Introduce an API endpoint to obtain public keys, that can be used to verify access tokens on other services

2025-05-31 14:11:46 +05:30 · 2024-06-14 04:36:49 +02:00
parent 17109f8eb5
commit 2111e1769f
3 changed files with 62 additions and 0 deletions
--- a/api/components/Tokens/Component.php
+++ b/api/components/Tokens/Component.php
@@ -108,6 +108,10 @@ class Component extends BaseComponent {
        return $rawValue;
    }

+    public function getPublicKey(): string {
+        return $this->getAlgorithmManager()->get(self::PREFERRED_ALGORITHM)->getPublicKey()->getContent();
+    }
+
    private function getAlgorithmManager(): AlgorithmsManager {
        if ($this->algorithmManager === null) {
            $this->algorithmManager = new AlgorithmsManager([
--- a/api/controllers/PublicKeysController.php
+++ b/api/controllers/PublicKeysController.php
@@ -0,0 +1,35 @@
+<?php
+declare(strict_types=1);
+
+namespace api\controllers;
+
+use api\filters\NginxCache;
+use Yii;
+use yii\helpers\ArrayHelper;
+use yii\web\Controller as BaseController;
+
+final class PublicKeysController extends BaseController {
+
+    public function behaviors(): array {
+        return ArrayHelper::merge(parent::behaviors(), [
+            'nginxCache' => [
+                'class' => NginxCache::class,
+                'rules' => [
+                    'index' => 3600, // 1h
+                ],
+            ],
+        ]);
+    }
+
+    public function actionIndex(): array {
+        return [
+            'keys' => [
+                [
+                    'alg' => 'ES256', // Hardcoded for awhile since right now there is no way to find used algo
+                    'pem' => Yii::$app->tokens->getPublicKey(),
+                ],
+            ],
+        ];
+    }
+
+}
--- a/api/tests/functional/PublicKeysCest.php
+++ b/api/tests/functional/PublicKeysCest.php
@@ -0,0 +1,23 @@
+<?php
+declare(strict_types=1);
+
+namespace api\tests\functional;
+
+use api\tests\FunctionalTester;
+
+final class PublicKeysCest {
+
+    public function getPublicKeys(FunctionalTester $I): void {
+        $I->sendGet('/api/public-keys');
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseContainsJson([
+            'keys' => [
+                [
+                    'alg' => 'ES256',
+                    'pem' => "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES2Pyq9r0CyyviLaWwq0ki5uy8hr/\nZbNO++3j4XP43uLD9/GYkrKGIRl+Hu5HT+LwZvrFcEaVhPk5CvtV4zlYJg==\n-----END PUBLIC KEY-----\n",
+                ],
+            ],
+        ]);
+    }
+
+}