refactor(authenticator): introduce applyToMiddleware method for middleware composition

- Add applyToMiddleware method to Authenticator interface to support middleware chaining
- Implement applyToMiddleware in NullAuthenticator, AggregateAuthenticator, and ZohoCliq Authenticator for consistent middleware handling
- Rename ZohoCliq Authenticator __invoke method to applyToMiddleware to clarify purpose
- Update Authenticate middleware to use applyToMiddleware for improved middleware layering
- Remove unused middleware registration from ZohoCliq Client constructor to simplify setup

Signed-off-by: guanguans <[email protected]>

Author: guanguans

composer.json

@@ -283,7 +283,7 @@
         "rector-list-rules": "@rector list-rules",
         "rector-only": "@rector-clear-cache --only=Guanguans\\MonorepoBuilderWorker\\Support\\Rectors\\RenameToPsrNameRector",
         "rector-only-dry-run": "@rector-only --dry-run",
-        "rector-php82": "@rector --config=rector-php82.php",
+        "rector-php82": "@rector-clear-cache --config=rector-php82.php",
         "rector-php82-dry-run": "@rector-php82 --dry-run",
         "rector-setup-ci": "@rector setup-ci",
         "release": "@php ./vendor/bin/monorepo-builder release --ansi -v",

ide.json

@@ -2310,6 +2310,38 @@
                 ]
             }
         },
+        {
+            "complete": "staticStrings",
+            "condition": [
+                {
+                    "classFqn": [
+                        "\\Guanguans\\Notify\\ZohoCliq\\Messages\\AccessTokenMessage"
+                    ],
+                    "newClassFqn": [
+                        "\\Guanguans\\Notify\\ZohoCliq\\Messages\\AccessTokenMessage"
+                    ],
+                    "methodNames": [
+                        "make"
+                    ],
+                    "parameters": [
+                        1
+                    ],
+                    "place": "arrayKey"
+                }
+            ],
+            "options": {
+                "strings": [
+                    "client_id",
+                    "client_secret",
+                    "code",
+                    "data_center",
+                    "grant_type",
+                    "redirect_uri",
+                    "refresh_token",
+                    "scope"
+                ]
+            }
+        },
         {
             "complete": "staticStrings",
             "condition": [

rector-php82.php

@@ -24,24 +24,25 @@
     ->withPaths([
         __DIR__.'/src/',
         __DIR__.'/src/*/Authenticator.php',
-        __DIR__.'/src/*/*/*Authenticator.php',
+        __DIR__.'/src/Foundation/Authenticators/*Authenticator.php',
     ])
     ->withSkip([
         __DIR__.'/src/Foundation/Support',
         __DIR__.'/src/Foundation/Response.php',
     ])
-    ->withoutParallel()
-    // ->withPhpVersion(PhpVersion::PHP_82)
+    // ->withoutParallel()
+    ->withPhpVersion(PhpVersion::PHP_82)
     ->withRules([
         HasHttpClientDocCommentRector::class,
-        // HasOptionsRector::class,
+        HasOptionsRector::class,
         ToInternalExceptionRector::class,
     ])
     ->withConfiguredRule(AddSensitiveParameterAttributeRector::class, [
         AddSensitiveParameterAttributeRector::SENSITIVE_PARAMETERS => [
             'accessToken',
             'apiKey',
             'botApiKey',
+            'clientSecret',
             'key',
             'password',
             'pushKey',

src/Foundation/Authenticators/AggregateAuthenticator.php

@@ -47,4 +47,13 @@ public function applyToRequest(RequestInterface $request): RequestInterface
             $request,
         );
     }
+
+    public function applyToMiddleware(callable $handler): callable
+    {
+        return array_reduce(
+            $this->authenticators,
+            static fn (callable $handler, Authenticator $authenticator): callable => $authenticator->applyToMiddleware($handler),
+            $handler,
+        );
+    }
 }

src/Foundation/Authenticators/NullAuthenticator.php

@@ -27,4 +27,9 @@ public function applyToRequest(RequestInterface $request): RequestInterface
     {
         return $request;
     }
+
+    public function applyToMiddleware(callable $handler): callable
+    {
+        return $handler;
+    }
 }

src/Foundation/Contracts/Authenticator.php

@@ -20,4 +20,6 @@ interface Authenticator
     public function applyToOptions(array $options): array;
 
