@fleetbase/solid-engine 0.0.2

package/server/src/Http/Controllers/SolidController.php

@@ -0,0 +1,117 @@
+<?php
+
+namespace Fleetbase\Solid\Http\Controllers;
+
+use Fleetbase\Http\Controllers\Controller as BaseController;
+use Fleetbase\Http\Requests\AdminRequest;
+use Fleetbase\Models\Setting;
+use Fleetbase\Solid\Client\SolidClient;
+use Fleetbase\Solid\Models\SolidIdentity;
+use Fleetbase\Support\Utils;
+use Illuminate\Http\Request;
+
+class SolidController extends BaseController
+{
+    /**
+     * Welcome message only.
+     */
+    public function hello()
+    {
+        return response()->json(
+            [
+                'message' => 'Fleetbase Solid Extension',
+                'version' => config('solid.api.version'),
+            ]
+        );
+    }
+
+    public function getServerConfig(AdminRequest $request)
+    {
+        $defaultConfig = config('solid.server');
+        $savedConfig   = Setting::system('solid.server');
+        $config        = array_merge($defaultConfig, $savedConfig);
+
+        return response()->json($config);
+    }
+
+    public function saveServerConfig(AdminRequest $request)
+    {
+        $incomingConfig = $request->array('server');
+        $defaultConfig  = config('solid.server');
+        $config         = array_merge($defaultConfig, $incomingConfig);
+        Setting::configure('system.solid.server', $config);
+
+        return response()->json($config);
+    }
+
+    public function requestAuthentication()
+    {
+        $solidIdentity     = SolidIdentity::initialize();
+        $authenticationUrl = Utils::apiUrl('solid/int/v1/authenticate', [], 8000);
+
+        return response()->json(['authenticationUrl' => $authenticationUrl, 'identifier' => $solidIdentity->identifier]);
+    }
+
+    public function authenticate(string $identifier)
+    {
+        $identity = SolidIdentity::initialize();
+        $oidc     = SolidClient::create(['identity' => $identity])->oidc->register(['saveCredentials' => true]);
+
+        return $oidc->authenticate();
+    }
+
+    public function getAccountIndex()
+    {
+        $solidIdentity   = SolidIdentity::current();
+        $accountResponse = $solidIdentity->request('get', '.account');
+        dd($accountResponse->json());
+    }
+
+    public function play(Request $request)
+    {
+        $action      = $request->input('action');
+        $identity    = SolidIdentity::first();
+        $solid       = new SolidClient(['identity' => $identity]);
+
+        if ($action === 'register_client') {
+            $registeredClient = $solid->oidc->register();
+        }
+
+        if ($action === 'restore') {
+            $solid->identity->restoreClientCredentials();
+        }
+
+        if ($action === 'login') {
+            $loginResponse = $solid->post(
+                '.account/login/password',
+                [
+                    'email'    => 'ron@fleetbase.io',
+                    'password' => 'Zerina30662!',
+                    'remember' => true,
+                ],
+                [
+                'withoutAuth' => true,
+                'headers'     => [
+                    'Cookie' => '_interaction=TDQMh2DWuC8wZvkEB2n_G; _interaction.sig=3HHA_FUVo7Cw9up2keCJ7IaQJws; _session.legacy=jdxTxnTGmvWx2ECaiwYeP; _session.legacy.sig=EUGYX6DAKtBNQqZN5PGcbIJ-5ac',
+                    ],
+                ]
+            );
+            dump($loginResponse->json());
+        }
+
+        if ($action === 'test') {
+            // $solidClient->identity->restoreTokens();
+            dump('AccessToken: ' . $solid->identity->getAccessToken());
+            dump('IdToken: ' . $solid->identity->getIdToken());
+
+            $indexResponse = $solid->get('.account', [], ['withoutAuth' => true]);
+            dump($indexResponse->json());
+
+            // $createPodResponse = $solidClient->post('rondon/blog');
+            // dump($createPodResponse->json());
+
+            // $createFileResponse = $solidClient->put('test.txt', ['test'], ['content-type' => 'text/plain']);
+            // dump($createFileResponse->json());
+        }
+    }
+}

package/server/src/LegacyClient/Identity/IdentityProvider.php

@@ -0,0 +1,174 @@
+<?php
+
+namespace Fleetbase\Solid\LegacyClient\Identity;
+
+use EasyRdf\Graph;
+use Fleetbase\Solid\Client\OIDCClient;
+use Fleetbase\Solid\Client\SolidClient;
+use Fleetbase\Support\Utils;
+use Jumbojett\OpenIDConnectClientException;
+
+class IdentityProvider
+{
+    /**
+     * The Solid client instance.
