flashii/seria
3
0
Fork 0
Code Pull requests Releases Activity

Use JWT library.

Browse source
This commit is contained in:
flash 2025-05-13 17:55:23 +00:00
parent 22210066e0
commit ceb8d013e5
Signed by: flash
GPG key ID: 2C9C2C574D47FE3E
3 changed files with 377 additions and 120 deletions

1
composer.json
View file

@ -1,6 +1,7 @@
{
"require": {
"flashwave/index": "^0.2503",
"railgun/jwt": "^0.3",
"erusev/parsedown": "^1.7",
"sentry/sdk": "^4.0",
"guzzlehttp/guzzle": "~7.9"

404
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "551e2a9180a3d744f8feb737da6afb74",
"content-hash": "a883b6c000f1004851a17daf63c5d24c",
"packages": [
{
"name": "erusev/parsedown",
@ -58,11 +58,11 @@
},
{
"name": "flashwave/index",
"version": "v0.2503.251852",
"version": "v0.2503.260138",
"source": {
"type": "git",
"url": "https://patchii.net/flash/index.git",
"reference": "60c21301824719551c995e004288f3bfcd1a2509"
"reference": "ea549dd0eb7cc7e7348bfcfb0e95da880dd2c039"
},
"require": {
"ext-mbstring": "*",
@ -111,20 +111,20 @@
],
"description": "Composer package for the common library for my projects.",
"homepage": "https://railgun.sh/index",
"time": "2025-03-25T18:53:17+00:00"
"time": "2025-03-26T01:40:42+00:00"
},
{
"name": "guzzlehttp/guzzle",
"version": "7.9.2",
"version": "7.9.3",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
"reference": "d281ed313b989f213357e3be1a179f02196ac99b"
"reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/d281ed313b989f213357e3be1a179f02196ac99b",
"reference": "d281ed313b989f213357e3be1a179f02196ac99b",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
"reference": "7b2f29fe81dc4da0ca0ea7d42107a0845946ea77",
"shasum": ""
},
"require": {
@ -221,7 +221,7 @@
],
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/7.9.2"
"source": "https://github.com/guzzle/guzzle/tree/7.9.3"
},
"funding": [
{
@ -237,20 +237,20 @@
"type": "tidelift"
}
],
"time": "2024-07-24T11:22:20+00:00"
"time": "2025-03-27T13:37:11+00:00"
},
{
"name": "guzzlehttp/promises",
"version": "2.0.4",
"version": "2.2.0",
"source": {
"type": "git",
"url": "https://github.com/guzzle/promises.git",
"reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455"
"reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/promises/zipball/f9c436286ab2892c7db7be8c8da4ef61ccf7b455",
"reference": "f9c436286ab2892c7db7be8c8da4ef61ccf7b455",
"url": "https://api.github.com/repos/guzzle/promises/zipball/7c69f28996b0a6920945dd20b3857e499d9ca96c",
"reference": "7c69f28996b0a6920945dd20b3857e499d9ca96c",
"shasum": ""
},
"require": {
@ -304,7 +304,7 @@
],
"support": {
"issues": "https://github.com/guzzle/promises/issues",
"source": "https://github.com/guzzle/promises/tree/2.0.4"
"source": "https://github.com/guzzle/promises/tree/2.2.0"
},
"funding": [
{
@ -320,20 +320,20 @@
"type": "tidelift"
}
],
"time": "2024-10-17T10:06:22+00:00"
"time": "2025-03-27T13:27:01+00:00"
},
{
"name": "guzzlehttp/psr7",
"version": "2.7.0",
"version": "2.7.1",
"source": {
"type": "git",
"url": "https://github.com/guzzle/psr7.git",
"reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201"
"reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/a70f5c95fb43bc83f07c9c948baa0dc1829bf201",
"reference": "a70f5c95fb43bc83f07c9c948baa0dc1829bf201",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/c2270caaabe631b3b44c85f99e5a04bbb8060d16",
"reference": "c2270caaabe631b3b44c85f99e5a04bbb8060d16",
