2024-07-23 06:19:59 +00:00
< ? php
namespace App\Providers ;
2024-07-23 16:40:56 +00:00
use App\Logic\OpenIDLogic ;
use App\Models\User ;
use Exception ;
use Firebase\JWT\JWK ;
use Firebase\JWT\JWT ;
use Illuminate\Http\Request ;
use Illuminate\Support\Facades\Auth ;
2024-07-23 06:19:59 +00:00
use Illuminate\Support\ServiceProvider ;
2024-07-23 16:40:56 +00:00
use stdClass ;
2024-07-23 06:19:59 +00:00
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services .
*/
public function register () : void
{
//
}
/**
* Bootstrap any application services .
*/
public function boot () : void
{
2024-07-23 16:40:56 +00:00
$this -> setJWTGuard ();
}
private function setJWTGuard () : void
{
Auth :: viaRequest ( 'jwt' , function ( Request $request ) {
$logic = app ( OpenIDLogic :: class );
$keys = JWK :: parseKeySet ( $logic -> jwks );
$jwt = $request -> bearerToken ();
if ( empty ( $jwt )) {
2024-07-24 08:13:16 +00:00
return null ;
2024-07-24 17:16:41 +00:00
// return response()->json(['error' => 'No token provided'], 401);
2024-07-23 16:40:56 +00:00
}
$headers = new stdClass ();
try {
$decoded = JWT :: decode ( $jwt , $keys , $headers );
2024-07-24 06:57:28 +00:00
// $request->attributes->add(['token_type' => $headers->typ]);
2024-07-23 16:40:56 +00:00
} catch ( Exception $e ) {
2024-07-24 17:16:41 +00:00
// dd($e);
2024-07-24 08:13:16 +00:00
return null ;
2024-07-24 17:16:41 +00:00
// return response()->json(['error' => 'Invalid token, '.$e->getMessage()], 401);
2024-07-23 16:40:56 +00:00
}
2024-07-24 06:57:28 +00:00
// must id_token
if ( $headers -> typ !== 'id_token' ) {
2024-07-24 08:13:16 +00:00
return null ;
2024-07-24 17:16:41 +00:00
// return response()->json(['error' => 'The token not id_token'], 401);
2024-07-24 06:57:28 +00:00
}
// 检查是否有 字段
$required_fields = [
'name' , 'sub' ,
];
foreach ( $required_fields as $field ) {
2024-07-24 17:16:41 +00:00
if ( ! isset ( $decoded -> $field )) {
2024-07-24 08:13:16 +00:00
return null ;
2024-07-24 17:16:41 +00:00
// return response()->json(['error' => 'The token not contain the field '.$field], 401);
2024-07-24 06:57:28 +00:00
}
}
2024-07-23 16:41:39 +00:00
if ( config ( 'oauth.force_aud' )) {
2024-07-24 17:16:41 +00:00
if ( ! in_array ( $decoded -> aud , config ( 'oauth.trusted_aud' ))) {
throw new Exception ( 'The application rejected the token, token aud is ' . $decoded -> aud . ', app aud is ' . config ( 'oauth.client_id' ));
// return response()->json(['error' => 'The application rejected the token, token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401);
2024-07-23 16:41:39 +00:00
}
2024-07-23 16:40:56 +00:00
2024-07-24 08:13:16 +00:00
// throw
2024-07-24 17:16:41 +00:00
throw new Exception ( 'The token not match the application, ' . ' token aud is ' . $decoded -> aud . ', app aud is ' . config ( 'oauth.client_id' ));
// return response()->json(['error' => 'The token not match the application, '.' token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401);
2024-07-23 16:40:56 +00:00
}
return User :: where ( 'external_id' , $decoded -> sub ) -> firstOrCreate ([
'external_id' => $decoded -> sub ,
'name' => $decoded -> name ,
]);
});
2024-07-23 06:19:59 +00:00
}
}
