From 716a3c31425ed1138f3baa1137420c57cc6e9980 Mon Sep 17 00:00:00 2001
From: Pavel Stratil <pavel@vaizard.org>
Date: Wed, 27 Sep 2023 09:01:26 +0000
Subject: [PATCH] better workaround for Logger issue, add React defaults to
 .env-dist, add token endpoint

---
 composer.json                           |  5 +--
 glued/Config/React/deploy.sh            |  2 ++
 glued/Config/routes.yaml                |  9 +++++
 glued/Controllers/AuthController.php    | 44 +++++++++++++++++++++++++
 glued/Controllers/ServiceController.php |  3 +-
 5 files changed, 60 insertions(+), 3 deletions(-)

diff --git a/composer.json b/composer.json
index bf4afd9..d125585 100644
--- a/composer.json
+++ b/composer.json
@@ -97,7 +97,6 @@
     "post-update-cmd": [
       "composer migrate",
       "composer configure || echo \"[FAIL] Failed to configure glued. Please make sure all env variables are set. Rerun composer configure.\"",
-      "patch -s --reject-file=/dev/null -p1 vendor/monolog/monolog/src/Monolog/Logger.php < vendor/vaizard/glued-lib/src/Patches/Logger.patch",
       "echo \"Run 'composer nginx' manually to pick restart this microservice\""
     ],
     "backup": [
@@ -115,9 +114,11 @@
       "vendor/vaizard/glued-lib/src/Scripts/migrate.sh"
     ],
     "nginx": [
+      "patch -s --reject-file=/dev/null -p1 vendor/monolog/monolog/src/Monolog/Logger.php < vendor/vaizard/glued-lib/src/Patches/Logger.patch",
       "vendor/vaizard/glued-lib/src/Scripts/nginx.sh",
       "Glued\\Lib\\ComposerHooks::generateNginx",
-      "vendor/vaizard/glued-lib/src/Scripts/nginx-reload.sh"
+      "vendor/vaizard/glued-lib/src/Scripts/nginx-reload.sh",
+      "patch -Rs --reject-file=/dev/null -p1 vendor/monolog/monolog/src/Monolog/Logger.php < vendor/vaizard/glued-lib/src/Patches/Logger.patch"
     ],
     "react": [
       "glued/Config/React/deploy.sh"
diff --git a/glued/Config/React/deploy.sh b/glued/Config/React/deploy.sh
index 811c8df..5e8931e 100755
--- a/glued/Config/React/deploy.sh
+++ b/glued/Config/React/deploy.sh
@@ -5,6 +5,8 @@ git clone --depth=1 https://github.com/vaizard/glued-react
 pushd glued-react
 git pull
 cp -r ../../glued-core/.env ./.env
+export $(echo $(cat .env | sed 's/#.*//g'| xargs) | envsubst);
+export $(echo $(cat .env | sed 's/#.*//g'| xargs) | envsubst);
 npm install
 npm run build
 cp -r ./build/* ../../glued-core/public
diff --git a/glued/Config/routes.yaml b/glued/Config/routes.yaml
index 239f8ed..5871690 100644
--- a/glued/Config/routes.yaml
+++ b/glued/Config/routes.yaml
@@ -137,6 +137,15 @@ routes:
         methods:
             get:    Glued\Controllers\AuthController:users_r1
             post:    Glued\Controllers\AuthController:users_c1
+    be_core_auth_tokens_v1:
+        pattern:    ${routes.be_core.path}/auth/tokens/v1
+        path:       ${routes.be_core.path}/auth/tokens/v1
+        label:      Manage tokens
+        dscr:       Api endpoint for managing tokens.
+        service:    core
+        methods:
+            get:    Glued\Controllers\AuthController:tokens_r1
+            post:    Glued\Controllers\AuthController:tokens_c1
     be_core_auth_roles_v1:
         pattern:    ${routes.be_core.path}/auth/roles/v1
         path:       ${routes.be_core.path}/auth/roles/v1
diff --git a/glued/Controllers/AuthController.php b/glued/Controllers/AuthController.php
index 45460da..6d64554 100644
--- a/glued/Controllers/AuthController.php
+++ b/glued/Controllers/AuthController.php
@@ -273,6 +273,50 @@ public function users_r0(Request $request, Response $response, array $args = [])
     }
 
 
+    public function tokens_c1(Request $request, Response $response, array $args = []): Response
+    {
+        $rp = $request->getQueryParams();
+        $attr = json_decode($rp['attr'] ?? "{}", true);
+        if (!isset($attr['consumer']['type']) || !in_array($attr['consumer']['type'], ['svc', 'app'])) {
+            throw new \Exception("Invalid or missing 'consumer.type' attribute.");
+        }
+        if ($attr['consumer']['type'] === 'svc') {
+            $requiredKeys = ['name', 'host'];
+            foreach ($requiredKeys as $key) {
+                if (!isset($attr['consumer'][$key])) { throw new \Exception("For 'svc' type, 'consumer.$key' must be set."); }
+            }
+        }
+        $owner = $_SERVER['HTTP_X-GLUED-AUTH-UUID'] ?? 'anonymous';
+        if ($owner === 'anonymous') { throw new \Exception("Only authorized users can add tokens.", 403); }
+        $r = $this->auth->generate_api_token($owner, expiry: null, attributes: $attr);
+        return $response->withJson($r);
+    }
+
+
+
+    public function tokens_r1(Request $request, Response $response, array $args = []): Response {
+        $rp = $request->getQueryParams() ?? [];
+        $qs = '
+            SELECT 
+                json_merge(
+                json_object (
+                    "uuid", bin_to_uuid(tok.c_uuid, true),
+                    "exp", c_expired_at,
+                    "owner_handle", u.c_handle,
+                    "owner_uuid", bin_to_uuid(tok.c_inherit, true)
+                ), tok.c_attr) as res_rows
+            FROM t_core_tokens AS tok 
+            LEFT JOIN t_core_users AS u ON tok.c_inherit = u.c_uuid
+        ';
+        $qp = null;
+        $wm = [];
+        $qs = (new \Glued\Lib\QueryBuilder())->select($qs);
+        $this->utils->mysqlJsonQueryFromRequest(reqparams: $rp, qstring: $qs, qparams: $qp, wheremods: $wm, jsonkey: 'tok.c_attr');
+        $res = $this->db->rawQuery($qs, $qp);
+        return $this->utils->mysqlJsonResponse($response, $res);
+    }
+
+
     function mysqlJsonQueryFromRequest(array $reqparams, QuerySelect &$qstring, &$qparams, array $wheremods = []) {
 
         // define fallback where modifier for the 'uuid' reqparam.
diff --git a/glued/Controllers/ServiceController.php b/glued/Controllers/ServiceController.php
index baebf6b..af986f2 100644
--- a/glued/Controllers/ServiceController.php
+++ b/glued/Controllers/ServiceController.php
@@ -50,7 +50,8 @@ public function health(Request $request, Response $response, array $args = []):
                 'service' => basename(__ROOT__),
                 'provided-for' => $_SERVER['HTTP_X-GLUED-AUTH-UUID'] ?? 'anonymous'
             ];
-        //if ($data['provided-for'] !== 'anonymous') { $this->generateApiKey($_SERVER['HTTP_X-GLUED-AUTH-UUID']); }
+        //$data['x'] = $this->auth->verify_token()
+        if ($data['provided-for'] !== 'anonymous') { $this->auth->generate_api_token($_SERVER['HTTP_X-GLUED-AUTH-UUID']); }
         return $response->withJson($data, options: JSON_UNESCAPED_SLASHES);
     }