WIP JWT Auth

app/Http/Kernel.php

@@ -31,7 +31,7 @@ class Kernel extends HttpKernel
     protected $middlewareGroups = [
         'api' => [
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
-            \App\Http\Middleware\UnauthenticatedUser::class,
+            \App\Http\Middleware\Authenticate::class,
         ],
     ];
 
@@ -60,7 +60,6 @@ class Kernel extends HttpKernel
     protected $middlewarePriority = [
         \Fruitcake\Cors\HandleCors::class,
         \Illuminate\Routing\Middleware\SubstituteBindings::class,
-        \App\Http\Middleware\UnauthenticatedUser::class,
         \App\Http\Middleware\Authenticate::class,
         \Illuminate\Auth\Middleware\Authorize::class,
         \App\Http\Middleware\SecureHeaders::class,

app/Http/Middleware/Authenticate.php

@@ -2,33 +2,63 @@
 
 namespace App\Http\Middleware;
 
+use App\Enums\RoleType;
+use App\Models\Role;
+use App\Models\User;
 use App\Models\App;
 use Closure;
+use Illuminate\Auth\AuthenticationException;
 use Illuminate\Auth\Middleware\Authenticate as Middleware;
-use Illuminate\Support\Facades\Hash;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Config;
+use Tymon\JWTAuth\Http\Parser\Parser;
+use Tymon\JWTAuth\JWT;
+use Tymon\JWTAuth\Manager;
+use Tymon\JWTAuth\Payload;
 
 class Authenticate extends Middleware
 {
     /**
+     * @throws AuthenticationException
      */
     public function handle($request, Closure $next, ...$guards): mixed
     {
-        if (
-            $request->hasHeader('x-app-id') &&
-            $request->hasHeader('x-app-key') &&
-            $this->authenticateApp($request->header('x-app-id'), $request->header('x-app-key'))
-        ) {
-            return $next($request);
+        if (!Auth::check()) {
+            if ($request->hasHeader('Authorization')) {
+                Config::set('auth.providers.users.model', App::class);
+                Auth::forgetGuards();
+
+                if (!Auth::check()) {
+                    throw new AuthenticationException();
+                }
+            } else {
+                $user = User::make([
+                    'name' => 'Unauthenticated',
+                ]);
+
+                $roles = Role::where('type', RoleType::UNAUTHENTICATED)->get();
+                $user->setRelation('roles', $roles);
+                $user->id = 'null';
+
+                Auth::claims(['typ' => 'access'])->login($user);
+            }
         }
 
-        return parent::handle($request, $next, ...$guards);
-    }
+        if (Auth::payload()->get('typ') !== 'access') {
+            throw new AuthenticationException();
+        }
 
-    protected function authenticateApp(string $id, string $key): bool
-    {
-        $app = App::findOrFail($id);
+////        Token service
+//
+//        $token = Auth::getToken();
+//
+//        $jwt = new JWT(app(Manager::class), new Parser(new Request()));
+//        $jwt->setToken($token);
+//
+//        dd($jwt->payload());
 
-        return $app && Hash::check($key, $app->key);
+        return $next($request);
     }
 
     /**

app/Models/App.php

@@ -2,18 +2,38 @@
 
 namespace App\Models;
 
+use Illuminate\Auth\Authenticatable;
+use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Foundation\Auth\Access\Authorizable;
+use Tymon\JWTAuth\Contracts\JWTSubject;
 
 /**
  * @mixin IdeHelperApp
  */
-class App extends Model
+class App extends Model implements
+    AuthorizableContract,
+    AuthenticatableContract,
+    JWTSubject
 {
-    use HasFactory;
+    use HasFactory,
+        Authorizable,
+        Authenticatable;
 
     protected $fillable = [
         'name',
         'key',
         'url',
     ];
+
+    public function getJWTIdentifier(): string
+    {
+        return $this->getKey();
+    }
+
+    public function getJWTCustomClaims(): array
+    {
+        return [];
+    }
 }

app/Models/User.php

@@ -16,10 +16,10 @@
 use Illuminate\Database\Eloquent\SoftDeletes;
 use Illuminate\Foundation\Auth\Access\Authorizable;
 use Illuminate\Notifications\Notifiable;
-use Laravel\Passport\HasApiTokens;
 use OwenIt\Auditing\Auditable;
 use OwenIt\Auditing\Contracts\Auditable as AuditableContract;
 use Spatie\Permission\Traits\HasRoles;
+use Tymon\JWTAuth\Contracts\JWTSubject;
 
