Replace separate minecraft access tokens with JWT

2025-05-31 14:11:46 +05:30 · 2019-12-04 21:10:15 +03:00
parent 060a4e960a
commit a81ef5cac2
34 changed files with 432 additions and 303 deletions
--- a/api/components/Tokens/Component.php
+++ b/api/components/Tokens/Component.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 namespace api\components\Tokens;

 use Carbon\Carbon;
+use Defuse\Crypto\Crypto;
 use Exception;
 use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Parser;
@@ -35,6 +36,11 @@ class Component extends BaseComponent {
     */
    public $privateKeyPass;

+    /**
+     * @var string|\Defuse\Crypto\Key
+     */
+    public $encryptionKey;
+
    /**
     * @var AlgorithmsManager|null
     */
@@ -45,6 +51,7 @@ class Component extends BaseComponent {
        Assert::notEmpty($this->hmacKey, 'hmacKey must be set');
        Assert::notEmpty($this->privateKeyPath, 'privateKeyPath must be set');
        Assert::notEmpty($this->publicKeyPath, 'publicKeyPath must be set');
+        Assert::notEmpty($this->encryptionKey, 'encryptionKey must be set');
    }

    public function create(array $payloads = [], array $headers = []): Token {
@@ -53,11 +60,11 @@ class Component extends BaseComponent {
            ->issuedAt($now->getTimestamp())
            ->expiresAt($now->addHour()->getTimestamp());
        foreach ($payloads as $claim => $value) {
-            $builder->withClaim($claim, $value);
+            $builder->withClaim($claim, $this->prepareValue($value));
        }

        foreach ($headers as $claim => $value) {
-            $builder->withHeader($claim, $value);
+            $builder->withHeader($claim, $this->prepareValue($value));
        }

        /** @noinspection PhpUnhandledExceptionInspection */
@@ -85,6 +92,10 @@ class Component extends BaseComponent {
        }
    }

+    public function decryptValue(string $encryptedValue): string {
+        return Crypto::decryptWithPassword($encryptedValue, $this->encryptionKey);
+    }
+
    private function getAlgorithmManager(): AlgorithmsManager {
        if ($this->algorithmManager === null) {
            $this->algorithmManager = new AlgorithmsManager([
@@ -100,4 +111,12 @@ class Component extends BaseComponent {
        return $this->algorithmManager;
    }

+    private function prepareValue($value) {
+        if ($value instanceof EncryptedValue) {
+            return Crypto::encryptWithPassword($value->getValue(), $this->encryptionKey);
+        }
+
+        return $value;
+    }
+
 }