Merge branch 'master' of github.com:thecodingmachine/graphql-controllers

moufmouf · moufmouf · commit 106e30555823 · 2017-07-21T16:44:47.000+02:00
diff --git a/README.md b/README.md
@@ -18,22 +18,55 @@ This library allows you to write your GraphQL queries in simple to write control
 
 ```php
 use TheCodingMachine\GraphQL\Controllers\Annotations\Query;
+use TheCodingMachine\GraphQL\Controllers\Annotations\Mutation;
 
 class UserController
 {
     /**
-     * @Query()
+     * @Query
      * @return User[]
      */
     public function users(int $limit, int $offset): array
     {
         // Some code that returns an array of "users".
         // This completely replaces the "resolve" method.
     }
+
+    /**
+     * @Mutation
+     * @return User
+     */
+    public function saveUser(UserInput $user): User
+    {
+        // Some code that saves a user.
+        // This completely replaces the "resolve" method.
+    }
+}
+```
+
+There is an additional support for authentication and authorization:
+
+```php
+use TheCodingMachine\GraphQL\Controllers\Annotations\Query;
+use TheCodingMachine\GraphQL\Controllers\Annotations\Mutation;
+
+class UserController
+{
+    /**
+     * @Query
+     * @Logged
+     * @Right("CAN_VIEW_USER_LIST")
+     * @return User[]
+     */
+    public function users(int $limit, int $offset): array
+    {
+        //
+    }
 }
 ```
 
 
+
 Troubleshooting
 ---------------
 
diff --git a/src/AggregateControllerQueryProvider.php b/src/AggregateControllerQueryProvider.php
@@ -14,6 +14,8 @@
 use Doctrine\Common\Annotations\Reader;
 use phpDocumentor\Reflection\Types\Integer;
 use TheCodingMachine\GraphQL\Controllers\Annotations\Query;
+use TheCodingMachine\GraphQL\Controllers\Security\AuthenticationServiceInterface;
+use TheCodingMachine\GraphQL\Controllers\Security\AuthorizationServiceInterface;
 use Youshido\GraphQL\Field\Field;
 use Youshido\GraphQL\Type\ListType\ListType;
 use Youshido\GraphQL\Type\NonNullType;
@@ -47,17 +49,27 @@ class AggregateControllerQueryProvider implements QueryProviderInterface
      * @var ContainerInterface
      */
     private $container;
+    /**
+     * @var AuthenticationServiceInterface
+     */
+    private $authenticationService;
+    /**
+     * @var AuthorizationServiceInterface
+     */
+    private $authorizationService;
 
     /**
      * @param string[] $controllers A list of controllers name in the container.
      */
-    public function __construct(array $controllers, ContainerInterface $container, Reader $annotationReader, TypeMapperInterface $typeMapper, HydratorInterface $hydrator)
+    public function __construct(array $controllers, ContainerInterface $container, Reader $annotationReader, TypeMapperInterface $typeMapper, HydratorInterface $hydrator, AuthenticationServiceInterface $authenticationService, AuthorizationServiceInterface $authorizationService)
     {
         $this->controllers = $controllers;
         $this->container = $container;
         $this->annotationReader = $annotationReader;
         $this->typeMapper = $typeMapper;
         $this->hydrator = $hydrator;
+        $this->authenticationService = $authenticationService;
+        $this->authorizationService = $authorizationService;
     }
 
     /**
@@ -69,7 +81,7 @@ public function getQueries(): array
 
         foreach ($this->controllers as $controllerName) {
             $controller = $this->container->get($controllerName);
-            $queryProvider = new ControllerQueryProvider($controller, $this->annotationReader, $this->typeMapper, $this->hydrator);
+            $queryProvider = new ControllerQueryProvider($controller, $this->annotationReader, $this->typeMapper, $this->hydrator, $this->authenticationService, $this->authorizationService);
             $queryList = array_merge($queryList, $queryProvider->getQueries());
         }
 