+     */
+    private SolidClient $solidClient;
+
+    /**
+     * The OIDC client instance for handling OpenID Connect authentication.
+     */
+    private OIDCClient $oidcClient;
+
+    /**
+     * Default MIME type for RDF data.
+     */
+    private const DEFAULT_MIME_TYPE = 'text/turtle';
+
+    /**
+     * RDF type for LDP Basic Containers.
+     */
+    private const LDP_BASIC_CONTAINER = 'http://www.w3.org/ns/ldp#BasicContainer';
+
+    /**
+     * RDF type for LDP Resources.
+     */
+    private const LDP_RESOURCE = 'http://www.w3.org/ns/ldp#Resource';
+
+    /**
+     * RDF property for OIDC issuer.
+     */
+    private const OIDC_ISSUER = 'http://www.w3.org/ns/solid/terms#oidcIssuer';
+
+    /**
+     * Constructs a new IdentityProvider instance.
+     *
+     * @param SolidClient $solidClient the Solid client instance
+     */
+    public function __construct(SolidClient $solidClient)
+    {
+        $this->solidClient = $solidClient;
+        $this->oidcClient  = OIDCClient::create($solidClient);
+    }
+
+    /**
+     * Gets the OIDC client instance.
+     *
+     * @return OIDCClient the OIDC client instance
+     */
+    public function getOidcClient(): OIDCClient
+    {
+        if (!$this->oidcClient) {
+            return OIDCClient::create($this->solidClient);
+        }
+
+        return $this->oidcClient;
+    }
+
+    /**
+     * Magic method to delegate method calls to either IdentityProvider or OIDCClient.
+     *
+     * @param string $name      the name of the method being called
+     * @param array  $arguments the arguments passed to the method
+     *
+     * @return mixed the result of the method call
+     */
+    public function __call(string $name, $arguments)
+    {
+        if (method_exists($this, $name)) {
+            return $this->{$name}(...$arguments);
+        }
+
+        if (method_exists($this->oidcClient, $name)) {
+            return $this->oidcClient->{$name}(...$arguments);
+        }
+
+        throw new \BadMethodCallException("Method {$name} does not exist.");
+    }
+
+    public function registerClient(array $options = []): self
+    {
+        // Get registration options
+        $clientName     = data_get($options, 'clientName', $this->oidcClient::CLIENT_NAME);
+        $requestParams  = data_get($options, 'requestParams', []);
+        $requestOptions = data_get($options, 'requestOptions', []);
+        $redirectUri    = data_get($options, 'redirectUri');
+        if (!$redirectUri) {
+            $requestCode = data_get($options, 'requestCode');
+            $redirectUri = Utils::apiUrl('solid/int/v1/oidc/complete-registration' . $requestCode ? '/' . $requestCode : '', [], 8000);
+        }
+        $withResponse   = data_get($options, 'withResponse');
+
+        // Get OIDC Config and Registration URL
+        $oidcConfig      = $this->solidClient->getOpenIdConfiguration();
+        $registrationUrl = data_get($oidcConfig, 'registration_endpoint');
+
+        // Request registration for Client which should handle authentication
+        $response = $this->solidClient->post($registrationUrl, ['client_name' => $clientName, 'redirect_uris' => [$redirectUri], ...$requestParams], ['withoutAuth' => true, ...$requestOptions]);
+        if ($response->successful()) {
+            $clientCredentials = $response->json();
+            $this->setClientCredentials($clientName, $clientCredentials);
+            if (is_callable($withResponse)) {
+                $withResponse($clientCredentials);
+            }
+        } else {
+            throw new OpenIDConnectClientException('Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them');
+        }
+
+        return $this;
+    }
+
+    public function getClient(array $options = [])
+    {
+        $clientName     = data_get($options, 'clientName', $this->oidcClient::CLIENT_NAME);
+        $restoredClient = $this->restoreClientCredentials($clientName);
+        if ($restoredClient === null) {
+            return $this->registerClient($options);
+        }
+
+        return $restoredClient;
+    }
+
+    /**
+     * Retrieves the WebID profile of a user as an RDF graph.
