creste secret key
This commit is contained in:
parent
7ccf0957bf
commit
c9fe2f160a
@ -9,3 +9,5 @@ DB_PREFIX=''
|
|||||||
|
|
||||||
VIEWS_PATH=/views
|
VIEWS_PATH=/views
|
||||||
VIEWS_CACHE_PATH=/views_cache
|
VIEWS_CACHE_PATH=/views_cache
|
||||||
|
|
||||||
|
SECRET_KEY=''
|
@ -6,6 +6,7 @@ $dotenv->load();
|
|||||||
|
|
||||||
include_once __DIR__ . "/bootstrap/db.php";
|
include_once __DIR__ . "/bootstrap/db.php";
|
||||||
include_once __DIR__ . "/bootstrap/header.php";
|
include_once __DIR__ . "/bootstrap/header.php";
|
||||||
|
include_once __DIR__ . "/bootstrap/secure.php";
|
||||||
const ROOT_DIR = __DIR__;
|
const ROOT_DIR = __DIR__;
|
||||||
const KERNEL_DIR = __DIR__ . "/kernel";
|
const KERNEL_DIR = __DIR__ . "/kernel";
|
||||||
const KERNEL_MODULES_DIR = __DIR__ . "/kernel/modules";
|
const KERNEL_MODULES_DIR = __DIR__ . "/kernel/modules";
|
||||||
|
8
bootstrap/secure.php
Normal file
8
bootstrap/secure.php
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
$secure_config = [
|
||||||
|
'token_type' => 'random_bytes', // random_bytes, md5, crypt, hash
|
||||||
|
'token_expired_time' => "+30 days", // +1 day
|
||||||
|
];
|
||||||
|
|
||||||
|
\kernel\App::$secure = $secure_config;
|
@ -16,7 +16,8 @@
|
|||||||
"itguild/eloquent-table": "^0.4.1",
|
"itguild/eloquent-table": "^0.4.1",
|
||||||
"ext-zip": "*",
|
"ext-zip": "*",
|
||||||
"josantonius/session": "^2.0",
|
"josantonius/session": "^2.0",
|
||||||
"firebase/php-jwt": "^6.10"
|
"firebase/php-jwt": "^6.10",
|
||||||
|
"k-adam/env-editor": "^2.0"
|
||||||
},
|
},
|
||||||
"autoload": {
|
"autoload": {
|
||||||
"psr-4": {
|
"psr-4": {
|
||||||
|
55
composer.lock
generated
55
composer.lock
generated
@ -4,7 +4,7 @@
|
|||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "c51d9ca5b40e143a4d89e80120b7cba8",
|
"content-hash": "da3890f2b5b477bf758306141b8c8583",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "brick/math",
|
"name": "brick/math",
|
||||||
@ -1038,6 +1038,57 @@
|
|||||||
],
|
],
|
||||||
"time": "2024-05-20T09:12:44+00:00"
|
"time": "2024-05-20T09:12:44+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "k-adam/env-editor",
|
||||||
|
"version": "2.0.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/K-Adam/php-env-editor.git",
|
||||||
|
"reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/K-Adam/php-env-editor/zipball/894855dff5df4e6fce3c83dd00941a19f99fc5d5",
|
||||||
|
"reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=8.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "9.5"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"EnvEditor\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Adam Kecskes",
|
||||||
|
"email": "kecskes.adam@outlook.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": ".env editor library",
|
||||||
|
"keywords": [
|
||||||
|
"dot-env",
|
||||||
|
"env",
|
||||||
|
"env-editor",
|
||||||
|
"env-loader",
|
||||||
|
"env-php",
|
||||||
|
"env-writer"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/K-Adam/php-env-editor/issues",
|
||||||
|
"source": "https://github.com/K-Adam/php-env-editor/tree/2.0.0"
|
||||||
|
},
|
||||||
|
"time": "2022-06-05T11:17:23+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "madesimple/php-arrays",
|
"name": "madesimple/php-arrays",
|
||||||
"version": "v2.1.0",
|
"version": "v2.1.0",
|
||||||
@ -2625,5 +2676,5 @@
|
|||||||
"ext-zip": "*"
|
"ext-zip": "*"
|
||||||
},
|
},
|
||||||
"platform-dev": [],
|
"platform-dev": [],
|
||||||
"plugin-api-version": "2.6.0"
|
"plugin-api-version": "2.3.0"
|
||||||
}
|
}
|
||||||
|
@ -20,6 +20,8 @@ class App
|
|||||||
|
|
||||||
static User $user;
|
static User $user;
|
||||||
|
|
||||||
|
static array $secure;
|
||||||
|
|
||||||
public ModuleService $moduleService;
|
public ModuleService $moduleService;
|
||||||
|
|
||||||
public static Database $db;
|
public static Database $db;
|
||||||
|
25
kernel/console/controllers/SecureController.php
Normal file
25
kernel/console/controllers/SecureController.php
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace kernel\console\controllers;
|
||||||
|
|
||||||
|
use kernel\console\ConsoleController;
|
||||||
|
use kernel\services\TokenService;
|
||||||
|
use Random\RandomException;
|
||||||
|
|
||||||
|
class SecureController extends ConsoleController
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @throws RandomException
|
||||||