diff --git a/src/Annotations/Logged.php b/src/Annotations/Logged.php
@@ -0,0 +1,12 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQL\Controllers\Annotations;
+
+/**
+ * @Annotation
+ * @Target({"METHOD"})
+ */
+class Logged
+{
+}
diff --git a/src/Annotations/Mutation.php b/src/Annotations/Mutation.php
@@ -8,5 +8,4 @@
  */
 class Mutation
 {
-
 }
diff --git a/src/Annotations/Query.php b/src/Annotations/Query.php
@@ -8,5 +8,4 @@
  */
 class Query
 {
-
 }
diff --git a/src/Annotations/Right.php b/src/Annotations/Right.php
@@ -0,0 +1,40 @@
+<?php
+declare(strict_types=1);
+
+namespace TheCodingMachine\GraphQL\Controllers\Annotations;
+
+/**
+ * @Annotation
+ * @Target({"METHOD"})
+ * @Attributes({
+ *   @Attribute("name", type = "string"),
+ * })
+ */
+class Right
+{
+    /**
+     * @var string
+     */
+    private $name;
+
+    /**
+     * @param array $values
+     *
+     * @throws \BadMethodCallException
+     */
+    public function __construct(array $values)
+    {
+        if (!isset($values['value']) && !isset($values['name'])) {
+            throw new \BadMethodCallException('The @Right annotation must be passed a right name. For instance: "@Right(\'my_right\')"');
+        }
+        $this->name = $values['value'] ?? $values['name'];
+    }
+
+    /**
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->name;
+    }
+}
diff --git a/src/ControllerQueryProvider.php b/src/ControllerQueryProvider.php
@@ -12,8 +12,12 @@
 use Roave\BetterReflection\Reflection\ReflectionMethod;
 use Doctrine\Common\Annotations\Reader;
 use phpDocumentor\Reflection\Types\Integer;
+use TheCodingMachine\GraphQL\Controllers\Annotations\Logged;
 use TheCodingMachine\GraphQL\Controllers\Annotations\Mutation;
 use TheCodingMachine\GraphQL\Controllers\Annotations\Query;
+use TheCodingMachine\GraphQL\Controllers\Annotations\Right;
+use TheCodingMachine\GraphQL\Controllers\Security\AuthenticationServiceInterface;
+use TheCodingMachine\GraphQL\Controllers\Security\AuthorizationServiceInterface;
 use Youshido\GraphQL\Field\Field;
 use Youshido\GraphQL\Type\ListType\ListType;
 use Youshido\GraphQL\Type\NonNullType;
@@ -43,16 +47,26 @@ class ControllerQueryProvider implements QueryProviderInterface
      * @var HydratorInterface
      */
     private $hydrator;
+    /**
+     * @var AuthenticationServiceInterface
+     */
+    private $authenticationService;
+    /**
+     * @var AuthorizationServiceInterface
+     */
+    private $authorizationService;
 
     /**
      * @param object $controller
      */
-    public function __construct($controller, Reader $annotationReader, TypeMapperInterface $typeMapper, HydratorInterface $hydrator)
+    public function __construct($controller, Reader $annotationReader, TypeMapperInterface $typeMapper, HydratorInterface $hydrator, AuthenticationServiceInterface $authenticationService, AuthorizationServiceInterface $authorizationService)
     {
         $this->controller = $controller;
         $this->annotationReader = $annotationReader;
         $this->typeMapper = $typeMapper;
         $this->hydrator = $hydrator;
+        $this->authenticationService = $authenticationService;
+        $this->authorizationService = $authorizationService;
     }
 
     /**
@@ -84,7 +98,12 @@ private function getFieldsByAnnotations(string $annotationName): array
             $standardPhpMethod = new \ReflectionMethod(get_class($this->controller), $refMethod->getName());
             // First, let's check the "Query" annotation
             $queryAnnotation = $this->annotationReader->getMethodAnnotation($standardPhpMethod, $annotationName);
+
             if ($queryAnnotation !== null) {
+                if (!$this->isAuthorized($standardPhpMethod)) {
+                    continue;
+                }
+
                 $methodName = $refMethod->getName();
 
                 $args = $this->mapParameters($refMethod, $standardPhpMethod);
@@ -98,6 +117,30 @@ private function getFieldsByAnnotations(string $annotationName): array
         return $queryList;
     }
 
