feat: add Twig helper generating hub URLs and setting authorization cookies

Author: dunglas

.github/workflows/static-analysis.yml

@@ -15,7 +15,7 @@ jobs:
       - name: "installing PHP"
         uses: "shivammathur/setup-php@v2"
         with:
-          php-version: "7.4"
+          php-version: "8.0"
           ini-values: memory_limit=-1
           tools: composer:v2, phpstan, cs2pr
 

.gitignore

@@ -1,5 +1,5 @@
-/.php_cs.cache
-/.php_cs
+/.php-cs-fixer.cache
+/.php-cs-fixer.php
 /.phpunit.result.cache
 /composer.phar
 /composer.lock

.php_cs.dist renamed to .php-cs-fixer.dist.php

@@ -46,8 +46,10 @@
     },
     "require-dev": {
         "lcobucci/jwt": "^3.4|^4.0",
+        "symfony/event-dispatcher": "^4.4|^5.0|^6.0",
         "symfony/phpunit-bridge": "^5.2|^6.0",
-        "symfony/stopwatch": "^4.4|^5.0|^6.0"
+        "symfony/stopwatch": "^4.4|^5.0|^6.0",
+        "twig/twig": "^2.0|^3.0"
     },
     "minimum-stability": "dev"
 }

composer.json

@@ -15,7 +15,6 @@
 
 use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mercure\Exception\InvalidArgumentException;
 use Symfony\Component\Mercure\Exception\RuntimeException;
 
@@ -36,7 +35,30 @@ public function __construct(HubRegistry $registry, ?int $cookieLifetime = null)
     }
 
     /**
-     * Create Authorization cookie for the given hub.
+     * Sets mercureAuthorization cookie for the given hub.
+     *
+     * @param string[]    $subscribe        a list of topics that the authorization cookie will allow subscribing to
+     * @param string[]    $publish          a list of topics that the authorization cookie will allow publishing to
+     * @param mixed[]     $additionalClaims an array of additional claims for the JWT
+     * @param string|null $hub              the hub to generate the cookie for
+     */
+    public function setCookie(Request $request, array $subscribe = [], array $publish = [], array $additionalClaims = [], ?string $hub = null): void
+    {
+        $request->attributes->set('_mercure_authorization_cookie', $this->createCookie($request, $subscribe, $publish, $additionalClaims, $hub));
+    }
+
+    /**
+     * Clears the mercureAuthorization cookie for the given hub.
+     *
+     * @param string|null $hub the hub to clear the cookie for
+     */
+    public function clearCookie(Request $request, ?string $hub = null): void
+    {
+        $request->attributes->set('_mercure_authorization_cookie', $this->createClearCookie($request, $hub));
+    }
+
+    /**
+     * Creates mercureAuthorization cookie for the given hub.
      *
      * @param string[]    $subscribe        a list of topics that the authorization cookie will allow subscribing to
      * @param string[]    $publish          a list of topics that the authorization cookie will allow publishing to
@@ -82,18 +104,26 @@ public function createCookie(Request $request, array $subscribe = [], array $pub
         );
     }
 
-    public function clearCookie(Request $request, Response $response, ?string $hub = null): void
+    /**
+     * Clears the mercureAuthorization cookie for the given hub.
+     *
+     * @param string|null $hub the hub to clear the cookie for
+     */
+    public function createClearCookie(Request $request, ?string $hub = null): Cookie
     {
         $hubInstance = $this->registry->getHub($hub);
         /** @var array $urlComponents */
         $urlComponents = parse_url($hubInstance->getPublicUrl());
 
-        $response->headers->clearCookie(
+        return Cookie::create(
             self::MERCURE_AUTHORIZATION_COOKIE_NAME,
+            null,
+            1,
             $urlComponents['path'] ?? '/',
             $this->getCookieDomain($request, $urlComponents),
             'http' !== strtolower($urlComponents['scheme'] ?? 'https'),
             true,
+            false,
             Cookie::SAMESITE_STRICT
         );
     }

