
This commit is contained in:
yaooo 2023-11-10 18:09:36 +08:00
parent 14a0416c03
commit 1aab9536c0
34 changed files with 2648 additions and 143 deletions

View File

@ -7,6 +7,7 @@ use app\common\validate\login\LoginAccountValidate;
use app\common\validate\login\RegisterValidate;
use app\common\validate\login\TokenValidate;
use think\response\Json;
use think\facade\Config;
* 登录注册
@ -33,7 +34,7 @@ class LoginController extends BaseApiController
public function login(): Json
$params = (new LoginAccountValidate())->post()->goCheck();
$result = LoginLogic::login($params);
$result = LoginLogic::loginJwt($params);
if (false === $result) {
return $this->fail(LoginLogic::getError());
@ -55,7 +56,7 @@ class LoginController extends BaseApiController
public function verify(): Json
$params = (new TokenValidate())->post()->goCheck();
$result = LoginLogic::verifyToken($params);
$result = LoginLogic::verifyJwtToken($params);
if (false === $result) {
return $this->fail(LoginLogic::getError());

View File

@ -4,6 +4,7 @@ namespace app\api\logic;
use app\common\cache\UserTokenCache;
use app\common\logic\BaseLogic;
use app\api\service\UserTokenService;
use app\api\service\JwtTokenService;
use app\common\model\auth\Admin;
use app\common\service\ConfigService;
use app\common\model\user\User;
@ -77,7 +78,7 @@ class LoginLogic extends BaseLogic
try {
$where = ['phone' => $params['account']];
$user = User::field('id')->where($where)->findOrEmpty();
$user = User::field(['id', 'phone'])->where($where)->findOrEmpty();
$user->last_login_time = time();
$user->last_login_ip = request()->ip();
@ -97,6 +98,30 @@ class LoginLogic extends BaseLogic
// 账号/手机号登录,手机号验证码
public static function loginJwt($params): bool|array
try {
$where = ['phone' => $params['account']];
$user = User::field(['id', 'phone'])->where($where)->findOrEmpty();
$user->last_login_time = time();
$user->last_login_ip = request()->ip();
$userInfo = JwtTokenService::createToken($user->id, $user->phone);
return [
'uid' => $userInfo['uid'],
'token' => $userInfo['token']
} catch (\Exception $e) {
return false;
// 退出登录
public static function logout($userInfo): bool
@ -130,4 +155,21 @@ class LoginLogic extends BaseLogic
// 验证token
public static function verifyJwtToken($params): bool|array
try {
$userInfo = JwtTokenService::parseToken($params['token']);
return [
'uid' => $userInfo['uid'],
'phone' => $userInfo['phone']
} catch (\Exception $e) {
return false;

View File

@ -0,0 +1,91 @@
// +----------------------------------------------------------------------
// | likeadmin快速开发前后端分离管理后台PHP版
// +----------------------------------------------------------------------
// | 欢迎阅读学习系统程序代码,建议反馈是我们前进的动力
// | 开源版本可自由商用可去除界面版权logo
// | gitee下载https://gitee.com/likeshop_gitee/likeadmin
// | github下载https://github.com/likeshop-github/likeadmin
// | 访问官网https://www.likeadmin.cn
// | likeadmin团队 版权所有 拥有最终解释权
// +----------------------------------------------------------------------
// | author: likeadminTeam
// +----------------------------------------------------------------------
namespace app\api\service;
use app\common\cache\UserTokenCache;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Firebase\JWT\SignatureInvalidException;
use Firebase\JWT\BeforeValidException;
use Firebase\JWT\ExpiredException;
use think\facade\Config;
class JwtTokenService
* @param int $id
* @param string $type
* @param $exp
* @param array $params
* @return array
* @author xaboy
* @day 2020/10/13
public static function createToken(int $id, string $phone, array $params = [])
$time = time();
$host = app('request')->host();
$params += [
'iss' => $host,
'aud' => $host,
'iat' => $time,
'nbf' => $time,
'exp' => $time + 7 * 24 * 3600,
$params['data'] = [
'uid' => $id,
'phone' => $phone
$token = JWT::encode($params, env('app.app_key', '123456'), 'HS256');
$tokenInfo = [
'uid' => $id,
'phone' => $phone,
'token' => $token
return $tokenInfo;
* @param string $token
* @return object
* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed
* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'
* @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat'
* @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim
* @throws UnexpectedValueException Provided JWT was invalid
* @author xaboy
* @day 2020-04-09
public static function parseToken(string $token)
try {
JWT::$leeway = 10; //当前时间减去10秒时间留点余地
$decoded = JWT::decode($token, new Key(env('app.app_key', '123456'), 'HS256'));
$decodedArray = json_decode(json_encode($decoded), true);
$jwtData = $decodedArray['data'];
return $jwtData;
} catch(\Firebase\JWT\SignatureInvalidException $e) {
throw new \think\Exception('签名错误');
}catch(\Firebase\JWT\BeforeValidException $e) {
throw new \think\Exception('token无效');
}catch(\Firebase\JWT\ExpiredException $e) {
throw new \think\Exception('token已过期');
}catch(\Exception $e) {
throw new \think\Exception('非法请求');

View File

@ -34,7 +34,9 @@
"alibabacloud/client": "^1.5",
"rmccue/requests": "^2.0",
"w7corp/easywechat": "^6.8",
"ext-curl": "*"
"ext-curl": "*",
"guzzlehttp/guzzle": "^7.6",
"firebase/php-jwt": "^6.9"
"require-dev": {
"symfony/var-dumper": "^4.2",

composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
"content-hash": "0c9be6132e3ce69695a656d4c3efda5f",
"content-hash": "09d2b4e1d21a618ed901981cebf6e92a",
"packages": [
"name": "adbario/php-dot-notation",
@ -401,6 +401,75 @@
"time": "2022-09-18T07:06:19+00:00"
"name": "firebase/php-jwt",
"version": "v6.9.0",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "f03270e63eaccf3019ef0f32849c497385774e11"
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/f03270e63eaccf3019ef0f32849c497385774e11",
"reference": "f03270e63eaccf3019ef0f32849c497385774e11",
"shasum": "",
"mirrors": [
"url": "https://mirrors.aliyun.com/composer/dists/%package%/%reference%.%type%",
"preferred": true
"require": {
"php": "^7.4||^8.0"
"require-dev": {
"guzzlehttp/guzzle": "^6.5||^7.4",
"phpspec/prophecy-phpunit": "^2.0",
"phpunit/phpunit": "^9.5",
"psr/cache": "^1.0||^2.0",
"psr/http-client": "^1.0",
"psr/http-factory": "^1.0"
"suggest": {
"ext-sodium": "Support EdDSA (Ed25519) signatures",
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
"type": "library",
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
"notification-url": "https://packagist.org/downloads/",
"license": [
"authors": [
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"keywords": [
"support": {
"issues": "https://github.com/firebase/php-jwt/issues",
"source": "https://github.com/firebase/php-jwt/tree/v6.9.0"
"time": "2023-10-05T00:24:42+00:00"
"name": "guzzlehttp/command",
"version": "1.2.3",
@ -485,16 +554,16 @@
"name": "guzzlehttp/guzzle",
"version": "7.5.1",
"version": "7.6.1",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
"reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9"
"reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51"
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9",
"reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
"reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
"shasum": "",
"mirrors": [
@ -531,9 +600,6 @@
"bamarni-bin": {
"bin-links": true,
"forward-command": false
"branch-alias": {
"dev-master": "7.5-dev"
"autoload": {
@ -599,7 +665,7 @@
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/7.5.1"
"source": "https://github.com/guzzle/guzzle/tree/7.6.1"
"funding": [
@ -615,7 +681,7 @@
"type": "tidelift"
"time": "2023-04-17T16:30:08+00:00"
"time": "2023-05-15T20:43:01+00:00"
"name": "guzzlehttp/guzzle-services",
@ -4873,7 +4939,8 @@
"prefer-stable": false,
"prefer-lowest": false,
"platform": {
"php": ">=8.0"
"php": ">=8.0",
"ext-curl": "*"
"platform-dev": [],
"plugin-api-version": "2.3.0"

View File

@ -1,5 +1,5 @@
location / {
if (!-f $request_filename) {
rewrite ^(.*)$ /index.php?s=/$1 last;
if (!-e $request_filename)
rewrite ^/(.*)$ /index.php?s=$1 last;

vendor/autoload.php vendored
View File

@ -3,8 +3,21 @@
// autoload.php @generated by Composer
if (PHP_VERSION_ID < 50600) {
echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
if (!headers_sent()) {
header('HTTP/1.1 500 Internal Server Error');
$err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
if (!ini_get('display_errors')) {
if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
fwrite(STDERR, $err);
} elseif (!headers_sent()) {
echo $err;
require_once __DIR__ . '/composer/autoload_real.php';

