Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .env.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# 1Password テンプレートファイル
# 使用方法: op inject -i .env.tpl -o .env

# EcAuth クライアント設定
ECAUTH_BASE_URL=op://EcAuth/eccube4-ecauth-plugin/base_url
ECAUTH_CLIENT_ID=op://EcAuth/eccube4-ecauth-plugin/client_id
ECAUTH_CLIENT_SECRET=op://EcAuth/eccube4-ecauth-plugin/client_secret
62 changes: 62 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: CI

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
phpstan:
name: PHPStan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
tools: composer

- name: Install dependencies
run: composer install --no-progress --prefer-dist

- name: Run PHPStan
run: vendor/bin/phpstan analyse --no-progress

rector:
name: Rector
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
tools: composer

- name: Install dependencies
run: composer install --no-progress --prefer-dist

- name: Run Rector (dry-run)
run: vendor/bin/rector process --dry-run

cs-fixer:
name: PHP CS Fixer
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.3'
tools: composer

- name: Install dependencies
run: composer install --no-progress --prefer-dist

- name: Run PHP CS Fixer (dry-run)
run: vendor/bin/php-cs-fixer fix --dry-run --diff
43 changes: 43 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Packaging for EC-CUBE Plugin

on:
release:
types: [published]

jobs:
deploy:
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Packaging
working-directory: ../
run: |
rm -rf $GITHUB_WORKSPACE/.github
rm -rf $GITHUB_WORKSPACE/tests
rm -rf $GITHUB_WORKSPACE/node_modules
rm -f $GITHUB_WORKSPACE/Dockerfile
rm -f $GITHUB_WORKSPACE/docker-compose.yml
rm -f $GITHUB_WORKSPACE/docker-compose.override.yml
rm -f $GITHUB_WORKSPACE/docker-entrypoint.sh
rm -f $GITHUB_WORKSPACE/package.json
rm -f $GITHUB_WORKSPACE/package-lock.json
rm -f $GITHUB_WORKSPACE/yarn.lock
rm -f $GITHUB_WORKSPACE/playwright.config.ts
rm -f $GITHUB_WORKSPACE/phpstan.neon.dist
rm -f $GITHUB_WORKSPACE/rector.php
rm -f $GITHUB_WORKSPACE/.php-cs-fixer.dist.php
rm -f $GITHUB_WORKSPACE/.env.tpl
rm -f $GITHUB_WORKSPACE/CLAUDE.md
find $GITHUB_WORKSPACE -name "dummy" -delete
find $GITHUB_WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
chmod -R o+w $GITHUB_WORKSPACE
cd $GITHUB_WORKSPACE
tar cvzf ../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz ./*
Comment on lines +17 to +38
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