+     *
+     * @param string $webId   the WebID of the user
+     * @param array  $options additional options for the request
+     *
+     * @return Graph the user's WebID profile as an RDF graph
+     */
+    public function getWebIdProfile(string $webId, array $options = []): Graph
+    {
+        $response = $this->solidClient->get($webId, $options);
+        $format   = $response->header('Content-Type');
+
+        if ($format) {
+            // strip parameters (such as charset) if any
+            $format = explode(';', $format, 2)[0];
+        }
+
+        return new Graph($webId, $response->getContent(), $format);
+    }
+
+    /**
+     * Retrieves the OIDC issuer URL from a WebID profile.
+     *
+     * @param string $webId   the WebID of the user
+     * @param array  $options additional options for the request
+     *
+     * @return string the OIDC issuer URL
+     *
+     * @throws \Exception if the OIDC issuer cannot be found
+     */
+    public function getOidcIssuer(string $webId, array $options = []): string
+    {
+        $graph  = $this->getWebIdProfile($webId, $options);
+        $issuer = $graph->get($webId, sprintf('<%s>', self::OIDC_ISSUER))->getUri();
+
+        if (!\is_string($issuer)) {
+            throw new \Exception('Unable to find the OIDC issuer associated with this WebID', 1);
+        }
+
+        return $issuer;
+    }
+}

package/server/src/LegacyClient/Identity/Profile.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace Fleetbase\Solid\LegacyClient\Identity;
+
+use EasyRdf\Graph;
+
+class Profile
+{
+    private Graph $graph;
+    public string $webId;
+    public string $name;
+    public string $email;
+
+    public function __construct(Graph $graph)
+    {
+        $this->graph = $graph;
+    }
+}

package/server/src/LegacyClient/OIDCClient.php

@@ -0,0 +1,350 @@
+<?php
+
+namespace Fleetbase\Solid\LegacyClient;
+
+use Fleetbase\Support\Utils;
+use Illuminate\Support\Facades\Redis;
+use IlluminateAgnostic\Str\Support\Str;
+use Jose\Component\Checker\AlgorithmChecker;
+use Jose\Component\Checker\HeaderCheckerManager;
+use Jose\Component\Core\AlgorithmManager;
+use Jose\Component\Core\JWK;
+use Jose\Component\Core\JWKSet;
+use Jose\Component\KeyManagement\JWKFactory;
+use Jose\Component\Signature\Algorithm\ES256;
+use Jose\Component\Signature\Algorithm\ES384;
+use Jose\Component\Signature\Algorithm\ES512;
+use Jose\Component\Signature\Algorithm\HS256;
+use Jose\Component\Signature\Algorithm\HS384;
+use Jose\Component\Signature\Algorithm\HS512;
+use Jose\Component\Signature\Algorithm\RS256;
+use Jose\Component\Signature\Algorithm\RS384;
+use Jose\Component\Signature\Algorithm\RS512;
+use Jose\Component\Signature\JWS;
+use Jose\Component\Signature\JWSBuilder;
+use Jose\Component\Signature\JWSTokenSupport;
+use Jose\Component\Signature\JWSVerifier;
+use Jose\Component\Signature\Serializer\CompactSerializer;
+use Jose\Component\Signature\Serializer\JWSSerializerManager;
+use Jumbojett\OpenIDConnectClient;
+use Jumbojett\OpenIDConnectClientException;
+
+final class OIDCClient extends OpenIDConnectClient
+{
+    public const CLIENT_NAME     = 'Fleetbase';
+    private ?JWK $dpopPrivateKey = null;
+    private ?string $redirectURL = null;
+    protected $refreshToken;