"shasum": ""
},
"require": {
@ -420,7 +420,7 @@
],
"support": {
"issues": "https://github.com/guzzle/psr7/issues",
"source": "https://github.com/guzzle/psr7/tree/2.7.0"
"source": "https://github.com/guzzle/psr7/tree/2.7.1"
},
"funding": [
{
@ -436,7 +436,7 @@
"type": "tidelift"
}
],
"time": "2024-07-18T11:15:46+00:00"
"time": "2025-03-27T12:30:47+00:00"
},
{
"name": "jean85/pretty-package-versions",
@ -498,6 +498,233 @@
},
"time": "2025-03-19T14:43:43+00:00"
},
{
"name": "paragonie/constant_time_encoding",
"version": "v3.0.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/constant_time_encoding.git",
"reference": "df1e7fde177501eee2037dd159cf04f5f301a512"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/df1e7fde177501eee2037dd159cf04f5f301a512",
"reference": "df1e7fde177501eee2037dd159cf04f5f301a512",
"shasum": ""
},
"require": {
"php": "^8"
},
"require-dev": {
"phpunit/phpunit": "^9",
"vimeo/psalm": "^4|^5"
},
"type": "library",
"autoload": {
"psr-4": {
"ParagonIE\\ConstantTime\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com",
"role": "Maintainer"
},
{
"name": "Steve 'Sc00bz' Thomas",
"email": "steve@tobtu.com",
"homepage": "https://www.tobtu.com",
"role": "Original Developer"
}
],
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
"keywords": [
"base16",
"base32",
"base32_decode",
"base32_encode",
"base64",
"base64_decode",
"base64_encode",
"bin2hex",
"encoding",
"hex",
"hex2bin",
"rfc4648"
],
"support": {
"email": "info@paragonie.com",
"issues": "https://github.com/paragonie/constant_time_encoding/issues",
"source": "https://github.com/paragonie/constant_time_encoding"
},
"time": "2024-05-08T12:36:18+00:00"
},
{
"name": "paragonie/random_compat",
"version": "v9.99.100",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/996434e5492cb4c3edcb9168db6fbb1359ef965a",
"reference": "996434e5492cb4c3edcb9168db6fbb1359ef965a",
"shasum": ""
},
"require": {
"php": ">= 7"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*",
"vimeo/psalm": "^1"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"polyfill",
"pseudorandom",
"random"
],
"support": {
"email": "info@paragonie.com",
"issues": "https://github.com/paragonie/random_compat/issues",
"source": "https://github.com/paragonie/random_compat"
},
"time": "2020-10-15T08:29:30+00:00"
},
{
"name": "phpseclib/phpseclib",
"version": "3.0.43",
"source": {
"type": "git",
"url": "https://github.com/phpseclib/phpseclib.git",
"reference": "709ec107af3cb2f385b9617be72af8cf62441d02"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/709ec107af3cb2f385b9617be72af8cf62441d02",
"reference": "709ec107af3cb2f385b9617be72af8cf62441d02",
"shasum": ""
},
"require": {
"paragonie/constant_time_encoding": "^1|^2|^3",
"paragonie/random_compat": "^1.4|^2.0|^9.99.99",
"php": ">=5.6.1"
},
"require-dev": {
"phpunit/phpunit": "*"
},
"suggest": {
"ext-dom": "Install the DOM extension to load XML formatted public keys.",
"ext-gmp": "Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.",
"ext-libsodium": "SSH2/SFTP can make use of some algorithms provided by the libsodium-php extension.",
"ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
"ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
},
"type": "library",
"autoload": {
"files": [
"phpseclib/bootstrap.php"
],
"psr-4": {
"phpseclib3\\": "phpseclib/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jim Wigginton",
