refactor: use enum for Algorithm

README.md

@@ -176,17 +176,19 @@ $keyPair = KeyPair::fromPrivateKey($privateKey);
 ### Algorithm Support
 
 ```php
+use Biscuit\Auth\Algorithm;
+
 // Ed25519 is the default algorithm (recommended)
 $keypair1 = new KeyPair(); // Uses Ed25519
 $keypair2 = KeyPair::newWithAlgorithm(); // Uses Ed25519 by default
 
 // Explicitly use Secp256r1
-$keypair3 = KeyPair::newWithAlgorithm(1); // ALGORITHM_SECP256R1
+$keypair3 = KeyPair::newWithAlgorithm(Algorithm::Secp256r1);
 
 // Key import defaults to Ed25519
 $publicKey = PublicKey::fromBytes($bytes); // Defaults to Ed25519
-$publicKey = PublicKey::fromBytes($bytes, 0); // Explicit Ed25519
-$publicKey = PublicKey::fromBytes($bytes, 1); // Explicit Secp256r1
+$publicKey = PublicKey::fromBytes($bytes, Algorithm::Ed25519); // Explicit Ed25519
+$publicKey = PublicKey::fromBytes($bytes, Algorithm::Secp256r1); // Explicit Secp256r1
 ```
 
 ## Testing

mago.toml

@@ -1,9 +1,10 @@
 # Welcome to Mago!
 # For full documentation, see https://mago.carthage.software/tools/overview
-php-version = "8.4.0"
+php-version = "8.5.0"
 
 [source]
-paths = ["tests/"]
+workspace = "."
+paths = ["stubs/Biscuit/", "tests/"]
 includes = ["vendor"]
 excludes = []
 
@@ -19,12 +20,18 @@ integrations = ["phpunit"]
 ambiguous-function-call = { enabled = false }
 literal-named-argument = { enabled = false }
 halstead = { effort-threshold = 7000 }
+strict-types = { enabled = false }
 too-many-methods = { enabled = false }
 
 [analyzer]
 find-unused-definitions = true
 find-unused-expressions = false
 analyze-dead-code = false
-check-throws = true
+memoize-properties = true
 allow-possibly-undefined-array-keys = true
+check-throws = false
 perform-heuristic-checks = true
+strict-list-index-checks = false
+no-boolean-literal-comparison = false
+check-missing-type-hints = false
+register-super-globals = true

src/lib.rs

@@ -4,20 +4,25 @@ use std::str::FromStr;
 use biscuit_auth::builder::Algorithm as BiscuitAlgorithm;
 use biscuit_auth::{KeyPair as BiscuitKeyPair, ThirdPartyBlock as BiscuitThirdPartyBlock};
 use ext_php_rs::binary_slice::BinarySlice;
-use ext_php_rs::zend::{ce, ModuleEntry};
+use ext_php_rs::zend::{ModuleEntry, ce};
 use ext_php_rs::{info_table_end, info_table_row, info_table_start, prelude::*};
 
-// TODO: refactor this to use enum when ext-php-rs supports it
-#[php_const]
-pub const ALGORITHM_ED25519: i64 = 0;
-#[php_const]
-pub const ALGORITHM_SECP256R1: i64 = 1;
+/// Algorithm enum for cryptographic key operations
+#[php_enum]
+#[php(name = "Biscuit\\Auth\\Algorithm")]
+pub enum Algorithm {
+    #[php(value = 0)]
+    Ed25519,
+    #[php(name = "Secp256r1", value = 1)]
+    Secp256r1,
+}
 
-fn algorithm_from_int(value: i64) -> PhpResult<BiscuitAlgorithm> {
-    match value {
-        0 => Ok(BiscuitAlgorithm::Ed25519),
-        1 => Ok(BiscuitAlgorithm::Secp256r1),
-        _ => Err(PhpException::default("Invalid algorithm".to_string())),
+impl From<Algorithm> for BiscuitAlgorithm {
+    fn from(alg: Algorithm) -> Self {
+        match alg {
+            Algorithm::Ed25519 => BiscuitAlgorithm::Ed25519,
+            Algorithm::Secp256r1 => BiscuitAlgorithm::Secp256r1,
+        }
     }
 }
 
@@ -761,9 +766,9 @@ impl KeyPair {
     }
 
     #[php(name = "newWithAlgorithm")]
-    pub fn new_with_algorithm(alg: Option<i64>) -> PhpResult<Self> {
-        let algorithm = algorithm_from_int(alg.unwrap_or(0))?;
-        Ok(Self(BiscuitKeyPair::new_with_algorithm(algorithm)))
+    pub fn new_with_algorithm(alg: Option<Algorithm>) -> Self {
+        let algorithm = alg.unwrap_or(Algorithm::Ed25519).into();
+        Self(BiscuitKeyPair::new_with_algorithm(algorithm))
     }
 
