home/torsearch
1
0
Fork 0
Code Issues 22 Pull Requests 1 Actions 3 Packages Projects 4 Releases Wiki Activity

wip: base layout of config with validation

Browse Source
This commit is contained in:
brock
2025-07-12 23:10:13 -05:00
parent 8b50b50466
commit 0aee4ae7df
15 changed files with 503 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.env
View File

@@ -51,3 +51,11 @@ OIDC_CLIENT_ID="Enter your OIDC client id"
OIDC_CLIENT_SECRET="Enter your OIDC client secret"
OIDC_BYPASS_FORM_LOGIN=false
###< drenso/symfony-oidc-bundle ###
SMTP_HOST=
SMTP_USER=
SMTP_PASS=
SMTP_PORT=
SMTP_FROM=
SMTP_FROM_NAME=""

2
config/services.yaml
View File

@@ -6,6 +6,7 @@
parameters:
# App
app.url: '%env(APP_URL)%'
app.env: '%env(default:app.default.env:APP_ENV)%'
app.version: '%env(default:app.default.version:APP_VERSION)%'
# Debrid Services
@@ -32,6 +33,7 @@ parameters:
app.cache.redis.host.default: 'redis://redis'
# Various configs
app.default.env: 'prod'
app.default.version: '0.dev'
app.default.timezone: 'America/Chicago'

105
src/Base/Config/AppConfig.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
namespace App\Base\Config;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
class AppConfig implements ConfigInterface
{
private array $messages = [];
public function __construct(
#[Autowire(param: 'app.env')]
private readonly ?string $appEnv = null,
#[Autowire(param: 'app.url')]
private readonly ?string $appUrl = null,
#[Autowire(param: 'app.debrid.real_debrid.key')]
private readonly ?string $realDebridApiKey = null,
#[Autowire(param: 'app.meta_provider.tmdb.key')]
private readonly ?string $tmdbApiKey = null,
#[Autowire(param: 'media.movies_path')]
private readonly ?string $moviesPath = null,
#[Autowire(param: 'media.tvshows_path')]
private readonly ?string $tvshowsPath = null,
) {}
public function isValid(): bool
{
$valid = true;
if (false === $this->isVariableValid('APP_ENV', $this->appEnv)) {
$valid = false;
}
if (false === $this->isVariableValid('APP_URL', $this->appUrl)) {
$valid = false;
}
if (false === $this->isVariableValid('REAL_DEBRID_KEY', $this->realDebridApiKey)) {
$valid = false;
}
if (false === $this->isVariableValid('TMDB_API', $this->tmdbApiKey)) {
$valid = false;
}
if (false === $this->isVariableValid('MOVIES_PATH', $this->moviesPath)) {
$valid = false;
}
if (false === $this->isVariableValid('TVSHOWS_PATH', $this->tvshowsPath)) {
$valid = false;
}
return $valid;
}
public function getMessages(): array
{
return $this->messages;
}
private function isVariableValid($key, $value): bool
{
if ("" === $value || null === $value) {
$this->messages[] = "Your system is misconfigured. Please set the $key environment variable appropriately.";
return false;
}
return true;
}
public function getAppEnv(): ?string
{
return $this->appEnv;
}
public function getAppUrl(): ?string
{
return $this->appUrl;
}
public function getRealDebridApiKey(): ?string
{
return $this->realDebridApiKey;
}
public function getTmdbApiKey(): ?string
{
return $this->tmdbApiKey;
}
public function getMoviesPath(): ?string
{
return $this->moviesPath;
}
public function getTvshowsPath(): ?string
{
return $this->tvshowsPath;
}
}

