#6 过期自动续签

edenleung · edenleung · commit 7a01f1f2b947 · 2020-05-17T21:16:54.000+08:00
diff --git a/config/config.php b/config/config.php
@@ -13,6 +13,7 @@
         'relogin'      => 50002,
         'iss'          => '',
         'aud'          => '',
+        'automaticRenewal' => false,
     ],
     'user' => [
         'inject' => false,
diff --git a/src/Jwt.php b/src/Jwt.php
@@ -32,18 +32,12 @@ class Jwt
      */
     private $manager;
 
-    /**
-     * @var Builder
-     */
-    private $builder;
-
     use \xiaodi\JWTAuth\Traits\Jwt;
 
-    public function __construct(App $app, Manager $manager, Builder $builder, User $user)
+    public function __construct(App $app, Manager $manager, User $user)
     {
         $this->app = $app;
         $this->manager = $manager;
-        $this->builder = $builder;
         $this->user = $user;
 
         $config = $this->getConfig();
@@ -73,19 +67,23 @@ public function token(array $claims): Token
     {
         $uniqid = $this->makeTokenId($claims);
 
-        $this->builder->setIssuer($this->iss())
+        $exp = time() + $this->ttl();
+        $refreshAt = $exp + $this->refreshTTL();
+
+        $builder = new Builder();
+        $builder->setIssuer($this->iss())
             ->setAudience($this->aud())
             ->setId($uniqid, true)
             ->setIssuedAt(time())
             ->setNotBefore(time() + $this->notBefore())
-            ->setExpiration(time() + $this->ttl())
-            ->set('refreshAt', time() + $this->refreshTTL());
+            ->setExpiration($exp)
+            ->set('refreshAt', $refreshAt);
 
         foreach ($claims as $key => $claim) {
-            $this->builder->set($key, $claim);
+            $builder->set($key, $claim);
         }
 
-        $token = $this->builder->getToken($this->getSigner(), $this->makeSignerKey());
+        $token = $builder->getToken($this->getSigner(), $this->makeSignerKey());
 
         $this->manager->login($token);
 
@@ -169,9 +167,13 @@ protected function getRequestToken(): Token
      *
      * @return Token
      */
-    public function parseToken(): Token
+    public function parseToken($token): Token
     {
-        $token = $this->getRequestToken();
+        try {
+            $token = (new Parser())->parse($token);
+        } catch (\InvalidArgumentException $e) {
+            throw new JWTInvalidArgumentException('此 Token 解析失败', 500);
+        }
 
         return $token;
     }
@@ -185,9 +187,9 @@ public function parseToken(): Token
      */
     public function logout(Token $token = null)
     {
-        $this->token = $token ?: $this->getRequestToken();
+        $token = $token ?: $this->getRequestToken();
 
-        $this->manager->logout($this->token);
+        $this->manager->logout($token);
     }
 
     /**
@@ -199,57 +201,94 @@ public function logout(Token $token = null)
      */
     public function verify(Token $token = null)
     {
-        $this->token = $token ?: $this->getRequestToken();
+        $token = $token ?: $this->getRequestToken();
 
         try {
-            $this->validateToken();
+            $this->validateToken($token);
+            $this->token = $token;
         } catch (\BadMethodCallException $e) {
             throw new JWTException('此 Token 未进行签名', 500);
         }
 
         return true;
     }
 
+    /**
+     * Token 自动续期
+     *
+     * @param Token $token
+     * @param int|string $ttl 秒数
+     * @return void
+     */
+    protected function automaticRenewalToken(Token $token)
+    {
+        $this->logout($token);
+        $claims = $token->getClaims();
+
+        unset($claims['iat']);
+        unset($claims['jti']);
+        unset($claims['nbf']);
+        unset($claims['exp']);
+        unset($claims['iss']);
+        unset($claims['aud']);
+        unset($claims['refreshAt']);
+
+        $token = $this->token($claims);
+        $claims = $token->getClaims();
+        $refreshAt = $claims['refreshAt'];
+
+        header('Access-Control-Expose-Headers:Automatic-Renewal-Token,Automatic-Renewal-Token-RefreshAt');
+        header("Automatic-Renewal-Token:$token");
+        header("Automatic-Renewal-Token-RefreshAt:$refreshAt");
+
+        return $token;
+    }
+
     /**
      * 效验 Token.
      *
      * @return void
      */
-    protected function validateToken()
+    protected function validateToken(Token $token)
     {
         // 是否在黑名单
-        if ($this->manager->hasBlacklist($this->token)) {
+        if ($this->manager->hasBlacklist($token)) {
             throw new TokenAlreadyEexpired('此 Token 已注销，请重新登录', $this->getReloginCode());
         }
 
