D4340.1775789030.diff
No OneTemporary
Actions

Authored By

Unknown

Size

4 KB

Referenced Files

None

Subscribers

None

D4340.1775789030.diff
View Options

	diff --git a/docker/webapp/Dockerfile b/docker/webapp/Dockerfile
	--- a/docker/webapp/Dockerfile
	+++ b/docker/webapp/Dockerfile
	@@ -4,7 +4,7 @@

	USER root

	-RUN dnf -y install findutils gnupg2 git rsync procps-ng
	+RUN dnf -y install findutils gnupg2 git rsync procps-ng php-sodium

	EXPOSE 8000

	diff --git a/src/app/Http/Controllers/API/V4/VPNController.php b/src/app/Http/Controllers/API/V4/VPNController.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Http/Controllers/API/V4/VPNController.php
	@@ -0,0 +1,48 @@
	+<?php
	+
	+namespace App\Http\Controllers\API\V4;
	+
	+use App\Http\Controllers\Controller;
	+use App\Sku;
	+use Carbon\Carbon;
	+use Illuminate\Http\Request;
	+use Lcobucci\JWT\Encoding\ChainedFormatter;
	+use Lcobucci\JWT\Encoding\JoseEncoder;
	+use Lcobucci\JWT\Signer\Key\InMemory;
	+use Lcobucci\JWT\Signer\Hmac;
	+use Lcobucci\JWT\Token\Builder;
	+
	+class VPNController extends Controller
	+{
	+ /**
	+ * Token request from the vpn module
	+ *
	+ * @param \Illuminate\Http\Request $request The API request.
	+ *
	+ * @return \Illuminate\Http\Response The response
	+ */
	+ public function token(Request $request)
	+ {
	+ $user = $this->guard()->user();
	+ if (!$user) {
	+ return response()->json(['status' => 'error', 'message' => "Invalid user"], 401);
	+ }
	+
	+ //TODO look for vpn sku with different access levels?
	+ // Sku::withObjectTenantContext($user)->where('title', 'room')->exists();
	+
	+ $tokenBuilder = (new Builder(new JoseEncoder(), ChainedFormatter::default()));
	+ //TODO from config
	+ $signingKey = InMemory::base64Encoded(
	+ 'hiG8DlOKvtih6AxlZn5XKImZ06yu8I3mkOzaJrEuW8yAv8Jnkw330uMt8AEqQ5LB'
	+ );
	+
	+ // $now = new \DateTimeImmutable(Carbon::now()->instance());
	+ $token = $tokenBuilder
	+ ->issuedAt(Carbon::now()->toImmutable())
	+ ->withClaim('entitlement', "gold")
	+ ->getToken(new Hmac\Sha256(), $signingKey);
	+
	+ return response($token->toString());
	+ }
	+}
	diff --git a/src/composer.json b/src/composer.json
	--- a/src/composer.json
	+++ b/src/composer.json
	@@ -34,7 +34,8 @@
	"sabre/vobject": "^4.5",
	"spatie/laravel-translatable": "^6.3",
	"spomky-labs/otphp": "~10.0.0",
	- "stripe/stripe-php": "^10.7"
	+ "stripe/stripe-php": "^10.7",
	+ "lcobucci/jwt": "^4.3"
	},
	"require-dev": {
	"code-lts/doctum": "^5.5.1",
	diff --git a/src/routes/api.php b/src/routes/api.php
	--- a/src/routes/api.php
	+++ b/src/routes/api.php
	@@ -188,6 +188,8 @@
	Route::post('support/request', [API\V4\SupportController::class, 'request'])
	->withoutMiddleware(['auth:api', 'scope:api'])
	->middleware(['api']);
	+
	+ Route::get('vpn/token', [API\V4\VPNController::class, 'token']);
	}
	);

	diff --git a/src/tests/Feature/Controller/VPNTest.php b/src/tests/Feature/Controller/VPNTest.php
	new file mode 100644
	--- /dev/null
	+++ b/src/tests/Feature/Controller/VPNTest.php
	@@ -0,0 +1,66 @@
	+<?php
	+
	+namespace Tests\Feature\Controller;
	+
	+use Tests\TestCase;
	+use Carbon\Carbon;
	+use Lcobucci\JWT\Encoding\JoseEncoder;
	+use Lcobucci\JWT\Token\Parser;
	+use Lcobucci\JWT\Signer\Hmac\Sha256;
	+use Lcobucci\JWT\Signer\Key\InMemory;
	+use Lcobucci\JWT\Validation\Constraint;
	+use Lcobucci\JWT\Token\RegisteredClaims;
	+
	+class VPNTest extends TestCase
	+{
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function setUp(): void
	+ {
	+ Carbon::setTestNow(Carbon::create(2022, 02, 02, 13, 0, 0));
	+ parent::setUp();
	+ }
	+
	+ /**
	+ * {@inheritDoc}
	+ */
	+ public function tearDown(): void
	+ {
	+ parent::tearDown();
	+ }
	+
	+ /**
	+ * Test the webhook
	+ */
	+ public function testToken(): void
	+ {
	+ $john = $this->getTestUser('john@kolab.org');
	+
	+ $response = $this->get("api/v4/vpn/token");
	+ $response->assertStatus(401);
	+
	+ $response = $this->actingAs($john)->get("api/v4/vpn/token");
	+ $response->assertStatus(200);
	+
	+ $jwt = $response->content();
	+
	+ $key = InMemory::base64Encoded(
	+ 'hiG8DlOKvtih6AxlZn5XKImZ06yu8I3mkOzaJrEuW8yAv8Jnkw330uMt8AEqQ5LB'
	+ );
	+
	+ $parser = new Parser(new JoseEncoder());
	+ $token = $parser->parse(
	+ $jwt,
	+ new Constraint\SignedWith(new Sha256(), $key),
	+ );
	+
	+ $this->assertSame("gold", $token->claims()->get('entitlement'));
	+ $this->assertSame("2022-02-02T13:00:00+00:00", $token->claims()->get(
	+ RegisteredClaims::ISSUED_AT
	+ )->format(\DateTimeImmutable::RFC3339));
	+ $this->assertSame(0, Carbon::now()->diffInSeconds(new Carbon($token->claims()->get(
	+ RegisteredClaims::ISSUED_AT
	+ ))));
	+ }
	+}

File Metadata

Mime Type: text/plain
Expires: Fri, Apr 10, 2:43 AM (8 h, 3 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18852752
Default Alt Text: D4340.1775789030.diff (4 KB)

D4340.1775789030.diffNo OneTemporaryActions

D4340.1775789030.diffView Options

File Metadata

Event Timeline

D4340.1775789030.diff
No OneTemporary
Actions

D4340.1775789030.diff
View Options