From c9fe2f160a3131ef6bf4a828293c69938763ad14 Mon Sep 17 00:00:00 2001 From: Kavalar Date: Tue, 22 Oct 2024 16:40:40 +0300 Subject: [PATCH] creste secret key --- .env.example | 4 +- bootstrap.php | 1 + bootstrap/secure.php | 8 +++ composer.json | 3 +- composer.lock | 55 ++++++++++++++++++- kernel/App.php | 2 + .../console/controllers/SecureController.php | 25 +++++++++ kernel/console/routs/cli.php | 4 ++ .../controllers/SecureRestController.php | 24 +++----- kernel/services/TokenService.php | 29 ++++++++++ 10 files changed, 136 insertions(+), 19 deletions(-) create mode 100644 bootstrap/secure.php create mode 100644 kernel/console/controllers/SecureController.php create mode 100644 kernel/services/TokenService.php diff --git a/.env.example b/.env.example index 369616c..a9a285c 100644 --- a/.env.example +++ b/.env.example @@ -8,4 +8,6 @@ DB_COLLATION=utf8_unicode_ci DB_PREFIX='' VIEWS_PATH=/views -VIEWS_CACHE_PATH=/views_cache \ No newline at end of file +VIEWS_CACHE_PATH=/views_cache + +SECRET_KEY='' \ No newline at end of file diff --git a/bootstrap.php b/bootstrap.php index da9207e..0a85d73 100644 --- a/bootstrap.php +++ b/bootstrap.php @@ -6,6 +6,7 @@ $dotenv->load(); include_once __DIR__ . "/bootstrap/db.php"; include_once __DIR__ . "/bootstrap/header.php"; +include_once __DIR__ . "/bootstrap/secure.php"; const ROOT_DIR = __DIR__; const KERNEL_DIR = __DIR__ . "/kernel"; const KERNEL_MODULES_DIR = __DIR__ . "/kernel/modules"; diff --git a/bootstrap/secure.php b/bootstrap/secure.php new file mode 100644 index 0000000..f2b0b37 --- /dev/null +++ b/bootstrap/secure.php @@ -0,0 +1,8 @@ + 'random_bytes', // random_bytes, md5, crypt, hash + 'token_expired_time' => "+30 days", // +1 day +]; + +\kernel\App::$secure = $secure_config; \ No newline at end of file diff --git a/composer.json b/composer.json index ba017a1..c4a4b2f 100644 --- a/composer.json +++ b/composer.json @@ -16,7 +16,8 @@ "itguild/eloquent-table": "^0.4.1", "ext-zip": "*", "josantonius/session": "^2.0", - "firebase/php-jwt": "^6.10" + "firebase/php-jwt": "^6.10", + "k-adam/env-editor": "^2.0" }, "autoload": { "psr-4": { diff --git a/composer.lock b/composer.lock index 6d283e9..c36242c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "c51d9ca5b40e143a4d89e80120b7cba8", + "content-hash": "da3890f2b5b477bf758306141b8c8583", "packages": [ { "name": "brick/math", @@ -1038,6 +1038,57 @@ ], "time": "2024-05-20T09:12:44+00:00" }, + { + "name": "k-adam/env-editor", + "version": "2.0.0", + "source": { + "type": "git", + "url": "https://github.com/K-Adam/php-env-editor.git", + "reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/K-Adam/php-env-editor/zipball/894855dff5df4e6fce3c83dd00941a19f99fc5d5", + "reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5", + "shasum": "" + }, + "require": { + "php": ">=8.0" + }, + "require-dev": { + "phpunit/phpunit": "9.5" + }, + "type": "library", + "autoload": { + "psr-4": { + "EnvEditor\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Adam Kecskes", + "email": "kecskes.adam@outlook.com" + } + ], + "description": ".env editor library", + "keywords": [ + "dot-env", + "env", + "env-editor", + "env-loader", + "env-php", + "env-writer" + ], + "support": { + "issues": "https://github.com/K-Adam/php-env-editor/issues", + "source": "https://github.com/K-Adam/php-env-editor/tree/2.0.0" + }, + "time": "2022-06-05T11:17:23+00:00" + }, { "name": "madesimple/php-arrays", "version": "v2.1.0", @@ -2625,5 +2676,5 @@ "ext-zip": "*" }, "platform-dev": [], - "plugin-api-version": "2.6.0" + "plugin-api-version": "2.3.0" } diff --git a/kernel/App.php b/kernel/App.php index 07b8f71..f185ce8 100644 --- a/kernel/App.php +++ b/kernel/App.php @@ -20,6 +20,8 @@ class App static User $user; + static array $secure; + public ModuleService $moduleService; public static Database $db; diff --git a/kernel/console/controllers/SecureController.php b/kernel/console/controllers/SecureController.php new file mode 100644 index 0000000..b9638c5 --- /dev/null +++ b/kernel/console/controllers/SecureController.php @@ -0,0 +1,25 @@ +setValue("SECRET_KEY", TokenService::random_bytes(15)); + + $envFile->saveTo(ROOT_DIR . "/.env"); + $this->out->r("Secret key successfully created.", "green"); + } + +} \ No newline at end of file diff --git a/kernel/console/routs/cli.php b/kernel/console/routs/cli.php index e48f961..693ff3c 100644 --- a/kernel/console/routs/cli.php +++ b/kernel/console/routs/cli.php @@ -17,6 +17,10 @@ App::$collector->group(["prefix" => "admin-theme"], callback: function (RouteCol App::$collector->console('uninstall', [\kernel\console\controllers\AdminThemeController::class, 'actionUninstallTheme']); }); +App::$collector->group(["prefix" => "secure"], callback: function (RouteCollector $router){ + App::$collector->console('create-secret-key', [\kernel\console\controllers\SecureController::class, 'actionCreateSecretKey']); +}); + App::$collector->group(["prefix" => "admin"], callback: function (RouteCollector $router){ App::$collector->console('init', [\kernel\console\controllers\AdminConsoleController::class, 'actionInit']); }); diff --git a/kernel/modules/secure/controllers/SecureRestController.php b/kernel/modules/secure/controllers/SecureRestController.php index 89d3583..3900296 100644 --- a/kernel/modules/secure/controllers/SecureRestController.php +++ b/kernel/modules/secure/controllers/SecureRestController.php @@ -5,10 +5,12 @@ namespace kernel\modules\secure\controllers; use Firebase\JWT\JWT; use Firebase\JWT\Key; use JetBrains\PhpStorm\NoReturn; +use kernel\App; use kernel\helpers\Debug; use kernel\modules\user\models\User; use kernel\Request; use kernel\RestController; +use kernel\services\TokenService; class SecureRestController extends RestController { @@ -25,21 +27,13 @@ class SecureRestController extends RestController $res = []; if ($model) { if (password_verify($data["password"], $model->password_hash)) { - $baseUrl = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://'; - $baseUrl .= $_SERVER['HTTP_HOST']; -// $baseUrl .= $_SERVER['REQUEST_URI'];; - $jwt = JWT::encode( - payload: [ - "iat" => time(), - "exp" => date("Y-m-d H:i:s", strtotime("+30 days")) - ], - key: $model->password_hash, - alg: 'HS256' - ); - - $model->access_token = $jwt; - $model->access_token_expires_at = - JWT::decode($jwt, new Key($model->password_hash, 'HS256'))->exp; + $model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time'])); + switch (App::$secure['token_type']){ + case "JWT": + $model->access_token = TokenService::JWT($_ENV['SECRET_KEY'], 'HS256'); + default: + $model->access_token = TokenService::random_bytes(20); + } $res = [ "access_token" => $model->access_token, diff --git a/kernel/services/TokenService.php b/kernel/services/TokenService.php new file mode 100644 index 0000000..5cb1c59 --- /dev/null +++ b/kernel/services/TokenService.php @@ -0,0 +1,29 @@ +