88
src/Base/Config/Auth/OidcConfig.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
namespace App\Base\Config\Auth;
use App\Base\Config\ConfigInterface;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
class OidcConfig implements ConfigInterface
{
private array $messages = [];
public function __construct(
#[Autowire(param: 'auth.method')]
private readonly ?string $authMethod = null,
#[Autowire(param: 'auth.oidc.well_known_url')]
private readonly ?string $wellKnownUrl = null,
#[Autowire(param: 'auth.oidc.client_id')]
private readonly ?string $clientId = null,
#[Autowire(param: 'auth.oidc.client_secret')]
private readonly ?string $clientSecret = null,
#[Autowire(param: 'auth.oidc.bypass_form_login')]
private readonly ?bool $bypassFormLogin = null,
) {}
public function isEnabled(): bool
{
return "oidc" === strtolower($this->authMethod);
}
public function isValid(): bool
{
$valid = true;
if (true === $this->isEnabled()) {
if (false === $this->isVariableValid("OIDC_CLIENT_ID", $this->clientId)) {
$valid = false;
}
if (false === $this->isVariableValid("OIDC_CLIENT_SECRET", $this->clientSecret)) {
$valid = false;
}
if (false === $this->isVariableValid("OIDC_WELL_KNOWN_URL", $this->wellKnownUrl)) {
$valid = false;
}
}
return $valid;
}
public function getWellKnownUrl(): ?string
{
return $this->wellKnownUrl;
}
public function getClientId(): ?string
{
return $this->clientId;
}
public function getClientSecret(): ?string
{
return $this->clientSecret;
}
public function getBypassFormLogin(): ?bool
{
return $this->bypassFormLogin;
}
public function getMessages(): array
{
return $this->messages;
}
private function isVariableValid(string $key, mixed $value): bool
{
if ("" === $value || null === $value) {
$this->messages[] = "Your OIDC is misconfigured. Please set the $key environment variable to the required value.";
return true;
}
return false;
}
}

62
src/Base/Config/AuthConfig.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
namespace App\Base\Config;
use App\Base\Config\Auth\OidcConfig;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
class AuthConfig implements ConfigInterface
{
const AUTH_METHODS = ['form_login', 'oidc'];
private array $messages = [];
public function __construct(
#[Autowire(param: 'auth.method')]
private readonly ?string $authMethod,
private readonly OidcConfig $oidcConfig,
) {}
public function isMethod(string $method): bool
{
return $this->getAuthMethod() === strtolower($method);
}
public function getAuthMethod(): string
{
return strtolower($this->authMethod);
}
public function getOidcConfig(): OidcConfig
{
return $this->oidcConfig;
}
public function isValid(): bool
{
$valid = true;
if (null === $this->getAuthMethod() || "" === $this->getAuthMethod()) {
$this->messages[] = "Your auth method is missing. Please set the AUTH_METHOD environment variable to your desired value. Valid options: [form_login, oidc].";
return false;
}
if (!in_array($this->getAuthMethod(), self::AUTH_METHODS, true)) {
$this->messages[] = "Your auth method is incorrect. Please set the AUTH_METHOD environment variable to your desired value. Valid options: [form_login, oidc].";
return false;
}
if ("oidc" === $this->getAuthMethod()) {
if (false === $this->oidcConfig->isValid()) {
$this->messages += $this->oidcConfig->getMessages();
$valid = false;
}
}
return $valid;
}
public function getMessages(): array
{
return $this->messages;
}
}

12
src/Base/Config/ConfigInterface.php Normal file
View File

@@ -0,0 +1,12 @@
<?php
namespace App\Base\Config;
interface ConfigInterface
{
/** Validates the config values are present and as expected */
public function isValid(): bool;
/** Holds the error messages so they can be logged */
public function getMessages(): array;
}

