Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API: GraphQLとOAuth2.0の実装 #4474

Merged
merged 16 commits into from
Feb 27, 2020
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .env.dist
Original file line number Diff line number Diff line change
@@ -48,3 +48,9 @@ MAILER_URL=null://localhost
#ECCUBE_GC_MAXLIFETIME=1440

###< APPLICATION CONFIG ###

###> trikoder/oauth2-bundle ###
# Fallback OAuth2 encryption key
# Please override this with a secure value: https://oauth2.thephpleague.com/installation/#string-password
OAUTH2_ENCRYPTION_KEY=c6f06eb702cd2e49dd4912a904dae6ea
###< trikoder/oauth2-bundle ###
6 changes: 5 additions & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
@@ -20,7 +20,6 @@ cache:
- bin/.phpunit

php:
- 7.1
- 7.2
- 7.3
- 7.4snapshot
@@ -51,6 +50,11 @@ eccube_setup: &eccube_setup |
bin/console doctrine:database:create --env=dev
bin/console doctrine:schema:create --env=dev
bin/console eccube:fixtures:load --env=dev
mkdir var/oauth
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
mv private.key var/oauth
mv public.key var/oauth

package_api_setup: &package_api_setup |
mkdir ${PWD}/repos
71 changes: 71 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -36,6 +36,77 @@ npm ci # 初回およびpackage-lock.jsonに変更があったとき
npm run build # Sass のビルド
```

### OAuth2の設定

```shell
mkdir var/oauth
cd var/oauth
openssl genrsa -out private.key 2048
openssl rsa -in private.key -pubout -out public.key
```

[詳しくはこちら](https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys)

[クライアントの作成コマンドはこちら](https://github.com/trikoder/oauth2-bundle/blob/v2.x/docs/basic-setup.md)
[grant-type](https://github.com/trikoder/oauth2-bundle/blob/v2.x/OAuth2Grants.php)

クライアント作成例

```shell
bin/console trikoder:oauth2:create-client --redirect-uri=http://127.0.0.1:8000/ --grant-type=authorization_code --grant-type=client_credentials --grant-type=implicit --grant-type=password --grant-type=refresh_token --scope=read --scope=write
bin/console trikoder:oauth2:list-clients
```

#### Client credentials grant

```shell
curl -X POST \
http://127.0.0.1:8000/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}&scope=read'
```

#### Resource owner password credentials grant

```shell
curl -X POST \
http://127.0.0.1:8000/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=password&client_id={client_id}&client_secret={client_secret}&scope=read&username=admin&password=password'
```

#### Implicit grant

```uri
http://127.0.0.1:8000/admin/authorize?response_type=token&client_id={client_id}&client_secret={client_secret}&scope=read&state={csrf_token}
```

#### Authorization code grant

```uri
http://127.0.0.1:8000/admin/authorize?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&scope=read&state={csrf_token}
```

```shell
curl -X POST \
http://127.0.0.1:8000/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code&client_id={client_id}&client_secret={client_secret}&redirect_uri={redirect_uri}&code={code}'
```

#### Refresh token grant

