public static function generate_jwt($user)
{
$issuedAt = time();
$tokenId = base64_encode(Random::key(32));
$serverName = Config::get('serverName');
/*
* Create the token as an array
*/
$data = ['iat' => $issuedAt, 'jti' => $tokenId, 'iss' => $serverName, 'exp' => $issuedAt + 1800, 'data' => ['userId' => $user->id, 'userName' => $user->username]];
/*
* Extract the key, which is coming from the config file.
*
* Generated with base64_encode(openssl_random_pseudo_bytes(64));
*/
$secretKey = base64_decode(Config::get('jwt')['key']);
/*
* Extract the algorithm from the config file too
*/
$algorithm = Config::get('jwt')['algorithm'];
/*
* Encode the array to a JWT string.
* Second parameter is the key to encode the token.
*
* The output string can be validated at http://jwt.io/
*/
$jwt = JWT::encode($data, $secretKey, $algorithm);
return $jwt;
}
function login($req, $res, $args)
{
if ($req->isPost()) {
$form_username = Input::post('req_username');
$form_password = Input::post('req_password');
$save_pass = (bool) Input::post('save_pass');
// If form was correctly filled
if ($form_username && $form_password) {
$user = AuthModel::get_user_from_name($form_username);
// Compare user pass with form data
$form_password_hash = Random::hash($form_password);
// Will result in a SHA-1 hash
if ($user->password == $form_password_hash) {
$expire = $save_pass ? time() + 1209600 : time() + 1800;
$jwt = AuthModel::generate_jwt($user);
AuthModel::feather_setcookie('Bearer ' . $jwt, $expire);
return Router::redirect(Router::pathFor('home'), 'Welcome ' . $user->username . '!');
} else {
throw new \Exception('Wrong user/pass', 403);
}
} else {
throw new \Exception("Username and password are required fields.", 1);
}
} elseif ($req->isGet()) {
return View::setPageInfo(['title' => 'Login', 'active_nav' => 'login'])->addTemplate('login.php')->display();
}
}
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
if (PHP_SAPI == 'cli-server') {
// To help the built-in PHP dev server, check if the request was actually for
// something which should probably be served as a static file
$file = __DIR__ . $_SERVER['REQUEST_URI'];
if (is_file($file)) {
return false;
}
}
require __DIR__ . '/../vendor/autoload.php';
session_start();
// Instantiate the app
$settings = __DIR__ . '/../config/settings.php';
if (!is_file($settings)) {
$defaults = (require __DIR__ . '/../config/settings.php.dist');
$defaults['settings']['jwt']['key'] = base64_encode(Random::secure_random_bytes(64));
file_put_contents($settings, '<?php' . "\n" . 'return ' . var_export($defaults, true) . ';');
}
$app = new \Slim\App(require $settings);
SlimStatic::boot($app);
// Allow static proxies to be called from anywhere in App
Statical::addNamespace('*', __NAMESPACE__ . '\\*');
// Set up dependencies
require __DIR__ . '/../src/dependencies.php';
// Register middleware
require __DIR__ . '/../src/middleware.php';
// Register routes
require __DIR__ . '/../src/routes.php';
// Run app
App::run();