シェル変数のクォートと runner.workspace の修正が必要です。

  1. $GITHUB_WORKSPACE は空白やグロブを防ぐためにダブルクォートで囲む必要があります。
  2. Line 43 の runner.workspace は存在しないプロパティです。親ディレクトリを参照する場合は github.workspace の親ディレクトリを計算するか、別の方法を使用してください。
🔧 修正案
       working-directory: ../
       run: |
-          rm -rf $GITHUB_WORKSPACE/.github
-          rm -rf $GITHUB_WORKSPACE/tests
-          rm -rf $GITHUB_WORKSPACE/node_modules
-          rm -f $GITHUB_WORKSPACE/Dockerfile
-          rm -f $GITHUB_WORKSPACE/docker-compose.yml
-          rm -f $GITHUB_WORKSPACE/docker-compose.override.yml
-          rm -f $GITHUB_WORKSPACE/docker-entrypoint.sh
-          rm -f $GITHUB_WORKSPACE/package.json
-          rm -f $GITHUB_WORKSPACE/package-lock.json
-          rm -f $GITHUB_WORKSPACE/yarn.lock
-          rm -f $GITHUB_WORKSPACE/playwright.config.ts
-          rm -f $GITHUB_WORKSPACE/phpstan.neon.dist
-          rm -f $GITHUB_WORKSPACE/rector.php
-          rm -f $GITHUB_WORKSPACE/.php-cs-fixer.dist.php
-          rm -f $GITHUB_WORKSPACE/.env.tpl
-          rm -f $GITHUB_WORKSPACE/CLAUDE.md
-          find $GITHUB_WORKSPACE -name "dummy" -delete
-          find $GITHUB_WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
-          chmod -R o+w $GITHUB_WORKSPACE
-          cd $GITHUB_WORKSPACE
+          rm -rf "$GITHUB_WORKSPACE/.github"
+          rm -rf "$GITHUB_WORKSPACE/tests"
+          rm -rf "$GITHUB_WORKSPACE/node_modules"
+          rm -f "$GITHUB_WORKSPACE/Dockerfile"
+          rm -f "$GITHUB_WORKSPACE/docker-compose.yml"
+          rm -f "$GITHUB_WORKSPACE/docker-compose.override.yml"
+          rm -f "$GITHUB_WORKSPACE/docker-entrypoint.sh"
+          rm -f "$GITHUB_WORKSPACE/package.json"
+          rm -f "$GITHUB_WORKSPACE/package-lock.json"
+          rm -f "$GITHUB_WORKSPACE/yarn.lock"
+          rm -f "$GITHUB_WORKSPACE/playwright.config.ts"
+          rm -f "$GITHUB_WORKSPACE/phpstan.neon.dist"
+          rm -f "$GITHUB_WORKSPACE/rector.php"
+          rm -f "$GITHUB_WORKSPACE/.php-cs-fixer.dist.php"
+          rm -f "$GITHUB_WORKSPACE/.env.tpl"
+          rm -f "$GITHUB_WORKSPACE/CLAUDE.md"
+          find "$GITHUB_WORKSPACE" -name "dummy" -delete
+          find "$GITHUB_WORKSPACE" -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
+          chmod -R o+w "$GITHUB_WORKSPACE"
+          cd "$GITHUB_WORKSPACE"
           tar cvzf ../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz ./*
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
run: |
rm -rf $GITHUB_WORKSPACE/.github
rm -rf $GITHUB_WORKSPACE/tests
rm -rf $GITHUB_WORKSPACE/node_modules
rm -f $GITHUB_WORKSPACE/Dockerfile
rm -f $GITHUB_WORKSPACE/docker-compose.yml
rm -f $GITHUB_WORKSPACE/docker-compose.override.yml
rm -f $GITHUB_WORKSPACE/docker-entrypoint.sh
rm -f $GITHUB_WORKSPACE/package.json
rm -f $GITHUB_WORKSPACE/package-lock.json
rm -f $GITHUB_WORKSPACE/yarn.lock
rm -f $GITHUB_WORKSPACE/playwright.config.ts
rm -f $GITHUB_WORKSPACE/phpstan.neon.dist
rm -f $GITHUB_WORKSPACE/rector.php
rm -f $GITHUB_WORKSPACE/.php-cs-fixer.dist.php
rm -f $GITHUB_WORKSPACE/.env.tpl
rm -f $GITHUB_WORKSPACE/CLAUDE.md
find $GITHUB_WORKSPACE -name "dummy" -delete
find $GITHUB_WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
chmod -R o+w $GITHUB_WORKSPACE
cd $GITHUB_WORKSPACE
tar cvzf ../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz ./*
run: |
rm -rf "$GITHUB_WORKSPACE/.github"
rm -rf "$GITHUB_WORKSPACE/tests"
rm -rf "$GITHUB_WORKSPACE/node_modules"
rm -f "$GITHUB_WORKSPACE/Dockerfile"
rm -f "$GITHUB_WORKSPACE/docker-compose.yml"
rm -f "$GITHUB_WORKSPACE/docker-compose.override.yml"
rm -f "$GITHUB_WORKSPACE/docker-entrypoint.sh"
rm -f "$GITHUB_WORKSPACE/package.json"
rm -f "$GITHUB_WORKSPACE/package-lock.json"
rm -f "$GITHUB_WORKSPACE/yarn.lock"
rm -f "$GITHUB_WORKSPACE/playwright.config.ts"
rm -f "$GITHUB_WORKSPACE/phpstan.neon.dist"
rm -f "$GITHUB_WORKSPACE/rector.php"
rm -f "$GITHUB_WORKSPACE/.php-cs-fixer.dist.php"
rm -f "$GITHUB_WORKSPACE/.env.tpl"
rm -f "$GITHUB_WORKSPACE/CLAUDE.md"
find "$GITHUB_WORKSPACE" -name "dummy" -delete
find "$GITHUB_WORKSPACE" -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
chmod -R o+w "$GITHUB_WORKSPACE"
cd "$GITHUB_WORKSPACE"
tar cvzf ../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz ./*
🧰 Tools
🪛 actionlint (1.7.10)

