creste secret key

2024-10-22 16:40:40 +03:00 · 2024-10-22 16:40:40 +03:00 · c9fe2f160a
commit c9fe2f160a
parent 7ccf0957bf
10 changed files with 136 additions and 19 deletions
--- a/.env.example
+++ b/.env.example
@ -8,4 +8,6 @@ DB_COLLATION=utf8_unicode_ci
 DB_PREFIX=''

 VIEWS_PATH=/views
-VIEWS_CACHE_PATH=/views_cache
+VIEWS_CACHE_PATH=/views_cache
+
+SECRET_KEY=''
--- a/bootstrap.php
+++ b/bootstrap.php
@ -6,6 +6,7 @@ $dotenv->load();

 include_once __DIR__ . "/bootstrap/db.php";
 include_once __DIR__ . "/bootstrap/header.php";
+include_once __DIR__ . "/bootstrap/secure.php";
 const ROOT_DIR = __DIR__;
 const KERNEL_DIR = __DIR__ . "/kernel";
 const KERNEL_MODULES_DIR = __DIR__ . "/kernel/modules";
--- a/bootstrap/secure.php
+++ b/bootstrap/secure.php
@ -0,0 +1,8 @@
+<?php
+
+$secure_config = [
+    'token_type' => 'random_bytes', // random_bytes, md5, crypt, hash
+    'token_expired_time' => "+30 days", // +1 day
+];
+
+\kernel\App::$secure = $secure_config;
--- a/composer.json
+++ b/composer.json
@ -16,7 +16,8 @@
    "itguild/eloquent-table": "^0.4.1",
    "ext-zip": "*",
    "josantonius/session": "^2.0",
-    "firebase/php-jwt": "^6.10"
+    "firebase/php-jwt": "^6.10",
+    "k-adam/env-editor": "^2.0"
  },
  "autoload": {
    "psr-4": {
--- a/composer.lock
+++ b/composer.lock
@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "c51d9ca5b40e143a4d89e80120b7cba8",
+    "content-hash": "da3890f2b5b477bf758306141b8c8583",
    "packages": [
        {
            "name": "brick/math",
@ -1038,6 +1038,57 @@
            ],
            "time": "2024-05-20T09:12:44+00:00"
        },
+        {
+            "name": "k-adam/env-editor",
+            "version": "2.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/K-Adam/php-env-editor.git",
+                "reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/K-Adam/php-env-editor/zipball/894855dff5df4e6fce3c83dd00941a19f99fc5d5",
+                "reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=8.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "9.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "EnvEditor\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Adam Kecskes",
+                    "email": "kecskes.adam@outlook.com"
+                }
+            ],
+            "description": ".env editor library",
+            "keywords": [
+                "dot-env",
+                "env",
+                "env-editor",
+                "env-loader",
+                "env-php",
+                "env-writer"
+            ],
+            "support": {
+                "issues": "https://github.com/K-Adam/php-env-editor/issues",
+                "source": "https://github.com/K-Adam/php-env-editor/tree/2.0.0"
+            },
+            "time": "2022-06-05T11:17:23+00:00"
+        },
        {
            "name": "madesimple/php-arrays",
            "version": "v2.1.0",
@ -2625,5 +2676,5 @@
        "ext-zip": "*"
    },
    "platform-dev": [],
-    "plugin-api-version": "2.6.0"
+    "plugin-api-version": "2.3.0"
 }
--- a/kernel/App.php
+++ b/kernel/App.php
@ -20,6 +20,8 @@ class App

    static User $user;

+    static array $secure;
+
    public ModuleService $moduleService;

    public static Database $db;
--- a/kernel/console/controllers/SecureController.php
+++ b/kernel/console/controllers/SecureController.php
@ -0,0 +1,25 @@
+<?php
+
+namespace kernel\console\controllers;
+
+use kernel\console\ConsoleController;
+use kernel\services\TokenService;
+use Random\RandomException;
+
+class SecureController extends ConsoleController
+{
+
+    /**
+     * @throws RandomException
+     */
+    public function actionCreateSecretKey(): void
+    {
+        $envFile = \EnvEditor\EnvFile::loadFrom(ROOT_DIR . "/.env");
+
+        $envFile->setValue("SECRET_KEY", TokenService::random_bytes(15));
+
+        $envFile->saveTo(ROOT_DIR . "/.env");
+        $this->out->r("Secret key successfully created.", "green");
+    }
+
+}
--- a/kernel/console/routs/cli.php
+++ b/kernel/console/routs/cli.php
@ -17,6 +17,10 @@ App::$collector->group(["prefix" => "admin-theme"], callback: function (RouteCol
    App::$collector->console('uninstall', [\kernel\console\controllers\AdminThemeController::class, 'actionUninstallTheme']);
 });

+App::$collector->group(["prefix" => "secure"], callback: function (RouteCollector $router){
+    App::$collector->console('create-secret-key', [\kernel\console\controllers\SecureController::class, 'actionCreateSecretKey']);
+});
+
 App::$collector->group(["prefix" => "admin"], callback: function (RouteCollector $router){
    App::$collector->console('init', [\kernel\console\controllers\AdminConsoleController::class, 'actionInit']);
 });
--- a/kernel/modules/secure/controllers/SecureRestController.php
+++ b/kernel/modules/secure/controllers/SecureRestController.php
@ -5,10 +5,12 @@ namespace kernel\modules\secure\controllers;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 use JetBrains\PhpStorm\NoReturn;
+use kernel\App;
 use kernel\helpers\Debug;
 use kernel\modules\user\models\User;
 use kernel\Request;
 use kernel\RestController;
+use kernel\services\TokenService;

 class SecureRestController extends RestController
 {
@ -25,21 +27,13 @@ class SecureRestController extends RestController
        $res = [];
        if ($model) {
            if (password_verify($data["password"], $model->password_hash)) {
-                $baseUrl = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://';
-                $baseUrl .= $_SERVER['HTTP_HOST'];
-//            $baseUrl .= $_SERVER['REQUEST_URI'];;
-                $jwt = JWT::encode(
-                    payload: [
-                        "iat" => time(),
-                        "exp" => date("Y-m-d H:i:s", strtotime("+30 days"))
-                    ],
-                    key: $model->password_hash,
-                    alg: 'HS256'
-                );
-
-                $model->access_token = $jwt;
-                $model->access_token_expires_at =
-                    JWT::decode($jwt, new Key($model->password_hash, 'HS256'))->exp;
+                $model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
+                switch (App::$secure['token_type']){
+                    case "JWT":
+                        $model->access_token = TokenService::JWT($_ENV['SECRET_KEY'], 'HS256');
+                    default:
+                        $model->access_token = TokenService::random_bytes(20);
+                }

                $res = [
                    "access_token" => $model->access_token,
--- a/kernel/services/TokenService.php
+++ b/kernel/services/TokenService.php
@ -0,0 +1,29 @@
+<?php
+
+namespace kernel\services;
+
+use Firebase\JWT\JWT;
+use Random\RandomException;
+
+class TokenService
+{
+
+    public static function JWT(string|\OpenSSLCertificate|\OpenSSLAsymmetricKey $key, string $alg, array $payload = []): string
+    {
+        return JWT::encode(
+            payload: $payload,
+            key: $key,
+            alg: $alg
+        );
+    }
+
+    /**
+     * @throws RandomException
+     */
+    public static function random_bytes(int $ln): string
+    {
+        $token = random_bytes($ln);
+        return bin2hex($token);
+    }
+
+}