...

wilcorrea · wilcorrea · commit 658b56d1e718 · 2017-02-07T21:27:13.000-02:00
diff --git a/bootstrap/function.php b/bootstrap/function.php
@@ -32,7 +32,11 @@ function path($root)
         if (is_bool($root)) {
             array_shift($args);
             if ($root) {
-                $peaces = [\Simples\Core\Kernel\App::$ROOT];
+                $dir = \Simples\Core\Kernel\App::$ROOT;
+                if (!$dir) {
+                    $dir = dirname(__DIR__, 4);
+                }
+                $peaces = [$dir];
             }
         }
         $path = array_merge($peaces, $args);
diff --git a/src/Helper/Text.php b/src/Helper/Text.php
@@ -9,13 +9,13 @@
 abstract class Text
 {
     /**
-     * @param $string
-     * @param $search
-     * @param $replace
-     * @param null $count
-     * @return mixed
+     * @param string $string
+     * @param string|array $search
+     * @param string|array $replace
+     * @param int $count (null)
+     * @return string
      */
-    public static function replace($string, $search, $replace, &$count = null)
+    public static function replace(string $string, $search, $replace, &$count = null): string
     {
         if ($count) {
             str_replace($search, $replace, $string, $count);
@@ -24,14 +24,14 @@ public static function replace($string, $search, $replace, &$count = null)
     }
 
     /**
-     * @param $input
-     * @param $pad_length
-     * @param null $pad_string
-     * @param null $pad_type
+     * @param string $input
+     * @param string $length
+     * @param string $char (null)
+     * @param int $type (null)
      * @return string
      */
-    public static function pad($input, $pad_length, $pad_string = null, $pad_type = null)
+    public static function pad($input, $length, $char = null, $type = null): string
     {
-        return str_pad($input, $pad_length, $pad_string, $pad_type);
+        return str_pad($input, $length, $char, $type);
     }
 }
diff --git a/src/Http/Controller.php b/src/Http/Controller.php
@@ -2,6 +2,7 @@
 
 namespace Simples\Core\Http;
 
+use Simples\Core\Persistence\Transaction;
 use Simples\Core\Route\Match;
 use Simples\Core\Route\Wrapper;
 
@@ -148,6 +149,14 @@ public function input($name, $type = null)
         return $input->filter($type);
     }
 
+    /**
+     * @param $logging
+     */
+    public function setLog($logging)
+    {
+        Transaction::log($logging && env('TEST_MODE'));
+    }
+
     /**
      * @param $name
      * @param $arguments
diff --git a/src/Http/Specialty/ApiController.php b/src/Http/Specialty/ApiController.php
@@ -39,7 +39,7 @@ protected function answer($content = null, $meta = [], $code = 200): Response
      */
     public function post()
     {
-        $this->repository->setLog($this->request()->get('log'));
+        $this->setLog($this->request()->get('log'));
 
         $fields = $this->repository->getFields(Action::CREATE);
 
@@ -72,7 +72,7 @@ public function post()
      */
     public function get($id = null)
     {
-        $this->repository->setLog($this->request()->get('log'));
+        $this->setLog($this->request()->get('log'));
 
         $start = null;
         $end = null;
@@ -107,7 +107,7 @@ public function get($id = null)
      */
     public function put($id)
     {
-        $this->repository->setLog($this->request()->get('log'));
+        $this->setLog($this->request()->get('log'));
 
         $fields = $this->repository->getFields(Action::UPDATE);
 
@@ -143,7 +143,7 @@ public function put($id)
      */
     public function delete($id)
     {
-        $this->repository->setLog($this->request()->get('log'));
+        $this->setLog($this->request()->get('log'));
 
         $data = [
             $this->repository->getHashKey() => $id
diff --git a/src/Model/DataMapper.php b/src/Model/DataMapper.php
@@ -50,7 +50,6 @@ final public function create($record = null)
                 $fields[] = $timestampsKey;
                 $values[] = $this->getTimestampValue($type);
             }
-
             $created = $this
                 ->source($this->getCollection())
                 ->fields($fields)
@@ -317,7 +316,7 @@ protected function getTimestampValue(string $type)
                 return Date::create()->now();
                 break;
             case 'by':
-                return Auth::getEmbedValue();
+                return Auth::getUser();
                 break;
         }
         return null;
diff --git a/src/Model/Repository/ApiRepository.php b/src/Model/Repository/ApiRepository.php
@@ -2,12 +2,11 @@
 
 namespace Simples\Core\Model\Repository;
 
