update

Author: edenleung

src/Config/Token.php

@@ -5,9 +5,7 @@
 namespace xiaodi\JWTAuth\Config;
 
 use Lcobucci\JWT\Signer;
-use Lcobucci\JWT\Signer\Key;
 use xiaodi\JWTAuth\Exception\JWTException;
-use think\App;
 
 class Token
 {
@@ -33,14 +31,13 @@ public function __construct(array $options)
         }
     }
 
-    public function makeSignerKey()
+    public function getSigningKey()
     {
-        $key = $this->signer_key;
-        if (empty($key)) {
+        if (empty($this->signer_key)) {
             throw new JWTException('config signer_key required.', 500);
         }
 
-        return new Key($key);
+        return $this->signer_key;
     }
 
     public function getIdKey(): string

src/Service/Jwt.php

@@ -62,11 +62,11 @@ protected function getDefaultApp(): string
      * @param array $claims
      * @return JwtToken
      */
-    public function token(array $claims): JwtToken
+    public function token($identifier, array $claims = []): JwtToken
     {
-        $token = $this->app->get('jwt.token')->make($claims);
+        $token = $this->app->get('jwt.token')->make($identifier, $claims);
 
-        $this->app->get('jwt.manager')->login($token);
+        // $this->app->get('jwt.manager')->login($token);
 
         return $token;
     }

src/Service/Token.php

@@ -4,19 +4,19 @@
 
 namespace xiaodi\JWTAuth\Service;
 
+use DateTimeZone;
+use DateTimeImmutable;
 use think\App;
-use Lcobucci\JWT\Builder;
-use Lcobucci\JWT\Token as JwtToken;
-use Lcobucci\JWT\ValidationData;
-use Lcobucci\JWT\Parser;
 use xiaodi\JWTAuth\Config\Token as Config;
-use xiaodi\JWTAuth\Exception\JWTException;
-use xiaodi\JWTAuth\Exception\JWTInvalidArgumentException;
-use xiaodi\JWTAuth\Exception\TokenAlreadyEexpired;
 use xiaodi\JWTAuth\Handle\RequestToken;
+use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Token as JwtToken;
+use Lcobucci\JWT\Signer\Key\InMemory;
+use Lcobucci\JWT\Validation\Constraint\SignedWith;
+use Lcobucci\JWT\Validation\Constraint\ValidAt;
+use Lcobucci\Clock\SystemClock;
 
 /**
- * Undocumented class
  *
  * @method JwtToken make()
  * @method bool verify()
@@ -41,6 +41,11 @@ class Token
      */
     protected $token;
 
+    /**
+     * @var Configuration
+     */
+    private $jwtConfiguration;
+
     public function __construct(App $app)
     {
         $this->app = $app;
@@ -49,107 +54,59 @@ public function __construct(App $app)
 
     protected function init()
     {
-        $options = $this->resolveConfig();
+        $this->resolveConfig();
+        $this->initJwtConfiguration();
+    }
 
-        $this->config = new Config($options);
+    protected function initJwtConfiguration()
+    {
+        $this->jwtConfiguration = Configuration::forSymmetricSigner(
+            $this->config->getSigner(),
+            InMemory::base64Encoded($this->config->getSigningKey())
+        );
     }
 
     protected function getStore()
     {
         return $this->app->get('jwt')->getStore();
     }
 
-    protected function resolveConfig(): array
+    protected function resolveConfig()
     {
         $store = $this->getStore();
         $options = $this->app->config->get("jwt.stores.{$store}.token", []);
 
         if (!empty($options)) {
-            return $options;
-        }
-
-        throw new JWTException($store . '应用 Token 配置未完整', 500);
-    }
-
-    protected function makeId(array $claims)
-    {
-        $key = $this->config->getIdKey();
-        if (!array_key_exists($key, $claims)) {
-            throw new JWTException("claims {$key} requried", 500);
+            $this->config = new Config($options);
+        } else {
+            throw new JWTException($store . '应用 Token 配置未完整', 500);
         }
-
-        return $claims[$key];
     }
 
-    public function make(array $claims): JwtToken
+    public function make($identifier, array $claims = []): JwtToken
     {
-        $unique_id = $this->makeId($claims);
-
-        $now = time();
-        $expires = $now + $this->config->getExpires();
-        $refreshAt = $expires + $this->config->getRefreshTTL();
-        $notBefore = $this->config->getNotBefore();
-        $iss = $this->config->getIss();
-        $aud = $this->config->getAud();
-
-        $builder = new Builder();
-        $builder->setIssuer($iss)
-            ->setAudience($aud)
-            ->setId($unique_id, true)
-            ->setIssuedAt($now)
-            ->setNotBefore($now + $notBefore)
-            ->setExpiration($expires)
-            ->set('refreshAt', $refreshAt);
-
-        $builder->set('store', $this->getStore());
-
-        foreach ($claims as $key => $claim) {
-            $builder->set($key, $claim);
-        }
-
-        $token = $builder->getToken($this->config->getSigner(), $this->config->makeSignerKey());
-
-        return $token;
+        $now   = new DateTimeImmutable();
+        return $this->jwtConfiguration->builder()
+            ->permittedFor($this->config->getAud())
+            ->issuedBy($this->config->getIss())
+            ->identifiedBy((string)$identifier)
+            ->issuedAt($now)
+            ->canOnlyBeUsedAfter($now)
+            ->expiresAt($this->getExpiryDateTime($now))
+            ->relatedTo((string) $identifier)
+            ->withClaim('scopes', json_encode($claims))
+            ->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey());
     }
 