 /**
  * @OA\Schema ()
@@ -30,10 +30,10 @@ class User extends Model implements
     AuthenticatableContract,
     AuthorizableContract,
     CanResetPasswordContract,
-    AuditableContract
+    AuditableContract,
+    JWTSubject
 {
-    use HasApiTokens,
-        Notifiable,
+    use Notifiable,
         Authenticatable,
         Authorizable,
         CanResetPassword,
@@ -108,4 +108,14 @@ public function getAvatarAttribute(): string
     {
         return '//www.gravatar.com/avatar/' . md5(strtolower(trim($this->email))) . '?d=mp&s=50x50';
     }
+
+    public function getJWTIdentifier(): string
+    {
+        return $this->getKey();
+    }
+
+    public function getJWTCustomClaims(): array
+    {
+        return [];
+    }
 }

app/Providers/AuthServiceProvider.php

@@ -22,10 +22,6 @@ public function boot(): void
     {
         $this->registerPolicies();
 
-        Passport::routes();
-        Passport::ignoreMigrations();
-        Passport::personalAccessTokensExpireIn(now()->addDays(25));
-
         Password::defaults(function () {
             return Password::min(10)
                 ->letters()

app/Services/AuthService.php

@@ -3,6 +3,7 @@
 namespace App\Services;
 
 use App\Exceptions\AuthException;
+use App\Models\App;
 use App\Models\User;
 use App\Notifications\ResetPassword;
 use App\Services\Contracts\AuthServiceContract;
@@ -11,27 +12,31 @@
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Password;
-use Laravel\Passport\Passport;
-use Laravel\Passport\PersonalAccessTokenResult;
 
 class AuthService implements AuthServiceContract
 {
-    public function login(string $email, string $password, ?string $ip, ?string $userAgent): PersonalAccessTokenResult
+    public function login(string $email, string $password, ?string $ip, ?string $userAgent)
     {
-        if (!Auth::guard('web')->attempt([
+        $token = Auth::claims(['typ' => 'identity'])->attempt([
             'email' => $email,
             'password' => $password,
-        ])) {
+        ]);
+
+        if ($token === null) {
             throw new AuthException('Invalid credentials');
         }
 
-        $user = Auth::guard('web')->user();
-        $token = $user->createToken('Admin');
-
-        $token->token->update([
-            'ip' => $ip,
-            'user_agent' => $userAgent,
-        ]);
+//        $user = Auth::guard('web')->user();
+//        $token = $user->createToken('Admin');
+//
+//        $token->token->update([
+//            'ip' => $ip,
+//            'user_agent' => $userAgent,
+//        ]);
+
+//        $user = App::factory()->create();
+//
+//        $token = auth()->login($user);
 
         return $token;
     }

app/Services/Contracts/AuthServiceContract.php

@@ -8,7 +8,7 @@
 
 interface AuthServiceContract
 {
-    public function login(string $email, string $password, ?string $ip, ?string $userAgent): PersonalAccessTokenResult;
+    public function login(string $email, string $password, ?string $ip, ?string $userAgent);
 
     public function logout(User $user): void;
 

composer.json

@@ -12,12 +12,11 @@
         "fideloper/proxy": "^4.4",
         "fruitcake/laravel-cors": "^2.0",
         "guzzlehttp/guzzle": "^7.3",
-        "heseya/laravel-searchable": "^1.0",
         "heseya/demo": "dev-master",
+        "heseya/laravel-searchable": "^1.0",
         "heseya/resource": "*",
         "jenssegers/agent": "^2.6",
         "laravel/framework": "^8.44",
-        "laravel/passport": "^10.1",
         "league/html-to-markdown": "^5.0",
         "league/omnipay": "^3.1",
         "omnipay/common": "^3",
@@ -28,7 +27,8 @@
         "propaganistas/laravel-phone": "^4.3",
         "sentry/sentry-laravel": "^2.6",
         "spatie/laravel-permission": "^4.2",
-        "srmklive/paypal": "^3.0"
+        "srmklive/paypal": "^3.0",
+        "tymon/jwt-auth": "^1.0.2"
     },
     "require-dev": {
         "brianium/paratest": "^6.3",