"email": "terrafrost@php.net",
"role": "Lead Developer"
},
{
"name": "Patrick Monnerat",
"email": "pm@datasphere.ch",
"role": "Developer"
},
{
"name": "Andreas Fischer",
"email": "bantu@phpbb.com",
"role": "Developer"
},
{
"name": "Hans-Jürgen Petrich",
"email": "petrich@tronic-media.com",
"role": "Developer"
},
{
"name": "Graham Campbell",
"email": "graham@alt-three.com",
"role": "Developer"
}
],
"description": "PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.",
"homepage": "http://phpseclib.sourceforge.net",
"keywords": [
"BigInteger",
"aes",
"asn.1",
"asn1",
"blowfish",
"crypto",
"cryptography",
"encryption",
"rsa",
"security",
"sftp",
"signature",
"signing",
"ssh",
"twofish",
"x.509",
"x509"
],
"support": {
"issues": "https://github.com/phpseclib/phpseclib/issues",
"source": "https://github.com/phpseclib/phpseclib/tree/3.0.43"
},
"funding": [
{
"url": "https://github.com/terrafrost",
"type": "github"
},
{
"url": "https://www.patreon.com/phpseclib",
"type": "patreon"
},
{
"url": "https://tidelift.com/funding/github/packagist/phpseclib/phpseclib",
"type": "tidelift"
}
],
"time": "2024-12-14T21:12:59+00:00"
},
{
"name": "psr/http-client",
"version": "1.0.3",
@ -764,6 +991,48 @@
},
"time": "2024-09-11T13:17:53+00:00"
},
{
"name": "railgun/jwt",
"version": "v0.3.1",
"source": {
"type": "git",
"url": "https://patchii.net/railgun/jwt.git",
"reference": "affcb9ca7dafb119ccb7d279ed39b77c7e119134"
},
"require": {
"guzzlehttp/guzzle": "~7.9",
"guzzlehttp/psr7": "~2.7",
"php": "^7.2.5 || ^8.0",
"phpseclib/phpseclib": "~3.0",
"psr/http-client": "~1.0",
"psr/http-factory": "~1.1",
"psr/http-message": "~2.0"
},
"type": "library",
"autoload": {
"files": [
"polyfill.php"
],
"psr-4": {
"Railgun\\Jwt\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"bsd-3-clause-clear"
],
"authors": [
{
"name": "flashwave",
"email": "packagist@flash.moe",
"homepage": "https://flash.moe",
"role": "mom"
}
],
"description": "A modular JWT library.",
"homepage": "https://railgun.sh/libs/jwt",
"time": "2025-05-13T17:49:28+00:00"
},
{
"name": "ralouphie/getallheaders",
"version": "3.0.3",
@ -865,16 +1134,16 @@
},
{
"name": "sentry/sentry",
"version": "4.10.0",
"version": "4.11.1",
"source": {
"type": "git",
"url": "https://github.com/getsentry/sentry-php.git",
"reference": "2af937d47d8aadb8dab0b1d7b9557e495dd12856"
"reference": "53dc0bcb6a667cac5b760b46f98d5380e63e02ca"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/getsentry/sentry-php/zipball/2af937d47d8aadb8dab0b1d7b9557e495dd12856",
"reference": "2af937d47d8aadb8dab0b1d7b9557e495dd12856",
"url": "https://api.github.com/repos/getsentry/sentry-php/zipball/53dc0bcb6a667cac5b760b46f98d5380e63e02ca",
"reference": "53dc0bcb6a667cac5b760b46f98d5380e63e02ca",
"shasum": ""
},
"require": {
@ -938,7 +1207,7 @@
],
"support": {
"issues": "https://github.com/getsentry/sentry-php/issues",
"source": "https://github.com/getsentry/sentry-php/tree/4.10.0"
"source": "https://github.com/getsentry/sentry-php/tree/4.11.1"
},
"funding": [
{
@ -950,7 +1219,7 @@
"type": "custom"
}
],
"time": "2024-11-06T07:44:19+00:00"
"time": "2025-05-12T11:30:33+00:00"
},
{
"name": "symfony/deprecation-contracts",
@ -1021,16 +1290,16 @@
},
{
"name": "symfony/mime",
"version": "v7.2.4",
"version": "v7.2.6",
"source": {
"type": "git",
"url": "https://github.com/symfony/mime.git",
