**
* Interface IAccessTokenService
* @package models\resource_server
*/
interface IAccessTokenService
{
/**
*@param string $token_value
*@return AccessToken
*@throws OAuth2InvalidIntrospectionResponse
*/
public function get($token_value);
}

70
app/Models/ResourceServer/IApi.php Normal file
View File

@ -0,0 +1,70 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IApi
* @package models\resource_server
*/
interface IApi
{
/**
* @return string
*/
public function getName();
/**
* @return string
*/
public function getDescription();
/**
* @return string
*/
public function getScope();
/**
* @return bool
*/
public function isActive();
/**
* @param string $name
* @return void
*/
public function setName($name);
/**
* @param string $description
* @return void
*/
public function setDescription($description);
/**
* @param bool $active
* @return void
*/
public function setStatus($active);
/**
* @return IApiEndpoint[]
*/
public function endpoints();
/**
* @return IApiScope[]
*/
public function scopes();
}

91
app/Models/ResourceServer/IApiEndpoint.php Normal file
View File

@ -0,0 +1,91 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IApiEndpoint
* @package models\resource_server
*/
interface IApiEndpoint
{
/**
* @return string
*/
public function getRoute();
/**
* @return string
*/
public function getHttpMethod();
/**
* @return string
*/
public function getName();
/**
* @param string $route
* @return void
*/
public function setRoute($route);
/**
* @param string $http_method
* @return void
*/
public function setHttpMethod($http_method);
/**
* @param string $name
* @return void
*/
public function setName($name);
/**
* @return string
*/
public function getScope();
/**
* @return bool
*/
public function isActive();
/**
* @param bool $active
* @return void
*/
public function setStatus($active);
/**
* @return bool
*/
public function supportCORS();
/**
* @return bool
*/
public function supportCredentials();
/**
* @return IApi
*/
public function api();
/**
* @return IApiScope[]
*/
public function scopes();
}

30
app/Models/ResourceServer/IApiEndpointRepository.php Normal file
View File

@ -0,0 +1,30 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\utils\IBaseRepository;
/**
* Interface IApiEndpointRepository
* @package models\resource_server
*/
interface IApiEndpointRepository extends IBaseRepository
{
/**
* @param string $url
* @param string $http_method
* @return IApiEndpoint
*/
public function getApiEndpointByUrlAndMethod($url, $http_method);
}

46
app/Models/ResourceServer/IApiScope.php Normal file
View File

@ -0,0 +1,46 @@
<?php namespace models\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IApiScope
* http://tools.ietf.org/html/rfc6749#section-3.3
* @package oauth2\models
*/
interface IApiScope
{
/**
* @return string
*/
public function getShortDescription();
/**
* @return string
*/
public function getName();
/**
* @return string
*/
public function getDescription();
/**
* @return bool
*/
public function isActive();
/**
* @return IApi
*/
public function api();
}

81
app/Models/Utils/BaseModelEloquent.php Normal file
View File

@ -0,0 +1,81 @@
<?php namespace models\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Eloquent;
use ReflectionClass;
/**
* Class BaseModelEloquent
*/
class BaseModelEloquent extends Eloquent
{
private $class = null;
/**
* @param $query
* @param array $filters
* @return mixed
*/
public function scopeFilter($query, array $filters)
{
foreach ($filters as $filter)
{
$query = $query->where($filter['name'], $filter['op'], $filter['value']);
}
return $query;
}
public function __construct($attributes = array())
{
parent::__construct($attributes);
$this->class = new ReflectionClass(get_class($this));
if ($this->useSti())
{
$this->setAttribute($this->stiClassField, $this->class->getName());
}
}
private function useSti()
{
return ($this->stiClassField && $this->stiBaseClass);
}
public function newQuery($excludeDeleted = true)
{
$builder = parent::newQuery($excludeDeleted);
// If I am using STI, and I am not the base class,
// then filter on the class name.
if ($this->useSti() && get_class(new $this->stiBaseClass) !== get_class($this))
{
$builder->where($this->stiClassField, "=", $this->class->getShortName());
}
return $builder;
}
public function newFromBuilder($attributes = array(), $connection = null)
{
if ($this->useSti() && $attributes->{$this->stiClassField})
{
$class = $this->class->getName();
$instance = new $class;
$instance->exists = true;
$instance->setRawAttributes((array) $attributes, true);
return $instance;
}
else
{
return parent::newFromBuilder($attributes, $connection);
}
}
}

24
app/Models/Utils/IBaseRepository.php Normal file
View File

@ -0,0 +1,24 @@
<?php namespace models\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IBaseRepository
*/
interface IBaseRepository {
/**
* @param int $id
* @return IEntity
*/
public function getById($id);
}

23
app/Models/Utils/IEntity.php Normal file
View File

@ -0,0 +1,23 @@
<?php namespace models\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IEntity
*/
interface IEntity {
/**
* @return int
*/
public function getIdentifier();
}

