feat(auth): add OAuth installer (#1674)

Co-authored-by: Brent Roose <[email protected]>

Author: Bapawe

docs/2-features/17-oauth.md

@@ -12,7 +12,21 @@ This implementation is built on top of the PHP league's [OAuth client](https://g
 
 ## Getting started
 
-To get started with OAuth, you will first need to create a configuration file for your desired OAuth provider.
+Tempest provides an installer to quickly set up OAuth in your project. You can run the installer using the following command:
+
+```sh
+./tempest install auth --oauth
+```
+
+The installer will:
+- Prompt you to select one or more OAuth providers from the available options
+- Publish the necessary configuration files and controller stubs
+- Optionally add the OAuth credentials to your `.env` and `.env.example` files
+- Optionally install the required Composer dependencies for the selected providers
+
+This is the quickest way to get started with OAuth in your Tempest application.
+
+Alternatively, you can manually create a configuration file for your desired OAuth provider.
 
 Tempest provides a [different configuration object for each provider](#available-providers). For instance, if you wish to authenticate users with GitHub, you may create a `github.config.php` file returning an instance of {b`Tempest\Auth\OAuth\Config\GitHubOAuthConfig`}:
 

packages/auth/src/Exceptions/OAuthProviderWasMissing.php

@@ -4,14 +4,8 @@
 
 namespace Tempest\Auth\Exceptions;
 
-use AdamPaterson\OAuth2\Client\Provider\Slack;
 use Exception;
-use League\OAuth2\Client\Provider\Apple;
-use League\OAuth2\Client\Provider\Facebook;
-use League\OAuth2\Client\Provider\Instagram;
-use League\OAuth2\Client\Provider\LinkedIn;
-use Stevenmaguire\OAuth2\Client\Provider\Microsoft;
-use Wohali\OAuth2\Client\Provider\Discord;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
 
 final class OAuthProviderWasMissing extends Exception implements AuthenticationException
 {
@@ -28,15 +22,6 @@ public function __construct(
 
     private function getPackageName(): ?string
     {
-        return match ($this->missing) {
-            Facebook::class => 'league/oauth2-facebook',
-            Instagram::class => 'league/oauth2-instagram',
-            LinkedIn::class => 'league/oauth2-linkedin',
-            Apple::class => 'patrickbussmann/oauth2-apple',
-            Microsoft::class => 'stevenmaguire/oauth2-microsoft',
-            Discord::class => 'wohali/oauth2-discord-new',
-            Slack::class => 'adam-paterson/oauth2-slack',
-            default => null,
-        };
+        return SupportedOAuthProvider::tryFrom($this->missing)?->composerPackage();
     }
 }

packages/auth/src/Installer/AuthenticationInstaller.php

@@ -40,6 +40,10 @@ public function install(): void
                     migration: $this->container->get(to_fqcn($migration, root: root_path())),
                 );
             }
+
+            if ($this->shouldInstallOAuth()) {
+                $this->container->get(OAuthInstaller::class)->install();
+            }
         }
 
         private function shouldMigrate(): bool
@@ -52,5 +56,16 @@ private function shouldMigrate(): bool
 
             return (bool) $argument->value;
         }
+
+        private function shouldInstallOAuth(): bool
+        {
+            $argument = $this->consoleArgumentBag->get('oauth');
+
+            if ($argument === null || ! is_bool($argument->value)) {
+                return $this->console->confirm('Do you want to install OAuth?', default: false);
+            }
+
+            return (bool) $argument->value;
+        }
     }
 }

