Skip to content

[client] add JWT support #79

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
capcom6 wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[client] add JWT support #79

capcom6 wants to merge 3 commits into from
+541 −24

Conversation

@capcom6
Copy link
Member

@capcom6 capcom6 commented Nov 23, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Added token generation and revocation endpoints and dual authentication support (Basic + JWT) for client usage

  • Documentation

    • Updated product branding to SMSGate and added comprehensive authentication docs with token lifecycle and usage examples

  • Tests

    • Added coverage for token domain objects, token endpoints, and JWT-based client flows

  • Chores

    • Increased memory limit for static analysis in the test workflow

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Nov 23, 2025
edited
Loading

Warning

Rate limit exceeded

@capcom6 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 9 minutes and 8 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between b3617b2 and ad711dd.

📒 Files selected for processing (8)
  • Makefile (1 hunks)
  • README.md (4 hunks)
  • src/Client.php (5 hunks)
  • src/Domain/TokenRequest.php (1 hunks)
  • src/Domain/TokenResponse.php (1 hunks)
  • tests/ClientTest.php (2 hunks)
  • tests/Domain/TokenRequestTest.php (1 hunks)
  • tests/Domain/TokenResponseTest.php (1 hunks)

Walkthrough

Adds JWT token-based authentication alongside existing Basic Auth: introduces TokenRequest and TokenResponse domain classes, extends Client with GenerateToken and RevokeToken methods, updates Client constructor/authorization handling to support bearer tokens, updates README docs, adds tests, and tweaks Makefile phpstan memory flag.

Changes

Cohort / File(s) Summary
Build Configuration
Makefile		 Added --memory-limit 256M flag to the phpstan command used in the test target.
Documentation
README.md		 Rebranded header text to "SMSGate" and added an Authentication section documenting Dual Authentication (Basic and JWT), JWT generation/usage/revocation examples, updated client initialization and API reference to show both auth modes and new token methods.
Core Client Implementation
src/Client.php		 Constructor signature changed to accept optional ?string $login and unified password/token parameter; renamed basicAuthauthHeader; added GenerateToken(TokenRequest): TokenResponse and RevokeToken(string $jti): void; sendRequest now applies Authorization header from authHeader.
Domain Models
src/Domain/TokenRequest.php		 New AndroidSmsGateway\Domain\TokenRequest implementing SerializableInterface with scopes (array) and ttl (?int), constructor, accessors/mutators, toObject() and FromObject() deserialization.
Domain Models
src/Domain/TokenResponse.php		 New AndroidSmsGateway\Domain\TokenResponse implementing SerializableInterface with accessToken, tokenType, id, expiresAt (strings), accessors/mutators, toObject() producing snake_case keys, and FromObject().
Test Coverage (Client)
tests/ClientTest.php		 Added testGenerateToken(), testRevokeToken(), and testClientWithJwtToken() to cover token generation, revocation, and client usage with a JWT (Bearer header checks and TokenResponse parsing).
Test Coverage (Domain: TokenRequest)
tests/Domain/TokenRequestTest.php		 New test class with multiple tests validating TokenRequest construction, getters/setters, toObject() (with/without ttl) and FromObject() behaviors.
Test Coverage (Domain: TokenResponse)
tests/Domain/TokenResponseTest.php		 New test class validating TokenResponse construction, accessors/mutators, toObject() snake_case output, and FromObject() with populated and default values.

