Add google/auth and related libraries, and update other dependencies

2026-01-22 12:49:55 +09:00 · 2024-04-20 23:50:39 +09:00 · 2024-04-20 23:50:39 +09:00 · d39434d426
commit d39434d426
parent d861040766
217 changed files with 13266 additions and 2110 deletions
--- a/common/vendor/google/auth/src/FetchAuthTokenCache.php
+++ b/common/vendor/google/auth/src/FetchAuthTokenCache.php
@ -0,0 +1,292 @@
+<?php
+/*
+ * Copyright 2010 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Google\Auth;
+
+use Psr\Cache\CacheItemPoolInterface;
+
+/**
+ * A class to implement caching for any object implementing
+ * FetchAuthTokenInterface
+ */
+class FetchAuthTokenCache implements
+    FetchAuthTokenInterface,
+    GetQuotaProjectInterface,
+    SignBlobInterface,
+    ProjectIdProviderInterface,
+    UpdateMetadataInterface
+{
+    use CacheTrait;
+
+    /**
+     * @var FetchAuthTokenInterface
+     */
+    private $fetcher;
+
+    /**
+     * @var int
+     */
+    private $eagerRefreshThresholdSeconds = 10;
+
+    /**
+     * @param FetchAuthTokenInterface $fetcher A credentials fetcher
+     * @param array<mixed> $cacheConfig Configuration for the cache
+     * @param CacheItemPoolInterface $cache
+     */
+    public function __construct(
+        FetchAuthTokenInterface $fetcher,
+        array $cacheConfig = null,
+        CacheItemPoolInterface $cache
+    ) {
+        $this->fetcher = $fetcher;
+        $this->cache = $cache;
+        $this->cacheConfig = array_merge([
+            'lifetime' => 1500,
+            'prefix' => '',
+        ], (array) $cacheConfig);
+    }
+
+    /**
+     * @return FetchAuthTokenInterface
+     */
+    public function getFetcher()
+    {
+        return $this->fetcher;
+    }
+
+    /**
+     * Implements FetchAuthTokenInterface#fetchAuthToken.
+     *
+     * Checks the cache for a valid auth token and fetches the auth tokens
+     * from the supplied fetcher.
+     *
+     * @param callable $httpHandler callback which delivers psr7 request
+     * @return array<mixed> the response
+     * @throws \Exception
+     */
+    public function fetchAuthToken(callable $httpHandler = null)
+    {
+        if ($cached = $this->fetchAuthTokenFromCache()) {
+            return $cached;
+        }
+
+        $auth_token = $this->fetcher->fetchAuthToken($httpHandler);
+
+        $this->saveAuthTokenInCache($auth_token);
+
+        return $auth_token;
+    }
+
+    /**
+     * @return string
+     */
+    public function getCacheKey()
+    {
+        return $this->getFullCacheKey($this->fetcher->getCacheKey());
+    }
+
+    /**
+     * @return array<mixed>|null
+     */
+    public function getLastReceivedToken()
+    {
+        return $this->fetcher->getLastReceivedToken();
+    }
+
+    /**
+     * Get the client name from the fetcher.
+     *
+     * @param callable $httpHandler An HTTP handler to deliver PSR7 requests.
+     * @return string
+     */
+    public function getClientName(callable $httpHandler = null)
+    {
+        if (!$this->fetcher instanceof SignBlobInterface) {
+            throw new \RuntimeException(
+                'Credentials fetcher does not implement ' .
+                'Google\Auth\SignBlobInterface'
+            );
+        }
+
+        return $this->fetcher->getClientName($httpHandler);
+    }
+
+    /**
+     * Sign a blob using the fetcher.
+     *
+     * @param string $stringToSign The string to sign.
+     * @param bool $forceOpenSsl Require use of OpenSSL for local signing. Does
+     *        not apply to signing done using external services. **Defaults to**
+     *        `false`.
+     * @return string The resulting signature.
+     * @throws \RuntimeException If the fetcher does not implement
+     *     `Google\Auth\SignBlobInterface`.
+     */
+    public function signBlob($stringToSign, $forceOpenSsl = false)
+    {
+        if (!$this->fetcher instanceof SignBlobInterface) {
+            throw new \RuntimeException(
+                'Credentials fetcher does not implement ' .
+                'Google\Auth\SignBlobInterface'
+            );
+        }
+
+        // Pass the access token from cache to GCECredentials for signing a blob.
+        // This saves a call to the metadata server when a cached token exists.