     #[php(name = "fromPrivateKey")]
@@ -794,8 +799,8 @@ impl PublicKey {
     }
 
     #[php(name = "fromBytes")]
-    pub fn from_bytes(data: BinarySlice<u8>, alg: Option<i64>) -> PhpResult<Self> {
-        let algorithm = algorithm_from_int(alg.unwrap_or(0))?;
+    pub fn from_bytes(data: BinarySlice<u8>, alg: Option<Algorithm>) -> PhpResult<Self> {
+        let algorithm = alg.unwrap_or(Algorithm::Ed25519).into();
         biscuit_auth::PublicKey::from_bytes(data.as_ref(), algorithm)
             .map(Self)
             .map_err(|e| PhpException::from_class::<InvalidPublicKey>(e.to_string()))
@@ -842,8 +847,8 @@ impl PrivateKey {
     }
 
     #[php(name = "fromBytes")]
-    pub fn from_bytes(data: BinarySlice<u8>, alg: Option<i64>) -> PhpResult<Self> {
-        let algorithm = algorithm_from_int(alg.unwrap_or(0))?;
+    pub fn from_bytes(data: BinarySlice<u8>, alg: Option<Algorithm>) -> PhpResult<Self> {
+        let algorithm = alg.unwrap_or(Algorithm::Ed25519).into();
         biscuit_auth::PrivateKey::from_bytes(data.as_ref(), algorithm)
             .map(Self)
             .map_err(|e| PhpException::from_class::<InvalidPrivateKey>(e.to_string()))
@@ -965,6 +970,7 @@ pub extern "C" fn php_module_info(_module: *mut ModuleEntry) {
 pub fn get_module(module: ModuleBuilder) -> ModuleBuilder {
     module
         .info_function(php_module_info)
+        .enumeration::<Algorithm>()
         .class::<Biscuit>()
         .class::<UnverifiedBiscuit>()
         .class::<Authorizer>()

stubs/Biscuit/Auth/Algorithm.php

@@ -0,0 +1,14 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Biscuit\Auth;
+
+/**
+ * Algorithm enum for cryptographic key operations.
+ */
+enum Algorithm: int
+{
+    case Ed25519 = 0;
+    case Secp256r1 = 1;
+}

stubs/Biscuit/Auth/Authorizer.php

@@ -1,40 +1,39 @@
 <?php
+
 /**
  * auto generated file by PHPExtensionStubGenerator
  */
 namespace Biscuit\Auth;
 
 class Authorizer implements \Stringable
 {
-    public function authorize() : int
+    public function authorize(): int
     {
     }
 
-    public function query(\Biscuit\Auth\Rule $rule) : array
+    public function query(\Biscuit\Auth\Rule $rule): array
     {
     }
 
-    public function base64Snapshot() : string
+    public function base64Snapshot(): string
     {
     }
 
-    public function rawSnapshot() : array
+    public function rawSnapshot(): array
     {
     }
 
-    public static function fromBase64Snapshot(string $input) : \Biscuit\Auth\Authorizer
+    public static function fromBase64Snapshot(string $input): \Biscuit\Auth\Authorizer
     {
     }
 
-    public static function fromRawSnapshot(string $input) : \Biscuit\Auth\Authorizer
+    public static function fromRawSnapshot(string $input): \Biscuit\Auth\Authorizer
     {
     }
 
-    public function __toString() : string
+    public function __toString(): string
     {
     }
 
-    public function __construct()
-    {
-    }
+    public function __construct() {}
 }

stubs/Biscuit/Auth/AuthorizerBuilder.php

@@ -1,32 +1,33 @@
 <?php
+
 /**
  * auto generated file by PHPExtensionStubGenerator
  */
 namespace Biscuit\Auth;
 
 class AuthorizerBuilder implements \Stringable
 {
-    public function addCode(string $source) : void
+    public function addCode(string $source): void
     {
     }
 
-    public function addCodeWithParams(string $source, array $params, array $scope_params) : void
+    public function addCodeWithParams(string $source, array $params, array $scope_params): void
     {
     }
 
-    public function addFact(\Biscuit\Auth\Fact $fact) : void
+    public function addFact(\Biscuit\Auth\Fact $fact): void
     {
     }
 
