From 64f4ea89be89e9c86c2a2b95d49c458a6c45d8e2 Mon Sep 17 00:00:00 2001
From: Lance Edgar <lance@edbob.org>
Date: Mon, 15 May 2023 12:13:54 -0500
Subject: [PATCH] Add basic HTTP client for Tailbone API

with inspiration from https://packagist.org/packages/avency/gitea
---
 .gitignore     |  1 +
 composer.json  |  5 +++-
 src/Client.php | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 src/Client.php

diff --git a/.gitignore b/.gitignore
index 57872d0..c55784d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+composer.lock
 /vendor/
diff --git a/composer.json b/composer.json
index 6db6bee..da5ccb0 100644
--- a/composer.json
+++ b/composer.json
@@ -1,6 +1,7 @@
 {
     "name": "rattail/posterior",
     "description": "Tailbone API Client",
+    "type": "library",
     "homepage": "https://rattailproject.org",
     "license": "GPL-3.0-or-later",
     "autoload": {
@@ -14,5 +15,7 @@
             "email": "lance@edbob.org"
         }
     ],
-    "require": {}
+    "require": {
+        "guzzlehttp/guzzle": "^7.0"
+    }
 }
diff --git a/src/Client.php b/src/Client.php
new file mode 100644
index 0000000..85377f8
--- /dev/null
+++ b/src/Client.php
@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Rattail\Posterior;
+
+use Psr\Http\Message\ResponseInterface;
+
+class Client
+{
+    private $baseURI;
+    private $httpClient;
+    private $inited;
+
+    public function __construct($baseURI, $token, bool $verifySSL = true)
+    {
+        $this->baseURI = $baseURI;
+        $parts = parse_url($baseURI);
+
+        $options = [
+            'base_uri' => $baseURI,
+            'cookies' => true,
+            'headers' => [
+                'Authorization' => "Bearer {$token}",
+                // TODO: is this a good idea, or hacky security
+                // risk..?  without it, can get error response: 400
+                // Client Error: Bad CSRF Origin for url
+                'Origin' => "{$parts['scheme']}://{$parts['host']}",
+            ],
+            'verify' => $verifySSL,
+        ];
+
+        $this->httpClient = new \GuzzleHttp\Client($options);
+        $this->inited = false;
+    }
+
+    private function init()
+    {
+        if ($this->inited) {
+            return;
+        }
+
+        // fetch 'session' endpoint, to get current xsrf token
+        $response = $this->get('/session');
+
+        // look for xsrf token cookie
+        $jar = $this->httpClient->getConfig('cookies');
+        foreach ($jar->toArray() as $cookie) {
+
+            // and save it when found
+            if ($cookie['Name'] == 'XSRF-TOKEN') {
+                $this->xsrfToken = $cookie['Value'];
+                $this->inited = true;
+                break;
+            }
+        }
+    }
+
+    public function get(string $uri = '', array $options = []): ResponseInterface
+    {
+        $uri = $this->baseURI . $uri;
+        return $this->httpClient->request('GET', $uri, $options);
+    }
+
+    public function post(string $uri = '', array $data = []): ResponseInterface
+    {
+        $this->init();
+        $uri = $this->baseURI . $uri;
+        $options = [
+            'headers' => ['X-XSRF-TOKEN' => $this->xsrfToken],
+            'json' => $data,
+        ];
+        return $this->httpClient->request('POST', $uri, $options);
+    }
+}