From f5d94843e3ccd883de06a68ca9e4b9ade4b9e1e5 Mon Sep 17 00:00:00 2001
From: dogukanoksuz <me@dogukan.dev>
Date: Fri, 5 Jul 2024 11:03:52 +0000
Subject: [PATCH] feat: Default auth gate selection

---
 .env.example                                  |  4 ++
 app/Exceptions/Handler.php                    | 39 ++++++++++---------
 app/Http/Controllers/API/AuthController.php   | 11 +++++-
 .../API/Settings/TweaksController.php         |  7 +++-
 routes/api.php                                |  1 +
 5 files changed, 41 insertions(+), 21 deletions(-)

diff --git a/.env.example b/.env.example
index 433a4933..37f600ad 100644
--- a/.env.example
+++ b/.env.example
@@ -50,6 +50,10 @@ QUEUE_DRIVER=redis
 # Changes login screen brand name
 BRAND_NAME="HAVELSAN © 2023"
 
+# AUTH DEFAULT GATE
+# Default gate for Liman authentication
+DEFAULT_AUTH_GATE=liman
+
 # EXTENSION TIMEOUT
 # Extension request timeout parameter, Liman render engine using it
 EXTENSION_TIMEOUT=30
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
index b8a7c993..baa68b25 100644
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -60,6 +60,14 @@ public function register()
             //
         });
 
+        $this->renderable(function (AuthenticationException $e) {
+            return response()->json([
+                'message' => 'Giriş yapmanız gereklidir.'
+            ], Response::HTTP_UNAUTHORIZED)
+                ->withoutCookie('token')
+                ->withoutCookie('currentUser');
+        });
+
         // Use validator response hack
         $this->renderable(function (JsonResponseException $e) {
             return response()->json($e->getData(), $e->getCode() ? $e->getCode() : Response::HTTP_OK);
@@ -81,31 +89,12 @@ public function register()
             }
         });
 
-        $this->renderable(function (QueryException $e) {
-            return response()->json([
-                'message' => 'Veritabanı hatası mevcut. Sistem veritabanı bağlantısını kontrol ediniz.',
-            ], Response::HTTP_INTERNAL_SERVER_ERROR);
-        });
-
         $this->renderable(function (ThrottleRequestsException $e) {
             return response()->json([
                 'message' => 'Çok fazla istek gönderdiniz. Lütfen biraz bekleyin.',
             ], Response::HTTP_TOO_MANY_REQUESTS);
         });
 
-        $this->renderable(function (HttpException $e) {
-            return response()->json([
-                'message' => $e->getMessage()
-            ], Response::HTTP_INTERNAL_SERVER_ERROR);
-        });
-
-        $this->renderable(function (AuthenticationException $e) {
-            return response()->json([
-                'message' => 'Giriş yapmanız gereklidir.'
-            ], Response::HTTP_UNAUTHORIZED)
-                ->withoutCookie('token')
-                ->withoutCookie('currentUser');
-        });
 
         if (config('app.debug')) {
             $this->renderable(function (Throwable $e) {
@@ -126,6 +115,18 @@ public function register()
                 ], Response::HTTP_INTERNAL_SERVER_ERROR);
             });
         }
+
+        $this->renderable(function (QueryException $e) {
+            return response()->json([
+                'message' => 'Veritabanı hatası mevcut. Sistem veritabanı bağlantısını kontrol ediniz.',
+            ], Response::HTTP_INTERNAL_SERVER_ERROR);
+        });
+        
+        $this->renderable(function (HttpException $e) {
+            return response()->json([
+                'message' => $e->getMessage()
+            ], Response::HTTP_INTERNAL_SERVER_ERROR);
+        });
         
         $this->renderable(function (Throwable $e) {
             if ($e->getMessage() === 'Unauthenticated.') {
diff --git a/app/Http/Controllers/API/AuthController.php b/app/Http/Controllers/API/AuthController.php
index ca768136..02292a46 100644
--- a/app/Http/Controllers/API/AuthController.php
+++ b/app/Http/Controllers/API/AuthController.php
@@ -36,7 +36,8 @@ public function __construct()
                     'setupTwoFactorAuthentication', 
                     'sendPasswordResetLink', 
                     'resetPassword',
-                    'loginBranding'
+                    'loginBranding',
+                    'authGate',
                 ]
             ]
         );
@@ -70,6 +71,14 @@ public function loginBranding()
         ]);
     }
 
