src/App/Controller/API/AuthController.php line 254

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller\API;
  7. use API\Exception\ValidationException;
  8. use App\DTO\APIRequest\AuthDTO;
  9. use App\DTO\Auth\AuthJWTResponse;
  10. use App\DTO\Auth\AuthUserRawData;
  11. use App\Entity\Users;
  12. use App\Security\EmailAuthenticator;
  13. use App\Security\FacebookSignedRequestAuthenticator;
  14. use App\Security\GoogleOAuth2Authenticator;
  15. use App\Service\User\UserLoginService;
  16. use App\Service\User\UsersManagementService;
  17. use Doctrine\ORM\EntityManagerInterface;
  18. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  19. use KnpU\OAuth2ClientBundle\Client\Provider\FacebookClient;
  20. use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
  21. use League\OAuth2\Client\Token\AccessToken;
  22. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  23. use Nelmio\ApiDocBundle\Attribute\Model;
  24. use OpenApi\Attributes as OA;
  25. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  26. use Symfony\Component\HttpFoundation\JsonResponse;
  27. use Symfony\Component\HttpFoundation\Request;
  28. use Symfony\Component\HttpFoundation\Response;
  29. use Symfony\Component\Routing\Attribute\Route;
  30. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  32. #[OA\Tag(name'Authentication')]
  33. #[OA\Response(
  34.     response200,
  35.     description'',
  36.     content: new OA\JsonContent(
  37.         ref: new Model(typeAuthJWTResponse::class)
  38.     )
  39. )]
  40. #[OA\Response(
  41.     response403,
  42.     description'Forbidden',
  43. )]
  44. #[Route(path'/auth')]
  45. final class AuthController extends AbstractController
  46. {
  47.     public function __construct(
  48.         private readonly EntityManagerInterface $em,
  49.         private readonly UserLoginService $userLoginService,
  50.     ) {}
  52.     #[OA\QueryParameter(
  53.         name'access_token',
  54.         requiredtrue,
  55.     )]
  56.     #[Route(path'/facebook/verify'name'api.auth.facebook.check'methods: ['GET'])]
  57.     public function getAuthFacebookCheck(
  58.         Request $request,
  59.         ClientRegistry $clientRegistry,
  60.         JWTTokenManagerInterface $jwt,
  61.         UsersManagementService $usersManagementService,
  62.         EntityManagerInterface $em,
  63.     ): JsonResponse {
  64.         $accessToken $request->get('access_token');
  66.         /** @var FacebookClient $client */
  67.         $client $clientRegistry->getClient('facebook_main');
  69.         try {
  70.             $t = new AccessToken(
  71.                 [
  72.                     'access_token' => $accessToken,
  73.                 ]
  74.             );
  76.             $facebookUser $client->fetchUserFromToken($t);
  77.         } catch (IdentityProviderException $e) {
  78.             return $this->json(
  79.                 new AuthJWTResponse(
  80.                     AuthJWTResponse::STATUS_ERROR,
  81.                     null,
  82.                     $e->getMessage()
  83.                 ),
  84.                 Response::HTTP_FORBIDDEN
  85.             );
  86.         }
  88.         /** @var Users $user */
  89.         $user $this
  90.             ->em
  91.             ->getRepository(Users::class)
  92.             ->findByFacebook($facebookUser->getId());
  93.         if (!$user) {
  94.             $authUserRawData = (new AuthUserRawData())
  95.                 ->setIdentity($facebookUser->getId())
  96.                 ->setFirstName($facebookUser->getFirstName())
  97.                 ->setLastName($facebookUser->getLastName())
  98.                 ->setAvatar($facebookUser->getPictureUrl())
  99.                 ->setLanguage($request->getLocale());
  101.             $user $usersManagementService->createUser(Users::AUTH_FB$authUserRawData$this->getUser());
  102.         } else {
  103.             try {
  104.                 $avatar $facebookUser->getPictureUrl();
  105.                 if (!empty($avatar)) {
  106.                     $user->getUserData()->setPicture($avatar);
  107.                     $em->flush();
  108.                 }
  109.             } catch (\Throwable $e) {
  110.             }
  111.         }
  113.         $token $jwt->create($user);
  115.         return $this->json(
  116.             new AuthJWTResponse(
  117.                 AuthJWTResponse::STATUS_SUCCESS,
  118.                 $token
  119.             )
  120.         );
  121.     }
  123.     #[OA\QueryParameter(
  124.         name'access_token',
  125.         requiredtrue,
  126.     )]
  127.     #[OA\QueryParameter(
  128.         name'code',
