= b90dd5c092 Feat: Add Keka HR integration for OAuth and user token management
- Implemented `KekaController` to manage OAuth flows for Keka HR, including connection, callback, and disconnection.
- Added required routes, middleware updates, and session handling for Keka integration.
- Enhanced dashboard UI to display Keka connection status and provide seamless connect/disconnect options.
- Included validation and configuration for Keka Portal URL in connected apps.
- Developed feature tests to ensure reliable authentication and token handling workflows for Keka.
2026-06-11 13:40:52 +00:00

106 lines
4.9 KiB
PHP

<?php
declare(strict_types=1);
use App\Enums\DefaultUserRole;
use App\Enums\Permissions\{AppPermissionEnum,
ConnectionProviderPermissionEnum,
PermissionPermissionEnum,
RoleAndAppsPermissionEnum,
UserPermissionEnum};
use App\Http\Controllers\{EntraController, KekaController};
use App\Http\Controllers\{ResolveDashboardRouteController, SamlIdpController};
use Illuminate\Support\Facades\Route;
use Spatie\Permission\Middleware\{PermissionMiddleware, RoleMiddleware};
Route::redirect('/', '/dashboard')->name('home');
Route::get('saml/metadata', [SamlIdpController::class, 'metadata'])->name('saml.metadata');
Route::match(['get', 'post'], 'saml/sso', [SamlIdpController::class, 'sso'])->name('saml.sso');
Route::group(['middleware' => ['auth', 'verified']], function (): void {
Route::get('dashboard', ResolveDashboardRouteController::class)->name('dashboard');
Route::post('notifications/read-all', function () {
auth()->user()?->unreadNotifications->markAsRead();
return back();
})->name('notifications.read-all');
Route::get('notifications/{id}/resolve', App\Http\Controllers\ResolveNotificationRouteController::class)->name('notifications.resolve');
Route::livewire('tickets', 'pages::tickets.index')->name('tickets.index');
Route::prefix('dashboard')->name('dashboard.')->group(function (): void {
Route::livewire('/user', 'pages::dashboards.user')
->middleware(RoleMiddleware::using(DefaultUserRole::User))
->name('user');
Route::livewire('admin', 'pages::dashboards.admin')
->middleware(RoleMiddleware::using(DefaultUserRole::Admin))
->name('admin');
});
Route::prefix('access-manager')->name('access-manager.')->group(function (): void {
Route::prefix('roles-and-apps')->name('roles-and-apps.')
->middleware(PermissionMiddleware::using(RoleAndAppsPermissionEnum::Access))
->group(function (): void {
Route::livewire('roles-and-apps', 'pages::access-manager.roles-and-apps.index')->name('index');
Route::livewire('roles-and-apps/{id}', 'pages::access-manager.roles-and-apps.show')->name('show');
});
Route::prefix('users')->name('users.')
->middleware(PermissionMiddleware::using(UserPermissionEnum::Access))
->group(function (): void {
Route::livewire('users', 'pages::access-manager.users.index')->name('index');
});
Route::prefix('permissions')->name('permissions.')
->middleware(PermissionMiddleware::using(PermissionPermissionEnum::Access))
->group(function (): void {
Route::livewire('/', 'pages::access-manager.permissions.index')->name('index');
});
});
Route::prefix('apps')->name('apps.')->group(function (): void {
Route::livewire('microsoft-federation', 'pages::connecton-providers.microsoft-federation')
->middleware(PermissionMiddleware::using(ConnectionProviderPermissionEnum::Access))
->name('microsoft-federation');
Route::middleware(PermissionMiddleware::using(AppPermissionEnum::Access))->group(function (): void {
Route::livewire('create', 'pages::connected-apps.create')->name('create');
Route::livewire('{id}/edit', 'pages::connected-apps.edit')->name('edit');
Route::livewire('/', 'pages::connected-apps.index')->name('index');
});
Route::prefix('connection-providers')->name('connectionProviders.')
->middleware(PermissionMiddleware::using(ConnectionProviderPermissionEnum::Access))
->group(function (): void {
Route::livewire('create', 'pages::connecton-providers.create')->name('create');
Route::livewire('{slug}/edit', 'pages::connecton-providers.edit')->name('edit');
Route::livewire('index', 'pages::connecton-providers.index')->name('index');
});
});
});
Route::middleware(['auth', 'verified'])->prefix('entra')->name('entra.')->group(function (): void {
// Step 1: Kick off OAuth flow
Route::get('connect', [EntraController::class, 'connect'])->name('connect');
// Step 2: Microsoft redirects back here with auth code
Route::get('callback', [EntraController::class, 'callback'])->name('callback');
// Open Entra (refreshes token silently if expired)
Route::get('open', [EntraController::class, 'openEntra'])->name('open');
// Disconnect / revoke saved token
Route::delete('disconnect', [EntraController::class, 'disconnect'])->name('disconnect');
});
Route::middleware(['auth', 'verified'])->prefix('keka')->name('keka.')->group(function (): void {
Route::get('connect', [KekaController::class, 'connect'])->name('connect');
Route::match(['get', 'post'], 'callback', [KekaController::class, 'callback'])->name('callback');
Route::delete('disconnect', [KekaController::class, 'disconnect'])->name('disconnect');
});
require __DIR__.'/settings.php';