src/App/Controller/API/AuthController.php line 254

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller\API;
  7. use API\Exception\ValidationException;
  8. use App\DTO\APIRequest\AuthDTO;
  9. use App\DTO\Auth\AuthJWTResponse;
  10. use App\DTO\Auth\AuthUserRawData;
  11. use App\Entity\Users;
  12. use App\Security\EmailAuthenticator;
  13. use App\Security\FacebookSignedRequestAuthenticator;
  14. use App\Security\GoogleOAuth2Authenticator;
  15. use App\Service\User\UserLoginService;
  16. use App\Service\User\UsersManagementService;
  17. use Doctrine\ORM\EntityManagerInterface;
  18. use Gesdinet\JWTRefreshTokenBundle\Generator\RefreshTokenGeneratorInterface;
  19. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  20. use KnpU\OAuth2ClientBundle\Client\Provider\FacebookClient;
  21. use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
  22. use League\OAuth2\Client\Token\AccessToken;
  23. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  24. use Nelmio\ApiDocBundle\Attribute\Model;
  25. use OpenApi\Attributes as OA;
  26. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  27. use Symfony\Component\HttpFoundation\JsonResponse;
  28. use Symfony\Component\HttpFoundation\Request;
  29. use Symfony\Component\HttpFoundation\Response;
  30. use Symfony\Component\Routing\Attribute\Route;
  31. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  33. #[OA\Tag(name'Authentication')]
  34. #[OA\Response(
  35.     response200,
  36.     description'',
  37.     content: new OA\JsonContent(
  38.         ref: new Model(typeAuthJWTResponse::class)
  39.     )
  40. )]
  41. #[OA\Response(
  42.     response403,
  43.     description'Forbidden',
  44. )]
  45. #[Route(path'/auth')]
  46. final class AuthController extends AbstractController
  47. {
  48.     public const REFRESH_TTL 2592000;
  50.     public function __construct(
  51.         private readonly EntityManagerInterface $em,
  52.         private readonly UserLoginService $userLoginService,
  53.     ) {}
  55.     #[OA\QueryParameter(
  56.         name'access_token',
  57.         requiredtrue,
  58.     )]
  59.     #[Route(path'/facebook/verify'name'api.auth.facebook.check'methods: ['GET'])]
  60.     public function getAuthFacebookCheck(
  61.         Request $request,
  62.         ClientRegistry $clientRegistry,
  63.         JWTTokenManagerInterface $jwt,
  64.         UsersManagementService $usersManagementService,
  65.         EntityManagerInterface $em,
  66.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  67.     ): JsonResponse {
  68.         $accessToken $request->get('access_token');
  70.         /** @var FacebookClient $client */
  71.         $client $clientRegistry->getClient('facebook_main');
  73.         try {
  74.             $t = new AccessToken(
  75.                 [
  76.                     'access_token' => $accessToken,
  77.                 ]
  78.             );
  80.             $facebookUser $client->fetchUserFromToken($t);
  81.         } catch (IdentityProviderException $e) {
  82.             return $this->json(
  83.                 new AuthJWTResponse(
  84.                     AuthJWTResponse::STATUS_ERROR,
  85.                     null,
  86.                     $e->getMessage()
  87.                 ),
  88.                 Response::HTTP_FORBIDDEN
  89.             );
  90.         }
  92.         /** @var Users $user */
  93.         $user $this
  94.             ->em
  95.             ->getRepository(Users::class)
  96.             ->findByFacebook($facebookUser->getId());
  97.         if (!$user) {
  98.             $authUserRawData = (new AuthUserRawData())
  99.                 ->setIdentity($facebookUser->getId())
  100.                 ->setFirstName($facebookUser->getFirstName())
  101.                 ->setLastName($facebookUser->getLastName())
  102.                 ->setAvatar($facebookUser->getPictureUrl())
  103.                 ->setLanguage($request->getLocale());