View File

@ -42,35 +42,37 @@ namespace Composer\Autoload;
class ClassLoader
/** @var ?string */
/** @var \Closure(string):void */
private static $includeFile;
/** @var string|null */
private $vendorDir;
// PSR-4
* @var array[]
* @psalm-var array<string, array<string, int>>
* @var array<string, array<string, int>>
private $prefixLengthsPsr4 = array();
* @var array[]
* @psalm-var array<string, array<int, string>>
* @var array<string, list<string>>
private $prefixDirsPsr4 = array();
* @var array[]
* @psalm-var array<string, string>
* @var list<string>
private $fallbackDirsPsr4 = array();
// PSR-0
* @var array[]
* @psalm-var array<string, array<string, string[]>>
* List of PSR-0 prefixes
* Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))
* @var array<string, array<string, list<string>>>
private $prefixesPsr0 = array();
* @var array[]
* @psalm-var array<string, string>
* @var list<string>
private $fallbackDirsPsr0 = array();
@ -78,8 +80,7 @@ class ClassLoader
private $useIncludePath = false;
* @var string[]
* @psalm-var array<string, string>
* @var array<string, string>
private $classMap = array();
@ -87,29 +88,29 @@ class ClassLoader
private $classMapAuthoritative = false;
* @var bool[]
* @psalm-var array<string, bool>
* @var array<string, bool>
private $missingClasses = array();
/** @var ?string */
/** @var string|null */
private $apcuPrefix;
* @var self[]
* @var array<string, self>
private static $registeredLoaders = array();
* @param ?string $vendorDir
* @param string|null $vendorDir
public function __construct($vendorDir = null)
$this->vendorDir = $vendorDir;
* @return string[]
* @return array<string, list<string>>
public function getPrefixes()
@ -121,8 +122,7 @@ class ClassLoader
* @return array[]
* @psalm-return array<string, array<int, string>>
* @return array<string, list<string>>
public function getPrefixesPsr4()
@ -130,8 +130,7 @@ class ClassLoader
* @return array[]
* @psalm-return array<string, string>
* @return list<string>
public function getFallbackDirs()
@ -139,8 +138,7 @@ class ClassLoader
* @return array[]
* @psalm-return array<string, string>
* @return list<string>
public function getFallbackDirsPsr4()
@ -148,8 +146,7 @@ class ClassLoader
* @return string[] Array of classname => path
* @psalm-return array<string, string>
* @return array<string, string> Array of classname => path
public function getClassMap()
@ -157,8 +154,7 @@ class ClassLoader
* @param string[] $classMap Class to filename map
* @psalm-param array<string, string> $classMap
* @param array<string, string> $classMap Class to filename map
* @return void
@ -176,23 +172,24 @@ class ClassLoader
* appending or prepending to the ones previously set for this prefix.
* @param string $prefix The prefix
* @param string[]|string $paths The PSR-0 root directories
* @param list<string>|string $paths The PSR-0 root directories
* @param bool $prepend Whether to prepend the directories
* @return void
public function add($prefix, $paths, $prepend = false)
$paths = (array) $paths;
if (!$prefix) {
if ($prepend) {
$this->fallbackDirsPsr0 = array_merge(
(array) $paths,
} else {
$this->fallbackDirsPsr0 = array_merge(
(array) $paths
@ -201,19 +198,19 @@ class ClassLoader
$first = $prefix[0];
if (!isset($this->prefixesPsr0[$first][$prefix])) {
$this->prefixesPsr0[$first][$prefix] = (array) $paths;
$this->prefixesPsr0[$first][$prefix] = $paths;
if ($prepend) {
$this->prefixesPsr0[$first][$prefix] = array_merge(
(array) $paths,
} else {
$this->prefixesPsr0[$first][$prefix] = array_merge(
(array) $paths
@ -223,7 +220,7 @@ class ClassLoader
* appending or prepending to the ones previously set for this namespace.
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param string[]|string $paths The PSR-4 base directories
* @param list<string>|string $paths The PSR-4 base directories
* @param bool $prepend Whether to prepend the directories
* @throws \InvalidArgumentException
@ -232,17 +229,18 @@ class ClassLoader
public function addPsr4($prefix, $paths, $prepend = false)
$paths = (array) $paths;
if (!$prefix) {
// Register directories for the root namespace.
if ($prepend) {
$this->fallbackDirsPsr4 = array_merge(
(array) $paths,
} else {
$this->fallbackDirsPsr4 = array_merge(
(array) $paths
} elseif (!isset($this->prefixDirsPsr4[$prefix])) {
@ -252,18 +250,18 @@ class ClassLoader
throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
$this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
$this->prefixDirsPsr4[$prefix] = (array) $paths;
$this->prefixDirsPsr4[$prefix] = $paths;
} elseif ($prepend) {
// Prepend directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
(array) $paths,
} else {
// Append directories for an already registered namespace.
$this->prefixDirsPsr4[$prefix] = array_merge(
(array) $paths
@ -273,7 +271,7 @@ class ClassLoader
* replacing any others previously set for this prefix.
* @param string $prefix The prefix
* @param string[]|string $paths The PSR-0 base directories
* @param list<string>|string $paths The PSR-0 base directories
* @return void
@ -291,7 +289,7 @@ class ClassLoader
* replacing any others previously set for this namespace.
* @param string $prefix The prefix/namespace, with trailing '\\'
* @param string[]|string $paths The PSR-4 base directories
* @param list<string>|string $paths The PSR-4 base directories
* @throws \InvalidArgumentException
@ -425,7 +423,8 @@ class ClassLoader
public function loadClass($class)
if ($file = $this->findFile($class)) {
$includeFile = self::$includeFile;
return true;
@ -476,9 +475,9 @@ class ClassLoader
* Returns the currently registered loaders indexed by their corresponding vendor directories.
* Returns the currently registered loaders keyed by their corresponding vendor directories.
* @return self[]
* @return array<string, self>
public static function getRegisteredLoaders()
@ -555,6 +554,14 @@ class ClassLoader
return false;
* @return void
private static function initializeIncludeClosure()
if (self::$includeFile !== null) {
@ -564,9 +571,9 @@ class ClassLoader
* @param string $file
* @return void
* @private
function includeFile($file)
self::$includeFile = \Closure::bind(static function($file) {
include $file;
}, null, null);

View File

@ -98,7 +98,7 @@ class InstalledVersions
foreach (self::getInstalled() as $installed) {
if (isset($installed['versions'][$packageName])) {
return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']);
return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false;
@ -119,7 +119,7 @@ class InstalledVersions
public static function satisfies(VersionParser $parser, $packageName, $constraint)
$constraint = $parser->parseConstraints($constraint);
$constraint = $parser->parseConstraints((string) $constraint);
$provided = $parser->parseConstraints(self::getVersionRanges($packageName));
return $provided->matches($constraint);
@ -328,7 +328,9 @@ class InstalledVersions
if (isset(self::$installedByVendor[$vendorDir])) {
$installed[] = self::$installedByVendor[$vendorDir];
} elseif (is_file($vendorDir.'/composer/installed.php')) {
$installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
/** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
$required = require $vendorDir.'/composer/installed.php';
$installed[] = self::$installedByVendor[$vendorDir] = $required;
if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
self::$installed = $installed[count($installed) - 1];
@ -340,12 +342,17 @@ class InstalledVersions
// only require the installed.php file if this file is loaded from its dumped location,
// and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
if (substr(__DIR__, -8, 1) !== 'C') {
self::$installed = require __DIR__ . '/installed.php';
/** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
$required = require __DIR__ . '/installed.php';
self::$installed = $required;
} else {
self::$installed = array();
if (self::$installed !== array()) {
$installed[] = self::$installed;
return $installed;

View File

@ -59,6 +59,7 @@ return array(
'GuzzleHttp\\Command\\Guzzle\\' => array($vendorDir . '/guzzlehttp/guzzle-services/src'),
'GuzzleHttp\\Command\\' => array($vendorDir . '/guzzlehttp/command/src'),
'GuzzleHttp\\' => array($vendorDir . '/guzzlehttp/guzzle/src'),
'Firebase\\JWT\\' => array($vendorDir . '/firebase/php-jwt/src'),
'EasyWeChat\\' => array($vendorDir . '/w7corp/easywechat/src'),
'Cron\\' => array($vendorDir . '/dragonmantank/cron-expression/src/Cron'),
'Complex\\' => array($vendorDir . '/markbaker/complex/classes/src'),

View File

@ -33,25 +33,18 @@ class ComposerAutoloaderInitd2a74ba94e266cc4f45a64c54a292d7e
$includeFiles = \Composer\Autoload\ComposerStaticInitd2a74ba94e266cc4f45a64c54a292d7e::$files;
foreach ($includeFiles as $fileIdentifier => $file) {
composerRequired2a74ba94e266cc4f45a64c54a292d7e($fileIdentifier, $file);
return $loader;
* @param string $fileIdentifier
* @param string $file
* @return void
function composerRequired2a74ba94e266cc4f45a64c54a292d7e($fileIdentifier, $file)
$filesToLoad = \Composer\Autoload\ComposerStaticInitd2a74ba94e266cc4f45a64c54a292d7e::$files;
$requireFile = \Closure::bind(static function ($fileIdentifier, $file) {
if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
$GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
require $file;
}, null, null);
foreach ($filesToLoad as $fileIdentifier => $file) {
$requireFile($fileIdentifier, $file);
return $loader;

View File

@ -130,6 +130,10 @@ class ComposerStaticInitd2a74ba94e266cc4f45a64c54a292d7e
'GuzzleHttp\\Command\\' => 19,
'GuzzleHttp\\' => 11,
'F' =>
array (
'Firebase\\JWT\\' => 13,
'E' =>
array (
'EasyWeChat\\' => 11,
@ -363,6 +367,10 @@ class ComposerStaticInitd2a74ba94e266cc4f45a64c54a292d7e
array (
0 => __DIR__ . '/..' . '/guzzlehttp/guzzle/src',
'Firebase\\JWT\\' =>
array (
0 => __DIR__ . '/..' . '/firebase/php-jwt/src',
'EasyWeChat\\' =>
array (
0 => __DIR__ . '/..' . '/w7corp/easywechat/src',

View File

@ -413,6 +413,78 @@
"install-path": "../ezyang/htmlpurifier"
"name": "firebase/php-jwt",
"version": "v6.9.0",
"version_normalized": "",
"source": {
"type": "git",
"url": "https://github.com/firebase/php-jwt.git",
"reference": "f03270e63eaccf3019ef0f32849c497385774e11"
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/firebase/php-jwt/zipball/f03270e63eaccf3019ef0f32849c497385774e11",
"reference": "f03270e63eaccf3019ef0f32849c497385774e11",
"shasum": "",
"mirrors": [
"url": "https://mirrors.aliyun.com/composer/dists/%package%/%reference%.%type%",
"preferred": true
"require": {
"php": "^7.4||^8.0"
"require-dev": {
"guzzlehttp/guzzle": "^6.5||^7.4",
"phpspec/prophecy-phpunit": "^2.0",
"phpunit/phpunit": "^9.5",
"psr/cache": "^1.0||^2.0",
"psr/http-client": "^1.0",
"psr/http-factory": "^1.0"
"suggest": {
"ext-sodium": "Support EdDSA (Ed25519) signatures",
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
"time": "2023-10-05T00:24:42+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
"notification-url": "https://packagist.org/downloads/",
"license": [
"authors": [
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"keywords": [
"support": {
"issues": "https://github.com/firebase/php-jwt/issues",
"source": "https://github.com/firebase/php-jwt/tree/v6.9.0"
"install-path": "../firebase/php-jwt"
"name": "guzzlehttp/command",
"version": "1.2.3",
@ -500,17 +572,17 @@
"name": "guzzlehttp/guzzle",
"version": "7.5.1",
"version_normalized": "",
"version": "7.6.1",
"version_normalized": "",
"source": {
"type": "git",
"url": "https://github.com/guzzle/guzzle.git",
"reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9"
"reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51"
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9",
"reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9",
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
"reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
"shasum": "",
"mirrors": [
@ -542,15 +614,12 @@
"ext-intl": "Required for Internationalized Domain Name (IDN) support",
"psr/log": "Required for using the Log middleware"
"time": "2023-04-17T16:30:08+00:00",
"time": "2023-05-15T20:43:01+00:00",
"type": "library",
"extra": {
"bamarni-bin": {
"bin-links": true,
"forward-command": false
"branch-alias": {
"dev-master": "7.5-dev"
"installation-source": "dist",
@ -617,7 +686,7 @@
"support": {
"issues": "https://github.com/guzzle/guzzle/issues",
"source": "https://github.com/guzzle/guzzle/tree/7.5.1"
"source": "https://github.com/guzzle/guzzle/tree/7.6.1"
"funding": [