113
src/Base/Config/SmtpConfig.php Normal file
View File

@@ -0,0 +1,113 @@
<?php
namespace App\Base\Config;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
class SmtpConfig implements ConfigInterface
{
private array $messages = [];
/*
* SMTP is considered enabled if any of
* the parameters are set. If none are set,
* then the User must not need it.
*/
private bool $isEnabled = false;
public function __construct(
#[Autowire(env: 'SMTP_HOST')]
private readonly ?string $smtpHost,
#[Autowire(env: 'SMTP_USER')]
private readonly ?string $smtpUser,
#[Autowire(env: 'SMTP_PASS')]
private readonly ?string $smtpPass,
#[Autowire(env: 'SMTP_PORT')]
private readonly ?string $smtpPort,
#[Autowire(env: 'SMTP_FROM')]
private readonly ?string $smtpFrom,
#[Autowire(env: 'SMTP_FROM_NAME')]
private readonly ?string $smtpFromName,
) {
foreach (func_get_args() as $key => $value) {
if ("" !== $value && $value !== null) {
$this->isEnabled = true;
}
}
}
public function isEnabled(): bool
{
return $this->isEnabled;
}
public function getMessages(): array
{
return $this->messages;
}
public function isValid(): bool
{
if (false === $this->isEnabled) {
return true;
}
$valid = true;
$params = [
'SMTP_HOST' => $this->smtpHost,
'SMTP_USER' => $this->smtpUser,
'SMTP_PASS' => $this->smtpPass,
'SMTP_PORT' => $this->smtpPort,
'SMTP_FROM' => $this->smtpFrom,
'SMTP_FROM_NAME' => $this->smtpFromName,
];
foreach ($params as $key => $value) {
if (false === $this->isVariableValid($key, $value)) {
$valid = false;
}
}
return $valid;
}
private function isVariableValid($key, $value): bool
{
if ("" === $value || null === $value) {
$this->messages[] = "Your SMTP is misconfigured. Please set the $key environment variable appropriately.";
return false;
}
return true;
}
public function getSmtpHost(): ?string
{
return $this->smtpHost;
}
public function getSmtpUser(): ?string
{
return $this->smtpUser;
}
public function getSmtpPass(): ?string
{
return $this->smtpPass;
}
public function getSmtpPort(): ?string
{
return $this->smtpPort;
}
public function getSmtpFrom(): ?string
{
return $this->smtpFrom;
}
public function getSmtpFromName(): ?string
{
return $this->smtpFromName;
}
}