src/Authorization.php

@@ -0,0 +1,40 @@
+<?php
+
+/*
+ * This file is part of the Mercure Component project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Symfony\Component\Mercure\EventSubscriber;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+final class SetCookieSubscriber implements EventSubscriberInterface
+{
+    public function onKernelResponse(ResponseEvent $event)
+    {
+        if (
+            !$event->isMainRequest() ||
+            null === $cookie = $event->getRequest()->attributes->get('_mercure_authorization_cookie')) {
+            return;
+        }
+
+        $event->getResponse()->headers->setCookie($cookie);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents(): array
+    {
+        return [KernelEvents::RESPONSE => 'onKernelResponse'];
+    }
+}

src/EventSubscriber/SetCookieSubscriber.php

@@ -37,6 +37,7 @@ final class Publisher implements PublisherInterface
 
     /**
      * @param TokenProviderInterface|callable(Update $update):string $jwtProvider
+     * @param mixed                                  $jwtProvider
      */
     public function __construct(string $hubUrl, $jwtProvider, HttpClientInterface $httpClient = null)
     {

src/Publisher.php

@@ -0,0 +1,69 @@
+<?php
+
+/*
+ * This file is part of the Mercure Component project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Symfony\Component\Mercure\Twig;
+
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Mercure\Authorization;
+use Symfony\Component\Mercure\HubRegistry;
+use Twig\Extension\AbstractExtension;
+use Twig\TwigFunction;
+
+final class MercureExtension extends AbstractExtension
+{
+    private HubRegistry $hubRegistry;
+    private ?Authorization $authorization;
+    private ?RequestStack $requestStack;
+
+    public function __construct(HubRegistry $hubRegistry, ?Authorization $authorization = null, ?RequestStack $requestStack = null)
+    {
+        $this->hubRegistry = $hubRegistry;
+        $this->authorization = $authorization;
+        $this->requestStack = $requestStack;
+    }
+
+    public function getFunctions()
+    {
+        return [new TwigFunction('mercure', [$this, 'mercure'])];
+    }
+
+    /**
+     * @param string|string[] $topics
+     */
+    public function mercure($topics, array $options = []): string
+    {
+        $hub = $options['hub'] ?? null;
+        $url = $this->hubRegistry->getHub($hub)->getPublicUrl();
+        // We cannot use http_build_query() because this method doesn't support generating multiple query parameters with the same name without the [] suffix
+        $separator = '?';
+        foreach ((array) $topics as $topic) {
+            $url .= $separator.'topic='.rawurlencode($topic);
+            if ('?' === $separator) {
+                $separator = '&';
+            }
+        }
+
+        if (
+            null === $this->authorization ||
+            null === $this->requestStack ||
+            (!isset($options['subscribe']) && !isset($options['publish']) && !isset($options['additionalClaims'])) ||
+            null === $request = $this->requestStack->getMainRequest()
+        ) {
+            return $url;
+        }
+
+        $this->authorization->setCookie($request, $options['subscribe'] ?? [], $options['publish'] ?? [], $options['additionalClaims'] ?? [], $hub);
+
+        return $url;
+    }
+}

src/Twig/MercureExtension.php

@@ -33,7 +33,7 @@ final class Update
     private $retry;
 
     /**
-     * @param array|string $topics
+     * @param string|string[] $topics
      */
     public function __construct($topics, string $data = '', bool $private = false, string $id = null, string $type = null, int $retry = null)
     {

src/Update.php

@@ -16,7 +16,6 @@
 use Lcobucci\JWT\Signer\Key\InMemory;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Mercure\Authorization;
 use Symfony\Component\Mercure\Exception\RuntimeException;
 use Symfony\Component\Mercure\HubRegistry;
@@ -67,15 +66,13 @@ public function create(array $subscribe = [], array $publish = [], array $additi
         ));
 
         $authorization = new Authorization($registry);
-        $cookie = $authorization->createCookie($request = Request::create('https://example.com'));
+        $cookie = $authorization->setCookie($request = Request::create('https://example.com'));
 
-        $response = new Response();
-        $response->headers->setCookie($cookie);
+        $authorization->clearCookie($request);
 
-        $authorization->clearCookie($request, $response);
-
-        $this->assertNull($response->headers->getCookies()[0]->getValue());
-        $this->assertSame(1, $response->headers->getCookies()[0]->getExpiresTime());
+        $cookie = $request->attributes->get('_mercure_authorization_cookie');
+        $this->assertNull($cookie->getValue());
+        $this->assertSame(1, $cookie->getExpiresTime());
     }
 
     /**