hello

.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://www.buymeacoffee.com/theraloss']

.github/workflows/main.yml

@@ -0,0 +1,45 @@
+name: run-tests
+
+on:
+    push:
+        branches: [master]
+    pull_request:
+        branches: [master]
+
+jobs:
+    test:
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: true
+            matrix:
+                os: [ubuntu-latest, windows-latest]
+                php: [7.4, 8.0]
+                laravel: [8.*]
+                stability: [prefer-lowest, prefer-stable]
+                include:
+                    - laravel: 8.*
+                      testbench: ^6.6
+
+        name: P${{ matrix.php }} - L${{ matrix.laravel }} - ${{ matrix.stability }} - ${{ matrix.os }}
+
+        steps:
+            - name: Checkout code
+              uses: actions/checkout@v2
+
+            - name: Setup PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+                  extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick, fileinfo
+                  coverage: none
+
+            - name: Setup problem matchers
+              run: |
+                  echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+                  echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+            - name: Install dependencies
+              run: |
+                  composer require "laravel/framework:${{ matrix.laravel }}" "orchestra/testbench:${{ matrix.testbench }}" --no-interaction --no-update
+                  composer update --${{ matrix.stability }} --prefer-dist --no-interaction
+            - name: Execute tests
+              run: vendor/bin/pest

.gitignore

@@ -0,0 +1,5 @@
+vendor/
+coverage/
+composer.lock
+.DS_Store
+*.cache

.styleci.yml

@@ -0,0 +1,4 @@
+preset: laravel
+
+disabled:
+  - single_class_element_per_statement

CHANGELOG.md

@@ -0,0 +1,7 @@
+# Changelog
+
+All notable changes to `laravel-fusionauth-jwt` will be documented in this file
+
+## 1.0.0 - 2021-07-30
+
+- First release

CONTRIBUTING.md

@@ -0,0 +1,55 @@
+# Contributing
+
+Contributions are **welcome** and will be fully **credited**.
+
+Please read and understand the contribution guide before creating an issue or pull request.
+
+## Etiquette
+
+This project is open source, and as such, the maintainers give their free time to build and maintain the source code
+held within. They make the code freely available in the hope that it will be of use to other developers. It would be
+extremely unfair for them to suffer abuse or anger for their hard work.
+
+Please be considerate towards maintainers when raising issues or presenting pull requests. Let's show the
+world that developers are civilized and selfless people.
+
+It's the duty of the maintainer to ensure that all submissions to the project are of sufficient
+quality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used.
+
+## Viability
+
+When requesting or submitting new features, first consider whether it might be useful to others. Open
+source projects are used by many developers, who may have entirely different needs to your own. Think about
+whether or not your feature is likely to be used by other users of the project.
+
+## Procedure
+
+Before filing an issue:
+
+- Attempt to replicate the problem, to ensure that it wasn't a coincidental incident.
+- Check to make sure your feature suggestion isn't already present within the project.
+- Check the pull requests tab to ensure that the bug doesn't have a fix in progress.
+- Check the pull requests tab to ensure that the feature isn't already in progress.
+
+Before submitting a pull request:
+
+- Check the codebase to ensure that your feature doesn't already exist.
+- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.
+
+## Requirements
+
+If the project maintainer has any additional requirements, you will find them listed here.
+
+- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer).
+
+- **Add tests!** - Your patch won't be accepted if it doesn't have tests.
+
+- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date.
+
+- **Consider our release cycle** - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option.
+
+- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.
+
+- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](https://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting.
+
+**Happy coding**!

