Added Refresh Token and Access Token in place of basic Token

aymenBenadra · aymenBenadra · commit 7e4454558366 · 2022-05-17T23:55:20.000+01:00
diff --git a/app/config/routes.php b/app/config/routes.php
@@ -3,8 +3,8 @@
 /**
  * Routes Definition
  * 
- * ? Allowed Headers:
- * ? - Allowed origins: *
+ * ? Headers:
+ * ? - Allowed origins: $_ENV['CLIENT_ADDRESS']
  * ? - Allowed methods: GET, POST, PUT, DELETE, OPTIONS
  * ? - Allowed headers: Content-Type, Authorization, X-Requested-With
  * ? - Allowed credentials: true
diff --git a/app/controllers/Api.php b/app/controllers/Api.php
@@ -39,16 +39,13 @@ public function index()
 
         if ($examples === false) {
             Router::abort(500, json_encode([
-                'status' => 'error',
                 'message' => 'Server error'
             ]));
         }
 
-        Response::send([
-            'status' => 'success',
-            'data' => $examples,
-            'count' => count($examples)
-        ]);
+        Response::send(
+            $examples
+        );
     }
 
     /**
@@ -59,10 +56,9 @@ public function index()
      */
     public function show($data = [])
     {
-        Response::send([
-            'status' => 'success',
-            'data' => $this->model->get($data['id'])
-        ]);
+        Response::send(
+            $this->model->get($data['id'])
+        );
     }
 
     /**
@@ -78,18 +74,12 @@ public function store($data = [])
 
         if (!$this->model->add($data)) {
             Router::abort(500, json_encode([
-                'status' => 'error',
                 'message' => 'Server error'
             ]));
         }
 
-        $example = $this->model->get(
-            $this->model->getLastInsertedId()
-        );
-
         Response::send([
-            'status' => 'success',
-            'data' => $example
+            'message' => 'Created successfully'
         ]);
     }
 
@@ -106,16 +96,12 @@ public function update($data = [])
 
         if (!$this->model->update($id, $data)) {
             Router::abort(500, json_encode([
-                'status' => 'error',
                 'message' => 'Server error'
             ]));
         }
 
-        $example = $this->model->get($id);
-
         Response::send([
-            'status' => 'success',
-            'data' => $example
+            'message' => 'Updated successfully'
         ]);
     }
 
@@ -129,13 +115,12 @@ public function delete($data = [])
     {
         if (!$this->model->delete($data['id'])) {
             Router::abort(500, json_encode([
-                'status' => 'error',
                 'message' => 'Server error'
             ]));
         }
 
         Response::send([
-            'status' => 'success'
+            'message' => 'Deleted successfully'
         ]);
     }
 }
diff --git a/app/controllers/Auth.php b/app/controllers/Auth.php
@@ -6,6 +6,7 @@
 use Core\{Controller, Router};
 use Core\Helpers\Request;
 use Core\Helpers\Response;
+use Exception;
 use Firebase\JWT\{JWT, Key};
 
 /**
@@ -40,18 +41,12 @@ public function registerHeader($data = [])
 
         if (!$this->model('Example')->add($data)) {
             Router::abort(500, json_encode([
-                'status' => 'error',
                 'message' => 'Server error'
             ]));
         }
 
-        $example = $this->model('Example')->get(
-            $this->model('Example')->getLastInsertedId()
-        );
-
         Response::send([
-            'status' => 'success',
-            'data' => $example
+            'message' => 'Registered successfully',
         ]);
     }
 
@@ -65,10 +60,9 @@ public function login($data = [])
     {
         $example = $this->model('Example')->getBy('headerRef', $data['headerRef']);
 
-        Response::send([
-            'status' => 'success',
-            'data' => $example
-        ]);
+        Response::send(
+            $example
+        );
     }
 