120
app/Models/oauth2/AccessToken.php Normal file
View File

@ -0,0 +1,120 @@
<?php namespace models\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class AccessToken
* http://tools.ietf.org/html/rfc6749#section-1.4
* @package oauth2\models
*/
class AccessToken extends Token
{
private $auth_code;
private $refresh_token;
/**
* @var string
*/
private $allowed_origins;
/**
* @var string
*/
private $allowed_return_uris;
/**
* @var string
*/
private $application_type;
public function __construct()
{
parent::__construct(72);
}
/**
* @param $value
* @param $scope
* @param $client_id
* @param $audience
* @param $user_id
* @param $lifetime
* @param $application_type
* @param $allowed_return_uris
* @param $allowed_origins
* @return AccessToken
*/
public static function createFromParams(
$value,
$scope,
$client_id,
$audience,
$user_id,
$lifetime,
$application_type,
$allowed_return_uris,
$allowed_origins
) {
$instance = new self();
$instance->value = $value;
$instance->scope = $scope;
$instance->client_id = $client_id;
$instance->user_id = $user_id;
$instance->auth_code = null;
$instance->audience = $audience;
$instance->refresh_token = null;
$instance->lifetime = intval($lifetime);
$instance->is_hashed = false;
$instance->allowed_return_uris = $allowed_return_uris;
$instance->application_type = $application_type;
$instance->allowed_origins = $allowed_origins;
return $instance;
}
public function getAuthCode()
{
return $this->auth_code;
}
public function getRefreshToken()
{
return $this->refresh_token;
}
public function getApplicationType()
{
return $this->application_type;
}
public function getAllowedOrigins()
{
return $this->allowed_origins;
}
public function getAllowedReturnUris()
{
return $this->allowed_return_uris;
}
public function toJSON()
{
return '{}';
}
public function fromJSON($json)
{
}
}

58
app/Models/oauth2/IResourceServerContext.php Normal file
View File

@ -0,0 +1,58 @@
<?php namespace models\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Interface IResourceServerContext
* Current Request OAUTH2 security context
* @package oauth2
*/
interface IResourceServerContext
{
/**
* returns given scopes for current request
* @return array
*/
public function getCurrentScope();
/**
* gets current access token values
* @return string
*/
public function getCurrentAccessToken();
/**
* gets current access token lifetime
* @return mixed
*/
public function getCurrentAccessTokenLifetime();
/**
* gets current client id
* @return string
*/
public function getCurrentClientId();
/**
* gets current user id (if was set)
* @return int
*/
public function getCurrentUserId();
/**
* @param array $auth_context
* @return void
*/
public function setAuthorizationContext(array $auth_context);
}

76
app/Models/oauth2/ResourceServerContext.php Normal file
View File

@ -0,0 +1,76 @@
<?php namespace models\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
/**
* Class ResourceServerContext
* @package models\oauth2
*/
class ResourceServerContext implements IResourceServerContext
{
/**
* @var array
*/
private $auth_context;
/**
* @return array
*/
public function getCurrentScope()
{
return isset($this->auth_context['scope'])? explode(' ', $this->auth_context['scope']):array();
}
/**
* @return null|string
*/
public function getCurrentAccessToken()
{
return isset($this->auth_context['access_token'])?$this->auth_context['access_token']:null;
}
/**
* @return null|string
*/
public function getCurrentAccessTokenLifetime()
{
return isset($this->auth_context['expires_in'])?$this->auth_context['expires_in']:null;
}
/**
* @return null
*/
public function getCurrentClientId()
{
return isset($this->auth_context['client_id'])?$this->auth_context['client_id']:null;
}
/**
* @return null|int
*/
public function getCurrentUserId()
{
return isset($this->auth_context['user_id'])?intval($this->auth_context['user_id']):null;
}
/**
* @param array $auth_context
* @return void
*/
public function setAuthorizationContext(array $auth_context)
{
$this->auth_context = $auth_context;
}
}

90
app/Models/oauth2/Token.php Normal file
View File

@ -0,0 +1,90 @@
<?php namespace models\oauth2;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use DateTime;
use DateInterval;
use DateTimeZone;
/**
* Class Token
* Defines the common behavior for all emitted tokens
* @package oauth2\models
*/
abstract class Token
{
const DefaultByteLength = 32;
protected $value;
protected $lifetime;
protected $client_id;
protected $len;
protected $scope;
protected $audience;
protected $from_ip;
protected $is_hashed;
protected $user_id;
public function __construct($len = self::DefaultByteLength)
{
$this->len = $len;
$this->is_hashed = false;
}
public function getValue()
{
return $this->value;
}
public function getLifetime()
{
return intval($this->lifetime);
}
public function getScope()
{
return $this->scope;
}
public function getClientId()
{
return $this->client_id;
}
public function getAudience()
{
return $this->audience;
}
public function getFromIp()
{
return $this->from_ip;
}
public function getUserId()
{
return $this->user_id;
}
public function isHashed()
{
return $this->is_hashed;
}
public abstract function toJSON();
public abstract function fromJSON($json);
}

