First commit

Author: vuongxuongminh

.gitignore

@@ -0,0 +1,8 @@
+*.log
+/.php_cs
+/.php_cs.cache
+/.phpunit.result.cache
+/vendor/
+/composer.lock
+.php-cs-fixer.php
+.php-cs-fixer.cache

.php-cs-fixer.dist.php

@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+$finder = PhpCsFixer\Finder::create()
+    ->in(__DIR__)
+    ->append([__FILE__]);
+
+return (new PhpCsFixer\Config())
+    ->setUsingCache(true)
+    ->setRules(
+        [
+            '@PSR12' => true,
+            '@Symfony' => true,
+            'array_indentation' => true,
+            'class_definition' => ['multi_line_extends_each_single_line' => true],
+            'compact_nullable_typehint' => true,
+            'concat_space' => ['spacing' => 'one'],
+            'declare_strict_types' => true,
+            'heredoc_to_nowdoc' => true,
+            'global_namespace_import' => [
+                'import_classes' => false,
+                'import_constants' => false,
+                'import_functions' => false,
+            ],
+            'list_syntax' => ['syntax' => 'short'],
+            'no_null_property_initialization' => true,
+            'phpdoc_to_comment' => false,
+            'phpdoc_align' => ['align' => 'left'],
+            'phpdoc_summary' => false,
+            'ternary_to_null_coalescing' => true,
+        ]
+    )
+    ->setRiskyAllowed(true)
+    ->setFinder($finder);

LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2021 Minh Vuong <vuongxuongminh@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

composer.json

@@ -0,0 +1,33 @@
+{
+  "name": "php-istio/jwt-payload-extractor",
+  "description": "Library to help extract JWT payload from Istio Envoy proxy.",
+  "type": "library",
+  "license": "MIT",
+  "authors": [
+    {
+      "name": "Minh Vuong",
+      "email": "vuongxuongminh@gmail.com"
+    }
+  ],
+  "config": {
+    "sort-packages": true
+  },
+  "minimum-stability": "stable",
+  "require": {
+    "php": ">=8.0",
+    "symfony/http-foundation": "^5.3"
+  },
+  "autoload": {
+    "psr-4": {
+      "Istio\\JWTPayloadExtractor\\": "src"
+    }
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "Istio\\JWTPayloadExtractor\\Tests\\": "tests"
+    }
+  },
+  "require-dev": {
+    "phpunit/phpunit": "^9.5"
+  }
+}

phpunit.xml.dist

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.5/phpunit.xsd" backupGlobals="false" bootstrap="vendor/autoload.php" colors="true">
+    <php>
+        <ini name="error_reporting" value="-1" />
+    </php>
+
+    <testsuites>
+        <testsuite name="Library Test Suite">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+
+    <coverage processUncoveredFiles="true">
+        <include>
+            <directory>.</directory>
+        </include>
+        <exclude>
+            <directory>tests</directory>
+            <directory>vendor</directory>
+            <file>.php-cs-fixer.dist.php</file>
+        </exclude>
+    </coverage>
+</phpunit>

src/AbstractExtractor.php

@@ -0,0 +1,76 @@
+<?php
+/*
+ * (c) Minh Vuong <vuongxuongminh@gmail.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+declare(strict_types=1);
+
+namespace Istio\JWTPayloadExtractor;
+
+use Symfony\Component\HttpFoundation\HeaderBag;
+use Symfony\Component\HttpFoundation\InputBag;
+use Symfony\Component\HttpFoundation\Request;
+
+abstract class AbstractExtractor implements ExtractorInterface
+{
+    private string $requestBag;
+
+    private string $itemName;
+
+    private string $issuer;
+
+    public function __construct(
+        string $issuer,
+        string $requestBag,
+        string $itemName
+    ) {
+        if ('' === $issuer) {
+            throw new \LogicException('Issuer can not be blank!');
+        }
+
+        $this->issuer = $issuer;
+        $this->requestBag = $requestBag;
+        $this->itemName = $itemName;
+    }
+
+    final public function extract(Request $request): ?array
+    {
+        /** @var InputBag|HeaderBag $bag */
+        $bag = $request->{$this->requestBag};
+        $value = $bag->get($this->itemName);
+
+        if (null === $value) {
+            return null;
+        }
+
+        $payload = $this->extractFromValue($value);
+
+        if (null === $payload || $this->issuer !== ($payload['iss'] ?? null)) {
+            return null;
+        }
+
+        return $payload;
+    }
+
+    abstract protected function extractFromValue(mixed $value): ?array;
+
+    final protected function extractFromBase64EncodedPayload(string $encodedPayload): ?array
+    {
+        $jsonPayload = base64_decode($encodedPayload, true);
+
+        if (false === $jsonPayload) {
+            return null;
+        }
+
+        $payload = json_decode($jsonPayload, true);
+
+        if (null === $payload) {
+            return null;
+        }
+
+        return $payload;
+    }
+}

src/Base64HeaderExtractor.php

@@ -0,0 +1,24 @@
+<?php
+/*
+ * (c) Minh Vuong <vuongxuongminh@gmail.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+declare(strict_types=1);
+
+namespace Istio\JWTPayloadExtractor;
+
+final class Base64HeaderExtractor extends AbstractExtractor
+{
+    public function __construct(string $issuer, string $itemName)
+    {
+        parent::__construct($issuer, 'headers', $itemName);
+    }
+
+    protected function extractFromValue(mixed $value): ?array
+    {
+        return $this->extractFromBase64EncodedPayload($value);
+    }
+}

src/CompositeExtractor.php

@@ -0,0 +1,32 @@
+<?php
+/*
+ * (c) Minh Vuong <vuongxuongminh@gmail.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+declare(strict_types=1);
+
+namespace Istio\JWTPayloadExtractor;
+
+use Symfony\Component\HttpFoundation\Request;
+
+final class CompositeExtractor implements ExtractorInterface
+{
+    public function __construct(private iterable $extractors)
+    {
+    }
+
+    public function extract(Request $request): ?array
+    {
+        foreach ($this->extractors as $extractor) {
+            /** @var ExtractorInterface $extractor */
+            if ($payload = $extractor->extract($request)) {
+                return $payload;
+            }
+        }
+
+        return null;
+    }
+}

src/ExtractorFactory.php

@@ -0,0 +1,34 @@
+<?php
+/*
+ * (c) Minh Vuong <vuongxuongminh@gmail.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+declare(strict_types=1);
+
+namespace Istio\JWTPayloadExtractor;
+
+class ExtractorFactory
+{
+    public static function fromBase64Header(string $issuer, string $header): Base64HeaderExtractor
+    {
+        return new Base64HeaderExtractor($issuer, $header);
+    }
+
+    public static function fromOriginTokenHeader(string $issuer, string $header): OriginTokenExtractor
+    {
+        return new OriginTokenExtractor($issuer, 'headers', $header);
+    }
+
+    public static function fromOriginTokenQueryParam(string $issuer, string $queryParam): OriginTokenExtractor
+    {
+        return new OriginTokenExtractor($issuer, 'query', $queryParam);
+    }
+
+    public static function fromExtractors(ExtractorInterface ...$extractors): CompositeExtractor
+    {
+        return new CompositeExtractor($extractors);
+    }
+}

src/ExtractorInterface.php

@@ -0,0 +1,18 @@
+<?php
+/*
+ * (c) Minh Vuong <vuongxuongminh@gmail.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+declare(strict_types=1);
+
+namespace Istio\JWTPayloadExtractor;
+
+use Symfony\Component\HttpFoundation\Request;
+
+interface ExtractorInterface
+{
+    public function extract(Request $request): ?array;
+}