View File

@ -1,9 +1,9 @@
<?php return array(
'root' => array(
'name' => 'topthink/think',
'pretty_version' => 'dev-develop',
'version' => 'dev-develop',
'reference' => '4e22203faf0311be56dfbf74821bbd8da5890d6b',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => '14a0416c03cfb5a8966b68410f8b6170e2bc4e30',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
@ -64,6 +64,15 @@
'aliases' => array(),
'dev_requirement' => false,
'firebase/php-jwt' => array(
'pretty_version' => 'v6.9.0',
'version' => '',
'reference' => 'f03270e63eaccf3019ef0f32849c497385774e11',
'type' => 'library',
'install_path' => __DIR__ . '/../firebase/php-jwt',
'aliases' => array(),
'dev_requirement' => false,
'guzzlehttp/command' => array(
'pretty_version' => '1.2.3',
'version' => '',
@ -74,9 +83,9 @@
'dev_requirement' => false,
'guzzlehttp/guzzle' => array(
'pretty_version' => '7.5.1',
'version' => '',
'reference' => 'b964ca597e86b752cd994f27293e9fa6b6a95ed9',
'pretty_version' => '7.6.1',
'version' => '',
'reference' => '8444a2bacf1960bc6a2b62ed86b8e72e11eebe51',
'type' => 'library',
'install_path' => __DIR__ . '/../guzzlehttp/guzzle',
'aliases' => array(),
@ -587,9 +596,9 @@
'dev_requirement' => false,
'topthink/think' => array(
'pretty_version' => 'dev-develop',
'version' => 'dev-develop',
'reference' => '4e22203faf0311be56dfbf74821bbd8da5890d6b',
'pretty_version' => 'dev-master',
'version' => 'dev-master',
'reference' => '14a0416c03cfb5a8966b68410f8b6170e2bc4e30',
'type' => 'project',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),

vendor/firebase/php-jwt/CHANGELOG.md vendored Normal file
View File

@ -0,0 +1,163 @@
# Changelog
## [6.9.0](https://github.com/firebase/php-jwt/compare/v6.8.1...v6.9.0) (2023-10-04)
### Features
* add payload to jwt exception ([#521](https://github.com/firebase/php-jwt/issues/521)) ([175edf9](https://github.com/firebase/php-jwt/commit/175edf958bb61922ec135b2333acf5622f2238a2))
## [6.8.1](https://github.com/firebase/php-jwt/compare/v6.8.0...v6.8.1) (2023-07-14)
### Bug Fixes
* accept float claims but round down to ignore them ([#492](https://github.com/firebase/php-jwt/issues/492)) ([3936842](https://github.com/firebase/php-jwt/commit/39368423beeaacb3002afa7dcb75baebf204fe7e))
* different BeforeValidException messages for nbf and iat ([#526](https://github.com/firebase/php-jwt/issues/526)) ([0a53cf2](https://github.com/firebase/php-jwt/commit/0a53cf2986e45c2bcbf1a269f313ebf56a154ee4))
## [6.8.0](https://github.com/firebase/php-jwt/compare/v6.7.0...v6.8.0) (2023-06-14)
### Features
* add support for P-384 curve ([#515](https://github.com/firebase/php-jwt/issues/515)) ([5de4323](https://github.com/firebase/php-jwt/commit/5de4323f4baf4d70bca8663bd87682a69c656c3d))
### Bug Fixes
* handle invalid http responses ([#508](https://github.com/firebase/php-jwt/issues/508)) ([91c39c7](https://github.com/firebase/php-jwt/commit/91c39c72b22fc3e1191e574089552c1f2041c718))
## [6.7.0](https://github.com/firebase/php-jwt/compare/v6.6.0...v6.7.0) (2023-06-14)
### Features
* add ed25519 support to JWK (public keys) ([#452](https://github.com/firebase/php-jwt/issues/452)) ([e53979a](https://github.com/firebase/php-jwt/commit/e53979abae927de916a75b9d239cfda8ce32be2a))
## [6.6.0](https://github.com/firebase/php-jwt/compare/v6.5.0...v6.6.0) (2023-06-13)
### Features
* allow get headers when decoding token ([#442](https://github.com/firebase/php-jwt/issues/442)) ([fb85f47](https://github.com/firebase/php-jwt/commit/fb85f47cfaeffdd94faf8defdf07164abcdad6c3))
### Bug Fixes
* only check iat if nbf is not used ([#493](https://github.com/firebase/php-jwt/issues/493)) ([398ccd2](https://github.com/firebase/php-jwt/commit/398ccd25ea12fa84b9e4f1085d5ff448c21ec797))
## [6.5.0](https://github.com/firebase/php-jwt/compare/v6.4.0...v6.5.0) (2023-05-12)
### Bug Fixes
* allow KID of '0' ([#505](https://github.com/firebase/php-jwt/issues/505)) ([9dc46a9](https://github.com/firebase/php-jwt/commit/9dc46a9c3e5801294249cfd2554c5363c9f9326a))
### Miscellaneous Chores
* drop support for PHP 7.3 ([#495](https://github.com/firebase/php-jwt/issues/495))
## [6.4.0](https://github.com/firebase/php-jwt/compare/v6.3.2...v6.4.0) (2023-02-08)
### Features
* add support for W3C ES256K ([#462](https://github.com/firebase/php-jwt/issues/462)) ([213924f](https://github.com/firebase/php-jwt/commit/213924f51936291fbbca99158b11bd4ae56c2c95))
* improve caching by only decoding jwks when necessary ([#486](https://github.com/firebase/php-jwt/issues/486)) ([78d3ed1](https://github.com/firebase/php-jwt/commit/78d3ed1073553f7d0bbffa6c2010009a0d483d5c))
## [6.3.2](https://github.com/firebase/php-jwt/compare/v6.3.1...v6.3.2) (2022-11-01)
### Bug Fixes
* check kid before using as array index ([bad1b04](https://github.com/firebase/php-jwt/commit/bad1b040d0c736bbf86814c6b5ae614f517cf7bd))
## [6.3.1](https://github.com/firebase/php-jwt/compare/v6.3.0...v6.3.1) (2022-11-01)
### Bug Fixes
* casing of GET for PSR compat ([#451](https://github.com/firebase/php-jwt/issues/451)) ([60b52b7](https://github.com/firebase/php-jwt/commit/60b52b71978790eafcf3b95cfbd83db0439e8d22))
* string interpolation format for php 8.2 ([#446](https://github.com/firebase/php-jwt/issues/446)) ([2e07d8a](https://github.com/firebase/php-jwt/commit/2e07d8a1524d12b69b110ad649f17461d068b8f2))
## 6.3.0 / 2022-07-15
- Added ES256 support to JWK parsing ([#399](https://github.com/firebase/php-jwt/pull/399))
- Fixed potential caching error in `CachedKeySet` by caching jwks as strings ([#435](https://github.com/firebase/php-jwt/pull/435))
## 6.2.0 / 2022-05-14
- Added `CachedKeySet` ([#397](https://github.com/firebase/php-jwt/pull/397))
- Added `$defaultAlg` parameter to `JWT::parseKey` and `JWT::parseKeySet` ([#426](https://github.com/firebase/php-jwt/pull/426)).
## 6.1.0 / 2022-03-23
- Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
- Add parameter typing and return types where possible
## 6.0.0 / 2022-01-24
- **Backwards-Compatibility Breaking Changes**: See the [Release Notes](https://github.com/firebase/php-jwt/releases/tag/v6.0.0) for more information.
- New Key object to prevent key/algorithm type confusion (#365)
- Add JWK support (#273)
- Add ES256 support (#256)
- Add ES384 support (#324)
- Add Ed25519 support (#343)
## 5.0.0 / 2017-06-26
- Support RS384 and RS512.
See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)!
- Add an example for RS256 openssl.
See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)!
- Detect invalid Base64 encoding in signature.
See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)!
- Update `JWT::verify` to handle OpenSSL errors.
See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)!
- Add `array` type hinting to `decode` method
See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)!
- Add all JSON error types.
See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
- Bugfix 'kid' not in given key list.
See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)!
- Miscellaneous cleanup, documentation and test fixes.
See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115),
[#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and
[#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman),
[@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!
## 4.0.0 / 2016-07-17
- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
## 3.0.0 / 2015-07-22
- Minimum PHP version updated from `5.2.0` to `5.3.0`.
- Add `\Firebase\JWT` namespace. See
[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
- Require a non-empty key to decode and verify a JWT. See
[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
- Cleaner documentation blocks in the code. See
[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
## 2.2.0 / 2015-06-22
- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
## 2.1.0 / 2015-05-20
- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
- Add support for passing an object implementing the `ArrayAccess` interface for
`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
## 2.0.0 / 2015-04-01
- **Note**: It is strongly recommended that you update to > v2.0.0 to address
known security vulnerabilities in prior versions when both symmetric and
asymmetric keys are used together.
- Update signature for `JWT::decode(...)` to require an array of supported
algorithms to use when verifying token signatures.