47
app/Providers/AppServiceProvider.php Normal file
View File

@ -0,0 +1,47 @@
<?php namespace App\Providers;
use Monolog\Logger;
use Monolog\Handler\NativeMailerHandler;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Facades\App;
class AppServiceProvider extends ServiceProvider {
/**
* Bootstrap any application services.
*
* @return void
*/
public function boot()
{
//set email log
$to = Config::get('log.to_email');
$from = Config::get('log.from_email');
if (!empty($to) && !empty($from))
{
$subject = 'openstackid-resource-server error';
$mono_log = Log::getMonolog();
$handler = new NativeMailerHandler($to, $subject, $from, $level = Logger::WARNING);
$mono_log->pushHandler($handler);
}
}
/**
* Register any application services.
*
* @return void
*/
public function register()
{
App::singleton('models\\oauth2\\IResourceServerContext', 'models\\oauth2\\ResourceServerContext');
App::singleton('models\resource_server\\IAccessTokenService', 'models\resource_server\\AccessTokenService');
App::singleton('models\\resource_server\\IApi', 'models\\resource_server\\Api');
App::singleton('models\\resource_server\\IApiEndpoint', 'models\\resource_server\\ApiEndpoint');
App::singleton('models\\resource_server\\IApiScope', 'models\\resource_server\\ApiScope');
}
}

34
app/Providers/BusServiceProvider.php Normal file
View File

@ -0,0 +1,34 @@
<?php namespace App\Providers;
use Illuminate\Bus\Dispatcher;
use Illuminate\Support\ServiceProvider;
class BusServiceProvider extends ServiceProvider {
/**
* Bootstrap any application services.
*
* @param \Illuminate\Bus\Dispatcher $dispatcher
* @return void
*/
public function boot(Dispatcher $dispatcher)
{
$dispatcher->mapUsing(function($command)
{
return Dispatcher::simpleMapping(
$command, 'App\Commands', 'App\Handlers\Commands'
);
});
}
/**
* Register any application services.
*
* @return void
*/
public function register()
{
//
}
}

23
app/Providers/ConfigServiceProvider.php Normal file
View File

@ -0,0 +1,23 @@
<?php namespace App\Providers;
use Illuminate\Support\ServiceProvider;
class ConfigServiceProvider extends ServiceProvider {
/**
* Overwrite any vendor / package configuration.
*
* This service provider is intended to provide a convenient location for you
* to overwrite any "vendor" or package configuration that you may want to
* modify before the application handles the incoming request / command.
*
* @return void
*/
public function register()
{
config([
//
]);
}
}

32
app/Providers/EventServiceProvider.php Normal file
View File

@ -0,0 +1,32 @@
<?php namespace App\Providers;
use Illuminate\Contracts\Events\Dispatcher as DispatcherContract;
use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
class EventServiceProvider extends ServiceProvider {
/**
* The event handler mappings for the application.
*
* @var array
*/
protected $listen = [
'event.name' => [
'EventListener',
],
];
/**
* Register any other events for your application.
*
* @param \Illuminate\Contracts\Events\Dispatcher $events
* @return void
*/
public function boot(DispatcherContract $events)
{
parent::boot($events);
//
}
}

62
app/Providers/RouteServiceProvider.php Normal file
View File

@ -0,0 +1,62 @@
<?php namespace App\Providers;
use Illuminate\Routing\Router;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Config;
use Illuminate\Support\Facades\Request;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;
class RouteServiceProvider extends ServiceProvider {
/**
* This namespace is applied to the controller routes in your routes file.
*
* In addition, it is set as the URL generator's root namespace.
*
* @var string
*/
protected $namespace = 'App\Http\Controllers';
/**
* Define your route model bindings, pattern filters, etc.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
public function boot(Router $router)
{
parent::boot($router);
//filter should be registered here
// Route::filter('filter.name',function($route, $request){ .... });
Route::filter("ssl", function () {
if (!Request::secure() && Config::get("SSL.Enable", false))
{
return Redirect::secure(Request::getRequestUri());
}
});
Route::filter("oauth2.enabled", function () {
if (!Config::get("OAuth2.Enable", true))
{
return View::make('errors.404');
}
});
}
/**
* Define the routes for the application.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
public function map(Router $router)
{
$router->group(['namespace' => $this->namespace], function ($router) {
require app_path('Http/routes.php');
});
}
}

49
app/Repositories/RepositoriesProvider.php Normal file
View File

@ -0,0 +1,49 @@
<?php namespace repositories;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Facades\App;
/**
* Class RepositoriesProvider
* @package repositories
*/
class RepositoriesProvider extends ServiceProvider
{
protected $defer = false;
public function boot()
{
}
public function register()
{
App::singleton(
'models\marketplace\IPublicCloudServiceRepository',
'repositories\marketplace\EloquentPublicCloudServiceRepository'
);
App::singleton(
'models\marketplace\IPrivateCloudServiceRepository',
'repositories\marketplace\EloquentPrivateCloudServiceRepository'
);
App::singleton(
'models\marketplace\IConsultantRepository',
'repositories\marketplace\EloquentConsultantRepository'
);
App::singleton(
'models\resource_server\IApiEndpointRepository',
'repositories\resource_server\EloquentApiEndpointRepository'
);
}
}

