Proof of concept

Author: lbausch

.gitignore

@@ -0,0 +1,2 @@
+/composer.lock
+/vendor/

.php_cs.dist

@@ -0,0 +1,15 @@
+<?php
+
+$finder = PhpCsFixer\Finder::create()
+    ->exclude('bootstrap')
+    ->exclude('resources')
+    ->exclude('vendor')
+    ->in(__DIR__)
+;
+
+return PhpCsFixer\Config::create()
+    ->setRules([
+        '@Symfony' => true,
+    ])
+    ->setFinder($finder)
+;

README.md

@@ -1 +1,77 @@
-# flarum-laravel-session
+# Flarum Laravel Session <!-- omit in toc -->
+
+**Disclaimer**: This package is still a proof of concept.
+
+- [What it does](#what-it-does)
+- [Requirements](#requirements)
+- [Installation and configuration](#installation-and-configuration)
+- [Usage](#usage)
+- [Accessing session cookie from different domain](#accessing-session-cookie-from-different-domain)
+
+## What it does
+This package allows to use the session of [Flarum](https://flarum.org/) for authentication within a Laravel application.
+It accesses Flarum's session cookie and reads the session data from the session storage.
+Based on the user information in the Flarum database an user in the Laravel application is created / updated and logged in.
+
+## Requirements
++ PHP 7.4
++ Laravel 7
++ Working installation of Flarum in the same filesystem as the Laravel application, so Flarum's session files can be accessed
++ Flarum and Laravel need to share the same domain / subdomain, so Flarum's session cookie can be read
+
+## Installation and configuration
+Install the package by executing `composer require lbausch/flarum-laravel-session:dev-master` and register the middleware in `app/Http/Kernel.php`:
+```php
+/**
+ * The application's route middleware.
+ *
+ * These middleware may be assigned to groups or used individually.
+ *
+ * @var array
+ */
+protected $routeMiddleware = [
+    // ...
+    'flarum' => \Bausch\FlarumLaravelSession\FlarumMiddleware::class,
+    // ...
+];
+```
+Define a database connection for the Flarum database in `config/database.php`:
+```php
+'flarum' => [
+    'driver' => 'mysql',
+    'url' => env('FLARUM_DATABASE_URL'),
+    'host' => env('FLARUM_DB_HOST', '127.0.0.1'),
+    'port' => env('FLARUM_DB_PORT', '3306'),
+    'database' => env('FLARUM_DB_DATABASE', 'forge'),
+    'username' => env('FLARUM_DB_USERNAME', 'forge'),
+    'password' => env('FLARUM_DB_PASSWORD', ''),
+    'unix_socket' => env('FLARUM_DB_SOCKET', ''),
+    'charset' => 'utf8mb4',
+    'collation' => 'utf8mb4_unicode_ci',
+    'prefix' => '',
+    'prefix_indexes' => true,
+    'strict' => true,
+    'engine' => null,
+    'options' => extension_loaded('pdo_mysql') ? array_filter([
+        PDO::MYSQL_ATTR_SSL_CA => env('FLARUM_MYSQL_ATTR_SSL_CA'),
+    ]) : [],
+],
+```
+Publish the package configuration using `php artisan vendor:publish --provider=Bausch\\FlarumLaravelSession\\ServiceProvider` and update `config/flarum.php` with your settings.
+
+## Usage
+In `routes/web.php` you may assign the middleware as desired:
+```php
+Route::middleware(['flarum'])->group(function () {
+    Route::get('/', function () {
+        return view('welcome');
+    });
+});
+```
+
+## Accessing session cookie from different domain
+If Flarum is running on domain.tld and Laravel on sub.domain.tld you need to configure Flarum (`config.php`), so the session cookie can be accessed on the subdomain:
+```php
+// Note the dot before domain.tld
+'cookie' => ['domain' => '.domain.tld'],
+```

composer.json

@@ -0,0 +1,35 @@
+{
+    "name": "lbausch/flarum-laravel-session",
+    "description": "Use Flarum's session within Laravel",
+    "type": "library",
+    "require-dev": {
+        "orchestra/testbench": "^5.3"
+    },
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Lorenz Bausch",
+            "email": "[email protected]"
+        }
+    ],
+    "require": {
+        "php": "^7.4",
+        "illuminate/auth": "^7.0",
+        "illuminate/filesystem": "^7.0",
+        "illuminate/http": "^7.0",
+        "illuminate/session": "^7.0",
+        "illuminate/support": "^7.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "Bausch\\FlarumLaravelSession\\": "src/"
+        }
+    },
+    "extra": {
+        "laravel": {
+            "providers": [
+                "Bausch\\FlarumLaravelSession\\ServiceProvider"
+            ]
+        }
+    }
+}