"reference": "87ca22046b78c3feaff04b337f33b38510fd686b"
"reference": "706e65c72d402539a072d0d6ad105fff6c161ef1"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/mime/zipball/87ca22046b78c3feaff04b337f33b38510fd686b",
"reference": "87ca22046b78c3feaff04b337f33b38510fd686b",
"url": "https://api.github.com/repos/symfony/mime/zipball/706e65c72d402539a072d0d6ad105fff6c161ef1",
"reference": "706e65c72d402539a072d0d6ad105fff6c161ef1",
"shasum": ""
},
"require": {
@ -1085,7 +1354,7 @@
"mime-type"
],
"support": {
"source": "https://github.com/symfony/mime/tree/v7.2.4"
"source": "https://github.com/symfony/mime/tree/v7.2.6"
},
"funding": [
{
@ -1101,7 +1370,7 @@
"type": "tidelift"
}
],
"time": "2025-02-19T08:51:20+00:00"
"time": "2025-04-27T13:34:41+00:00"
},
{
"name": "symfony/options-resolver",
@ -1172,7 +1441,7 @@
},
{
"name": "symfony/polyfill-ctype",
"version": "v1.31.0",
"version": "v1.32.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-ctype.git",
@ -1231,7 +1500,7 @@
"portable"
],
"support": {
"source": "https://github.com/symfony/polyfill-ctype/tree/v1.31.0"
"source": "https://github.com/symfony/polyfill-ctype/tree/v1.32.0"
},
"funding": [
{
@ -1251,16 +1520,16 @@
},
{
"name": "symfony/polyfill-intl-idn",
"version": "v1.31.0",
"version": "v1.32.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-intl-idn.git",
"reference": "c36586dcf89a12315939e00ec9b4474adcb1d773"
"reference": "9614ac4d8061dc257ecc64cba1b140873dce8ad3"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/c36586dcf89a12315939e00ec9b4474adcb1d773",
"reference": "c36586dcf89a12315939e00ec9b4474adcb1d773",
"url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/9614ac4d8061dc257ecc64cba1b140873dce8ad3",
"reference": "9614ac4d8061dc257ecc64cba1b140873dce8ad3",
"shasum": ""
},
"require": {
@ -1314,7 +1583,7 @@
"shim"
],
"support": {
"source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.31.0"
"source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.32.0"
},
"funding": [
{
@ -1330,11 +1599,11 @@
"type": "tidelift"
}
],
"time": "2024-09-09T11:45:10+00:00"
"time": "2024-09-10T14:38:51+00:00"
},
{
"name": "symfony/polyfill-intl-normalizer",
"version": "v1.31.0",
"version": "v1.32.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-intl-normalizer.git",
@ -1395,7 +1664,7 @@
"shim"
],
"support": {
"source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.31.0"
"source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.32.0"
},
"funding": [
{
@ -1415,19 +1684,20 @@
},
{
"name": "symfony/polyfill-mbstring",
"version": "v1.31.0",
"version": "v1.32.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-mbstring.git",
"reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341"
"reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/85181ba99b2345b0ef10ce42ecac37612d9fd341",
"reference": "85181ba99b2345b0ef10ce42ecac37612d9fd341",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493",
"reference": "6d857f4d76bd4b343eac26d6b539585d2bc56493",
"shasum": ""
},
"require": {
"ext-iconv": "*",
"php": ">=7.2"
},
"provide": {
@ -1475,7 +1745,7 @@
"shim"
],
"support": {
"source": "https://github.com/symfony/polyfill-mbstring/tree/v1.31.0"
"source": "https://github.com/symfony/polyfill-mbstring/tree/v1.32.0"
},
"funding": [
{
@ -1491,20 +1761,20 @@
"type": "tidelift"
}
],
"time": "2024-09-09T11:45:10+00:00"
"time": "2024-12-23T08:48:59+00:00"
},
{