  129.         requiredfalse,
  130.     )]
  131.     #[OA\QueryParameter(
  132.         name'first_name',
  133.         requiredtrue,
  134.     )]
  135.     #[OA\QueryParameter(
  136.         name'last_name',
  137.         requiredtrue,
  138.     )]
  139.     #[Route(path'/apple/verify'name'api.auth.apple.check'methods: ['GET'])]
  140.     public function getAuthAppleCheck(
  141.         Request $request,
  142.         ClientRegistry $clientRegistry,
  143.         JWTTokenManagerInterface $jwt,
  144.         UsersManagementService $usersManagementService,
  145.     ): JsonResponse {
  146.         $accessToken $request->get('access_token');
  147.         $code $request->get('code');
  148.         $firstName = (string) $request->get('first_name');
  149.         $lastName = (string) $request->get('last_name');
  151.         try {
  152.             $appleUser $usersManagementService->decodeAppleAccessToken($accessToken);
  153.         } catch (\Exception $e) {
  154.             return $this->json(
  155.                 new AuthJWTResponse(
  156.                     AuthJWTResponse::STATUS_ERROR,
  157.                     null,
  158.                     $e->getMessage()
  159.                 ),
  160.                 Response::HTTP_FORBIDDEN
  161.             );
  162.         }
  164.         /** @var Users $user */
  165.         $user $this
  166.             ->em
  167.             ->getRepository(Users::class)
  168.             ->findByApple($appleUser['id']);
  169.         if (!$user) {
  170.             $authUserRawData = (new AuthUserRawData())
  171.                 ->setIdentity($appleUser['id'])
  172.                 ->setEmail($appleUser['email'])
  173.                 ->setFirstName($firstName)
  174.                 ->setLastName($lastName);
  176.             $user $usersManagementService->createUser(Users::AUTH_APPLE$authUserRawData$this->getUser());
  177.         }
  179.         $token $jwt->create($user);
  181.         return $this->json(
  182.             new AuthJWTResponse(
  183.                 AuthJWTResponse::STATUS_SUCCESS,
  184.                 $token
  185.             )
  186.         );
  187.     }
  189.     #[OA\QueryParameter(
  190.         name'access_token',
  191.         requiredtrue,
  192.     )]
  193.     #[Route(path'/google/verify'name'api.auth.google.check'methods: ['GET'])]
  194.     public function getAuthGoogleCheck(
  195.         Request $request,
  196.         ClientRegistry $clientRegistry,
  197.         JWTTokenManagerInterface $jwt,
  198.         UsersManagementService $usersManagementService,
  199.     ): JsonResponse {
  200.         $accessToken $request->get('access_token');
  202.         try {
  203.             $googleUser $usersManagementService->decodeGoogleAccessToken($accessToken);
  204.         } catch (\Exception $e) {
  205.             return $this->json(
  206.                 new AuthJWTResponse(
  207.                     AuthJWTResponse::STATUS_ERROR,
  208.                     null,
  209.                     $e->getMessage()
  210.                 ),
  211.                 Response::HTTP_FORBIDDEN
  212.             );
  213.         }
  215.         // $identity $googleUser['id']
  216.         $identity $googleUser['email'];
  218.         /** @var Users $user */
  219.         $user $this
  220.             ->em
  221.             ->getRepository(Users::class)
  222.             ->findByGoogle($identity);
  223.         if (!$user) {
  224.             $authUserRawData = (new AuthUserRawData())
  225.                 ->setIdentity($identity)
  226.                 ->setEmail($googleUser['email'])
  227.                 ->setFirstName($googleUser['first_name'])
  228.                 ->setLastName($googleUser['last_name'])
  229.                 ->setAvatar($googleUser['picture'])
  230.                 ->setLanguage($googleUser['locale']);
  232.             $user $usersManagementService->createUser(Users::AUTH_GOOGLE$authUserRawData$this->getUser());
  233.         }
  235.         $token $jwt->create($user);
  237.         return $this->json(
  238.             new AuthJWTResponse(
  239.                 AuthJWTResponse::STATUS_SUCCESS,
  240.                 $token
  241.             )
  242.         );
  243.     }
  245.     #[OA\QueryParameter(
  246.         name'access_token',
  247.         requiredtrue,
  248.     )]
  249.     #[Route(path'/huawei/verify'methods: ['GET'])]
  250.     public function getAuthHuaweiCheck(
  251.         Request $request,
  252.         ClientRegistry $clientRegistry,
  253.         JWTTokenManagerInterface $jwt,
  254.         UsersManagementService $usersManagementService,
