Merge pull request #3 from laojiu/master

修复不同场景下直接获取token的场景进行验证；同时添加可配置场景是否验证（不验证场景的情况下默认只验证token）
mineadmin · Dec 12, 2023 · 27eb7f5 · 27eb7f5
2 parents abf114a + f20da79
commit 27eb7f5
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 8 deletions.
diff --git a/publish/jwt.php b/publish/jwt.php
@@ -111,5 +111,7 @@
     'model' => [ // TODO 支持直接获取某模型的数据
         'class' => '',
         'pk' => 'uid'
-    ]
+    ],
+    //$independentTokenVerify true时会验证当前场景配置是否是生成当前的token的配置，需要配合自定义中间件实现，false会根据当前token拿到原来的场景配置，并且验证当前token
+    'independentTokenVerify' => false
 ];
diff --git a/src/AbstractJWT.php b/src/AbstractJWT.php
@@ -156,4 +156,13 @@ public function getSceneConfig(string $scene = 'default')
     {
         return $this->config->get("{$this->configPrefix}.{$this->scenePrefix}.{$scene}");
     }
+
+    /**
+     * @param bool $independentTokenVerify
+     * @return bool
+     */
+    public function getIndependentTokenVerify(bool $independentTokenVerify = false): bool
+    {
+        return $this->config->get("{$this->configPrefix}")['independentTokenVerify'] ?? $independentTokenVerify;
+    }
 }
diff --git a/src/JWT.php b/src/JWT.php
@@ -101,9 +101,18 @@ public function checkToken(string $token = null, string $scene = null, $validate
         try {
             $token = $token ?? $this->getHeaderToken();
             $tokenObj = $this->getTokenObj($token);
-            $config = $this->getSceneConfig($scene ?? $this->getScene());
             $claims = $tokenObj->claims()->all();
-
+            $tokenScene = $claims[$this->tokenScenePrefix];
+            // 获取当前环境的场景配置并且验证该token是否是该配置生成的
+            //$independentTokenVerify true时会验证当前场景配置是否是生成当前的token的配置，需要配合自定义中间件实现，false会根据当前token拿到原来的场景配置，并且验证当前token
+            if ($this->getIndependentTokenVerify() && $tokenScene != $this->getScene()) {
+                throw new TokenValidException('Token authentication does not pass', 401);
+            }
+            //根据配置信息判断，设置当前token对应的场景scene
+            if (!$this->getIndependentTokenVerify()) {
+                $scene = $tokenScene ?? $scene;
+            }
+            $config = $this->getSceneConfig($scene ?? $this->getScene());
             $signer = new $config['supported_algs'][$config['alg']];
 
             // 验证token是否存在黑名单
@@ -115,11 +124,6 @@ public function checkToken(string $token = null, string $scene = null, $validate
                 throw new TokenValidException('Token authentication does not pass', 401);
             }
 
-            // 获取当前环境的场景配置并且验证该token是否是该配置生成的
-            if ($independentTokenVerify) {
-                $config = $this->getSceneConfig($this->getScene());
-            }
-
             return true;
         } catch (\RuntimeException $e) {
             throw new \RuntimeException($e->getMessage(), $e->getCode(), $e->getPrevious());