oont/oont-contents
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
oont-contents/plugins/google-site-kit/third-party/google/auth/src/FetchAuthTokenCache.php
khaccount 36efee0679 Themes & Plugins
2025-02-08 15:10:23 +01:00

224 lines
8.9 KiB
PHP
Raw Blame History

<?php
/*
* Copyright 2010 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Google\Site_Kit_Dependencies\Google\Auth;
use Google\Site_Kit_Dependencies\Psr\Cache\CacheItemPoolInterface;
/**
* A class to implement caching for any object implementing
* FetchAuthTokenInterface
*/
class FetchAuthTokenCache implements \Google\Site_Kit_Dependencies\Google\Auth\FetchAuthTokenInterface, \Google\Site_Kit_Dependencies\Google\Auth\GetQuotaProjectInterface, \Google\Site_Kit_Dependencies\Google\Auth\SignBlobInterface, \Google\Site_Kit_Dependencies\Google\Auth\ProjectIdProviderInterface, \Google\Site_Kit_Dependencies\Google\Auth\UpdateMetadataInterface
{
use CacheTrait;
/**
* @var FetchAuthTokenInterface
*/
private $fetcher;
/**
* @var int
*/
private $eagerRefreshThresholdSeconds = 10;
/**
* @param FetchAuthTokenInterface $fetcher A credentials fetcher
* @param array<mixed> $cacheConfig Configuration for the cache
* @param CacheItemPoolInterface $cache
*/
public function __construct(\Google\Site_Kit_Dependencies\Google\Auth\FetchAuthTokenInterface $fetcher, array $cacheConfig = null, \Google\Site_Kit_Dependencies\Psr\Cache\CacheItemPoolInterface $cache)
{
$this->fetcher = $fetcher;
$this->cache = $cache;
$this->cacheConfig = \array_merge(['lifetime' => 1500, 'prefix' => ''], (array) $cacheConfig);
}
/**
* @return FetchAuthTokenInterface
*/
public function getFetcher()
{
return $this->fetcher;
}
/**
* Implements FetchAuthTokenInterface#fetchAuthToken.
*
* Checks the cache for a valid auth token and fetches the auth tokens
* from the supplied fetcher.
*
* @param callable $httpHandler callback which delivers psr7 request
* @return array<mixed> the response
* @throws \Exception
*/
public function fetchAuthToken(callable $httpHandler = null)
{
if ($cached = $this->fetchAuthTokenFromCache()) {
return $cached;
}
$auth_token = $this->fetcher->fetchAuthToken($httpHandler);
$this->saveAuthTokenInCache($auth_token);
return $auth_token;
}
/**
* @return string
*/
public function getCacheKey()
{
return $this->getFullCacheKey($this->fetcher->getCacheKey());
}
/**
* @return array<mixed>|null
*/
public function getLastReceivedToken()
{
return $this->fetcher->getLastReceivedToken();
}
/**
* Get the client name from the fetcher.
*
* @param callable $httpHandler An HTTP handler to deliver PSR7 requests.
* @return string
*/
public function getClientName(callable $httpHandler = null)
{
if (!$this->fetcher instanceof \Google\Site_Kit_Dependencies\Google\Auth\SignBlobInterface) {
throw new \RuntimeException('Credentials fetcher does not implement ' . 'Google\\Auth\\SignBlobInterface');
}
return $this->fetcher->getClientName($httpHandler);
}
/**
* Sign a blob using the fetcher.
*
* @param string $stringToSign The string to sign.
* @param bool $forceOpenSsl Require use of OpenSSL for local signing. Does
* not apply to signing done using external services. **Defaults to**
* `false`.
* @return string The resulting signature.
* @throws \RuntimeException If the fetcher does not implement
* `Google\Auth\SignBlobInterface`.
*/
public function signBlob($stringToSign, $forceOpenSsl = \false)
{
if (!$this->fetcher instanceof \Google\Site_Kit_Dependencies\Google\Auth\SignBlobInterface) {
throw new \RuntimeException('Credentials fetcher does not implement ' . 'Google\\Auth\\SignBlobInterface');
}
// Pass the access token from cache to GCECredentials for signing a blob.
