jarnovanleeuwen
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎composer.json
Lines changed: 41 additions & 0 deletions b/‎composer.json
Lines changed: 41 additions & 0 deletions
diff --git a/‎examples/.htaccess
Lines changed: 7 additions & 0 deletions b/‎examples/.htaccess
Lines changed: 7 additions & 0 deletions
diff --git a/‎examples/ClientServer/Request.php
Lines changed: 27 additions & 0 deletions b/‎examples/ClientServer/Request.php
Lines changed: 27 additions & 0 deletions
diff --git a/‎examples/ClientServer/client.php
Lines changed: 25 additions & 0 deletions b/‎examples/ClientServer/client.php
Lines changed: 25 additions & 0 deletions
diff --git a/‎examples/ClientServer/server.php
Lines changed: 45 additions & 0 deletions b/‎examples/ClientServer/server.php
Lines changed: 45 additions & 0 deletions
diff --git a/‎examples/private_rsa.pem
Lines changed: 27 additions & 0 deletions b/‎examples/private_rsa.pem
Lines changed: 27 additions & 0 deletions
diff --git a/‎examples/public_rsa.pem
Lines changed: 9 additions & 0 deletions b/‎examples/public_rsa.pem
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/Client/Client.php
Lines changed: 142 additions & 0 deletions b/‎src/Client/Client.php
Lines changed: 142 additions & 0 deletions
diff --git a/‎src/Client/Exceptions/AccessTokenException.php
Lines changed: 12 additions & 0 deletions b/‎src/Client/Exceptions/AccessTokenException.php
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/Client/Exceptions/ClientException.php
Lines changed: 31 additions & 0 deletions b/‎src/Client/Exceptions/ClientException.php
Lines changed: 31 additions & 0 deletions
diff --git a/‎src/Client/Exceptions/RequestException.php
Lines changed: 12 additions & 0 deletions b/‎src/Client/Exceptions/RequestException.php
Lines changed: 12 additions & 0 deletions
@@ -0,0 +1,2 @@
+/vendor
+composer.lock
@@ -0,0 +1,41 @@
+{
+    "name": "jarnovanleeuwen/jwtapi",
+    "type": "library",
+    "description": "Efficient and secure machine-to-machine API using JSON Web Tokens and asymmetric request signing.",
+    "keywords": [
+        "jwt",
+        "api",
+        "json",
+        "asymmetric",
+        "boilerplate"
+    ],
+    "homepage": "https://github.com/jarnovanleeuwen/jwtapi",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Jarno van Leeuwen",
+            "email": "vanleeuwen.jarno@gmail.com"
+        }
+    ],
+    "autoload": {
+        "psr-4": {
+            "JwtApi\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Examples\\": "examples/"
+        }
+    },
+    "require": {
+        "php": "^7.1",
+        "firebase/php-jwt": "^5.0",
+        "guzzlehttp/guzzle": "^6.3",
+        "symfony/http-foundation": "^3.4"
+    },
+    "config": {
+        "preferred-install": "dist",
+        "sort-packages": true,
+        "optimize-autoloader": true
+    }
+}
@@ -0,0 +1,7 @@
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+
+    # Handle Authorization Header
+    RewriteCond %{HTTP:Authorization} .
