/** * Get the token for the given request cookie. * * @param Request $request * @return Token */ protected function getTokenFromCookie($request) { // If we need to retrieve the token from the cookie, it'll be encrypted so we must // first decrypt the cookie and then attempt to find the token value within the // database. If we can't decrypt the value we'll bail out with a null return. try { $token = JWT::decode(decrypt($request->cookie('spark_token'))); } catch (Exception $e) { return; } // We will compare the XSRF token in the decoded API token against the XSRF header // sent with the request. If the two don't match then this request is sent from // a valid source and we won't authenticate the request for further handling. if (!$this->validXsrf($token, $request)) { return; } // Here we will create a token instance from the JWT token. This'll be a transient // token which allows all operations since the user is physically logged into a // screen of the application. We'll check the expiration date then return it. $token = $this->createTransientToken($token['sub'], Carbon::createFromTimestamp($token['expiry'])); return $token->isExpired() ? null : $token; }
/** * {@inheritdoc} */ public function createTokenCookie($user) { $token = JWT::encode(['sub' => $user->id, 'xsrf' => csrf_token(), 'expiry' => Carbon::now()->addMinutes(5)->getTimestamp()]); return cookie('spark_token', $token, 5, null, config('session.domain'), config('session.secure'), true); }