vendor/firebase/php-jwt/LICENSE vendored Normal file
View File

@ -0,0 +1,30 @@
Copyright (c) 2011, Neuman Vong
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* Neither the name of the copyright holder nor the names of other
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.

vendor/firebase/php-jwt/README.md vendored Normal file
View File

@ -0,0 +1,424 @@
![Build Status](https://github.com/firebase/php-jwt/actions/workflows/tests.yml/badge.svg)
[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)
[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519).
Use composer to manage your dependencies and download PHP-JWT:
composer require firebase/php-jwt
Optionally, install the `paragonie/sodium_compat` package from composer if your
php is < 7.2 or does not have libsodium installed:
composer require paragonie/sodium_compat
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$key = 'example_key';
$payload = [
'iss' => 'http://example.org',
'aud' => 'http://example.com',
'iat' => 1356999524,
'nbf' => 1357000000
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
$jwt = JWT::encode($payload, $key, 'HS256');
$decoded = JWT::decode($jwt, new Key($key, 'HS256'));
// Pass a stdClass in as the third parameter to get the decoded header values
$decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers = new stdClass());
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
$decoded_array = (array) $decoded;
* You can add a leeway to account for when there is a clock skew times between
* the signing and verifying servers. It is recommended that this leeway should
* not be bigger than a few minutes.
* Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
JWT::$leeway = 60; // $leeway in seconds
$decoded = JWT::decode($jwt, new Key($key, 'HS256'));
Example encode/decode headers
Decoding the JWT headers without verifying the JWT first is NOT recommended, and is not supported by
this library. This is because without verifying the JWT, the header values could have been tampered with.
Any value pulled from an unverified header should be treated as if it could be any string sent in from an
attacker. If this is something you still want to do in your application for whatever reason, it's possible to
decode the header values manually simply by calling `json_decode` and `base64_decode` on the JWT
header part:
use Firebase\JWT\JWT;
$key = 'example_key';
$payload = [
'iss' => 'http://example.org',
'aud' => 'http://example.com',
'iat' => 1356999524,
'nbf' => 1357000000
$headers = [
'x-forwarded-for' => 'www.google.com'
// Encode headers in the JWT string
$jwt = JWT::encode($payload, $key, 'HS256', null, $headers);
// Decode headers from the JWT string WITHOUT validation
// **IMPORTANT**: This operation is vulnerable to attacks, as the JWT has not yet been verified.
// These headers could be any value sent by an attacker.
list($headersB64, $payloadB64, $sig) = explode('.', $jwt);
$decoded = json_decode(base64_decode($headersB64), true);
Example with RS256 (openssl)
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
$privateKey = <<<EOD
$publicKey = <<<EOD
-----END PUBLIC KEY-----
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
$jwt = JWT::encode($payload, $privateKey, 'RS256');
echo "Encode:\n" . print_r($jwt, true) . "\n";
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
$decoded_array = (array) $decoded;
echo "Decode:\n" . print_r($decoded_array, true) . "\n";
Example with a passphrase
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
// Your passphrase
$passphrase = '[YOUR_PASSPHRASE]';
// Your private key file with passphrase
// Can be generated with "ssh-keygen -t rsa -m pem"
$privateKeyFile = '/path/to/key-with-passphrase.pem';
// Create a private key of type "resource"
$privateKey = openssl_pkey_get_private(
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
$jwt = JWT::encode($payload, $privateKey, 'RS256');
echo "Encode:\n" . print_r($jwt, true) . "\n";
// Get public key from the private key, or pull from from a file.
$publicKey = openssl_pkey_get_details($privateKey)['key'];
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
echo "Decode:\n" . print_r((array) $decoded, true) . "\n";
Example with EdDSA (libsodium and Ed25519 signature)
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
// Public and private keys are expected to be Base64 encoded. The last
// non-empty line is used so that keys can be generated with
// sodium_crypto_sign_keypair(). The secret keys generated by other tools may
// need to be adjusted to match the input expected by libsodium.
$keyPair = sodium_crypto_sign_keypair();
$privateKey = base64_encode(sodium_crypto_sign_secretkey($keyPair));
$publicKey = base64_encode(sodium_crypto_sign_publickey($keyPair));
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
$jwt = JWT::encode($payload, $privateKey, 'EdDSA');
echo "Encode:\n" . print_r($jwt, true) . "\n";
$decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA'));
echo "Decode:\n" . print_r((array) $decoded, true) . "\n";
Example with multiple keys
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
// Example RSA keys from previous example
// $privateKey1 = '...';
// $publicKey1 = '...';
// Example EdDSA keys from previous example
// $privateKey2 = '...';
// $publicKey2 = '...';
$payload = [
'iss' => 'example.org',
'aud' => 'example.com',
'iat' => 1356999524,
'nbf' => 1357000000
$jwt1 = JWT::encode($payload, $privateKey1, 'RS256', 'kid1');
$jwt2 = JWT::encode($payload, $privateKey2, 'EdDSA', 'kid2');
echo "Encode 1:\n" . print_r($jwt1, true) . "\n";
echo "Encode 2:\n" . print_r($jwt2, true) . "\n";
$keys = [
'kid1' => new Key($publicKey1, 'RS256'),
'kid2' => new Key($publicKey2, 'EdDSA'),
$decoded1 = JWT::decode($jwt1, $keys);
$decoded2 = JWT::decode($jwt2, $keys);
echo "Decode 1:\n" . print_r((array) $decoded1, true) . "\n";
echo "Decode 2:\n" . print_r((array) $decoded2, true) . "\n";
Using JWKs
use Firebase\JWT\JWK;
use Firebase\JWT\JWT;
// Set of keys. The "keys" key is required. For example, the JSON response to
// this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk
$jwks = ['keys' => []];
// JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\JWT\Key
// objects. Pass this as the second parameter to JWT::decode.
JWT::decode($payload, JWK::parseKeySet($jwks));
Using Cached Key Sets
The `CachedKeySet` class can be used to fetch and cache JWKS (JSON Web Key Sets) from a public URI.
This has the following advantages:
1. The results are cached for performance.
2. If an unrecognized key is requested, the cache is refreshed, to accomodate for key rotation.
3. If rate limiting is enabled, the JWKS URI will not make more than 10 requests a second.
use Firebase\JWT\CachedKeySet;
use Firebase\JWT\JWT;
// The URI for the JWKS you wish to cache the results from
$jwksUri = 'https://www.gstatic.com/iap/verify/public_key-jwk';
// Create an HTTP client (can be any PSR-7 compatible HTTP client)
$httpClient = new GuzzleHttp\Client();
// Create an HTTP request factory (can be any PSR-17 compatible HTTP request factory)
$httpFactory = new GuzzleHttp\Psr\HttpFactory();
// Create a cache item pool (can be any PSR-6 compatible cache item pool)
$cacheItemPool = Phpfastcache\CacheManager::getInstance('files');
$keySet = new CachedKeySet(
null, // $expiresAfter int seconds to set the JWKS to expire
true // $rateLimit true to enable rate limit of 10 RPS on lookup of invalid keys
$jwt = 'eyJhbGci...'; // Some JWT signed by a key from the $jwkUri above
$decoded = JWT::decode($jwt, $keySet);
#### Exception Handling
When a call to `JWT::decode` is invalid, it will throw one of the following exceptions:
use Firebase\JWT\JWT;
use Firebase\JWT\SignatureInvalidException;
use Firebase\JWT\BeforeValidException;
use Firebase\JWT\ExpiredException;
use DomainException;
use InvalidArgumentException;
use UnexpectedValueException;
try {
$decoded = JWT::decode($payload, $keys);
} catch (InvalidArgumentException $e) {
// provided key/key-array is empty or malformed.
} catch (DomainException $e) {
// provided algorithm is unsupported OR
// provided key is invalid OR
// unknown error thrown in openSSL or libsodium OR
// libsodium is required but not available.
} catch (SignatureInvalidException $e) {
// provided JWT signature verification failed.
} catch (BeforeValidException $e) {
// provided JWT is trying to be used before "nbf" claim OR
// provided JWT is trying to be used before "iat" claim.
} catch (ExpiredException $e) {
// provided JWT is trying to be used after "exp" claim.
} catch (UnexpectedValueException $e) {
// provided JWT is malformed OR
// provided JWT is missing an algorithm / using an unsupported algorithm OR
// provided JWT algorithm does not match provided key OR
// provided key ID in key/key-array is empty or invalid.
All exceptions in the `Firebase\JWT` namespace extend `UnexpectedValueException`, and can be simplified
like this:
use Firebase\JWT\JWT;
use UnexpectedValueException;
try {
$decoded = JWT::decode($payload, $keys);
} catch (LogicException $e) {
// errors having to do with environmental setup or malformed JWT Keys
} catch (UnexpectedValueException $e) {
// errors having to do with JWT signature and claims
#### Casting to array
The return value of `JWT::decode` is the generic PHP object `stdClass`. If you'd like to handle with arrays
instead, you can do the following:
// return type is stdClass
$decoded = JWT::decode($payload, $keys);
// cast to array
$decoded = json_decode(json_encode($decoded), true);
Run the tests using phpunit:
$ pear install PHPUnit
$ phpunit --configuration phpunit.xml.dist
PHPUnit 3.7.10 by Sebastian Bergmann.
Time: 0 seconds, Memory: 2.50Mb
OK (5 tests, 5 assertions)
New Lines in private keys
If your private key contains `\n` characters, be sure to wrap it in double quotes `""`
and not single quotes `''` in order to properly interpret the escaped characters.
[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).

vendor/firebase/php-jwt/composer.json vendored Normal file
View File

@ -0,0 +1,42 @@
"name": "firebase/php-jwt",
"description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
"homepage": "https://github.com/firebase/php-jwt",
"keywords": [
"authors": [
"name": "Neuman Vong",
"email": "neuman+pear@twilio.com",
"role": "Developer"
"name": "Anant Narayanan",
"email": "anant@php.net",
"role": "Developer"
"license": "BSD-3-Clause",
"require": {
"php": "^7.4||^8.0"
"suggest": {
"paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present",
"ext-sodium": "Support EdDSA (Ed25519) signatures"
"autoload": {
"psr-4": {
"Firebase\\JWT\\": "src"
"require-dev": {
"guzzlehttp/guzzle": "^6.5||^7.4",
"phpspec/prophecy-phpunit": "^2.0",
"phpunit/phpunit": "^9.5",
"psr/cache": "^1.0||^2.0",
"psr/http-client": "^1.0",
"psr/http-factory": "^1.0"

