Replace emarref/jwt with lcobucci/jwt

Refactor all JWT-related components Replace RS256 with ES256 as a preferred JWT algorithm
2025-05-31 14:11:46 +05:30 · 2019-08-01 12:17:12 +03:00
parent 4c2a9cc172
commit 45c2ed601d
47 changed files with 805 additions and 621 deletions
--- a/api/components/Tokens/Component.php
+++ b/api/components/Tokens/Component.php
@@ -0,0 +1,96 @@
+<?php
+declare(strict_types=1);
+
+namespace api\components\Tokens;
+
+use Exception;
+use Lcobucci\JWT\Builder;
+use Lcobucci\JWT\Parser;
+use Lcobucci\JWT\Token;
+use yii\base\Component as BaseComponent;
+
+class Component extends BaseComponent {
+
+    private const EXPIRATION_TIMEOUT = 3600; // 1h
+
+    private const PREFERRED_ALGORITHM = 'ES256';
+
+    /**
+     * @var string
+     */
+    public $hmacKey;
+
+    /**
+     * @var string
+     */
+    public $publicKeyPath;
+
+    /**
+     * @var string
+     */
+    public $privateKeyPath;
+
+    /**
+     * @var string|null
+     */
+    public $privateKeyPass;
+
+    /**
+     * @var AlgorithmsManager|null
+     */
+    private $algorithmManager;
+
+    public function create(array $payloads = [], array $headers = []): Token {
+        $time = time();
+        $builder = (new Builder())
+            ->issuedAt($time)
+            ->expiresAt($time + self::EXPIRATION_TIMEOUT);
+        foreach ($payloads as $claim => $value) {
+            $builder->withClaim($claim, $value);
+        }
+
+        foreach ($headers as $claim => $value) {
+            $builder->withHeader($claim, $value);
+        }
+
+        /** @noinspection PhpUnhandledExceptionInspection */
+        $algorithm = $this->getAlgorithmManager()->get(self::PREFERRED_ALGORITHM);
+
+        return $builder->getToken($algorithm->getSigner(), $algorithm->getPrivateKey());
+    }
+
+    /**
+     * @param string $jwt
+     *
+     * @return Token
+     * @throws \InvalidArgumentException
+     */
+    public function parse(string $jwt): Token {
+        return (new Parser())->parse($jwt);
+    }
+
+    public function verify(Token $token): bool {
+        try {
+            $algorithm = $this->getAlgorithmManager()->get($token->getHeader('alg'));
+            return $token->verify($algorithm->getSigner(), $algorithm->getPublicKey());
+        } catch (Exception $e) {
+            return false;
+        }
+    }
+
+    private function getAlgorithmManager(): AlgorithmsManager {
+        if ($this->algorithmManager === null) {
+            $this->algorithmManager = new AlgorithmsManager([
+                new Algorithms\HS256($this->hmacKey),
+                new Algorithms\ES256(
+                    "file://{$this->privateKeyPath}",
+                    $this->privateKeyPass,
+                    "file://{$this->publicKeyPath}"
+                ),
+            ]);
+        }
+
+        return $this->algorithmManager;
+    }
+
+}