+    protected $idToken;
+    protected $tokenResponse;
+
+    /**
+     * @param      $provider_url  string optional
+     * @param      $client_id     string optional
+     * @param      $client_secret string optional
+     * @param null $issuer
+     */
+    public function __construct($provider_url = null, $client_id = null, $client_secret = null, $issuer = null)
+    {
+        $this->setProviderURL($provider_url);
+        if ($issuer === null) {
+            $this->setIssuer($provider_url);
+        } else {
+            $this->setIssuer($issuer);
+        }
+
+        // $this->setDefaultRedirectURL();
+        $this->setCodeChallengeMethod('S256');
+        $this->setClientID($client_id);
+        $this->setClientSecret($client_secret);
+    }
+
+    public static function create(SolidClient $solidClient): self
+    {
+        $oidcConfig = $solidClient->getOpenIdConfiguration();
+        $oidcClient = new self(data_get($oidcConfig, 'issuer'));
+        $oidcClient->providerConfigParam($oidcConfig);
+
+        return $oidcClient;
+    }
+
+    public function authenticate(): bool
+    {
+        $this->setCodeChallengeMethod('S256');
+        $this->addScope(['openid', 'webid', 'offline_access']);
+
+        return parent::authenticate();
+    }
+
+    public function setClientCredentials(string $clientName = self::CLIENT_NAME, $clientCredentials): ?self
+    {
+        $clientId     = data_get($clientCredentials, 'client_id');
+        $clientSecret = data_get($clientCredentials, 'client_secret');
+
+        $this->setClientName($clientName);
+        $this->setClientID($clientId);
+        $this->setClientSecret($clientSecret);
+        $this->storeClientCredentials($clientName, $clientCredentials);
+
+        return $this;
+    }
+
+    private function storeClientCredentials(?string $clientName = self::CLIENT_NAME, $clientCredentials): void
+    {
+        Redis::set('oidc:client:' . Str::slug($clientName), json_encode($clientCredentials));
+    }
+
+    public function getClientCredentials(string $clientName = self::CLIENT_NAME)
+    {
+        $clientCredentialsString = Redis::get('oidc:client:' . Str::slug($clientName));
+        if (Utils::isJson($clientCredentialsString)) {
+            return json_decode($clientCredentialsString, false);
+        }
+
+        return null;
+    }
+
+    public function restoreClientCredentials(string $clientName = self::CLIENT_NAME): ?self
+    {
+        $clientCredentials = $this->getClientCredentials($clientName);
+        if ($clientCredentials) {
+            return $this->setClientCredentials($clientName, $clientCredentials);
+        }
+
+        return null;
+    }
+
+    public function verifyJWTsignature($jwt): bool
+    {
+        $this->decodeToken($jwt);
+
+        return true;
+    }
+
+    public function requestTokens($code, $headers = [])
+    {
+        $headers[] = 'DPoP: ' . $this->createDPoP('POST', $this->getProviderConfigValue('token_endpoint'), false);
+
+        return parent::requestTokens($code, $headers);
+    }
+
+    // https://base64.guru/developers/php/examples/base64url
+    private function base64urlEncode(string $data): string
+    {
+        // First of all you should encode $data to Base64 string
+        $b64 = base64_encode($data);
+