config/flarum.php

@@ -0,0 +1,33 @@
+<?php
+
+return [
+    /*
+     * Flarum url
+     */
+    'url' => env('FLARUM_URL'),
+
+    /*
+     * Model which is authenticatable
+     */
+    'model' => App\User::class,
+
+    /*
+     * Flarum session configuration
+     */
+    'session' => [
+        /*
+         * Name of the Flarum session cookie
+         */
+        'cookie' => env('FLARUM_SESSION_COOKIE', 'flarum_session'),
+
+        /*
+         * Absolute path to the session directory of Flarum
+         */
+        'path' => base_path('flarum/storage/sessions'),
+    ],
+
+    /*
+     * Flarum database connection as defined in config/database.php
+     */
+    'db_connection' => env('FLARUM_DB_CONNECTION', 'flarum'),
+];

src/FlarumMiddleware.php

@@ -0,0 +1,139 @@
+<?php
+
+namespace Bausch\FlarumLaravelSession;
+
+use Closure;
+use Illuminate\Filesystem\Filesystem;
+use Illuminate\Foundation\Auth\User;
+use Illuminate\Http\Request;
+use Illuminate\Session\FileSessionHandler;
+use Illuminate\Session\Store;
+use Illuminate\Support\Facades\App;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Str;
+
+class FlarumMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        // If the user is already authenticated, continue
+        if (Auth::check()) {
+            return $next($request);
+        }
+
+        // Get content of Flarum session cookie
+        $flarum_session_id = $request->cookie(Config::get('flarum.session.cookie', false));
+
+        // Abort if no session id could be found
+        if (!$flarum_session_id) {
+            abort(403);
+        }
+
+        // Create session store
+        $session_store = new Store('flarum-laravel-session', $this->getFileSessionHandler(), $flarum_session_id);
+
+        // Start session
+        $session_started = $session_store->start();
+
+        // Abort if session could'nt be started
+        if (!$session_started) {
+            abort(403);
+        }
+
+        // Try to get user id
+        $user_id = $session_store->get('user_id', false);
+
+        // Redirect if no user id was found
+        if (!$user_id) {
+            return redirect(Config::get('flarum.url'));
+        }
+
+        // Get Flarum user from Flarum database
+        $flarum_user = DB::connection(Config::get('flarum.database_connection'))->table('users')->find($user_id);
+
+        // Abort if no Flarum user is present in database
+        if (!$flarum_user) {
+            abort(403);
+        }
+
+        // Find the corresponding local user
+        $user = $this->getUser()->where('flarum_id', $flarum_user->id)->first();
+
+        // Create or update the corresponding local user
+        $user = $this->createOrUpdateUser($user, $flarum_user);
+
+        // Login the local user and remember him
+        Auth::login($user, true);
+
+        return $next($request);
+    }
+
+    /**
+     * Get FileSessionHandler.
+     */
+    protected function getFileSessionHandler(): FileSessionHandler
+    {
+        // Create filesystem
+        $filesystem = new Filesystem();
+
+        // Get path to session files
+        $session_path = Config::get('flarum.session.path');
+
+        // Session lifetime in minutes
+        $lifetime_minutes = 120;
+
+        return new FileSessionHandler(
+            $filesystem,
+            $session_path,
+            $lifetime_minutes
+        );
+    }
+
+    /**
+     * Create or update User.
+     */
+    protected function createOrUpdateUser(?User $user, object $flarum_user): User
+    {
+        // Get a user instance
+        if (is_null($user)) {
+            $user = $this->getUser();
+        }
+
+        // Attributes to update: local user => flarum user
+        $attributes = [
+            'username' => 'username',
+            'nickname' => 'nickname',
+            'flarum_id' => 'id',
+            'email' => 'email',
+        ];
+
+        // Update attributes
+        foreach ($attributes as $attribute) {
+            $user->{$attribute} = $flarum_user->{$attribute};
+        }
+
+        // Set a random password
+        $user->password = bcrypt(Str::random(30));
+
+        // Save user
+        $user->save();
+
+        // Return user
+        return $user;
+    }
+
+    /**
+     * Get User instance.
+     */
+    protected function getUser(): User
+    {
+        return App::make(config('flarum.model'));
+    }
+}

src/ServiceProvider.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace Bausch\FlarumLaravelSession;
+
+use Illuminate\Support\ServiceProvider as BaseServiceProvider;
+
+class ServiceProvider extends BaseServiceProvider
+{
+    /**
+     * Register any application services.
+     *
+     * @return void
+     */
+    public function register()
+    {
+    }
+
+    /**
+     * Bootstrap any application services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        $this->publishes([
+            __DIR__.'/../config/flarum.php' => config_path('flarum.php'),
+        ]);
+    }
+}