2019-08-01 14:47:12 +05:30
|
|
|
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
|
|
|
namespace api\components\Tokens;
|
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
use api\rbac\Permissions as P;
|
|
|
|
use api\rbac\Roles as R;
|
2019-08-02 05:59:20 +05:30
|
|
|
use Carbon\Carbon;
|
2019-08-01 14:47:12 +05:30
|
|
|
use common\models\Account;
|
|
|
|
use common\models\AccountSession;
|
|
|
|
use Lcobucci\JWT\Token;
|
2019-09-22 02:47:21 +05:30
|
|
|
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
|
|
|
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
2019-08-01 14:47:12 +05:30
|
|
|
use Yii;
|
2019-12-04 23:40:15 +05:30
|
|
|
use yii\base\Component;
|
2019-08-01 14:47:12 +05:30
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
class TokensFactory extends Component {
|
2019-08-01 14:47:12 +05:30
|
|
|
|
|
|
|
public const SUB_ACCOUNT_PREFIX = 'ely|';
|
2019-09-22 02:47:21 +05:30
|
|
|
public const AUD_CLIENT_PREFIX = 'client|';
|
2019-08-01 14:47:12 +05:30
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
public function createForWebAccount(Account $account, AccountSession $session = null): Token {
|
2019-08-01 14:47:12 +05:30
|
|
|
$payloads = [
|
2019-12-04 23:40:15 +05:30
|
|
|
'ely-scopes' => R::ACCOUNTS_WEB_USER,
|
|
|
|
'sub' => $this->buildSub($account->id),
|
2019-08-01 14:47:12 +05:30
|
|
|
];
|
|
|
|
if ($session === null) {
|
|
|
|
// If we don't remember a session, the token should live longer
|
|
|
|
// so that the session doesn't end while working with the account
|
2019-08-02 05:59:20 +05:30
|
|
|
$payloads['exp'] = Carbon::now()->addDays(7)->getTimestamp();
|
2019-08-01 14:47:12 +05:30
|
|
|
} else {
|
|
|
|
$payloads['jti'] = $session->id;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Yii::$app->tokens->create($payloads);
|
|
|
|
}
|
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
public function createForOAuthClient(AccessTokenEntityInterface $accessToken): Token {
|
2019-09-22 02:47:21 +05:30
|
|
|
$payloads = [
|
2019-12-04 23:40:15 +05:30
|
|
|
'aud' => $this->buildAud($accessToken->getClient()->getIdentifier()),
|
|
|
|
'ely-scopes' => $this->joinScopes(array_map(static function(ScopeEntityInterface $scope): string {
|
2019-09-22 02:47:21 +05:30
|
|
|
return $scope->getIdentifier();
|
2019-09-23 03:33:36 +05:30
|
|
|
}, $accessToken->getScopes())),
|
2019-09-22 02:47:21 +05:30
|
|
|
'exp' => $accessToken->getExpiryDateTime()->getTimestamp(),
|
|
|
|
];
|
|
|
|
if ($accessToken->getUserIdentifier() !== null) {
|
2019-12-04 23:40:15 +05:30
|
|
|
$payloads['sub'] = $this->buildSub($accessToken->getUserIdentifier());
|
2019-09-22 02:47:21 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
return Yii::$app->tokens->create($payloads);
|
|
|
|
}
|
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
public function createForMinecraftAccount(Account $account, string $clientToken): Token {
|
|
|
|
return Yii::$app->tokens->create([
|
|
|
|
'ely-scopes' => $this->joinScopes([P::MINECRAFT_SERVER_SESSION]),
|
|
|
|
'ely-client-token' => new EncryptedValue($clientToken),
|
|
|
|
'sub' => $this->buildSub($account->id),
|
|
|
|
'exp' => Carbon::now()->addDays(2)->getTimestamp(),
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
private function joinScopes(array $scopes): string {
|
|
|
|
return implode(',', $scopes);
|
|
|
|
}
|
|
|
|
|
|
|
|
private function buildSub(int $accountId): string {
|
2019-09-22 02:47:21 +05:30
|
|
|
return self::SUB_ACCOUNT_PREFIX . $accountId;
|
|
|
|
}
|
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
private function buildAud(string $clientId): string {
|
2019-09-22 02:47:21 +05:30
|
|
|
return self::AUD_CLIENT_PREFIX . $clientId;
|
|
|
|
}
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
}
|