create separated Security package from web package

Author: Machometec

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 DevNet Framework
+Copyright (c) DevNet Framework
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -0,0 +1,22 @@
+# DevNet Security
+This dependency is the web security library of **DevNet Framework**, which includes the following web components:
+
+- Authentication
+- Authorization
+- CSRF Prevention
+
+## Requirements
+- [DevNet Core](https://github.com/DevNet-Framework/core/) version 1.0
+- [Composer](https://getcomposer.org/) version 2.0 or higher
+
+## Installation
+You can install DevNet Security as a third-party library to any PHP project, by running the following command in the terminal:
+```
+composer require devnet/security
+```
+
+## Documentation
+Full documentation on how to use **DevNet Framework** is available at [devnet-framework.github.io](https://devnet-framework.github.io)
+
+## License
+This library is licensed under the MIT license. See [License File](https://github.com/DevNet-Framework/web/blob/master/LICENSE) in the root folder for more information.

composer.json

@@ -0,0 +1,21 @@
+{
+    "name": "devnet/security",
+    "description": "The DevNet Web Security Library",
+    "type": "library",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Mohammed Moussaoui",
+            "email": "[email protected]"
+        }
+    ],
+    "require": {
+        "php": "^8.1",
+        "devnet/system": "1.1.*"
+    },
+    "autoload": {
+        "psr-4": {
+            "DevNet\\Security\\": "lib/"
+        }
+    }
+}

lib/Authentication/Authentication.php

@@ -0,0 +1,91 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication;
+
+use DevNet\System\PropertyTrait;
+use DevNet\Security\Claims\ClaimsIdentity;
+use Exception;
+
+class Authentication implements IAuthentication
+{
+    use PropertyTrait;
+
+    private array $handlers;
+
+    public function __construct(array $handlers)
+    {
+        $this->handlers = $handlers;
+    }
+
+    public function get_Schemes(): array
+    {
+        return array_keys($this->handlers);
+    }
+
+    public function get_Handlers(): array
+    {
+        return $this->handlers;
+    }
+
+    public function authenticate(?string $scheme = null): AuthenticationResult
+    {
+        // get handler by scheme else get the first handler.
+        $handler = $this->handlers[$scheme] ?? reset($this->handlers);
+
+        if ($handler) {
+            return $handler->authenticate();
+        }
+
+        return new AuthenticationResult(new Exception("The authentication handler is missing!"));
+    }
+
+    public function signIn(ClaimsIdentity $user, bool $isPersistent = false, ?string $scheme = null): void
+    {
+        $authenticationHandler = $this->handlers[$scheme] ?? null;
+        if ($authenticationHandler) {
+            if (!$authenticationHandler instanceof IAuthenticationSigningHandler) {
+                throw new Exception("The requested authentication handler must be of type IAuthenticationSigningHandler");
+            }
+        } else {
+            foreach ($this->handlers as $handler) {
+                if ($handler instanceof IAuthenticationSigningHandler) {
+                    $authenticationHandler = $handler;
+                    break;
+                }
+            }
+            if (!$authenticationHandler) {
+                throw new Exception("No IAuthenticationSigningHandler is registered!");
+            }
+        }
+
+        $authenticationHandler->signIn($user, $isPersistent);
+    }
+
+    public function signOut(?string $scheme = null): void
+    {
+        $authenticationHandler = $this->handlers[$scheme] ?? null;
+        if ($authenticationHandler) {
+            if (!$authenticationHandler instanceof IAuthenticationSigningHandler) {
+                throw new Exception("The requested authentication handler must be of type IAuthenticationSigningHandler");
+            }
+        } else {
+            foreach ($this->handlers as $handler) {
+                if ($handler instanceof IAuthenticationSigningHandler) {
+                    $authenticationHandler = $handler;
+                    break;
+                }
+            }
+            if (!$authenticationHandler) {
+                throw new Exception("No IAuthenticationSigningHandler is registered!");
+            }
+        }
+
+        $authenticationHandler->signOut();
+    }
+}

lib/Authentication/AuthenticationBuilder.php

@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication;
+
+use DevNet\Security\Authentication\JwtBearer\JwtBearerHandler;
+use DevNet\Security\Authentication\JwtBearer\JwtBearerOptions;
+use DevNet\Security\Authentication\Cookies\AuthenticationCookieHandler;
+use DevNet\Security\Authentication\Cookies\AuthenticationCookieOptions;
+use Closure;
+
+class AuthenticationBuilder
+{
+    private array $authentications;
+
+    public function addCookie(string $authenticationScheme = AuthenticationScheme::CookieSession, Closure $configuration = null): void
+    {
+        $options = new AuthenticationCookieOptions();
+        if ($configuration) {
+            $configuration($options);
+        }
+
+        $this->authentications[$authenticationScheme] = new AuthenticationCookieHandler($options);
+    }
+
+    public function addJwtBearer(string $authenticationScheme = AuthenticationScheme::JwtBearer, Closure $configuration = null): void
+    {
+        $options = new JwtBearerOptions();
+        if ($configuration) {
+            $configuration($options);
+        }
+
+        $this->authentications[$authenticationScheme] = new JwtBearerHandler($options);
+    }
+
+    public function build(): Authentication
+    {
+        return new Authentication($this->authentications);
+    }
+}