"name": "twig/html-extra",
"version": "v3.20.0",
"version": "v3.21.0",
"source": {
"type": "git",
"url": "https://github.com/twigphp/html-extra.git",
"reference": "f7d54d4de1b64182af745cfb66777f699b599734"
"reference": "5442dd707601c83b8cd4233e37bb10ab8489a90f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/twigphp/html-extra/zipball/f7d54d4de1b64182af745cfb66777f699b599734",
"reference": "f7d54d4de1b64182af745cfb66777f699b599734",
"url": "https://api.github.com/repos/twigphp/html-extra/zipball/5442dd707601c83b8cd4233e37bb10ab8489a90f",
"reference": "5442dd707601c83b8cd4233e37bb10ab8489a90f",
"shasum": ""
},
"require": {
@ -1547,7 +1817,7 @@
"twig"
],
"support": {
"source": "https://github.com/twigphp/html-extra/tree/v3.20.0"
"source": "https://github.com/twigphp/html-extra/tree/v3.21.0"
},
"funding": [
{
@ -1559,20 +1829,20 @@
"type": "tidelift"
}
],
"time": "2025-01-31T20:45:36+00:00"
"time": "2025-02-19T14:29:33+00:00"
},
{
"name": "twig/twig",
"version": "v3.20.0",
"version": "v3.21.1",
"source": {
"type": "git",
"url": "https://github.com/twigphp/Twig.git",
"reference": "3468920399451a384bef53cf7996965f7cd40183"
"reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/twigphp/Twig/zipball/3468920399451a384bef53cf7996965f7cd40183",
"reference": "3468920399451a384bef53cf7996965f7cd40183",
"url": "https://api.github.com/repos/twigphp/Twig/zipball/285123877d4dd97dd7c11842ac5fb7e86e60d81d",
"reference": "285123877d4dd97dd7c11842ac5fb7e86e60d81d",
"shasum": ""
},
"require": {
@ -1626,7 +1896,7 @@
],
"support": {
"issues": "https://github.com/twigphp/Twig/issues",
"source": "https://github.com/twigphp/Twig/tree/v3.20.0"
"source": "https://github.com/twigphp/Twig/tree/v3.21.1"
},
"funding": [
{
@ -1638,22 +1908,22 @@
"type": "tidelift"
}
],
"time": "2025-02-13T08:34:43+00:00"
"time": "2025-05-03T07:21:55+00:00"
}
],
"packages-dev": [
{
"name": "phpstan/phpstan",
"version": "2.1.11",
"version": "2.1.14",
"source": {
"type": "git",
"url": "https://github.com/phpstan/phpstan.git",
"reference": "8ca5f79a8f63c49b2359065832a654e1ec70ac30"
"reference": "8f2e03099cac24ff3b379864d171c5acbfc6b9a2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/8ca5f79a8f63c49b2359065832a654e1ec70ac30",
"reference": "8ca5f79a8f63c49b2359065832a654e1ec70ac30",
"url": "https://api.github.com/repos/phpstan/phpstan/zipball/8f2e03099cac24ff3b379864d171c5acbfc6b9a2",
"reference": "8f2e03099cac24ff3b379864d171c5acbfc6b9a2",
"shasum": ""
},
"require": {
@ -1698,7 +1968,7 @@
"type": "github"
}
],
"time": "2025-03-24T13:45:00+00:00"
"time": "2025-05-02T15:32:28+00:00"
}
],
"aliases": [],

92
src/Auth/AuthRoutes.php
View file

@ -3,7 +3,8 @@ namespace Seria\Auth;
use RuntimeException;
use UnexpectedValueException;
use GuzzleHttp\Client as GuzzleHttpClient;
use GuzzleHttp\Client as GuzzleClient;
use GuzzleHttp\Psr7\HttpFactory as GuzzleHttpFactory;
use Index\UriBase64;
use Index\Cache\CacheProvider;
use Index\Config\Config;
@ -11,13 +12,19 @@ use Index\Http\{HttpResponseBuilder,HttpRequest,HttpUri};
use Index\Http\Routing\{RouteHandler,RouteHandlerCommon};
use Index\Http\Routing\Filters\PrefixFilter;
use Index\Http\Routing\Routes\ExactRoute;
use Railgun\Jwt\{HttpJwkSetLoader,JwtEncoder};
use Railgun\Jwt\SecLib\SecLibJwkSetLoader;
use Railgun\Jwt\Validators\{
NotValidBeforeValidator,NotValidYetException,
TokenExpirationValidator,TokenExpiredException,
};
