WrenchBoradWeb/www-api/app/Controllers/WrenchOauth.php

<?php

namespace App\Controllers;
use CodeIgniter\API\ResponseTrait;

class WrenchOauth extends BaseController
{
    protected $db;
    public $con_name = 'wrench_blog';
    use ResponseTrait;
    protected $request;
    public function __construct()
    {
        $this->request = $request = \Config\Services::request();
    }

    public function index()
    {
       $envID = getenv('ENV_ID');
    }

    public function endPointList(){

        $endpoints = [
            'authstart' => ['POST'],
            'authlogin' => ['POST'],
        ];

        return $endpoints;
    }

    public function apigate(){
        log_message('critical', "Oauth-Gate");
        header('Access-Control-Allow-Origin: *');
        log_message('critical', "0002");
        $call_backend =  true;

        header("Access-Control-Allow-Headers: Origin, X-API-KEY, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Allow-Headers, Authorization, observe, enctype, Content-Length, X-Csrf-Token");
        log_message('critical', "0003");
        header("Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS");
        header("Access-Control-Allow-Credentials: true");
        header("Access-Control-Max-Age: 3600");
        header('content-type: application/json; charset=utf-8');
        $method = $_SERVER['REQUEST_METHOD'];
        if ($method == "OPTIONS") {
            header("HTTP/1.1 200 OK CORS");
            log_message('critical', " apigate()-> OPTIONS DIE*****" );
            die();
        }

        //$request = service('request');
        // what is the endpoint
        $uri = urldecode(current_url(true));
        $findme = '?';
        $pos = strpos($uri, $findme);
        if ($pos > 5) {
            $uri = substr($uri, 0, $pos);
        }
        log_message('critical', "API-GATE URI -> ".$uri );
        $pieces = explode('/', $uri);
        $psc = count($pieces);

        $endpoint = $psc > 0 ? $pieces[$psc - 1] : '';
        log_message('critical', "Enpoint-> ".$endpoint );

        $endpoints =  $this->endPointList();
        $out = array();
        $res1 = [];
        if (array_key_exists($endpoint, $endpoints)) {
        } else {
            http_response_code(404);
            // tell the user product does not exist
            return json_encode([
                'message' => 'Endpoint not found.',
                'URI' => $uri,
            ]);
        }

        //  echo "EXYTACT INPUT DATA HERE";
        $raw_json = file_get_contents('php://input');
        $raw_array = json_decode($raw_json, true);

        $local_out =[];
        if ($_SERVER["REQUEST_METHOD"] == "POST") {  // if upload lets modify all the data
            if (isset($_FILES) && is_array($_FILES) && count($_FILES)>0)    {
                $raw_array = array_merge($_POST,$_FILES);
            }
        }

        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
            log_message('critical', "Enpoint LOC2 HERE -> ".$endpoint );
            $get_param = $_GET['reqData'] ?? null;
            $raw_array = ($get_param!=null) ? json_decode($get_param, true):[];
        }
        //$in = $raw_array;
        log_message('critical', "wrenchboard_api-CALL RAW DATA".serialize($raw_array) );
        //-- move to another module start


        $in["loc"] = $_SERVER["REMOTE_ADDR"];
        $in  = $this->prepareOauthEndPointData($endpoint, $raw_array,$call_backend,$local_out);
        log_message('critical', "wrenchboard_api-CALL PREPARE DATA".serialize($in) );


        if ( $call_backend ==  true  && $in["action"] !='' ){
            $wrenchboard = new  \App\Models\BackendModel();
            $ret = $wrenchboard->wrenchboard_api($in, $out);
            $out['internal_return'] = $ret;
        }
        else
        {
            $out =  $local_out;
        }

        //$this->doCacheStep($in, $out);
        return json_encode( ( new \App\Models\ResultFormatter() )->processOutJson($in, $out));

    }

    private function gooleOAuthCodeExchange($in, &$local_out) {
        /*
        POST /token HTTP/1.1
        Host: oauth2.googleapis.com
        Content-Type: application/x-www-form-urlencoded

        code=4/P7q7W91a-oMsCeLvIaQm6bTrgtp7&
        client_id=your_client_id&
        client_secret=your_client_secret&
        redirect_uri=https%3A//oauth2.example.com/code&
        grant_type=authorization_code
        */

        $data = [
            "code" => $in["code"],
            "client_id" => $this->getSiteConfigurations("google.google_client_id"),
            "client_secret" => $this->getSiteConfigurations("google.google_client_secret"),
            "redirect_uri" => $in["redirect_uri"],
            "grant_type" => "authorization_code"
        ];
        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL,"https://oauth2.googleapis.com/token");
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
        // Receive server response ...
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        $server_output = curl_exec($ch);

        curl_close($ch);