  255.     ): JsonResponse {
  256.         $accessToken $request->get('access_token');
  258.         try {
  259.             $huaweiUser $usersManagementService->decodeHuaweiAccessToken($accessToken);
  260.         } catch (\Exception $e) {
  261.             return $this->json(
  262.                 new AuthJWTResponse(
  263.                     AuthJWTResponse::STATUS_ERROR,
  264.                     null,
  265.                     $e->getMessage()
  266.                 ),
  267.                 Response::HTTP_FORBIDDEN
  268.             );
  269.         }
  271.         // $identity $googleUser['id']
  272.         $identity $huaweiUser['id'];
  274.         /** @var Users $user */
  275.         $user $this
  276.             ->em
  277.             ->getRepository(Users::class)
  278.             ->findByHuawei($identity);
  279.         if (!$user) {
  280.             $authUserRawData = (new AuthUserRawData())
  281.                 ->setIdentity($identity)
  282.                 ->setEmail($huaweiUser['id'].'@huawei.com')
  283.                 ->setFirstName($huaweiUser['first_name'])
  284.                 ->setLastName($huaweiUser['last_name'])
  285.                 ->setLanguage($huaweiUser['locale']);
  287.             $user $usersManagementService->createUser(Users::AUTH_HUAWEI$authUserRawData$this->getUser());
  288.         }
  290.         $token $jwt->create($user);
  292.         return $this->json(
  293.             new AuthJWTResponse(
  294.                 AuthJWTResponse::STATUS_SUCCESS,
  295.                 $token
  296.             )
  297.         );
  298.     }
  300.     #[OA\QueryParameter(
  301.         name'device_identity',
  302.         requiredtrue,
  303.     )]
  304.     #[Route(path'/guest'methods: ['GET'])]
  305.     public function getAuthGuest(
  306.         Request $request,
  307.         JWTTokenManagerInterface $jwt,
  308.         UsersManagementService $usersManagementService,
  309.     ): JsonResponse {
  310.         $deviceIdentity $request->get('device_identity');
  312.         if ($deviceIdentity) {
  313.             $user $usersManagementService->findOrCreateGuestUserByDeviceIdentity($deviceIdentity);
  314.         } else {
  315.             $user $usersManagementService->createGuestUser();
  316.         }
  318.         $token $jwt->create($user);
  320.         return $this->json(
  321.             new AuthJWTResponse(
  322.                 AuthJWTResponse::STATUS_SUCCESS,
  323.                 $token
  324.             )
  325.         );
  326.     }
  328.     #[OA\RequestBody(
  329.         requiredtrue,
  330.         content: new OA\JsonContent(
  331.             ref: new Model(typeAuthDTO::class)
  332.         )
  333.     )]
  334.     #[Route(path''methods: ['POST'])]
  335.     public function auth(
  336.         AuthDTO $requestDTO,
  337.         Request $request,
  338.         JWTTokenManagerInterface $jwt,
  339.         GoogleOAuth2Authenticator $googleOAuth2Authenticator,
  340.         FacebookSignedRequestAuthenticator $facebookAuthenticator,
  341.         EmailAuthenticator $emailAuthenticator,
  342.     ): AuthJWTResponse {
  343.         $request->request->set('type'$requestDTO->type);
  344.         $request->request->set('token'$requestDTO->token);
  345.         $request->request->set('email'$requestDTO->email);
  346.         $request->request->set('password'$requestDTO->password);
  348.         try {
  349.             $passport = match ($requestDTO->type) {
  350.                 'email' => $emailAuthenticator->authenticate($request),
  351.                 'google' => $googleOAuth2Authenticator->authenticate($request),
  352.                 'facebook' => $facebookAuthenticator->authenticate($request),
  353.                 default => throw new AuthenticationException('Invalid type'),
  354.             };
  355.         } catch (AuthenticationException $e) {
  356.             match ($requestDTO->type) {
  357.                 'email' => throw ValidationException::violation('Invalid email or password'$requestDTO->email'email'),
  358.                 default => throw ValidationException::violation('Invalid credentials'$requestDTO->token'token'),
  359.             };
  360.         }
  362.         $user $passport->getUser();
  363.         if (!$user instanceof Users) {
  364.             throw $this->createAccessDeniedException();
  365.         }
  367.         $token $jwt->create($user);
  368.         $this->userLoginService->callLoginRoutines($user$request);
  370.         return new AuthJWTResponse(
  371.             AuthJWTResponse::STATUS_SUCCESS,
  372.             $token
  373.         );
  374.     }
  375. }