     /**
@@ -84,16 +78,14 @@ public function registerJWT($data = [])
 
         if (!$this->model('Example')->add($data)) {
             Router::abort(500, json_encode([
-                'status' => 'error',
                 'message' => 'Server error'
             ]));
         }
 
         unset($data['password']);
 
         Response::send([
-            'status' => 'success',
-            'data' => $data
+            'message' => 'Registered successfully',
         ]);
     }
 
@@ -109,50 +101,76 @@ public function loginJWT($data = [])
 
         if (!password_verify($data['password'], $example->password)) {
             Router::abort(401, json_encode([
-                'status' => 'error',
                 'message' => 'Invalid password'
             ]));
         }
 
-        $secret_key = $_ENV['JWT_SECRET_KEY'];
-        $issuer_claim = $_ENV['SERVER_ADDRESS']; // this can be the servername
-        $audience_claim = $_ENV['CLIENT_ADDRESS'];
-        $issuedat_claim = time(); // issued at
-        // $notbefore_claim = $issuedat_claim + 10; //not before in seconds
-        $expire_claim = $issuedat_claim + 600; // expire time in seconds (10 minutes)
-        $payload = array(
-            "iss" => $issuer_claim,
-            "aud" => $audience_claim,
-            "iat" => $issuedat_claim,
-            // "nbf" => $notbefore_claim,
-            "exp" => $expire_claim,
-            "sub" => $example->username
-        );
+        // Create Refresh Token
+        $refreshToken = $this->createToken($example->username, $_ENV['JWT_REFRESH_EXP_DELTA_SECONDS']);
 
-        $jwt = JWT::encode($payload, $secret_key, "HS256");
+        setcookie(
+            name: 'auth',
+            value: $refreshToken,
+            expires_or_options: time() + $_ENV['JWT_REFRESH_EXP_DELTA_SECONDS'],
+            httponly: true
+        );
+        // Create Access Token
+        $accessToken = $this->createToken($example->username, $_ENV['JWT_ACCESS_EXP_DELTA_SECONDS']);
 
-        // Set expirable cookie for JWT
-        setcookie(name: 'jwt', value: $jwt, expires_or_options: $expire_claim, httponly: true);
+        unset($example->password, $example->id);
+        $example->avatar = file_get_contents(dirname(dirname(__DIR__)) . "/public/identicons/" . $example->avatar);
+        $example->accessToken = $accessToken;
 
         Response::send(
-            array(
-                "message" => "Successful login.",
-                "jwt" => $jwt
-            )
+            $example
         );
     }
 
+    /**
+     * Refresh Access Token
+     * 
+     * @param array $data
+     * @return void
+     */
+    public function refresh()
+    {
+        $refreshToken = Request::refreshToken();
+
+        // Check if refresh token is valid
+        try {
+            if (!$refreshToken) {
+                throw new Exception('No refresh token found');
+            }
+
+            $token = JWT::decode($refreshToken, new Key($_ENV['JWT_SECRET_KEY'], $_ENV['JWT_ALGORITHM']));
+
+            // Check if Example exists
+            $example = (new Example())->getBy('username', $token->sub);
+            if (!$example) {
+                throw new Exception('Example not found');
+            }
+
+            Response::send([
+                'accessToken' => $this->createToken($example->username, $_ENV['JWT_ACCESS_EXP_DELTA_SECONDS'])
+            ]);
+        } catch (Exception $e) {
+            Router::abort(401, [
+                'message' => 'Unauthorized: ' . $e->getMessage()
+            ]);
+        }
+    }
+
     /**
      * Logout an User
      * 
      * @return void
      */
     public function logoutJWT()
     {
-        setcookie(name: 'jwt', value: '', expires_or_options: time() - 3600, httponly: true);
+        setcookie(name: 'auth', value: '', expires_or_options: time() - 1, httponly: true);
 
         Response::send([
-            'status' => 'Logged out successfully!'
+            'message' => 'Logged out successfully!'
         ]);
     }
 
@@ -169,8 +187,37 @@ public static function userJWT()
             return null;
         }
 