[error] 17-17: shellcheck reported issue in this script: SC2086:info:10:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:11:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:12:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:13:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:14:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:15:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:16:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:17:6: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:18:6: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:19:14: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:1:8: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:20:4: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:2:8: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:3:8: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:4:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:5:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:6:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:7:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:8:7: Double quote to prevent globbing and word splitting

(shellcheck)


[error] 17-17: shellcheck reported issue in this script: SC2086:info:9:7: Double quote to prevent globbing and word splitting

(shellcheck)

🤖 Prompt for AI Agents
In @.github/workflows/deploy.yml around lines 17 - 38, Wrap all uses of the
environment variable GITHUB_WORKSPACE in double quotes (e.g., "
$GITHUB_WORKSPACE ") across the rm, find, chmod, cd and tar commands to protect
against spaces and globbing; also remove or replace the invalid runner.workspace
reference by computing the parent directory from github.workspace (or pass the
parent path in as an input) and use that parent when creating the tar archive
(the tar cvzf invocation and any ../ references should be updated to use the
computed parent path instead of runner.workspace).


- name: Upload binaries to release
uses: softprops/action-gh-release@v2
with:
files: ${{ runner.workspace }}/${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz
Comment on lines +40 to +43
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

runner.workspace は無効なプロパティです。

runner コンテキストには workspace プロパティが存在しません。tar ファイルは working-directory: ../ で作成されているため、アップロードパスを修正してください。

🔧 修正案
     - name: Upload binaries to release
       uses: softprops/action-gh-release@v2
       with:
-        files: ${{ runner.workspace }}/${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz
+        files: ${{ github.workspace }}/../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Upload binaries to release
uses: softprops/action-gh-release@v2
with:
files: ${{ runner.workspace }}/${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz
- name: Upload binaries to release
uses: softprops/action-gh-release@v2
with:
files: ${{ github.workspace }}/../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz
🧰 Tools
🪛 actionlint (1.7.10)

[error] 43-43: property "workspace" is not defined in object type {arch: string; debug: string; environment: string; name: string; os: string; temp: string; tool_cache: string}

(expression)

🤖 Prompt for AI Agents
In @.github/workflows/deploy.yml around lines 40 - 43, "Upload binaries to
release" ステップの files 指定で無効な runner.workspace
を使っているためアップロード先が見つかりません。softprops/action-gh-release@v2 の files 入力を修正して
runner.workspace を ${{ github.workspace }} に置き換え、tar
を作成したワーキングディレクトリの相対位置(../)を反映したパスにしてください(参照箇所: step name "Upload binaries to
release", uses: softprops/action-gh-release@v2, input "files")。

66 changes: 66 additions & 0 deletions .github/workflows/playwright.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
name: Playwright E2E Tests

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
e2e:
name: E2E Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'

- name: Install dependencies
run: yarn install --frozen-lockfile

- name: Install Playwright browsers
run: npx playwright install --with-deps chromium

- name: Create .env file
run: |
cat <<'EOF' > .env
ECAUTH_BASE_URL=${{ secrets.ECAUTH_BASE_URL }}
ECAUTH_CLIENT_ID=${{ secrets.ECAUTH_CLIENT_ID }}
ECAUTH_CLIENT_SECRET=${{ secrets.ECAUTH_CLIENT_SECRET }}
EOF

- name: Start Docker environment
run: docker compose up -d --build --wait

- name: Wait for EC-CUBE to be ready
run: |
for i in $(seq 1 30); do
if curl -sk https://localhost:4430/admin/login > /dev/null 2>&1; then
echo "EC-CUBE is ready"
break
fi
echo "Waiting for EC-CUBE... ($i/30)"
sleep 5
done
Comment on lines +38 to +47
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