100
src/Base/ConfigResolver.php
View File

@@ -2,58 +2,60 @@
namespace App\Base;
use Symfony\Component\DependencyInjection\Attribute\Autowire;
use App\Base\Config\AppConfig;
use App\Base\Config\AuthConfig;
use App\Base\Config\SmtpConfig;
use Psr\Log\LoggerInterface;
use Symfony\Contracts\Cache\TagAwareCacheInterface;
final class ConfigResolver
{
private array $messages = [];
public function __construct(
#[Autowire(param: 'app.url')]
private readonly ?string $appUrl = null,
#[Autowire(param: 'app.debrid.real_debrid.key')]
private readonly ?string $realDebridApiKey = null,
#[Autowire(param: 'app.meta_provider.tmdb.key')]
private readonly ?string $tmdbApiKey = null,
#[Autowire(param: 'media.movies_path')]
private readonly ?string $moviesPath = null,
#[Autowire(param: 'media.tvshows.path')]
private readonly ?string $tvshowsPath = null,
#[Autowire(param: 'auth.method')]
private readonly ?string $authMethod = null,
#[Autowire(param: 'auth.oidc.well_known_url')]
private readonly ?string $authOidcWellKnownUrl = null,
#[Autowire(param: 'auth.oidc.client_id')]
private readonly ?string $authOidcClientId = null,
#[Autowire(param: 'auth.oidc.client_secret')]
private readonly ?string $authOidcClientSecret = null,
#[Autowire(param: 'auth.oidc.bypass_form_login')]
private ?bool $authOidcBypassFormLogin = null,
private readonly LoggerInterface $logger,
private readonly TagAwareCacheInterface $cache,
private readonly AuthConfig $authConfig,
private readonly SmtpConfig $smtpConfig,
private readonly AppConfig $appConfig,
) {}
public function validate(): bool
{
if ("prod" === strtolower($this->appConfig->getAppEnv())) {
return $this->cache->get('app.valid_config', function () {
return $this->doValidate();
});
} else {
return $this->doValidate();
}
}
private function doValidate(): bool
{
$valid = true;
if (null === $this->realDebridApiKey || "" === $this->realDebridApiKey) {
$this->messages[] = "Your Real Debrid API key is missing. Please set it to the 'REAL_DEBRID_KEY' environment variable.";
if (false === $this->appConfig->isValid()) {
$this->messages += $this->appConfig->getMessages();
$valid = false;
}
if (null === $this->tmdbApiKey || "" === $this->tmdbApiKey) {
$this->messages[] = "Your TMDB API key is missing. Please set it to the 'TMDB_API' environment variable.";
if (false === $this->authConfig->isValid()) {
$this->messages += $this->authConfig->getMessages();
$valid = false;
}
if (false === $this->smtpConfig->isValid()) {
$this->messages += $this->smtpConfig->getMessages();
$valid = false;
}
if (false === $valid) {
foreach ($this->messages as $message) {
$this->logger->error('> [ConfigResolver] ' . $message);
}
}
return $valid;
}
@@ -62,34 +64,18 @@ final class ConfigResolver
return $this->messages;
}
public function getAuthConfig(): AuthConfig
{
return $this->authConfig;
}
public function authIs(string $method): bool
{
if (strtolower($method) === strtolower($this->getAuthMethod())) {
return true;
}
return false;
return $this->authConfig->isMethod($method);
}
public function getAuthMethod(): string
{
return strtolower($this->authMethod);
}
public function bypassFormLogin(): bool
{
return $this->authOidcBypassFormLogin;
}
public function getAuthConfig(): array
{
return [
'method' => $this->authMethod,
'oidc' => [
'well_known_url' => $this->authOidcWellKnownUrl,
'client_id' => $this->authOidcClientId,
'client_secret' => $this->authOidcClientSecret,
'bypass_form_login' => $this->authOidcBypassFormLogin,
]
];
return $this->authConfig->getAuthMethod();
}
}

24
src/Base/Framework/EventListener/KernelRequestValidateConfig.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
namespace App\Base\Framework\EventListener;
use App\Base\ConfigResolver;
use App\Base\Service\Broadcaster;
use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
use Symfony\Component\HttpKernel\Event\RequestEvent;
final class KernelRequestValidateConfig
{
public function __construct(
private readonly ConfigResolver $configResolver,
private readonly Broadcaster $broadcaster,
) {}
#[AsEventListener(event: 'kernel.request', priority: 20)]
public function validateConfig(RequestEvent $event): void
{
if (false === $this->configResolver->validate()) {
$this->broadcaster->systemAlert('Ruh-roh', 'It looks like your system is misconfigured. Please search the application logs for strings starting with "[error] > [ConfigResolver]" to find more information.');
}
}
}

17
src/Base/Service/Broadcaster.php
View File

@@ -15,7 +15,8 @@ readonly class Broadcaster
private Environment $renderer,
private HubInterface $hub,
private RequestStack $requestStack,
) {}
) {
}
public function alert(string $title, string $message, string $type = "success"): void
{
@@ -31,4 +32,18 @@ readonly class Broadcaster
);
$this->hub->publish($update);
}
public function systemAlert(string $title, string $message, string $type = "warning"): void
{
$update = new Update(
'system_alerts',
$this->renderer->render('broadcast/Alert.stream.html.twig', [
'alert_id' => uniqid(),
'title' => $title,
'message' => $message,
'type' => $type,
])
);
$this->hub->publish($update);
}
}

