bearer middleware

kernel/modules/secure/controllers/SecureRestController.php

@@ -30,8 +30,6 @@ class SecureRestController extends RestController
 //            $baseUrl .= $_SERVER['REQUEST_URI'];;
                 $jwt = JWT::encode(
                     payload: [
-                        "iss" => $baseUrl,
-                        "aud" => $baseUrl,
                         "iat" => time(),
                         "exp" => date("Y-m-d H:i:s", strtotime("+30 days"))
                     ],

kernel/modules/secure/manifest.json

@@ -5,5 +5,6 @@
   "slug": "secure",
   "description": "Secure module",
   "routs": "routs/secure.php",
-  "dependence": "user"
+  "dependence": "user",
+  "show_in_admin": 0
 }

kernel/modules/secure/middlewares/BearerAuthMiddleware.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace kernel\modules\secure\middlewares;
+
+use JetBrains\PhpStorm\NoReturn;
+use kernel\App;
+use kernel\helpers\Debug;
+use kernel\Middleware;
+use kernel\modules\user\service\UserService;
+use kernel\Request;
+
+class BearerAuthMiddleware extends Middleware
+{
+    protected UserService $userService;
+
+    public function __construct()
+    {
+        $this->userService = new UserService();
+    }
+
+    function handler(): void
+    {
+        $request = new Request();
+        $authorization = $request->getHeader("Authorization");
+        if ($authorization){
+            $authorization = explode(" ", $authorization);
+            $type = $authorization[0];
+            $token = $authorization[1];
+            if ($type === "Bearer"){
+                $user = $this->userService->getByAccessToken($token);
+                if ($user){
+                    if ($user->access_token_expires_at > date("Y-m-d")){
+                        App::$user = $user;
+                        return;
+                    }
+                }
+            }
+        }
+
+        $this->returnError(403);
+    }
+
+    #[NoReturn] public function returnError(int $code): void
+    {
+        http_response_code($code);
+        die('Forbidden');
+    }
+}

kernel/modules/secure/routs/secure.php

@@ -5,6 +5,7 @@ use kernel\CgRouteCollector;
 use Phroute\Phroute\RouteCollector;
 
 App::$collector->filter("auth", [\kernel\middlewares\AuthMiddleware::class, "handler"]);
+App::$collector->filter('bearer', [\kernel\modules\secure\middlewares\BearerAuthMiddleware::class, "handler"]);
 
 App::$collector->group(["prefix" => "admin"], function (RouteCollector $router){
     App::$collector->group(["before" => "auth"], function (RouteCollector $router){