+    /**
+     * Get default auth gate
+     */
+    public function authGate()
+    {
+        return response()->json(env('DEFAULT_AUTH_GATE', 'liman'));
+    }
+
     /**
      * Get a JWT via given credentials.
      *
diff --git a/app/Http/Controllers/API/Settings/TweaksController.php b/app/Http/Controllers/API/Settings/TweaksController.php
index c8c8c792..888697f0 100644
--- a/app/Http/Controllers/API/Settings/TweaksController.php
+++ b/app/Http/Controllers/API/Settings/TweaksController.php
@@ -27,6 +27,7 @@ public function getConfiguration()
             'NEW_LOG_LEVEL' => env('NEW_LOG_LEVEL'),
             'LDAP_IGNORE_CERT' => (bool) env('LDAP_IGNORE_CERT', 'false'),
             'LOGIN_IMAGE' => SystemSettings::where('key', 'LOGIN_IMAGE')->first()?->data ?? '',
+            'DEFAULT_AUTH_GATE' => env('DEFAULT_AUTH_GATE', 'liman'),
         ]);
     }
 
@@ -45,6 +46,7 @@ public function saveConfiguration(Request $request)
             'APP_URL' => 'required|url',
             'EXTENSION_TIMEOUT' => 'required|integer|min:1|max:300',
             'NEW_LOG_LEVEL' => 'required|string',
+            'DEFAULT_AUTH_GATE' => 'required|string|in:liman,keycloak,ldap',
         ], [], [
             "EXTENSION_TIMEOUT" => "Eklenti zaman aşımı"
         ]);
@@ -58,9 +60,10 @@ public function saveConfiguration(Request $request)
             'EXTENSION_DEVELOPER_MODE' => (bool) $request->EXTENSION_DEVELOPER_MODE,
             'NEW_LOG_LEVEL' => $request->NEW_LOG_LEVEL,
             'LDAP_IGNORE_CERT' => (bool) $request->LDAP_IGNORE_CERT,
+            'DEFAULT_AUTH_GATE' => $request->DEFAULT_AUTH_GATE,
         ]);
 
-        if ($request->has('LOGIN_IMAGE') && $request->LOGIN_IMAGE != '')
+        if ($request->has('LOGIN_IMAGE') && $request->LOGIN_IMAGE != '') {
             // Control if LOGIN_IMAGE is bigger than 1mb
             if (strlen($request->LOGIN_IMAGE) > 1048576) {
                 return response()->json([
@@ -71,6 +74,7 @@ public function saveConfiguration(Request $request)
                 ['key' => 'LOGIN_IMAGE'],
                 ['data' => $request->get('LOGIN_IMAGE')]
             );
+        }
 
         AuditLog::write(
             'tweak',
@@ -84,6 +88,7 @@ public function saveConfiguration(Request $request)
                 'EXTENSION_DEVELOPER_MODE' => (bool) $request->EXTENSION_DEVELOPER_MODE,
                 'NEW_LOG_LEVEL' => $request->NEW_LOG_LEVEL,
                 'LDAP_IGNORE_CERT' => (bool) $request->LDAP_IGNORE_CERT,
+                'DEFAULT_AUTH_GATE' => $request->DEFAULT_AUTH_GATE,
             ],
             "TWEAK_EDIT"
         );
diff --git a/routes/api.php b/routes/api.php
index 05fe5e54..cd257ff5 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -27,6 +27,7 @@
 ], function () {
     Route::get('/types', [AuthController::class, 'activeAuthTypes']);
     Route::get('/branding', [AuthController::class, 'loginBranding']);
+    Route::get('/gate', [AuthController::class, 'authGate']);
     Route::post('/login', [AuthController::class, 'login'])
         ->middleware('throttle:login');
     Route::post('/setup_mfa', [AuthController::class, 'setupTwoFactorAuthentication']);