Compare commits

..

2 Commits

10 changed files with 136 additions and 19 deletions

View File

@ -9,3 +9,5 @@ DB_PREFIX=''
VIEWS_PATH=/views VIEWS_PATH=/views
VIEWS_CACHE_PATH=/views_cache VIEWS_CACHE_PATH=/views_cache
SECRET_KEY=''

View File

@ -6,6 +6,7 @@ $dotenv->load();
include_once __DIR__ . "/bootstrap/db.php"; include_once __DIR__ . "/bootstrap/db.php";
include_once __DIR__ . "/bootstrap/header.php"; include_once __DIR__ . "/bootstrap/header.php";
include_once __DIR__ . "/bootstrap/secure.php";
const ROOT_DIR = __DIR__; const ROOT_DIR = __DIR__;
const KERNEL_DIR = __DIR__ . "/kernel"; const KERNEL_DIR = __DIR__ . "/kernel";
const KERNEL_MODULES_DIR = __DIR__ . "/kernel/modules"; const KERNEL_MODULES_DIR = __DIR__ . "/kernel/modules";

8
bootstrap/secure.php Normal file
View File

@ -0,0 +1,8 @@
<?php
$secure_config = [
'token_type' => 'random_bytes', // random_bytes, md5, crypt, hash
'token_expired_time' => "+30 days", // +1 day
];
\kernel\App::$secure = $secure_config;

View File

@ -16,7 +16,8 @@
"itguild/eloquent-table": "^0.4.1", "itguild/eloquent-table": "^0.4.1",
"ext-zip": "*", "ext-zip": "*",
"josantonius/session": "^2.0", "josantonius/session": "^2.0",
"firebase/php-jwt": "^6.10" "firebase/php-jwt": "^6.10",
"k-adam/env-editor": "^2.0"
}, },
"autoload": { "autoload": {
"psr-4": { "psr-4": {

55
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "c51d9ca5b40e143a4d89e80120b7cba8", "content-hash": "da3890f2b5b477bf758306141b8c8583",
"packages": [ "packages": [
{ {
"name": "brick/math", "name": "brick/math",
@ -1038,6 +1038,57 @@
], ],
"time": "2024-05-20T09:12:44+00:00" "time": "2024-05-20T09:12:44+00:00"
}, },
{
"name": "k-adam/env-editor",
"version": "2.0.0",
"source": {
"type": "git",
"url": "https://github.com/K-Adam/php-env-editor.git",
"reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/K-Adam/php-env-editor/zipball/894855dff5df4e6fce3c83dd00941a19f99fc5d5",
"reference": "894855dff5df4e6fce3c83dd00941a19f99fc5d5",
"shasum": ""
},
"require": {
"php": ">=8.0"
},
"require-dev": {
"phpunit/phpunit": "9.5"
},
"type": "library",
"autoload": {
"psr-4": {
"EnvEditor\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Adam Kecskes",
"email": "kecskes.adam@outlook.com"
}
],
"description": ".env editor library",
"keywords": [
"dot-env",
"env",
"env-editor",
"env-loader",
"env-php",
"env-writer"
],
"support": {
"issues": "https://github.com/K-Adam/php-env-editor/issues",
"source": "https://github.com/K-Adam/php-env-editor/tree/2.0.0"
},
"time": "2022-06-05T11:17:23+00:00"
},
{ {
"name": "madesimple/php-arrays", "name": "madesimple/php-arrays",
"version": "v2.1.0", "version": "v2.1.0",
@ -2625,5 +2676,5 @@
"ext-zip": "*" "ext-zip": "*"
}, },
"platform-dev": [], "platform-dev": [],
"plugin-api-version": "2.6.0" "plugin-api-version": "2.3.0"
} }

View File

@ -20,6 +20,8 @@ class App
static User $user; static User $user;
static array $secure;
public ModuleService $moduleService; public ModuleService $moduleService;
public static Database $db; public static Database $db;

