1 files changed, 51 insertions, 0 deletions
diff --git a/application/api/ApiUtils.php b/application/api/ApiUtils.php
new file mode 100644
index 00000000..fbb1e72f
--- /dev/null
+++ b/application/api/ApiUtils.php
@@ -0,0 +1,51 @@
+<?php
+namespace Shaarli\Api;
+use Shaarli\Api\Exceptions\ApiAuthorizationException;
+/**
+ * Class ApiUtils
+ *
+ * Utility functions for the API.
+ */
+class ApiUtils
+{
+    /**
+     * Validates a JWT token authenticity.
+     *
+     * @param string $token  JWT token extracted from the headers.
+     * @param string $secret API secret set in the settings.
+     *
+     * @throws ApiAuthorizationException the token is not valid.
+     */
+    public static function validateJwtToken($token, $secret)
+    {
+        $parts = explode('.', $token);
+        if (count($parts) != 3 || strlen($parts[0]) == 0 || strlen($parts[1]) == 0) {
+            throw new ApiAuthorizationException('Malformed JWT token');
+        }
+        $genSign = hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret);
+        if ($parts[2] != $genSign) {
+            throw new ApiAuthorizationException('Invalid JWT signature');
+        }
+        $header = json_decode(base64_decode($parts[0]));
+        if ($header === null) {
+            throw new ApiAuthorizationException('Invalid JWT header');
+        }
+        $payload = json_decode(base64_decode($parts[1]));
+        if ($payload === null) {
+            throw new ApiAuthorizationException('Invalid JWT payload');
+        }
+        if (empty($payload->iat)
+            || $payload->iat > time()
+            || time() - $payload->iat > ApiMiddleware::$TOKEN_DURATION
+        ) {
+            throw new ApiAuthorizationException('Invalid JWT issued time');
+        }
+    }
+}

diff --git a/application/api/ApiUtils.php b/application/api/ApiUtils.php new file mode 100644 index 00000000..fbb1e72f --- /dev/null +++ b/application/api/ApiUtils.php
@@ -0,0 +1,51 @@
	1	<?php
	2
	3	namespace Shaarli\Api;
	4
	5	use Shaarli\Api\Exceptions\ApiAuthorizationException;
	6
	7	/**
	8	* Class ApiUtils
	9	*
	10	* Utility functions for the API.
	11	*/
	12	class ApiUtils
	13	{
	14	/**
	15	* Validates a JWT token authenticity.
	16	*
	17	* @param string $token JWT token extracted from the headers.
	18	* @param string $secret API secret set in the settings.
	19	*
	20	* @throws ApiAuthorizationException the token is not valid.
	21	*/
	22	public static function validateJwtToken($token, $secret)
	23	{
	24	$parts = explode('.', $token);
	25	if (count($parts) != 3 \|\| strlen($parts[0]) == 0 \|\| strlen($parts[1]) == 0) {
	26	throw new ApiAuthorizationException('Malformed JWT token');
	27	}
	28
	29	$genSign = hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret);
	30	if ($parts[2] != $genSign) {
	31	throw new ApiAuthorizationException('Invalid JWT signature');
	32	}
	33
	34	$header = json_decode(base64_decode($parts[0]));
	35	if ($header === null) {
	36	throw new ApiAuthorizationException('Invalid JWT header');
	37	}
	38
	39	$payload = json_decode(base64_decode($parts[1]));
	40	if ($payload === null) {
	41	throw new ApiAuthorizationException('Invalid JWT payload');
	42	}
	43
	44	if (empty($payload->iat)
	45	\|\| $payload->iat > time()
	46	\|\| time() - $payload->iat > ApiMiddleware::$TOKEN_DURATION
	47	) {
	48	throw new ApiAuthorizationException('Invalid JWT issued time');
	49	}
	50	}
	51	}