Access.php

<?php

namespace Source\UseCases\Door\Access;

use Carbon\Carbon;
use Source\Entities\User;
use Source\Entities\Entry;
use Source\Entities\Attempt;
use Source\Sanitize\CastsTo;
use Source\Entities\HashedSearchable;
use Source\Gateways\Users\UsersRepository;
use Source\Exceptions\AuthorizationException;
use Source\Exceptions\AuthenticationException;
use Source\Gateways\Entries\EntriesRepository;
use Source\Gateways\Attempts\AttemptsRepository;

class Access implements AccessUseCase
{
    public const COMMAND_DELIMITER = '*';
    use CastsTo;

    /**
     * @var \Source\Gateways\Attempts\AttemptsRepository
     */
    protected AttemptsRepository $attempts;

    /**
     * @var \Source\Gateways\Entries\EntriesRepository
     */
    protected EntriesRepository $entries;

    /**
     * @var AccessAuthorizer[]
     */
    protected array $authorizers = [];

    /**
     * @var \Source\Gateways\Users\UsersRepository
     */
    protected UsersRepository $users;

    protected string $salt;

    public function __construct(
        UsersRepository $users,
        AttemptsRepository $attempts,
        EntriesRepository $entries,
        string $salt,
        AccessAuthorizer ...$authorizers
    ) {
        $this->users = $users;
        $this->attempts = $attempts;
        $this->entries = $entries;
        $this->salt = $salt;

        foreach ($authorizers as $authorizer) {
            $this->authorizers[] = $authorizer;
        }
    }

    /**
     * @param string $doorId
     * @param string $userId
     * @param bool   $success
     */
    protected function logUserAccess(string $doorId, string $userId, bool $success): void
    {
        $this->entries->add(new Entry(
            0,
            $userId,
            $doorId,
            $success
        ));
    }

    /**
     * @param string $doorId
     */
    protected function logDoorAttempt(string $doorId): void
    {
        $this->attempts->add(new Attempt(0, $this->castToInt($doorId)));
    }

    /**
     * @param \Source\Entities\User|null $user
     * @param string                     $doorId
     */
    protected function logAllow(?User $user, string $doorId): void
    {
        if ($user) {
            $this->logUserAccess($doorId, $user->getId(), true);
        }
    }

    /**
     * @param \Source\Entities\User|null $user
     * @param string                     $doorId
     */
    protected function logDeny(?User $user, string $doorId): void
    {
        if ($user) {
            $this->logUserAccess($doorId, $user->getId(), false);
        } else {
            $this->logDoorAttempt($doorId);
        }
    }

    /**
     * @inheritDoc
     */
    public function protectUserDoorAccessAtTime(?string $doorId, string $doorcode, Carbon $date): void
    {
        /*
         * Our job here is to find out if a user has access given a doorcode and the id of the door they want to access
         * as well as process any sent commands
         *
         * This process is a little complicated as we not only have to check whether the user has access to the door
         * but also if the door might possibly be allowing everyone (open mode), or if the user has access to the door
         * during the current time frame based on their assigned group schedules.
         *
         * door ---> group <--- user
         *              ^
         *              |
         *              |
         *          schedule
         *
         * I have broken this process into small chunks that can easily be enabled and disabled, or changed
         * These authorizers are injected in the service provider, and we will go until allowed or denied
         */

        if (!$doorId) {
            throw new AuthenticationException();
        }

        $parts = explode(self::COMMAND_DELIMITER, $doorcode);

        $code = $parts[0] ?? '';
        $command = $parts[1] ?? null;

        $user = $this->users->findByDoorcode(HashedSearchable::hash($this->salt, $code));

        foreach ($this->authorizers as $authorizer) {
            switch ($authorizer->check($user, $date, $doorId, $code, $command)) {
                case AccessAuthorizer::ALLOW:
                    $this->logAllow($user, $doorId);
                    return;
                case AccessAuthorizer::DENY:
                    $this->logDeny($user, $doorId);
                    throw new AuthorizationException();
                case AccessAuthorizer::CONTINUE:
                    // Fall through to default.
                default:
                    break;
            }
        }

        // Default to deny if no authorizer allowed us
        $this->logDeny($user, $doorId);
        throw new AuthorizationException();
    }
}