-    /**
-     * Token 自动续期
-     *
-     * @param Token $token
-     * @param int|string $ttl 秒数
-     * @return void
-     */
-    protected function automaticRenewalToken(JwtToken $token)
+    public function getExpiryDateTime($now): DateTimeImmutable
     {
-        $claims = $token->getClaims();
-
-        unset($claims['iat']);
-        unset($claims['jti']);
-        unset($claims['nbf']);
-        unset($claims['exp']);
-        unset($claims['iss']);
-        unset($claims['aud']);
-        unset($claims['refreshAt']);
-
-        $token = $this->make($claims);
-        $claims = $token->getClaims();
-        $refreshAt = $claims['refreshAt'];
-
-        header('Access-Control-Expose-Headers:Automatic-Renewal-Token,Automatic-Renewal-Token-RefreshAt');
-        header("Automatic-Renewal-Token:$token");
-        header("Automatic-Renewal-Token-RefreshAt:$refreshAt");
-
-        return $token;
+        $ttl = (string)$this->config->getExpires();
+        return $now->modify("+{$ttl} sec");
     }
 
     public function parseToken(string $token): JwtToken
     {
-        try {
-            $token = (new Parser())->parse($token);
-        } catch (\InvalidArgumentException $e) {
-            throw new JWTInvalidArgumentException('此 Token 解析失败', 500);
-        }
-
+        $token = $this->jwtConfiguration->parser()->parse($token);
         return $token;
     }
 
@@ -167,70 +124,21 @@ public function verify(string $token): ?bool
     {
         $this->token = $this->parseToken($token);
 
-        if (false === $this->token->verify($this->config->getSigner(), $this->config->makeSignerKey())) {
-            throw new JWTException('此 Token 与 密钥不匹配', $this->config->getReloginCode());
-        }
-
-        // Token 是否已可用
-        $now = time();
-        $exp = $this->token->getClaim('nbf');
-        if ($now < $exp) {
-            throw new JWTException('此 Token 暂未可用', 500);
-        }
-
-        // 是否已过期
-        if (true === $this->token->isExpired()) {
-            if ($now <= $this->token->getClaim('refreshAt')) {
-                // 是否开启自动续签
-                if ($this->config->getAutomaticRenewal()) {
-                    $this->token = $this->automaticRenewalToken($this->token);
-                } else {
-                    throw new TokenAlreadyEexpired('Token 已过期，请重新刷新', $this->config->getRefreshCode());
-                }
-            } else {
-                throw new TokenAlreadyEexpired('Token 刷新时间已过，请重新登录', $this->config->getReloginCode());
-            }
-        } else {
-            // 是否存在黑名单
-            if (true === $this->app->get('jwt.manager')->wasBan($this->token)) {
-                throw new TokenAlreadyEexpired('Token 已被禁用，请重新登录', $this->config->getReloginCode());
-            }
-        }
-
-        $data = new ValidationData();
+        $this->jwtConfiguration->setValidationConstraints(
+            new ValidAt(new SystemClock(new DateTimeZone(\date_default_timezone_get()))),
+            new SignedWith($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey())
+        );
 
-        $jwt_id = $this->token->getHeader('jti');
-        $data->setIssuer($this->config->getIss());
-        $data->setAudience($this->config->getAud());
-        $data->setId($jwt_id);
+        $constraints = $this->jwtConfiguration->validationConstraints();
 
-        if (!$this->token->validate($data)) {
-            throw new JWTException('此 Token 效验不通过', $this->config->getReloginCode());
+        if (!$this->jwtConfiguration->validator()->validate($this->token, ...$constraints)) {
+            throw new JWTException('效验失败', 401);
         }
 
         return true;
     }
 
-    public function refresh(string $token = null): JwtToken
-    {
-        $token = $token ?: $this->getRequestToken();
-        $token = $this->parseToken($token);
-
-        $claims = $token->getClaims();
-
-        unset($claims['iat']);
-        unset($claims['jti']);
-        unset($claims['nbf']);
-        unset($claims['exp']);
-        unset($claims['iss']);
-        unset($claims['aud']);
-
-        $this->app->get('jwt.manager')->logout($token);
-
-        return $this->make($claims);
-    }
-
-    public function logout(?string $token = null): void
+    public function logout(?string $token): void
     {
         $token = $token ?: $this->getRequestToken();
         $token = $this->parseToken($token);
@@ -256,9 +164,4 @@ public function getType(): string
     {
         return $this->config->getTokenType();
     }
-
-    public function getRefreshTTL()
-    {
-        return $this->config->getRefreshTTL();
-    }
 }