update

Author: edenleung

src/Config/Token.php

@@ -9,7 +9,6 @@
 
 class Token
 {
-    protected $unique_id_key = 'uid';
     protected $signer_key = null;
     protected $not_before = 0;
     protected $expires_at = 3600;
@@ -40,11 +39,6 @@ public function getSigningKey()
         return base64_encode($this->signer_key);
     }
 
-    public function getIdKey(): string
-    {
-        return $this->unique_id_key;
-    }
-
     public function getExpires()
     {
         return $this->expires_at;

src/JwtAuth.php

@@ -5,9 +5,13 @@
 namespace xiaodi\JWTAuth\Service;
 
 use DateTime;
+use DateTimeImmutable;
+use Exception;
 use think\App;
 
 use Lcobucci\JWT\Token as JwtToken;
+use xiaodi\JWTAuth\Exception\JWTException;
+use xiaodi\JWTAuth\Exception\TokenAlreadyEexpired;
 
 class Jwt
 {
@@ -67,16 +71,9 @@ public function token($identifier, array $claims = []): JwtToken
     {
         $token = $this->app->get('jwt.token')->make($identifier, $claims);
 
-        // $this->app->get('jwt.manager')->login($token);
-
         return $token;
     }
 
-    public function getToken()
-    {
-        return $this->app->get('jwt.token')->getToken();
-    }
-
     /**
      * 验证 Token
      *
@@ -90,12 +87,22 @@ public function verify(?string $token): bool
             $token = $service->getRequestToken();
         }
 
-        if (!$service->verify($token)) {
+        if (!$service->validate($token)) {
+            $now = new DateTimeImmutable();
             $token = $service->getToken();
-            if ($token->isExpired(new DateTime())) {
-                // todo 过期
+            if (!$service->isRefreshExpired($now)) {
+                $config = $service->getConfig();
+                if ($config->getAutomaticRenewal()) {
+                    $token = $service->automaticRenewalToken($token);
+                }
+            } else {
+                throw new JWTException('效验失败', 401);
             }
+        }
 
+        // 是否存在黑名单
+        if (true === $this->app->get('jwt.manager')->wasBan($token)) {
+            throw new TokenAlreadyEexpired('token was ban', $this->config->getReloginCode());
         }
 
         return true;

src/Service/Jwt.php

@@ -36,6 +36,14 @@ protected function resloveConfig()
         $this->config = new Config($options);
     }
 
+    /**
+     * @var Config
+     */
+    public function getConfig()
+    {
+        return $this->config;
+    }
+
     public function login(Token $token): void
     {
         if ($this->app->get('jwt.sso')->getEnable()) {
@@ -47,31 +55,30 @@ public function login(Token $token): void
 
     protected function handleSSO(Token $token): void
     {
-        $jti = $token->getClaim('jti');
-        $store = $token->getClaim('store');
-        $exp = $token->getClaim('exp') - time();
+        $jti = $token->claims()->get('jti');
+        $store = $token->claims()->get()('store');
 
         $this->destroyToken($jti, $store);
     }
 
     protected function pushWhitelist(Token $token): void
     {
-        $jti = $token->getClaim('jti');
-        $store = $token->getClaim('store');
-        $exp = $token->getClaim('exp') - time();
-        $tag = $store .'-' . $this->config->getWhitelist();
+        $jti = $token->claims()->get('jti');
+        $store = $token->claims()->get('store');
+        $exp = $token->claims()->get('exp') - time();
+        $tag = $store . '-' . $this->config->getWhitelist();
 
         $key = $this->formatKey($store, $this->config->getWhitelist(), $jti, (string)$token);
         $this->setCache($tag, $key, (string)$token, $exp);
     }
 
     protected function pushBlacklist(Token $token): void
     {
-        $jti = $token->getClaim('jti');
-        $store = $token->getClaim('store');
+        $jti = $token->claims()->get('jti');
+        $store = $token->claims()->get('store');
 
-        $exp = $token->getClaim('exp') - time();
-        $tag = $store .'-' . $this->config->getBlacklist();
+        $exp = $token->claims()->get('exp') - time();
+        $tag = $store . '-' . $this->config->getBlacklist();
         $key = $this->formatKey($store, $this->config->getBlacklist(), $jti, (string)$token);
 
         $this->setCache($tag, $key, (string)$token, $exp);
@@ -84,15 +91,15 @@ public function logout(Token $token): void
 
     public function wasBan(Token $token): bool
     {
-        $jti = $token->getClaim('jti');
-        $store = $token->getClaim('store');
+        $jti = $token->claims()->get('jti');
+        $store = $token->claims()->get('store');
 
-        return $this->getBlacklist($store, $jti, (string)$token) === (string) $token ? true : false;
+        return $this->getBlacklist($store, $jti, $token) === $token->toString();
     }
 
-    protected function getBlacklist(string $store, string $jti, string $token)
+    protected function getBlacklist(string $store, string $jti, Token $token)
     {
-        return $this->getCache($store, $this->config->getBlacklist(), $jti, $token);
+        return $this->getCache($store, $this->config->getBlacklist(), $jti, $token->toString());
     }
 
     public function destroyStoreWhitelist($store): void
@@ -108,14 +115,13 @@ public function destroyStoreBlacklist($store): void
     public function destroyToken($id, $store): void
     {
         $type = $this->config->getWhitelist();
-        $tag = $store .'-' . $type;
+        $tag = $store . '-' . $type;
 