94
app/Repositories/marketplace/EloquentCompanyServiceRepository.php Normal file
View File

@ -0,0 +1,94 @@
<?php namespace repositories\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\ICompanyServiceRepository;
use models\utils\IEntity;
/**
* Class EloquentCompanyServiceRepository
* @package repositories\marketplace
*/
abstract class EloquentCompanyServiceRepository implements ICompanyServiceRepository
{
/**
* @var IEntity
*/
protected $entity;
/**
* @param int $id
* @return IEntity
*/
public function getById($id)
{
return $this->entity->find($id);
}
/**
* @param int $page
* @param int $per_page
* @param string $status
* @param string $order_by
* @param string $order_dir
* @return IEntity[]
*/
public function getAll(
$page = 1,
$per_page = 1000,
$status = ICompanyServiceRepository::Status_All,
$order_by = ICompanyServiceRepository::Order_date,
$order_dir = 'asc'
) {
$fields = array('*');
$filters = array();
switch($status)
{
case ICompanyServiceRepository::Status_active:
array_push(
$filters,
array(
'name'=>'Active',
'op' => '=',
'value'=> true
)
);
break;
case ICompanyServiceRepository::Status_non_active:
array_push(
$filters,
array(
'name'=>'Active',
'op' => '=',
'value'=> false
)
);
break;
}
$query = $this->entity->Filter($filters);
switch($order_by)
{
case ICompanyServiceRepository::Order_date:
$query = $query->orderBy('Created', $order_dir);
break;
case ICompanyServiceRepository::Order_name:
$query = $query->orderBy('Name', $order_dir);
break;
}
return $query->paginate($per_page, $fields)->toArray();
}
}

32
app/Repositories/marketplace/EloquentConsultantRepository.php Normal file
View File

@ -0,0 +1,32 @@
<?php namespace repositories\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\Consultant;
use models\marketplace\IConsultantRepository;
/**
* Class EloquentConsultantRepository
* @package repositories\marketplace
*/
class EloquentConsultantRepository extends EloquentCompanyServiceRepository implements IConsultantRepository
{
/**
* @param Consultant $consultant
*/
public function __construct(Consultant $consultant)
{
$this->entity = $consultant;
}
}

35
app/Repositories/marketplace/EloquentPrivateCloudServiceRepository.php Normal file
View File

@ -0,0 +1,35 @@
<?php namespace repositories\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\IPrivateCloudServiceRepository;
use models\marketplace\PrivateCloudService;
/**
* Class EloquentPrivateCloudServiceRepository
* @package repositories\marketplace
*/
class EloquentPrivateCloudServiceRepository
extends EloquentCompanyServiceRepository
implements IPrivateCloudServiceRepository
{
/**
* @param PrivateCloudService $private_cloud
*/
public function __construct(PrivateCloudService $private_cloud)
{
$this->entity = $private_cloud;
}
}

34
app/Repositories/marketplace/EloquentPublicCloudServiceRepository.php Normal file
View File

@ -0,0 +1,34 @@
<?php namespace repositories\marketplace;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\marketplace\IPublicCloudServiceRepository;
use models\marketplace\PublicCloudService;
/**
* Class EloquentPublicCloudServiceRepository
* @package repositories\marketplace
*/
class EloquentPublicCloudServiceRepository
extends EloquentCompanyServiceRepository
implements IPublicCloudServiceRepository
{
/**
* @param PublicCloudService $public_cloud
*/
public function __construct(PublicCloudService $public_cloud)
{
$this->entity = $public_cloud;
}
}

67
app/Repositories/resource_server/EloquentApiEndpointRepository.php Normal file
View File

@ -0,0 +1,67 @@
<?php namespace repositories\resource_server;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use models\resource_server\ApiEndpoint;
use models\resource_server\IApiEndpoint;
use models\utils\IEntity;
use Illuminate\Support\Facades\DB;
use models\resource_server\IApiEndpointRepository;
/**
* Class EloquentApiEndpointRepository
* @package repositories\resource_server
*/
class EloquentApiEndpointRepository implements IApiEndpointRepository
{
/**
* @var IEntity
*/
protected $entity;
/**
* @param IApiEndpoint $endpoint
*/
public function __construct(IApiEndpoint $endpoint)
{
$this->entity = $endpoint;
}
/**
* @param string $url
* @param string $http_method
* @return IApiEndpoint
*/
public function getApiEndpointByUrlAndMethod($url, $http_method)
{
return $this->entity->Filter(array( array(
'name'=>'route',
'op' => '=',
'value'=> $url
), array(
'name'=>'http_method',
'op' => '=',
'value'=> $http_method
)))->firstOrFail();
}
/**
* @param int $id
* @return IEntity
*/
public function getById($id)
{
return $this->entity->find($id);
}
}

