Home Verkennen Help
Registreren Inloggen
Bar
/
bartender
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 223d6954d9
Aftakkingen Labels
bartender
/
middlewares
/
JWTAuthMiddleware.php

JWTAuthMiddleware.php 2.7 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. <?php
    2. 

  2. 

  3. namespace Middlewares;
    4. 

  4. 

  5. use Firebase\JWT\JWT;
    6. 

  6. use Firebase\JWT\Key;
    7. 

  7. use Libs\ResponseLib;
    8. 

  8. use Psr\Http\Message\ServerRequestInterface;
    9. 

  9. use React\Http\Message\Response;
    10. 

  10. 

  11. class JwtAuthMiddleware
    12. 

  12. {
    13. 

  13.     private string $jwtSecret;
    14. 

  14. 

  15.     public function __construct()
    16. 

  16.     {
    17. 

  17.         // Carrega a chave secreta do .env (ex: JWT_SECRET=seu-segredo-aqui)
    18. 

  18.         $this->jwtSecret = $_ENV['JWT_SECRET'] ?? 'default-secret-fallback';  // Use um fallback seguro em dev
    19. 

  19.     }
    20. 

  20. 

  21.     public function __invoke(ServerRequestInterface $request, callable $next)
    22. 

  22.     {
    23. 

  23.         // 1. Extrai o token do header Authorization
    24. 

  24.         $authHeader = $request->getHeaderLine('Authorization');
    25. 

  25.         if (empty($authHeader) || !preg_match('/Bearer\s+(.*)/', $authHeader, $matches)) {
    26. 

  26.             return ResponseLib::sendFail("Unauthorized: Missing or invalid Authorization header", [], "E_VALIDATE")->withStatus(401);
    27. 

  27.         }
    28. 

  28. 

  29.         $token = $matches[1];
    30. 

  30. 

  31.         try {
    32. 

  32.             // 2. Decodifica e valida o JWT
    33. 

  33.             $decoded = JWT::decode($token, new Key($this->jwtSecret, 'HS256'));  // Use HS256 ou algoritmo desejado
    34. 

  34. 

  35.             // 3. Extrai claims (assuma que o JWT tem 'sub' como user_id e 'username')
    36. 

  36.             $userId = $decoded->sub ?? null;
    37. 

  37.             $apiUser = $decoded->username ?? null;
    38. 

  38. 

  39.             if (empty($userId) || empty($apiUser)) {
    40. 

  40.                 return ResponseLib::sendFail("Unauthorized: Invalid JWT claims", [], "E_VALIDATE")->withStatus(401);
    41. 

  41.             }
    42. 

  42. 

  43.             // 4. Verifica se o usuário existe e está ativo no banco (similar ao HMAC)
    44. 

  44.             $dbFile = $_ENV['DB_FILE'] ?? 'bridge.db';
    45. 

  45.             $dbPath = __DIR__ . '/../' . $dbFile;
    46. 

  46.             $pdo = new \PDO("sqlite:" . $dbPath);
    47. 

  47.             $pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
    48. 

  48. 

  49.             $stmt = $pdo->prepare("SELECT user_id FROM user WHERE user_id = :user_id AND user_name = :user_name AND user_flag = 'a'");
    50. 

  50.             $stmt->execute(['user_id' => $userId, 'user_name' => $apiUser]);
    51. 

  51.             $user = $stmt->fetch(\PDO::FETCH_ASSOC);
    52. 

  52. 

  53.             if (!$user) {
    54. 

  54.                 return ResponseLib::sendFail("Unauthorized: Invalid or inactive user", [], "E_VALIDATE")->withStatus(401);
    55. 

  55.             }
    56. 

  56. 

  57.             // 5. Tudo certo, adiciona atributos ao request (compatível com HMAC)
    58. 

  58.             $request = $request
    59. 

  59.                 ->withAttribute('api_user', $apiUser)
    60. 

  60.                 ->withAttribute('api_user_id', $userId);
    61. 

  61. 

  62.             return $next($request);
    63. 

  63. 

  64.         } catch (\Exception $e) {
    65. 

  65.             // Captura erros de JWT (ex: expirado, inválido)
    66. 

  66.             return ResponseLib::sendFail("Unauthorized: " . $e->getMessage(), [], "E_VALIDATE")->withStatus(401);
    67. 

  67.         }
    68. 

  68.     }
    69. 

  69. }
    70.