EC-CUBE 未起動時にジョブが成功扱いになる可能性があります。

準備完了しない場合は明示的に失敗させる方が原因切り分けが容易です。

修正案
       - name: Wait for EC-CUBE to be ready
         run: |
-          for i in $(seq 1 30); do
+          ready=false
+          for i in $(seq 1 30); do
             if curl -sk https://localhost:4430/admin/login > /dev/null 2>&1; then
               echo "EC-CUBE is ready"
+              ready=true
               break
             fi
             echo "Waiting for EC-CUBE... ($i/30)"
             sleep 5
           done
+          if [ "$ready" != "true" ]; then
+            echo "EC-CUBE did not become ready in time" >&2
+            exit 1
+          fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Wait for EC-CUBE to be ready
run: |
for i in $(seq 1 30); do
if curl -sk https://localhost:4430/admin/login > /dev/null 2>&1; then
echo "EC-CUBE is ready"
break
fi
echo "Waiting for EC-CUBE... ($i/30)"
sleep 5
done
- name: Wait for EC-CUBE to be ready
run: |
ready=false
for i in $(seq 1 30); do
if curl -sk https://localhost:4430/admin/login > /dev/null 2>&1; then
echo "EC-CUBE is ready"
ready=true
break
fi
echo "Waiting for EC-CUBE... ($i/30)"
sleep 5
done
if [ "$ready" != "true" ]; then
echo "EC-CUBE did not become ready in time" >&2
exit 1
fi
🤖 Prompt for AI Agents
In @.github/workflows/playwright.yml around lines 38 - 47, The current "Wait for
EC-CUBE to be ready" step can silently succeed if the loop never detects
readiness; change the shell loop so that after trying up to 30 times it
explicitly fails the job (exit non‑zero) when curl never succeeds. Modify the
existing loop in the step (the for/if/curl logic) to exit 1 and print a clear
error message like "EC-CUBE did not become ready" when the loop completes
without a successful curl, ensuring the CI job fails instead of proceeding.


- name: Run Playwright tests
run: npx playwright test --reporter=list
env:
BASE_URL: https://localhost:4430

- name: Upload test results
if: failure()
uses: actions/upload-artifact@v4
with:
name: playwright-report
path: |
test-results/
playwright-report/
retention-days: 7

- name: Stop Docker environment
if: always()
run: docker compose down
33 changes: 33 additions & 0 deletions .php-cs-fixer.dist.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<?php

declare(strict_types=1);

$finder = PhpCsFixer\Finder::create()
->in([
__DIR__.'/Controller',
__DIR__.'/Entity',
__DIR__.'/Form',
__DIR__.'/Repository',
__DIR__.'/Service',
])
->append([
__DIR__.'/EcAuthLoginEvent.php',
__DIR__.'/EcAuthLoginNav.php',
__DIR__.'/PluginManager.php',
])
->name('*.php');

return (new PhpCsFixer\Config())
->setRiskyAllowed(true)
->setRules([
'@PSR12' => true,
'array_syntax' => ['syntax' => 'short'],
'no_unused_imports' => true,
'ordered_imports' => ['sort_algorithm' => 'alpha'],
'single_quote' => true,
'trailing_comma_in_multiline' => ['elements' => ['arrays', 'arguments', 'parameters']],
'blank_line_before_statement' => [
'statements' => ['return'],
],
])
->setFinder($finder);
103 changes: 103 additions & 0 deletions CLAUDE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# CLAUDE.md

このファイルは Claude Code (claude.ai/code) がこのリポジトリで作業する際のガイダンスを提供します。

## プロジェクト概要

EC-CUBE 4.3系管理画面向け EcAuth B2Bパスキー認証プラグイン(EcAuthLogin43)。
EcAuth Identity Provider と連携し、管理画面にパスキー(WebAuthn/FIDO2)認証を追加する。

## 開発コマンド

### Docker 環境

```bash
# 起動
docker compose up -d --build

# ログ確認
docker compose logs ec-cube

# 停止
docker compose down
```

