From 8bb2e8c838a18911f3a631d668be7fbfd1cdf58c Mon Sep 17 00:00:00 2001 From: Yasen Pramatarov Date: Tue, 1 Oct 2024 10:18:53 +0300 Subject: [PATCH] Prepares for agents' JWT --- app/classes/agent.php | 33 +++++++++++++++++++++++++++++++++ app/templates/agent-list.php | 13 ++++++++++--- public_html/static/agents.js | 5 ++++- 3 files changed, 47 insertions(+), 4 deletions(-) diff --git a/app/classes/agent.php b/app/classes/agent.php index 7d4c511..f84531a 100644 --- a/app/classes/agent.php +++ b/app/classes/agent.php @@ -110,6 +110,7 @@ class Agent { } } + // check for agent cache public function checkAgentCache($agent_id) { $agent_cache_name = $agent_id . '_cache'; @@ -117,6 +118,38 @@ class Agent { return isset($_SESSION[$agent_cache_name]) && isset($_SESSION[$agent_cache_time]) && (time() - $_SESSION[$agent_cache_time] < 600); } + + // method for base64 URL encoding for JWT tokens + private function base64UrlEncode($data) { + return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); + } + + + // generate a JWT token for jilo agent + public function generateAgentToken($payload, $secret_key) { + + // header + $header = json_encode([ + 'typ' => 'JWT', + 'alg' => 'HS256' + ]); + $base64Url_header = $this->base64UrlEncode($header); + + // payload + $payload = json_encode($payload); + $base64Url_payload = $this->base64UrlEncode($payload); + + // signature + $signature = hash_hmac('sha256', $base64Url_header . "." . $base64Url_payload, $secret_key, true); + $base64Url_signature = $this->base64UrlEncode($signature); + + // build the JWT + $jwt = $base64Url_header . "." . $base64Url_payload . "." . $base64Url_signature; + + return $jwt; + } + + // fetch result from jilo agent API public function fetchAgent($agent_id, $force = false) { diff --git a/app/templates/agent-list.php b/app/templates/agent-list.php index e067749..c79c468 100644 --- a/app/templates/agent-list.php +++ b/app/templates/agent-list.php @@ -10,6 +10,16 @@
endpoint:
+ 'Jilo Web', + 'aud' => $config['domain'], + 'iat' => time(), + 'exp' => time() + 3600, + 'agent_id' => $agent['id'] + ]; + $jwt = $agentObject->generateAgentToken($payload, $agent['secret_key']); +?> @@ -20,7 +30,4 @@

Result:

click a button to fetch data from the agent.
- diff --git a/public_html/static/agents.js b/public_html/static/agents.js index ada61ec..af1f435 100644 --- a/public_html/static/agents.js +++ b/public_html/static/agents.js @@ -1,4 +1,4 @@ -function fetchData(agent_id, url, endpoint, force = false) { +function fetchData(agent_id, url, endpoint, jwtToken, force = false) { let counter = 0; const resultElement = document.getElementById("result" + agent_id); @@ -28,6 +28,9 @@ function fetchData(agent_id, url, endpoint, force = false) { return; // Exit the function early } + // send the token + xhr.setRequestHeader("Authorization", "Bearer " + jwtToken); + xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); // Set a timeout in milliseconds (10 seconds = 10000 ms)