View File

@ -0,0 +1,18 @@
namespace Firebase\JWT;
class BeforeValidException extends \UnexpectedValueException implements JWTExceptionWithPayloadInterface
private object $payload;
public function setPayload(object $payload): void
$this->payload = $payload;
public function getPayload(): object
return $this->payload;

View File

@ -0,0 +1,268 @@
namespace Firebase\JWT;
use ArrayAccess;
use InvalidArgumentException;
use LogicException;
use OutOfBoundsException;
use Psr\Cache\CacheItemInterface;
use Psr\Cache\CacheItemPoolInterface;
use Psr\Http\Client\ClientInterface;
use Psr\Http\Message\RequestFactoryInterface;
use RuntimeException;
use UnexpectedValueException;
* @implements ArrayAccess<string, Key>
class CachedKeySet implements ArrayAccess
* @var string
private $jwksUri;
* @var ClientInterface
private $httpClient;
* @var RequestFactoryInterface
private $httpFactory;
* @var CacheItemPoolInterface
private $cache;
* @var ?int
private $expiresAfter;
* @var ?CacheItemInterface
private $cacheItem;
* @var array<string, array<mixed>>
private $keySet;
* @var string
private $cacheKey;
* @var string
private $cacheKeyPrefix = 'jwks';
* @var int
private $maxKeyLength = 64;
* @var bool
private $rateLimit;
* @var string
private $rateLimitCacheKey;
* @var int
private $maxCallsPerMinute = 10;
* @var string|null
private $defaultAlg;
public function __construct(
string $jwksUri,
ClientInterface $httpClient,
RequestFactoryInterface $httpFactory,
CacheItemPoolInterface $cache,
int $expiresAfter = null,
bool $rateLimit = false,
string $defaultAlg = null
) {
$this->jwksUri = $jwksUri;
$this->httpClient = $httpClient;
$this->httpFactory = $httpFactory;
$this->cache = $cache;
$this->expiresAfter = $expiresAfter;
$this->rateLimit = $rateLimit;
$this->defaultAlg = $defaultAlg;
* @param string $keyId
* @return Key
public function offsetGet($keyId): Key
if (!$this->keyIdExists($keyId)) {
throw new OutOfBoundsException('Key ID not found');
return JWK::parseKey($this->keySet[$keyId], $this->defaultAlg);
* @param string $keyId
* @return bool
public function offsetExists($keyId): bool
return $this->keyIdExists($keyId);
* @param string $offset
* @param Key $value
public function offsetSet($offset, $value): void
throw new LogicException('Method not implemented');
* @param string $offset
public function offsetUnset($offset): void
throw new LogicException('Method not implemented');
* @return array<mixed>
private function formatJwksForCache(string $jwks): array
$jwks = json_decode($jwks, true);
if (!isset($jwks['keys'])) {
throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
if (empty($jwks['keys'])) {
throw new InvalidArgumentException('JWK Set did not contain any keys');
$keys = [];
foreach ($jwks['keys'] as $k => $v) {
$kid = isset($v['kid']) ? $v['kid'] : $k;
$keys[(string) $kid] = $v;
return $keys;
private function keyIdExists(string $keyId): bool
if (null === $this->keySet) {
$item = $this->getCacheItem();
// Try to load keys from cache
if ($item->isHit()) {
// item found! retrieve it
$this->keySet = $item->get();
// If the cached item is a string, the JWKS response was cached (previous behavior).
// Parse this into expected format array<kid, jwk> instead.
if (\is_string($this->keySet)) {
$this->keySet = $this->formatJwksForCache($this->keySet);
if (!isset($this->keySet[$keyId])) {
if ($this->rateLimitExceeded()) {
return false;
$request = $this->httpFactory->createRequest('GET', $this->jwksUri);
$jwksResponse = $this->httpClient->sendRequest($request);
if ($jwksResponse->getStatusCode() !== 200) {
throw new UnexpectedValueException(
sprintf('HTTP Error: %d %s for URI "%s"',
$this->keySet = $this->formatJwksForCache((string) $jwksResponse->getBody());
if (!isset($this->keySet[$keyId])) {
return false;
$item = $this->getCacheItem();
if ($this->expiresAfter) {
return true;
private function rateLimitExceeded(): bool
if (!$this->rateLimit) {
return false;
$cacheItem = $this->cache->getItem($this->rateLimitCacheKey);
if (!$cacheItem->isHit()) {
$cacheItem->expiresAfter(1); // # of calls are cached each minute
$callsPerMinute = (int) $cacheItem->get();
if (++$callsPerMinute > $this->maxCallsPerMinute) {
return true;
return false;
private function getCacheItem(): CacheItemInterface
if (\is_null($this->cacheItem)) {
$this->cacheItem = $this->cache->getItem($this->cacheKey);
return $this->cacheItem;
private function setCacheKeys(): void
if (empty($this->jwksUri)) {
throw new RuntimeException('JWKS URI is empty');
// ensure we do not have illegal characters
$key = preg_replace('|[^a-zA-Z0-9_\.!]|', '', $this->jwksUri);
// add prefix
$key = $this->cacheKeyPrefix . $key;
// Hash keys if they exceed $maxKeyLength of 64
if (\strlen($key) > $this->maxKeyLength) {
$key = substr(hash('sha256', $key), 0, $this->maxKeyLength);
$this->cacheKey = $key;
if ($this->rateLimit) {
// add prefix
$rateLimitKey = $this->cacheKeyPrefix . 'ratelimit' . $key;
// Hash keys if they exceed $maxKeyLength of 64
if (\strlen($rateLimitKey) > $this->maxKeyLength) {
$rateLimitKey = substr(hash('sha256', $rateLimitKey), 0, $this->maxKeyLength);
$this->rateLimitCacheKey = $rateLimitKey;

View File

@ -0,0 +1,18 @@
namespace Firebase\JWT;
class ExpiredException extends \UnexpectedValueException implements JWTExceptionWithPayloadInterface
private object $payload;
public function setPayload(object $payload): void
$this->payload = $payload;
public function getPayload(): object
return $this->payload;

