Revize a800985e
Přidáno uživatelem Cajova-Houba před téměř 7 roky(ů)
| backend/.env | ||
|---|---|---|
| 12 | 12 |
CACHE_DRIVER=memcached |
| 13 | 13 |
QUEUE_DRIVER=sync |
| 14 | 14 |
|
| 15 |
|
|
| 16 |
# ============== |
|
| 17 |
# Nastaveni JWT |
|
| 18 |
# ============== |
|
| 15 | 19 |
# doba platnosti JWT v sekundach |
| 16 | 20 |
JWT_DURATION=1800 |
| 21 |
|
|
| 17 | 22 |
# JWT iss parametr |
| 18 | 23 |
JWT_ISS=aswi-doprava |
| 24 |
|
|
| 25 |
# Tajny klic pro sifrovani JWT |
|
| 19 | 26 |
JWT_SECRET=asdfkeylol |
| 27 |
|
|
| 28 |
# zapnuti/vypnuti JWT overovani |
|
| 29 |
JWT_AUTH_ENABLED=true |
|
| 30 |
|
|
| 31 |
# nazev polozky v hlavicce http requestu ktera obsahuje JWT |
|
| 32 |
JWT_HEADER_NAME=jwt |
|
| backend/app/Http/Controllers/TokenController.php | ||
|---|---|---|
| 9 | 9 |
namespace App\Http\Controllers; |
| 10 | 10 |
|
| 11 | 11 |
use \Firebase\JWT\JWT; |
| 12 |
use Illuminate\Http\Request; |
|
| 12 | 13 |
|
| 13 | 14 |
class TokenController extends Controller |
| 14 | 15 |
{
|
| 15 | 16 |
/** |
| 16 | 17 |
* Vygeneruje nový token pro JWT autorizaci. |
| 17 | 18 |
*/ |
| 18 |
public function generateToken() {
|
|
| 19 |
public function generateToken(Request $request) {
|
|
| 19 | 20 |
$duration = env('JWT_DURATION', 1800);
|
| 20 | 21 |
|
| 21 | 22 |
// parametry jwt |
| ... | ... | |
| 28 | 29 |
$token = array( |
| 29 | 30 |
'iss' => $iss, |
| 30 | 31 |
'iat' => $iat, |
| 31 |
'exp' => $exp |
|
| 32 |
'exp' => $exp, |
|
| 33 |
'ipaddr' => $request->ip(), |
|
| 34 |
'user-agent' => $request->header('User-Agent')
|
|
| 32 | 35 |
); |
| 33 | 36 |
|
| 34 |
$jwt = JWT::encode($token, $key); |
|
| 37 |
$jwt = JWT::encode($token, $key, 'HS256');
|
|
| 35 | 38 |
|
| 36 | 39 |
return $jwt; |
| 37 | 40 |
} |
| backend/app/Http/Middleware/JWTAuthenticate.php | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
/** |
|
| 3 |
* Created by PhpStorm. |
|
| 4 |
* User: Zdenda |
|
| 5 |
* Date: 29.4.2018 |
|
| 6 |
* Time: 11:26 |
|
| 7 |
*/ |
|
| 8 |
|
|
| 9 |
namespace App\Http\Middleware; |
|
| 10 |
|
|
| 11 |
use Closure; |
|
| 12 |
use Firebase\JWT\JWT; |
|
| 13 |
use Illuminate\Http\Request; |
|
| 14 |
|
|
| 15 |
/** |
|
| 16 |
* Middleware slouzici ke kontrole JWT v hlavicce requestu (pokud je JWT overovani zapnute). |
|
| 17 |
* |
|
| 18 |
* @package App\Http\Middleware |
|
| 19 |
*/ |
|
| 20 |
class JWTAuthenticate |
|
| 21 |
{
|
|
| 22 |
public function handle(Request $request, Closure $next) {
|
|
| 23 |
// pokud je JWT overovani vypnute, nedelej nic |
|
| 24 |
if(!env('JWT_AUTH_ENABLED')) {
|
|
| 25 |
return $next($request); |
|
| 26 |
} |
|
| 27 |
|
|
| 28 |
$jwtHeaderName = env('JWT_HEADER_NAME', 'jwt');
|
|
| 29 |
$jwt = $request->header($jwtHeaderName); |
|
| 30 |
if ($jwt == null) {
|
|
| 31 |
// token chybi |
|
| 32 |
return response('Unauthorized.', 401);
|
|
| 33 |
} |
|
| 34 |
|
|
| 35 |
$key = env('JWT_SECRET', '');
|
|
| 36 |
$decoded = null; |
|
| 37 |
try {
|
|
| 38 |
$decoded = JWT::decode($jwt, $key, array('HS256'));
|
|
| 39 |
} catch (\Exception $ex ) {
|
|
| 40 |
// jakakoliv chyba pri dekodovani (i expirace) => 401 |
|
| 41 |
return response('Unauthorized.', 401);
|
|
| 42 |
} |
|
| 43 |
|
|