-use Simples\Core\Data\Record;
 use Simples\Core\Data\Collection;
+use Simples\Core\Data\Record;
 use Simples\Core\Data\Validator;
 use Simples\Core\Model\AbstractModel;
 use Simples\Core\Model\Action;
-use Simples\Core\Persistence\Transaction;
 
 /**
  * Class ApiRepository
@@ -208,14 +207,6 @@ public function getFields($action): array
         return $this->model->getFields($action);
     }
 
-    /**
-     * @param $logging
-     */
-    public function setLog($logging)
-    {
-        Transaction::log($logging && env('TEST_MODE'));
-    }
-
     /**
      * @return string
      */
diff --git a/src/Persistence/Transaction.php b/src/Persistence/Transaction.php
@@ -49,8 +49,7 @@ public static function commit()
         foreach (self::$connections as $connection) {
             /** @var Driver $connection */
             if (!$connection->commit()) {
-                self::rollback();
-                return false;
+                return self::rollback();
             }
         }
         return true;
diff --git a/src/Security/Auth.php b/src/Security/Auth.php
@@ -2,32 +2,36 @@
 
 namespace Simples\Core\Security;
 
-use Simples\Core\Helper\Text;
 use Simples\Core\Kernel\App;
 
 /**
  * Class Auth
  * @package Simples\Core\Security
  */
-class Auth
+abstract class Auth
 {
     /**
-     * @param $password
+     * @var string
+     */
+    const PAYLOAD_USER = 'user', PAYLOAD_DEVICE = 'device';
+
+    /**
+     * @param string $password
      * @return string
      */
-    public static function crypt($password)
+    public static function crypt(string $password): string
     {
-        return password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]);
+        return password_hash($password, PASSWORD_DEFAULT);
     }
 
     /**
-     * @param $password
-     * @param $hash
+     * @param string $password
+     * @param string $candidate
      * @return bool
      */
-    public static function match($password, $hash)
+    public static function match(string $password, string $candidate): bool
     {
-        return password_verify($password, $hash);
+        return password_verify($password, $candidate);
     }
 
     /**
@@ -39,20 +43,46 @@ public static function getToken()
     }
 
     /**
-     * @param $embed
+     * @param string $user
+     * @param string $device
+     * @param array $options
+     * @return string
+     */
+    public static function createToken(string $user, string $device, array $options = []): string
+    {
+        $data = [
+            self::PAYLOAD_USER => $user,
+            self::PAYLOAD_DEVICE => $device
+        ];
+        return Jwt::create(array_merge($options, $data), env('SECURITY'));
+    }
+
+    /**
+     * @param string $property
+     * @return string
+     */
+    public static function getTokenValue(string $property): string
+    {
+        $token = self::getToken();
+        if (!$token) {
+            return '';
+        }
+        return off(Jwt::payload($token, env('SECURITY')), $property);
+    }
+
+    /**
      * @return string
      */
-    public static function createToken($embed)
+    public static function getUser(): string
     {
-        return guid() . '-' . Text::pad($embed, 10, 'F');
+        return self::getTokenValue(self::PAYLOAD_USER);
     }
 
     /**
-     * @return array
+     * @return string
      */
-    public static function getEmbedValue()
+    public static function getDevice(): string
     {
-        $peaces = explode('-', self::getToken());
-        return Text::replace($peaces[count($peaces) - 1], 'F', '');
+        return self::getTokenValue(self::PAYLOAD_DEVICE);
     }
 }
diff --git a/src/Security/Encryption.php b/src/Security/Encryption.php
@@ -11,36 +11,31 @@ class Encryption
     /**
      * @var string
      */
-    private static $ENCRYPT_MODE = "AES-256-CBC";
+    const ENCRYPT_MODE = "AES-256-CBC";
 
