Merge pull request #17 from citrus-framework/add_jwt

JWTの追加
citrus-framework · Sep 15, 2020 · 4fc77fb · 4fc77fb
2 parents aff7f96 + baef9c9
commit 4fc77fb
Show file tree

Hide file tree

Showing 11 changed files with 681 additions and 43 deletions.
diff --git a/composer.json b/composer.json
@@ -13,6 +13,7 @@
   ],
   "require": {
     "citrus-framework/configure": "^1.0",
+    "citrus-framework/contract": "^1.0",
     "citrus-framework/formmap": "^1.0",
     "citrus-framework/http": "^1.0",
     "citrus-framework/logger": "^1.0",
@@ -22,7 +23,8 @@
     "ext-mbstring": "*",
     "ext-posix": "*",
     "ext-json": "*",
-    "ext-pdo": "*"
+    "ext-pdo": "*",
+    "ext-openssl": "*"
   },
   "require-dev": {
     "php": "^7.3",

diff --git a/src/Authentication.php b/src/Authentication.php
@@ -10,8 +10,8 @@
 
 namespace Citrus;
 
+use Citrus\Authentication\AuthItem;
 use Citrus\Authentication\Database;
-use Citrus\Authentication\Item;
 use Citrus\Authentication\Protocol;
 use Citrus\Configure\Configurable;
 use Citrus\Database\Connection\Connection;
@@ -70,10 +70,10 @@ public function loadConfigures(array $configures = []): Configurable
     /**
      * 認証処理
      *
-     * @param Item $item
+     * @param AuthItem $item
      * @return bool true:認証成功, false:認証失敗
      */
-    public function authorize(Item $item): bool
+    public function authorize(AuthItem $item): bool
     {
         if (true === is_null($this->protocol))
         {
@@ -106,10 +106,10 @@ public function deAuthorize(): bool
      * 認証のチェック
      * 認証できていれば期間の延長
      *
-     * @param Item|null $item
+     * @param AuthItem|null $item
      * @return bool true:チェック成功, false:チェック失敗
      */
-    public function isAuthenticated(Item $item = null): bool
+    public function isAuthenticated(AuthItem $item = null): bool
     {
         if (true === is_null($this->protocol))
         {

diff --git a/src/Authentication/Item.php → src/Authentication/AuthItem.php b/src/Authentication/Item.php → src/Authentication/AuthItem.php
@@ -15,7 +15,7 @@
 /**
  * 認証アイテム
  */
-class Item extends Columns
+class AuthItem extends Columns
 {
     /** @var string user id */
     public $user_id;
@@ -26,6 +26,6 @@ class Item extends Columns
     /** @var string token */
     public $token;
 
-    /** @var string keep at */
-    public $keep_at;
+    /** @var string expired at */
+    public $expired_at;
 }
diff --git a/src/Authentication/Database.php b/src/Authentication/Database.php
@@ -24,7 +24,7 @@
     user_id CHARACTER VARYING(32) NOT NULL,
     password CHARACTER VARYING(64) NOT NULL,
     token TEXT,
-    keep_at TIMESTAMP WITHOUT TIME ZONE,
+    expired_at TIMESTAMP WITHOUT TIME ZONE,
     status INTEGER DEFAULT 0 NOT NULL,
     created_at TIMESTAMP WITHOUT TIME ZONE DEFAULT current_timestamp NOT NULL,
     updated_at TIMESTAMP WITHOUT TIME ZONE DEFAULT current_timestamp NOT NULL,
@@ -60,13 +60,13 @@ public function __construct(Connection $connection)
     /**
      * 認証処理
      *
-     * @param Item $item
+     * @param AuthItem $item
      * @return bool true:認証成功, false:認証失敗
      */
-    public function authorize(Item $item): bool
+    public function authorize(AuthItem $item): bool
     {
         // ログインID、パスワード のどちらかが null もしくは 空文字 だった場合は認証失敗
-        if (true === Strings::isEmpty($item->user_id) || true === Strings::isEmpty($item->password))
+        if (true === Strings::isEmpty($item->user_id) or true === Strings::isEmpty($item->password))
         {
             return false;
         }
@@ -75,10 +75,10 @@ public function authorize(Item $item): bool
         $table_name = Authentication::$AUTHORIZE_TABLE_NAME;
 
