Merge pull request #114 from phenixphp/feature/improve-guest-middleware

Feature/improve guest middleware

Author: barbosa89

README.md

@@ -1,8 +1,8 @@
 # Phenix framework
 
 [![run-tests](https://github.com/phenixphp/framework/actions/workflows/run-tests.yml/badge.svg)](https://github.com/phenixphp/framework/actions/workflows/run-tests.yml)
-<a href="https://packagist.org/packages/phenixphp/framework"><img src="https://img.shields.io/packagist/v/phenixphp/phenix" alt="Latest Stable Version"></a>
-<a href="https://packagist.org/packages/phenixphp/framework"><img src="https://img.shields.io/packagist/l/phenixphp/phenix" alt="License"></a>
+<a href="https://packagist.org/packages/phenixphp/framework"><img src="https://img.shields.io/packagist/v/phenixphp/framework" alt="Latest Stable Version"></a>
+<a href="https://packagist.org/packages/phenixphp/framework"><img src="https://img.shields.io/packagist/l/phenixphp/framework" alt="License"></a>
 
 Phenix is a web framework built on pure PHP, without external extensions, based on the [Amphp](https://amphp.org/)  ecosystem, which provides non-blocking operations, asynchronism and parallel code execution natively. It runs in the PHP SAPI CLI and on its own server, it is simply powerful.
 

src/Auth/Middlewares/Authenticated.php

@@ -12,6 +12,7 @@
 use Phenix\Auth\AuthenticationManager;
 use Phenix\Auth\Events\FailedTokenValidation;
 use Phenix\Auth\Events\TokenValidated;
+use Phenix\Auth\Middlewares\Concerns\InteractsWithBearerTokens;
 use Phenix\Auth\User;
 use Phenix\Facades\Config;
 use Phenix\Facades\Event;
@@ -21,15 +22,17 @@
 
 class Authenticated implements Middleware
 {
+    use InteractsWithBearerTokens;
+
     public function handleRequest(Request $request, RequestHandler $next): Response
     {
         $authorizationHeader = $request->getHeader('Authorization');
 
-        if (! $this->hasToken($authorizationHeader)) {
+        if (! $this->hasBearerScheme($authorizationHeader)) {
             return $this->unauthorized();
         }
 
-        $token = $this->extractToken($authorizationHeader);
+        $token = $this->extractBearerToken($authorizationHeader);
 
         /** @var AuthenticationManager $auth */
         $auth = App::make(AuthenticationManager::class);
@@ -63,20 +66,6 @@ public function handleRequest(Request $request, RequestHandler $next): Response
         return $next->handleRequest($request);
     }
 
-    protected function hasToken(string|null $token): bool
-    {
-        return $token !== null
-            && trim($token) !== ''
-            && str_starts_with($token, 'Bearer ');
-    }
-
-    protected function extractToken(string $authorizationHeader): string|null
-    {
-        $parts = explode(' ', $authorizationHeader, 2);
-
-        return isset($parts[1]) ? trim($parts[1]) : null;
-    }
-
     protected function unauthorized(): Response
     {
         return response()->json([

src/Auth/Middlewares/Concerns/InteractsWithBearerTokens.php

@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Phenix\Auth\Middlewares\Concerns;
+
+trait InteractsWithBearerTokens
+{
+    protected function hasBearerScheme(string|null $authorizationHeader): bool
+    {
+        if ($authorizationHeader === null) {
+            return false;
+        }
+
+        $authorizationHeader = trim($authorizationHeader);
+
+        if ($authorizationHeader === '') {
+            return false;
+        }
+
+        return preg_match('/^Bearer(?:\s+.*)?$/i', $authorizationHeader) === 1;
+    }
+
+    protected function extractBearerToken(string|null $authorizationHeader): string|null
+    {
+        if (! $this->hasBearerScheme($authorizationHeader)) {
+            return null;
+        }
+
+        $authorizationHeader = trim((string) $authorizationHeader);
+
+        if (preg_match('/^Bearer\s+([A-Za-z0-9._~+\\/-]+=*)$/i', $authorizationHeader, $matches) !== 1) {
+            return null;
+        }
+
+        return trim($matches[1]) !== '' ? $matches[1] : null;
+    }
+}

src/Auth/Middlewares/Guest.php

@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Phenix\Auth\Middlewares;
+
+use Amp\Http\Server\Middleware;
+use Amp\Http\Server\Request;
+use Amp\Http\Server\RequestHandler;
+use Amp\Http\Server\Response;
+use Phenix\App;
+use Phenix\Auth\AuthenticationManager;
+use Phenix\Auth\Middlewares\Concerns\InteractsWithBearerTokens;
+use Phenix\Http\Constants\HttpStatus;
+
+class Guest implements Middleware
+{
+    use InteractsWithBearerTokens;
+
+    public function handleRequest(Request $request, RequestHandler $next): Response
+    {
+        $header = $request->getHeader('Authorization');
+        $token = $this->hasBearerScheme($header) ? $this->extractBearerToken($header) : null;
+
+        if ($token === null) {
+            return $next->handleRequest($request);
+        }
+
+        /** @var AuthenticationManager $auth */
+        $auth = App::make(AuthenticationManager::class);
+
+        if ($auth->validate($token)) {
+            return $this->unauthorized();
+        }
+
+        return $next->handleRequest($request);
+    }
+
+    protected function unauthorized(): Response
+    {
+        return response()->json([
+            'message' => 'Unauthorized',
+        ], HttpStatus::UNAUTHORIZED)->send();
+    }
+}

src/Auth/Middlewares/TokenRateLimit.php

@@ -10,19 +10,20 @@
 use Amp\Http\Server\Response;
 use Phenix\App;
 use Phenix\Auth\AuthenticationManager;
+use Phenix\Auth\Middlewares\Concerns\InteractsWithBearerTokens;
 use Phenix\Facades\Config;
 use Phenix\Http\Constants\HttpStatus;
 use Phenix\Http\Ip;
 
-use function str_starts_with;
-
 class TokenRateLimit implements Middleware
 {
+    use InteractsWithBearerTokens;
+
     public function handleRequest(Request $request, RequestHandler $next): Response
     {
         $authorizationHeader = $request->getHeader('Authorization');
 
-        if ($authorizationHeader === null || ! str_starts_with($authorizationHeader, 'Bearer ')) {
+        if (! $this->hasBearerScheme($authorizationHeader)) {
             return $next->handleRequest($request);
         }