-        $token = JWT::decode($jwt, new Key($_ENV['JWT_SECRET_KEY'], "HS256"));
+        $token = JWT::decode($jwt, new Key($_ENV['JWT_SECRET_KEY'], $_ENV['JWT_ALGORITHM']));
+
+        $example = (new Example)->getBy('username', $token->sub);
+
+        unset($example->password,$example->id);
+
+        return$example;
+    }
+
+    /**
+     * Create token for user
+     * 
+     * @param string $sub
+     * @param int $exp
+     * @return string
+     */
+    public static function createToken($sub, $exp)
+    {
+        $secret_key = $_ENV['JWT_SECRET_KEY'];
+        $issuer_claim = $_ENV['SERVER_ADDRESS']; // this can be the servername
+        $audience_claim = $_ENV['CLIENT_ADDRESS'];
+        $issuedat_claim = time(); // issued at
+        $expire_claim = $issuedat_claim + $exp; // expire time in seconds (24 hours from now)
+        $payload = array(
+            "iss" => $issuer_claim,
+            "aud" => $audience_claim,
+            "iat" => $issuedat_claim,
+            "exp" => $expire_claim,
+            "sub" => $sub
+        );
 
-        return (new Example)->getBy('username', $token->sub);
+        return JWT::encode($payload, $secret_key, $_ENV['JWT_ALGORITHM']);
     }
 }
diff --git a/core/helpers/Request.php b/core/helpers/Request.php
@@ -91,9 +91,8 @@ public static function header($header)
         return $_SERVER['HTTP_' . $header] ?? null;
     }
 
-
     /**
-     * Get Authorization header value.
+     * Get Authorization jwt access token
      * 
      * @return string
      */
@@ -102,13 +101,18 @@ public static function authorization()
         // Get authorization token from header
         $auth = isset($_SERVER['Authorization']) && preg_match('/Bearer\s(\S+)/', $_SERVER['Authorization'], $matches) ? $matches[1] : null;
 
-        $auth ?? $auth = isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Bearer\s(\S+)/', $_SERVER['HTTP_AUTHORIZATION'], $matches) ? $matches[1] : null;
-
-        // If no authorization token, get it from cookie
-        if (!$auth) {
-            $auth = isset($_COOKIE['jwt']) ? $_COOKIE['jwt'] : null;
-        }
+        $auth ??= isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Bearer\s(\S+)/', $_SERVER['HTTP_AUTHORIZATION'], $matches) ? $matches[1] : null;
 
         return $auth ?? false;
     }
+
+    /**
+     * Get Refresh Token from httponly Cookie
+     * 
+     * @return string
+     */
+    public static function refreshToken()
+    {
+        return isset($_COOKIE['auth']) ? $_COOKIE['auth'] : false;
+    }
 }
diff --git a/core/helpers/Response.php b/core/helpers/Response.php
@@ -9,12 +9,11 @@ class Response
      */
     public static function headers(
         $contentType = 'application/json',
-        $allowOrigin = '*',
         $allowMethods = 'GET, POST, PUT, DELETE, OPTIONS',
         $allowHeaders = 'X-Requested-With, Content-Type, Authorization'
     ) {
         header('Content-Type: ' . $contentType . '; charset=UTF-8');
-        header('Access-Control-Allow-Origin: ' . $allowOrigin);
+        header('Access-Control-Allow-Origin: ' . $_ENV['CLIENT_ADDRESS']);
         header('Access-Control-Allow-Methods: ' . $allowMethods);
         header('Access-Control-Allow-Headers: ' . $allowHeaders);
         header('Access-Control-Allow-Credentials: true');
@@ -29,7 +28,10 @@ public static function headers(
      */
     public static function send($response)
     {
-        exit(json_encode($response));
+        if (is_array($response) || is_object($response)) {
+            $response = json_encode($response);
+        }
+        exit($response);
     }
 
     /**
