<?php
/**
* HybridAuth
* http://hybridauth.sourceforge.net | http://github.com/hybridauth/hybridauth
* (c) 2009-2015, HybridAuth authors | http://hybridauth.sourceforge.net/licenses.html
*/

// A service client for the OAuth 2 flow.
// v0.1.1
class OAuth2Client
{
  public $api_base_url     = "";
  public $authorize_url    = "";
  public $token_url        = "";
  public $token_info_url   = "";

  public $client_id        = "" ;
  public $client_secret    = "" ;
  public $redirect_uri     = "" ;
  public $access_token     = "" ;
  public $refresh_token    = "" ;

  public $access_token_expires_in = "" ;
  public $access_token_expires_at = "" ;

  //--

  public $sign_token_name          = "access_token";
  public $decode_json              = true;
  public $curl_time_out            = 30;
  public $curl_connect_time_out    = 30;
  public $curl_ssl_verifypeer      = false;
  public $curl_ssl_verifyhost      = false;
  public $curl_header              = array();
  public $curl_useragent           = "OAuth/2 Simple PHP Client v0.1.1; HybridAuth http://hybridauth.sourceforge.net/";
  public $curl_authenticate_method = "POST";
  public $curl_proxy               = null;
  public $curl_compressed          = false;
  //--

  public $http_code             = "";
  public $http_info             = "";
  protected $response           = null;

  //--

  public function __construct( $client_id = false, $client_secret = false, $redirect_uri='', $compressed = false )
  {
    $this->client_id       = $client_id;
    $this->client_secret   = $client_secret;
    $this->redirect_uri    = $redirect_uri;
    $this->curl_compressed = $compressed;
  }

  public function authorizeUrl( $extras = array() )
  {
    $params = array(
      "client_id"     => $this->client_id,
      "redirect_uri"  => $this->redirect_uri,
      "response_type" => "code"
    );

    if( count($extras) )
      foreach( $extras as $k=>$v )
        $params[$k] = $v;

    return $this->authorize_url . "?" . http_build_query($params, '', '&');
  }

  public function authenticate( $code )
  {
    $params = array(
      "client_id"     => $this->client_id,
      "client_secret" => $this->client_secret,
      "grant_type"    => "authorization_code",
      "redirect_uri"  => $this->redirect_uri,
      "code"          => $code
    );

    $response = $this->request( $this->token_url, $params, $this->curl_authenticate_method );

    $response = $this->parseRequestResult( $response );

    if( ! $response || ! isset( $response->access_token ) ){
      throw new Exception( "The Authorization Service has return: " . $response->error );
    }

    if( isset( $response->access_token  ) )  $this->access_token           = $response->access_token;
    if( isset( $response->refresh_token ) ) $this->refresh_token           = $response->refresh_token;
    if( isset( $response->expires_in    ) ) $this->access_token_expires_in = $response->expires_in;

    // calculate when the access token expire
    if( isset($response->expires_in)) {
      $this->access_token_expires_at = time() + $response->expires_in;
    }

    return $response;
  }

  public function authenticated()
  {
    if ( $this->access_token ){
      if ( $this->token_info_url && $this->refresh_token ){
        // check if this access token has expired,
        $tokeninfo = $this->tokenInfo( $this->access_token );

        // if yes, access_token has expired, then ask for a new one
        if( $tokeninfo && isset( $tokeninfo->error ) ){
          $response = $this->refreshToken( $this->refresh_token );

          // if wrong response
          if( ! isset( $response->access_token ) || ! $response->access_token ){
            throw new Exception( "The Authorization Service has return an invalid response while requesting a new access token. given up!" );
          }

          // set new access_token
          $this->access_token = $response->access_token;
        }
      }

      return true;
    }

    return false;
  }

  /**
  * Format and sign an oauth for provider api
  */
  public function api( $url, $method = "GET", $parameters = array() )
  {
    if ( strrpos($url, 'http://') !== 0 && strrpos($url, 'https://') !== 0 ) {
      $url = $this->api_base_url . $url;
    }

