You've already forked Php-Template
fix: make Scope attribute repeatable and improve scope handling in middleware #21
@@ -6,7 +6,7 @@ namespace Siteworxpro\App\Attributes\Guards;
|
||||
|
||||
use Attribute;
|
||||
|
||||
#[Attribute(Attribute::TARGET_CLASS | Attribute::TARGET_METHOD)]
|
||||
#[Attribute(Attribute::TARGET_CLASS | Attribute::TARGET_METHOD | Attribute::IS_REPEATABLE)]
|
||||
readonly class Scope
|
||||
{
|
||||
public function __construct(
|
||||
|
||||
@@ -57,32 +57,42 @@ class ScopeMiddleware extends Middleware
|
||||
// Ensure the controller exists and the method is defined before reflecting.
|
||||
if (class_exists($class::class)) {
|
||||
$reflectionClass = new \ReflectionClass($class);
|
||||
|
||||
if ($reflectionClass->hasMethod($method)) {
|
||||
$reflectionMethod = $reflectionClass->getMethod($method);
|
||||
|
||||
// Fetch all Scope attributes declared on the method.
|
||||
$attributes = $reflectionMethod->getAttributes(Scope::class);
|
||||
|
||||
if (empty($attributes)) {
|
||||
// No scope attributes; delegate to the next handler.
|
||||
return $handler->handle($request);
|
||||
}
|
||||
|
||||
$requiredScopes = [];
|
||||
$userScopes = [];
|
||||
|
||||
foreach ($attributes as $attribute) {
|
||||
/** @var Scope $scopeInstance Concrete Scope attribute instance. */
|
||||
$scopeInstance = $attribute->newInstance();
|
||||
$requiredScopes = $scopeInstance->getScopes();
|
||||
$requiredScopes = array_merge($requiredScopes, $scopeInstance->getScopes());
|
||||
|
||||
// Retrieve user scopes from the request (defaults to an empty array).
|
||||
$userScopes = $request->getAttribute($scopeInstance->getClaim(), []);
|
||||
|
||||
if (!is_array($userScopes)) {
|
||||
$scopes = $request->getAttribute($scopeInstance->getClaim());
|
||||
if (!is_array($scopes)) {
|
||||
// If user scopes are not an array, treat as no scopes provided.
|
||||
$userScopes = explode($scopeInstance->getSeparator(), (string) $userScopes);
|
||||
$scopes = explode($scopeInstance->getSeparator(), (string) $scopes);
|
||||
}
|
||||
|
||||
$userScopes = array_merge(
|
||||
$userScopes,
|
||||
$scopes
|
||||
);
|
||||
}
|
||||
|
||||
$userScopes = array_unique($userScopes);
|
||||
|
||||
// Deny if any required scope is missing from the user's scopes.
|
||||
if (
|
||||
array_any(
|
||||
$requiredScopes,
|
||||
fn($requiredScope) => !in_array($requiredScope, $userScopes, true)
|
||||
)
|
||||
) {
|
||||
if (array_intersect($userScopes, $requiredScopes) === []) {
|
||||
return JsonResponseFactory::createJsonResponse([
|
||||
'error' => 'insufficient_scope',
|
||||
'error_description' =>
|
||||
@@ -91,7 +101,6 @@ class ScopeMiddleware extends Middleware
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// All checks passed; continue down the middleware pipeline.
|
||||
return $handler->handle($request);
|
||||
|
||||
Reference in New Issue
Block a user