diff --git a/backend/.env.example b/backend/.env.example index d38c1df..5f2f204 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -17,3 +17,7 @@ DB_PASSWORD=password CACHE_DRIVER=file QUEUE_CONNECTION=sync + +AUTH0_DOMAIN=https://super-domain.auth0.com/ +AUTH0_AUD=https://audience + diff --git a/backend/app/Http/Middleware/Auth0Middleware.php b/backend/app/Http/Middleware/Auth0Middleware.php new file mode 100644 index 0000000..b107026 --- /dev/null +++ b/backend/app/Http/Middleware/Auth0Middleware.php @@ -0,0 +1,38 @@ +bearerToken(); + + if (!$token) { + return response()->json('No token provided', 401); + } + + $this->validateToken($token); + + return $next($request); + } + + public function validateToken($token) { + try { + $jwksUri = env('AUTH0_DOMAIN') . '.well-known/jwks.json'; + $jwksFetcher = new JWKFetcher(null, ['base_uri' => $jwksUri]); + $signatureVerifier = new AsymmetricVerifier($jwksFetcher); + $tokenVerifier = new TokenVerifier(env('AUTH0_DOMAIN'), env('AUTH0_AUD'), $signatureVerifier); + + $decoded = $tokenVerifier->verify($token); + } catch (InvalidTokenException $e) { + throw $e; + }; + } +} diff --git a/backend/bootstrap/app.php b/backend/bootstrap/app.php index b3df6ee..624bc2b 100644 --- a/backend/bootstrap/app.php +++ b/backend/bootstrap/app.php @@ -76,9 +76,9 @@ $app->configure('app'); // App\Http\Middleware\ExampleMiddleware::class // ]); -// $app->routeMiddleware([ -// 'auth' => App\Http\Middleware\Authenticate::class, -// ]); + $app->routeMiddleware([ + 'auth' => App\Http\Middleware\Auth0Middleware::class, + ]); /* |-------------------------------------------------------------------------- diff --git a/backend/composer.json b/backend/composer.json index 552aadf..72d3cf0 100644 --- a/backend/composer.json +++ b/backend/composer.json @@ -6,6 +6,7 @@ "type": "project", "require": { "php": "^7.3|^8.0", + "auth0/auth0-php": "^7.8", "laravel/lumen-framework": "^8.0" }, "require-dev": { diff --git a/backend/composer.lock b/backend/composer.lock index 37c96d6..11703d5 100644 --- a/backend/composer.lock +++ b/backend/composer.lock @@ -4,8 +4,134 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "080e929074bb7be513e0dbf6e3ee8b31", + "content-hash": "187e06bbce99a322bf2d6b2628d34204", "packages": [ + { + "name": "auth0/auth0-php", + "version": "7.8.0", + "source": { + "type": "git", + "url": "https://github.com/auth0/auth0-PHP.git", + "reference": "05c538b6c56a57d6d214f6a90e2b6a5d00945a51" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/auth0/auth0-PHP/zipball/05c538b6c56a57d6d214f6a90e2b6a5d00945a51", + "reference": "05c538b6c56a57d6d214f6a90e2b6a5d00945a51", + "shasum": "" + }, + "require": { + "auth0/php-jwt": "3.3.4", + "ext-json": "*", + "ext-openssl": "*", + "guzzlehttp/guzzle": "^7.2", + "php": "^7.3 | ^8.0", + "psr/simple-cache": "^1.0" + }, + "require-dev": { + "cache/adapter-common": "^1.2", + "cache/array-adapter": "^1.1", + "cache/hierarchical-cache": "^1.1", + "dealerdirect/phpcodesniffer-composer-installer": "^0.7", + "josegonzalez/dotenv": "^3.2", + "phpcompatibility/php-compatibility": "^8.1", + "phpstan/phpstan": "^0.12.64", + "phpunit/phpunit": "^9.3", + "squizlabs/php_codesniffer": "^3.2" + }, + "type": "library", + "autoload": { + "psr-4": { + "Auth0\\SDK\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Auth0", + "email": "support@auth0.com", + "homepage": "http://www.auth0.com/" + } + ], + "description": "Auth0 PHP SDK.", + "homepage": "https://github.com/auth0/auth0-PHP", + "support": { + "issues": "https://github.com/auth0/auth0-PHP/issues", + "source": "https://github.com/auth0/auth0-PHP/tree/7.8.0" + }, + "time": "2021-04-01T20:29:08+00:00" + }, + { + "name": "auth0/php-jwt", + "version": "3.3.4", + "source": { + "type": "git", + "url": "https://github.com/auth0/php-jwt.git", + "reference": "a0daa1a728cf85230843ebb8c1183047fe493284" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/auth0/php-jwt/zipball/a0daa1a728cf85230843ebb8c1183047fe493284", + "reference": "a0daa1a728cf85230843ebb8c1183047fe493284", + "shasum": "" + }, + "require": { + "ext-mbstring": "*", + "ext-openssl": "*", + "php": "^5.6 || ^7.0 || ^8.0" + }, + "require-dev": { + "mikey179/vfsstream": "~1.5", + "phpmd/phpmd": "~2.2", + "phpunit/php-invoker": "~1.1", + "phpunit/phpunit": "^5.7 || ^7.3", + "squizlabs/php_codesniffer": "~2.3" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "3.1-dev" + } + }, + "autoload": { + "psr-4": { + "Lcobucci\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Luís Otávio Cobucci Oblonczyk", + "email": "lcobucci@gmail.com", + "role": "Developer" + } + ], + "description": "A simple library to work with JSON Web Token and JSON Web Signature", + "keywords": [ + "JWS", + "jwt" + ], + "support": { + "source": "https://github.com/auth0/php-jwt/tree/3.3.4" + }, + "funding": [ + { + "url": "https://github.com/lcobucci", + "type": "github" + }, + { + "url": "https://www.patreon.com/lcobucci", + "type": "patreon" + } + ], + "time": "2021-01-04T20:39:06+00:00" + }, { "name": "brick/math", "version": "0.9.2", @@ -432,6 +558,239 @@ ], "time": "2020-04-13T13:17:36+00:00" }, + { + "name": "guzzlehttp/guzzle", + "version": "7.3.0", + "source": { + "type": "git", + "url": "https://github.com/guzzle/guzzle.git", + "reference": "7008573787b430c1c1f650e3722d9bba59967628" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/7008573787b430c1c1f650e3722d9bba59967628", + "reference": "7008573787b430c1c1f650e3722d9bba59967628", + "shasum": "" + }, + "require": { + "ext-json": "*", + "guzzlehttp/promises": "^1.4", + "guzzlehttp/psr7": "^1.7 || ^2.0", + "php": "^7.2.5 || ^8.0", + "psr/http-client": "^1.0" + }, + "provide": { + "psr/http-client-implementation": "1.0" + }, + "require-dev": { + "bamarni/composer-bin-plugin": "^1.4.1", + "ext-curl": "*", + "php-http/client-integration-tests": "^3.0", + "phpunit/phpunit": "^8.5.5 || ^9.3.5", + "psr/log": "^1.1" + }, + "suggest": { + "ext-curl": "Required for CURL handler support", + "ext-intl": "Required for Internationalized Domain Name (IDN) support", + "psr/log": "Required for using the Log middleware" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "7.3-dev" + } + }, + "autoload": { + "psr-4": { + "GuzzleHttp\\": "src/" + }, + "files": [ + "src/functions_include.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://sagikazarmark.hu" + } + ], + "description": "Guzzle is a PHP HTTP client library", + "homepage": "http://guzzlephp.org/", + "keywords": [ + "client", + "curl", + "framework", + "http", + "http client", + "psr-18", + "psr-7", + "rest", + "web service" + ], + "support": { + "issues": "https://github.com/guzzle/guzzle/issues", + "source": "https://github.com/guzzle/guzzle/tree/7.3.0" + }, + "funding": [ + { + "url": "https://github.com/GrahamCampbell", + "type": "github" + }, + { + "url": "https://github.com/Nyholm", + "type": "github" + }, + { + "url": "https://github.com/alexeyshockov", + "type": "github" + }, + { + "url": "https://github.com/gmponos", + "type": "github" + } + ], + "time": "2021-03-23T11:33:13+00:00" + }, + { + "name": "guzzlehttp/promises", + "version": "1.4.1", + "source": { + "type": "git", + "url": "https://github.com/guzzle/promises.git", + "reference": "8e7d04f1f6450fef59366c399cfad4b9383aa30d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/promises/zipball/8e7d04f1f6450fef59366c399cfad4b9383aa30d", + "reference": "8e7d04f1f6450fef59366c399cfad4b9383aa30d", + "shasum": "" + }, + "require": { + "php": ">=5.5" + }, + "require-dev": { + "symfony/phpunit-bridge": "^4.4 || ^5.1" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.4-dev" + } + }, + "autoload": { + "psr-4": { + "GuzzleHttp\\Promise\\": "src/" + }, + "files": [ + "src/functions_include.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + } + ], + "description": "Guzzle promises library", + "keywords": [ + "promise" + ], + "support": { + "issues": "https://github.com/guzzle/promises/issues", + "source": "https://github.com/guzzle/promises/tree/1.4.1" + }, + "time": "2021-03-07T09:25:29+00:00" + }, + { + "name": "guzzlehttp/psr7", + "version": "1.8.1", + "source": { + "type": "git", + "url": "https://github.com/guzzle/psr7.git", + "reference": "35ea11d335fd638b5882ff1725228b3d35496ab1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/35ea11d335fd638b5882ff1725228b3d35496ab1", + "reference": "35ea11d335fd638b5882ff1725228b3d35496ab1", + "shasum": "" + }, + "require": { + "php": ">=5.4.0", + "psr/http-message": "~1.0", + "ralouphie/getallheaders": "^2.0.5 || ^3.0.0" + }, + "provide": { + "psr/http-message-implementation": "1.0" + }, + "require-dev": { + "ext-zlib": "*", + "phpunit/phpunit": "~4.8.36 || ^5.7.27 || ^6.5.14 || ^7.5.20 || ^8.5.8 || ^9.3.10" + }, + "suggest": { + "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.7-dev" + } + }, + "autoload": { + "psr-4": { + "GuzzleHttp\\Psr7\\": "src/" + }, + "files": [ + "src/functions_include.