vendor/firebase/php-jwt/src/JWK.php vendored Normal file
View File

@ -0,0 +1,349 @@
namespace Firebase\JWT;
use DomainException;
use InvalidArgumentException;
use UnexpectedValueException;
* JSON Web Key implementation, based on this spec:
* https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41
* PHP version 5
* @category Authentication
* @package Authentication_JWT
* @author Bui Sy Nguyen <nguyenbs@gmail.com>
* @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
* @link https://github.com/firebase/php-jwt
class JWK
private const OID = '1.2.840.10045.2.1';
private const ASN1_OBJECT_IDENTIFIER = 0x06;
private const ASN1_SEQUENCE = 0x10; // also defined in JWT
private const ASN1_BIT_STRING = 0x03;
private const EC_CURVES = [
'P-256' => '1.2.840.10045.3.1.7', // Len: 64
'secp256k1' => '', // Len: 64
'P-384' => '', // Len: 96
// 'P-521' => '', // Len: 132 (not supported)
// For keys with "kty" equal to "OKP" (Octet Key Pair), the "crv" parameter must contain the key subtype.
// This library supports the following subtypes:
private const OKP_SUBTYPES = [
'Ed25519' => true, // RFC 8037
* Parse a set of JWK keys
* @param array<mixed> $jwks The JSON Web Key Set as an associative array
* @param string $defaultAlg The algorithm for the Key object if "alg" is not set in the
* JSON Web Key Set
* @return array<string, Key> An associative array of key IDs (kid) to Key objects
* @throws InvalidArgumentException Provided JWK Set is empty
* @throws UnexpectedValueException Provided JWK Set was invalid
* @throws DomainException OpenSSL failure
* @uses parseKey
public static function parseKeySet(array $jwks, string $defaultAlg = null): array
$keys = [];
if (!isset($jwks['keys'])) {
throw new UnexpectedValueException('"keys" member must exist in the JWK Set');
if (empty($jwks['keys'])) {
throw new InvalidArgumentException('JWK Set did not contain any keys');
foreach ($jwks['keys'] as $k => $v) {
$kid = isset($v['kid']) ? $v['kid'] : $k;
if ($key = self::parseKey($v, $defaultAlg)) {
$keys[(string) $kid] = $key;
if (0 === \count($keys)) {
throw new UnexpectedValueException('No supported algorithms found in JWK Set');
return $keys;
* Parse a JWK key
* @param array<mixed> $jwk An individual JWK
* @param string $defaultAlg The algorithm for the Key object if "alg" is not set in the
* JSON Web Key Set
* @return Key The key object for the JWK
* @throws InvalidArgumentException Provided JWK is empty
* @throws UnexpectedValueException Provided JWK was invalid
* @throws DomainException OpenSSL failure
* @uses createPemFromModulusAndExponent
public static function parseKey(array $jwk, string $defaultAlg = null): ?Key
if (empty($jwk)) {
throw new InvalidArgumentException('JWK must not be empty');
if (!isset($jwk['kty'])) {
throw new UnexpectedValueException('JWK must contain a "kty" parameter');
if (!isset($jwk['alg'])) {
if (\is_null($defaultAlg)) {
// The "alg" parameter is optional in a KTY, but an algorithm is required
// for parsing in this library. Use the $defaultAlg parameter when parsing the
// key set in order to prevent this error.
// @see https://datatracker.ietf.org/doc/html/rfc7517#section-4.4
throw new UnexpectedValueException('JWK must contain an "alg" parameter');
$jwk['alg'] = $defaultAlg;
switch ($jwk['kty']) {
case 'RSA':
if (!empty($jwk['d'])) {
throw new UnexpectedValueException('RSA private keys are not supported');
if (!isset($jwk['n']) || !isset($jwk['e'])) {
throw new UnexpectedValueException('RSA keys must contain values for both "n" and "e"');
$pem = self::createPemFromModulusAndExponent($jwk['n'], $jwk['e']);
$publicKey = \openssl_pkey_get_public($pem);
if (false === $publicKey) {
throw new DomainException(
'OpenSSL error: ' . \openssl_error_string()
return new Key($publicKey, $jwk['alg']);
case 'EC':
if (isset($jwk['d'])) {
// The key is actually a private key
throw new UnexpectedValueException('Key data must be for a public key');
if (empty($jwk['crv'])) {
throw new UnexpectedValueException('crv not set');
if (!isset(self::EC_CURVES[$jwk['crv']])) {
throw new DomainException('Unrecognised or unsupported EC curve');
if (empty($jwk['x']) || empty($jwk['y'])) {
throw new UnexpectedValueException('x and y not set');
$publicKey = self::createPemFromCrvAndXYCoordinates($jwk['crv'], $jwk['x'], $jwk['y']);
return new Key($publicKey, $jwk['alg']);
case 'OKP':
if (isset($jwk['d'])) {
// The key is actually a private key
throw new UnexpectedValueException('Key data must be for a public key');
if (!isset($jwk['crv'])) {
throw new UnexpectedValueException('crv not set');
if (empty(self::OKP_SUBTYPES[$jwk['crv']])) {
throw new DomainException('Unrecognised or unsupported OKP key subtype');
if (empty($jwk['x'])) {
throw new UnexpectedValueException('x not set');
// This library works internally with EdDSA keys (Ed25519) encoded in standard base64.
$publicKey = JWT::convertBase64urlToBase64($jwk['x']);
return new Key($publicKey, $jwk['alg']);
return null;
* Converts the EC JWK values to pem format.
* @param string $crv The EC curve (only P-256 & P-384 is supported)
* @param string $x The EC x-coordinate
* @param string $y The EC y-coordinate
* @return string
private static function createPemFromCrvAndXYCoordinates(string $crv, string $x, string $y): string
$pem =
. self::encodeDER(
) .
\chr(0x00) . \chr(0x04)
. JWT::urlsafeB64Decode($x)
. JWT::urlsafeB64Decode($y)
return sprintf(
"-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----\n",
wordwrap(base64_encode($pem), 64, "\n", true)
* Create a public key represented in PEM format from RSA modulus and exponent information
* @param string $n The RSA modulus encoded in Base64
* @param string $e The RSA exponent encoded in Base64
* @return string The RSA public key represented in PEM format
* @uses encodeLength
private static function createPemFromModulusAndExponent(
string $n,
string $e
): string {
$mod = JWT::urlsafeB64Decode($n);
$exp = JWT::urlsafeB64Decode($e);
$modulus = \pack('Ca*a*', 2, self::encodeLength(\strlen($mod)), $mod);
$publicExponent = \pack('Ca*a*', 2, self::encodeLength(\strlen($exp)), $exp);
$rsaPublicKey = \pack(
self::encodeLength(\strlen($modulus) + \strlen($publicExponent)),
// sequence(oid(1.2.840.113549.1.1.1), null)) = rsaEncryption.
$rsaOID = \pack('H*', '300d06092a864886f70d0101010500'); // hex version of MA0GCSqGSIb3DQEBAQUA
$rsaPublicKey = \chr(0) . $rsaPublicKey;
$rsaPublicKey = \chr(3) . self::encodeLength(\strlen($rsaPublicKey)) . $rsaPublicKey;
$rsaPublicKey = \pack(
self::encodeLength(\strlen($rsaOID . $rsaPublicKey)),
$rsaOID . $rsaPublicKey
return "-----BEGIN PUBLIC KEY-----\r\n" .
\chunk_split(\base64_encode($rsaPublicKey), 64) .
'-----END PUBLIC KEY-----';
* DER-encode the length
* DER supports lengths up to (2**8)**127, however, we'll only support lengths up to (2**8)**4. See
* {@link http://itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf#p=13 X.690 paragraph 8.1.3} for more information.
* @param int $length
* @return string
private static function encodeLength(int $length): string
if ($length <= 0x7F) {
return \chr($length);
$temp = \ltrim(\pack('N', $length), \chr(0));
return \pack('Ca*', 0x80 | \strlen($temp), $temp);
* Encodes a value into a DER object.
* Also defined in Firebase\JWT\JWT
* @param int $type DER tag
* @param string $value the value to encode
* @return string the encoded object
private static function encodeDER(int $type, string $value): string
$tag_header = 0;
if ($type === self::ASN1_SEQUENCE) {
$tag_header |= 0x20;
// Type
$der = \chr($tag_header | $type);
// Length
$der .= \chr(\strlen($value));
return $der . $value;
* Encodes a string into a DER-encoded OID.
* @param string $oid the OID string
* @return string the binary DER-encoded OID
private static function encodeOID(string $oid): string
$octets = explode('.', $oid);
// Get the first octet
$first = (int) array_shift($octets);
$second = (int) array_shift($octets);
$oid = \chr($first * 40 + $second);
// Iterate over subsequent octets
foreach ($octets as $octet) {
if ($octet == 0) {
$oid .= \chr(0x00);
$bin = '';
while ($octet) {
$bin .= \chr(0x80 | ($octet & 0x7f));
$octet >>= 7;
$bin[0] = $bin[0] & \chr(0x7f);
// Convert to big endian if necessary
if (pack('V', 65534) == pack('L', 65534)) {
$oid .= strrev($bin);
} else {
$oid .= $bin;
return $oid;