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) Danilo Polani
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,178 @@
+# Laravel FusionAuth JWT
+
+[![Latest Version on Packagist](https://img.shields.io/packagist/v/danilopolani/laravel-fusionauth-jwt.svg?style=flat-square)](https://packagist.org/packages/danilopolani/laravel-fusionauth-jwt)
+[![Total Downloads](https://img.shields.io/packagist/dt/danilopolani/laravel-fusionauth-jwt.svg?style=flat-square)](https://packagist.org/packages/danilopolani/laravel-fusionauth-jwt)
+![GitHub Actions](https://github.com/danilopolani/laravel-fusionauth-jwt/actions/workflows/main.yml/badge.svg)
+
+Implement an Auth guard for FusionAuth JWTs in Laravel.  
+It ships with also a middleware to check against the user role.  
+
+## Installation
+
+You can install the package via composer:
+
+```bash
+composer require danilopolani/laravel-fusionauth-jwt
+```
+
+Then publish its config file:
+
+```bash
+php artisan vendor:publish --tag=fusionauth-jwt-config
+```
+
+## Configuration
+
+There are a few notable configuration options for the package.
+
+Key | Type | Description
+------------ | ------------- | -------------
+`domain` | String | Your FusionAuth domain, e.g. `auth.myapp.com` or `sandbox.fusionauth.io`.
+`client_id` | String | The Client ID of the current application.
+`client_secret` | String | The Client Secret of the current application.
+`issuers` | Array | A list of authorized issuers for the incoming JWT.
+`audience` | String \| Null | The ID/Name of the authorized audience. If null, the **Client ID** will be used.
+`supported_algs` | Array | The supported algorithms of the JWT. Supported: `RS256` and `HS256`.
+`default_role` | String \| Null | The default role to be checked if you're using the [`CheckRole`](#role-middleware) middleware.
+
+## Usage
+
+To start protecting your APIs you need to add the Guard and the Auth Provider to your `config/auth.php` configuration file:
+
+```php
+'guards' => [
+    // ...
+    'fusionauth' => [
+        'driver' => 'fusionauth',
+        'provider' => 'fusionauth',
+    ],
+],
+
+'providers' => [
+    // ...
+    'fusionauth' => [
+        'driver' => 'fusionauth',
+    ],
+],
+```
+
+Then you can use the `auth:fusionauth` guard to protect your endpoints; you can apply it to a group or a single route:
+
+```php
+// app\Http\Kernel.php
+
+protected $middlewareGroups = [
+    'api' => [
+        'auth:fusionauth',
+        // ...
+    ],
+];
+
+// or routes/api.php
+
+Route::get('users', [UserController::class, 'index'])
+    ->middleware('auth:fusionauth');
+```
+
+Now requests for those endpoints will check if the given JWT (given as **Bearer token**) is valid.
+
+To retrieve the current logged in user - or to check if it's logged in - you can use the usual `Auth` facade methods, specifying the `fusionauth` guard:
+
+```php
+Auth::guard('fusionauth')->check();
+
+/** @var \DaniloPolani\FusionAuthJwt\FusionAuthJwtUser $user */
+$user = Auth::guard('fusionauth')->user();
+```
+
+### Role middleware
+
+The package ships with a handy middleware to check for user role (stored in the `roles` key).
+
+You can apply it on a middleware group inside the `Kernel.php` or to specific routes:
+
+```php
+// app\Http\Kernel.php
+
+protected $middlewareGroups = [
+    'api' => [
+        'auth:fusionauth',
+        \DaniloPolani\FusionAuthJwt\Http\Middleware\CheckRole::class,
+        // ...
+    ],
+];
+
+// or routes/api.php
+
+Route::get('users', [UserController::class, 'index'])
+    ->middleware(['auth:fusionauth', 'fusionauth.role']);
+```
+
+By default the middleware will check that the current user has the `default_role` specified in the configuration file, but you can use as well a specific role, different from the default:
+
+```php
+// routes/api.php
+
+Route::get('users', [UserController::class, 'index'])
+    ->middleware(['auth:fusionauth', 'fusionauth.role:admin']);
+```
+
+For more complex cases we suggest you to take a look on how the [`CheckRole`](https://github.com/danilopolani/laravel-fusionauth-jwt/blob/master/src/Http/Middleware/CheckRole.php) middleware is written (using the [`RoleManager`](https://github.com/danilopolani/laravel-fusionauth-jwt/blob/master/src/Helpers/RoleManager.php) class) and write your own.
+
+### Usage in tests
+
+When you need to test your endpoints in Laravel, you can take advantage of the [`actingAs`](https://laravel.com/docs/8.x/http-tests#session-and-authentication) method to set the current logged in user.
+
+You can pass any property you want to the `FusionAuthJwtUser` class, like `email`, `user` etc. Take a look at this example where we specify the user roles:
+
+```php
+use DaniloPolani\FusionAuthJwt\FusionAuthJwtUser;
+
+$this
+    ->actingAs(
+        new FusionAuthJwtUser([
+            'roles' => ['user', 'admin'],
+        ]),
+        'fusionauth',
+    )
+    ->get('/api/users')
+    ->assertOk();
+```
+
+If you need to set the authenticated user outside HTTP testing (therefore you can't use `actingAs()`), you can use the `setUser()` method of the `Auth` facade:
+
+```php
+use DaniloPolani\FusionAuthJwt\FusionAuthJwtUser;
+use Illuminate\Support\Facades\Auth;
+
+Auth::guard('fusionauth')->setUser(
+    new FusionAuthJwtUser([
+        'roles' => ['user', 'admin'],
+    ])
+);
+```
+
+### Changelog
+
+Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.
+
+## Contributing
+
+Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
+
+### Security
+
+If you discover any security related issues, please email [email protected] instead of using the issue tracker.
+
+## Credits
+
+-   [Danilo Polani](https://github.com/danilopolani)
+-   [All Contributors](../../contributors)
+
+## License
+
+The MIT License (MIT). Please see [License File](LICENSE.md) for more information.
+
+## Laravel Package Boilerplate
+
+This package was generated using the [Laravel Package Boilerplate](https://laravelpackageboilerplate.com).

composer.json

@@ -0,0 +1,54 @@
+{
+    "name": "danilopolani/laravel-fusionauth-jwt",
+    "description": "Laravel Auth guard for FusionAuth JWT",
+    "keywords": [
+        "danilopolani",
+        "laravel-fusionauth-jwt"
+    ],
+    "homepage": "https://github.com/danilopolani/laravel-fusionauth-jwt",
+    "license": "MIT",
+    "type": "library",
+    "authors": [
+        {
+            "name": "Danilo Polani",
+            "email": "[email protected]",
+            "role": "Developer"
+        }
+    ],
+    "require": {
+        "php": "^7.4|^8.0",
+        "firebase/php-jwt": "^5.4",
+        "illuminate/auth": "^8.0",
+        "illuminate/http": "^8.0",
+        "illuminate/contracts": "^8.0",
+        "illuminate/routing": "^8.0",
+        "illuminate/support": "^8.0"
+    },
+    "require-dev": {
+        "orchestra/testbench": "^6.0",
+        "pestphp/pest": "^1.12"
+    },
+    "autoload": {
+        "psr-4": {
+            "DaniloPolani\\FusionAuthJwt\\": "src"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "DaniloPolani\\FusionAuthJwt\\Tests\\": "tests"
+        }
+    },
+    "scripts": {
+        "test": "vendor/bin/pest"
+    },
+    "config": {
+        "sort-packages": true
+    },
+    "extra": {
+        "laravel": {
+            "providers": [
+                "DaniloPolani\\FusionAuthJwt\\FusionAuthJwtServiceProvider"
+            ]
+        }
+    }
+}