  105.             $user $usersManagementService->createUser(Users::AUTH_FB$authUserRawData$this->getUser());
  106.         } else {
  107.             try {
  108.                 $avatar $facebookUser->getPictureUrl();
  109.                 if (!empty($avatar)) {
  110.                     $user->getUserData()->setPicture($avatar);
  111.                     $em->flush();
  112.                 }
  113.             } catch (\Throwable $e) {
  114.             }
  115.         }
  117.         $token $jwt->create($user);
  118.         $refreshToken $refreshTokenGenerator->createForUserWithTtl($userself::REFRESH_TTL);
  119.         $this->em->persist($refreshToken);
  120.         $this->em->flush();
  122.         return $this->json(
  123.             new AuthJWTResponse(
  124.                 AuthJWTResponse::STATUS_SUCCESS,
  125.                 $token,
  126.                 $refreshToken->getRefreshToken()
  127.             )
  128.         );
  129.     }
  131.     #[OA\QueryParameter(
  132.         name'access_token',
  133.         requiredtrue,
  134.     )]
  135.     #[OA\QueryParameter(
  136.         name'code',
  137.         requiredfalse,
  138.     )]
  139.     #[OA\QueryParameter(
  140.         name'first_name',
  141.         requiredtrue,
  142.     )]
  143.     #[OA\QueryParameter(
  144.         name'last_name',
  145.         requiredtrue,
  146.     )]
  147.     #[Route(path'/apple/verify'name'api.auth.apple.check'methods: ['GET'])]
  148.     public function getAuthAppleCheck(
  149.         Request $request,
  150.         ClientRegistry $clientRegistry,
  151.         JWTTokenManagerInterface $jwt,
  152.         UsersManagementService $usersManagementService,
  153.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  154.     ): JsonResponse {
  155.         $accessToken $request->get('access_token');
  156.         $code $request->get('code');
  157.         $firstName = (string) $request->get('first_name');
  158.         $lastName = (string) $request->get('last_name');
  160.         try {
  161.             $appleUser $usersManagementService->decodeAppleAccessToken($accessToken);
  162.         } catch (\Exception $e) {
  163.             return $this->json(
  164.                 new AuthJWTResponse(
  165.                     AuthJWTResponse::STATUS_ERROR,
  166.                     null,
  167.                     $e->getMessage()
  168.                 ),
  169.                 Response::HTTP_FORBIDDEN
  170.             );
  171.         }
  173.         /** @var Users $user */
  174.         $user $this
  175.             ->em
  176.             ->getRepository(Users::class)
  177.             ->findByApple($appleUser['id']);
  178.         if (!$user) {
  179.             $authUserRawData = (new AuthUserRawData())
  180.                 ->setIdentity($appleUser['id'])
  181.                 ->setEmail($appleUser['email'])
  182.                 ->setFirstName($firstName)
  183.                 ->setLastName($lastName);
  185.             $user $usersManagementService->createUser(Users::AUTH_APPLE$authUserRawData$this->getUser());
  186.         }
  188.         $token $jwt->create($user);
  189.         $refreshToken $refreshTokenGenerator->createForUserWithTtl($userself::REFRESH_TTL);
  190.         $this->em->persist($refreshToken);
  191.         $this->em->flush();
  193.         return $this->json(
  194.             new AuthJWTResponse(
  195.                 AuthJWTResponse::STATUS_SUCCESS,
  196.                 $token,
  197.                 $refreshToken->getRefreshToken()
  198.             )
  199.         );
  200.     }
  202.     #[OA\QueryParameter(
  203.         name'access_token',
  204.         requiredtrue,
  205.     )]
  206.     #[Route(path'/google/verify'name'api.auth.google.check'methods: ['GET'])]
  207.     public function getAuthGoogleCheck(
  208.         Request $request,
  209.         ClientRegistry $clientRegistry,
  210.         JWTTokenManagerInterface $jwt,
  211.         UsersManagementService $usersManagementService,