vendor/firebase/php-jwt/src/JWT.php vendored Normal file
View File

@ -0,0 +1,668 @@
namespace Firebase\JWT;
use ArrayAccess;
use DateTime;
use DomainException;
use Exception;
use InvalidArgumentException;
use OpenSSLAsymmetricKey;
use OpenSSLCertificate;
use stdClass;
use UnexpectedValueException;
* JSON Web Token implementation, based on this spec:
* https://tools.ietf.org/html/rfc7519
* PHP version 5
* @category Authentication
* @package Authentication_JWT
* @author Neuman Vong <neuman@twilio.com>
* @author Anant Narayanan <anant@php.net>
* @license http://opensource.org/licenses/BSD-3-Clause 3-clause BSD
* @link https://github.com/firebase/php-jwt
class JWT
private const ASN1_INTEGER = 0x02;
private const ASN1_SEQUENCE = 0x10;
private const ASN1_BIT_STRING = 0x03;
* When checking nbf, iat or expiration times,
* we want to provide some extra leeway time to
* account for clock skew.
* @var int
public static $leeway = 0;
* Allow the current timestamp to be specified.
* Useful for fixing a value within unit testing.
* Will default to PHP time() value if null.
* @var ?int
public static $timestamp = null;
* @var array<string, string[]>
public static $supported_algs = [
'ES384' => ['openssl', 'SHA384'],
'ES256' => ['openssl', 'SHA256'],
'ES256K' => ['openssl', 'SHA256'],
'HS256' => ['hash_hmac', 'SHA256'],
'HS384' => ['hash_hmac', 'SHA384'],
'HS512' => ['hash_hmac', 'SHA512'],
'RS256' => ['openssl', 'SHA256'],
'RS384' => ['openssl', 'SHA384'],
'RS512' => ['openssl', 'SHA512'],
'EdDSA' => ['sodium_crypto', 'EdDSA'],
* Decodes a JWT string into a PHP object.
* @param string $jwt The JWT
* @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray The Key or associative array of key IDs
* (kid) to Key objects.
* If the algorithm used is asymmetric, this is
* the public key.
* Each Key object contains an algorithm and
* matching key.
* Supported algorithms are 'ES384','ES256',
* 'HS256', 'HS384', 'HS512', 'RS256', 'RS384'
* and 'RS512'.
* @param stdClass $headers Optional. Populates stdClass with headers.
* @return stdClass The JWT's payload as a PHP object
* @throws InvalidArgumentException Provided key/key-array was empty or malformed
* @throws DomainException Provided JWT is malformed
* @throws UnexpectedValueException Provided JWT was invalid
* @throws SignatureInvalidException Provided JWT was invalid because the signature verification failed
* @throws BeforeValidException Provided JWT is trying to be used before it's eligible as defined by 'nbf'
* @throws BeforeValidException Provided JWT is trying to be used before it's been created as defined by 'iat'
* @throws ExpiredException Provided JWT has since expired, as defined by the 'exp' claim
* @uses jsonDecode
* @uses urlsafeB64Decode
public static function decode(
string $jwt,
stdClass &$headers = null
): stdClass {
// Validate JWT
$timestamp = \is_null(static::$timestamp) ? \time() : static::$timestamp;
if (empty($keyOrKeyArray)) {
throw new InvalidArgumentException('Key may not be empty');
$tks = \explode('.', $jwt);
if (\count($tks) !== 3) {
throw new UnexpectedValueException('Wrong number of segments');
list($headb64, $bodyb64, $cryptob64) = $tks;
$headerRaw = static::urlsafeB64Decode($headb64);
if (null === ($header = static::jsonDecode($headerRaw))) {
throw new UnexpectedValueException('Invalid header encoding');
if ($headers !== null) {
$headers = $header;
$payloadRaw = static::urlsafeB64Decode($bodyb64);
if (null === ($payload = static::jsonDecode($payloadRaw))) {
throw new UnexpectedValueException('Invalid claims encoding');
if (\is_array($payload)) {
// prevent PHP Fatal Error in edge-cases when payload is empty array
$payload = (object) $payload;
if (!$payload instanceof stdClass) {
throw new UnexpectedValueException('Payload must be a JSON object');
$sig = static::urlsafeB64Decode($cryptob64);
if (empty($header->alg)) {
throw new UnexpectedValueException('Empty algorithm');
if (empty(static::$supported_algs[$header->alg])) {
throw new UnexpectedValueException('Algorithm not supported');
$key = self::getKey($keyOrKeyArray, property_exists($header, 'kid') ? $header->kid : null);
// Check the algorithm
if (!self::constantTimeEquals($key->getAlgorithm(), $header->alg)) {
// See issue #351
throw new UnexpectedValueException('Incorrect key for this algorithm');
if (\in_array($header->alg, ['ES256', 'ES256K', 'ES384'], true)) {
// OpenSSL expects an ASN.1 DER sequence for ES256/ES256K/ES384 signatures
$sig = self::signatureToDER($sig);
if (!self::verify("{$headb64}.{$bodyb64}", $sig, $key->getKeyMaterial(), $header->alg)) {
throw new SignatureInvalidException('Signature verification failed');
// Check the nbf if it is defined. This is the time that the
// token can actually be used. If it's not yet that time, abort.
if (isset($payload->nbf) && floor($payload->nbf) > ($timestamp + static::$leeway)) {
$ex = new BeforeValidException(
'Cannot handle token with nbf prior to ' . \date(DateTime::ISO8601, (int) $payload->nbf)
throw $ex;
// Check that this token has been created before 'now'. This prevents
// using tokens that have been created for later use (and haven't
// correctly used the nbf claim).
if (!isset($payload->nbf) && isset($payload->iat) && floor($payload->iat) > ($timestamp + static::$leeway)) {
$ex = new BeforeValidException(
'Cannot handle token with iat prior to ' . \date(DateTime::ISO8601, (int) $payload->iat)
throw $ex;
// Check if this token has expired.
if (isset($payload->exp) && ($timestamp - static::$leeway) >= $payload->exp) {
$ex = new ExpiredException('Expired token');
throw $ex;
return $payload;
* Converts and signs a PHP array into a JWT string.
* @param array<mixed> $payload PHP array
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
* @param string $alg Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
* 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
* @param string $keyId
* @param array<string, string> $head An array with header elements to attach
* @return string A signed JWT
* @uses jsonEncode
* @uses urlsafeB64Encode
public static function encode(
array $payload,
string $alg,
string $keyId = null,
array $head = null
): string {
$header = ['typ' => 'JWT', 'alg' => $alg];
if ($keyId !== null) {
$header['kid'] = $keyId;
if (isset($head) && \is_array($head)) {
$header = \array_merge($head, $header);
$segments = [];
$segments[] = static::urlsafeB64Encode((string) static::jsonEncode($header));
$segments[] = static::urlsafeB64Encode((string) static::jsonEncode($payload));
$signing_input = \implode('.', $segments);
$signature = static::sign($signing_input, $key, $alg);
$segments[] = static::urlsafeB64Encode($signature);
return \implode('.', $segments);
* Sign a string with a given key and algorithm.
* @param string $msg The message to sign
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
* @param string $alg Supported algorithms are 'EdDSA', 'ES384', 'ES256', 'ES256K', 'HS256',
* 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512'
* @return string An encrypted message
* @throws DomainException Unsupported algorithm or bad key was specified
public static function sign(
string $msg,
string $alg
): string {
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
list($function, $algorithm) = static::$supported_algs[$alg];
switch ($function) {
case 'hash_hmac':
if (!\is_string($key)) {
throw new InvalidArgumentException('key must be a string when using hmac');
return \hash_hmac($algorithm, $msg, $key, true);
case 'openssl':
$signature = '';
$success = \openssl_sign($msg, $signature, $key, $algorithm); // @phpstan-ignore-line
if (!$success) {
throw new DomainException('OpenSSL unable to sign data');
if ($alg === 'ES256' || $alg === 'ES256K') {
$signature = self::signatureFromDER($signature, 256);
} elseif ($alg === 'ES384') {
$signature = self::signatureFromDER($signature, 384);
return $signature;
case 'sodium_crypto':
if (!\function_exists('sodium_crypto_sign_detached')) {
throw new DomainException('libsodium is not available');
if (!\is_string($key)) {
throw new InvalidArgumentException('key must be a string when using EdDSA');
try {
// The last non-empty line is used as the key.
$lines = array_filter(explode("\n", $key));
$key = base64_decode((string) end($lines));
if (\strlen($key) === 0) {
throw new DomainException('Key cannot be empty string');
return sodium_crypto_sign_detached($msg, $key);
} catch (Exception $e) {
throw new DomainException($e->getMessage(), 0, $e);
throw new DomainException('Algorithm not supported');
* Verify a signature with the message, key and method. Not all methods
* are symmetric, so we must have a separate verify and sign method.
* @param string $msg The original message (header and body)
* @param string $signature The original signature
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial For Ed*, ES*, HS*, a string key works. for RS*, must be an instance of OpenSSLAsymmetricKey
* @param string $alg The algorithm
* @return bool
* @throws DomainException Invalid Algorithm, bad key, or OpenSSL failure
private static function verify(
string $msg,
string $signature,
string $alg
): bool {
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
list($function, $algorithm) = static::$supported_algs[$alg];
switch ($function) {
case 'openssl':
$success = \openssl_verify($msg, $signature, $keyMaterial, $algorithm); // @phpstan-ignore-line
if ($success === 1) {
return true;
if ($success === 0) {
return false;
// returns 1 on success, 0 on failure, -1 on error.
throw new DomainException(
'OpenSSL error: ' . \openssl_error_string()
case 'sodium_crypto':
if (!\function_exists('sodium_crypto_sign_verify_detached')) {
throw new DomainException('libsodium is not available');
if (!\is_string($keyMaterial)) {
throw new InvalidArgumentException('key must be a string when using EdDSA');
try {
// The last non-empty line is used as the key.
$lines = array_filter(explode("\n", $keyMaterial));
$key = base64_decode((string) end($lines));
if (\strlen($key) === 0) {
throw new DomainException('Key cannot be empty string');
if (\strlen($signature) === 0) {
throw new DomainException('Signature cannot be empty string');
return sodium_crypto_sign_verify_detached($signature, $msg, $key);
} catch (Exception $e) {
throw new DomainException($e->getMessage(), 0, $e);
case 'hash_hmac':
if (!\is_string($keyMaterial)) {
throw new InvalidArgumentException('key must be a string when using hmac');
$hash = \hash_hmac($algorithm, $msg, $keyMaterial, true);
return self::constantTimeEquals($hash, $signature);
* Decode a JSON string into a PHP object.
* @param string $input JSON string
* @return mixed The decoded JSON string
* @throws DomainException Provided string was invalid JSON
public static function jsonDecode(string $input)
$obj = \json_decode($input, false, 512, JSON_BIGINT_AS_STRING);
if ($errno = \json_last_error()) {
} elseif ($obj === null && $input !== 'null') {
throw new DomainException('Null result with non-null input');
return $obj;
* Encode a PHP array into a JSON string.
* @param array<mixed> $input A PHP array
* @return string JSON representation of the PHP array
* @throws DomainException Provided object could not be encoded to valid JSON
public static function jsonEncode(array $input): string
if (PHP_VERSION_ID >= 50400) {
$json = \json_encode($input, \JSON_UNESCAPED_SLASHES);
} else {
// PHP 5.3 only
$json = \json_encode($input);
if ($errno = \json_last_error()) {
} elseif ($json === 'null') {
throw new DomainException('Null result with non-null input');
if ($json === false) {
throw new DomainException('Provided object could not be encoded to valid JSON');
return $json;
* Decode a string with URL-safe Base64.
* @param string $input A Base64 encoded string
* @return string A decoded string
* @throws InvalidArgumentException invalid base64 characters
public static function urlsafeB64Decode(string $input): string
return \base64_decode(self::convertBase64UrlToBase64($input));
* Convert a string in the base64url (URL-safe Base64) encoding to standard base64.
* @param string $input A Base64 encoded string with URL-safe characters (-_ and no padding)
* @return string A Base64 encoded string with standard characters (+/) and padding (=), when
* needed.
* @see https://www.rfc-editor.org/rfc/rfc4648
public static function convertBase64UrlToBase64(string $input): string
$remainder = \strlen($input) % 4;
if ($remainder) {
$padlen = 4 - $remainder;
$input .= \str_repeat('=', $padlen);
return \strtr($input, '-_', '+/');
* Encode a string with URL-safe Base64.
* @param string $input The string you want encoded
* @return string The base64 encode of what you passed in
public static function urlsafeB64Encode(string $input): string
return \str_replace('=', '', \strtr(\base64_encode($input), '+/', '-_'));
* Determine if an algorithm has been provided for each Key
* @param Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray
* @param string|null $kid
* @throws UnexpectedValueException
* @return Key
private static function getKey(
?string $kid
): Key {
if ($keyOrKeyArray instanceof Key) {
return $keyOrKeyArray;
if (empty($kid) && $kid !== '0') {
throw new UnexpectedValueException('"kid" empty, unable to lookup correct key');
if ($keyOrKeyArray instanceof CachedKeySet) {
// Skip "isset" check, as this will automatically refresh if not set
return $keyOrKeyArray[$kid];
if (!isset($keyOrKeyArray[$kid])) {
throw new UnexpectedValueException('"kid" invalid, unable to lookup correct key');
return $keyOrKeyArray[$kid];
* @param string $left The string of known length to compare against
* @param string $right The user-supplied string
* @return bool
public static function constantTimeEquals(string $left, string $right): bool
if (\function_exists('hash_equals')) {
return \hash_equals($left, $right);
$len = \min(self::safeStrlen($left), self::safeStrlen($right));
$status = 0;
for ($i = 0; $i < $len; $i++) {
$status |= (\ord($left[$i]) ^ \ord($right[$i]));
$status |= (self::safeStrlen($left) ^ self::safeStrlen($right));
return ($status === 0);
* Helper method to create a JSON error.
* @param int $errno An error number from json_last_error()
* @throws DomainException
* @return void
private static function handleJsonError(int $errno): void
$messages = [
JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
JSON_ERROR_STATE_MISMATCH => 'Invalid or malformed JSON',
JSON_ERROR_CTRL_CHAR => 'Unexpected control character found',
JSON_ERROR_SYNTAX => 'Syntax error, malformed JSON',
JSON_ERROR_UTF8 => 'Malformed UTF-8 characters' //PHP >= 5.3.3
throw new DomainException(
? $messages[$errno]
: 'Unknown JSON error: ' . $errno
* Get the number of bytes in cryptographic strings.
* @param string $str
* @return int
private static function safeStrlen(string $str): int
if (\function_exists('mb_strlen')) {
return \mb_strlen($str, '8bit');
return \strlen($str);
* Convert an ECDSA signature to an ASN.1 DER sequence
* @param string $sig The ECDSA signature to convert
* @return string The encoded DER object
private static function signatureToDER(string $sig): string
// Separate the signature into r-value and s-value
$length = max(1, (int) (\strlen($sig) / 2));
list($r, $s) = \str_split($sig, $length);
// Trim leading zeros
$r = \ltrim($r, "\x00");
$s = \ltrim($s, "\x00");
// Convert r-value and s-value from unsigned big-endian integers to
// signed two's complement
if (\ord($r[0]) > 0x7f) {
$r = "\x00" . $r;
if (\ord($s[0]) > 0x7f) {
$s = "\x00" . $s;
return self::encodeDER(
self::encodeDER(self::ASN1_INTEGER, $r) .
self::encodeDER(self::ASN1_INTEGER, $s)
* Encodes a value into a DER object.
* @param int $type DER tag
* @param string $value the value to encode
* @return string the encoded object
private static function encodeDER(int $type, string $value): string
$tag_header = 0;
if ($type === self::ASN1_SEQUENCE) {
$tag_header |= 0x20;
// Type
$der = \chr($tag_header | $type);
// Length
$der .= \chr(\strlen($value));
return $der . $value;
* Encodes signature from a DER object.
* @param string $der binary signature in DER format
* @param int $keySize the number of bits in the key
* @return string the signature
private static function signatureFromDER(string $der, int $keySize): string
// OpenSSL returns the ECDSA signatures as a binary ASN.1 DER SEQUENCE
list($offset, $_) = self::readDER($der);
list($offset, $r) = self::readDER($der, $offset);
list($offset, $s) = self::readDER($der, $offset);
// Convert r-value and s-value from signed two's compliment to unsigned
// big-endian integers
$r = \ltrim($r, "\x00");
$s = \ltrim($s, "\x00");
// Pad out r and s so that they are $keySize bits long
$r = \str_pad($r, $keySize / 8, "\x00", STR_PAD_LEFT);
$s = \str_pad($s, $keySize / 8, "\x00", STR_PAD_LEFT);
return $r . $s;
* Reads binary DER-encoded data and decodes into a single object
* @param string $der the binary data in DER format
* @param int $offset the offset of the data stream containing the object
* to decode
* @return array{int, string|null} the new offset and the decoded object
private static function readDER(string $der, int $offset = 0): array
$pos = $offset;
$size = \strlen($der);
$constructed = (\ord($der[$pos]) >> 5) & 0x01;
$type = \ord($der[$pos++]) & 0x1f;
// Length
$len = \ord($der[$pos++]);
if ($len & 0x80) {
$n = $len & 0x1f;
$len = 0;
while ($n-- && $pos < $size) {
$len = ($len << 8) | \ord($der[$pos++]);
// Value
if ($type === self::ASN1_BIT_STRING) {
$pos++; // Skip the first contents octet (padding indicator)
$data = \substr($der, $pos, $len - 1);
$pos += $len - 1;
} elseif (!$constructed) {
$data = \substr($der, $pos, $len);
$pos += $len;
} else {
$data = null;
return [$pos, $data];