+    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+</IfModule>
@@ -0,0 +1,27 @@
+<?php
+namespace Examples\ClientServer;
+
+use JwtApi\Client\Request as BaseRequest;
+
+class Request extends BaseRequest
+{
+    public function __construct(array $parameters = [])
+    {
+        $this->parameters = $parameters;
+    }
+
+    public function getMethod(): string
+    {
+        return 'GET';
+    }
+
+    public function getUri(): string
+    {
+        return 'server.php';
+    }
+
+    public function getRequestOptions(): ?array
+    {
+        return ['debug' => true];
+    }
+}
@@ -0,0 +1,25 @@
+<?php
+namespace Examples\ClientServer;
+
+require_once "../../vendor/autoload.php";
+
+use JwtApi\Client\Client;
+
+$apiKey = "MR4CkRb4pm7yFpVOVL6jfJj5JClx81p3";
+
+$client = new Client(
+    "http://localhost/jwtapi/examples/ClientServer/",
+    $apiKey,
+    [
+        'extra-claim' => 'IAmUntampered'
+    ]
+);
+
+$client->loadPrivateKey("../private_rsa.pem");
+
+$request = new Request(['random' => random_int(0, PHP_INT_MAX)]);
+
+print '<pre>';
+$response = $client->send($request);
+print_r($response->getData());
+print '</pre>';
@@ -0,0 +1,45 @@
+<?php
+namespace Examples\ClientServer;
+
+require_once "../../vendor/autoload.php";
+
+use JwtApi\Server\RequestParser;
+use JwtApi\Server\Exceptions\RequestException;
+use Symfony\Component\HttpFoundation\Request;
+
+$requestParser = new RequestParser(function (string $apiKey): ?string {
+    // Lookup and return public key associated with $apiKey
+    if ($apiKey == "MR4CkRb4pm7yFpVOVL6jfJj5JClx81p3") {
+        return file_get_contents("../public_rsa.pem");
+    }
+    return null;
+});
+
+$result = [];
+
+try {
+    $requestParser->setRequest($request = Request::createFromGlobals());
+    $requestParser->verify();
+
+    // The request is verified. The request:
+    // - contains a valid API key
+    // - is signed with the corresponding private key
+    // - was signed less than 60 seconds ago
+    $result = [
+        'status' => 'success',
+        'data' => [
+            'claims' => $requestParser->getClaims(),
+            'random' => $request->get('random'),
+            'method' => $request->getMethod()
+        ]
+    ];
+} catch (RequestException $exception) {
+    $result = [
+        'status' => 'error',
+        'code' => $exception->getCode(),
+        'message' => $exception->getMessage()
+    ];
+}
+
+header('Content-Type: application/json');
+print json_encode($result);
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA4X72IjJ09dH1tP/gMIX3gw0d0JdamNC4Kd/hLPn78ozlyVLN
+laXAjF/m4F9VQXjwuSpBeITTjQiI9GaJRU8VfHRTJ3TZxfx3s2rlMHw7yYrO4bdH
+OdDJLkxFl71PcPWz6SxmJ15uLILIGJaTIBxzRaR1I5ze3yS/wfIzhucSojnHGsUn
+CR4CtBDESr8eF2iiXOcx8kVvkIavSRyiJscTTTOfMecTHt4ZXynbBYg3HWh8dRDM
+qpVbBwQsCzR8izaA1vV6U19+23sEZbzEYXBxWg9pIJwmDeAe+5KOgL0+c/c1afH6
+KnMoXF7FecqExSpy4U/nHCFirMiO9DuFnRCnjQIDAQABAoIBAD4vPf82POzhZsnw
+WknnV9drEZLJenFz9aWOmNFHawR7eI7pZ8ph+FR9yfSMNb2ldXUKwx1SO+jDtsj3
+UdmsMnesuJXD8p5XvkbbLrMNP4uX3O+AFINMIX7EB9kNms/C4kdmOBGZR/a8ZiPp
+uk77qYpGDQuyIgAVaVA5053bMVdM5OxFHj/o5WOAbpYbjQMoB3bvD/A1Vy5EuEvn
+Fgi4L8gtxqs+8qf1jMRuUoJXsF5obXkym5syBkci+8Eoizi/vg5uhYUGlmLoOnCa