  212.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  213.     ): JsonResponse {
  214.         $accessToken $request->get('access_token');
  216.         try {
  217.             $googleUser $usersManagementService->decodeGoogleAccessToken($accessToken);
  218.         } catch (\Exception $e) {
  219.             return $this->json(
  220.                 new AuthJWTResponse(
  221.                     AuthJWTResponse::STATUS_ERROR,
  222.                     null,
  223.                     $e->getMessage()
  224.                 ),
  225.                 Response::HTTP_FORBIDDEN
  226.             );
  227.         }
  229.         // $identity $googleUser['id']
  230.         $identity $googleUser['email'];
  232.         /** @var Users $user */
  233.         $user $this
  234.             ->em
  235.             ->getRepository(Users::class)
  236.             ->findByGoogle($identity);
  237.         if (!$user) {
  238.             $authUserRawData = (new AuthUserRawData())
  239.                 ->setIdentity($identity)
  240.                 ->setEmail($googleUser['email'])
  241.                 ->setFirstName($googleUser['first_name'])
  242.                 ->setLastName($googleUser['last_name'])
  243.                 ->setAvatar($googleUser['picture'])
  244.                 ->setLanguage($googleUser['locale']);
  246.             $user $usersManagementService->createUser(Users::AUTH_GOOGLE$authUserRawData$this->getUser());
  247.         }
  249.         $token $jwt->create($user);
  250.         $refreshToken $refreshTokenGenerator->createForUserWithTtl($userself::REFRESH_TTL);
  251.         $this->em->persist($refreshToken);
  252.         $this->em->flush();
  254.         return $this->json(
  255.             new AuthJWTResponse(
  256.                 AuthJWTResponse::STATUS_SUCCESS,
  257.                 $token,
  258.                 $refreshToken->getRefreshToken()
  259.             )
  260.         );
  261.     }
  263.     #[OA\QueryParameter(
  264.         name'access_token',
  265.         requiredtrue,
  266.     )]
  267.     #[Route(path'/huawei/verify'methods: ['GET'])]
  268.     public function getAuthHuaweiCheck(
  269.         Request $request,
  270.         ClientRegistry $clientRegistry,
  271.         JWTTokenManagerInterface $jwt,
  272.         UsersManagementService $usersManagementService,
  273.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  274.     ): JsonResponse {
  275.         $accessToken $request->get('access_token');
  277.         try {
  278.             $huaweiUser $usersManagementService->decodeHuaweiAccessToken($accessToken);
  279.         } catch (\Exception $e) {
  280.             return $this->json(
  281.                 new AuthJWTResponse(
  282.                     AuthJWTResponse::STATUS_ERROR,
  283.                     null,
  284.                     $e->getMessage()
  285.                 ),
  286.                 Response::HTTP_FORBIDDEN
  287.             );
  288.         }
  290.         // $identity $googleUser['id']
  291.         $identity $huaweiUser['id'];
  293.         /** @var Users $user */
  294.         $user $this
  295.             ->em
  296.             ->getRepository(Users::class)
  297.             ->findByHuawei($identity);
  298.         if (!$user) {
  299.             $authUserRawData = (new AuthUserRawData())
  300.                 ->setIdentity($identity)
  301.                 ->setEmail($huaweiUser['id'].'@huawei.com')
  302.                 ->setFirstName($huaweiUser['first_name'])
  303.                 ->setLastName($huaweiUser['last_name'])
  304.                 ->setLanguage($huaweiUser['locale']);
  306.             $user $usersManagementService->createUser(Users::AUTH_HUAWEI$authUserRawData$this->getUser());
  307.         }
  309.         $token $jwt->create($user);
  310.         $refreshToken $refreshTokenGenerator->createForUserWithTtl($userself::REFRESH_TTL);
  311.         $this->em->persist($refreshToken);