+    /**
+     * Checks the @Logged and @Right annotations.
+     *
+     * @param \ReflectionMethod $reflectionMethod
+     * @return bool
+     */
+    private function isAuthorized(\ReflectionMethod $reflectionMethod) : bool
+    {
+        $loggedAnnotation = $this->annotationReader->getMethodAnnotation($reflectionMethod, Logged::class);
+
+        if ($loggedAnnotation !== null && !$this->authenticationService->isLogged()) {
+            return false;
+        }
+
+        $rightAnnotation = $this->annotationReader->getMethodAnnotation($reflectionMethod, Right::class);
+        /** @var $rightAnnotation Right */
+
+        if ($rightAnnotation !== null && !$this->authorizationService->isAllowed($rightAnnotation->getName())) {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Note: there is a bug in $refMethod->allowsNull that forces us to use $standardRefMethod->allowsNull instead.
      *
@@ -183,7 +226,7 @@ private function toGraphQlType(Type $type): TypeInterface
      */
     private function typesWithoutNullable(array $docBlockTypeHints): array
     {
-        return array_filter($docBlockTypeHints, function($item) {
+        return array_filter($docBlockTypeHints, function ($item) {
             return !$item instanceof Null_;
         });
     }
diff --git a/src/GraphQLMiddleware.php b/src/GraphQLMiddleware.php
@@ -61,7 +61,7 @@ public function process(\Psr\Http\Message\ServerRequestInterface $request, \Inte
             return $delegate->process($request);
         }
 
-        if (!in_array($request->getMethod(), $this->allowed_methods, true)){
+        if (!in_array($request->getMethod(), $this->allowed_methods, true)) {
             return new JsonResponse([
                 "Method not allowed. Allowed methods are " . implode(", ", $this->allowed_methods)
             ], 405);
@@ -96,12 +96,12 @@ private function hasGraphQLHeader(ServerRequestInterface $request)
             return false;
         }
 
-        $request_headers = array_map(function($header){
+        $request_headers = array_map(function ($header) {
             return trim($header);
         }, explode(",", $request->getHeaderLine("content-type")));
 
         foreach ($this->graphql_headers as $allowed_header) {
-            if (in_array($allowed_header, $request_headers)){
+            if (in_array($allowed_header, $request_headers)) {
                 return true;
             }
         }
@@ -134,7 +134,6 @@ private function fromGet(ServerRequestInterface $request)
         $variables = is_string($variables) ? json_decode($variables, true) ?: [] : [];
 
         return [$query, $variables];
-
     }
 
     private function fromPost(ServerRequestInterface $request)
@@ -167,6 +166,5 @@ private function fromPost(ServerRequestInterface $request)
             }
         }
         return [$query, $variables];
-
     }
-}
+}
diff --git a/src/HydratorInterface.php b/src/HydratorInterface.php
@@ -2,6 +2,7 @@
 
 
 namespace TheCodingMachine\GraphQL\Controllers;
+
 use Youshido\GraphQL\Type\TypeInterface;
 
 /**
diff --git a/src/QueryField.php b/src/QueryField.php
@@ -46,7 +46,7 @@ public function __construct(string $name, TypeInterface $type, array $arguments,
                 $type = $this->stripNonNullType($type);
                 if ($type instanceof ListType) {
                     $subtype = $this->stripNonNullType($type->getItemType());
-                    $val = array_map(function($item) use ($subtype) {
+                    $val = array_map(function ($item) use ($subtype) {
                         if ($subtype->getKind() === TypeMap::KIND_OBJECT) {
                             return $this->hydrator->hydrate($item, $subtype);
                         };
diff --git a/src/Schema.php b/src/Schema.php
@@ -3,7 +3,6 @@
 
 namespace TheCodingMachine\GraphQL\Controllers;
 