packages/auth/src/Installer/OAuthInstaller.php

@@ -0,0 +1,178 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\Installer;
+
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+use Tempest\Core\PublishesFiles;
+use Tempest\Process\ProcessExecutor;
+use Tempest\Support\Filesystem\Exceptions\PathWasNotFound;
+use Tempest\Support\Filesystem\Exceptions\PathWasNotReadable;
+use Tempest\Support\Str\ImmutableString;
+
+use function Tempest\root_path;
+use function Tempest\src_path;
+use function Tempest\Support\arr;
+use function Tempest\Support\Filesystem\read_file;
+use function Tempest\Support\Namespace\to_fqcn;
+use function Tempest\Support\str;
+
+final class OAuthInstaller
+{
+    use PublishesFiles;
+
+    public function __construct(
+        private readonly ProcessExecutor $processExecutor,
+    ) {}
+
+    public function install(): void
+    {
+        $providers = $this->getProviders();
+
+        if (count($providers) === 0) {
+            return;
+        }
+
+        $this->publishStubs(...$providers);
+
+        if ($this->confirm('Would you like to add the OAuth config variables to your .env file?', default: true)) {
+            $this->updateEnvFile(...$providers);
+        }
+
+        if ($this->confirm('Install composer dependencies?', default: true)) {
+            $this->installComposerDependencies(...$providers);
+        }
+
+        $this->console->instructions([
+            sprintf('<strong>The selected OAuth %s installed in your project</strong>', count($providers) > 1 ? 'providers are' : 'provider is'),
+            '',
+            'Next steps:',
+            '1. Update the .env file with your OAuth credentials',
+            '2. Implement the OAuth controller callback method',
+            '3. Review and customize the published files if needed',
+            '',
+            '<strong>Published files</strong>',
+            ...arr($this->publishedFiles)->map(fn (string $file) => '<style="fg-green">→</style> ' . $file),
+        ]);
+    }
+
+    /**
+     * @return list<SupportedOAuthProvider>
+     */
+    private function getProviders(): array
+    {
+        return $this->ask(
+            question: 'Please choose an OAuth provider',
+            options: SupportedOAuthProvider::cases(),
+            multiple: true,
+        );
+    }
+
+    private function publishStubs(SupportedOAuthProvider ...$providers): void
+    {
+        foreach ($providers as $provider) {
+            $this->publishController($provider);
+
+            $this->publishConfig($provider);
+
+            $this->publishImports();
+        }
+    }
+
+    private function publishConfig(SupportedOAuthProvider $provider): void
+    {
+        $name = strtolower($provider->name);
+        $source = __DIR__ . "/../Installer/oauth/{$name}.config.stub.php";
+
+        $this->publish(
+            source: $source,
+            destination: src_path("Authentication/OAuth/{$name}.config.php"),
+        );
+    }
+
+    private function publishController(SupportedOAuthProvider $provider): void
+    {
+        $fileName = str($provider->value)
+            ->classBasename()
+            ->replace('Provider', '')
+            ->append('Controller.php')
+            ->toString();
+
+        $this->publish(
+            source: __DIR__ . '/oauth/OAuthControllerStub.php',
+            destination: src_path("Authentication/OAuth/{$fileName}"),
+            callback: function (string $source, string $destination) use ($provider) {
+                $providerFqcn = $provider::class;
+                $name = strtolower($provider->name);
+                $userModelFqcn = to_fqcn(src_path('Authentication/User.php'), root: root_path());
+
+                $this->update(
+                    path: $destination,
+                    callback: fn (ImmutableString $contents) => $contents->replace(
+                        search: [
+                            "'tag_name'",
+                            'redirect-route',
+                            'callback-route',
+                            "'user-model-fqcn'",
+                            'provider_db_column',
+                        ],
+                        replace: [
+                            "\\{$providerFqcn}::{$provider->name}",
+                            "/auth/{$name}",
+                            "/auth/{$name}/callback",
+                            "\\{$userModelFqcn}::class",
+                            "{$name}_id",
+                        ],
+                    ),
+                );
+            },
+        );
+    }
+
+    private function installComposerDependencies(SupportedOAuthProvider ...$providers): void
+    {
+        $packages = arr($providers)
+            ->map(fn (SupportedOAuthProvider $provider) => $provider->composerPackage())
+            ->filter();
+
+        if ($packages->isNotEmpty()) {
+            $this->processExecutor->run("composer require {$packages->implode(' ')}");
+        }
+    }
+
+    private function updateEnvFile(SupportedOAuthProvider ...$providers): void
+    {
+        arr($providers)
+            ->map(fn (SupportedOAuthProvider $provider) => $this->extractSettings($provider))
+            ->filter()
+            ->flatten()
+            ->each(function (string $setting) {
+                foreach (['.env', '.env.example'] as $envFile) {
+                    $this->update(
+                        path: root_path($envFile),
+                        callback: static fn (ImmutableString $contents): ImmutableString => $contents->contains($setting)
+                            ? $contents
+                            : $contents->append(PHP_EOL, "{$setting}="),
+                        ignoreNonExisting: true,
+                    );
+                }
+            });
+    }
+
+    private function extractSettings(SupportedOAuthProvider $provider): array
+    {
+        $name = strtolower($provider->name);
+        $configPath = __DIR__ . "/../Installer/oauth/{$name}.config.stub.php";
+
+        try {
+            return str(read_file($configPath))
+                ->matchAll("/env\('(OAUTH_[^']*)'/", matches: 1)
+                ->map(fn (array $matches) => $matches[1] ?? null)
+                ->filter()
+                ->toArray();
+        } catch (PathWasNotFound|PathWasNotReadable) {
+            return [];
+        }
+    }
+}