### 静的解析

```bash
# PHPStan
composer phpstan

# Rector (dry-run)
composer rector

# PHP CS Fixer (dry-run)
composer cs-check
```

### E2E テスト

```bash
yarn install
npx playwright test
```

## ディレクトリ構成

```
ec-cube4-ecauth/
├── composer.json # type: eccube-plugin, code: EcAuthLogin43
├── PluginManager.php # enable() でデフォルト Config 作成
├── EcAuthLoginEvent.php # TemplateEvent サブスクライバ
├── EcAuthLoginNav.php # 管理画面ナビゲーション
├── Controller/
│ ├── Admin/
│ │ ├── ConfigController.php # プラグイン設定画面
│ │ └── PasskeyController.php # パスキー管理画面
│ ├── EcAuthCallbackController.php # 認証コールバック(認証不要)
│ └── PasskeyAuthController.php # パスキー認証/登録 API 中継
├── Entity/
│ ├── Config.php # plg_ecauth_login43_config
│ └── MemberTrait.php # dtb_member に ecauth_subject 追加
├── Form/Type/Admin/
│ └── ConfigType.php
├── Repository/
│ └── ConfigRepository.php
├── Service/
│ ├── EcAuthApiClient.php # EcAuth API HTTP クライアント
│ └── PasskeyAuthService.php # パスキー認証ビジネスロジック
├── Resource/
│ ├── config/services.yaml
│ ├── locale/messages.ja.yaml
│ ├── template/admin/
│ │ ├── config.twig
│ │ ├── passkey_list.twig
│ │ └── login_passkey.twig
│ └── assets/js/
│ └── webauthn.js
├── tests/specs/ # Playwright E2E テスト
├── Dockerfile
├── docker-compose.yml
├── docker-compose.override.yml
└── docker-entrypoint.sh
```

## EcAuth API エンドポイント(本プラグインが呼び出す)

| エンドポイント | 認証方式 | 用途 |
|----------------|----------|------|
| `POST /b2b/passkey/authenticate/options` | client_id | チャレンジ取得 |
| `POST /b2b/passkey/authenticate/verify` | client_id | 署名検証→認可コード |
| `POST /b2b/passkey/register/options` | client_id + client_secret | 登録オプション |
| `POST /b2b/passkey/register/verify` | client_id + client_secret | 登録完了 |
| `GET /b2b/passkey/list` | Bearer Token | 一覧取得 |
| `DELETE /b2b/passkey/{credentialId}` | Bearer Token | 削除 |
| `POST /token` | client_id + client_secret | トークン交換 |

## セキュリティ注意事項

- client_secret はサーバーサイドのみ。JS に渡さない
- CSRF トークンはフォームと AJAX 両方で送信
- state パラメータは hash_equals() で検証、使い捨て削除
- WebAuthn は HTTPS 必須。HTTP 時はボタン非表示
- デプロイ先 URL を issue/PR/README に含めないこと
48 changes: 48 additions & 0 deletions Controller/Admin/ConfigController.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
<?php

namespace Plugin\EcAuthLogin43\Controller\Admin;

use Eccube\Controller\AbstractController;
use Plugin\EcAuthLogin43\Form\Type\Admin\ConfigType;
use Plugin\EcAuthLogin43\Repository\ConfigRepository;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;

class ConfigController extends AbstractController
{
/**
* @var ConfigRepository
*/
protected $configRepository;

public function __construct(ConfigRepository $configRepository)
{
$this->configRepository = $configRepository;
}

/**
* @Route("/%eccube_admin_route%/ecauth_login43/config", name="ecauth_login43_admin_config")
* @Template("@EcAuthLogin43/admin/config.twig")
*/
public function index(Request $request)
{
$Config = $this->configRepository->get();
$form = $this->createForm(ConfigType::class, $Config);
$form->handleRequest($request);

if ($form->isSubmitted() && $form->isValid()) {
$Config = $form->getData();
$this->entityManager->persist($Config);
$this->entityManager->flush();

$this->addSuccess('ecauth_login43.admin.config.save.success', 'admin');

return $this->redirectToRoute('ecauth_login43_admin_config');
}

return [
'form' => $form->createView(),
];
}
}
Loading
Loading