Добавлена поддержка для "внутренних" scopes, запросить которые во время oauth процесса нельзя

api/components/OAuth2/Storage/ScopeStorage.php

@@ -12,7 +12,8 @@ class ScopeStorage extends AbstractStorage implements ScopeInterface {
      * @inheritdoc
      */
     public function get($scope, $grantType = null, $clientId = null) {
-        if (!in_array($scope, OauthScope::getScopes(), true)) {
+        $scopes = $grantType === 'authorization_code' ? OauthScope::getPublicScopes() : OauthScope::getScopes();
+        if (!in_array($scope, $scopes, true)) {
             return null;
         }
 

common/components/Annotations/Reader.php

@@ -0,0 +1,18 @@
+<?php
+namespace common\components\Annotations;
+
+class Reader extends \Minime\Annotations\Reader {
+
+    /**
+     * Поначаду я думал кэшировать эту штуку, но потом забил, т.к. всё всё равно завернул
+     * в Yii::$app->cache и как-то надобность в отдельном кэше отпала, так что пока забьём
+     * и оставим как заготовку на будущее
+     *
+     * @return \Minime\Annotations\Interfaces\ReaderInterface
+     */
+    public static function createFromDefaults() {
+        return parent::createFromDefaults();
+        //return new self(new \Minime\Annotations\Parser(), new RedisCache());
+    }
+
+}

common/components/Annotations/RedisCache.php

@@ -0,0 +1,65 @@
+<?php
+namespace common\components\Annotations;
+
+use common\components\Redis\Key;
+use common\components\Redis\Set;
+use Minime\Annotations\Interfaces\CacheInterface;
+use yii\helpers\Json;
+
+class RedisCache implements CacheInterface {
+
+    /**
+     * Generates uuid for a given docblock string
+     * @param  string $docblock docblock string
+     * @return string uuid that maps to the given docblock
+     */
+    public function getKey($docblock) {
+        return md5($docblock);
+    }
+
+    /**
+     * Adds an annotation AST to cache
+     *
+     * @param string $key cache entry uuid
+     * @param array  $annotations annotation AST
+     */
+    public function set($key, array $annotations) {
+        $this->getRedisKey($key)->setValue(Json::encode($annotations))->expire(3600);
+        $this->getRedisKeysSet()->add($key);
+    }
+
+    /**
+     * Retrieves cached annotations from docblock uuid
+     *
+     * @param  string $key cache entry uuid
+     * @return array  cached annotation AST
+     */
+    public function get($key) {
+        $result = $this->getRedisKey($key)->getValue();
+        if ($result === null) {
+            return [];
+        }
+
+        return Json::decode($result);
+    }
+
+    /**
+     * Resets cache
+     */
+    public function clear() {
+        /** @var array $keys */
+        $keys = $this->getRedisKeysSet()->getValue();
+        foreach ($keys as $key) {
+            $this->getRedisKey($key)->delete();
+        }
+    }
+
+    private function getRedisKey(string $key): Key {
+        return new Key('annotations', 'cache', $key);
+    }
+
+    private function getRedisKeysSet(): Set {
+        return new Set('annotations', 'cache', 'keys');
+    }
+
+}

common/models/OauthScope.php

@@ -1,6 +1,11 @@
 <?php
 namespace common\models;
 
+use common\components\Annotations\Reader;
+use ReflectionClass;
+use Yii;
+use yii\helpers\ArrayHelper;
+
 class OauthScope {
 
     const OFFLINE_ACCESS = 'offline_access';
@@ -8,13 +13,49 @@ class OauthScope {
     const ACCOUNT_INFO = 'account_info';
     const ACCOUNT_EMAIL = 'account_email';
 
-    public static function getScopes() : array {
+    /** @internal */
-        return [
+    const ACCOUNT_BLOCK = 'account_block';
-            self::OFFLINE_ACCESS,
+
-            self::MINECRAFT_SERVER_SESSION,
+    public static function getScopes(): array {
-            self::ACCOUNT_INFO,
+        return ArrayHelper::getColumn(static::queryScopes(), 'value');
-            self::ACCOUNT_EMAIL,
+    }
-        ];
+
+    public static function getPublicScopes(): array {
+        return ArrayHelper::getColumn(array_filter(static::queryScopes(), function($value) {
+            return !isset($value['internal']);
+        }), 'value');
+    }
+
+    public static function getInternalScopes(): array {
+        return ArrayHelper::getColumn(array_filter(static::queryScopes(), function($value) {
+            return isset($value['internal']);
+        }), 'value');
+    }
+
+    private static function queryScopes(): array {
+        $cacheKey = 'oauth-scopes-list';
+        $scopes = false;
+        if ($scopes === false) {
+            $scopes = [];
+            $reflection = new ReflectionClass(static::class);
+            $constants = $reflection->getConstants();
+            $reader = Reader::createFromDefaults();
+            foreach ($constants as $constName => $value) {
+                $annotations = $reader->getConstantAnnotations(static::class, $constName);
+                $isInternal = $annotations->get('internal', false);
+                $keyValue = [
+                    'value' => $value,
+                ];
+                if ($isInternal) {
+                    $keyValue['internal'] = true;
+                }
+                $scopes[$constName] = $keyValue;
+            }
+
+            Yii::$app->cache->set($cacheKey, $scopes, 3600);
+        }
+
+        return $scopes;
     }
 
 }

composer.json

@@ -27,7 +27,8 @@
         "ely/amqp-controller": "dev-master#d7f8cdbc66c45e477c9c7d5d509bc0c1b11fd3ec",
         "ely/email-renderer": "dev-master#ef1cb3f7a13196524b97ca5aa0a2d5867f2d9207",
         "predis/predis": "^1.0",
-        "mito/yii2-sentry": "dev-fix_init#27f00805cb906f73b2c6f8181c1c655decb9be70"
+        "mito/yii2-sentry": "dev-fix_init#27f00805cb906f73b2c6f8181c1c655decb9be70",
+        "minime/annotations": "~3.0"
     },
     "require-dev": {
         "yiisoft/yii2-codeception": "*",

tests/codeception/api/functional/OauthAuthCodeCest.php

@@ -281,6 +281,21 @@ class OauthAuthCodeCest {
             'statusCode' => 400,
         ]);
         $I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
+
+        $I->wantTo('check behavior on request internal scope');
+        $this->route->$action($this->buildQueryParams('ely', 'http://ely.by', 'code', [
+            S::MINECRAFT_SERVER_SESSION,
+            S::ACCOUNT_BLOCK,
+        ]));
+        $I->canSeeResponseCodeIs(400);
+        $I->canSeeResponseIsJson();
+        $I->canSeeResponseContainsJson([
+            'success' => false,
+            'error' => 'invalid_scope',
+            'parameter' => S::ACCOUNT_BLOCK,
+            'statusCode' => 400,
+        ]);
+        $I->canSeeResponseJsonMatchesJsonPath('$.redirectUri');
     }
 
 }

tests/codeception/common/unit/models/OauthScopeTest.php

@@ -0,0 +1,12 @@
+<?php
+namespace tests\codeception\common\unit\models;
+
+use tests\codeception\common\unit\TestCase;
+
+class OauthScopeTest extends TestCase {
+
+    public function testTest() {
+        $scopes = \common\models\OauthScope::getScopes();
+    }
+
+}