View File

@ -0,0 +1,25 @@
<?php
namespace kernel\console\controllers;
use kernel\console\ConsoleController;
use kernel\services\TokenService;
use Random\RandomException;
class SecureController extends ConsoleController
{
/**
* @throws RandomException
*/
public function actionCreateSecretKey(): void
{
$envFile = \EnvEditor\EnvFile::loadFrom(ROOT_DIR . "/.env");
$envFile->setValue("SECRET_KEY", TokenService::random_bytes(15));
$envFile->saveTo(ROOT_DIR . "/.env");
$this->out->r("Secret key successfully created.", "green");
}
}

View File

@ -17,6 +17,10 @@ App::$collector->group(["prefix" => "admin-theme"], callback: function (RouteCol
App::$collector->console('uninstall', [\kernel\console\controllers\AdminThemeController::class, 'actionUninstallTheme']); App::$collector->console('uninstall', [\kernel\console\controllers\AdminThemeController::class, 'actionUninstallTheme']);
}); });
App::$collector->group(["prefix" => "secure"], callback: function (RouteCollector $router){
App::$collector->console('create-secret-key', [\kernel\console\controllers\SecureController::class, 'actionCreateSecretKey']);
});
App::$collector->group(["prefix" => "admin"], callback: function (RouteCollector $router){ App::$collector->group(["prefix" => "admin"], callback: function (RouteCollector $router){
App::$collector->console('init', [\kernel\console\controllers\AdminConsoleController::class, 'actionInit']); App::$collector->console('init', [\kernel\console\controllers\AdminConsoleController::class, 'actionInit']);
}); });

View File

@ -5,10 +5,12 @@ namespace kernel\modules\secure\controllers;
use Firebase\JWT\JWT; use Firebase\JWT\JWT;
use Firebase\JWT\Key; use Firebase\JWT\Key;
use JetBrains\PhpStorm\NoReturn; use JetBrains\PhpStorm\NoReturn;
use kernel\App;
use kernel\helpers\Debug; use kernel\helpers\Debug;
use kernel\modules\user\models\User; use kernel\modules\user\models\User;
use kernel\Request; use kernel\Request;
use kernel\RestController; use kernel\RestController;
use kernel\services\TokenService;
class SecureRestController extends RestController class SecureRestController extends RestController
{ {
@ -25,21 +27,13 @@ class SecureRestController extends RestController
$res = []; $res = [];
if ($model) { if ($model) {
if (password_verify($data["password"], $model->password_hash)) { if (password_verify($data["password"], $model->password_hash)) {
$baseUrl = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https://' : 'http://'; $model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
$baseUrl .= $_SERVER['HTTP_HOST']; switch (App::$secure['token_type']){
// $baseUrl .= $_SERVER['REQUEST_URI'];; case "JWT":
$jwt = JWT::encode( $model->access_token = TokenService::JWT($_ENV['SECRET_KEY'], 'HS256');
payload: [ default:
"iat" => time(), $model->access_token = TokenService::random_bytes(20);
"exp" => date("Y-m-d H:i:s", strtotime("+30 days")) }
],
key: $model->password_hash,
alg: 'HS256'
);
$model->access_token = $jwt;
$model->access_token_expires_at =
JWT::decode($jwt, new Key($model->password_hash, 'HS256'))->exp;
$res = [ $res = [
"access_token" => $model->access_token, "access_token" => $model->access_token,

View File

@ -0,0 +1,29 @@
<?php
namespace kernel\services;
use Firebase\JWT\JWT;
use Random\RandomException;
class TokenService
{
public static function JWT(string|\OpenSSLCertificate|\OpenSSLAsymmetricKey $key, string $alg, array $payload = []): string
{
return JWT::encode(
payload: $payload,
key: $key,
alg: $alg
);
}
/**
* @throws RandomException
*/
public static function random_bytes(int $ln): string
{
$token = random_bytes($ln);
return bin2hex($token);
}
}