Sequence Diagram

sequenceDiagram
    participant ClientApp as Client Code
    participant SDK as SDK Client
    participant API as API Server

    rect rgb(230,245,255)
    Note over ClientApp,API: JWT token lifecycle
    ClientApp->>SDK: GenerateToken(TokenRequest)
    SDK->>API: POST /3rdparty/v1/auth/token (Basic Auth)
    API-->>SDK: TokenResponse (accessToken, tokenType, id, expiresAt)
    SDK-->>ClientApp: TokenResponse

    ClientApp->>SDK: __construct(?login, passwordOrToken)
    SDK->>SDK: store Authorization header (Bearer or Basic)

    ClientApp->>SDK: SendMessage(SmsMessage)
    SDK->>API: POST /3rdparty/v1/messages (Authorization: Bearer {token})
    API-->>SDK: MessageResponse
    SDK-->>ClientApp: MessageResponse

    ClientApp->>SDK: RevokeToken(jti)
    SDK->>API: DELETE /3rdparty/v1/auth/token/{jti} (Authorization)
    API-->>SDK: 204 No Content
    SDK-->>ClientApp: void
    end

    rect rgb(245,245,230)
    Note over ClientApp,API: Basic Authentication (legacy)
    ClientApp->>SDK: __construct(login, password)
    SDK->>SDK: store Basic auth header
    ClientApp->>SDK: SendMessage(SmsMessage)
    SDK->>API: POST /3rdparty/v1/messages (Authorization: Basic ...)
    API-->>SDK: MessageResponse
    SDK-->>ClientApp: MessageResponse
    end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

  • Pay special attention to:
    • src/Client.php constructor change and branching between Basic vs Bearer usage.
    • Correct placement and preservation of existing headers (User-Agent, Content-Type) when adding Authorization.
    • Serialization/deserialization logic in TokenRequest::toObject()/FromObject() and TokenResponse::toObject()/FromObject(), especially handling of nullable ttl and snake_case keys.
    • New tests in tests/ClientTest.php to ensure they accurately mirror API contract and header expectations.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 22.50% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title '[client] add JWT support' directly and clearly describes the main change: adding JWT (JSON Web Token) authentication support to the client, which is the primary focus across all modified files.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Nov 23, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (5)
src/Domain/TokenRequest.php (1)

1-67: TokenRequest VO is clean and matches the intended JSON shape

The value object is straightforward, typed, and its toObject/FromObject behavior (including omitting ttl when null and defaulting to []/null) aligns with how the tests and client use it.

If you expect the API to ever send unexpected types for scopes or ttl, you could defensively coerce in FromObject (e.g., (array)($obj->scopes ?? [])) to avoid TypeErrors, but it’s not strictly necessary given current usage.

README.md (1)

8-215: JWT documentation accurately reflects the new API; minor example tweak

The new Authentication/JWT sections line up well with the Client, TokenRequest, and TokenResponse APIs and clearly show both Basic and JWT flows.

One small improvement: in the “Using a JWT Token” example (around Line 155), you use MessageBuilder without an explicit use in that snippet. Either repeat the use AndroidSmsGateway\Domain\MessageBuilder; line or mention that this snippet continues from the earlier Quickstart example to avoid confusion when copy‑pasting.

tests/ClientTest.php (1)

11-12: New token/JWT client tests cover the critical paths

The added tests for GenerateToken, RevokeToken, and JWT‑configured clients correctly verify:

  • HTTP verb and URL (/auth/token and /auth/token/{id}),
  • Authorization header for both Basic and Bearer flows,
  • Response mapping into TokenResponse.

You’ve covered the main behavioral surface for the new API.

If you want to lock down the request schema further, you could add an assertion in testGenerateToken that the request body JSON matches the expected scopes/ttl, but it’s not strictly required.

Also applies to: 389-453

src/Client.php (1)

26-56: JWT support wiring (auth header, GenerateToken/RevokeToken) looks correct

  • The new $authHeader field and constructor logic correctly choose between Basic and Bearer based on whether $login is null.
  • sendRequest now consistently adds Authorization: {Basic|Bearer ...} plus the existing User-Agent, which aligns with both the README examples and the tests.
  • GenerateToken and RevokeToken use the expected /auth/token and /auth/token/{jti} paths and reuse the common request/response pipeline, with proper is_object validation and mapping via TokenResponse::FromObject.