-    public function addRule(\Biscuit\Auth\Rule $rule) : void
+    public function addRule(\Biscuit\Auth\Rule $rule): void
     {
     }
 
-    public function addCheck(\Biscuit\Auth\Check $check) : void
+    public function addCheck(\Biscuit\Auth\Check $check): void
     {
     }
 
-    public function addPolicy(\Biscuit\Auth\Policy $policy) : void
+    public function addPolicy(\Biscuit\Auth\Policy $policy): void
     {
     }
 
@@ -42,35 +43,33 @@ public function mergeBlock(\Biscuit\Auth\BlockBuilder $block)
     {
     }
 
-    public function base64Snapshot() : string
+    public function base64Snapshot(): string
     {
     }
 
-    public function rawSnapshot() : array
+    public function rawSnapshot(): array
     {
     }
 
-    public static function fromBase64Snapshot(string $input) : \Biscuit\Auth\AuthorizerBuilder
+    public static function fromBase64Snapshot(string $input): \Biscuit\Auth\AuthorizerBuilder
     {
     }
 
-    public static function fromRawSnapshot(string $input) : \Biscuit\Auth\AuthorizerBuilder
+    public static function fromRawSnapshot(string $input): \Biscuit\Auth\AuthorizerBuilder
     {
     }
 
-    public function build(\Biscuit\Auth\Biscuit $token) : \Biscuit\Auth\Authorizer
+    public function build(#[\SensitiveParameter] \Biscuit\Auth\Biscuit $token): \Biscuit\Auth\Authorizer
     {
     }
 
-    public function buildUnauthenticated() : \Biscuit\Auth\Authorizer
+    public function buildUnauthenticated(): \Biscuit\Auth\Authorizer
     {
     }
 
-    public function __toString() : string
+    public function __toString(): string
     {
     }
 
-    public function __construct()
-    {
-    }
+    public function __construct() {}
 }

stubs/Biscuit/Auth/Biscuit.php

@@ -1,64 +1,65 @@
 <?php
+
 /**
  * auto generated file by PHPExtensionStubGenerator
  */
 namespace Biscuit\Auth;
 
 class Biscuit implements \Stringable
 {
-    public static function builder() : \Biscuit\Auth\BiscuitBuilder
+    public static function builder(): \Biscuit\Auth\BiscuitBuilder
     {
     }
 
-    public static function fromBytes(string $data, \Biscuit\Auth\PublicKey $root) : \Biscuit\Auth\Biscuit
+    public static function fromBytes(string $data, \Biscuit\Auth\PublicKey $root): \Biscuit\Auth\Biscuit
     {
     }
 
-    public static function fromBase64(string $data, \Biscuit\Auth\PublicKey $root) : \Biscuit\Auth\Biscuit
+    public static function fromBase64(string $data, \Biscuit\Auth\PublicKey $root): \Biscuit\Auth\Biscuit
     {
     }
 
-    public function toBytes() : array
+    public function toBytes(): array
     {
     }
 
-    public function toBase64() : string
+    public function toBase64(): string
     {
     }
 
-    public function blockCount() : int
+    public function blockCount(): int
     {
     }
 
-    public function blockSource(int $index) : string
+    public function blockSource(int $index): string
     {
     }
 
-    public function append(\Biscuit\Auth\BlockBuilder $block) : \Biscuit\Auth\Biscuit
+    public function append(\Biscuit\Auth\BlockBuilder $block): \Biscuit\Auth\Biscuit
     {
     }
 
-    public function appendThirdParty(\Biscuit\Auth\PublicKey $external_key, \Biscuit\Auth\ThirdPartyBlock $block) : \Biscuit\Auth\Biscuit
-    {
+    public function appendThirdParty(
+        \Biscuit\Auth\PublicKey $external_key,
+        \Biscuit\Auth\ThirdPartyBlock $block,
+    ): \Biscuit\Auth\Biscuit {
     }
 
-    public function thirdPartyRequest() : \Biscuit\Auth\ThirdPartyRequest
+    public function thirdPartyRequest(): \Biscuit\Auth\ThirdPartyRequest
     {
     }
 
-    public function revocationIds() : array
+    public function revocationIds(): array
     {
     }
 
-    public function blockExternalKey(int $index) : ?\Biscuit\Auth\PublicKey
+    public function blockExternalKey(int $index): null|\Biscuit\Auth\PublicKey
     {
     }
 
-    public function __toString() : string
+    public function __toString(): string
     {
     }
 
-    public function __construct()
-    {
-    }
+    public function __construct() {}
 }