Initial commit: ThinkPHP refactor (tp)

Made-with: Cursor

app/api/common/Jwt.php

@@ -0,0 +1,137 @@
+<?php
+declare(strict_types=1);
+
+namespace app\api\common;
+
+/**
+ * JWT 工具类
+ * 用于生成和验证 JWT Token
+ */
+class Jwt
+{
+    /**
+     * 生成 Token
+     * @param array $payload 载荷数据
+     * @return string
+     */
+    public static function encode(array $payload): string
+    {
+        $config = config('jwt');
+
+        // 添加标准声明
+        $payload['iat'] = time();
+        $payload['iss'] = $config['issuer'] ?? 'dyai-api';
+        $payload['exp'] = time() + ($config['expire'] ?? 604800);
+
+        // 编码
+        $header = self::base64UrlEncode(json_encode(['typ' => 'JWT', 'alg' => 'HS256']));
+        $body = self::base64UrlEncode(json_encode($payload));
+
+        // 签名
+        $signature = self::signature("$header.$body", $config['secret'] ?? 'default_secret');
+
+        return "$header.$body.$signature";
+    }
+
+    /**
+     * 解析 Token
+     * @param string $token
+     * @return array|null
+     */
+    public static function decode(string $token): ?array
+    {
+        $parts = explode('.', $token);
+        if (count($parts) !== 3) {
+            return null;
+        }
+
+        [$header, $body, $signature] = $parts;
+
+        // 验证签名
+        $config = config('jwt');
+        $expectedSignature = self::signature("$header.$body", $config['secret'] ?? 'default_secret');
+
+        if (!hash_equals($expectedSignature, $signature)) {
+            return null;
+        }
+
+        // 解码载荷
+        $payload = json_decode(self::base64UrlDecode($body), true);
+        if (!$payload) {
+            return null;
+        }
+
+        // 验证过期时间
+        if (isset($payload['exp']) && $payload['exp'] < time()) {
+            return null;
+        }
+
+        return $payload;
+    }
+
+    /**
+     * 生成刷新 Token
+     * @param int $userid
+     * @return string
+     */
+    public static function refreshToken(int $userid): string
+    {
+        $config = config('jwt');
+
+        $payload = [
+            'userid' => $userid,
+            'type' => 'refresh',
+            'iat' => time(),
+            'exp' => time() + ($config['refresh_expire'] ?? 2592000),
+        ];
+
+        return self::encode($payload);
+    }
+
+    /**
+     * 从请求头获取 Token
+     * @return string|null
+     */
+    public static function getTokenFromRequest(): ?string
+    {
+        $request = request();
+
+        // 从 Authorization 头获取
+        $authorization = $request->header('Authorization', '');
+        if (preg_match('/Bearer\s+(.+)/', $authorization, $matches)) {
+            return $matches[1];
+        }
+
+        // 从参数获取
+        $token = $request->param('token');
+        if ($token) {
+            return $token;
+        }
+
+        return null;
+    }
+
+    /**
+     * URL安全的 Base64 编码
+     */
+    private static function base64UrlEncode(string $data): string
+    {
+        return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
+    }
+
+    /**
+     * URL安全的 Base64 解码
+     */
+    private static function base64UrlDecode(string $data): string
+    {
+        return base64_decode(strtr($data, '-_', '+/'));
+    }
+
+    /**
+     * 生成签名
+     */
+    private static function signature(string $data, string $secret): string
+    {
+        return self::base64UrlEncode(hash_hmac('sha256', $data, $secret, true));
+    }
+}