         // 対象ユーザーがいるか？
-        $condition = new Item();
+        $condition = new AuthItem();
         $condition->user_id = $item->user_id;
-        /** @var Item $result */
-        $result = (new Builder($this->connection))->select($table_name, $condition)->execute(Item::class)->one();
+        /** @var AuthItem $result */
+        $result = (new Builder($this->connection))->select($table_name, $condition)->execute(AuthItem::class)->one();
         // いなければ認証失敗
         if (true === is_null($result))
         {
@@ -93,11 +93,11 @@ public function authorize(Item $item): bool
 
         // 認証情報の保存
         $item->token = Authentication::generateToken();
-        $item->keep_at = Authentication::generateKeepAt();
+        $item->expired_at = Authentication::generateKeepAt();
         $item->password = null;
 
         // データベースに現在のトークンと保持期間の保存
-        $condition = new Item();
+        $condition = new AuthItem();
         $condition->rowid = $result->rowid;
         $condition->rev = $result->rev;
         (new Builder($this->connection))->update($table_name, $item, $condition)->execute();
@@ -127,10 +127,10 @@ public function deAuthorize(): bool
      * 認証のチェック
      * 認証できていれば期間の延長
      *
-     * @param Item|null $item
+     * @param AuthItem|null $item
      * @return bool true:チェック成功, false:チェック失敗
      */
-    public function isAuthenticated(Item $item = null): bool
+    public function isAuthenticated(AuthItem $item = null): bool
     {
         // 指定されない場合はsessionから取得
         if (true === is_null($item))
@@ -145,24 +145,24 @@ public function isAuthenticated(Item $item = null): bool
             return false;
         }
         // ユーザーIDとトークン、認証期間があるか
-        if (true === is_null($item->user_id) or true === is_null($item->token) or true === is_null($item->keep_at))
+        if (true === is_null($item->user_id) or true === is_null($item->token) or true === is_null($item->expired_at))
         {
-            Logger::debug('ログアウト:ユーザIDが無い(user_id=%s)、もしくはトークンが無い(token=%s)、もしくはタイムアウト(keep_at=%s)',
+            Logger::debug('ログアウト:ユーザIDが無い(user_id=%s)、もしくはトークンが無い(token=%s)、もしくはタイムアウト(expired_at=%s)',
                 $item->user_id,
                 $item->token,
-                $item->keep_at
+                $item->expired_at
                 );
             return false;
         }
 
         // すでに認証期間が切れている
-        $keep_timestamp = strtotime($item->keep_at);
-        $now_timestamp = time();
-        if ($keep_timestamp < $now_timestamp)
+        $expired_ts = strtotime($item->expired_at);
+        $now_ts = time();
+        if ($expired_ts < $now_ts)
         {
             Logger::debug('ログアウト:タイムアウト(%s) < 現在時間(%s)',
-                $keep_timestamp,
-                $now_timestamp
+                $expired_ts,
+                $now_ts
             );
             return false;
         }
@@ -171,18 +171,18 @@ public function isAuthenticated(Item $item = null): bool
         $table_name = Authentication::$AUTHORIZE_TABLE_NAME;
 
         // まだ認証済みなので、認証期間の延長
-        $authentic = new Item();
-        $authentic->keep_at = Authentication::generateKeepAt();
-        $condition = new Item();
+        $authentic = new AuthItem();
+        $authentic->expired_at = Authentication::generateKeepAt();
+        $condition = new AuthItem();
         $condition->user_id = $item->user_id;
         $condition->token = $item->token;
         // 更新
         $result = (new Builder($this->connection))->update($table_name, $authentic, $condition)->execute();
 
         // 時間を延長
-        /** @var Item $item */
+        /** @var AuthItem $item */
         $item = Session::$session->call(Authentication::SESSION_KEY);
-        $item->keep_at = $authentic->keep_at;
+        $item->expired_at = $authentic->expired_at;
         Session::$session->add(Authentication::SESSION_KEY, $item);
         Session::commit();