src/Security/Authentication/JWTSubscriber.php line 44

  1. <?php
  2. namespace App\Security\Authentication;
  4. use Symfony\Component\EventDispatcher\EventSubscriberInterface,
  5.     Symfony\Component\HttpFoundation\RequestStack,
  6.     Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  8. use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTCreatedEvent,
  9.     Lexik\Bundle\JWTAuthenticationBundle\Event\JWTDecodedEvent,
  10.     Lexik\Bundle\JWTAuthenticationBundle\Events as LexikEvents,
  11.     Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface,
  12.     Lexik\Bundle\JWTAuthenticationBundle\Security\Authenticator\Token\JWTPostAuthenticationToken;
  14. final class JWTSubscriber implements EventSubscriberInterface
  15. {
  16.     const REMEMBER_ME_TTL '30 days';
  18.     private TokenStorageInterface $tokenStorage;
  19.     private JWTTokenManagerInterface $jwtManager;
  20.     private RequestStack $requestStack;
  22.     public function __construct(
  23.         TokenStorageInterface $tokenStorage,
  24.         JWTTokenManagerInterface $jwtManager,
  25.         RequestStack $requestStack
  26.     ) {
  27.         $this->tokenStorage $tokenStorage;
  28.         $this->jwtManager $jwtManager;
  29.         $this->requestStack $requestStack;
  30.     }
  32.     public static function getSubscribedEvents() : array
  33.     {
  34.         return [
  35.             LexikEvents::JWT_CREATED => [
  36.                 ['onJWTCreated'10],
  37.             ],
  38.             // LexikEvents::JWT_DECODED => [
  39.             //     ['onJWTDecoded', 10]
  40.             // ]
  41.         ];
  42.     }
  44.     public function onJWTCreated(JWTCreatedEvent $event): void
  45.     {
  46.         $payload $event->getData();
  47.         $payload['ip'] = $this->getClientIp();
  49.         $event->setData($payload);
  51.         $header $event->getHeader();
  52.         $header['cty'] = 'JWT';
  54.         $event->setHeader($header);
  56.         $exp $this->getExpire();
  58.         if ($exp) {
  59.             $payload['exp'] = $exp;
  60.         }
  62.         $event->setData($payload);
  64.         return;
  65.     }
  67.     public function onJWTDecoded(JWTDecodedEvent $event): void
  68.     {
  69.         $payload $event->getPayload();
  71.         if (! isset($payload['ip']) || $payload['ip'] !== $this->getClientIp()) {
  72.             $event->markAsInvalid();
  73.         }
  75.         return;
  76.     }
  78.     private function getExpire(): ?string
  79.     {
  80.         $currentToken $this->tokenStorage->getToken();
  82.         if ($currentToken instanceof JWTPostAuthenticationToken) {
  83.             $decodedToken $this->jwtManager->decode($currentToken);
  84.             $expire time() + $decodedToken['exp'] - $decodedToken['iat'];
  86.             return $expire;
  87.         }
  89.         $data json_decode($this->getRequestContent()) ?? new \stdClass();
  91.         if (! property_exists($data'_remember_me') || ! $data->_remember_me) {
  92.             return null;
  93.         }
  95.         return (new \DateTimeImmutable('+ ' self::REMEMBER_ME_TTL))
  96.             ->getTimestamp();
  97.     }
  99.     private function getClientIp(): string
  100.     {
  101.         return $this->requestStack->getCurrentRequest()?->getClientIp() ?? '';
  102.     }
  104.     private function getRequestContent(): string
  105.     {
  106.         return $this->requestStack->getCurrentRequest()?->getContent() ?? '';
  107.     }
  108. }