| 44 |
// kontrola, ze token nebyl odcizen: musi sedet ip a prohlizec odesilatele |
|
| 45 |
$decoded_array = (array) $decoded; |
|
| 46 |
|
|
| 47 |
if($this->checkJwt($request, $decoded_array)) {
|
|
| 48 |
return $next($request); |
|
| 49 |
} else {
|
|
| 50 |
return response('Unauthorized.', 401);
|
|
| 51 |
} |
|
| 52 |
} |
|
| 53 |
|
|
| 54 |
/** |
|
| 55 |
* Zkontroluje jwt rozkodovany do pole proti hodnotam z requestu. Pokud hodnoty nesedi vrati false. |
|
| 56 |
* Expirovani tokenu zde neni kontrolovano - melo by byt uz pri dekodovani tokenu. |
|
| 57 |
* |
|
| 58 |
* @param Request $request Request. |
|
| 59 |
* @param array $jwt JWT rozkodovany do pole. |
|
| 60 |
* @return True pokud je JWT v poradku, false pokud ne. |
|
| 61 |
*/ |
|
| 62 |
private function checkJwt(Request $request, array $jwt) {
|
|
| 63 |
$ip = $request->ip(); |
|
| 64 |
$userAgent = $request->header('User-Agent');
|
|
| 65 |
if (!array_key_exists('ipaddr', $jwt) || ! array_key_exists('user-agent', $jwt)) {
|
|
| 66 |
return false; |
|
| 67 |
} |
|
| 68 |
if($ip != $jwt['ipaddr'] || $userAgent != $jwt['user-agent']) {
|
|
| 69 |
return false; |
|
| 70 |
} |
|
| 71 |
|
|
| 72 |
return true; |
|
| 73 |
} |
|
| 74 |
} |
|
| backend/app/Http/routes.php | ||
|---|---|---|
| 25 | 25 |
* address |
| 26 | 26 |
* showDirection |
| 27 | 27 |
*/ |
| 28 |
$app->get($apiUrlRoot.'devices', 'DeviceController@getDevice'); |
|
| 28 |
$app->get($apiUrlRoot.'devices', [ |
|
| 29 |
'middleware' => 'jwtauth', |
|
| 30 |
'uses' => 'DeviceController@getDevice' |
|
| 31 |
]); |
|
| 29 | 32 |
|
| 30 |
//$app->get($apiUrlRoot.'devices/all', 'DeviceController@getAll'); |
|
| 31 | 33 |
|
| 32 | 34 |
/** |
| 33 | 35 |
* Parametry v url: |
| ... | ... | |
| 37 | 39 |
* timeTo |
| 38 | 40 |
* direction |
| 39 | 41 |
*/ |
| 40 |
$app->get($apiUrlRoot.'devices/{id}', 'DeviceController@getDeviceById');
|
|
| 42 |
$app->get($apiUrlRoot.'devices/{id}', [
|
|
| 43 |
'middleware' => 'jwtauth', |
|
| 44 |
'uses' => 'DeviceController@getDeviceById' |
|
| 45 |
]); |
|
| 46 |
|
|
| 41 | 47 |
|
| 42 | 48 |
/** |
| 43 | 49 |
* Vrati vsechny typy aut. |
| 44 | 50 |
*/ |
| 45 |
$app->get($apiUrlRoot.'vehicles', 'VehicleController@getAll'); |
|
| 51 |
$app->get($apiUrlRoot.'vehicles', [ |
|
| 52 |
'middleware' => 'jwtauth', |
|
| 53 |
'uses' => 'VehicleController@getAll' |
|
| 54 |
]); |
|
| 46 | 55 |
|
| 47 | 56 |
/** |
| 48 | 57 |
* Vrati vsechna mesta. |
| 49 | 58 |
*/ |
| 50 |
$app->get($apiUrlRoot.'cities', 'LocationController@getCities'); |
|
| 59 |
$app->get($apiUrlRoot.'cities', [ |
|
| 60 |
'middleware' => 'jwtauth', |
|
| 61 |
'uses' => 'LocationController@getCities' |
|
| 62 |
]); |
|
| 51 | 63 |
|
| 52 | 64 |
/** |
| 53 | 65 |
* Vygeneruje novy JWT s omezenou platnosti. |
| backend/bootstrap/app.php | ||
|---|---|---|
| 59 | 59 |
| |
| 60 | 60 |
*/ |
| 61 | 61 |
|
| 62 |
$app->routeMiddleware([ |
|
| 63 |
'jwtauth' => App\Http\Middleware\JWTAuthenticate::class, |
|
| 64 |
]); |
|
| 65 |
|
|
| 62 | 66 |
// $app->middleware([ |
| 63 | 67 |
// App\Http\Middleware\ExampleMiddleware::class |
| 64 | 68 |
// ]); |
Také k dispozici: Unified diff
refs #6742: Pridan middleware pro kontrolu JWT.