1

application/api/controller/Base.php

@@ -60,7 +60,6 @@ class Base extends Controller
         $key = md5(config('app.jwt'));
         try {
             $check_authorization = JWT::decode($authorization, $key, array('HS256'));
-            var_dump($check_authorization);
             if($check_authorization['code'] !=200) $this->exception($check_authorization['msg']);
             $authInfo = json_decode(json_encode($check_authorization['data']), true);
             if (!empty($authInfo['uid'])) {

vendor/firebase/php-jwt/src/JWT.php

@@ -80,85 +80,104 @@ class JWT
      * @uses jsonDecode
      * @uses urlsafeB64Decode
      */
-    public static function decode($jwt, $keyOrKeyArray, array $allowed_algs = array())
+    public static function decode($jwt, $key, array $allowed_algs = array())
     {
         $timestamp = \is_null(static::$timestamp) ? \time() : static::$timestamp;
-
-        if (empty($keyOrKeyArray)) {
-            throw new InvalidArgumentException('Key may not be empty');
+        $ret_data = ['code'=>200,'msg'=>'','data'=>[]];
+        if (empty($key)) {
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Key may not be empty';
+            //throw new InvalidArgumentException('Key may not be empty');
         }
         $tks = \explode('.', $jwt);
         if (\count($tks) != 3) {
-            throw new UnexpectedValueException('Wrong number of segments');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Wrong number of segments';
+            //throw new UnexpectedValueException('Wrong number of segments');
         }
         list($headb64, $bodyb64, $cryptob64) = $tks;
         if (null === ($header = static::jsonDecode(static::urlsafeB64Decode($headb64)))) {
-            throw new UnexpectedValueException('Invalid header encoding');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Invalid header encoding';
+            // throw new UnexpectedValueException('Invalid header encoding');
         }
         if (null === $payload = static::jsonDecode(static::urlsafeB64Decode($bodyb64))) {
-            throw new UnexpectedValueException('Invalid claims encoding');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Invalid claims encoding';
+            //throw new UnexpectedValueException('Invalid claims encoding');
         }
         if (false === ($sig = static::urlsafeB64Decode($cryptob64))) {
-            throw new UnexpectedValueException('Invalid signature encoding');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Invalid signature encoding';
+            //  throw new UnexpectedValueException('Invalid signature encoding');
         }
         if (empty($header->alg)) {
-            throw new UnexpectedValueException('Empty algorithm');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Empty algorithm';
+            // throw new UnexpectedValueException('Empty algorithm');
         }
         if (empty(static::$supported_algs[$header->alg])) {
-            throw new UnexpectedValueException('Algorithm not supported');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Algorithm not supported';
+            //throw new UnexpectedValueException('Algorithm not supported');
         }
-
-        list($keyMaterial, $algorithm) = self::getKeyMaterialAndAlgorithm(
-            $keyOrKeyArray,
-            empty($header->kid) ? null : $header->kid
-        );
-
-        if (empty($algorithm)) {
-            // Use deprecated "allowed_algs" to determine if the algorithm is supported.
-            // This opens up the possibility of an attack in some implementations.
-            // @see https://github.com/firebase/php-jwt/issues/351
-            if (!\in_array($header->alg, $allowed_algs)) {
-                throw new UnexpectedValueException('Algorithm not allowed');
-            }
-        } else {
-            // Check the algorithm
-            if (!self::constantTimeEquals($algorithm, $header->alg)) {
-                // See issue #351
-                throw new UnexpectedValueException('Incorrect key for this algorithm');
-            }
+        if (!\in_array($header->alg, $allowed_algs)) {
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Algorithm not allowed';
+            throw new UnexpectedValueException('Algorithm not allowed');
         }
-        if ($header->alg === 'ES256' || $header->alg === 'ES384') {
-            // OpenSSL expects an ASN.1 DER sequence for ES256/ES384 signatures
+        if ($header->alg === 'ES256') {
+            // OpenSSL expects an ASN.1 DER sequence for ES256 signatures
             $sig = self::signatureToDER($sig);
         }
 
-        if (!static::verify("$headb64.$bodyb64", $sig, $keyMaterial, $header->alg)) {
-            throw new SignatureInvalidException('Signature verification failed');
+        if (\is_array($key) || $key instanceof \ArrayAccess) {
+            if (isset($header->kid)) {
+                if (!isset($key[$header->kid])) {
+                    $ret_data['code'] = 201;
+                    $ret_data['msg'] = '"kid" invalid, unable to lookup correct key';
+                    // throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
+                }
+                $key = $key[$header->kid];
+            } else {
+                $ret_data['code'] = 201;
+                $ret_data['msg'] = '"kid" empty, unable to lookup correct key';
+                //throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
+            }
+        }
+
+        // Check the signature
+        if (!static::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) {
+            $ret_data['code'] = 201;
+            $ret_data['msg'] = 'Signature verification failed';
+            // throw new SignatureInvalidException('Signature verification failed');
         }
 
         // Check the nbf if it is defined. This is the time that the
         // token can actually be used. If it's not yet that time, abort.
         if (isset($payload->nbf) && $payload->nbf > ($timestamp + static::$leeway)) {
-            throw new BeforeValidException(
-                'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->nbf)
-            );
+            $ret_data['code'] = 201;
+            $ret_data['msg'] =  'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->nbf);
+            //throw new BeforeValidException('Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->nbf));
         }
 
         // Check that this token has been created before 'now'. This prevents
         // using tokens that have been created for later use (and haven't
         // correctly used the nbf claim).
         if (isset($payload->iat) && $payload->iat > ($timestamp + static::$leeway)) {
-            throw new BeforeValidException(
-                'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->iat)
-            );
+            $ret_data['code'] = 201;
+            $ret_data['msg'] =  'Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->iat);
+            // throw new BeforeValidException('Cannot handle token prior to ' . \date(DateTime::ISO8601, $payload->iat));
         }
 
         // Check if this token has expired.
         if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) {
-            throw new ExpiredException('Expired token');
+            $ret_data['code'] = 201;
+            $ret_data['msg'] =  'Expired token';
+            // throw new ExpiredException('Expired token');
         }
-
-        return $payload;
+        $ret_data['data'] = $payload;
+        return $ret_data;
     }
 
     /**