34
app/Services/ServicesProvider.php Normal file
View File

@ -0,0 +1,34 @@
<?php namespace services;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\ServiceProvider;
use App;
/***
* Class ServicesProvider
* @package services
*/
class ServicesProvider extends ServiceProvider
{
protected $defer = false;
public function boot()
{
}
public function register()
{
App::singleton('libs\utils\ICacheService', 'services\utils\RedisCacheService');
}
}

190
app/Services/utils/RedisCacheService.php Normal file
View File

@ -0,0 +1,190 @@
<?php namespace services\utils;
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
use Illuminate\Support\Facades\Redis;
use libs\utils\ICacheService;
/**
* Class RedisCacheService
* Cache Service Implementation Based on REDIS
* http://redis.io
* @package services
*/
class RedisCacheService implements ICacheService
{
//services
private $redis = null;
public function __construct()
{
$this->redis = Redis::connection();
}
public function boot()
{
if (is_null($this->redis))
{
$this->redis = Redis::connection();
}
}
/**
* @param $key
* @return mixed
*/
public function delete($key)
{
$res = 0;
if ($this->redis->exists($key))
{
$res = $this->redis->del($key);
}
return $res;
}
public function deleteArray(array $keys)
{
if (count($keys)>0)
{
$this->redis->del($keys);
}
}
/**
* @param $key
* @return bool
*/
public function exists($key)
{
$res = $this->redis->exists($key);
return $res>0;
}
/**
* @param $name
* @param array $values
* @return mixed
*/
public function getHash($name, array $values)
{
$res = array();
if ($this->redis->exists($name))
{
$cache_values = $this->redis->hmget($name, $values);
for ($i=0; $i<count($cache_values); $i++)
{
$res[$values[$i]] = $cache_values[$i];
}
}
return $res;
}
public function storeHash($name, array $values, $ttl = 0)
{
$res = false;
//stores in REDIS
if (!$this->redis->exists($name))
{
$this->redis->hmset($name, $values);
$res = true;
//sets expiration time
if ($ttl>0)
{
$this->redis->expire($name, $ttl);
}
}
return $res;
}
public function incCounter($counter_name, $ttl = 0)
{
if ($this->redis->setnx($counter_name, 1))
{
$this->redis->expire($counter_name, $ttl);
return 1;
}
else
{
return (int)$this->redis->incr($counter_name);
}
}
public function incCounterIfExists($counter_name)
{
$res = false;
if ($this->redis->exists($counter_name))
{
$this->redis->incr($counter_name);
$res = true;
}
return $res;
}
public function addMemberSet($set_name, $member)
{
return $this->redis->sadd($set_name, $member);
}
public function deleteMemberSet($set_name, $member)
{
return $this->redis->srem($set_name, $member);
}
public function getSet($set_name)
{
return $this->redis->smembers($set_name);
}
public function getSingleValue($key)
{
return $this->redis->get($key);
}
public function setSingleValue($key, $value, $ttl = 0)
{
if ($ttl>0)
{
return $this->redis->setex($key, $ttl, $value);
}
else
{
return $this->redis->set($key, $value);
}
}
public function addSingleValue($key, $value, $ttl = 0)
{
$res = $this->redis->setnx($key, $value);
if ($res && $ttl>0)
{
$this->redis->expire($key, $ttl);
}
return $res;
}
public function setKeyExpiration($key, $ttl)
{
$this->redis->expire($key, intval($ttl));
}
/**Returns the remaining time to live of a key that has a timeout.
* @param string $key
* @return int
*/
public function ttl($key)
{
return (int)$this->redis->ttl($key);
}
}

51
artisan Executable file
View File

@ -0,0 +1,51 @@
#!/usr/bin/env php
<?php
/*
|--------------------------------------------------------------------------
| Register The Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader
| for our application. We just need to utilize it! We'll require it
| into the script here so that we do not have to worry about the
| loading of any our classes "manually". Feels great to relax.
|
*/
require __DIR__.'/bootstrap/autoload.php';
$app = require_once __DIR__.'/bootstrap/app.php';
/*
|--------------------------------------------------------------------------
| Run The Artisan Application
|--------------------------------------------------------------------------
|
| When we run the console application, the current CLI command will be
| executed in this console and the response sent back to a terminal
| or another output device for the developers. Here goes nothing!
|
*/
$kernel = $app->make('Illuminate\Contracts\Console\Kernel');
$status = $kernel->handle(
$input = new Symfony\Component\Console\Input\ArgvInput,
new Symfony\Component\Console\Output\ConsoleOutput
);
/*
|--------------------------------------------------------------------------
| Shutdown The Application
|--------------------------------------------------------------------------
|
| Once Artisan has finished running. We will fire off the shutdown events
| so that any final work may be done by the application before we shut
| down the process. This is the last thing to happen to the request.
|
*/
$kernel->terminate($input, $status);
exit($status);

