From 5c096b40d41f107443aad602b67b72beae7e26b3 Mon Sep 17 00:00:00 2001
From: indykoning <15870933+indykoning@users.noreply.github.com>
Date: Tue, 10 Oct 2023 16:03:20 +0200
Subject: [PATCH] Magento customer auth guard (#355)

---
 config/rapidez.php                     |  2 ++
 src/Auth/MagentoCustomerTokenGuard.php | 48 +++++++++++++++++++++++++
 src/Models/Customer.php                | 50 ++++++++++++++++++++++++++
 src/Models/OauthToken.php              | 18 ++++++++++
 src/RapidezServiceProvider.php         | 19 ++++++++++
 5 files changed, 137 insertions(+)
 create mode 100644 src/Auth/MagentoCustomerTokenGuard.php
 create mode 100644 src/Models/Customer.php
 create mode 100644 src/Models/OauthToken.php

diff --git a/config/rapidez.php b/config/rapidez.php
index 8e8120152..779d9eb57 100644
--- a/config/rapidez.php
+++ b/config/rapidez.php
@@ -86,6 +86,8 @@
         'attribute'                 => Rapidez\Core\Models\Attribute::class,
         'product'                   => Rapidez\Core\Models\Product::class,
         'category'                  => Rapidez\Core\Models\Category::class,
+        'oauth_token'               => Rapidez\Core\Models\OauthToken::class,
+        'customer'                  => Rapidez\Core\Models\Customer::class,
         'config'                    => Rapidez\Core\Models\Config::class,
         'option_swatch'             => Rapidez\Core\Models\OptionSwatch::class,
         'option_value'              => Rapidez\Core\Models\OptionValue::class,
diff --git a/src/Auth/MagentoCustomerTokenGuard.php b/src/Auth/MagentoCustomerTokenGuard.php
new file mode 100644
index 000000000..3d616cea2
--- /dev/null
+++ b/src/Auth/MagentoCustomerTokenGuard.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Rapidez\Core\Auth;
+
+use Illuminate\Auth\TokenGuard;
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Http\Request;
+
+class MagentoCustomerTokenGuard extends TokenGuard implements Guard
+{
+    /**
+     * Get the currently authenticated user.
+     *
+     * @return \Illuminate\Contracts\Auth\Authenticatable|null
+     */
+    public function user()
+    {
+        // If we've already retrieved the user for the current request we can just
+        // return it back immediately. We do not want to fetch the user data on
+        // every call to this method because that would be tremendously slow.
+        if (! is_null($this->user)) {
+            return $this->user;
+        }
+
+        $token = $this->getTokenForRequest();
+
+        return $this->user = empty($token) ? null : $this->retrieveByToken($token);
+    }
+
+    /**
+     * Validate a user's credentials.
+     *
+     * @return bool
+     */
+    public function validate(array $credentials = [])
+    {
+        if (empty($credentials[$this->inputKey])) {
+            return false;
+        }
+
+        return (bool) $this->retrieveByToken($credentials[$this->inputKey]);
+    }
+
+    protected function retrieveByToken($token)
+    {
+        return config('rapidez.models.customer')::whereToken($token)->first();
+    }
+}
diff --git a/src/Models/Customer.php b/src/Models/Customer.php
new file mode 100644
index 000000000..e406aa752
--- /dev/null
+++ b/src/Models/Customer.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Rapidez\Core\Models;
+
+use Illuminate\Auth\Authenticatable;
+use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+use Illuminate\Database\Eloquent\Builder;
+use Rapidez\Core\Actions\DecodeJwt;
+
+class Customer extends Model implements AuthenticatableContract
+{
+    use Authenticatable;
+
+    protected $primaryKey = 'entity_id';
+
+    protected $table = 'customer_entity';
+
+    protected $hidden = [
+        'password_hash',
+        'rp_token',
+        'rp_token_created_at',
+        'confirmation',
+    ];
+
+    public function oauthTokens()
+    {
+        return $this->hasMany(config('rapidez.models.oauth_token'), 'customer_id');
+    }
+
+    public function getRememberTokenName()
+    {
+        return '';
+    }
+
+    public function scopeWhereToken(Builder $query, string $token)
+    {
+        $query->when(
+            DecodeJwt::isJwt($token),
+            fn (Builder $query) => $query
+                ->where(
+                    $this->qualifyColumn('customer_id'),
+                    DecodeJwt::decode($token)
+                        ->claims()
+                        ->get('uid')
+                ),
+            fn (Builder $query) => $query
+                ->whereHas('oauthTokens', fn (Builder $query) => $query->where('token', $token))
+        );
+    }
+}
diff --git a/src/Models/OauthToken.php b/src/Models/OauthToken.php
new file mode 100644
index 000000000..9fbe7cb7c
--- /dev/null
+++ b/src/Models/OauthToken.php
@@ -0,0 +1,18 @@
+<?php
+
+namespace Rapidez\Core\Models;
+
+use Illuminate\Contracts\Database\Eloquent\Builder;
+
+class OauthToken extends Model
+{
+    protected $table = 'oauth_token';
+
+    protected static function booting(): void
+    {
+        static::addGlobalScope('active', function (Builder $builder) {
+            $builder
+                ->where('revoked', 0);
+        });
+    }
+}
diff --git a/src/RapidezServiceProvider.php b/src/RapidezServiceProvider.php
index b43c8b7d4..ed956c5ba 100644
--- a/src/RapidezServiceProvider.php
+++ b/src/RapidezServiceProvider.php
@@ -3,6 +3,7 @@
 namespace Rapidez\Core;
 
 use Illuminate\Contracts\Debug\ExceptionHandler;
+use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Contracts\Http\Kernel;
 use Illuminate\Http\Request;
 use Illuminate\Support\Collection;
@@ -12,6 +13,7 @@
 use Illuminate\Support\Facades\Vite;
 use Illuminate\Support\ServiceProvider;
 use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
+use Rapidez\Core\Auth\MagentoCustomerTokenGuard;
 use Rapidez\Core\Commands\IndexCategoriesCommand;
 use Rapidez\Core\Commands\IndexProductsCommand;
 use Rapidez\Core\Commands\InstallCommand;
@@ -36,6 +38,7 @@ class RapidezServiceProvider extends ServiceProvider
     public function boot()
     {
         $this
+            ->bootAuth()
             ->bootCommands()
             ->bootPublishables()
             ->bootRoutes()
@@ -57,6 +60,22 @@ public function register()
             ->registerExceptionHandlers();
     }
 
+    protected function bootAuth(): self
+    {
+        auth()->extend('magento-customer', function (Application $app, string $name, array $config) {
+            return new MagentoCustomerTokenGuard(auth()->createUserProvider($config['provider']), request(), 'token', 'token');
+        });
+
+        config([
+            'auth.guards.magento-customer' => [
+                'driver'   => 'magento-customer',
+                'provider' => 'users',
+            ],
+        ]);
+
+        return $this;
+    }
+
     protected function bootCommands(): self
     {
         $this->commands([