use Seria\GitInfo;
use Seria\Users\UsersContext;
class AuthRoutes implements RouteHandler {
use RouteHandlerCommon;
private GuzzleHttpClient $client;
private GuzzleClient $client;
public function __construct(
private CacheProvider $cache,
@ -25,7 +32,7 @@ class AuthRoutes implements RouteHandler {
private UsersContext $usersCtx,
private AuthInfo $authInfo,
) {
$this->client = new GuzzleHttpClient([
$this->client = new GuzzleClient([
'allow_redirects' => true,
'timeout' => 10,
'headers' => [
@ -671,53 +678,41 @@ class AuthRoutes implements RouteHandler {
try {
$resourceInfo = $this->getOAuth2ProtectedResource();
$openIdConfig = $this->getOpenIdConfiguration($resourceInfo->authorization_servers[0]);
$jwks = (new HttpJwkSetLoader(
new SecLibJwkSetLoader,
$this->client,
new GuzzleHttpFactory,
))->loadJwkSet($openIdConfig->jwks_uri);
} catch(RuntimeException|UnexpectedValueException $ex) {
return 500;
}
// todo: verify id_token signature, need to turn the JWT code in Misuzu into a library
$idToken = explode('.', $idToken, 3);
if(count($idToken) < 3)
return 400;
$idTokenHead = json_decode(UriBase64::decode($idToken[0]));
if(!property_exists($idTokenHead, 'typ')
|| !is_string($idTokenHead->typ)
|| $idTokenHead->typ !== 'JWT')
return 400;
if(!property_exists($idTokenHead, 'alg')
|| !is_string($idTokenHead->alg))
return 400;
if(property_exists($idTokenHead, 'kid')
&& !is_string($idTokenHead->kid))
return 400;
$idTokenPayload = json_decode(UriBase64::decode($idToken[1]));
if(!property_exists($idTokenPayload, 'iss')
|| !is_string($idTokenPayload->iss)
|| !in_array($idTokenPayload->iss, $resourceInfo->authorization_servers))
return 400;
if(!property_exists($idTokenPayload, 'aud')
|| !is_string($idTokenPayload->aud)
|| $idTokenPayload->aud !== $this->config->getString('client_id'))
return 400;
if(!property_exists($idTokenPayload, 'iat')
|| !is_int($idTokenPayload->iat)
|| $idTokenPayload->iat >= time())
return 400;
if(!property_exists($idTokenPayload, 'exp')
|| !is_int($idTokenPayload->exp)
|| $idTokenPayload->exp < time())
return 403;
$jwt = new JwtEncoder($jwks, [
new NotValidBeforeValidator(leeway: 30),
new TokenExpirationValidator,
]);
try {
$authzServer = $this->getOAuth2AuthorizationServer($idTokenPayload->iss);
$idToken = $jwt->decode($idToken);
} catch(TokenExpiredException $ex) {
return 403;
} catch(NotValidYetException $ex) {
return 425;
}
if(!property_exists($idToken, 'iss')
|| !is_string($idToken->iss)
|| !in_array($idToken->iss, $resourceInfo->authorization_servers))
return 400;
if(!property_exists($idToken, 'aud')
|| !is_string($idToken->aud)
|| $idToken->aud !== $this->config->getString('client_id'))
return 400;
try {
$authzServer = $this->getOAuth2AuthorizationServer($idToken->iss);
} catch(RuntimeException|UnexpectedValueException $ex) {
return 500;
}
@ -732,18 +727,9 @@ class AuthRoutes implements RouteHandler {
|| !in_array('client_secret_post', $authzServer->token_endpoint_auth_methods_supported))
return 500;
try {
$openIdConfig = $this->getOpenIdConfiguration($idTokenPayload->iss);
} catch(RuntimeException|UnexpectedValueException $ex) {
return 500;
}
if(!in_array('public', $openIdConfig->subject_types_supported))
return 500;
if(!in_array($idTokenHead->alg, $openIdConfig->id_token_signing_alg_values_supported))
return 400;
try {
$tokenInfo = $this->postTokenWithAuthorizationCode(
$authzServer->token_endpoint,