         // 验证密钥是否与创建签名的密钥一致
-        if (false === $this->token->verify($this->getSigner(), $this->makeSignerKey())) {
+        if (false === $token->verify($this->getSigner(), $this->makeSignerKey())) {
             throw new JWTException('此 Token 与 密钥不匹配', $this->getReloginCode());
         }
 
         // 是否可用
-        $exp = $this->token->getClaim('nbf');
+        $exp = $token->getClaim('nbf');
         if (time() < $exp) {
             throw new JWTException('此 Token 暂未可用', 500);
         }
 
         // 是否已过期
-        if (true === $this->token->isExpired()) {
-            if (time() <= $this->token->getClaim('refreshAt')) {
-                throw new TokenAlreadyEexpired('Token 已过期，请重新刷新'.time().'-'.$this->token->getClaim('refreshAt'), $this->getAlreadyCode());
+        if (true === $token->isExpired()) {
+            if (time() <= $token->getClaim('refreshAt')) {
+                // 是否开启自动续签
+                if ($this->automaticRenewal()) {
+                    $token = $this->automaticRenewalToken($token);
+                } else {
+                    throw new TokenAlreadyEexpired('Token 已过期，请重新刷新', $this->getAlreadyCode());
+                }
+            } else {
+                throw new TokenAlreadyEexpired('Token 刷新时间已过，请重新登录', $this->getReloginCode());
             }
-
-            throw new TokenAlreadyEexpired('Token 刷新时间已过，请重新登录', $this->getReloginCode());
         }
 
         $data = new ValidationData();
 
-        $jwt_id = $this->token->getHeader('jti');
+        $jwt_id = $token->getHeader('jti');
         $data->setIssuer($this->iss());
         $data->setAudience($this->aud());
         $data->setId($jwt_id);
 
-        if (!$this->token->validate($data)) {
+        if (!$token->validate($data)) {
             throw new JWTException('此 Token 效验不通过', $this->getReloginCode());
         }
     }
diff --git a/src/Traits/Jwt.php b/src/Traits/Jwt.php
@@ -27,6 +27,8 @@ trait Jwt
     private $iss;
     private $aud;
 
+    private $automaticRenewal = false;
+
     /**
      * 获取 Token获取途径.
      *
@@ -267,4 +269,14 @@ public function getToken()
     {
         return $this->token;
     }
+
+    /**
+     * 获取 是否开启过期自动续签
+     *
+     * @return void
+     */
+    public function automaticRenewal()
+    {
+        return $this->automaticRenewal;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,8 @@ trait Jwt`
`27`	`27`	`private $iss;`
`28`	`28`	`private $aud;`
`29`	`29`
	`30`	`+ private $automaticRenewal = false;`
	`31`	`+`
`30`	`32`	`/**`
`31`	`33`	`* 获取 Token获取途径.`
`32`	`34`	`*`
`@@ -267,4 +269,14 @@ public function getToken()`
`267`	`269`	`{`
`268`	`270`	`return $this->token;`
`269`	`271`	`}`
	`272`	`+`
	`273`	`+ /**`
	`274`	`+ * 获取是否开启过期自动续签`
	`275`	`+ *`
	`276`	`+ * @return void`
	`277`	`+ */`
	`278`	`+ public function automaticRenewal()`
	`279`	`+ {`
	`280`	`+ return $this->automaticRenewal;`
	`281`	`+ }`
`270`	`282`	`}`