refactor(JWT): improve secret key retrieval and storage logic
- Update database query to use namespace/key pattern for better organization - Add JSON decoding for stored secret values - Ensure minimum key length requirement is consistently enforced - Simplify key generation and storage with proper JSON encoding
This commit is contained in:
infosave2007
+14
-12
@@ -18,30 +18,32 @@ class JWT {
|
|||||||
return self::$secretKey;
|
return self::$secretKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Try to get from environment
|
// Опционально: читаем из переменной окружения (если передана и достаточно длинная)
|
||||||
$envKey = getenv('JWT_SECRET');
|
$envKey = getenv('JWT_SECRET');
|
||||||
if ($envKey && strlen($envKey) >= 32) {
|
if ($envKey && strlen($envKey) >= 32) {
|
||||||
self::$secretKey = $envKey;
|
self::$secretKey = $envKey;
|
||||||
return self::$secretKey;
|
return self::$secretKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Try to get from database settings
|
// Единая корректная схема: settings(namespace='security', key='jwt_secret', value JSON)
|
||||||
$pdo = DB::conn();
|
$pdo = DB::conn();
|
||||||
$stmt = $pdo->prepare('SELECT value FROM settings WHERE key = ?');
|
$stmt = $pdo->prepare('SELECT value FROM settings WHERE namespace = ? AND `key` = ? LIMIT 1');
|
||||||
$stmt->execute(['jwt_secret']);
|
$stmt->execute(['security', 'jwt_secret']);
|
||||||
$result = $stmt->fetch();
|
$result = $stmt->fetch();
|
||||||
|
|
||||||
if ($result && !empty($result['value'])) {
|
if ($result && isset($result['value'])) {
|
||||||
self::$secretKey = $result['value'];
|
$val = $result['value'];
|
||||||
return self::$secretKey;
|
$decoded = json_decode($val, true);
|
||||||
|
if (is_string($decoded) && strlen($decoded) >= 32) {
|
||||||
|
self::$secretKey = $decoded;
|
||||||
|
return self::$secretKey;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate new secret key and save it
|
// Если секрета нет — создаём и сохраняем по новой схеме
|
||||||
$newKey = bin2hex(random_bytes(32));
|
$newKey = bin2hex(random_bytes(32));
|
||||||
|
$stmt = $pdo->prepare('INSERT INTO settings (user_id, namespace, `key`, value) VALUES (NULL, ?, ?, ?) ON DUPLICATE KEY UPDATE value = VALUES(value)');
|
||||||
$stmt = $pdo->prepare('INSERT INTO settings (key, value) VALUES (?, ?) ON DUPLICATE KEY UPDATE value = ?');
|
$stmt->execute(['security', 'jwt_secret', json_encode($newKey)]);
|
||||||
$stmt->execute(['jwt_secret', $newKey, $newKey]);
|
|
||||||
|
|
||||||
self::$secretKey = $newKey;
|
self::$secretKey = $newKey;
|
||||||
return self::$secretKey;
|
return self::$secretKey;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user