noccy/mercureact
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
87d47f8ce8
mercureact/src/Http/Middleware/SecurityMiddleware.php

73 lines
2.1 KiB
PHP
Raw Blame History

<?php
namespace NoccyLabs\Mercureact\Http\Middleware;
use NoccyLabs\Mercureact\Configuration;
use NoccyLabs\Mercureact\Http\Exception\SecurityException;
use NoccyLabs\SimpleJWT\JWTToken;
use NoccyLabs\SimpleJWT\Key\JWTPlaintextKey;
use NoccyLabs\SimpleJWT\Validator\JWTValidator;
use Psr\Http\Message\ServerRequestInterface;
use React\Promise\Promise;
use React\Promise\PromiseInterface;
class SecurityMiddleware
{
public function __construct(
private Configuration $config
)
{
}
/**
*
*
* @param ServerRequestInterface $request
* @param callable $next
* @return PromiseInterface
*/
public function __invoke(ServerRequestInterface $request, callable $next): PromiseInterface
{
return new Promise(
function (callable $resolve, callable $reject) use ($request, $next) {
// Check JWT in authorization header or authorization query param
$request = $this->checkAuthorization($request);
$resolve($next($request));
}
);
}
/**
* Check authorization and return a new request with added attributes:
*
* 'authorization' => JWTToken
*
* @param ServerRequestInterface $request
* @return ServerRequestInterface
*/
private function checkAuthorization(ServerRequestInterface $request): ServerRequestInterface
{
$authorization = $request->getHeaderLine('authorization');
if (str_starts_with(strtolower($authorization), "bearer ")) {
$jwt = substr($authorization, strpos($authorization, " ")+1);
$key = new JWTPlaintextKey($this->config->getJwtSecret());
$tok = new JWTToken($key, $jwt);
if (!$tok->isValid()) {
throw new SecurityException(
message: "Invalid token",
code: SecurityException::ERR_ACCESS_DENIED
);
}
return $request
->withAttribute('authorization', $tok);
} else {
return $request
->withAttribute('authorization', null);
}
}
}
Reference in New Issue View Git Blame Copy Permalink