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Michael Dowling", + "email": "mtdowling@gmail.com", + "homepage": "https://github.com/mtdowling" + }, + { + "name": "Tobias Schultze", + "homepage": "https://github.com/Tobion" + } + ], + "description": "PSR-7 message implementation that also provides common utility methods", + "keywords": [ + "http", + "message", + "psr-7", + "request", + "response", + "stream", + "uri", + "url" + ], + "support": { + "issues": "https://github.com/guzzle/psr7/issues", + "source": "https://github.com/guzzle/psr7/tree/1.8.1" + }, + "time": "2021-03-21T16:25:00+00:00" + }, { "name": "illuminate/auth", "version": "v8.38.0", @@ -2431,6 +2790,111 @@ }, "time": "2019-01-08T18:20:26+00:00" }, + { + "name": "psr/http-client", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-client.git", + "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621", + "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621", + "shasum": "" + }, + "require": { + "php": "^7.0 || ^8.0", + "psr/http-message": "^1.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Client\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Common interface for HTTP clients", + "homepage": "https://github.com/php-fig/http-client", + "keywords": [ + "http", + "http-client", + "psr", + "psr-18" + ], + "support": { + "source": "https://github.com/php-fig/http-client/tree/master" + }, + "time": "2020-06-29T06:28:15+00:00" + }, + { + "name": "psr/http-message", + "version": "1.0.1", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-message.git", + "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363", + "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Message\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "http://www.php-fig.org/" + } + ], + "description": "Common interface for HTTP messages", + "homepage": "https://github.com/php-fig/http-message", + "keywords": [ + "http", + "http-message", + "psr", + "psr-7", + "request", + "response" + ], + "support": { + "source": "https://github.com/php-fig/http-message/tree/master" + }, + "time": "2016-08-06T14:39:51+00:00" + }, { "name": "psr/log", "version": "1.1.3", @@ -2532,6 +2996,50 @@ }, "time": "2017-10-23T01:57:42+00:00" }, + { + "name": "ralouphie/getallheaders", + "version": "3.0.3", + "source": { + "type": "git", + "url": "https://github.com/ralouphie/getallheaders.git", + "reference": "120b605dfeb996808c31b6477290a714d356e822" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822", + "reference": "120b605dfeb996808c31b6477290a714d356e822", + "shasum": "" + }, + "require": { + "php": ">=5.6" + }, + "require-dev": { + "php-coveralls/php-coveralls": "^2.1", + "phpunit/phpunit": "^5 || ^6.5" + }, + "type": "library", + "autoload": { + "files": [ + "src/getallheaders.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ralph Khattar", + "email": "ralph.khattar@gmail.com" + } + ], + "description": "A polyfill for getallheaders.", + "support": { + "issues": "https://github.com/ralouphie/getallheaders/issues", + "source": "https://github.com/ralouphie/getallheaders/tree/develop" + }, + "time": "2019-03-08T08:55:37+00:00" + }, { "name": "ramsey/collection", "version": "1.1.3", diff --git a/backend/routes/web.php b/backend/routes/web.php index 5c84bf2..9f4579e 100644 --- a/backend/routes/web.php +++ b/backend/routes/web.php @@ -14,5 +14,10 @@ */ $router->get('/', function () use ($router) { - return $router->app->version(); + return 'Public View'; +}); +$router->group(['prefix' => 'api/v1', 'middleware' => 'auth'], function () use ($router){ + $router->get('/', function () use ($router) { + return 'Protected View'; + }); }); diff --git a/database/modelo.vpp b/database/modelo.vpp index 7140492..c2ee822 100644 Binary files a/database/modelo.vpp and b/database/modelo.vpp differ