mirror of
https://github.com/pelican-dev/panel.git
synced 2025-05-19 21:04:44 +02:00
ad1a9cd33f
* Fix these * Update phpstan * Transform these into their identifiers instead * Fix custom rule * License is wrong * Update these * Pint fixes * Fix this * Consolidate these * Never supported PHP 7 * Better evaluation * Fixes * Don’t need ignore * Replace trait with service * Subusers are simply the many to many relationship between Servers and Users * Adjust to remove ignores * Use new query builder instead! * wip * Update composer * Quick fixes * Use realtime facade * Small fixes * Convert to static to avoid new * Update to statics * Don’t modify protected properties directly * Run pint * Change to correct method * Give up and use the facade * Make sure this route is available * Filament hasn’t been loaded yet * This can be readonly * Typehint * These are no longer used * Quick fixes * Need doc block help * Always true * We use caddy with docker * Pint * Fix phpstan issues * Remove unused import --------- Co-authored-by: MartinOscar <40749467+RMartinOscar@users.noreply.github.com>
103 lines
2.8 KiB
PHP
103 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace App\Services\Nodes;
|
|
|
|
use Carbon\CarbonImmutable;
|
|
use DateTimeImmutable;
|
|
use Illuminate\Support\Str;
|
|
use App\Models\Node;
|
|
use App\Models\User;
|
|
use Lcobucci\JWT\Token\Plain;
|
|
use Lcobucci\JWT\Configuration;
|
|
use Lcobucci\JWT\Signer\Hmac\Sha256;
|
|
use Lcobucci\JWT\Signer\Key\InMemory;
|
|
use App\Extensions\Lcobucci\JWT\Encoding\TimestampDates;
|
|
|
|
class NodeJWTService
|
|
{
|
|
private array $claims = [];
|
|
|
|
private ?User $user = null;
|
|
|
|
private DateTimeImmutable $expiresAt;
|
|
|
|
private ?string $subject = null;
|
|
|
|
/**
|
|
* Set the claims to include in this JWT.
|
|
*/
|
|
public function setClaims(array $claims): self
|
|
{
|
|
$this->claims = $claims;
|
|
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Attaches a user to the JWT being created and will automatically inject the
|
|
* "user_uuid" key into the final claims array with the user's UUID.
|
|
*/
|
|
public function setUser(User $user): self
|
|
{
|
|
$this->user = $user;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function setExpiresAt(\DateTimeImmutable $date): self
|
|
{
|
|
$this->expiresAt = $date;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function setSubject(string $subject): self
|
|
{
|
|
$this->subject = $subject;
|
|
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Generate a new JWT for a given node.
|
|
*/
|
|
public function handle(Node $node, ?string $identifiedBy, string $algo = 'md5'): Plain
|
|
{
|
|
$identifier = hash($algo, $identifiedBy);
|
|
$config = Configuration::forSymmetricSigner(new Sha256(), InMemory::plainText($node->daemon_token));
|
|
|
|
$builder = $config->builder(new TimestampDates())
|
|
->issuedBy(config('app.url'))
|
|
->permittedFor($node->getConnectionAddress())
|
|
->identifiedBy($identifier)
|
|
->withHeader('jti', $identifier)
|
|
->issuedAt(CarbonImmutable::now())
|
|
->canOnlyBeUsedAfter(CarbonImmutable::now()->subMinutes(5));
|
|
|
|
$builder = $builder->expiresAt($this->expiresAt);
|
|
|
|
if (!empty($this->subject)) {
|
|
$builder = $builder->relatedTo($this->subject)->withHeader('sub', $this->subject);
|
|
}
|
|
|
|
foreach ($this->claims as $key => $value) {
|
|
$builder = $builder->withClaim($key, $value);
|
|
}
|
|
|
|
if (!is_null($this->user)) {
|
|
$builder = $builder
|
|
->withClaim('user_uuid', $this->user->uuid)
|
|
// The "user_id" claim is deprecated and should not be referenced — it remains
|
|
// here solely to ensure older versions of daemon are unaffected when the Panel
|
|
// is updated.
|
|
//
|
|
// This claim will be removed in Panel@1.11 or later.
|
|
->withClaim('user_id', $this->user->id);
|
|
}
|
|
|
|
return $builder
|
|
->withClaim('unique_id', Str::random())
|
|
->getToken($config->signer(), $config->signingKey());
|
|
}
|
|
}
|