nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1206 Commits
1 Branch
Tree: 8cc997daff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8cc997daff'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php

JwtAuthMiddleware.php 4.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118 
  1. <?php

  2. namespace Tqdev\PhpCrudApi\Middleware;

  3. 

  4. use Tqdev\PhpCrudApi\Controller\Responder;

  5. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  6. use Tqdev\PhpCrudApi\Record\ErrorCode;

  7. use Tqdev\PhpCrudApi\Request;

  8. use Tqdev\PhpCrudApi\Response;

  9. 

  10. class JwtAuthMiddleware extends Middleware

  11. {

  12.     private function getVerifiedClaims(String $token, int $time, int $leeway, int $ttl, String $secret, array $requirements): array

  13.     {

  14.         $algorithms = array('HS256' => 'sha256', 'HS384' => 'sha384', 'HS512' => 'sha512');

  15.         $token = explode('.', $token);

  16.         if (count($token) < 3) {

  17.             return array();

  18.         }

  19.         $header = json_decode(base64_decode(strtr($token[0], '-_', '+/')), true);

  20.         if (!$secret) {

  21.             return array();

  22.         }

  23.         if ($header['typ'] != 'JWT') {

  24.             return array();

  25.         }

  26.         $algorithm = $header['alg'];

  27.         if (!isset($algorithms[$algorithm])) {

  28.             return array();

  29.         }

  30.         $hmac = $algorithms[$algorithm];

  31.         $signature = bin2hex(base64_decode(strtr($token[2], '-_', '+/')));

  32.         if ($signature != hash_hmac($hmac, "$token[0].$token[1]", $secret)) {

  33.             return array();

  34.         }

  35.         $claims = json_decode(base64_decode(strtr($token[1], '-_', '+/')), true);

  36.         if (!$claims) {

  37.             return array();

  38.         }

  39.         foreach ($requirements as $field => $values) {

  40.             if (!empty($values)) {

  41.                 if (!isset($claims[$field]) || !in_array($claims[$field], $values)) {

  42.                     return array();

  43.                 }

  44.             }

  45.         }

  46.         if (isset($claims['nbf']) && $time + $leeway < $claims['nbf']) {

  47.             return array();

  48.         }

  49.         if (isset($claims['iat']) && $time + $leeway < $claims['iat']) {

  50.             return array();

  51.         }

  52.         if (isset($claims['exp']) && $time - $leeway > $claims['exp']) {

  53.             return array();

  54.         }

  55.         if (isset($claims['iat']) && !isset($claims['exp'])) {

  56.             if ($time - $leeway > $claims['iat'] + $ttl) {

  57.                 return array();

  58.             }

  59.         }

  60.         return $claims;

  61.     }

  62. 

  63.     private function getArrayProperty(String $property, String $default): array

  64.     {

  65.         return array_filter(array_map('trim', explode(',', $this->getProperty($property, $default))));

  66.     }

  67. 

  68.     private function getClaims(String $token): array

  69.     {

  70.         $time = (int) $this->getProperty('time', time());

  71.         $leeway = (int) $this->getProperty('leeway', '5');

  72.         $ttl = (int) $this->getProperty('ttl', '30');

  73.         $secret = $this->getProperty('secret', '');

  74.         $requirements = array(

  75.             'alg' => $this->getArrayProperty('algorithms', ''),

  76.             'aud' => $this->getArrayProperty('audiences', ''),

  77.             'iss' => $this->getArrayProperty('issuers', ''),

  78.         );

  79.         if (!$secret) {

  80.             return array();

  81.         }

  82.         return $this->getVerifiedClaims($token, $time, $leeway, $ttl, $secret, $requirements);

  83.     }

  84. 

  85.     private function getAuthorizationToken(Request $request): String

  86.     {

  87.         $parts = explode(' ', trim($request->getHeader('Authorization')), 2);

  88.         if (count($parts) != 2) {

  89.             return '';

  90.         }

  91.         if ($parts[0] != 'Bearer') {

  92.             return '';

  93.         }

  94.         return $parts[1];

  95.     }

  96. 

  97.     public function handle(Request $request): Response

  98.     {

  99.         if (session_status() == PHP_SESSION_NONE) {

  100.             session_start();

  101.         }

  102.         $token = $this->getAuthorizationToken($request);

  103.         if ($token) {

  104.             $claims = $this->getClaims($token);

  105.             $_SESSION['claims'] = $claims;

  106.             if (empty($claims)) {

  107.                 return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, 'JWT');

  108.             }

  109.         }

  110.         if (empty($_SESSION['claims'])) {

  111.             $authenticationMode = $this->getProperty('mode', 'required');

  112.             if ($authenticationMode == 'required') {

  113.                 return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');

  114.             }

  115.         }

  116.         return $this->next->handle($request);

  117.     }

  118. }