Simples Security package

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2016 Grupo de PHP da Zona da Mata
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

composer.json

@@ -0,0 +1,35 @@
+{
+  "name": "phpzm/security",
+  "description": "Simples Security package",
+  "minimum-stability": "dev",
+  "keywords": [
+    "php",
+    "framework",
+    "api",
+    "simples"
+  ],
+  "homepage": "https://github.com/phpzm/security",
+  "license": "MIT",
+  "version": "1.0.0",
+  "type": "package",
+  "authors": [
+    {
+      "name": "William",
+      "email": "[email protected]"
+    },
+    {
+      "name": "Ezio",
+      "email": "[email protected]"
+    }
+  ],
+  "require": {
+    "php": ">=7.0",
+    "phpzm/helper": "dev-master",
+    "phpzm/http": "dev-master"
+  },
+  "autoload": {
+    "psr-4": {
+      "Simples\\Security\\": "src/"
+    }
+  }
+}

src/Auth.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace Simples\Security;
+
+use Simples\Http\Kernel\App;
+
+/**
+ * Class Auth
+ * @package Simples\Security
+ */
+abstract class Auth
+{
+    /**
+     * @var string
+     */
+    const PAYLOAD_USER = 'user', PAYLOAD_DEVICE = 'device';
+
+    /**
+     * @param string $password
+     * @return string
+     */
+    public static function crypt(string $password): string
+    {
+        return password_hash($password, PASSWORD_DEFAULT);
+    }
+
+    /**
+     * @param string $password
+     * @param string $candidate
+     * @return bool
+     */
+    public static function match(string $password, string $candidate): bool
+    {
+        return password_verify($password, $candidate);
+    }
+
+    /**
+     * @return string
+     */
+    public static function getToken()
+    {
+        return App::request()->getHeader(env('AUTH_TOKEN'));
+    }
+
+    /**
+     * @param string $user
+     * @param string $device
+     * @param array $options
+     * @return string
+     */
+    public static function createToken(string $user, string $device, array $options = []): string
+    {
+        $data = [
+            self::PAYLOAD_USER => $user,
+            self::PAYLOAD_DEVICE => $device
+        ];
+        return JWT::create(array_merge($options, $data), env('SECURITY'));
+    }
+
+    /**
+     * @param string $property
+     * @return string
+     */
+    public static function getTokenValue(string $property): string
+    {
+        $token = self::getToken();
+        if (!$token) {
+            return '';
+        }
+        return off(JWT::payload($token, env('SECURITY')), $property);
+    }
+
+    /**
+     * @return string
+     */
+    public static function getUser(): string
+    {
+        return self::getTokenValue(self::PAYLOAD_USER);
+    }
+
+    /**
+     * @return string
+     */
+    public static function getDevice(): string
+    {
+        return self::getTokenValue(self::PAYLOAD_DEVICE);
+    }
+}

src/Encryption.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Simples\Security;
+
+/**
+ * Class Encryption
+ * @package Simples\Security
+ */
+class Encryption
+{
+    /**
+     * @var string
+     */
+    const ENCRYPT_MODE = "AES-256-CBC";
+
+    /**
+     * @param string $string
+     * @param string $secretKey
+     * @return string
+     */
+    public static function encode($string, $secretKey): string
+    {
+        $key = hash('sha256', $secretKey);
+        $iv = substr(hash('sha256', md5($secretKey)), 0, 16);
+
+        return base64_encode(openssl_encrypt($string, self::ENCRYPT_MODE, $key, 0, $iv));
+    }
+
+    /**
+     * @param string $string
+     * @param string $secretKey
+     * @return string
+     */
+    public static function decode(string $string, string $secretKey): string
+    {
+        $key = hash('sha256', $secretKey);
+        $iv = substr(hash('sha256', md5($secretKey)), 0, 16);
+
+        return openssl_decrypt(base64_decode($string), self::ENCRYPT_MODE, $key, 0, $iv);
+    }
+}

src/JWT.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace Simples\Security;
+
+use Simples\Helper\JSON;
+use Simples\Http\Error\SimplesForbiddenError;
+
+/**
+ * Class Jwt
+ * @package Simples\Security
+ */
+abstract class JWT
+{
+    /**
+     * @param array $data
+     * @param string $secret
+     * @return string
+     */
+    public static function create(array $data, string $secret): string
+    {
+        $header = base64_encode(json_encode(['type' => 'JWT', 'alg' => 'HS256']));
+
+        $payload = base64_encode(Encryption::encode(JSON::encode($data), $secret));
+
+        $signature = base64_encode(hash_hmac('sha256', "{$header}.{$payload}", $secret, true));
+
+        return "{$header}.{$payload}.{$signature}";
+    }
+
+    /**
+     * @param string $token
+     * @param string $secret
+     * @return array
+     * @throws SimplesForbiddenError
+     */
+    public static function payload(string $token, string $secret): array
+    {
+        if (!static::verify($token, $secret)) {
+            throw new SimplesForbiddenError("The token '{$token}' is invalid");
+        }
+        $peaces = explode('.', $token);
+        if (count($peaces) !== 3) {
+            throw new SimplesForbiddenError("The token '{$token}' is invalid");
+        }
+        return (array)JSON::decode(Encryption::decode(base64_decode($peaces[1]), $secret));
+    }
+
+    /**
+     * @param string $token
+     * @param string $secret
+     * @return bool
+     */
+    public static function verify(string $token, string $secret): bool
+    {
+        $peaces = explode('.', $token);
+        if (count($peaces) < 3) {
+            return false;
+        }
+        $header = $peaces[0];
+        $payload = $peaces[1];
+        $signature = $peaces[2];
+        $hash = base64_encode(hash_hmac('sha256', "{$header}.{$payload}", $secret, true));
+
+        return hash_equals($signature, $hash);
+    }
+}