Koha/OAuth.pm

   1 package Koha::OAuth;
   2
   3 use Modern::Perl;
   4 use Koha::OAuthAccessTokens;
   5 use Koha::OAuthAccessToken;
   6
   7 sub config {
   8     return {
   9         verify_client_cb => \&_verify_client_cb,
  10         store_access_token_cb => \&_store_access_token_cb,
  11         verify_access_token_cb => \&_verify_access_token_cb
  12     };
  13 }
  14
  15 sub _verify_client_cb {
  16     my (%args) = @_;
  17
  18     my ($client_id, $client_secret)
  19         = @args{ qw/ client_id client_secret / };
  20
  21     return (0, 'unauthorized_client') unless $client_id;
  22
  23     my $clients = C4::Context->config('api_client');
  24     $clients = [ $clients ] unless ref $clients eq 'ARRAY';
  25     my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
  26     return (0, 'unauthorized_client') unless $client;
  27
  28     return (0, 'access_denied') unless $client_secret eq $client->{client_secret};
  29
  30     return (1, undef, []);
  31 }
  32
  33 sub _store_access_token_cb {
  34     my ( %args ) = @_;
  35
  36     my ( $client_id, $access_token, $expires_in )
  37         = @args{ qw/ client_id access_token expires_in / };
  38
  39     my $at = Koha::OAuthAccessToken->new({
  40         access_token  => $access_token,
  41         expires       => time + $expires_in,
  42         client_id     => $client_id,
  43     });
  44     $at->store;
  45
  46     return;
  47 }
  48
  49 sub _verify_access_token_cb {
  50     my (%args) = @_;
  51
  52     my $access_token = $args{access_token};
  53
  54     my $at = Koha::OAuthAccessTokens->find($access_token);
  55     if ($at) {
  56         if ( $at->expires <= time ) {
  57             # need to revoke the access token
  58             $at->delete;
  59
  60             return (0, 'invalid_grant')
  61         }
  62
  63         return $at->unblessed;
  64     }
  65
  66     return (0, 'invalid_grant')
  67 };
  68
  69 1;