lib/Authentication/AuthenticationException.php

@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication;
+
+use DevNet\Http\Message\HttpException;
+
+class AuthenticationException extends HttpException
+{
+}

lib/Authentication/AuthenticationResult.php

@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication;
+
+use DevNet\System\PropertyTrait;
+use DevNet\Security\Claims\ClaimsIdentity;
+use Exception;
+
+class AuthenticationResult
+{
+    use PropertyTrait;
+    
+    private ?ClaimsIdentity $identity = null;
+    private ?Exception $error = null;
+
+    public function __construct(object $result)
+    {
+        if ($result instanceof ClaimsIdentity) {
+            $this->identity = $result;
+        } else if ($result instanceof Exception) {
+            $this->error = $result;
+        }
+    }
+
+    public function get_Identity(): ?ClaimsIdentity
+    {
+        return $this->identity;
+    }
+
+    public function get_Error(): ?Exception
+    {
+        return $this->error;
+    }
+
+    public function isSucceeded(): bool
+    {
+        return $this->identity ? true : false;
+    }
+
+    public function isFailed(): bool
+    {
+        return $this->error ? true : false;
+    }
+}

lib/Authentication/AuthenticationScheme.php

@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication;
+
+class AuthenticationScheme
+{
+    public const CookieSession = 'CookieSession';
+    public const JwtBearer     = 'JwtBearer';
+}

lib/Authentication/Cookies/AuthenticationCookieHandler.php

@@ -0,0 +1,77 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication\Cookies;
+
+use DevNet\System\TimeSpan;
+use DevNet\System\PropertyTrait;
+use DevNet\Security\Session;
+use DevNet\Security\Authentication\AuthenticationResult;
+use DevNet\Security\Authentication\IAuthenticationHandler;
+use DevNet\Security\Authentication\IAuthenticationSigningHandler;
+use DevNet\Security\Claims\ClaimsIdentity;
+use Exception;
+
+class AuthenticationCookieHandler implements IAuthenticationHandler, IAuthenticationSigningHandler
+{
+    use PropertyTrait;
+
+    private AuthenticationCookieOptions $options;
+    private Session $session;
+
+    public function __construct(AuthenticationCookieOptions $options)
+    {
+        $this->options = $options;
+        $this->session = new Session($options->CookieName, $options->CookiePath);
+
+        if (!$this->options->ExpireTime) {
+            $this->options->ExpireTime = new TimeSpan();
+        }
+    }
+
+    public function get_Options(): AuthenticationCookieOptions
+    {
+        return $this->options;
+    }
+
+    public function get_Session(): Session
+    {
+        return $this->session;
+    }
+
+    public function authenticate(): AuthenticationResult
+    {
+        if ($this->session->isSet()) {
+            $this->session->start();
+            $identity = $this->session->get(ClaimsIdentity::class);
+
+            if ($identity) {
+                return new AuthenticationResult($identity);
+            }
+        }
+
+        return new AuthenticationResult(new Exception("Session cookie dose not have ClaimsIdentity data"));
+    }
+
+    public function signIn(ClaimsIdentity $user, bool $isPersistent = false): void
+    {
+        if ($isPersistent) {
+            $this->session->setOptions(['cookie_lifetime' => (int) $this->options->ExpireTime->TotalSeconds]);
+        } else {
+            $this->session->setOptions(['cookie_lifetime' => 0]);
+        }
+
+        $this->session->start();
+        $this->session->set(ClaimsIdentity::class, $user);
+    }
+
+    public function signOut(): void
+    {
+        $this->session->destroy();
+    }
+}

lib/Authentication/Cookies/AuthenticationCookieOptions.php

@@ -0,0 +1,30 @@
+<?php
+
+/**
+ * @author      Mohammed Moussaoui
+ * @license     MIT license. For more license information, see the LICENSE file in the root directory.
+ * @link        https://github.com/DevNet-Framework
+ */
+
+namespace DevNet\Security\Authentication\Cookies;
+
+use DevNet\System\TimeSpan;
+
+class AuthenticationCookieOptions
+{
+    public string $CookieName    = "Identity";
+    public string $CookiePath    = "/";
+    public ?TimeSpan $ExpireTime = null;
+
+    public function __construct(string $cookieName = 'Identity', string $cookiePath = '/', ?TimeSpan $expireTime = null)
+    {
+        $this->CookieName = $cookieName;
+        $this->CookiePath = $cookiePath;
+
+        $this->CookieName = $this->CookieName . "-" . md5($this->CookieName . $_SERVER['DOCUMENT_ROOT']);
+
+        if (!$expireTime) {
+            $this->ExpireTime = TimeSpan::fromDays(7);
+        }
+    }
+}