```shell
curl -X POST \
http://127.0.0.1:8000/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=refresh_token&client_id={client_id}&client_secret={client_secret}&refresh_token={refresh_token}'
```

### 動作確認環境

* Apache/2.4.x (mod_rewrite / mod_ssl 必須)
12 changes: 1 addition & 11 deletions app/config/eccube/bundles.php
Original file line number Diff line number Diff line change
@@ -1,16 +1,5 @@
<?php

/*
* This file is part of EC-CUBE
*
* Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved.
*
* http://www.ec-cube.co.jp/
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

return [
Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
@@ -29,4 +18,5 @@
Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
SunCat\MobileDetectBundle\MobileDetectBundle::class => ['all' => true],
Knp\Bundle\PaginatorBundle\KnpPaginatorBundle::class => ['all' => true],
Trikoder\Bundle\OAuth2Bundle\TrikoderOAuth2Bundle::class => ['all' => true],
];
21 changes: 21 additions & 0 deletions app/config/eccube/packages/nyholm_psr7.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
services:
# Register nyholm/psr7 services for autowiring with PSR-17 (HTTP factories)
Psr\Http\Message\RequestFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\ResponseFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\ServerRequestFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\StreamFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\UploadedFileFactoryInterface: '@nyholm.psr7.psr17_factory'
Psr\Http\Message\UriFactoryInterface: '@nyholm.psr7.psr17_factory'

# Register nyholm/psr7 services for autowiring with HTTPlug factories
Http\Message\MessageFactory: '@nyholm.psr7.httplug_factory'
Http\Message\RequestFactory: '@nyholm.psr7.httplug_factory'
Http\Message\ResponseFactory: '@nyholm.psr7.httplug_factory'
Http\Message\StreamFactory: '@nyholm.psr7.httplug_factory'
Http\Message\UriFactory: '@nyholm.psr7.httplug_factory'

nyholm.psr7.psr17_factory:
class: Nyholm\Psr7\Factory\Psr17Factory

nyholm.psr7.httplug_factory:
class: Nyholm\Psr7\Factory\HttplugFactory
7 changes: 6 additions & 1 deletion app/config/eccube/packages/security.yaml
Original file line number Diff line number Diff line change
@@ -20,8 +20,13 @@ security:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
pattern: ^/api
security: true
stateless: true
oauth2: true
admin:
pattern: '^/%eccube_admin_route%/'
pattern: '^(/%eccube_admin_route%/|/authorize)'
anonymous: true
provider: member_provider
form_login:
15 changes: 15 additions & 0 deletions app/config/eccube/packages/trikoder_oauth2.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
trikoder_oauth2:

authorization_server:
private_key: '%kernel.project_dir%/var/oauth/private.key'
private_key_passphrase: null

encryption_key: '%env(string:OAUTH2_ENCRYPTION_KEY)%'

resource_server:
public_key: '%kernel.project_dir%/var/oauth/public.key'

scopes: ['read', 'write']

persistence:
doctrine: null
2 changes: 2 additions & 0 deletions app/config/eccube/routes/trikoder_oauth2.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
oauth2:
resource: '@TrikoderOAuth2Bundle/Resources/config/routes.xml'
7 changes: 7 additions & 0 deletions app/config/eccube/services.yaml
Original file line number Diff line number Diff line change
@@ -171,3 +171,10 @@ services:
# Symfony\Bridge\Twig\Extension\RoutingExtensionの後に登録するため,
# autoconfigureはfalseにし, CompilerPassで追加する.
autoconfigure: false

Eccube\EventListener\UserResolveListener:
arguments:
- '@Eccube\Security\Core\User\MemberProvider'
- '@Eccube\Security\Core\Encoder\UserPasswordEncoder'
tags:
- { name: kernel.event_listener, event: trikoder.oauth2.user_resolve, method: onUserResolve }
5 changes: 5 additions & 0 deletions appveyor.yml
Original file line number Diff line number Diff line change
@@ -67,6 +67,11 @@ before_test:
- php bin\console doctrine:database:create
- php bin\console doctrine:schema:create
- php bin\console eccube:fixtures:load
- mkdir var\oauth
- openssl genrsa -out private.key 2048
- openssl rsa -in private.key -pubout -out public.key
- move private.key var\oauth
- move public.key var\oauth

test_script:
- php bin\phpunit --exclude-group cache-clear
9 changes: 6 additions & 3 deletions composer.json
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@
},
"minimum-stability": "stable",
"require": {
"php": "^7.1.3",
"php": "^7.2.0",
"ext-intl": "*",
"ext-mbstring": "*",
"composer/ca-bundle": "^1.1",
@@ -40,6 +40,7 @@
"mobiledetect/mobiledetectlib": "^2.8",
"monolog/monolog": "^1.23",
"nesbot/carbon": "^1.22",
"nyholm/psr7": "^1.2",
"pimple/pimple": "^1.1",
"psr/cache": "^1.0",
"psr/container": "^1.0",
@@ -101,9 +102,11 @@
"symfony/workflow": "^3.4",
"symfony/yaml": "^3.4",
"tecnickcom/tcpdf": "^6.2",
"trikoder/oauth2-bundle": "^2.1",
"twig/extensions": "^1.5",
"twig/twig": "^2.4",
"vlucas/phpdotenv": "v2.4.0"
"vlucas/phpdotenv": "v2.4.0",
"webonyx/graphql-php": "^0.13.8"
},
"require-dev": {
"bheller/images-generator": "^1.0",
@@ -181,7 +184,7 @@
},
"config": {
"platform": {
"php": "7.1.3"
"php": "7.2.0"
},
"preferred-install": {
"*": "dist"
Loading