1 | <?php |
||
2 | |||
3 | namespace ByJG\Util; |
||
4 | |||
5 | use Firebase\JWT\JWT; |
||
6 | use Firebase\JWT\Key; |
||
7 | |||
8 | class JwtWrapper |
||
9 | { |
||
10 | |||
11 | protected $serverName; |
||
12 | |||
13 | /** |
||
14 | * @var JwtKeyInterface |
||
15 | */ |
||
16 | protected $jwtKey; |
||
17 | |||
18 | /** |
||
19 | * JwtWrapper constructor. |
||
20 | * @param string $serverName |
||
21 | * @param JwtKeyInterface $jwtKey |
||
22 | * @throws JwtWrapperException |
||
23 | */ |
||
24 | 18 | public function __construct($serverName, $jwtKey) |
|
25 | { |
||
26 | 18 | $this->serverName = $serverName; |
|
27 | 18 | $this->jwtKey = $jwtKey; |
|
28 | |||
29 | 18 | if (!($jwtKey instanceof JwtKeyInterface)) { |
|
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
30 | throw new JwtWrapperException('Constructor needs to receive a JwtKeyInterface'); |
||
31 | } |
||
32 | } |
||
33 | |||
34 | /** |
||
35 | * @param $data |
||
36 | * @param int $secondsExpire In Seconds |
||
37 | * @param int $secondsNotBefore In Seconds |
||
38 | * @return array |
||
39 | */ |
||
40 | 12 | public function createJwtData($data, $secondsExpire = 60, $secondsNotBefore = 0) |
|
41 | { |
||
42 | 12 | $tokenId = base64_encode(openssl_random_pseudo_bytes(32)); |
|
43 | 12 | $issuedAt = time(); |
|
44 | 12 | $notBefore = $issuedAt + $secondsNotBefore; //Adding 10 seconds |
|
45 | 12 | $expire = $notBefore + $secondsExpire; // Adding 60 seconds |
|
46 | 12 | $serverName = $this->serverName; // Retrieve the server name from config file |
|
47 | |||
48 | /* |
||
49 | * Create the token as an array |
||
50 | */ |
||
51 | 12 | return [ |
|
52 | 12 | 'iat' => $issuedAt, // Issued at: time when the token was generated |
|
53 | 12 | 'jti' => $tokenId, // Json Token Id: an unique identifier for the token |
|
54 | 12 | 'iss' => $serverName, // Issuer |
|
55 | 12 | 'nbf' => $notBefore, // Not before |
|
56 | 12 | 'exp' => $expire, // Expire |
|
57 | 12 | 'data' => $data // Data related to the signer user |
|
58 | 12 | ]; |
|
59 | } |
||
60 | |||
61 | 12 | public function generateToken($jwtData) |
|
62 | { |
||
63 | /* |
||
64 | * Encode the array to a JWT string. |
||
65 | * Second parameter is the key to encode the token. |
||
66 | * |
||
67 | * The output string can be validated at http://jwt.io/ |
||
68 | */ |
||
69 | 12 | $jwt = JWT::encode( |
|
70 | 12 | $jwtData, //Data to be encoded in the JWT |
|
71 | 12 | $this->jwtKey->getPrivateKey(), // The signing key |
|
72 | 12 | $this->jwtKey->getAlghoritm() |
|
73 | 12 | ); |
|
74 | |||
75 | 12 | return $jwt; |
|
76 | } |
||
77 | |||
78 | /** |
||
79 | * Extract the key, which is coming from the config file. |
||
80 | * |
||
81 | * Best suggestion is the key to be a binary string and |
||
82 | * store it in encoded in a config file. |
||
83 | * |
||
84 | * Can be generated with base64_encode(openssl_random_pseudo_bytes(64)); |
||
85 | * |
||
86 | * keep it secure! You'll need the exact key to verify the |
||
87 | * token later. |
||
88 | * |
||
89 | * @param null $bearer |
||
0 ignored issues
–
show
|
|||
90 | * @return object |
||
91 | * @throws JwtWrapperException |
||
92 | */ |
||
93 | 18 | public function extractData($bearer = null) |
|
94 | { |
||
95 | 18 | if (empty($bearer)) { |
|
96 | 4 | $bearer = $this->getAuthorizationBearer(); |
|
97 | } |
||
98 | |||
99 | 16 | $jwtData = JWT::decode( |
|
100 | 16 | $bearer, |
|
101 | 16 | new Key($this->jwtKey->getPublicKey(), $this->jwtKey->getAlghoritm()) |
|
102 | 16 | ); |
|
103 | |||
104 | 6 | if (isset($jwtData->iss) && $jwtData->iss != $this->serverName) { |
|
105 | 2 | throw new JwtWrapperException("Issuer does not match"); |
|
106 | } |
||
107 | |||
108 | 4 | return $jwtData; |
|
109 | } |
||
110 | |||
111 | /** |
||
112 | * @return mixed |
||
113 | * @throws JwtWrapperException |
||
114 | */ |
||
115 | 4 | public function getAuthorizationBearer() |
|
116 | { |
||
117 | 4 | $authorization = isset($_SERVER['HTTP_AUTHORIZATION']) ? $_SERVER['HTTP_AUTHORIZATION'] : ""; |
|
118 | 4 | list($bearer) = sscanf($authorization, 'Bearer %s'); |
|
119 | |||
120 | 4 | if (empty($bearer)) { |
|
121 | 2 | throw new JwtWrapperException('Absent authorization token'); |
|
122 | } |
||
123 | |||
124 | 2 | return $bearer; |
|
125 | } |
||
126 | |||
127 | public static function generateSecret($bytes) |
||
128 | { |
||
129 | return base64_encode(openssl_random_pseudo_bytes($bytes)); |
||
130 | } |
||
131 | |||
132 | /** |
||
133 | * @param int $seconds A value no more than few minutes (in seconds) e.g. 60 |
||
134 | * @see: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4 |
||
135 | */ |
||
136 | public function setLeeway($seconds) |
||
137 | { |
||
138 | JWT::$leeway = $seconds; |
||
139 | } |
||
140 | |||
141 | public function getLeeway() |
||
142 | { |
||
143 | return JWT::$leeway; |
||
144 | } |
||
145 | } |
||
146 |