    $parameters[$this->sign_token_name] = $this->access_token;
    $response = null;

    switch( $method ){
      case 'GET'  : $response = $this->request( $url, $parameters, "GET"  ); break;
      case 'POST' : $response = $this->request( $url, $parameters, "POST" ); break;
    }

    if( $response && $this->decode_json ){
      return $this->response = json_decode( $response );
    }

    return $this->response = $response;
  }

  /**
   * Return the response object afer the fact
   *
   * @return mixed
   */
  public function getResponse()
  {
      return $this->response;
  }

  /**
  * GET wrapper for provider apis request
  */
  function get( $url, $parameters = array() )
  {
    return $this->api( $url, 'GET', $parameters );
  }

  /**
  * POST wrapper for provider apis request
  */
  function post( $url, $parameters = array() )
  {
    return $this->api( $url, 'POST', $parameters );
  }

  // -- tokens

  public function tokenInfo($accesstoken)
  {
    $params['access_token'] = $this->access_token;
    $response = $this->request( $this->token_info_url, $params );
    return $this->parseRequestResult( $response );
  }

  public function refreshToken( $parameters = array() )
  {
    $params = array(
      "client_id"     => $this->client_id,
      "client_secret" => $this->client_secret,
      "grant_type"    => "refresh_token"
    );

    foreach($parameters as $k=>$v ){
      $params[$k] = $v;
    }

    $response = $this->request( $this->token_url, $params, "POST" );
    return $this->parseRequestResult( $response );
  }

  // -- utilities

  private function request( $url, $params=false, $type="GET" )
  {
    Hybrid_Logger::info( "Enter OAuth2Client::request( $url )" );
    Hybrid_Logger::debug( "OAuth2Client::request(). dump request params: ", serialize( $params ) );

    if( $type == "GET" ){
      $url = $url . ( strpos( $url, '?' ) ? '&' : '?' ) . http_build_query($params, '', '&');
    }

    $this->http_info = array();
    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL            , $url );
    curl_setopt($ch, CURLOPT_RETURNTRANSFER , 1 );
    curl_setopt($ch, CURLOPT_TIMEOUT        , $this->curl_time_out );
    curl_setopt($ch, CURLOPT_USERAGENT      , $this->curl_useragent );
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT , $this->curl_connect_time_out );
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER , $this->curl_ssl_verifypeer );
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST , $this->curl_ssl_verifyhost );
    curl_setopt($ch, CURLOPT_HTTPHEADER     , $this->curl_header );

    if ($this->curl_compressed){
      curl_setopt($ch, CURLOPT_ENCODING, "gzip,deflate");
    }

    if($this->curl_proxy){
      curl_setopt( $ch, CURLOPT_PROXY        , $this->curl_proxy);
    }

    if( $type == "POST" ){
      curl_setopt($ch, CURLOPT_POST, 1);
      if($params) curl_setopt( $ch, CURLOPT_POSTFIELDS, $params );
    }

    $response = curl_exec($ch);
    if( $response === false ) {
        Hybrid_Logger::error( "OAuth2Client::request(). curl_exec error: ", curl_error($ch) );
    }
    Hybrid_Logger::debug( "OAuth2Client::request(). dump request info: ", serialize( curl_getinfo($ch) ) );
    Hybrid_Logger::debug( "OAuth2Client::request(). dump request result: ", serialize( $response ) );

    $this->http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    $this->http_info = array_merge($this->http_info, curl_getinfo($ch));

    curl_close ($ch);

    return $response;
  }

  private function parseRequestResult( $result )
  {
    if( json_decode( $result ) ) return json_decode( $result );

    parse_str( $result, $output );

    $result = new StdClass();

    foreach( $output as $k => $v )
      $result->$k = $v;

    return $result;
  }
}