     public function applyToRequest(RequestInterface $request): RequestInterface;
+
+    public function applyToMiddleware(callable $handler): callable;
 }

src/Foundation/Middleware/Authenticate.php

@@ -23,8 +23,10 @@ public function __construct(private Authenticator $authenticator) {}
 
     public function __invoke(callable $handler): callable
     {
-        return Middleware::mapRequest(
-            fn (RequestInterface $request): RequestInterface => $this->authenticator->applyToRequest($request),
-        )($handler);
+        return $this->authenticator->applyToMiddleware(
+            Middleware::mapRequest(
+                fn (RequestInterface $request): RequestInterface => $this->authenticator->applyToRequest($request),
+            )($handler)
+        );
     }
 }

src/ZohoCliq/Authenticator.php

@@ -15,14 +15,15 @@
 
 use Guanguans\Notify\Foundation\Authenticators\NullAuthenticator;
 use Guanguans\Notify\Foundation\Client;
-use Guanguans\Notify\Foundation\Concerns\AsFormParams;
 use Guanguans\Notify\Foundation\Exceptions\RequestException;
-use Guanguans\Notify\Foundation\Message;
+use Guanguans\Notify\ZohoCliq\Messages\AccessTokenMessage;
 use GuzzleHttp\Middleware;
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\ResponseInterface;
 