         $rule = implode(':', [$this->config->getPrefix(), $store, $type, $id]);
         $keys = $this->app->cache->getTagItems($tag);
         $parser = new Parser();
 
-        foreach($keys as $key) {
-
+        foreach ($keys as $key) {
             if (false !== strpos($key, $rule)) {
                 $value = $this->app->cache->get($key);
 

src/Service/Manager.php

@@ -1,6 +1,6 @@
 <?php
 
-declare (strict_types = 1);
+declare(strict_types=1);
 
 namespace xiaodi\JWTAuth\Service;
 
@@ -18,7 +18,7 @@ class SSO
     public function __construct(App $app)
     {
         $this->app = $app;
-        
+
         $this->init();
     }
 
@@ -29,6 +29,14 @@ protected function init()
         $this->config = new Config($options);
     }
 
+    /**
+     * @var Config
+     */
+    public function getConfig()
+    {
+        return $this->config;
+    }
+
     protected function getStore(): string
     {
         return $this->app->get('jwt')->getStore();

src/Service/SSO.php

@@ -6,6 +6,7 @@
 
 use DateTimeZone;
 use DateTimeImmutable;
+use DateTimeInterface;
 use think\App;
 use xiaodi\JWTAuth\Config\Token as Config;
 use xiaodi\JWTAuth\Handle\RequestToken;
@@ -72,6 +73,11 @@ protected function getStore()
         return $this->app->get('jwt')->getStore();
     }
 
+    public function getToken()
+    {
+        return $this->token;
+    }
+
     protected function resolveConfig()
     {
         $store = $this->getStore();
@@ -87,16 +93,21 @@ protected function resolveConfig()
     public function make($identifier, array $claims = []): JwtToken
     {
         $now   = new DateTimeImmutable();
-        return $this->jwtConfiguration->builder()
+        $builder = $this->jwtConfiguration->builder()
             ->permittedFor($this->config->getAud())
             ->issuedBy($this->config->getIss())
             ->identifiedBy((string)$identifier)
             ->issuedAt($now)
             ->canOnlyBeUsedAfter($now)
             ->expiresAt($this->getExpiryDateTime($now))
             ->relatedTo((string) $identifier)
-            ->withClaim('scopes', json_encode($claims))
-            ->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey());
+            ->withClaim('store', $this->getStore());
+
+        foreach ($claims as $key => $value) {
+            $builder->withClaim($key, $value);
+        }
+
+        return $builder->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey());
     }
 
     public function getExpiryDateTime($now): DateTimeImmutable
@@ -117,25 +128,6 @@ public function parse(string $token): JwtToken
         return $this->token;
     }
 
-    /**
-     *
-     * @return JWTToken
-     */
-    public function getToken(): ?JwtToken
-    {
-        return $this->token;
-    }
-
-    /**
-     * 
-     * @param string $token
-     * @return boolean|null
-     */
-    public function verify(string $token): ?bool
-    {
-        $this->validate($token);
-    }
-
     /**
      * 效验 Token
      * @param string $token
@@ -157,7 +149,7 @@ public function validate(string $token)
     public function logout(?string $token): void
     {
         $token = $token ?: $this->getRequestToken();
-        $token = $this->parseToken($token);
+        $token = $this->parse($token);
 
         $this->app->get('jwt.manager')->logout($token);
     }
@@ -176,8 +168,53 @@ public function getRequestToken(): string
         return $token;
     }
 
-    public function getType(): string
+    public function isRefreshExpired(DateTimeInterface $now): bool
+    {
+        if (!$this->token->claims()->has('iat')) {
+            return false;
+        }
+
+        $iat = $this->token->claims()->get('iat');
+        $refresh_ttl = $this->config->getRefreshTTL();
+        $refresh_exp = $iat->modify("+{$refresh_ttl} sec");
+        return $now >= $refresh_exp;
+    }
+
+    /**
+     * @var Config
+     */
+    public function getConfig()
+    {
+        return $this->config;
+    }
+
+    /**
+     * Token 自动续期
+     *
+     * @param Token $token
+     * @param int|string $ttl 秒数
+     * @return void
+     */
+    public function automaticRenewalToken(JwtToken $token)
     {
-        return $this->config->getTokenType();
+        $claims = $token->claims()->all();
+
+        $jti = $claims['jti'];
+        unset($claims['aud']);
+        unset($claims['iss']);
+        unset($claims['jti']);
+        unset($claims['iat']);
+        unset($claims['nbf']);
+        unset($claims['exp']);
+        unset($claims['sub']);
+
+        $token = $this->make($jti, $claims);
+        $refreshAt = $this->config->getRefreshTTL();
+
+        header('Access-Control-Expose-Headers:Automatic-Renewal-Token,Automatic-Renewal-Token-RefreshAt');
+        header("Automatic-Renewal-Token:" . $token->toString());
+        header("Automatic-Renewal-Token-RefreshAt:$refreshAt");
+
+        return $token;
     }
 }