[Summary view] [Print] [Text view]

   1  <?php
   2  /*
   3   * Copyright 2014 Google Inc.
   4   *
   5   * Licensed under the Apache License, Version 2.0 (the "License");
   6   * you may not use this file except in compliance with the License.
   7   * You may obtain a copy of the License at
   8   *
   9   *     http://www.apache.org/licenses/LICENSE-2.0
  10   *
  11   * Unless required by applicable law or agreed to in writing, software
  12   * distributed under the License is distributed on an "AS IS" BASIS,
  13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14   * See the License for the specific language governing permissions and
  15   * limitations under the License.
  16   */
  17  
  18  /*
  19   * WARNING - this class depends on the Google App Engine PHP library
  20   * which is 5.3 and above only, so if you include this in a PHP 5.2
  21   * setup or one without 5.3 things will blow up.
  22   */
  23  use google\appengine\api\app_identity\AppIdentityService;
  24  
  25  require_once "Google/Auth/Abstract.php";
  26  require_once "Google/Http/Request.php";
  27  
  28  /**
  29   * Authentication via the Google App Engine App Identity service.
  30   */
  31  class Google_Auth_AppIdentity extends Google_Auth_Abstract
  32  {
  33    const CACHE_PREFIX = "Google_Auth_AppIdentity::";
  34    const CACHE_LIFETIME = 1500;
  35    private $key = null;
  36    private $client;
  37    private $token = false;
  38    private $tokenScopes = false;
  39  
  40    public function __construct(Google_Client $client, $config = null)
  41    {
  42      $this->client = $client;
  43    }
  44  
  45    /**
  46     * Retrieve an access token for the scopes supplied.
  47     */
  48    public function authenticateForScope($scopes)
  49    {
  50      if ($this->token && $this->tokenScopes == $scopes) {
  51        return $this->token;
  52      }
  53      $memcache = new Memcached();
  54      $this->token = $memcache->get(self::CACHE_PREFIX . $scopes);
  55      if (!$this->token) {
  56        $this->token = AppIdentityService::getAccessToken($scopes);
  57        if ($this->token) {
  58          $memcache_key = self::CACHE_PREFIX;
  59          if (is_string($scopes)) {
  60            $memcache_key .= $scopes;
  61          } else if (is_array($scopes)) {
  62            $memcache_key .= implode(":", $scopes);
  63          }
  64          $memcache->set($memcache_key, $this->token, self::CACHE_LIFETIME);
  65        }
  66      }
  67      $this->tokenScopes = $scopes;
  68      return $this->token;
  69    }
  70  
  71    /**
  72     * Perform an authenticated / signed apiHttpRequest.
  73     * This function takes the apiHttpRequest, calls apiAuth->sign on it
  74     * (which can modify the request in what ever way fits the auth mechanism)
  75     * and then calls apiCurlIO::makeRequest on the signed request
  76     *
  77     * @param Google_Http_Request $request
  78     * @return Google_Http_Request The resulting HTTP response including the
  79     * responseHttpCode, responseHeaders and responseBody.
  80     */
  81    public function authenticatedRequest(Google_Http_Request $request)
  82    {
  83      $request = $this->sign($request);
  84      return $this->io->makeRequest($request);
  85    }
  86  
  87    public function sign(Google_Http_Request $request)
  88    {
  89      if (!$this->token) {
  90        // No token, so nothing to do.
  91        return $request;
  92      }
  93      // Add the OAuth2 header to the request
  94      $request->setRequestHeaders(
  95          array('Authorization' => 'Bearer ' . $this->token['access_token'])
  96      );
  97  
  98      return $request;
  99    }
 100  }