  312.         $this->em->flush();
  314.         return $this->json(
  315.             new AuthJWTResponse(
  316.                 AuthJWTResponse::STATUS_SUCCESS,
  317.                 $token,
  318.                 $refreshToken->getRefreshToken()
  319.             )
  320.         );
  321.     }
  323.     #[OA\QueryParameter(
  324.         name'device_identity',
  325.         requiredtrue,
  326.     )]
  327.     #[Route(path'/guest'methods: ['GET'])]
  328.     public function getAuthGuest(
  329.         Request $request,
  330.         JWTTokenManagerInterface $jwt,
  331.         UsersManagementService $usersManagementService,
  332.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  333.     ): JsonResponse {
  334.         $deviceIdentity $request->get('device_identity');
  336.         if ($deviceIdentity) {
  337.             $user $usersManagementService->findOrCreateGuestUserByDeviceIdentity($deviceIdentity);
  338.         } else {
  339.             $user $usersManagementService->createGuestUser();
  340.         }
  342.         $token $jwt->create($user);
  343.         $refreshToken $refreshTokenGenerator->createForUserWithTtl($userself::REFRESH_TTL);
  344.         $this->em->persist($refreshToken);
  345.         $this->em->flush();
  347.         return $this->json(
  348.             new AuthJWTResponse(
  349.                 AuthJWTResponse::STATUS_SUCCESS,
  350.                 $token,
  351.                 $refreshToken->getRefreshToken()
  352.             )
  353.         );
  354.     }
  356.     #[OA\RequestBody(
  357.         requiredtrue,
  358.         content: new OA\JsonContent(
  359.             ref: new Model(typeAuthDTO::class)
  360.         )
  361.     )]
  362.     #[Route(path''methods: ['POST'])]
  363.     public function auth(
  364.         AuthDTO $requestDTO,
  365.         Request $request,
  366.         JWTTokenManagerInterface $jwt,
  367.         GoogleOAuth2Authenticator $googleOAuth2Authenticator,
  368.         FacebookSignedRequestAuthenticator $facebookAuthenticator,
  369.         EmailAuthenticator $emailAuthenticator,
  370.         RefreshTokenGeneratorInterface $refreshTokenGenerator,
  371.     ): AuthJWTResponse {
  372.         $request->request->set('type'$requestDTO->type);
  373.         $request->request->set('token'$requestDTO->token);
  374.         $request->request->set('email'$requestDTO->email);
  375.         $request->request->set('password'$requestDTO->password);
  377.         try {
  378.             $passport = match ($requestDTO->type) {
  379.                 'email' => $emailAuthenticator->authenticate($request),
  380.                 'google' => $googleOAuth2Authenticator->authenticate($request),
  381.                 'facebook' => $facebookAuthenticator->authenticate($request),
  382.                 default => throw new AuthenticationException('Invalid type'),
  383.             };
  384.         } catch (AuthenticationException $e) {
  385.             match ($requestDTO->type) {
  386.                 'email' => throw ValidationException::violation('Invalid email or password'$requestDTO->email'email'),
  387.                 default => throw ValidationException::violation('Invalid credentials'$requestDTO->token'token'),
  388.             };
  389.         }
  391.         $user $passport->getUser();
  392.         if (!$user instanceof Users) {
  393.             throw $this->createAccessDeniedException();
  394.         }
  396.         $token $jwt->create($user);
  397.         $refreshToken $refreshTokenGenerator->createForUserWithTtl($userself::REFRESH_TTL);
  398.         $this->em->persist($refreshToken);
  399.         $this->em->flush();
  401.         $this->userLoginService->callLoginRoutines($user$request);
  403.         return new AuthJWTResponse(
  404.             AuthJWTResponse::STATUS_SUCCESS,
  405.             $token,
  406.             $refreshToken->getRefreshToken()
  407.         );
  408.     }
  409. }