101 lines
2.7 KiB
PHP
101 lines
2.7 KiB
PHP
<?php
|
|
|
|
namespace App\Services;
|
|
|
|
use App\Models\User;
|
|
use Firebase\JWT\JWT;
|
|
use Firebase\JWT\Key;
|
|
use Illuminate\Support\Carbon;
|
|
use RuntimeException;
|
|
|
|
class JwtService
|
|
{
|
|
public function issue(User $user, bool $save = true): string
|
|
{
|
|
$secret = config('jwt.secret');
|
|
|
|
if (! $secret) {
|
|
throw new RuntimeException('JWT secret is not configured.');
|
|
}
|
|
|
|
$issuedAt = Carbon::now();
|
|
$ttl = (int) config('jwt.ttl', 3600);
|
|
$expiresAt = $issuedAt->copy()->addSeconds($ttl);
|
|
|
|
$payload = [
|
|
'iss' => config('jwt.issuer', config('app.name')),
|
|
'sub' => (string) $user->id,
|
|
'iat' => $issuedAt->timestamp,
|
|
'nbf' => $issuedAt->timestamp,
|
|
'exp' => $expiresAt->timestamp,
|
|
|
|
'character_id' => $user->character_id,
|
|
'character_name' => $user->character_name,
|
|
'character_owner_hash' => $user->character_owner_hash,
|
|
|
|
//Critical for privileg-aware JWT invalidation/regeneration
|
|
'privileges_version' => (int) $user->privileges_version,
|
|
];
|
|
|
|
$jwt = JWT::encode($payload, $secret, 'HS256');
|
|
|
|
if ($save) {
|
|
$user->forceFill([
|
|
'user_jwt' => $jwt,
|
|
'user_jwt_issued_at' => $issuedAt,
|
|
'user_jwt_expires_at' => $expiresAt,
|
|
])->save();
|
|
}
|
|
|
|
return $jwt;
|
|
}
|
|
|
|
public function refreshIfNeeded(User $user): string
|
|
{
|
|
$refreshInterval = (int) config('jwt.refresh_interval', 3600);
|
|
|
|
if ($user->jwtNeedsRefresh($refreshInterval)) {
|
|
return $this->issue($user);
|
|
}
|
|
|
|
return $user->user_jwt;
|
|
}
|
|
|
|
public function make(User $user): string
|
|
{
|
|
$secret = config('jwt.secret');
|
|
|
|
if (! $secret) {
|
|
throw new RuntimeException('JWT secret is not configured.');
|
|
}
|
|
|
|
$now = Carbon::now()->timestamp;
|
|
$ttl = (int) config('jwt.ttl', 3600);
|
|
|
|
$payload = [
|
|
'iss' => config('jwt.issuer', config('app.name')),
|
|
'sub' => (string) $user->id,
|
|
'iat' => $now,
|
|
'nbf' => $now,
|
|
'exp' => $now + $ttl,
|
|
|
|
// App-specific claims
|
|
'character_id' => $user->character_id,
|
|
'character_name' => $user->character_name,
|
|
'character_owner_hash' => $user->character_owner_hash,
|
|
];
|
|
|
|
return JWT::encode($payload, $secret, 'HS256');
|
|
}
|
|
|
|
public function decode(string $token): object
|
|
{
|
|
$secret = config('jwt.secret');
|
|
|
|
if (! $secret) {
|
|
throw new RuntimeException('JWT secret is not configured.');
|
|
}
|
|
|
|
return JWT::decode($token, new Key($secret, 'HS256'));
|
|
}
|
|
} |