支持 RSA

Author: edenleung

config/config.php

@@ -9,6 +9,8 @@
             ],
             'token' => [
                 'signer_key'    => 'tant',
+                'public_key'    => 'file://path/public.key',
+                'private_key'   => 'file://path/private.key',
                 'not_before'    => 0,
                 'expires_at'    => 3600,
                 'refresh_ttL'   => 7200,

src/Config/Token.php

@@ -6,6 +6,11 @@
 
 use Lcobucci\JWT\Signer;
 use xiaodi\JWTAuth\Exception\JWTException;
+use Lcobucci\JWT\Signer\Key\InMemory;
+use Lcobucci\JWT\Signer\Key;
+use Lcobucci\JWT\Signer\Key\LocalFileReference;
+use Lcobucci\JWT\Signer\Hmac;
+use Lcobucci\JWT\Signer\Rsa;
 
 class Token
 {
@@ -20,6 +25,8 @@ class Token
     protected $iss = 'client.xiaodim.com';
     protected $aud = 'server.xiaodim.com';
     protected $automatic_renewal = false;
+    protected $public_key = '';
+    protected $private_key = '';
 
     public function __construct(array $options)
     {
@@ -30,13 +37,43 @@ public function __construct(array $options)
         }
     }
 
-    public function getSigningKey()
+    public function getHamcKey(): Key
     {
         if (empty($this->signer_key)) {
             throw new JWTException('config signer_key required.', 500);
         }
 
-        return base64_encode($this->signer_key);
+        return InMemory::base64Encoded((string)$this->signer_key);
+    }
+
+    public function RSASigner()
+    {
+        $signer = $this->getSigner();
+
+        return $signer instanceof Rsa;
+    }
+
+    public function getSignerKey(): Key
+    {
+        $signer = $this->getSigner();
+
+        if ($this->RSASigner()) {
+            return $this->getPrivateKey();
+        } else if ($signer instanceof Hmac) {
+            return $this->getHamcKey();
+        } else {
+            throw new JWTException('not support.', 500);
+        }
+    }
+
+    public function getPublicKey(): Key
+    {
+        return LocalFileReference::file($this->public_key);
+    }
+
+    public function getPrivateKey(): Key
+    {
+        return LocalFileReference::file($this->private_key);
     }
 
     public function getExpires()
@@ -73,7 +110,7 @@ public function getReloginCode()
     {
         return $this->relogin_code;
     }
-    
+
     public function getRefreshCode()
     {
         return $this->refresh_code;

src/Service/JwtAuth.php

@@ -83,23 +83,12 @@ public function verify(string $token = null): bool
         // 是否存在黑名单
         $this->wasBan($token);
 
-        if (!$service->validate($token)) {
-            $now = new DateTimeImmutable();
-
-            $token = $service->getToken();
-            if (!$service->isRefreshExpired($now)) {
-                $config = $service->getConfig();
-                if ($config->getAutomaticRenewal()) {
-                    $token = $service->automaticRenewalToken($token);
-                }
-            } else {
-                throw new JWTException('效验失败', 401);
-            }
-        } else {
-            $token = $this->app->get('jwt.token')->getToken();
+        // 检测合法性
+        if ($service->validate($token)) {
+            return $service->validateExp($token);
         }
 
-        return true;
+        return false;
     }
 
     protected function wasBan($token)
@@ -122,10 +111,9 @@ public function logout(string $token = null)
         $token = $service->parse($token);
         $this->app->get('jwt.manager')->logout($token);
     }
-    
+
     public function user()
     {
         return $this->app->get('jwt.user')->find();
     }
-
 }

src/Service/Token.php

@@ -12,11 +12,11 @@
 use xiaodi\JWTAuth\Handle\RequestToken;
 use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Token as JwtToken;
-use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
 use Lcobucci\JWT\Validation\Constraint\ValidAt;
 use Lcobucci\Clock\SystemClock;
 use xiaodi\JWTAuth\Exception\JWTException;
+use Lcobucci\JWT\Signer\Key\InMemory;
 
 class Token
 {
@@ -59,7 +59,7 @@ public function initJwtConfiguration()
     {
         $this->jwtConfiguration = Configuration::forSymmetricSigner(
             $this->config->getSigner(),
-            InMemory::base64Encoded($this->config->getSigningKey())
+            $this->config->getSignerKey()
         );
     }
 
@@ -123,24 +123,55 @@ public function parse(string $token): JwtToken
         return $this->token;
     }
 
+    protected function getValidateConfig()
+    {
+        return Configuration::forSymmetricSigner(
+            $this->config->getSigner(),
+            $this->config->RSASigner() ? $this->config->getPublicKey() : $this->config->getHamcKey()
+        );
+    }
+
     /**
-     * 效验 Token
+     * 效验合法性 Token
      * @param string $token
      * @return boolean
      */
     public function validate(string $token)
     {
         $token = $this->parse($token);
-        $this->jwtConfiguration->setValidationConstraints(
+
+        $jwtConfiguration = $this->getValidateConfig();
+
+        $jwtConfiguration->setValidationConstraints(
+            new SignedWith($jwtConfiguration->signer(), $jwtConfiguration->signingKey())
+        );
+
+        $constraints = $jwtConfiguration->validationConstraints();
+
+        return $jwtConfiguration->validator()->validate($token, ...$constraints);
+    }
+
+    /**
+     * 效验是否过期 Token
+     * @param string $token
+     * @return boolean
+     */
+    public function validateExp(string $token)
+    {
+        $token = $this->parse($token);
+
+        $jwtConfiguration = $this->getValidateConfig();
+
+        $jwtConfiguration->setValidationConstraints(
             new ValidAt(new SystemClock(new DateTimeZone(\date_default_timezone_get()))),
-            new SignedWith($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey())
         );
 
-        $constraints = $this->jwtConfiguration->validationConstraints();
+        $constraints = $jwtConfiguration->validationConstraints();
 
-        return $this->jwtConfiguration->validator()->validate($token, ...$constraints);
+        return $jwtConfiguration->validator()->validate($token, ...$constraints);
     }
 
+
     public function login(JwtToken $token)
     {
         $this->app->get('jwt.manange')->login($token);