57
bootstrap/app.php Normal file
View File

@ -0,0 +1,57 @@
<?php
/*
|--------------------------------------------------------------------------
| Create The Application
|--------------------------------------------------------------------------
|
| The first thing we will do is create a new Laravel application instance
| which serves as the "glue" for all the components of Laravel, and is
| the IoC container for the system binding all of the various parts.
|
*/
$app = new Illuminate\Foundation\Application(
realpath(__DIR__.'/../')
);
/*
|--------------------------------------------------------------------------
| Bind Important Interfaces
|--------------------------------------------------------------------------
|
| Next, we need to bind some important interfaces into the container so
| we will be able to resolve them when needed. The kernels serve the
| incoming requests to this application from both the web and CLI.
|
*/
$app->singleton(
'Illuminate\Contracts\Http\Kernel',
'App\Http\Kernel'
);
$app->singleton(
'Illuminate\Contracts\Console\Kernel',
'App\Console\Kernel'
);
$app->singleton(
'Illuminate\Contracts\Debug\ExceptionHandler',
'App\Exceptions\Handler'
);
/*
|--------------------------------------------------------------------------
| Return The Application
|--------------------------------------------------------------------------
|
| This script returns the application instance. The instance is given to
| the calling script so we can separate the building of the instances
| from the actual running of the application and sending responses.
|
*/
return $app;

35
bootstrap/autoload.php Normal file
View File

@ -0,0 +1,35 @@
<?php
define('LARAVEL_START', microtime(true));
/*
|--------------------------------------------------------------------------
| Register The Composer Auto Loader
|--------------------------------------------------------------------------
|
| Composer provides a convenient, automatically generated class loader
| for our application. We just need to utilize it! We'll require it
| into the script here so that we do not have to worry about the
| loading of any our classes "manually". Feels great to relax.
|
*/
require __DIR__.'/../vendor/autoload.php';
/*
|--------------------------------------------------------------------------
| Include The Compiled Class File
|--------------------------------------------------------------------------
|
| To dramatically increase your application's performance, you may use a
| compiled class file which contains all of the classes commonly used
| by a request. The Artisan "optimize" is used to create this file.
|
*/
$compiledPath = __DIR__.'/../vendor/compiled.php';
if (file_exists($compiledPath))
{
require $compiledPath;
}

55
composer.json Normal file
View File

@ -0,0 +1,55 @@
{
"name": "openstack-infra/openstackid-resources",
"description": "The OpenStackId Resource Server.",
"keywords": [
"framework",
"laravel"
],
"license": "MIT",
"type": "project",
"require": {
"laravel/framework": "5.0.*",
"predis/predis": "1.0.1",
"php": ">=5.4.0",
"guzzlehttp/guzzle": "5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.6.6",
"phpspec/phpspec": "~2.1",
"mockery/mockery": "0.9.4",
"squizlabs/php_codesniffer": "2.*",
"pragmarx/laravelcs": "*",
"glenscott/url-normalizer" : "1.4.0"
},
"autoload": {
"classmap": [
"database",
"app"
],
"psr-4": {
"App\\": "app/"
}
},
"autoload-dev": {
"classmap": [
"tests"
]
},
"scripts": {
"post-install-cmd": [
"php artisan clear-compiled",
"php artisan optimize"
],
"post-update-cmd": [
"php artisan clear-compiled",
"php artisan optimize"
],
"post-create-project-cmd": [
"php -r \"copy('.env.example', '.env');\"",
"php artisan key:generate"
]
},
"config": {
"preferred-install": "dist"
}
}