Overall, the JWT integration in Client is cohesive and matches the new tests and documentation.

If you ever want stronger typing on $payload, you could consider type‑hinting it as ?Interfaces\SerializableInterface in sendRequest and adjusting call sites accordingly, but that would be a separate, larger refactor.

Also applies to: 383-417, 433-440

src/Domain/TokenResponse.php (1)

1-82: TokenResponse implementation aligns with client and test usage

The mapping between internal properties and the wire format (access_token, token_type, id, expires_at) is clear, and FromObject’s empty‑string defaults match the tests and keep the object usable even with partial responses.

If you ever need richer date handling, you might eventually wrap expiresAt in a \DateTimeImmutable or similar, but the current string representation is perfectly adequate for now.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0054d59 and 6cd2c07.

📒 Files selected for processing (8)
  • Makefile (1 hunks)
  • README.md (4 hunks)
  • src/Client.php (5 hunks)
  • src/Domain/TokenRequest.php (1 hunks)
  • src/Domain/TokenResponse.php (1 hunks)
  • tests/ClientTest.php (2 hunks)
  • tests/Domain/TokenRequestTest.php (1 hunks)
  • tests/Domain/TokenResponseTest.php (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (6)
src/Client.php (2)
src/Domain/TokenRequest.php (2)
  • TokenRequest (7-67)
  • FromObject (61-66)
src/Domain/TokenResponse.php (2)
  • TokenResponse (7-83)
  • FromObject (75-82)
src/Domain/TokenRequest.php (1)
src/Domain/TokenResponse.php (3)
  • __construct (13-23)
  • toObject (61-69)
  • FromObject (75-82)
tests/ClientTest.php (3)
src/Domain/TokenRequest.php (1)
  • TokenRequest (7-67)
src/Domain/TokenResponse.php (5)
  • TokenResponse (7-83)
  • AccessToken (25-27)
  • TokenType (34-36)
  • ID (43-45)
  • ExpiresAt (52-54)
src/Client.php (4)
  • GenerateToken (389-402)
  • RevokeToken (410-417)
  • Client (22-460)
  • SendMessage (81-110)
src/Domain/TokenResponse.php (2)
src/Client.php (1)
  • __construct (35-56)
src/Domain/TokenRequest.php (3)
  • __construct (16-19)
  • toObject (46-55)
  • FromObject (61-66)
tests/Domain/TokenResponseTest.php (1)
src/Domain/TokenResponse.php (11)
  • TokenResponse (7-83)
  • AccessToken (25-27)
  • TokenType (34-36)
  • ID (43-45)
  • ExpiresAt (52-54)
  • setAccessToken (29-32)
  • setTokenType (38-41)
  • setId (47-50)
  • setExpiresAt (56-59)
  • toObject (61-69)
  • FromObject (75-82)
tests/Domain/TokenRequestTest.php (1)
src/Domain/TokenRequest.php (7)
  • TokenRequest (7-67)
  • Scopes (24-26)
  • TTL (37-39)
  • setScopes (32-35)
  • setTtl (41-44)
  • toObject (46-55)
  • FromObject (61-66)
🔇 Additional comments (3)
Makefile (1)

17-17: PHPStan memory limit flag is a sensible tweak

Bumping phpstan’s memory limit to 256M is a pragmatic change for larger analyses and doesn’t affect runtime behavior of the library.

tests/Domain/TokenResponseTest.php (1)

1-81: Comprehensive TokenResponse test coverage

The tests exercise construction, all accessors/mutators, toObject, and FromObject (including default values), which is exactly what this VO needs.

tests/Domain/TokenRequestTest.php (1)

1-91: TokenRequest tests cover all key behaviors

Creation, setters, toObject, and FromObject (including ttl presence/absence and default values) are all exercised, which gives solid confidence in this VO’s behavior.

@capcom6 capcom6 added the ready label Nov 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

ready

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@capcom6