        $local_out = json_decode($server_output,true);

        if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
             $local_out["message"] = "Received from Google token API: ".$server_output;
        }
    }

    private function gooleOAuthGetUser($access_token, &$local_out) {

        $urlInfp = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=" . $access_token;

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL,$urlInfp);
        //curl_setopt($ch, CURLOPT_POST, 1);
        //curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
        // Receive server response ...
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        $server_output = curl_exec($ch);

        curl_close($ch);

        $local_out = json_decode($server_output,true);

        if (!is_array($local_out) || !array_key_exists("message",$local_out)) {
            $local_out["message"] = "Received from Google token API: ".$server_output;
        }
        return $local_out;
    }
    private function prepareOauthEndPointData($endpoint, $in, &$call_backend=true,&$local_out=[]){
        log_message('critical', "Started prepareOauthEndPointData -> ".$endpoint );
        switch ($endpoint) {
            case 'authstart':
                // may not need to call back end , juet get the configurations
                switch($in["auth_type"]){
                    case 'GOOGLE':
                      log_message('critical', "Reading prepareOauthEndPointData -> ".$endpoint );
                      $this->gooleOAuthCodeExchange($in, $local_out);
                        log_message('critical', "LET SEEEEE TOKEN prepareOauthEndPointData -> ".$local_out["access_token"] );
                      if ( isset($local_out["access_token"])){
                          log_message('critical', "XXXXXXXXXXXXXXXXX prepareOauthEndPointData -> ".$endpoint );
                          $l_out =[];
                          $local_out["user_info"]  = $this->gooleOAuthGetUser($local_out["access_token"], $l_out);
                          $this->provisionGoogleAccount($local_out["user_info"] , $local_out);
                      }
                      break;
                }
                log_message('critical', "prepareOauthEndPointDataL FINAL DATA".serialize($local_out) );
                $call_backend=false;
                break;
            case 'authlogin':
                // not really implemented

                switch($in["auth_type"]){
                    case 'GOOGLE':
                        log_message('critical', "prepareOauthEndPointDataL LOGIN  DATA STEP 2".serialize($in) );
                        $local_out["user_info"] =  $this->gooleOAuthGetUser($in["access_token"], $local_out);
                        log_message('critical', "prepareOauthEndPointDataL FINAL DATALOGIN  DATA STEP 3".serialize($local_out) );
                        $this->provisionGoogleAccount($local_out["user_info"] , $local_out);
                        break;
                }

                $in["action"] = WRENCHBOARD_ACCOUNT_AUXLOGIN;
                if (!isset($in["login_mode"])){
                    $in["login_mode"] = MOBILE_LOGIN;
                }
                break;
        }
        $in["pid"] = 100;
        return $in;
    }

/*
 *essage";s:326:"Received from Google token API: {
  "id": "112113008943138678578",
  "email": "jubaworker@gmail.com",
  "verified_email": true,
  "name": "Juba Juba",
  "given_name": "Juba",
  "family_name": "Juba",
  "picture": "https://lh3.googleusercontent.com/a/AAcHTtcVmXN4sjpZiUCZI5X6AwJWUhi46g4VRJqtIqW2G2cb=s96-c",
  "locale": "en"
}

 */
    private function provisionGoogleAccount($user, &$out)
    {
        log_message('critical', "YYYYYYYYYYYYYYYYYYY prepareOauthEndPointData -> " );
        $name = (string) $user["name"];
        if (trim($name) == "") {
            $name = strtok($user["email"], "@");
        }

        $data['google_id'] = $user["id"];
        $data['action'] = WRENCHBOARD_GOOGLE_LOGIN;
        $data['firstname'] = $user["given_name"];;
        $data['lastname'] = $user["family_name"];;
        $data['email'] = $user["email"];
        $data['sessionid'] = rand(10000, 99999) . "A" . rand(10000, 99999);

        $this->load->model('backend_model');
        $out = array();

        $wrenchboard = new  \App\Models\BackendModel();
        $ret = $wrenchboard->wrenchboard_api($data, $out);
        $out['internal_return'] = $ret;
        if ($ret == PHP_LOGIN_OK) {


        } else {
            // Cannot proceed - backend error?
//            $msg = (is_array($out) && array_key_exists('status',$out) && $out['status']!='')
//                ? $out ['status'] : json_encode($out);
//            $this->session->set_flashdata('login_message','Cannot proceed - error: '.$msg);
//            redirect('login');
        }

    }
}