202
config/app.php Normal file
View File

@ -0,0 +1,202 @@
<?php
return [
//oauth2.0 params from openstackid server resource server admin console
'openstackid_client_id' => env('APP_OAUTH_2_0_CLIENT_ID'),
'openstackid_client_secret' => env('APP_OAUTH_2_0_CLIENT_SECRET'),
'openstackid_base_url' => env('APP_OAUTH_2_0_AUTH_SERVER_BASE_URL'),
/*
|--------------------------------------------------------------------------
| Application Debug Mode
|--------------------------------------------------------------------------
|
| When your application is in debug mode, detailed error messages with
| stack traces will be shown on every error that occurs within your
| application. If disabled, a simple generic error page is shown.
|
*/
'debug' => env('APP_DEBUG', false),
/*
|--------------------------------------------------------------------------
| Application URL
|--------------------------------------------------------------------------
|
| This URL is used by the console to properly generate URLs when using
| the Artisan command line tool. You should set this to the root of
| your application so that it is used when running Artisan tasks.
|
*/
'url' => env('APP_URL', 'http://localhost'),
/*
|--------------------------------------------------------------------------
| Application Timezone
|--------------------------------------------------------------------------
|
| Here you may specify the default timezone for your application, which
| will be used by the PHP date and date-time functions. We have gone
| ahead and set this to a sensible default for you out of the box.
|
*/
'timezone' => 'UTC',
/*
|--------------------------------------------------------------------------
| Application Locale Configuration
|--------------------------------------------------------------------------
|
| The application locale determines the default locale that will be used
| by the translation service provider. You are free to set this value
| to any of the locales which will be supported by the application.
|
*/
'locale' => 'en',
/*
|--------------------------------------------------------------------------
| Application Fallback Locale
|--------------------------------------------------------------------------
|
| The fallback locale determines the locale to use when the current one
| is not available. You may change the value to correspond to any of
| the language folders that are provided through your application.
|
*/
'fallback_locale' => 'en',
/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| This key is used by the Illuminate encrypter service and should be set
| to a random, 32 character string, otherwise these encrypted strings
| will not be safe. Please do this before deploying an application!
|
*/
'key' => env('APP_KEY', 'SomeRandomString'),
'cipher' => MCRYPT_RIJNDAEL_128,
/*
|--------------------------------------------------------------------------
| Logging Configuration
|--------------------------------------------------------------------------
|
| Here you may configure the log settings for your application. Out of
| the box, Laravel uses the Monolog PHP logging library. This gives
| you a variety of powerful log handlers / formatters to utilize.
|
| Available Settings: "single", "daily", "syslog", "errorlog"
|
*/
'log' => 'daily',
/*
|--------------------------------------------------------------------------
| Autoloaded Service Providers
|--------------------------------------------------------------------------
|
| The service providers listed here will be automatically loaded on the
| request to your application. Feel free to add your own services to
| this array to grant expanded functionality to your applications.
|
*/
'providers' => [
/*
* Laravel Framework Service Providers...
*/
'Illuminate\Foundation\Providers\ArtisanServiceProvider',
'Illuminate\Auth\AuthServiceProvider',
'Illuminate\Bus\BusServiceProvider',
'Illuminate\Cache\CacheServiceProvider',
'Illuminate\Foundation\Providers\ConsoleSupportServiceProvider',
'Illuminate\Routing\ControllerServiceProvider',
'Illuminate\Cookie\CookieServiceProvider',
'Illuminate\Database\DatabaseServiceProvider',
'Illuminate\Encryption\EncryptionServiceProvider',
'Illuminate\Filesystem\FilesystemServiceProvider',
'Illuminate\Foundation\Providers\FoundationServiceProvider',
'Illuminate\Hashing\HashServiceProvider',
'Illuminate\Mail\MailServiceProvider',
'Illuminate\Pagination\PaginationServiceProvider',
'Illuminate\Pipeline\PipelineServiceProvider',
'Illuminate\Queue\QueueServiceProvider',
'Illuminate\Redis\RedisServiceProvider',
'Illuminate\Auth\Passwords\PasswordResetServiceProvider',
'Illuminate\Session\SessionServiceProvider',
'Illuminate\Translation\TranslationServiceProvider',
'Illuminate\Validation\ValidationServiceProvider',
'Illuminate\View\ViewServiceProvider',
/*
* Application Service Providers...
*/
'App\Providers\AppServiceProvider',
'App\Providers\BusServiceProvider',
'App\Providers\ConfigServiceProvider',
'App\Providers\EventServiceProvider',
'App\Providers\RouteServiceProvider',
'repositories\RepositoriesProvider',
'services\ServicesProvider',
],
/*
|--------------------------------------------------------------------------
| Class Aliases
|--------------------------------------------------------------------------
|
| This array of class aliases will be registered when this application
| is started. However, feel free to register as many as you wish as
| the aliases are "lazy" loaded so they don't hinder performance.
|
*/
'aliases' => [
'App' => 'Illuminate\Support\Facades\App',
'Artisan' => 'Illuminate\Support\Facades\Artisan',
'Auth' => 'Illuminate\Support\Facades\Auth',
'Blade' => 'Illuminate\Support\Facades\Blade',
'Bus' => 'Illuminate\Support\Facades\Bus',
'Cache' => 'Illuminate\Support\Facades\Cache',
'Config' => 'Illuminate\Support\Facades\Config',
'Cookie' => 'Illuminate\Support\Facades\Cookie',
'Crypt' => 'Illuminate\Support\Facades\Crypt',
'DB' => 'Illuminate\Support\Facades\DB',
'Eloquent' => 'Illuminate\Database\Eloquent\Model',
'Event' => 'Illuminate\Support\Facades\Event',
'File' => 'Illuminate\Support\Facades\File',
'Hash' => 'Illuminate\Support\Facades\Hash',
'Input' => 'Illuminate\Support\Facades\Input',
'Inspiring' => 'Illuminate\Foundation\Inspiring',
'Lang' => 'Illuminate\Support\Facades\Lang',
'Log' => 'Illuminate\Support\Facades\Log',
'Mail' => 'Illuminate\Support\Facades\Mail',
'Password' => 'Illuminate\Support\Facades\Password',
'Queue' => 'Illuminate\Support\Facades\Queue',
'Redirect' => 'Illuminate\Support\Facades\Redirect',
'Redis' => 'Illuminate\Support\Facades\Redis',
'Request' => 'Illuminate\Support\Facades\Request',
'Response' => 'Illuminate\Support\Facades\Response',
'Route' => 'Illuminate\Support\Facades\Route',
'Schema' => 'Illuminate\Support\Facades\Schema',
'Session' => 'Illuminate\Support\Facades\Session',
'Storage' => 'Illuminate\Support\Facades\Storage',
'URL' => 'Illuminate\Support\Facades\URL',
'Validator' => 'Illuminate\Support\Facades\Validator',
'View' => 'Illuminate\Support\Facades\View',
],
];