-
 use Youshido\GraphQL\Config\Schema\SchemaConfig;
 use Youshido\GraphQL\Schema\AbstractSchema;
 
diff --git a/src/Security/AuthenticationServiceInterface.php b/src/Security/AuthenticationServiceInterface.php
@@ -0,0 +1,14 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQL\Controllers\Security;
+
+interface AuthenticationServiceInterface
+{
+    /**
+     * Returns true if the "current" user is logged
+     *
+     * @return bool
+     */
+    public function isLogged(): bool;
+}
diff --git a/src/Security/AuthorizationServiceInterface.php b/src/Security/AuthorizationServiceInterface.php
@@ -0,0 +1,15 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQL\Controllers\Security;
+
+interface AuthorizationServiceInterface
+{
+    /**
+     * Returns true if the "current" user has access to the right "$right"
+     *
+     * @param string $right
+     * @return bool
+     */
+    public function isAllowed(string $right): bool;
+}
diff --git a/src/Security/VoidAuthenticationService.php b/src/Security/VoidAuthenticationService.php
@@ -0,0 +1,21 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQL\Controllers\Security;
+
+/**
+ * A fake authentication service that always returns that the current user is NOT authenticated.
+ */
+class VoidAuthenticationService implements AuthenticationServiceInterface
+{
+
+    /**
+     * Returns true if the "current" user is logged
+     *
+     * @return bool
+     */
+    public function isLogged(): bool
+    {
+        return false;
+    }
+}
diff --git a/src/Security/VoidAuthorizationService.php b/src/Security/VoidAuthorizationService.php
diff --git a/src/TypeMapperInterface.php b/src/TypeMapperInterface.php
diff --git a/tests/ControllerQueryProviderTest.php b/tests/ControllerQueryProviderTest.php
diff --git a/tests/Fixtures/TestController.php b/tests/Fixtures/TestController.php
diff --git a/tests/Fixtures/TestObject.php b/tests/Fixtures/TestObject.php

Original file line number	Diff line number	Diff line change
`@@ -8,5 +8,4 @@`
`8`	`8`	`*/`
`9`	`9`	`class Mutation`
`10`	`10`	`{`
`11`		`-`
`12`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,5 +8,4 @@`
`8`	`8`	`*/`
`9`	`9`	`class Query`
`10`	`10`	`{`
`11`		`-`
`12`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ public function process(\Psr\Http\Message\ServerRequestInterface $request, \Inte`
`61`	`61`	`return $delegate->process($request);`
`62`	`62`	`}`
`63`	`63`
`64`		`- if (!in_array($request->getMethod(), $this->allowed_methods, true)){`
	`64`	`+ if (!in_array($request->getMethod(), $this->allowed_methods, true)) {`
`65`	`65`	`return new JsonResponse([`
`66`	`66`	`"Method not allowed. Allowed methods are " . implode(", ", $this->allowed_methods)`
`67`	`67`	`], 405);`
`@@ -96,12 +96,12 @@ private function hasGraphQLHeader(ServerRequestInterface $request)`
`96`	`96`	`return false;`
`97`	`97`	`}`
`98`	`98`
`99`		`- $request_headers = array_map(function($header){`
	`99`	`+ $request_headers = array_map(function ($header) {`
`100`	`100`	`return trim($header);`
`101`	`101`	`}, explode(",", $request->getHeaderLine("content-type")));`
`102`	`102`
`103`	`103`	`foreach ($this->graphql_headers as $allowed_header) {`
`104`		`- if (in_array($allowed_header, $request_headers)){`
	`104`	`+ if (in_array($allowed_header, $request_headers)) {`
`105`	`105`	`return true;`
`106`	`106`	`}`
`107`	`107`	`}`
`@@ -134,7 +134,6 @@ private function fromGet(ServerRequestInterface $request)`
`134`	`134`	`$variables = is_string($variables) ? json_decode($variables, true) ?: [] : [];`
`135`	`135`
`136`	`136`	`return [$query, $variables];`
`137`		`-`
`138`	`137`	`}`
`139`	`138`
`140`	`139`	`private function fromPost(ServerRequestInterface $request)`
`@@ -167,6 +166,5 @@ private function fromPost(ServerRequestInterface $request)`
`167`	`166`	`}`
`168`	`167`	`}`
`169`	`168`	`return [$query, $variables];`
`170`		`-`
`171`	`169`	`}`
`172`		`-}`
	`170`	`+}`