 /**
+ * @see https://github.com/w7corp/easywechat/blob/6.x/src/OpenPlatform/ComponentAccessToken.php
+ *
  * ```
  * curl --location 'https://accounts.zoho.com/oauth/v2/token' \
  * --form 'client_id="1000.TTFROV098VVFG8NB686LR98TCDR"' \
@@ -38,45 +39,76 @@
  *
  * curl --location 'https://cliq.zoho.com/api/v2/users?limit=5' \
  * --header 'Authorization: Zoho-oauthtoken 1000.80e9143983dcc190427cad7e8f029e25.cdc1c1043e5e7f0555fc14fc7faf3' \
- * ```.
+ * ```
  */
 class Authenticator extends NullAuthenticator
 {
     private static ?string $accessToken;
+    private Client $client;
 
     public function __construct(
         private string $clientId,
+        #[\SensitiveParameter]
         private string $clientSecret,
-    ) {}
+        ?Client $client = null,
+    ) {
+        $this->client = $client ?? new Client;
+    }
 
-    public function __invoke(callable $handler): callable
+    public function applyToMiddleware(callable $handler): callable
     {
-        return Middleware::mapRequest(
-            fn (RequestInterface $request): RequestInterface => $request->withHeader('Authorization', "Bearer {$this->getAccessToken()}"),
-        )($handler);
+        return array_reduce(
+            [
+                [$this, 'dataCenter'],
+                [$this, 'retry'],
+                [$this, 'authenticate'],
+            ],
+            static fn (callable $handler, callable $middleware): callable => $middleware($handler),
+            $handler,
+        );
     }
 
-    public function retry(callable $handler): callable
+    public static function flushAccessToken(): void
     {
-        return Middleware::retry(function (int $retries, RequestInterface &$request, ?ResponseInterface $response = null): bool {
-            if (1 <= $retries) {
-                return false;
-            }
-
-            /** @var \Guanguans\Notify\Foundation\Response $response */
-            if ($response?->unauthorized()) {
-                $request = $request->withHeader('Authorization', "Bearer {$this->refreshAccessToken()}");
+        self::$accessToken = null;
+    }
 
-                return true;
-            }
+    /**
+     * @todo
+     */
+    private function dataCenter(callable $handler): callable
+    {
+        return $handler;
+    }
 
-            return false;
-        })($handler);
+    private function authenticate(callable $handler): callable
+    {
+        return Middleware::mapRequest(
+            fn (RequestInterface $request): RequestInterface => $request->withHeader(
+                'Authorization',
+                // "Bearer xxx",
+                "Bearer {$this->getAccessToken()}",
+            ),
+        )($handler);
     }
 
-    public static function flushAccessToken(): void
+    private function retry(callable $handler): callable
     {
-        self::$accessToken = null;
+        return Middleware::retry(
+            function (int $retries, RequestInterface &$request, ?ResponseInterface $response = null): bool {
+                if (1 <= $retries) {
+                    return false;
+                }
+
+                if ($response?->getStatusCode() === 401) {
+                    $request = $request->withHeader('Authorization', "Bearer {$this->refreshAccessToken()}");
+
+                    return true;
+                }
+
+                return false;
+            }
+        )($handler);
     }
 
     private function refreshAccessToken(): string
@@ -90,8 +122,6 @@ private function refreshAccessToken(): string
      * Temporary memory cache.
      *
      * @todo psr cache
-     * @todo retry on authentication failure
-     * @todo data center
      */
     private function getAccessToken(): string
     {
@@ -101,31 +131,14 @@ private function getAccessToken(): string
     /**
      * @throws \GuzzleHttp\Exception\GuzzleException
      * @throws \JsonException
+     * @throws \ReflectionException
      */
     private function fetchAccessToken(): string
     {
-        $response = (new Client)
-            ->send(
-                new class([
-                    'client_id' => $this->clientId,
-                    'client_secret' => $this->clientSecret,
-                    'grant_type' => 'client_credentials',
-                    'scope' => 'ZohoCliq.Webhooks.CREATE',
-                ]) extends Message {
-                    use AsFormParams;
-                    protected array $defined = [
-                        'client_id',
-                        'client_secret',
-                        'grant_type',
-                        'scope',
-                    ];
-
-                    public function toHttpUri(): string
-                    {
-                        return 'https://accounts.zoho.com/oauth/v2/token';
-                    }
-                }
-            );
+        $response = $this->client->send(AccessTokenMessage::make([
+            'client_id' => $this->clientId,
+            'client_secret' => $this->clientSecret,
+        ]));
 
         if ($response->json('error')) {
             throw RequestException::create($response->request(), $response);

src/ZohoCliq/Client.php

@@ -13,9 +13,6 @@
 
 namespace Guanguans\Notify\ZohoCliq;
 
-use Guanguans\Notify\Foundation\Middleware\Authenticate;
-use Guanguans\Notify\Foundation\Middleware\Response;
-
 /**
  * @see https://cliq.zoho.com/integrations/webhook-tokens
  * @see https://www.zoho.com/cliq/help/platform/webhook-tokens.html
@@ -39,7 +36,5 @@ public function __construct(Authenticator $authenticator)
     {
         parent::__construct($authenticator);
         $this->baseUri('https://cliq.zoho.com/');
-        $this->after(Authenticate::class, $authenticator, $authenticator::class.'::auth');
-        $this->before(Response::class, [$authenticator, 'retry'], $authenticator::class.'::retry');
     }
 }

src/ZohoCliq/Messages/AccessTokenMessage.php

@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Copyright (c) 2021-2025 guanguans<[email protected]>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ *
+ * @see https://github.com/guanguans/notify
+ */
+
+namespace Guanguans\Notify\ZohoCliq\Messages;
+
+use Guanguans\Notify\Foundation\Concerns\AsFormParams;
+use Guanguans\Notify\Foundation\Message;
+use Guanguans\Notify\Foundation\Support\Arr;
+
+/**
+ * @method self clientId(mixed $clientId)
+ * @method self clientSecret(mixed $clientSecret)
+ * @method self code(mixed $code)
+ * @method self dataCenter(mixed $dataCenter)
+ * @method self grantType(mixed $grantType)
+ * @method self redirectUri(mixed $redirectUri)
+ * @method self refreshToken(mixed $refreshToken)
+ * @method self scope(mixed $scope)
+ */
+final class AccessTokenMessage extends Message // @internal
+{
+    use AsFormParams;
+    protected array $defined = [
+        'data_center',
+
+        'client_id',
+        'client_secret',
+        'grant_type',
+        'scope',
+
+        'code',
+        'redirect_uri',
+        'refresh_token',
+    ];
+    protected array $options = [
+        'grant_type' => 'client_credentials',
+        'scope' => 'ZohoCliq.Webhooks.CREATE',
+    ];
+
+    public function toHttpUri(): string
+    {
+        return 'https://accounts.zoho.com/oauth/v2/token';
+    }
+
+    protected function toPayload(): array
+    {
+        return Arr::except(parent::toPayload(), [
+            'data_center',
+        ]);
+    }
+}