eveseat/eveapi

View on GitHub
src/Jobs/Middleware/CheckTokenScope.php

Summary

Maintainability
A
1 hr
Test Coverage
<?php

/*
 * This file is part of SeAT
 *
 * Copyright (C) 2015 to present Leon Jacobs
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

namespace Seat\Eveapi\Jobs\Middleware;

use Closure;
use Seat\Eveapi\Jobs\EsiBase;

/**
 * Class CheckTokenScope.
 *
 * @package Seat\Eveapi\Jobs\Middleware
 */
class CheckTokenScope
{
    /**
     * @param  \Seat\Eveapi\Jobs\EsiBase  $job
     * @param  \Closure  $next
     * @return void
     */
    public function handle(EsiBase $job, Closure $next): void
    {
        // in case the job does not require specific scopes - forward
        if ($job->getScope() == '') {
            logger()->debug(
                sprintf('[Jobs][Middlewares][%s] Check Token Scope -> Bypassed due to unneeded scope to process this job.', $job->job->getJobId()),
                [
                    'fqcn' => get_class($job),
                ]);

            $next($job);

            return;
        }

        // load sso scopes profiles
        $profiles = collect(setting('sso_scopes', true) ?? [
            [
                'id' => 0,
                'name' => 'default',
                'default' => true,
                'scopes' => config('eveapi.scopes', []),
            ],
        ]);

        // in case token related profile is not requiring the job needed scope - log for diagnose and remove it from the queue
        if (! in_array($job->getScope(), $profiles->where('id', $job->getToken()->scopes_profile)->first()->scopes ?? [])) {
            logger()->warning(
                sprintf('[Jobs][Middlewares][%s] Check Token Scope -> Removing job due to required scopes not matching with token related scopes profile.', $job->job->getJobId()),
                [
                    'fqcn' => get_class($job),
                    'character_id' => $job->getToken()->character_id,
                    'scopes_profile' => $job->getToken()->scopes_profile,
                ]);

            $job->delete();

            return;
        }

        // in case token got required scope and job require it - forward
        if (in_array($job->getScope(), $job->getToken()->scopes)) {
            $next($job);

            return;
        }

        // log event otherwise
        logger()->warning(
            sprintf('[Jobs][Middlewares][%s] Check Token Scope -> A job requiring a not granted scope has been queued.', $job->job->getJobId()),
            [
                'fqcn' => get_class($job),
                'required_scope' => $job->getScope(),
                'token_scopes' => $job->getToken()->scopes,
                'token_owner' => $job->getToken()->character_id,
            ]);

        $job->tries = 1;
        $job->fail('A job requiring a not granted scope has been queued.');
    }
}