-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.php
150 lines (118 loc) · 4.63 KB
/
app.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
<?php
declare(strict_types=1);
require __DIR__ . '/vendor/autoload.php';
// Loads the .env file.
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
$dotenv->load();
// Configuration.
$CONFIG = [
'BASE_URL' => $_ENV['BASE_URL'] ?? 'http://localhost:8090',
'STATIC_DIR' => $_ENV['STATIC_DIR'] ?? 'static',
'SESSION_SECRET' => $_ENV['SESSION_SECRET'],
'VV_ISSUER_URL' => $_ENV['VV_ISSUER_URL'],
'VV_CLIENT_ID' => $_ENV['VV_CLIENT_ID'],
'VV_CLIENT_SECRET' => $_ENV['VV_CLIENT_SECRET'],
];
// Setup OIDC
use Jumbojett\OpenIDConnectClient;
$oidcClient = new OpenIDConnectClient(
$CONFIG['VV_ISSUER_URL'],
$CONFIG['VV_CLIENT_ID'],
$CONFIG['VV_CLIENT_SECRET'],
);
$oidcClient->setRedirectURL($CONFIG['BASE_URL'] . '/auth/callback');
$oidcClient->setResponseTypes(array('code'));
$oidcClient->addScope(array('openid email profile'));
// Setup router
$router = new \Bramus\Router\Router();
$router->setBasePath('/');
// Start the session before all routes.
$router->before('GET|POST|PUT|DELETE', '/.*', function() {
session_start();
});
$router->get('/', function() use($CONFIG) {
$tplCtx = [
'oidc' => array(
'issuer_url' => $CONFIG['VV_ISSUER_URL'],
),
];
if(key_exists('user', $_SESSION)) {
$tplCtx['user'] = $_SESSION['user'];
$tplCtx['user_json'] = json_encode($tplCtx['user'], JSON_PRETTY_PRINT);
}
// We just use php include statement to render our index template.
include 'views/index.php';
});
// /login just redirects to /auth/login. But it could contain any app specific
// logic or a confirmation page that shows a login button.
$router->get('/login', function() use ($oidcClient) {
header('Location: /auth/login');
});
// /auth/login kicks off the OIDC flow by redirecting to Vault Vision. Once
// authentication is complete the user will be returned to /auth/callback.
$router->get('/auth/login', function() use ($oidcClient) {
if(!$oidcClient->authenticate()) {
// On failure this library redirects the browser.
}
});
// Once Vault Vision authenticates a user they will be sent here to complete
// the OIDC flow.
$router->get('/auth/callback', function() use ($oidcClient) {
if(!$oidcClient->authenticate()) {
// On failure this library redirects the browser.
}
$info = $oidcClient->requestUserInfo();
$_SESSION['user'] = $info;
header('Location: /');
});
// Logout clears the cookies and then sends the users to Vault Vision to clear
// the session, then Vault Vision will redirect the user to /auth/logout.
$router->get('/logout', function() use($CONFIG) {
$url = $CONFIG['VV_ISSUER_URL'] . '/logout?' . http_build_query(array(
'client_id' => $CONFIG['VV_CLIENT_ID'],
'return_to' => $CONFIG['BASE_URL'] . '/auth/logout',
));
header('Location: ' . $url);
});
// Once Vault Vision clears the users session, they return to this route.
$router->get('/auth/logout', function() {
$_SESSION = array();
session_destroy();
header('Location: /');
});
// /settings just redirects to /auth/settings. But it could contain any app
// specific logic or a confirmation page that shows a settings button.
$router->get('/settings', function() {
header('Location: /auth/settings');
});
// /auth/settings redirects to the Vault Vision settings page so users can
// manage their email, password, social logins, webauthn credentials and more.
//
// This works by using an oidc prompt named "settings". When the user returns
// your session will be updated to reflect any changes they made.
$router->get('/auth/settings', function() use($oidcClient) {
$oidcClient->addAuthParam(array('prompt' => 'settings'));
// This will call the private oidcClient->requestAuthorization method
// if no query params are set.
$oidcClient->authenticate();
});
// Basic static routes for this example, you wouldn't use these in a
// production env.
$router->get('/static/js/bootstrap.bundle.min.js', function() {
header('Content-Type: application/javascript; charset=UTF-8');
echo file_get_contents('static/js/bootstrap.bundle.min.js');
});
$router->get('/static/css/bootstrap.min.css', function() {
header('Content-Type: text/css; charset=UTF-8');
echo file_get_contents('static/css/bootstrap.min.css');
});
$router->get('/static/img/favicon_root.png', function() {
header('Content-Type: image/png');
echo file_get_contents('static/img/favicon_root.png');
});
$router->get('/static/img/vault-vision-just-triad-dark-blue.svg', function() {
header('Content-Type: image/svg+xml');
echo file_get_contents('static/img/vault-vision-just-triad-dark-blue.svg');
});
// Runs the router.
$router->run();