67
config/auth.php Normal file
View File

@ -0,0 +1,67 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Authentication Driver
|--------------------------------------------------------------------------
|
| This option controls the authentication driver that will be utilized.
| This driver manages the retrieval and authentication of the users
| attempting to get access to protected areas of your application.
|
| Supported: "database", "eloquent"
|
*/
'driver' => 'eloquent',
/*
|--------------------------------------------------------------------------
| Authentication Model
|--------------------------------------------------------------------------
|
| When using the "Eloquent" authentication driver, we need to know which
| Eloquent model should be used to retrieve your users. Of course, it
| is often just the "User" model but you may use whatever you like.
|
*/
'model' => 'App\User',
/*
|--------------------------------------------------------------------------
| Authentication Table
|--------------------------------------------------------------------------
|
| When using the "Database" authentication driver, we need to know which
| table should be used to retrieve your users. We have chosen a basic
| default value but you may easily change it to any table you like.
|
*/
'table' => 'users',
/*
|--------------------------------------------------------------------------
| Password Reset Settings
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You can also set the name of the
| table that maintains all of the reset tokens for your application.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'password' => [
'email' => 'emails.password',
'table' => 'password_resets',
'expire' => 60,
],
];

50
config/cache.php Normal file
View File

@ -0,0 +1,50 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Default Cache Store
|--------------------------------------------------------------------------
|
| This option controls the default cache connection that gets used while
| using this caching library. This connection is used when another is
| not explicitly specified when executing a given caching function.
|
*/
'default' => env('CACHE_DRIVER', 'redis'),
/*
|--------------------------------------------------------------------------
| Cache Stores
|--------------------------------------------------------------------------
|
| Here you may define all of the cache "stores" for your application as
| well as their drivers. You may even define multiple stores for the
| same cache driver to group types of items stored in your caches.
|
*/
'stores' => [
'redis' => [
'driver' => 'redis',
'connection' => 'default',
],
],
/*
|--------------------------------------------------------------------------
| Cache Key Prefix
|--------------------------------------------------------------------------
|
| When utilizing a RAM based store such as APC or Memcached, there might
| be other applications utilizing the same cache. So, we'll specify a
| value to get prefixed to all our keys so we can avoid collisions.
|
*/
'prefix' => 'laravel',
];

41
config/compile.php Normal file
View File

@ -0,0 +1,41 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Additional Compiled Classes
|--------------------------------------------------------------------------
|
| Here you may specify additional classes to include in the compiled file
| generated by the `artisan optimize` command. These should be classes
| that are included on basically every request into the application.
|
*/
'files' => [
realpath(__DIR__.'/../app/Providers/AppServiceProvider.php'),
realpath(__DIR__.'/../app/Providers/BusServiceProvider.php'),
realpath(__DIR__.'/../app/Providers/ConfigServiceProvider.php'),
realpath(__DIR__.'/../app/Providers/EventServiceProvider.php'),
realpath(__DIR__.'/../app/Providers/RouteServiceProvider.php'),
],
/*
|--------------------------------------------------------------------------
| Compiled File Providers
|--------------------------------------------------------------------------
|
| Here you may list service providers which define a "compiles" function
| that returns additional files that should be compiled, providing an
| easy way to get common files from any packages you are utilizing.
|
*/
'providers' => [
//
],
];

30
config/cors.php Normal file
View File

@ -0,0 +1,30 @@
<?php
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
return array(
/**
* http://www.w3.org/TR/cors/#access-control-allow-headers-response-header
*/
'allowed_headers' => env('CORS_ALLOWED_HEADERS', 'origin, content-type, accept, authorization, x-requested-with'),
/**
* http://www.w3.org/TR/cors/#access-control-allow-methods-response-header
*/
'allowed_methods' => env('CORS_ALLOWED_METHODS', 'GET, POST, OPTIONS, PUT, DELETE'),
'use_pre_flight_caching' => env('CORS_USE_PRE_FLIGHT_CACHING', true),
/**
* http://www.w3.org/TR/cors/#access-control-max-age-response-header
*/
'max_age' => env('CORS_MAX_AGE', 3200),
'exposed_headers' => env('CORS_EXPOSED_HEADERS', ''),
);

19
config/curl.php Normal file
View File

@ -0,0 +1,19 @@
<?php
/**
* Copyright 2015 OpenStack Foundation
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
return array(
'timeout' => env('CURL_TIMEOUT', 60),
'allow_redirects' => env('CURL_ALLOWS_REDIRECT', false),
'verify_ssl_cert' => env('CURL_VERIFY_SSL_CERT', true),
);

Some files were not shown because too many files have changed in this diff Show More