+        if ($this->fetcher instanceof Credentials\GCECredentials) {
+            $cached = $this->fetchAuthTokenFromCache();
+            $accessToken = isset($cached['access_token']) ? $cached['access_token'] : null;
+            return $this->fetcher->signBlob($stringToSign, $forceOpenSsl, $accessToken);
+        }
+
+        return $this->fetcher->signBlob($stringToSign, $forceOpenSsl);
+    }
+
+    /**
+     * Get the quota project used for this API request from the credentials
+     * fetcher.
+     *
+     * @return string|null
+     */
+    public function getQuotaProject()
+    {
+        if ($this->fetcher instanceof GetQuotaProjectInterface) {
+            return $this->fetcher->getQuotaProject();
+        }
+
+        return null;
+    }
+
+    /*
+     * Get the Project ID from the fetcher.
+     *
+     * @param callable $httpHandler Callback which delivers psr7 request
+     * @return string|null
+     * @throws \RuntimeException If the fetcher does not implement
+     *     `Google\Auth\ProvidesProjectIdInterface`.
+     */
+    public function getProjectId(callable $httpHandler = null)
+    {
+        if (!$this->fetcher instanceof ProjectIdProviderInterface) {
+            throw new \RuntimeException(
+                'Credentials fetcher does not implement ' .
+                'Google\Auth\ProvidesProjectIdInterface'
+            );
+        }
+
+        return $this->fetcher->getProjectId($httpHandler);
+    }
+
+    /**
+     * Updates metadata with the authorization token.
+     *
+     * @param array<mixed> $metadata metadata hashmap
+     * @param string $authUri optional auth uri
+     * @param callable $httpHandler callback which delivers psr7 request
+     * @return array<mixed> updated metadata hashmap
+     * @throws \RuntimeException If the fetcher does not implement
+     *     `Google\Auth\UpdateMetadataInterface`.
+     */
+    public function updateMetadata(
+        $metadata,
+        $authUri = null,
+        callable $httpHandler = null
+    ) {
+        if (!$this->fetcher instanceof UpdateMetadataInterface) {
+            throw new \RuntimeException(
+                'Credentials fetcher does not implement ' .
+                'Google\Auth\UpdateMetadataInterface'
+            );
+        }
+
+        $cached = $this->fetchAuthTokenFromCache($authUri);
+        if ($cached) {
+            // Set the access token in the `Authorization` metadata header so
+            // the downstream call to updateMetadata know they don't need to
+            // fetch another token.
+            if (isset($cached['access_token'])) {
+                $metadata[self::AUTH_METADATA_KEY] = [
+                    'Bearer ' . $cached['access_token']
+                ];
+            }
+        }
+
+        $newMetadata = $this->fetcher->updateMetadata(
+            $metadata,
+            $authUri,
+            $httpHandler
+        );
+
+        if (!$cached && $token = $this->fetcher->getLastReceivedToken()) {
+            $this->saveAuthTokenInCache($token, $authUri);
+        }
+
+        return $newMetadata;
+    }
+
+    /**
+     * @param string|null $authUri
+     * @return array<mixed>|null
+     */
+    private function fetchAuthTokenFromCache($authUri = null)
+    {
+        // Use the cached value if its available.
+        //
+        // TODO: correct caching; update the call to setCachedValue to set the expiry
+        // to the value returned with the auth token.
+        //
+        // TODO: correct caching; enable the cache to be cleared.
+
+        // if $authUri is set, use it as the cache key
+        $cacheKey = $authUri
+            ? $this->getFullCacheKey($authUri)
+            : $this->fetcher->getCacheKey();
+
+        $cached = $this->getCachedValue($cacheKey);
+        if (is_array($cached)) {
+            if (empty($cached['expires_at'])) {
+                // If there is no expiration data, assume token is not expired.
+                // (for JwtAccess and ID tokens)
+                return $cached;
+            }
+            if ((time() + $this->eagerRefreshThresholdSeconds) < $cached['expires_at']) {
+                // access token is not expired
+                return $cached;
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * @param array<mixed> $authToken
+     * @param string|null  $authUri
+     * @return void
+     */
+    private function saveAuthTokenInCache($authToken, $authUri = null)
+    {
+        if (isset($authToken['access_token']) ||
+            isset($authToken['id_token'])) {
+            // if $authUri is set, use it as the cache key
+            $cacheKey = $authUri
+                ? $this->getFullCacheKey($authUri)
+                : $this->fetcher->getCacheKey();
+
+            $this->setCachedValue($cacheKey, $authToken);
+        }
+    }
+}