1 | <?php |
||
2 | namespace SoliDry\Extension; |
||
3 | |||
4 | use Closure; |
||
5 | use Lcobucci\JWT\Parser; |
||
6 | use SoliDry\Helpers\ConfigHelper; |
||
7 | use SoliDry\Helpers\Jwt; |
||
8 | use SoliDry\Types\ConfigInterface; |
||
9 | |||
10 | /** |
||
11 | * Class BaseJwt |
||
12 | * @package SoliDry\Extension |
||
13 | */ |
||
14 | class BaseJwt |
||
15 | { |
||
16 | /** |
||
17 | * Verifies jwt token on configured requests |
||
18 | * @example |
||
19 | * 'jwt'=> [ |
||
20 | * 'enabled' => true, |
||
21 | * 'table' => 'user', |
||
22 | * 'activate' => 30, |
||
23 | * 'expires' => 3600, |
||
24 | * ], |
||
25 | * |
||
26 | * @param $request |
||
27 | * @param Closure $next |
||
28 | * @return mixed |
||
29 | */ |
||
30 | public function handle($request, Closure $next) |
||
31 | { |
||
32 | if(ConfigHelper::getNestedParam(ConfigInterface::JWT, ConfigInterface::ENABLED) === true) { |
||
33 | if(empty($request->jwt)) { |
||
34 | die('JWT token required.'); |
||
0 ignored issues
–
show
|
|||
35 | } |
||
36 | $token = (new Parser())->parse((string)$request->jwt); |
||
37 | if(Jwt::verify($token) === false) { |
||
38 | header('HTTP/1.1 403 Forbidden'); |
||
39 | die('Access forbidden.'); |
||
40 | } |
||
41 | } |
||
42 | |||
43 | return $next($request); |
||
44 | } |
||
45 | } |
In general, usage of exit should be done with care and only when running in a scripting context like a CLI script.