+        // Convert Base64 to Base64URL by replacing “+” with “-” and “/” with “_”
+        $url = strtr($b64, '+/', '-_');
+
+        // Remove padding character from the end of line and return the Base64URL result
+        return rtrim($url, '=');
+    }
+
+    public function createDPoP(string $method, string $url, bool $includeAth = true, string $accessToken = null): string
+    {
+        if (null === $this->dpopPrivateKey) {
+            $this->dpopPrivateKey = JWKFactory::createECKey('P-256', ['use' => 'sig', 'kid' => base64_encode(random_bytes(20))]);
+        }
+
+        $jwsBuilder = new JWSBuilder(new AlgorithmManager([new ES256()]));
+
+        $arrayPayload = [
+            'htu' => strtok($url, '?'),
+            'htm' => $method,
+            'jti' => base64_encode(random_bytes(20)),
+            'iat' => time(),
+        ];
+        if ($includeAth) {
+            if (!$accessToken) {
+                $accessToken = $this->getAccessToken();
+            }
+            $arrayPayload['ath'] = $this->base64urlEncode(hash('sha256', $accessToken));
+        }
+
+        $payload = json_encode($arrayPayload, \JSON_THROW_ON_ERROR);
+
+        $jws = $jwsBuilder
+            ->create()
+            ->withPayload($payload)
+            ->addSignature(
+                $this->dpopPrivateKey,
+                [
+                    'alg' => 'ES256',
+                    'typ' => 'dpop+jwt',
+                    'jwk' => $this->dpopPrivateKey->toPublic()->jsonSerialize(),
+                ]
+            )
+            ->build();
+
+        return (new CompactSerializer())->serialize($jws, 0);
+    }
+
+    public function decodeToken(string $jwt): JWS
+    {
+        try {
+            $jwks = JWKSet::createFromJson($this->fetchURL($this->getProviderConfigValue('jwks_uri')));
+        } catch (\Exception $e) {
+            throw new OpenIDConnectClientException('Invalid JWKS: ' . $e->getMessage(), $e->getCode(), $e);
+        }
+
+        $headerCheckerManager = new HeaderCheckerManager(
+            [new AlgorithmChecker(['RS256', 'RS384', 'R512', 'HS256', 'HS384', 'HS512', 'ES256', 'ES384', 'ES512'])], // TODO: read this from the provider config
+            [new JWSTokenSupport()],
+        );
+
+        $algorithmManager = new AlgorithmManager([
+            new RS256(),
+            new RS384(),
+            new RS512(),
+            new HS256(),
+            new HS384(),
+            new HS512(),
+            new ES256(),
+            new ES384(),
+            new ES512(),
+        ]);
+
+        $serializerManager = new JWSSerializerManager([new CompactSerializer()]);
+        $jws               = $serializerManager->unserialize($jwt);
+
+        try {
+            $headerCheckerManager->check($jws, 0);
+        } catch (\Exception $e) {
+            throw new OpenIDConnectClientException('Invalid JWT header: ' . $e->getMessage(), $e->getCode(), $e);
+        }
+
+        $jwsVerifier = new JWSVerifier($algorithmManager);
+        if (!$jwsVerifier->verifyWithKeySet($jws, $jwks, 0)) {
+            throw new OpenIDConnectClientException('Invalid JWT signature.');
+        }
+
+        return $jws;
+    }
+
+    public function getRedirectURL()
+    {
+        // If the redirect URL has been set then return it.