// This saves a call to the metadata server when a cached token exists.
if ($this->fetcher instanceof \Google\Site_Kit_Dependencies\Google\Auth\Credentials\GCECredentials) {
$cached = $this->fetchAuthTokenFromCache();
$accessToken = isset($cached['access_token']) ? $cached['access_token'] : null;
return $this->fetcher->signBlob($stringToSign, $forceOpenSsl, $accessToken);
}
return $this->fetcher->signBlob($stringToSign, $forceOpenSsl);
}
/**
* Get the quota project used for this API request from the credentials
* fetcher.
*
* @return string|null
*/
public function getQuotaProject()
{
if ($this->fetcher instanceof \Google\Site_Kit_Dependencies\Google\Auth\GetQuotaProjectInterface) {
return $this->fetcher->getQuotaProject();
}
return null;
}
/*
* Get the Project ID from the fetcher.
*
* @param callable $httpHandler Callback which delivers psr7 request
* @return string|null
* @throws \RuntimeException If the fetcher does not implement
* `Google\Auth\ProvidesProjectIdInterface`.
*/
public function getProjectId(callable $httpHandler = null)
{
if (!$this->fetcher instanceof \Google\Site_Kit_Dependencies\Google\Auth\ProjectIdProviderInterface) {
throw new \RuntimeException('Credentials fetcher does not implement ' . 'Google\\Auth\\ProvidesProjectIdInterface');
}
return $this->fetcher->getProjectId($httpHandler);
}
/**
* Updates metadata with the authorization token.
*
* @param array<mixed> $metadata metadata hashmap
* @param string $authUri optional auth uri
* @param callable $httpHandler callback which delivers psr7 request
* @return array<mixed> updated metadata hashmap
* @throws \RuntimeException If the fetcher does not implement
* `Google\Auth\UpdateMetadataInterface`.
*/
public function updateMetadata($metadata, $authUri = null, callable $httpHandler = null)
{
if (!$this->fetcher instanceof \Google\Site_Kit_Dependencies\Google\Auth\UpdateMetadataInterface) {
throw new \RuntimeException('Credentials fetcher does not implement ' . 'Google\\Auth\\UpdateMetadataInterface');
}
$cached = $this->fetchAuthTokenFromCache($authUri);
if ($cached) {
// Set the access token in the `Authorization` metadata header so
// the downstream call to updateMetadata know they don't need to
// fetch another token.
if (isset($cached['access_token'])) {
$metadata[self::AUTH_METADATA_KEY] = ['Bearer ' . $cached['access_token']];
}
}
$newMetadata = $this->fetcher->updateMetadata($metadata, $authUri, $httpHandler);
if (!$cached && ($token = $this->fetcher->getLastReceivedToken())) {
$this->saveAuthTokenInCache($token, $authUri);
}
return $newMetadata;
}
/**
* @param string|null $authUri
* @return array<mixed>|null
*/
private function fetchAuthTokenFromCache($authUri = null)
{
// Use the cached value if its available.
//
// TODO: correct caching; update the call to setCachedValue to set the expiry
// to the value returned with the auth token.
//
// TODO: correct caching; enable the cache to be cleared.
// if $authUri is set, use it as the cache key
$cacheKey = $authUri ? $this->getFullCacheKey($authUri) : $this->fetcher->getCacheKey();
$cached = $this->getCachedValue($cacheKey);
if (\is_array($cached)) {
if (empty($cached['expires_at'])) {
// If there is no expiration data, assume token is not expired.
// (for JwtAccess and ID tokens)
return $cached;
}
if (\time() + $this->eagerRefreshThresholdSeconds < $cached['expires_at']) {
// access token is not expired
return $cached;
}
}
return null;
}
/**
* @param array<mixed> $authToken
* @param string|null $authUri
* @return void
*/
private function saveAuthTokenInCache($authToken, $authUri = null)
{
if (isset($authToken['access_token']) || isset($authToken['id_token'])) {
// if $authUri is set, use it as the cache key
$cacheKey = $authUri ? $this->getFullCacheKey($authUri) : $this->fetcher->getCacheKey();
$this->setCachedValue($cacheKey, $authToken);
}
}
}
Reference in a new issue View git blame Copy permalink