secure fix

This commit is contained in:
Kavalar 2024-12-13 17:29:36 +03:00
parent fc188482d0
commit 1d7ed112a7
3 changed files with 16 additions and 14 deletions

View File

@ -2,7 +2,7 @@
$secure_config = [ $secure_config = [
'web_auth_type' => 'email_code', // login_password, email_code 'web_auth_type' => 'email_code', // login_password, email_code
'token_type' => 'crypt', // random_bytes, md5, crypt, hash, JWT 'token_type' => 'hash', // random_bytes, md5, crypt, hash, JWT
'token_expired_time' => "+30 days", // +1 day 'token_expired_time' => "+30 days", // +1 day
]; ];

View File

@ -36,6 +36,7 @@ class SecureRestController extends RestController
$res = []; $res = [];
if ($model) { if ($model) {
if (password_verify($data["password"], $model->password_hash)) { if (password_verify($data["password"], $model->password_hash)) {
if ($model->access_token_expires_at < date("Y-m-d H:i:s") or $model->access_token === null){
$model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time'])); $model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
$model->access_token = match (App::$secure['token_type']) { $model->access_token = match (App::$secure['token_type']) {
"JWT" => TokenService::JWT($_ENV['SECRET_KEY'], 'HS256'), "JWT" => TokenService::JWT($_ENV['SECRET_KEY'], 'HS256'),
@ -44,6 +45,7 @@ class SecureRestController extends RestController
"hash" => TokenService::hash('sha256'), "hash" => TokenService::hash('sha256'),
default => TokenService::random_bytes(20), default => TokenService::random_bytes(20),
}; };
}
$res = [ $res = [
"access_token" => $model->access_token, "access_token" => $model->access_token,

View File

@ -32,7 +32,7 @@ class TokenService
*/ */
public static function md5(): string public static function md5(): string
{ {
return md5(microtime() . self::getSalt() . time()); return md5(microtime() . self::getSalt(10) . time());
} }
/** /**
@ -40,7 +40,7 @@ class TokenService
*/ */
public static function crypt(): string public static function crypt(): string
{ {
return crypt(microtime(), self::getSalt()); return crypt(microtime(), self::getSalt(20));
} }
/** /**
@ -48,15 +48,15 @@ class TokenService
*/ */
public static function hash(string $alg): string public static function hash(string $alg): string
{ {
return hash($alg, self::getSalt()); return hash($alg, self::getSalt(10));
} }
/** /**
* @throws RandomException * @throws RandomException
*/ */
public static function getSalt(): string public static function getSalt(int $length): string
{ {
return bin2hex(random_bytes(10)); return bin2hex(random_bytes($length));
} }
} }