+        if (property_exists($this, 'redirectURL') && $this->redirectURL) {
+            return $this->redirectURL;
+        }
+
+        // // Get current solid identity
+        // $solidIdentity = SolidIdentity::current();
+        // return Utils::apiUrl('solid/int/v1/oidc/complete-registration/' . $solidIdentity->request_code, [], 8000);
+    }
+
+    public function setDefaultRedirectURL(string $redirectURL)
+    {
+        $this->setRedirectURL($redirectURL);
+    }
+
+    public function setAccessToken($accessToken)
+    {
+        $this->accessToken = $accessToken;
+        Redis::set('oidc:client:access_token', $accessToken);
+    }
+
+    public function setIdToken($idToken)
+    {
+        $this->idToken = $idToken;
+        Redis::set('oidc:client:id_token', $idToken);
+    }
+
+    public function setRefreshToken($refreshToken)
+    {
+        $this->refreshToken = $refreshToken;
+        Redis::set('oidc:client:refresh_token', $refreshToken);
+    }
+
+    public function setTokenResponse($tokenResponse)
+    {
+        $this->tokenResponse = $tokenResponse;
+        Redis::set('oidc:client:token_response', json_encode($tokenResponse));
+    }
+
+    public function storeTokens()
+    {
+        $idToken = $this->getIdToken();
+        if ($idToken) {
+            Redis::set('oidc:client:id_token', $idToken);
+        }
+
+        $accessToken = $this->getAccessToken();
+        if ($accessToken) {
+            Redis::set('oidc:client:access_token', $accessToken);
+        }
+
+        $refreshToken = $this->getRefreshToken();
+        if ($refreshToken) {
+            Redis::set('oidc:client:refresh_token', $refreshToken);
+        }
+        $tokenResponse = $this->getTokenResponse();
+        if ($tokenResponse) {
+            Redis::set('oidc:client:token_response', json_encode($tokenResponse));
+        }
+
+        return $this;
+    }
+
+    public function getAccessToken(): ?string
+    {
+        $accessToken = parent::getAccessToken();
+        if (!$accessToken) {
+            $accessToken = Redis::get('oidc:client:access_token');
+        }
+
+        return $accessToken;
+    }
+
+    public function getRefreshToken(): ?string
+    {
+        $refreshToken = parent::getRefreshToken();
+        if (!$refreshToken) {
+            $refreshToken = Redis::get('oidc:client:refresh_token');
+        }
+
+        return $refreshToken;
+    }
+
+    public function getIdToken()
+    {
+        $idToken = parent::getIdToken();
+        if (!$idToken) {
+            $idToken = Redis::get('oidc:client:id_token');
+        }
+
+        return $idToken;
+    }
+
+    public function getTokenResponse()
+    {
+        $tokenResponse = parent::getTokenResponse();
+        if (!$tokenResponse) {
+            $tokenResponse = Redis::get('oidc:client:token_response');
+            if (is_string($tokenResponse)) {
+                $tokenResponse = json_decode($tokenResponse);
+            }
+        }
+
+        return $tokenResponse;
+    }
+
+    public function restoreTokens()
+    {
+        $idToken       = Redis::get('oidc:client:id_token');
+        $accessToken   = Redis::get('oidc:client:access_token');
+        $refreshToken  = Redis::get('oidc:client:refresh_token');
+        $tokenResponse = Redis::get('oidc:client:token_response');
+
+        $this->setIdToken($idToken);
+        $this->setAccessToken($accessToken);
+        $this->setRefreshToken($refreshToken);
+        $this->setTokenResponse($tokenResponse);
+    }
+
+    public function clearStoredClient(?string $clientName = self::CLIENT_NAME)
+    {
+        Redis::del('oidc:client:' . Str::slug($clientName));
+    }
+}

package/server/src/LegacyClient/Profile/WebID.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Fleetbase\Solid\LegacyClient\Profile;
+
+class WebID
+{
+    protected function getAltProfileUrlAllFrom(string $webId, string $webIdProfile): array
+    {
+    }
+
+    protected function getProfileAll(string $webId, array $options = [])
+    {
+    }
+
+    protected function getPodUrlAll(string $webId, array $options = [])
+    {
+    }
+
+    protected function getPodUrlAllFrom(array $profiles, string $webId)
+    {
+    }
+
+    protected function getWebIdDataset(string $webId)
+    {
+    }
+}