2
src/User/Framework/Controller/Web/LoginController.php
View File

@@ -22,7 +22,7 @@ class LoginController extends AbstractController
return $this->redirectToRoute('app_getting_started');
}
if ($config->authIs('oidc') && $config->bypassFormLogin()) {
if ($config->authIs('oidc') && true === $config->getAuthConfig()->getOidcConfig()->getBypassFormLogin()) {
return $this->redirectToRoute('app_login_oidc');
}

5
src/User/Framework/Controller/Web/LoginOidcController.php
View File

@@ -3,6 +3,7 @@
namespace App\User\Framework\Controller\Web;
use App\Base\ConfigResolver;
use App\Base\Service\Broadcaster;
use Drenso\OidcBundle\OidcClientInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Bundle\SecurityBundle\Security;
@@ -15,13 +16,15 @@ class LoginOidcController extends AbstractController
public function __construct(
private ConfigResolver $configResolver,
private Broadcaster $broadcaster,
) {}
#[Route('/login/oidc', name: 'app_login_oidc')]
public function oidcStart(OidcClientInterface $oidcClient): RedirectResponse
{
if (false === $this->configResolver->authIs('oidc')) {
throw new \Exception('You must configure the OIDC environment variables before logging in at this route.');
$this->broadcaster->systemAlert('Your authentication must be set to "oidc" in order to login with OIDC.', 'warning');
return $this->redirectToRoute('app_login');
}
// Redirect to authorization @ OIDC provider

6
src/User/Framework/Security/OidcUserProvider.php
View File

@@ -4,13 +4,9 @@ namespace App\User\Framework\Security;
use App\User\Framework\Entity\User;
use App\User\Framework\Repository\UserRepository;
use Drenso\OidcBundle\Exception\OidcException;
use Drenso\OidcBundle\Model\OidcTokens;
use Drenso\OidcBundle\Model\OidcUserData;
use Drenso\OidcBundle\Security\UserProvider\OidcUserProviderInterface;
use Symfony\Component\PasswordHasher\PasswordHasherInterface;
use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Symfony\Component\Security\Core\Exception\UserNotFoundException;
use Symfony\Component\Security\Core\User\OidcUser;
use Symfony\Component\Security\Core\User\UserInterface;
@@ -47,7 +43,7 @@ class OidcUserProvider implements OidcUserProviderInterface
public function supportsClass(string $class): bool
{
return User::class === $class || OidcUser::class === $class;
return User::class === $class || OidcUser::class === $class || is_subclass_of($class, User::class);
}
public function loadUserByIdentifier(string $identifier): UserInterface

12
templates/bare.html.twig
View File

@@ -23,5 +23,17 @@
<span class="text-sm">v{{ version }}</span>
</div>
</div>
<div {{ turbo_stream_listen('system_alerts') }} class="fixed z-40 top-10 right-10">
<div class="z-40">
<ul id="alert_list" class="flex flex-col gap-2">
{% for message in app.flashes('warning') %}
<twig:Alert :title="'Warning'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
{% endfor %}
{% for message in app.flashes('success') %}
<twig:Alert :title="'Success'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
{% endfor %}
</ul>
</div>
</div>
</body>
</html>

12
templates/components/Header.html.twig
View File

@@ -26,6 +26,18 @@
</div>
</div>
</div>
<div {{ turbo_stream_listen('system_alerts') }} class="fixed z-40 top-10 right-10">
<div class="z-40">
<ul id="alert_list" class="flex flex-col gap-2">
{% for message in app.flashes('system_warning') %}
<twig:Alert :title="'Warning'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
{% endfor %}
{% for message in app.flashes('system_success') %}
<twig:Alert :title="'Success'" :message="message" :alert_id="''" type="warning" data-controller="alert" />
{% endfor %}
</ul>
</div>
</div>
<div {{ turbo_stream_listen(app.session.get('mercure_alert_topic')) }} class="fixed z-40 top-10 right-10">
<div class="z-40">
<ul id="alert_list" class="flex flex-col gap-2">