|
*/
|
||||||
|
public function actionCreateSecretKey(): void
|
||||||
|
{
|
||||||
|
$envFile = \EnvEditor\EnvFile::loadFrom(ROOT_DIR . "/.env");
|
||||||
|
|
||||||
|
$envFile->setValue("SECRET_KEY", TokenService::random_bytes(15));
|
||||||
|
|
||||||
|
$envFile->saveTo(ROOT_DIR . "/.env");
|
||||||
|
$this->out->r("Secret key successfully created.", "green");
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -17,6 +17,10 @@ App::$collector->group(["prefix" => "admin-theme"], callback: function (RouteCol
|
|||||||
App::$collector->console('uninstall', [\kernel\console\controllers\AdminThemeController::class, 'actionUninstallTheme']);
|
App::$collector->console('uninstall', [\kernel\console\controllers\AdminThemeController::class, 'actionUninstallTheme']);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
App::$collector->group(["prefix" => "secure"], callback: function (RouteCollector $router){
|
||||||
|
App::$collector->console('create-secret-key', [\kernel\console\controllers\SecureController::class, 'actionCreateSecretKey']);
|
||||||
|
});
|
||||||
|
|
||||||
App::$collector->group(["prefix" => "admin"], callback: function (RouteCollector $router){
|
App::$collector->group(["prefix" => "admin"], callback: function (RouteCollector $router){
|
||||||
App::$collector->console('init', [\kernel\console\controllers\AdminConsoleController::class, 'actionInit']);
|
App::$collector->console('init', [\kernel\console\controllers\AdminConsoleController::class, 'actionInit']);
|
||||||
});
|
});
|
||||||
|
@ -5,10 +5,12 @@ namespace kernel\modules\secure\controllers;
|
|||||||
use Firebase\JWT\JWT;
|
use Firebase\JWT\JWT;
|
||||||
use Firebase\JWT\Key;
|
use Firebase\JWT\Key;
|
||||||
use JetBrains\PhpStorm\NoReturn;
|
use JetBrains\PhpStorm\NoReturn;
|
||||||
|
use kernel\App;
|
||||||
use kernel\helpers\Debug;
|
use kernel\helpers\Debug;
|
||||||
use kernel\modules\user\models\User;
|
use kernel\modules\user\models\User;
|
||||||
use kernel\Request;
|
use kernel\Request;
|
||||||
use kernel\RestController;
|
use kernel\RestController;
|
||||||
|
use kernel\services\TokenService;
|
||||||
|
|
||||||
class SecureRestController extends RestController
|
class SecureRestController extends RestController
|
||||||
{
|
{
|
||||||
@ -25,21 +27,13 @@ class SecureRestController extends RestController
|
|||||||
$res = [];
|
$res = [];
|
||||||
if ($model) {
|
if ($model) {
|
||||||
if (password_verify($data["password"], $model->password_hash)) {
|
if (password_verify($data["password"], $model->password_hash)) {
|
||||||
$baseUrl = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
|
$model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
|
||||||
$baseUrl .= $_SERVER['HTTP_HOST'];
|
switch (App::$secure['token_type']){
|
||||||
// $baseUrl .= $_SERVER['REQUEST_URI'];;
|
case "JWT":
|
||||||
$jwt = JWT::encode(
|
$model->access_token = TokenService::JWT($_ENV['SECRET_KEY'], 'HS256');
|
||||||
payload: [
|
default:
|
||||||
"iat" => time(),
|
$model->access_token = TokenService::random_bytes(20);
|
||||||
"exp" => date("Y-m-d H:i:s", strtotime("+30 days"))
|
}
|
||||||
],
|
|
||||||
key: $model->password_hash,
|
|
||||||
alg: 'HS256'
|
|
||||||
);
|
|
||||||
|
|
||||||
$model->access_token = $jwt;
|
|
||||||
$model->access_token_expires_at =
|
|
||||||
JWT::decode($jwt, new Key($model->password_hash, 'HS256'))->exp;
|
|
||||||
|
|
||||||
$res = [
|
$res = [
|
||||||
"access_token" => $model->access_token,
|
"access_token" => $model->access_token,
|
||||||
|
29
kernel/services/TokenService.php
Normal file
29
kernel/services/TokenService.php
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace kernel\services;
|
||||||
|
|
||||||
|
use Firebase\JWT\JWT;
|
||||||
|
use Random\RandomException;
|
||||||
|
|
||||||
|
class TokenService
|
||||||
|
{
|
||||||
|
|
||||||
|
public static function JWT(string|\OpenSSLCertificate|\OpenSSLAsymmetricKey $key, string $alg, array $payload = []): string
|
||||||
|
{
|
||||||
|
return JWT::encode(
|
||||||
|
payload: $payload,
|
||||||
|
key: $key,
|
||||||
|
alg: $alg
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @throws RandomException
|
||||||
|
*/
|
||||||
|
public static function random_bytes(int $ln): string
|
||||||
|
{
|
||||||
|
$token = random_bytes($ln);
|
||||||
|
return bin2hex($token);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user