/**
* Create a signed Json Web Token for microservice authentication.
*
* @return string A signed JSON Web Token
*/
function createJWT()
{
global $db, $areaGuid, $netID;
// Get file name for private key
$privateKey = getenv("PRIVATEKEYFILE");
$privateKey = $privateKey != "" ? $privateKey : $_SERVER['DOCUMENT_ROOT'] . "/keys/key.pem";
// Create JWT
$signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
$keychain = new \Lcobucci\JWT\Signer\Keychain();
$builder = new \Lcobucci\JWT\Builder();
$token = $builder->setIssuer(getenv("PRODURL"))->setIssuedAt(time())->setNotBefore(time() - 1)->setExpiration(time() + 120)->set("employee", $netID)->set("area", $areaGuid)->sign($signer, $keychain->getPrivateKey(file_get_contents($privateKey)))->getToken();
return $token->__toString();
}
/**
* Send an authenticated request to one of the TMT micro-services
*
* @param $method string The HTTP method to use ("GET", "POST", "PUT", "DELETE")
* @param $url string The url to make the request to
* @param $data array Any data to pass in POST data (GET data should be included in the $url)
*
* @return The response: an array created by json-decoding the response body
*/
function sendAuthenticatedRequest($method, $url, $data = array())
{
global $netID;
global $db;
global $areaGuid;
// Find private key
$dir = getenv("KEYSDIRECTORY");
$dir = $dir != "" ? $dir : $_SERVER['DOCUMENT_ROOT'] . "/keys";
// Get file name for private key
$privateKey = getenv("PRIVATEKEYFILE");
$privateKey = $privateKey != "" ? $privateKey : $_SERVER['DOCUMENT_ROOT'] . "/keys/key.pem";
// Create JWT
$signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
$keychain = new \Lcobucci\JWT\Signer\Keychain();
$builder = new \Lcobucci\JWT\Builder();
$token = $builder->setIssuer(getenv("PRODURL"))->setIssuedAt(time())->setNotBefore(time() - 1)->setExpiration(time() + 120)->set("employee", $netID)->set("area", $areaGuid)->sign($signer, $keychain->getPrivateKey(file_get_contents($privateKey)))->getToken();
// Start building options
$curl_options = array();
switch ($method) {
case "POST":
$curl_options[CURLOPT_POST] = true;
$curl_options[CURLOPT_POSTFIELDS] = http_build_query($data);
break;
case "PUT":
$curl_options[CURLOPT_CUSTOMREQUEST] = "PUT";
$curl_options[CURLOPT_POSTFIELDS] = http_build_query($data);
break;
case "DELETE":
$curl_options[CURLOPT_CUSTOMREQUEST] = "DELETE";
break;
case "GET":
default:
$curl_options[CURLOPT_HTTPGET] = true;
}
$curl_options[CURLOPT_URL] = $url;
$curl_options[CURLOPT_RETURNTRANSFER] = true;
$curl_options[CURLOPT_SSL_VERIFYPEER] = false;
$curl_options[CURLOPT_SSL_VERIFYHOST] = false;
$curl_options[CURLOPT_HTTPHEADER] = array("Authorization: " . $token->__toString());
// Set options and execute curl
$curl_handle = curl_init();
$options_set = curl_setopt_array($curl_handle, $curl_options);
$response = curl_exec($curl_handle);
return json_decode($response, true);
}