+8nIYuNoU8rwhv0xXSNsTXT1J+0PLjoTsC6UNI6WwzTdrISmdpxFOdhp2McW5v/Av
+FiRCQf0CgYEA/vqqvz4jcG89DjPYzkQzm/HEZ7HwcSiWZNGgBulTQBd8DAH+Tmh8
+28Gp4btPEPn5zA+9ozJzR/T+oB88pWAYFv2bDO3Io//Uj9UmrrPvhT7fq0EXJWx7
+GHD7qSgwn5j+SD7uuF7QtIvIIqPuJMA2YUV3TsyKG8i/B46RVqy1Ve8CgYEA4mYT
+mVdDwaw33oIRgz9P5qleU4+Q2T5Ay6QD8ATcbMA2XbNdIiik6OG+mNxjAo4cNZBt
+V12ttENleNNcFEkJCqUl2S7a5Yuf66Lhta60ihpW5U6FpeAfRoEfzuKuWmoRRW+l
+sM2tZ/J21mReJP+SyiJGxuZiicOJLCYJR/LxdkMCgYAi8Qz3GjfXD5dpW9eJJLWB
+2FbW8v6FM0+wzz1D1TOwY8d/CcLk0dLSdq6mHXoPVIJT4ZBWTfKYWM2P+dfgvdNv
+Sx+1XNyTBNsHPumHJWdcdipGmKvoV/5ichE6tCQ9qsSl9+HU6EFnjIRHovleleyd
+1dwss0D138O18GagXxiWhwKBgHrcJDSpy6ZVfDgu46wS9pxZO0wjc9rA0s7wIgbl
+zGzj3lz5EkiQP/X1U8aGiuB/GEXlK8EmoDZcALwSDz0e6V4ygxiaOcYqAE4SpWQ/
++8+aPZ/Q/ewndTGAry9Jio6cUuUYkpUg+MKZLO5pp0FyxEkXUstriPvz9gPUXGME
+Lw8bAoGAa+8iAAUrX9cUVAbqKAN0C33C7lPHLfP8ZFRxQI50/nf1srh0BUZukMd2
+gPZ2IiJfMEzQlcVmVc1MZ3rTDy0j4KWD5LAol831E7TuJ6As/8YBUS82XeiquaM3
+oAyQR0u/KXvb3IuRQ237t1ZoMxbY/fCMQmx0KnK6168aPm1qy7s=
+-----END RSA PRIVATE KEY-----
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4X72IjJ09dH1tP/gMIX3
+gw0d0JdamNC4Kd/hLPn78ozlyVLNlaXAjF/m4F9VQXjwuSpBeITTjQiI9GaJRU8V
+fHRTJ3TZxfx3s2rlMHw7yYrO4bdHOdDJLkxFl71PcPWz6SxmJ15uLILIGJaTIBxz
+RaR1I5ze3yS/wfIzhucSojnHGsUnCR4CtBDESr8eF2iiXOcx8kVvkIavSRyiJscT
+TTOfMecTHt4ZXynbBYg3HWh8dRDMqpVbBwQsCzR8izaA1vV6U19+23sEZbzEYXBx
+Wg9pIJwmDeAe+5KOgL0+c/c1afH6KnMoXF7FecqExSpy4U/nHCFirMiO9DuFnRCn
+jQIDAQAB
+-----END PUBLIC KEY-----
@@ -0,0 +1,142 @@
+<?php
+namespace JwtApi\Client;
+
+use Firebase\JWT\JWT;
+use GuzzleHttp\Client as HttpClient;
+use GuzzleHttp\Exception\ClientException;
+use GuzzleHttp\RequestOptions;
+use JwtApi\Client\Exceptions\AccessTokenException;
+use JwtApi\Client\Exceptions\RequestException;
+
+class Client
+{
+    const CLIENT = 'JwtApi/PHP';
+    const VERSION = 0.1;
+    const DEFAULT_HASH_ALGORITHM = 'RS256';
+    const HEADER_API_KEY = 'API-Key';
+
+    /**
+     * @var string
+     */
+    private $apiKey;
+
+    /**
+     * @var string
+     */
+    private $apiUrl;
+
+    /**
+     * @var array
+     */
+    private $claims;
+
+    /**
+     * @var string
+     */
+    private $hashAlgorithm;
+
+    /**
+     * @var HttpClient
+     */
+    private $httpClient;
+
+    /**
+     * @var string
+     */
+    private $privateKey;
+
+    public function __construct(string $apiUrl, string $apiKey, array $claims = [])
+    {
+        $this->apiUrl = $apiUrl;
+        $this->apiKey = $apiKey;
+        $this->claims = $claims;
+
+        $this->setHttpClient(new HttpClient([
+            'base_uri' => $apiUrl,
+            'http_errors' => false,
+            'headers' => ['User-Agent' => static::version()]
+        ]));
+    }
+
+    protected function setHttpClient(HttpClient $httpClient): void
+    {
+        $this->httpClient = $httpClient;
+    }
+
+    public function getClaims(): array
+    {
+        return [];
+    }
+
+    public function setClaims(array $claims): void
+    {
+        $this->claims = $claims;
+    }
+
+    public function loadPrivateKey(string $path, string $hashAlgorithm = self::DEFAULT_HASH_ALGORITHM): void
+    {
+        $this->setPrivateKey(file_get_contents($path), $hashAlgorithm);
+    }
+