View File

@ -0,0 +1,20 @@
namespace Firebase\JWT;
interface JWTExceptionWithPayloadInterface
* Get the payload that caused this exception.
* @return object
public function getPayload(): object;
* Get the payload that caused this exception.
* @param object $payload
* @return void
public function setPayload(object $payload): void;

vendor/firebase/php-jwt/src/Key.php vendored Normal file
View File

@ -0,0 +1,64 @@
namespace Firebase\JWT;
use InvalidArgumentException;
use OpenSSLAsymmetricKey;
use OpenSSLCertificate;
use TypeError;
class Key
/** @var string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate */
private $keyMaterial;
/** @var string */
private $algorithm;
* @param string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $keyMaterial
* @param string $algorithm
public function __construct(
string $algorithm
) {
if (
&& !$keyMaterial instanceof OpenSSLAsymmetricKey
&& !$keyMaterial instanceof OpenSSLCertificate
&& !\is_resource($keyMaterial)
) {
throw new TypeError('Key material must be a string, resource, or OpenSSLAsymmetricKey');
if (empty($keyMaterial)) {
throw new InvalidArgumentException('Key material must not be empty');
if (empty($algorithm)) {
throw new InvalidArgumentException('Algorithm must not be empty');
// TODO: Remove in PHP 8.0 in favor of class constructor property promotion
$this->keyMaterial = $keyMaterial;
$this->algorithm = $algorithm;
* Return the algorithm valid for this key
* @return string
public function getAlgorithm(): string
return $this->algorithm;
* @return string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate
public function getKeyMaterial()
return $this->keyMaterial;

View File

@ -0,0 +1,7 @@
namespace Firebase\JWT;
class SignatureInvalidException extends \UnexpectedValueException

View File

@ -2,6 +2,30 @@
Please refer to [UPGRADING](UPGRADING.md) guide for upgrading to a major version.
## 7.6.1 - 2023-05-15
### Fixed
- Fix `SetCookie::fromString` MaxAge deprecation warning and skip invalid MaxAge values
## 7.6.0 - 2023-05-14
### Added
- Support for setting the minimum TLS version in a unified way
- Apply on request the version set in options parameters
## 7.5.2 - 2023-05-14
### Fixed
- Fixed set cookie constructor validation
- Fixed handling of files with `'0'` body
### Changed
- Corrected docs and default connect timeout value to 300 seconds
## 7.5.1 - 2023-04-17
### Fixed

View File

@ -84,9 +84,6 @@
"bamarni-bin": {
"bin-links": true,
"forward-command": false
"branch-alias": {
"dev-master": "7.5-dev"
"autoload": {

View File

@ -437,6 +437,10 @@ class Client implements ClientInterface, \Psr\Http\Client\ClientInterface
if (isset($options['version'])) {
$modify['version'] = $options['version'];
$request = Psr7\Utils::modifyRequest($request, $modify);
if ($request->getBody() instanceof Psr7\MultipartStream) {
// Use a multipart/form-data POST if a Content-Type is not set.

View File

@ -58,7 +58,13 @@ class SetCookie
} else {
foreach (\array_keys(self::$defaults) as $search) {
if (!\strcasecmp($search, $key)) {
if ($search === 'Max-Age') {
if (is_numeric($value)) {
$data[$search] = (int) $value;
} else {
$data[$search] = $value;
continue 2;
@ -74,13 +80,49 @@ class SetCookie
public function __construct(array $data = [])
/** @var array|null $replaced will be null in case of replace error */
$replaced = \array_replace(self::$defaults, $data);
if ($replaced === null) {
throw new \InvalidArgumentException('Unable to replace the default values for the Cookie.');
$this->data = self::$defaults;
if (isset($data['Name'])) {
if (isset($data['Value'])) {
if (isset($data['Domain'])) {
if (isset($data['Path'])) {
if (isset($data['Max-Age'])) {
if (isset($data['Expires'])) {
if (isset($data['Secure'])) {
if (isset($data['Discard'])) {
if (isset($data['HttpOnly'])) {
// Set the remaining values that don't have extra validation logic
foreach (array_diff(array_keys($data), array_keys(self::$defaults)) as $key) {
$this->data[$key] = $data[$key];
$this->data = $replaced;
// Extract the Expires value and turn it into a UNIX timestamp if needed
if (!$this->getExpires() && $this->getMaxAge()) {
// Calculate the Expires date

View File

@ -224,7 +224,7 @@ class CurlFactory implements CurlFactoryInterface
\CURLOPT_URL => (string) $easy->request->getUri()->withFragment(''),
if (\defined('CURLOPT_PROTOCOLS')) {
@ -452,6 +452,32 @@ class CurlFactory implements CurlFactoryInterface
if (isset($options['crypto_method'])) {
if (\STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT === $options['crypto_method']) {
if (!defined('CURL_SSLVERSION_TLSv1_0')) {
throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.0 not supported by your version of cURL');
} elseif (\STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT === $options['crypto_method']) {
if (!defined('CURL_SSLVERSION_TLSv1_1')) {
throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.1 not supported by your version of cURL');
} elseif (\STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT === $options['crypto_method']) {
if (!defined('CURL_SSLVERSION_TLSv1_2')) {
throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.2 not supported by your version of cURL');
} elseif (defined('STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT') && \STREAM_CRYPTO_METHOD_TLSv1_3_CLIENT === $options['crypto_method']) {
if (!defined('CURL_SSLVERSION_TLSv1_3')) {
throw new \InvalidArgumentException('Invalid crypto_method request option: TLS 1.3 not supported by your version of cURL');
} else {
throw new \InvalidArgumentException('Invalid crypto_method request option: unknown version provided');
if (isset($options['cert'])) {
$cert = $options['cert'];
if (\is_array($cert)) {

View File

@ -388,7 +388,7 @@ class StreamHandler
$body = (string) $request->getBody();
if (!empty($body)) {
if ('' !== $body) {
$context['http']['content'] = $body;
// Prevent the HTTP handler from adding a Content-Type header.
if (!$request->hasHeader('Content-Type')) {
@ -472,6 +472,25 @@ class StreamHandler
* @param mixed $value as passed via Request transfer options.
private function add_crypto_method(RequestInterface $request, array &$options, $value, array &$params): void
if (
) {
$options['http']['crypto_method'] = $value;
throw new \InvalidArgumentException('Invalid crypto_method request option: unknown version provided');
* @param mixed $value as passed via Request transfer options.

View File

@ -70,10 +70,22 @@ final class RequestOptions
* connect_timeout: (float, default=0) Float describing the number of
* seconds to wait while trying to connect to a server. Use 0 to wait
* indefinitely (the default behavior).
* 300 seconds (the default behavior).
public const CONNECT_TIMEOUT = 'connect_timeout';
* crypto_method: (int) A value describing the minimum TLS protocol
* version to use.
* This setting must be set to one of the
* ``STREAM_CRYPTO_METHOD_TLS*_CLIENT`` constants. PHP 7.4 or higher is
* required in order to use TLS 1.3, and cURL 7.34.0 or higher is required
* in order to specify a crypto method, with cURL 7.52.0 or higher being
* required to use TLS 1.3.
public const CRYPTO_METHOD = 'crypto_method';
* debug: (bool|resource) Set to true or set to a PHP stream returned by
* fopen() enable debug output with the HTTP handler used to send a

vendor/services.php vendored
View File

@ -1,5 +1,5 @@
// This file is automatically generated at:2023-05-12 16:21:25
// This file is automatically generated at:2023-11-10 16:24:21
declare (strict_types = 1);
return array (
0 => 'think\\app\\Service',