Adding authentication and authorization support

composer.json

@@ -16,17 +16,17 @@
         }
     ],
     "require" : {
-        "php" : ">=7.1",
+        "php" : ">=7.2",
         "thecodingmachine/graphqlite" : "~4.0.0",
-        "illuminate/console": "^5.0|^6.0",
-        "illuminate/container": "^5.0|^6.0",
-        "illuminate/support": "^5.0|^6.0",
-        "illuminate/cache": "^5.0|^6.0",
+        "illuminate/console": "^5.7|^6.0",
+        "illuminate/container": "^5.7|^6.0",
+        "illuminate/support": "^5.7|^6.0",
+        "illuminate/cache": "^5.7|^6.0",
         "symfony/psr-http-message-bridge": "^1",
         "zendframework/zend-diactoros": "^1.8.6"
     },
     "require-dev": {
-        "orchestra/testbench": "^3.5.5 || ^4",
+        "orchestra/testbench": "^3.7.7 || ^4",
         "phpunit/phpunit": "^7.5.4 || ^8.3",
         "ext-sqlite3": "*"
     },
@@ -35,6 +35,11 @@
             "TheCodingMachine\\GraphQLite\\Laravel\\" : "src/"
         }
     },
+    "autoload-dev" : {
+        "psr-4" : {
+            "App\\" : "tests/Fixtures/App"
+        }
+    },
     "extra": {
         "branch-alias": {
             "dev-master": "4.0.x-dev"

src/Providers/GraphQLiteServiceProvider.php

@@ -2,16 +2,20 @@
 
 namespace TheCodingMachine\GraphQLite\Laravel\Providers;
 
+use Illuminate\Contracts\Auth\Access\Gate;
+use Illuminate\Contracts\Auth\Factory as AuthFactory;
+use TheCodingMachine\GraphQLite\Laravel\Security\AuthenticationService;
+use TheCodingMachine\GraphQLite\Laravel\Security\AuthorizationService;
+use TheCodingMachine\GraphQLite\Security\AuthenticationServiceInterface;
+use function config;
 use function extension_loaded;
-use function foo\func;
 use GraphQL\Error\Debug;
 use GraphQL\Server\ServerConfig;
 use GraphQL\Server\StandardServer;
-use Illuminate\Contracts\Cache\Repository;
 use Illuminate\Contracts\Foundation\Application;
-use Illuminate\Routing\Router;
 use Illuminate\Support\ServiceProvider;
 use function ini_get;
+use function is_array;
 use function is_iterable;
 use Symfony\Bridge\PsrHttpMessage\Factory\DiactorosFactory;
 use Symfony\Bridge\PsrHttpMessage\HttpMessageFactoryInterface;
@@ -73,8 +77,20 @@ public function register()
             }
         });
 
+        $this->app->singleton(AuthenticationService::class, function(Application $app) {
+            $guard = config('graphqlite.guard', $this->app['config']['auth.defaults.guard']);
+            if (!is_array($guard)) {
+                $guard = [$guard];
+            }
+            return new AuthenticationService($app[AuthFactory::class], $guard);
+        });
+
+        $this->app->bind(AuthenticationServiceInterface::class, AuthenticationService::class);
+
         $this->app->singleton(SchemaFactory::class, function (Application $app) {
             $service = new SchemaFactory($app->make('graphqliteCache'), new SanePsr11ContainerAdapter($app));
+            $service->setAuthenticationService($app[AuthenticationService::class]);
+            $service->setAuthorizationService($app[AuthorizationService::class]);
 
             $controllers = config('graphqlite.controllers', 'App\\Http\\Controllers');
             if (!is_iterable($controllers)) {

src/Security/AuthenticationService.php

@@ -0,0 +1,57 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQLite\Laravel\Security;
+
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Contracts\Auth\Factory as AuthFactory;
+use TheCodingMachine\GraphQLite\Security\AuthenticationServiceInterface;
+
+class AuthenticationService implements AuthenticationServiceInterface
+{
+    /**
+     * @var AuthFactory
+     */
+    private $auth;
+    /**
+     * @var array|string[]
+     */
+    private $guards;
+
+    /**
+     * @param string[] $guards
+     */
+    public function __construct(AuthFactory $auth, array $guards)
+    {
+        $this->auth = $auth;
+        $this->guards = $guards;
+    }
+
+    /**
+     * Returns true if the "current" user is logged
+     */
+    public function isLogged(): bool
+    {
+        foreach ($this->guards as $guard) {
+            if ($this->auth->guard($guard)->check()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Returns an object representing the current logged user.
+     * Can return null if the user is not logged.
+     */
+    public function getUser(): ?object
+    {
+        foreach ($this->guards as $guard) {
+            $user = $this->auth->guard($guard)->user();
+            if ($user !== null) {
+                return $user;
+            }
+        }
+        return null;
+    }
+}

src/Security/AuthorizationService.php

@@ -0,0 +1,36 @@
+<?php
+
+
+namespace TheCodingMachine\GraphQLite\Laravel\Security;
+
+use Illuminate\Contracts\Auth\Access\Gate;
+use TheCodingMachine\GraphQLite\Security\AuthenticationServiceInterface;
+use TheCodingMachine\GraphQLite\Security\AuthorizationServiceInterface;
+
+class AuthorizationService implements AuthorizationServiceInterface
+{
+    /**
+     * @var Gate
+     */
+    private $gate;
+    /**
+     * @var AuthenticationServiceInterface
+     */
+    private $authenticationService;
+
+    public function __construct(Gate $gate, AuthenticationServiceInterface $authenticationService)
+    {
+        $this->gate = $gate;
+        $this->authenticationService = $authenticationService;
+    }
+
+    /**
+     * Returns true if the "current" user has access to the right "$right"
+     *
+     * @param mixed $subject The scope this right applies on. $subject is typically an object or a FQCN. Set $subject to "null" if the right is global.
+     */
+    public function isAllowed(string $right, $subject = null): bool
+    {
+        return $this->gate->forUser($this->authenticationService->getUser())->check($right, $subject);
+    }
+}

tests/Fixtures/App/Http/Controllers/TestController.php

@@ -0,0 +1,28 @@
+<?php
+
+
+namespace App\Http\Controllers;
+
+
+use TheCodingMachine\GraphQLite\Annotations\Logged;
+use TheCodingMachine\GraphQLite\Annotations\Query;
+
+class TestController
+{
+    /**
+     * @Query()
+     */
+    public function test(): string
+    {
+        return 'foo';
+    }
+
+    /**
+     * @Query()
+     * @Logged()
+     */
+    public function testLogged(): string
+    {
+        return 'foo';
+    }
+}

tests/Providers/GraphQLiteServiceProviderTest.php

@@ -22,8 +22,15 @@ public function testServiceProvider()
 
     public function testHttpQuery()
     {
-        $response = $this->json('POST', '/graphql', ['query' => '{ dummyQuery }']);
+        $response = $this->json('POST', '/graphql', ['query' => '{ test }']);
         $this->assertSame(200, $response->getStatusCode(), $response->getContent());
-        $response->assertJson(["data" => ["dummyQuery" => "This is a placeholder query. Please create a query using the @Query annotation."]]);
+        $response->assertJson(["data" => ["test" => "foo"]]);
+    }
+
+    public function testAuthentication()
+    {
+        $response = $this->json('POST', '/graphql', ['query' => '{ testLogged }']);
+        $this->assertSame(200, $response->getStatusCode(), $response->getContent());
+        $response->assertJson(["errors" => [["message" => "You need to be logged to access this field"]]]);
     }
 }