+    public function setPrivateKey(string $privateKey, string $hashAlgorithm = self::DEFAULT_HASH_ALGORITHM): void
+    {
+        $this->privateKey = $privateKey;
+        $this->hashAlgorithm = $hashAlgorithm;
+    }
+
+    protected function createAccessToken(): string
+    {
+        if ($this->privateKey === null) {
+            throw new AccessTokenException("Cannot create Access Token because no Private Key has been set.");
+        }
+
+        return JWT::encode(array_merge([
+            'iat' => time(),
+            'iss' => static::version()
+        ], $this->claims), $this->privateKey, $this->hashAlgorithm);
+    }
+
+    protected function getRequestOptions(Request $request): array
+    {
+        $options = [
+            RequestOptions::HEADERS => [
+                static::HEADER_API_KEY => $this->apiKey,
+                'Authorization' => "Bearer {$this->createAccessToken()}"
+            ]
+        ];
+
+        if ($parameters = $request->getParameters()) {
+            $options[RequestOptions::QUERY] = $parameters;
+        }
+
+        if ($payload = $request->getPayload()) {
+            $options[RequestOptions::JSON] = $payload;
+        }
+
+        return array_merge($options, $request->getRequestOptions());
+    }
+
+    public function send(Request $request): Response
+    {
+        try {
+            $response = $this->httpClient->request(
+                $request->getMethod(),
+                $request->getUri(),
+                $this->getRequestOptions($request)
+            );
+
+            if (($statusCode = $response->getStatusCode()) >= 200 && $statusCode < 300) {
+                return new Response($response);
+            }
+
+            throw new RequestException($response->getBody());
+        } catch (ClientException $exception) {
+            throw new RequestException($exception->getMessage());
+        }
+    }
+
+    public static function version(): string
+    {
+        return static::CLIENT.'/'.static::VERSION;
+    }
+}
@@ -0,0 +1,12 @@
+<?php
+namespace JwtApi\Client\Exceptions;
+
+use Exception;
+
+class AccessTokenException extends ClientException
+{
+    public function __construct($message, $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}
@@ -0,0 +1,31 @@
+<?php
+namespace JwtApi\Client\Exceptions;
+
+use Exception;
+use RuntimeException;
+
+abstract class ClientException extends RuntimeException
+{
+    /**
+     * @var array
+     */
+    private $errors = [];
+
+    public function __construct($message, $code = 0, Exception $previous = null)
+    {
+        // Try to decode into a JwtApi error response.
+        $response = json_decode($message);
+
+        if ($response !== null) {
+            $this->errors = $response->errors ?? [];
+
+            if (count($this->errors) > 0) {
+                $error = $this->errors[0];
+
+                $message = "[{$error->code}] {$error->message}";
+            }
+        }
+
+        parent::__construct($message, $code, $previous);
+    }
+}
@@ -0,0 +1,12 @@
+<?php
+namespace JwtApi\Client\Exceptions;
+
+use Exception;
+
+class RequestException extends ClientException
+{
+    public function __construct($message, $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}