1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace GuilhermeTome; |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* |
7
|
|
|
* class Jwt |
8
|
|
|
* |
9
|
|
|
* used to encode and decode jwt |
10
|
|
|
* pass the secret in global var |
11
|
|
|
* |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
class Jwt |
15
|
|
|
{ |
16
|
|
|
|
17
|
|
|
/** |
18
|
|
|
* The secret to encode and decode the JWT |
19
|
|
|
* |
20
|
|
|
* @var string; |
21
|
|
|
*/ |
22
|
|
|
private static string $secret = JWT_SECRET; |
|
|
|
|
23
|
|
|
|
24
|
|
|
/** |
25
|
|
|
* JWT hash to use |
26
|
|
|
* |
27
|
|
|
* @var string |
28
|
|
|
*/ |
29
|
|
|
private static string $hash = JWT_HASH; |
|
|
|
|
30
|
|
|
|
31
|
|
|
/** |
32
|
|
|
* JWT alg to put in header |
33
|
|
|
* |
34
|
|
|
* @var string |
35
|
|
|
*/ |
36
|
|
|
private static string $alg = JWT_ALG; |
|
|
|
|
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* Create a jwt token |
40
|
|
|
* |
41
|
|
|
* @param array $data |
42
|
|
|
* @return string |
43
|
|
|
*/ |
44
|
|
|
public static function encode(array $data): string |
45
|
|
|
{ |
46
|
|
|
|
47
|
|
|
// Header json |
48
|
|
|
$header = json_encode(["alg" => self::$alg, "typ" => "JWT"]); |
49
|
|
|
|
50
|
|
|
// Payload json |
51
|
|
|
$payload = json_encode($data); |
52
|
|
|
|
53
|
|
|
// Convert then to base64 |
54
|
|
|
$header = self::base64url_encode($header); |
55
|
|
|
$payload = self::base64url_encode($payload); |
56
|
|
|
|
57
|
|
|
// Creating and converting signature with key |
58
|
|
|
$signature = hash_hmac(self::$hash, $header . "." . $payload, self::$secret, true); |
59
|
|
|
$signature = self::base64url_encode($signature); |
60
|
|
|
|
61
|
|
|
return $header . "." . $payload . "." . $signature; |
62
|
|
|
} |
63
|
|
|
|
64
|
|
|
/** |
65
|
|
|
* Validate a jwt token |
66
|
|
|
* |
67
|
|
|
* @param string $token |
68
|
|
|
* @return bool|array |
69
|
|
|
*/ |
70
|
|
|
public static function decode(string $token) |
71
|
|
|
{ |
72
|
|
|
if (!empty($token)) { |
73
|
|
|
$split = explode('.', $token); |
74
|
|
|
if (count($split) == 3) { |
75
|
|
|
|
76
|
|
|
$signature = hash_hmac(self::$hash, $split[0] . "." . $split[1], self::$secret, true); |
77
|
|
|
$bsig = self::base64url_encode($signature); |
78
|
|
|
|
79
|
|
|
if ($bsig == $split[2]) { |
80
|
|
|
return json_decode(self::base64url_decode($split[1])); |
81
|
|
|
} |
82
|
|
|
} |
83
|
|
|
} |
84
|
|
|
return false; |
85
|
|
|
} |
86
|
|
|
|
87
|
|
|
/** |
88
|
|
|
* Private function to encode url base64 |
89
|
|
|
* |
90
|
|
|
* @param string $data |
91
|
|
|
* @return string |
92
|
|
|
*/ |
93
|
|
|
private static function base64url_encode(string $data): string |
94
|
|
|
{ |
95
|
|
|
return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); |
96
|
|
|
} |
97
|
|
|
|
98
|
|
|
/** |
99
|
|
|
* Private function to decode url base64 |
100
|
|
|
* |
101
|
|
|
* @param string $data |
102
|
|
|
* @return string |
103
|
|
|
*/ |
104
|
|
|
private static function base64url_decode(string $data): string |
105
|
|
|
{ |
106
|
|
|
return base64_decode(strtr($data, '-_', '+/') . str_repeat('=', 3 - (3 + strlen($data)) % 4)); |
107
|
|
|
} |
108
|
|
|
} |
109
|
|
|
|