49 lines
1.1 KiB
PHP
49 lines
1.1 KiB
PHP
<?php
|
||
|
||
declare(strict_types=1);
|
||
|
||
namespace app\common\library;
|
||
|
||
use Firebase\JWT\JWT;
|
||
use Firebase\JWT\Key;
|
||
use Firebase\JWT\ExpiredException;
|
||
use Firebase\JWT\SignatureInvalidException;
|
||
|
||
/**
|
||
* PlayX / 合作方回调:校验 Authorization: Bearer JWT(HS256)
|
||
*/
|
||
class PlayxInboundJwt
|
||
{
|
||
public const ALG = 'HS256';
|
||
|
||
/**
|
||
* 从 Authorization 头解析 Bearer token 并校验签名与有效期
|
||
*/
|
||
public static function verifyBearer(string $authorizationHeader, string $secret): bool
|
||
{
|
||
if ($secret === '') {
|
||
return false;
|
||
}
|
||
$token = self::extractBearer($authorizationHeader);
|
||
if ($token === '') {
|
||
return false;
|
||
}
|
||
try {
|
||
JWT::decode($token, new Key($secret, self::ALG));
|
||
|
||
return true;
|
||
} catch (ExpiredException|SignatureInvalidException|\Throwable) {
|
||
return false;
|
||
}
|
||
}
|
||
|
||
public static function extractBearer(string $authorizationHeader): string
|
||
{
|
||
if (preg_match('/Bearer\s+(\S+)/i', $authorizationHeader, $m)) {
|
||
return $m[1];
|
||
}
|
||
|
||
return '';
|
||
}
|
||
}
|