packages/auth/src/Installer/oauth/OAuthControllerStub.php

@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\Installer\oauth;
+
+use Tempest\Auth\Authentication\Authenticatable;
+use Tempest\Auth\OAuth\OAuthClient;
+use Tempest\Auth\OAuth\OAuthUser;
+use Tempest\Container\Tag;
+use Tempest\Discovery\SkipDiscovery;
+use Tempest\Http\Request;
+use Tempest\Http\Responses\Redirect;
+use Tempest\Router\Get;
+
+use function Tempest\Database\query;
+
+#[SkipDiscovery]
+final readonly class OAuthControllerStub
+{
+    public function __construct(
+        #[Tag('tag_name')]
+        private OAuthClient $oauth,
+    ) {}
+
+    #[Get('redirect-route')]
+    public function redirect(): Redirect
+    {
+        return $this->oauth->createRedirect();
+    }
+
+    #[Get('callback-route')]
+    public function callback(Request $request): Redirect
+    {
+        // TODO: implement, the code below is an example
+
+        $this->oauth->authenticate(
+            request: $request,
+            map: fn (OAuthUser $user): Authenticatable => query('user-model-fqcn')->updateOrCreate([
+                'provider_db_column' => $user->id,
+            ], [
+                'provider_db_column' => $user->id,
+                'username' => $user->nickname,
+                'email' => $user->email,
+            ]),
+        );
+
+        return new Redirect('/');
+    }
+}

packages/auth/src/Installer/oauth/apple.config.stub.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+use Tempest\Auth\OAuth\Config\AppleOAuthConfig;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+
+use function Tempest\env;
+
+return new AppleOAuthConfig(
+    clientId: env('OAUTH_APPLE_CLIENT_ID') ?? '',
+    teamId: env('OAUTH_APPLE_TEAM_ID') ?? '',
+    keyId: env('OAUTH_APPLE_KEY_ID') ?? '',
+    keyFile: env('OAUTH_APPLE_KEY_FILE') ?? '',
+    redirectTo: [\Tempest\Auth\Installer\oauth\OAuthControllerStub::class, 'callback'],
+    tag: SupportedOAuthProvider::APPLE,
+);

packages/auth/src/Installer/oauth/discord.config.stub.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+use Tempest\Auth\OAuth\Config\DiscordOAuthConfig;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+
+use function Tempest\env;
+
+return new DiscordOAuthConfig(
+    clientId: env('OAUTH_DISCORD_CLIENT_ID') ?? '',
+    clientSecret: env('OAUTH_DISCORD_CLIENT_SECRET') ?? '',
+    redirectTo: [\Tempest\Auth\Installer\oauth\OAuthControllerStub::class, 'callback'],
+    tag: SupportedOAuthProvider::DISCORD,
+);

packages/auth/src/Installer/oauth/facebook.config.stub.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+use Tempest\Auth\OAuth\Config\FacebookOAuthConfig;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+
+use function Tempest\env;
+
+return new FacebookOAuthConfig(
+    clientId: env('OAUTH_FACEBOOK_CLIENT_ID') ?? '',
+    clientSecret: env('OAUTH_FACEBOOK_CLIENT_SECRET') ?? '',
+    redirectTo: [\Tempest\Auth\Installer\oauth\OAuthControllerStub::class, 'callback'],
+    tag: SupportedOAuthProvider::FACEBOOK,
+);

packages/auth/src/Installer/oauth/generic.config.stub.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+use Tempest\Auth\OAuth\Config\GenericOAuthConfig;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+
+use function Tempest\env;
+
+return new GenericOAuthConfig(
+    clientId: env('OAUTH_GENERIC_CLIENT_ID') ?? '',
+    clientSecret: env('OAUTH_GENERIC_CLIENT_SECRET') ?? '',
+    redirectTo: [\Tempest\Auth\Installer\oauth\OAuthControllerStub::class, 'callback'],
+    urlAuthorize: env('OAUTH_GENERIC_URL_AUTHORIZE') ?? '',
+    urlAccessToken: env('OAUTH_GENERIC_URL_ACCESS_TOKEN') ?? '',
+    urlResourceOwnerDetails: env('OAUTH_GENERIC_URL_RESOURCE_OWNER_DETAILS') ?? '',
+    tag: SupportedOAuthProvider::GENERIC,
+);

packages/auth/src/Installer/oauth/github.config.stub.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+use Tempest\Auth\OAuth\Config\GitHubOAuthConfig;
+use Tempest\Auth\OAuth\SupportedOAuthProvider;
+
+use function Tempest\env;
+
+return new GitHubOAuthConfig(
+    clientId: env('OAUTH_GITHUB_CLIENT_ID') ?? '',
+    clientSecret: env('OAUTH_GITHUB_CLIENT_SECRET') ?? '',
+    redirectTo: [\Tempest\Auth\Installer\oauth\OAuthControllerStub::class, 'callback'],
+    tag: SupportedOAuthProvider::GITHUB,
+);