|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace BenTools\MercurePHP\Security; |
|
4
|
|
|
|
|
5
|
|
|
use BenTools\MercurePHP\Configuration\Configuration; |
|
6
|
|
|
use Exception; |
|
7
|
|
|
use Lcobucci\JWT\Parser; |
|
8
|
|
|
use Lcobucci\JWT\Signer; |
|
9
|
|
|
use Lcobucci\JWT\Signer\Key; |
|
10
|
|
|
use Lcobucci\JWT\Token; |
|
11
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
12
|
|
|
use RuntimeException; |
|
13
|
|
|
|
|
14
|
|
|
use function BenTools\MercurePHP\get_signer; |
|
15
|
|
|
|
|
16
|
|
|
final class Authenticator |
|
17
|
|
|
{ |
|
18
|
|
|
private Parser $parser; |
|
19
|
|
|
private Key $key; |
|
20
|
53 |
|
private Signer $signer; |
|
21
|
|
|
|
|
22
|
53 |
|
public function __construct(Parser $parser, Key $key, Signer $signer) |
|
23
|
53 |
|
{ |
|
24
|
53 |
|
$this->parser = $parser; |
|
25
|
53 |
|
$this->key = $key; |
|
26
|
|
|
$this->signer = $signer; |
|
27
|
50 |
|
} |
|
28
|
|
|
|
|
29
|
50 |
|
public function authenticate(ServerRequestInterface $request): ?Token |
|
30
|
|
|
{ |
|
31
|
50 |
|
$token = self::extractToken($request, $this->parser, $this->key, $this->signer); |
|
32
|
7 |
|
|
|
33
|
|
|
if (null === $token) { |
|
34
|
|
|
return null; |
|
35
|
43 |
|
} |
|
36
|
2 |
|
|
|
37
|
|
|
if (!$token->verify($this->signer, $this->key)) { |
|
38
|
|
|
throw new RuntimeException('Invalid token signature.'); |
|
39
|
41 |
|
} |
|
40
|
2 |
|
|
|
41
|
|
|
if ($token->isExpired()) { |
|
42
|
|
|
throw new RuntimeException('Your token has expired.'); |
|
43
|
39 |
|
} |
|
44
|
|
|
|
|
45
|
|
|
return $token; |
|
46
|
50 |
|
} |
|
47
|
|
|
|
|
48
|
50 |
|
private static function extractRawToken(ServerRequestInterface $request): ?string |
|
49
|
41 |
|
{ |
|
50
|
41 |
|
if ($request->hasHeader('Authorization')) { |
|
51
|
41 |
|
$payload = \trim($request->getHeaderLine('Authorization')); |
|
52
|
|
|
if (0 === \strpos($payload, 'Bearer ')) { |
|
53
|
|
|
return \substr($payload, 7); |
|
54
|
|
|
} |
|
55
|
9 |
|
} |
|
56
|
9 |
|
|
|
57
|
|
|
$cookies = $request->getCookieParams(); |
|
58
|
|
|
return $cookies['mercureAuthorization'] ?? null; |
|
59
|
50 |
|
} |
|
60
|
|
|
|
|
61
|
50 |
|
private static function extractToken(ServerRequestInterface $request, Parser $parser, Key $key, Signer $signer): ?Token |
|
|
|
|
|
|
62
|
50 |
|
{ |
|
63
|
7 |
|
$payload = self::extractRawToken($request); |
|
64
|
|
|
if (null === $payload) { |
|
65
|
|
|
return null; |
|
66
|
|
|
} |
|
67
|
43 |
|
|
|
68
|
|
|
try { |
|
69
|
|
|
return $parser->parse($payload); |
|
70
|
|
|
} catch (RuntimeException $e) { |
|
71
|
|
|
throw new RuntimeException("Cannot decode token."); |
|
72
|
|
|
} |
|
73
|
19 |
|
} |
|
74
|
|
|
|
|
75
|
|
|
public static function createPublisherAuthenticator(array $config): Authenticator |
|
76
|
19 |
|
{ |
|
77
|
19 |
|
$publisherKey = $config[Configuration::PUBLISHER_JWT_KEY] ?? $config[Configuration::JWT_KEY]; |
|
78
|
|
|
$publisherAlgorithm = $config[Configuration::PUBLISHER_JWT_ALGORITHM] ?? $config[Configuration::JWT_ALGORITHM]; |
|
79
|
|
|
|
|
80
|
19 |
|
return new self( |
|
81
|
|
|
new Parser(), |
|
82
|
|
|
new Key($publisherKey), |
|
83
|
|
|
get_signer($publisherAlgorithm) |
|
84
|
19 |
|
); |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
10 |
|
public static function createSubscriberAuthenticator(array $config): Authenticator |
|
88
|
|
|
{ |
|
89
|
10 |
|
$subscriberKey = $config[Configuration::SUBSCRIBER_JWT_KEY] ?? $config[Configuration::JWT_KEY]; |
|
90
|
10 |
|
$subscriberAlgorithm = $config[Configuration::SUBSCRIBER_JWT_ALGORITHM] ?? $config[Configuration::JWT_ALGORITHM]; |
|
91
|
|
|
|
|
92
|
10 |
|
return new self( |
|
93
|
10 |
|
new Parser(), |
|
94
|
10 |
|
new Key($subscriberKey), |
|
95
|
10 |
|
get_signer($subscriberAlgorithm) |
|
96
|
|
|
); |
|
97
|
|
|
} |
|
98
|
|
|
} |
|
99
|
|
|
|
bpolaszek /
mercure-php-hub
Loading history...
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.