README

Base functionality and helpers used for building for Chief Tools.

Configures

(Socialite) authentication through Account Chief
Laravel Passport for API access
Sentry client
Lighthouse GraphQL with base schema and scalars
- Session protected endpoint /api/graphql/web
- Session protected (GraphiQL) playground /api/playground
- OAuth (Passport) protected endpoint /api/graphql
Account pages to show profile information & preferences
Basic API documentation & Passport personal access token management
Redirects to Chief Tools homepage for /contact, /privacy, /terms
Chief Tools webhook handler to be notified when a user account is closed or updated
Health check queue job pinging QUEUE_MONITOR_URL every minute using the default queue (disabled when QUEUE_MONITOR_URL is empty or unset)
Login event listener to update the last_login column on the users table

Provides

Middleware

IronGate\Chief\Middleware\AuthenticateChief
Validates a request comes from Chief Tools
Requires services.chief.webhook_secret configuration to be set to a random string
IronGate\Chief\Middleware\AutoAuthenticate
Uses both the api and web guard and sets the first that is authenticated
IronGate\Chief\Middleware\ForceSecure
Make sure the request is over https://
IronGate\Chief\Middleware\MoveAccessTokenFromURLToHeader
Move the access token from access_token GET paramater to the Authorization header
IronGate\Chief\Middleware\SecurityHeaders
Adds a default set of security headers, can be configured by setting chief.response.securityheaders (array) in the app config
IronGate\Chief\Middleware\TrustProxiesOnVapor
Configures fideloper/proxy to be used on Laravel Vapor

Validation rules

IronGate\Chief\Rules\UUID
Valites the input value is a UUIDv4

Helpers

active($whitelist = null, $blacklist = null, $active = 'active', $inactive = '')
Get active state based on whitelist. Used to indicate active menu's
timezones(): array
Return an key-value list of all timezones
validate($fields, $rules): bool
Validate fields against rules. Example validate($id, new \IronGate\Chief\Rules\UUID)
latest_ca_bundle_file_path(): string
Get the path to the most up-to-date CA bundle file, uses Certainty under the hood

Installation

Start with requiring the package:

composer require irongate/chief

Publish the configuration files and optionally the migrations:

php artisan vendor:publish --tag=chief-config

# php artisan vendor:publish --tag=chief-migrations

Run the app migrations to create the users table:

php artisan migrate

Add the Chief service to the config/services.php:

<?php

return [
    'chief' => [
        'client_id'      => env('CHIEF_CLIENT_ID'),
        'client_secret'  => env('CHIEF_CLIENT_SECRET'),
        'webhook_secret' => env('CHIEF_SECRET'),
        'base_url'       => env('CHIEF_BASE_URL', 'https://account.chief.app'),
        'verify'         => env('CHIEF_VERIFY', true),
        'redirect'       => '/login/callback',
    ],
];

That's all, you should be able to authenticate against Account Chief.

GraphQL API

You will need to create a routes/graphql/schema.graphql in your own project with the following contents:

#import ../../vendor/irongate/chief/routes/graphql/schema.graphql

Anything you want to add the the schema you can do thereafter, for example:

#import ../../vendor/irongate/chief/routes/graphql/schema.graphql

#import ./types/*.graphql
#import ./queries/*.graphql

Keep in mind that the User type is already provided so you will need to extend that if you want to append fields.

type OfType implements Entity {
    id: ID!
}

extend type User {
    relation: [OfType!]! @hasMany(type: "paginator")
}

irongate / integrationchief

Maintainers

Package info

Statistics

Security