Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
TooEasy
/
backend-php
3
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: 61fba5e31a
Haarat Tunnisteet
backend-php
/
middlewares
/
JwtAuthMiddleware.php

JwtAuthMiddleware.php 2.1 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. <?php
    2. 

  2. 

  3. namespace Middlewares;
    4. 

  4. 

  5. use Firebase\JWT\JWT;
    6. 

  6. use Firebase\JWT\Key;
    7. 

  7. use Libs\ResponseLib;
    8. 

  8. use Psr\Http\Message\ServerRequestInterface;
    9. 

  9. 

  10. class JwtAuthMiddleware
    11. 

  11. {
    12. 

  12.     private string $jwtSecret;
    13. 

  13. 

  14.     public function __construct()
    15. 

  15.     {
    16. 

  16.         // Carrega a chave secreta do .env (ex: JWT_SECRET=seu-segredo-aqui)
    17. 

  17.         $this->jwtSecret = $_ENV['JWT_SECRET'] ?? 'default-secret-fallback';  // Use um fallback seguro em dev
    18. 

  18.     }
    19. 

  19. 

  20.     public function __invoke(ServerRequestInterface $request, callable $next)
    21. 

  21.     {
    22. 

  22.         $authHeader = $request->getHeaderLine('Authorization');
    23. 

  23.         if (empty($authHeader) || !preg_match('/Bearer\s+(.*)/', $authHeader, $matches)) {
    24. 

  24.             return ResponseLib::sendFail("Unauthorized: Missing or invalid Authorization header", [], "E_VALIDATE")->withStatus(401);
    25. 

  25.         }
    26. 

  26. 

  27.         $token = $matches[1];
    28. 

  28. 

  29.         try {
    30. 

  30.             $decoded = JWT::decode($token, new Key($this->jwtSecret, 'HS256'));
    31. 

  31.             $userId = $decoded->sub ?? null;
    32. 

  32.             $email = $decoded->email ?? null;
    33. 

  33. 

  34.             if (empty($userId) || empty($email)) {
    35. 

  35.                 return ResponseLib::sendFail("Unauthorized: Invalid JWT claims", [], "E_VALIDATE")->withStatus(401);
    36. 

  36.             }
    37. 

  37. 

  38.             if (isset($GLOBALS['pdo']) && $GLOBALS['pdo'] instanceof \PDO) {
    39. 

  39.                 $pdo = $GLOBALS['pdo'];
    40. 

  40.             }
    41. 

  41.             
    42. 

  42.             $stmt = $pdo->prepare('SELECT user_id FROM "user" WHERE user_id = :user_id AND user_email = :email AND user_flag = \'a\'');
    43. 

  43.             $stmt->execute(['user_id' => $userId, 'email' => $email]);
    44. 

  44.             $user = $stmt->fetch(\PDO::FETCH_ASSOC);
    45. 

  45. 

  46.             if (!$user) {
    47. 

  47.                 return ResponseLib::sendFail("Unauthorized: Invalid or inactive user", [], "E_VALIDATE")->withStatus(401);
    48. 

  48.             }
    49. 

  49. 

  50.             $request = $request
    51. 

  51.                 ->withAttribute('api_user', $email)
    52. 

  52.                 ->withAttribute('api_user_id', $userId);
    53. 

  53. 

  54.             return $next($request);
    55. 

  55. 

  56.         } catch (\Exception $e) {
    57. 

  57.             return ResponseLib::sendFail("Unauthorized: " . $e->getMessage(), [], "E_VALIDATE")->withStatus(401);
    58. 

  58.         }
    59. 

  59.     }
    60. 

  60. }
    61.