55 lines
1.9 KiB
PHP
55 lines
1.9 KiB
PHP
<?php
|
|
|
|
namespace Api\Core;
|
|
|
|
class Auth {
|
|
private static $secret = 'super-secret-key-change-me'; // Should be in an env/config file
|
|
|
|
public static function generateToken($payload) {
|
|
$header = json_encode(['typ' => 'JWT', 'alg' => 'HS256']);
|
|
$payload['exp'] = time() + (60 * 60 * 24); // 24 hours
|
|
$payload = json_encode($payload);
|
|
|
|
$base64UrlHeader = self::base64UrlEncode($header);
|
|
$base64UrlPayload = self::base64UrlEncode($payload);
|
|
|
|
$signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, self::$secret, true);
|
|
$base64UrlSignature = self::base64UrlEncode($signature);
|
|
|
|
return $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
|
|
}
|
|
|
|
public static function verifyToken($token) {
|
|
$parts = explode('.', $token);
|
|
if (count($parts) !== 3) return false;
|
|
|
|
list($header, $payload, $signature) = $parts;
|
|
|
|
$validSignature = hash_hmac('sha256', $header . "." . $payload, self::$secret, true);
|
|
if (self::base64UrlEncode($validSignature) !== $signature) return false;
|
|
|
|
$payloadData = json_decode(self::base64UrlDecode($payload), true);
|
|
if (isset($payloadData['exp']) && $payloadData['exp'] < time()) return false;
|
|
|
|
return $payloadData;
|
|
}
|
|
|
|
public static function getBearerToken() {
|
|
$headers = getallheaders();
|
|
if (isset($headers['Authorization'])) {
|
|
if (preg_match('/Bearer\s(\S+)/', $headers['Authorization'], $matches)) {
|
|
return $matches[1];
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
private static function base64UrlEncode($data) {
|
|
return str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($data));
|
|
}
|
|
|
|
private static function base64UrlDecode($data) {
|
|
return base64_decode(str_replace(['-', '_'], ['+', '/'], $data));
|
|
}
|
|
}
|