ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Replace separate minecraft access tokens with JWT

Browse Source
This commit is contained in:
ErickSkrauch
2019-12-04 21:10:15 +03:00
parent 060a4e960a
commit a81ef5cac2
34 changed files with 432 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
api/components/Tokens/TokensFactory.php
View File

@@ -3,6 +3,8 @@ declare(strict_types=1);
namespace api\components\Tokens;
use api\rbac\Permissions as P;
use api\rbac\Roles as R;
use Carbon\Carbon;
use common\models\Account;
use common\models\AccountSession;
@@ -10,16 +12,17 @@ use Lcobucci\JWT\Token;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use Yii;
use yii\base\Component;
class TokensFactory {
class TokensFactory extends Component {
public const SUB_ACCOUNT_PREFIX = 'ely|';
public const AUD_CLIENT_PREFIX = 'client|';
public static function createForAccount(Account $account, AccountSession $session = null): Token {
public function createForWebAccount(Account $account, AccountSession $session = null): Token {
$payloads = [
'ely-scopes' => 'accounts_web_user',
'sub' => self::buildSub($account->id),
'ely-scopes' => R::ACCOUNTS_WEB_USER,
'sub' => $this->buildSub($account->id),
];
if ($session === null) {
// If we don't remember a session, the token should live longer
@@ -32,26 +35,39 @@ class TokensFactory {
return Yii::$app->tokens->create($payloads);
}
public static function createForOAuthClient(AccessTokenEntityInterface $accessToken): Token {
public function createForOAuthClient(AccessTokenEntityInterface $accessToken): Token {
$payloads = [
'aud' => self::buildAud($accessToken->getClient()->getIdentifier()),
'ely-scopes' => implode(',', array_map(static function(ScopeEntityInterface $scope): string {
'aud' => $this->buildAud($accessToken->getClient()->getIdentifier()),
'ely-scopes' => $this->joinScopes(array_map(static function(ScopeEntityInterface $scope): string {
return $scope->getIdentifier();
}, $accessToken->getScopes())),
'exp' => $accessToken->getExpiryDateTime()->getTimestamp(),
];
if ($accessToken->getUserIdentifier() !== null) {
$payloads['sub'] = self::buildSub($accessToken->getUserIdentifier());
$payloads['sub'] = $this->buildSub($accessToken->getUserIdentifier());
}
return Yii::$app->tokens->create($payloads);
}
private static function buildSub(int $accountId): string {
public function createForMinecraftAccount(Account $account, string $clientToken): Token {
return Yii::$app->tokens->create([
'ely-scopes' => $this->joinScopes([P::MINECRAFT_SERVER_SESSION]),
'ely-client-token' => new EncryptedValue($clientToken),
'sub' => $this->buildSub($account->id),
'exp' => Carbon::now()->addDays(2)->getTimestamp(),
]);
}
private function joinScopes(array $scopes): string {
return implode(',', $scopes);
}
private function buildSub(int $accountId): string {
return self::SUB_ACCOUNT_PREFIX . $accountId;
}
private static function buildAud(string $clientId): string {
private function buildAud(string $clientId): string {
return self::AUD_CLIENT_PREFIX . $clientId;
}