accounts/api/components/Tokens/TokensFactory.php

89 lines
2.9 KiB
PHP
Raw Normal View History

<?php
declare(strict_types=1);
namespace api\components\Tokens;
use api\rbac\Permissions as P;
use api\rbac\Roles as R;
use Carbon\Carbon;
use common\models\Account;
use common\models\AccountSession;
use DateTime;
use Lcobucci\JWT\Token;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use Yii;
use yii\base\Component;
class TokensFactory extends Component {
public const SUB_ACCOUNT_PREFIX = 'ely|';
public const AUD_CLIENT_PREFIX = 'client|';
public function createForWebAccount(Account $account, AccountSession $session = null): Token {
$payloads = [
'ely-scopes' => $this->prepareScopes([R::ACCOUNTS_WEB_USER]),
'sub' => $this->buildSub($account->id),
'exp' => Carbon::now()->addHour()->getTimestamp(),
];
if ($session === null) {
// If we don't remember a session, the token should live longer
// so that the session doesn't end while working with the account
$payloads['exp'] = Carbon::now()->addDays(7)->getTimestamp();
} else {
$payloads['jti'] = $session->id;
}
return Yii::$app->tokens->create($payloads);
}
public function createForOAuthClient(AccessTokenEntityInterface $accessToken): Token {
$payloads = [
'aud' => $this->buildAud($accessToken->getClient()->getIdentifier()),
'ely-scopes' => $this->prepareScopes($accessToken->getScopes()),
];
if ($accessToken->getExpiryDateTime() > new DateTime()) {
$payloads['exp'] = $accessToken->getExpiryDateTime()->getTimestamp();
}
if ($accessToken->getUserIdentifier() !== null) {
$payloads['sub'] = $this->buildSub($accessToken->getUserIdentifier());
}
return Yii::$app->tokens->create($payloads);
}
public function createForMinecraftAccount(Account $account, string $clientToken): Token {
return Yii::$app->tokens->create([
'ely-scopes' => $this->prepareScopes([P::MINECRAFT_SERVER_SESSION]),
'ely-client-token' => new EncryptedValue($clientToken),
'sub' => $this->buildSub($account->id),
'exp' => Carbon::now()->addDays(2)->getTimestamp(),
]);
}
/**
* @param ScopeEntityInterface[]|string[] $scopes
*
* @return string
*/
private function prepareScopes(array $scopes): string {
return implode(',', array_map(function($scope): string { // TODO: replace to the space if it's possible
if ($scope instanceof ScopeEntityInterface) {
return $scope->getIdentifier();
}
return $scope;
}, $scopes));
}
private function buildSub(int $accountId): string {
return self::SUB_ACCOUNT_PREFIX . $accountId;
}
private function buildAud(string $clientId): string {
return self::AUD_CLIENT_PREFIX . $clientId;
}
}