     /**
-     * @var string
-     */
-    private static $SECRET_IV = '0df1e73b-812f-9bcf-b07c-e8250e73e748';
-
-    /**
-     * @param $string
-     * @param null $secretKey
+     * @param string $string
+     * @param string $secretKey
      * @return string
      */
-    public static function encode($string, $secretKey = null)
+    public static function encode($string, $secretKey): string
     {
-        $key = hash('sha256', env('SECURITY', $secretKey));
-        $iv = substr(hash('sha256', self::$SECRET_IV), 0, 16);
+        $key = hash('sha256', $secretKey);
+        $iv = substr(hash('sha256', md5($secretKey)), 0, 16);
 
-        return base64_encode(openssl_encrypt($string, self::$ENCRYPT_MODE, $key, 0, $iv));
+        return base64_encode(openssl_encrypt($string, self::ENCRYPT_MODE, $key, 0, $iv));
     }
 
     /**
-     * @param $string
-     * @param null $secretKey
+     * @param string $string
+     * @param string $secretKey
      * @return string
      */
-    public static function decode($string, $secretKey = null)
+    public static function decode(string $string, string $secretKey): string
     {
-        $key = hash('sha256', env('SECURITY', $secretKey));
-        $iv = substr(hash('sha256', self::$SECRET_IV), 0, 16);
+        $key = hash('sha256', $secretKey);
+        $iv = substr(hash('sha256', md5($secretKey)), 0, 16);
 
-        return openssl_decrypt(base64_decode($string), self::$ENCRYPT_MODE, $key, 0, $iv);
+        return openssl_decrypt(base64_decode($string), self::ENCRYPT_MODE, $key, 0, $iv);
     }
 }
diff --git a/src/Security/Jwt.php b/src/Security/Jwt.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Simples\Core\Security;
+
+use Simples\Core\Error\RunTimeError;
+use Simples\Core\Helper\Json;
+
+/**
+ * Class Jwt
+ * @package Simples\Core\Security
+ */
+abstract class Jwt
+{
+    /**
+     * @param array $data
+     * @param string $secret
+     * @return string
+     */
+    public static function create(array $data, string $secret): string
+    {
+        $header = base64_encode(json_encode(['type' => 'JWT', 'alg' => 'HS256']));
+
+        $payload = base64_encode(Encryption::encode(Json::encode($data), $secret));
+
+        $signature = base64_encode(hash_hmac('sha256', "{$header}.{$payload}", $secret, true));
+
+        return "{$header}.{$payload}.{$signature}";
+    }
+
+    /**
+     * @param string $token
+     * @param string $secret
+     * @return array
+     * @throws RunTimeError
+     */
+    public static function payload(string $token, string $secret): array
+    {
+        $peaces = explode('.', $token);
+        if (count($peaces) !== 3) {
+            throw new RunTimeError("The token '{$token}' is invalid");
+        }
+        return (array)Json::decode(Encryption::decode(base64_decode($peaces[1]), $secret));
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,11 @@ function path($root)`
`32`	`32`	`if (is_bool($root)) {`
`33`	`33`	`array_shift($args);`
`34`	`34`	`if ($root) {`
`35`		`- $peaces = [\Simples\Core\Kernel\App::$ROOT];`
	`35`	`+ $dir = \Simples\Core\Kernel\App::$ROOT;`
	`36`	`+ if (!$dir) {`
	`37`	`+ $dir = dirname(__DIR__, 4);`
	`38`	`+ }`
	`39`	`+ $peaces = [$dir];`
`36`	`40`	`}`
`37`	`41`	`}`
`38`	`42`	`$path = array_merge($peaces, $args);`
Original file line number	Diff line number	Diff line change
`@@ -49,8 +49,7 @@ public static function commit()`
`49`	`49`	`foreach (self::$connections as $connection) {`
`50`	`50`	`/** @var Driver $connection */`
`51`	`51`	`if (!$connection->commit()) {`
`52`		`- self::rollback();`
`53`		`- return false;`
	`52`	`+ return self::rollback();`
`54`	`53`	`}`
`55`	`54`	`}`
`56`	`55`	`return true;`